Access to authorized data

The features are described hereafter only from a functional standpoint. The technical aspects are included in the section « Technical use cases ». You also need to be familiar with PSD2 terminology. You may also use the Frequently Asked Questions (FAQ) or our the virtual assistant .

As a reminder, this API is designed to give access to payment accounts (and to a predefined set of data) authorised by the customer :

  • balance ;

  • and/or transactions history ;

  • and/or customer (name and first name) ; 

  • and/or the list of trusted beneficiaries.

Some of these services may have some contraints or may not be available if not present in the online banking environment.

 

In sandbox assembly mode, access to tests data can be done thru the endpoint www.<codetab>.sandbox.api.89C3.com (see use case « Test our API »).

In production, acces to live data can be done thru the endpoint www.<codetab>.live.api.89C3.com (see use case « Limits »).

 

 

Get the list of eligible payment accounts 

Description

This first call allows to get the list of eligible payment accounts when the user of payment services (PSU) is using services from a third party provider (TPP AISP) connected to the bank account holder (ASPSP).

 

Prerequisites

  • TPP has an agreement for the AISP role from any european competent authority ;

  • TPP and PSU have service contract ;

  • A OAUTH2 access token has been delivered to the TPP by the ASPSP ;

  • TPP and ASPSP have been performed a mutual authentication ;

  • TPP has delivered his OAUTH2 access token to be able to consume the API resources. 

 

Transaction flow

TPP is interacting with the customer thru its interfaces. TPP sends a GET request to ASPSP infrastructure to get this list of accounts, which returns the eligible payment accounts

 

Customer consent 

Description

This second request is mandated by the ASPSP : TPP has requested the customer to give his consent on the accounts he wants to use (ans which data).

This information (list of authorized accounts and data) needs to be sent back by the TPP to the the bank (ASPSP) for recording this customer consent. This "consent" record is linked only to a given PSU + given TPP AISP + given authorized payment account(s) + given authorized data for each account. The ASPSP will verifiy each TPP access request to the accounts vs. this record.

This consent can be modiifed at any time by calling again this service.

Prerequisites

 TPP has requested the list of accounts for the first time.

PSU give his consent to AISP.

 

Transaction flow 

TPP AISP forward these authorized data to the bank (ASPS) using a PUT request.

 

Get balance 

Description

This call allows to get the accountable balance ("CLBD" in STET specifications).

 

Prerequisites

TPP has requested the list of accounts and sent PSU consent to ASPSP. 

 

Transaction flow 

AISP requests the ASPSP to send back the balance of one of the authorized accounts. 

 

Get transactions history 

Description

This call allows to get the  90-day transactions history.

 

Prerequisites

TPP has requested the list of accounts and sent PSU consent to ASPSP.

 

Transaction flow 

AISP requests the ASPSP to send the transaction histroy with some criteria.