Test the API in sandbox Try-it
Process
When you connect on 89C3 API portal, you can
call the Account information API through a form in which you will specify the application, the access / authentication token
then, you enter the method parameters that you want to test (either headers, either body) the ones with a star are mandatory parameters
Once the parameters entered, you can process the request : either you will get a result, either you will get an error.
For the GET /accounts/transactions and GET /accounts/balances methods, you must first execute the GET /accounts request in order to retrieve the current accounts list and the linked delayed debit cards. It will allow you to get the needed "ressourceId" for using these methods.
The data used to make the test in Try-It must come from the provided personas (see the use case "Test data").
The user can thus choose a specific profile for his test so as to better apprehend the obtained results.
If needed, to make the results easier to read, there will be a navigation with links to the different result pages (see examples in "Get accounts list" and "Get transaction history" use cases).
Creating a test application
The creation of a test application which uses the API stet psd2 v142 on the 89C3 API portal is a prerequisite for using the "Try-It" console to test calls to our Account Information API for version v1 .4.2 of the STET standard
If you have already applied for GoLive, then you must create a new application and select the new STET API V1.4.2.
If you have NOT made a GoLive request, you can :
- either modify your existing application to associate it with the new STET V1.4.2 API
- either create a new application, then select the new STET V1.4.2 API
You must have entered the OAuth identifiers with :
- type of application : public
- "*" in the field "Javascript Origins"
- a syntactically valid URL in the "Redirect URLs" field. For example: "https://myapp.com"
- do not put anything in the X.509 Certificate field (just a character "1" for example)
The "test clients" tab allows you to see the identifiers of the personas that will be selectable in the Try-It console.
Preview of the screen allowing to retrieve the Oauth2 token
This screen is accessible when editing the application (dsp2 in our case) ; it allows to generate or edit an Oauth2 token that will be selected in the Try-It execution form.
Overview of the try-it execution form
The Try-It console is available at the top right of the pages presenting the operations available on an API. For example, for the STET v1.4.2 Account Lookup API, if you select an operation in the menu under the STETPSD2V142 block, the description of the operation (from the underlying swagger file) is presented and you can access the Try-It console to test this operation.
We get the display of the form if we click on the "<" button of the console:
In the "Resource Owner" field, you have access to the list of people declared for the API.
Remark: The parameters required in the sense of the API must be completed. However, when you use it via the Try-It console, some mandatory parameters cannot be filled in with meaningful values. In this case, they can be entered with a "1" character.
For example, in the screen below :
Put "1" in the "Signature" field.
Put "1" in the "X-request-ID" field
Click on the run button
Try-it parameters for every Account
For the body data type parameters you can copy paste the examples (left part of the screen) in the form (right part of the screen) by changing only the specific values of the chosen customer.
Common parameters to every Account information API method
| Parameter | Description | Data type | Parameter type | Mandatory |
|---|---|---|---|---|
| Authorization | access token in header | Char | Header | Yes |
| PSU-IP-Address | IP address used by the customer logged-in to you app *mandated if the PSU is connected, otherwise "blank" if you use the batch mode | Char | Header | No* |
| PSU-IP-Port | IP port of the device used by the PSU connected to your app | Char | Header | No |
| PSU-HTTP-Method | http method used for the request | Char | Header | No |
| PSU-Date | Timestamp used for the PSU request | Char | Header | No |
| PSU-GEO-Location | Geographic location given by the PSU if available | Char | Header | No |
| PSU-User-Agent | Header "User-Agent" sent by the PSU device connected to your app | Char | Header | No |
| PSU-Referer | Header "Referer" or "Referrer" sent by the PSU device connected to your app | Char | Header | No |
| PSU-Accept | Header "Accept" sent by the PSU device connected to your app | Char | Header | No |
| PSU-Accept-Charset | Header "Accept-Charset" sent by the PSU device connected to your app | Char | Header | No |
| PSU-Accept-Encoding | Header "Accept-Encoding" sent by the PSU device connected to your app | Char | Header | No |
| PSU-Accept-Language | Header "Accept-Language" sent by the PSU device connected to your app | Char | Header | No |
| Digest | Body synthesis | Char | Header | No |
| Signature | HTTP request signature (see https://datatracker.ietf.org/doc/draft-cavage-http-signatures/) The header field "keyId" should be formatted as KeiId="SN=XXX,CA=YYYYYYYYYYYYYYYY" in which "XXX" is the serial number (hex format) of the QSEAL certificate QSEAL "YYYYYYYYYYYYYYYY" is the full name of the certification authority having issued this certificate A message HTTP 400 will be returned by the server in case of an invalid or missing signature | Char | Header | Yes |
| X-Request-ID | Consistency Header parameter to be included in the request, and it has to be returned in the response | Char | Header | Yes |
Parameters dedicated to GET /accounts/{}/balances
| Parameter | Description | Data type | Parameter type | Mandatory |
|---|---|---|---|---|
| accountResourceId | Main identification of the account resource to fetch and used as input paramater by the request. It is obtained as the "GET /accounts" result in the "ressourceId" field. For a current account such as "accountId": {"iban":"" } ; Or for a differed debit card such as "accountId": {"other": {"schemeName": "CPAN"}}) | Char | Path | Yes |
Parameters dedicated to GET /accounts/{}/transactions
| Parameter | Description | Data type | Parameter type | Mandatory |
|---|---|---|---|---|
| accountResourceId | Main identification of the account resource to fetch and used as input paramater by the request. It is obtained as the "GET /accounts" result in the "ressourceId" field | Char | Path | Yes |
| dateTo | Exclusive maximal imputation date of the transactions (transactions having an imputation date equal to this parameter are NOT included in the result) | Char | Request | No |
| dateFrom | Inclusive minimal imputation of the transactions (= those having an imputation date equal to this parameter are included in the result) | Char | Request | No |
| entryReferenceFrom | This parameter provides the value of the criterion which will determine the result of the query. Only transactions with a technical identifier greater than the value provided will be included in the result | Char | Request | No |
| entryReferenceTo | This parameter provides the value of the criterion which will determine the result of the query. Only transactions with a technical identifier lower than the value provided will be included in the result | Char | Request | No |