Access to authorized data / Consume the API
In order to query an API, the API version is included in the URI such as : /stet/psd2/v1.4.2/accounts.
The features are described hereafter only from a functional standpoint. The technical aspects are included in the section « Technical use cases ». You also need to be familiar with PSD2 terminology. You may also use the Frequently Asked Questions (FAQ) or our the virtual assistant .
As a reminder, this API is designed to give access to payment accounts (and to a predefined set of data) authorised by the customer :
balance
and/or transactions history
and/or customer (name and first name)
Some of these services may have some contraints or may not be available if not present in the online banking environment.
In sandbox assembly mode, access to tests data can be done thru the endpoint www.<codetab>.sandbox.api.89C3.com (see use case « Test our API »).
In production, acces to live data can be done through the endpoint www.<codetab>.live.api.89C3.com (see use case « Limits »).
➤ Get the list of eligible payment accounts
Description
This first call allows to get the list of eligible payment accounts when the user of payment services (PSU) is using services from a third party provider (TPP AISP) connected to the bank account holder (ASPSP).
Prerequisites
TPP has an agreement for the AISP role from any european competent authority ;
TPP and PSU have service contract ;
A OAUTH2 access token has been delivered to the TPP by the ASPSP ;
TPP and ASPSP have been performed a mutual authentication ;
TPP has delivered his OAUTH2 access token to be able to consume the API resources.
Transaction flow
TPP is interacting with the customer thru its interfaces. TPP sends a GET request to ASPSP infrastructure to get this list of accounts, which returns the eligible payment accounts
➤ Customer consent
Description
This second request is mandated by the ASPSP : TPP has requested the customer to give his consent on the accounts he wants to use (ans which data).
This information (list of authorized accounts and data) needs to be sent back by the TPP to the the bank (ASPSP) for recording this customer consent. This "consent" record is linked only to a given PSU + given TPP AISP + given authorized payment account(s) + given authorized data for each account. The ASPSP will verifiy each TPP access request to the accounts vs. this record.
This consent can be modiifed at any time by calling again this service.
Prerequisites
TPP has requested the list of accounts for the first time.
PSU give his consent to AISP.
Transaction flow
TPP AISP forward these authorized data to the bank (ASPS) using a PUT request.
➤ Get balance
Description
This call allows to get the accountable balance ("CLBD" in STET specifications).
Prerequisites
TPP has requested the list of accounts and sent PSU consent to ASPSP.
Transaction flow
AISP requests the ASPSP to send back the balance of one of the authorized accounts.
➤ Get transactions history
Description
This call allows to get the 90-day transactions history.
Prerequisites
TPP has requested the list of accounts and sent PSU consent to ASPSP.
Transaction flow
AISP requests the ASPSP to send the transaction histroy with some criteria.
➤ Get PSU identity
You can get account holder identity using GET /end-user-identity (please refer to the technical use case).