Sandbox
➤ Introduction
This test environment can be used directly via your app : this mode is described hereafter.
Fictive data are used in this context (see use case "Test with persona").
➤ Prerequisites
The TPP has to declare its APP using our API REGISTER (see https://www.api.89c3.com/en/component/bpceportal/products/543/usecases/533) in order to forwerd us :
- its organisation agreement identifier (OID) as defined by your national competent authority
- the public keys of the test QWAC & QSEALC eiDAS compliant certificates
- the callback uri (redirect_uri)
Reminder : you have to get your "AISP" agrement.
➤ Step-by-step approach
1st step : request the access token
This token is mandatory to consume API resources.
This call triggers the PSU redirection towards his ASPSP. See the use case "Get your token".
Note : if the PSU has accounts in different ASPSP, you need one access token per ASPSP, and therefore, this request has to be used for each ASPSP.
Our entry point depends on ASPSP code : www.<cdetab>.sandbox.api.89C3.com , and for this environment, the only Caisse d'Epargne available is CE Ile de France with <codetab> = 17515.
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/authorize
Headers :
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Params:
response_type:code
client_id:PSDFR-ACPR-13807
redirect_uri:https://www.mycallback.com/
scope:aisp
Remark :
client_id : your organisation agreement identifier as defined by your national competent authority (e.g. PSDXX-YYYY-ZZZZZ).
redirect_uri : callback URL as declared in your APP AND to be forwarded to ASPSP for each sandbox and Go Live requests
2nd step : redirection to PSU screens
Once the redirection is activated, the ASPSP displays to PSU identification and authentification screens.
The UX is shown below :
1) PSU can enter his online banking ID thru the identification screen displayed by the ASPSP.
Note : if PSU is a professional or a corporate, another screen requesting the usage number can be displayed.
2) PSU needs to enter his SCA credentials in the authentication screen.
Different SCA means can be used by the PSU (SMS OTP - see below-, soft token, etc.) :
or for the sandbox
In some cases, a notification can be sent to the PSU on his/her mobile phone to activate his PSU means, or to finish this step :
3rd step : get the access token
You can get your access token to be able to consume API resources.
If the PSU has authorized the TPP to access to his payment account (successful SCA), a 1-hour validity unique code will be genereted. It will be used for requesting the access_token useful to consumme API methods (see use case "Get your token").
Example
POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token
Header :
Content-Type:application/x-www-form-urlencoded; charset=utf-8
Params :
client_id: PSDFR-ACPR-13807
grant_type: authorization_code
code: NnZx1hqHY2CLkCFjiTwhJeflgFedCBa
redirect_uri: https://www.mycallback.com/
Remarks :
client_id : your agreement number as defined by your national competent authority (e.g. PSDXX-YYYY-ZZZZZ).
code : data in callback url
redirect_uri : this data needs to be strictly identical to the "redirect_uri" one used in the GET /authorize request !!!
The QWAC eiDAS certificate has to be sent with this request.
Response :
"token_type": "Bearer",
"expires_in": 3600,
"scope": "aisp",
"refresh_token": "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNewRfrsH"
4th step : use the API methods
1) Get the list of accounts
Once the acces token is received, this methods allows the TPP to list tha payment accounts during the first call (see use case "Get accounts list").
The TPP sequence is as follows :
- GET /accounts to list all available accounts (without any links nor balances neither transactions)
- ask PSU which accounts & data he wants to authorize TPP to get access to
- PUT /consents for sending to ASPSP the list of authorize accounts
- GET /accounts to access to authorized data
Example BEFORE the PUT /consents method:
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts
Header :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-Request-ID: id-1234567890111121 1
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QiMViAmthebEst=\"
Psu-IP-Address:192.168.0.1
No body
Remarks :
Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected
Response : 200 OK
Headers :
X-request-id: id-1234567890111121 1
Content-Type: application/hal+json;charset=UTF-8
Body :
{
"usage":"PRIV",
"psuStatus":"Account Holder",
"name":"CPT DEPOT PART.",
"usage":"PRIV",
"psuStatus":"Account Holder",
"name":"CPT DEPOT PART.",
"href":"/stet/psd2/v1.6.2/accounts"
"href":"/stet/psd2/v1.6.2/consents"
"href":"/stet/psd2/v1.6.2/end-user-identity"
}
Example AFTER the PUT /consents method:
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts
Header :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-Request-ID: id-1234567890111121 2
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QxinDocH1ne=\"
Psu-IP-Address: 192.168.0.1
No body
Remarks :
Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected
Response : 200 OK
Headers :
X-request-id: id-1234567890111121 2
Content-Type: application/hal+json;charset=UTF-8
Body :
{
"cashAccountType":"CACC",
"_links":{
"href":"/stet/psd2/v1.6.2/accounts/175159000004003580740/balances"
"transactions":{
"href":"/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions"
"href":"/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts"
}
"cashAccountType":"CACC",
"_links":{
"href":"/stet/psd2/v1.6.2/accounts/175159000008003580740/balances"
"transactions":{
"href":"/stet/psd2/v1.6.2/accounts/175159000008003580740/transactions"
"href":"/stet/psd2/v1.6.2/accounts/175159000008003580740/overdrafts"
}
}
"href":"/stet/psd2/v1.6.2/accounts"
"href":"/stet/psd2/v1.6.2/consents"
"href":"/stet/psd2/v1.6.2/end-user-identity"
}
2) Send PSU consent to ASPSP
See use case "Forward PSU consent".
Example :
PUT https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/consents
Headers :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-Request-ID: id-1234567890111121 3
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QinCept10n=\"
Psu-IP-Address:192.168.0.1
Body
Body :
{
{
"transactions":[
{
},
"trustedBeneficiaries": false,
"psuIdentity": false
}
Response :
201 « Created »
Headers :
X-Request-ID: id-1234567890111121 3
No body
3) Get the balances
See use case "Accounting balances".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/175159000004003580740/balances
Headers :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-Request-ID: id-1234567890111121 3
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1Qincept10n=\"
Response :
200 OK
Headers :
X-request-id: id-1234567890111121 4
Content-Type: application/hal+json;charset=UTF-8
Body :
{
"balances": [
{
"balanceType": "CLBD",
"name": "Solde comptable au 01/07/2022",
"balanceAmount": {
"amount": "-150.00",
"currency": "EUR"
}
}
],
"_links": {
"self": {
"templated": false,
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances"
},
"transactions": {
"templated": false,
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions"
},
"overdrafts": {
"templated": false,
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts"
},
},
"parent-list": {
"templated": false,
"href": "/stet/psd2/v1.6.2/accounts"
}
}
}
4) Get transactions history
See use case "Get transactions history".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/{accountResourceId}/transactions
Headers :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-Request-ID: id-1234567890111121 5
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<footprint sha256>\",algorithm=\"rsa-sha256\",headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\",signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1T0tOtuTuT1ti=\"
Psu-IP-Address: 192.168.0.1
No body
Response :
200 OK
Headers :
X-Request-ID:id-1234567890111121 5
Content-Type: application/hal+json;charset=UTF-8
Body :
{
"transactions": [
{
"entryReference": "382040554102518000713473520220722",
"transactionAmount": {
"amount": 8.12,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "BOOK",
"bookingDate": "2022-07-23T00:00:00+0200",
"bankTransactionCode": {
"domain": "PMNT",
"family": "RDDT",
"subFamily": "OTHR",
"code": "06",
"issuer": "SI MYSYS - Caisse d'Epargne"
},
"remittanceInformation": {
"unstructured": [
"VIR SEPA BP RIVES PARIS"
]
},
"_links": {
"details": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/RUNIU0VQQTgwMDA3MTM0NzM1IERVMjIwNzIwMjJUXzIzMDcyMDIyXzIwMjItMDctMjMtMDEuMTguNTIuODE4ODMxXzQ2MTAw/details",
"templated": false
}
}
},
{
"entryReference": "382040554102512022-07-12-02.42.40.510668",
"transactionAmount": {
"amount": 11.4,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "BOOK",
"bookingDate": "2022-07-12T00:00:00+0200",
"bankTransactionCode": {
"domain": "ACMT",
"family": "MDOP",
"subFamily": "COMM",
"code": "62",
"issuer": "SI MYSYS - Caisse d'Epargne"
},
"remittanceInformation": {
"unstructured": [
"* COT FORFAIT FSE +"
]
},
"_links": {
"details": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/bnVsbF8xMjA3MjAyMl8yMDIyLTA3LTEyLTAyLjQyLjQwLjUxMDY2OF8zMDYwMA/details",
"templated": false
}
}
},
{
"entryReference": "382040554102512022-07-06-11.22.06.175250",
"transactionAmount": {
"amount": 8.25,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "BOOK",
"bookingDate": "2022-07-06T00:00:00+0200",
"bankTransactionCode": {
"domain": "PMNT",
"family": "ICDT",
"subFamily": "DMCT",
"code": "06",
"issuer": "SI MYSYS - Caisse d'Epargne"
},
"remittanceInformation": {
"unstructured": [
"VIREMENT VERS BP RIVES PARIS"
]
},
"_links": {
"details": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/U0VQQSAyMjE4Nzg1QlAwMDAwMDAyOTk5OThfMDYwNzIwMjJfMjAyMi0wNy0wNi0xMS4yMi4wNi4xNzUyNTBfbnVsbA/details",
"templated": false
}
}
},
{
"entryReference": "382040554102512216685I10000004",
"transactionAmount": {
"amount": 11.33,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "BOOK",
"bookingDate": "2022-06-15T00:00:00+0200",
"bankTransactionCode": {
"domain": "PMNT",
"family": "IRCT",
"subFamily": "ESCT",
"code": "C1",
"issuer": "SI MYSYS - Caisse d'Epargne"
},
"remittanceInformation": {
"unstructured": [
"VIR INST DES C17"
]
},
"_links": {
"details": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/MjIxNjY4NUkxMDAwMDAwNDIwMjIwNjE1ICAgSVAwXzE1MDYyMDIyXzIwMjItMDYtMTUtMTEuMzMuNTcuNTI5ODQzX251bGw/details",
"templated": false
}
}
}
],
"_links": {
"self": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions",
"templated": true
},
"balances": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances",
"templated": false
},
"overdrafts": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts",
"templated": false
},
"parent-list": {
"href": "/stet/psd2/v1.6.2/accounts",
"templated": false
}
}
}
5) Get PSU Identity
See use case "Get PSU identity".
Example :
GET https://www.12579.sandbox.api.89C3.com/stet/psd2/v1.6.2/end-user-identity
6) Get the overdraft
See use case "Get account overdraft".
Example :
GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts
Headers :
Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf
X-request-id: id-1234567890111121 7
Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_<empreinte sha256>\",algorithm=\"rsa-sha256\",headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\",signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1T0tOtuTuT1ti=\"
Psu-IP-Address: 192.168.0.1
Pas de body
Réponse : 200 (=> OK)
Headers :
X-request-id: id-1234567890111121 7
Content-Type: application/hal+json;charset=UTF-8
Body :
{
"overdrafts": {
"allowedAmount": {
"amount": 0,
"currency": "EUR"
}
},
"_links": {
"self": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts",
"templated": false
},
"balances": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances",
"templated": false
},
"transactions": {
"href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions",
"templated": true
},
"parent-list": {
"href": "/stet/psd2/v1.6.2/accounts",
"templated": false
}
}
}
7) Refresh your access token
See use case "Refresh your token".
Example :
POST https://www.12579.sandbox.api.89C3.com/stet/psd2/oauth/token
Header :
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Params:
client_id: PSDFR-ACPR-13807
grant_type: refresh_token
refresh_token: KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAbCdEf
Response :
{
"token_type": "Bearer",
"expires_in": 3600,
"scope": "aisp offline_access",
"refresh_token": "KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAbCdEf"
}