This token is mandatory to consume API resources.

This call triggers the PSU redirection towards his ASPSP. See the use case "Get your token".

Note : if the PSU has accounts in different ASPSP, you need one access token per ASPSP, and therefore, this request has to be used for each ASPSP.

Our entry point depends on ASPSP code : www.<cdetab>.sandbox.api.89C3.com , and for this environment, the only Caisse d'Epargne available is CE Ile de France with <codetab> = 17515.

Example :

GET  https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/authorize

Headers :

Content-Type : application/x-www-form-urlencoded; charset=utf-8

Params:

   response_type:code

   client_id:PSDFR-ACPR-13807

   redirect_uri:https://www.mycallback.com/

    scope:aisp

Remark : 

    client_id : your organisation agreement identifier as defined by your national competent authority (e.g. PSDXX-YYYY-ZZZZZ).

    redirect_uri : callback URL as declared in your APP  AND  to be forwarded to ASPSP for each sandbox and Go Live requests 

2nd step : redirection to PSU screens  

Once the redirection is activated, the ASPSP displays to PSU identification and authentification screens. 

The UX is shown below :  

1) PSU can enter his online banking ID thru the identification screen displayed by the ASPSP.

Note : if PSU is a professional or a corporate, another screen requesting the usage number can be displayed.

2) PSU needs to enter his SCA credentials in the authentication screen.

Different SCA means can be used by the PSU (SMS OTP - see below-, soft token, etc.) :

   or for the sandbox  

In some cases, a notification can be sent to the PSU on his/her mobile phone to activate his PSU means, or to finish this step :

3rd step : get the access token   

You can get your access token to be able to consume API resources.

If the PSU has authorized the TPP to access to his payment account (successful SCA), a 1-hour validity unique code will be genereted. It will be used for requesting the access_token useful to consumme API methods (see use case "Get your token").

Example 

POST https://www.17515.sandbox.api.89C3.com/stet/psd2/oauth/token

Header :

Content-Type:application/x-www-form-urlencoded; charset=utf-8

Params :

client_id: PSDFR-ACPR-13807

grant_type: authorization_code

code: NnZx1hqHY2CLkCFjiTwhJeflgFedCBa

      redirect_uri: https://www.mycallback.com/

Remarks : 

   client_id : your agreement number as defined by your national competent authority (e.g. PSDXX-YYYY-ZZZZZ).

   code : data in callback url 

   redirect_uri : this data needs to be strictly identical to the "redirect_uri" one used in the GET /authorize request !!!

   The QWAC eiDAS certificate has to be sent with this request.

Response : 

 4th step : use the API methods   

1) Get the list of accounts 

Once the acces token is received, this methods allows the TPP to list tha payment accounts during the first call (see use case "Get accounts list"). 

The TPP sequence is as follows :

1. GET /accounts to list all available accounts (without any links nor balances neither transactions)
2. ask PSU which accounts & data he wants to authorize TPP to get access to 
3. PUT /consents for sending to ASPSP the list of authorize accounts 
4. GET /accounts to access to authorized data 

Example BEFORE the PUT /consents method:

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts

Header :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-Request-ID: id-1234567890111121 1 

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QiMViAmthebEst=\"

Psu-IP-Address:192.168.0.1

No body

Remarks :

Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected

Response : 200 OK

Headers :
 

X-request-id: id-1234567890111121 1

Content-Type: application/hal+json;charset=UTF-8

Body :

{

Example AFTER the PUT /consents method:

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts

Header :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-Request-ID: id-1234567890111121 2

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QxinDocH1ne=\"

Psu-IP-Address: 192.168.0.1

No body

Remarks :

Psu-Ip-Address => allows to differentiate batch request triggered by the TPP from requests whenever connected PSU to TPP app : so this field has to be filled when the PSU is connected

Response : 200 OK

Headers :

X-request-id: id-1234567890111121 2

Content-Type: application/hal+json;charset=UTF-8

Body :

{

2) Send PSU consent to ASPSP 

See use case "Forward PSU consent". 

Example :

PUT https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/consents

Headers :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-Request-ID: id-1234567890111121 3

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1QinCept10n=\"

Psu-IP-Address:192.168.0.1

Body

Body :
{

}

Response :

201 « Created »

Headers :

X-Request-ID: id-1234567890111121 3

 No body

3) Get the balances  

See use case "Accounting balances". 

Example :

      GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/175159000004003580740/balances

Headers :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-Request-ID: id-1234567890111121 3

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<footprint sha256>\", algorithm=\"rsa-sha256\", headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\", signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1Qincept10n=\"

Response :

200 OK

Headers :

X-request-id: id-1234567890111121 4

Content-Type: application/hal+json;charset=UTF-8

Body :

{

   "balances": [

       {

           "balanceType": "CLBD",

           "name": "Solde comptable au 01/07/2022",

           "balanceAmount": {

               "amount": "-150.00",

               "currency": "EUR"

           }

       }

   ],

   "_links": {

       "self": {

           "templated": false,

           "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances"

       },

    "transactions": {

           "templated": false,

           "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions"

       },

   "overdrafts": {

           "templated": false,

           "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts"

       },

    },

       "parent-list": {

           "templated": false,

           "href": "/stet/psd2/v1.6.2/accounts"

       }

   }

}

4) Get transactions history 

See use case "Get transactions history". 

Example :

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/{accountResourceId}/transactions

Headers :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-Request-ID: id-1234567890111121 5

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<footprint sha256>\",algorithm=\"rsa-sha256\",headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\",signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1T0tOtuTuT1ti=\"

Psu-IP-Address: 192.168.0.1

No body

Response :

200 OK

Headers :

X-Request-ID:id-1234567890111121 5

Content-Type: application/hal+json;charset=UTF-8

Body :

{

"transactions": [

   {

     "entryReference": "382040554102518000713473520220722",

     "transactionAmount": {

       "amount": 8.12,

       "currency": "EUR"

     },

     "creditDebitIndicator": "DBIT",

     "status": "BOOK",

     "bookingDate": "2022-07-23T00:00:00+0200",

     "bankTransactionCode": {

       "domain": "PMNT",

       "family": "RDDT",

       "subFamily": "OTHR",

       "code": "06",

       "issuer": "SI MYSYS - Caisse d'Epargne"

     },

     "remittanceInformation": {

       "unstructured": [

         "VIR SEPA BP RIVES PARIS"

       ]

     },

     "_links": {

       "details": {

          "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/RUNIU0VQQTgwMDA3MTM0NzM1IERVMjIwNzIwMjJUXzIzMDcyMDIyXzIwMjItMDctMjMtMDEuMTguNTIuODE4ODMxXzQ2MTAw/details",

          "templated": false

        }

      }

    },

    {

      "entryReference": "382040554102512022-07-12-02.42.40.510668",

      "transactionAmount": {

        "amount": 11.4,

        "currency": "EUR"

      },

      "creditDebitIndicator": "DBIT",

      "status": "BOOK",

      "bookingDate": "2022-07-12T00:00:00+0200",

      "bankTransactionCode": {

        "domain": "ACMT",

        "family": "MDOP",

        "subFamily": "COMM",

        "code": "62",

        "issuer": "SI MYSYS - Caisse d'Epargne"

      },

      "remittanceInformation": {

        "unstructured": [

          "* COT FORFAIT FSE +"

        ]

      },

      "_links": {

        "details": {

          "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/bnVsbF8xMjA3MjAyMl8yMDIyLTA3LTEyLTAyLjQyLjQwLjUxMDY2OF8zMDYwMA/details",

          "templated": false

        }

      }

    },

    {

      "entryReference": "382040554102512022-07-06-11.22.06.175250",

      "transactionAmount": {

        "amount": 8.25,

        "currency": "EUR"

      },

      "creditDebitIndicator": "DBIT",

      "status": "BOOK",

      "bookingDate": "2022-07-06T00:00:00+0200",

      "bankTransactionCode": {

        "domain": "PMNT",

        "family": "ICDT",

        "subFamily": "DMCT",

        "code": "06",

        "issuer": "SI MYSYS - Caisse d'Epargne"

      },

      "remittanceInformation": {

        "unstructured": [

          "VIREMENT VERS BP RIVES PARIS"

        ]

      },

      "_links": {

        "details": {

          "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/U0VQQSAyMjE4Nzg1QlAwMDAwMDAyOTk5OThfMDYwNzIwMjJfMjAyMi0wNy0wNi0xMS4yMi4wNi4xNzUyNTBfbnVsbA/details",

          "templated": false

        }

      }

    },

    {

      "entryReference": "382040554102512216685I10000004",

      "transactionAmount": {

        "amount": 11.33,

        "currency": "EUR"

      },

      "creditDebitIndicator": "DBIT",

      "status": "BOOK",

      "bookingDate": "2022-06-15T00:00:00+0200",

      "bankTransactionCode": {

        "domain": "PMNT",

        "family": "IRCT",

        "subFamily": "ESCT",

        "code": "C1",

        "issuer": "SI MYSYS - Caisse d'Epargne"

      },

      "remittanceInformation": {

        "unstructured": [

          "VIR INST DES C17"

        ]

      },

      "_links": {

        "details": {

          "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions/MjIxNjY4NUkxMDAwMDAwNDIwMjIwNjE1ICAgSVAwXzE1MDYyMDIyXzIwMjItMDYtMTUtMTEuMzMuNTcuNTI5ODQzX251bGw/details",

          "templated": false

        }

      }

    }

],

  "_links": {

    "self": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions",

      "templated": true

    },

    "balances": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances",

      "templated": false

    },

    "overdrafts": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts",

      "templated": false

    },

    "parent-list": {

      "href": "/stet/psd2/v1.6.2/accounts",

      "templated": false

    }

  }

}

5) Get PSU Identity

See use case "Get PSU identity". 

Example :

GET https://www.12579.sandbox.api.89C3.com/stet/psd2/v1.6.2/end-user-identity

6) Get the overdraft

See use case "Get account overdraft". 

Example :

GET https://www.17515.sandbox.api.89C3.com/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts

Headers :

Authorization: Bearer KXZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoI0Kr2rSi1mSCFNehAbCdEf

X-request-id: id-1234567890111121 7

Signature: keyId=\"https://<www.myUrlPath.to>/myQsealCertificate_‎<empreinte sha256>\",algorithm=\"rsa-sha256\",headers=\"(request-target) psu-ip-address psu-ip-port psu-http-method psu-date psu-user-agent psu-referer psu-accept psu-accept-charset psu-accept-encoding psu-accept-language digest\",signature=\"LbkxgICM48J6KdWNaF9qT7OWEorNlAwWNo6R+KkP7cP4TIGkk8wxcsGQXJ9ZnC+ZiA8mjL5S8WQyL41M7iPt+vJX4xh679gdGwmlKzn7E+ZtZ1I4qalRxcdLp4gBL7fll+C2lVBNJrViMJBezFK7AYVjnSWH7t1T0tOtuTuT1ti=\"

Psu-IP-Address: 192.168.0.1

Pas de body

Réponse : 200 (=> OK)

Headers :

X-request-id: id-1234567890111121 7

Content-Type: application/hal+json;charset=UTF-8

Body :

{

  "overdrafts": {

    "allowedAmount": {

      "amount": 0,

      "currency": "EUR"

    }

  },

  "_links": {

    "self": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/overdrafts",

      "templated": false

    },

    "balances": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/balances",

      "templated": false

    },

    "transactions": {

      "href": "/stet/psd2/v1.6.2/accounts/175159000004003580740/transactions",

      "templated": true

    },

    "parent-list": {

      "href": "/stet/psd2/v1.6.2/accounts",

      "templated": false

    }

  }

}

7) Refresh your access token

See use case "Refresh your token". 

Example :

POST https://www.12579.sandbox.api.89C3.com/stet/psd2/oauth/token

Header : 

Content-Type : application/x-www-form-urlencoded; charset=utf-8

Params:

client_id: PSDFR-ACPR-13807

grant_type: refresh_token

refresh_token: KUZyspFBZ1R6NqWQdmsZhfdo1nbjK7MoD0Kr2rSi1mSCFNehAbCdEf

Response : 

{

}