Introduction

Welcome to Enable Banking SDK developer documentation!

We are happy that you are interested our solution and hope that in this documentation you'll be able to find all information you need when using our SDK. If not, feel free to contact us at hello@enablebanking.com.

$ git clone https://github.com/enablebanking/OpenBankingJavaExamples

$ git clone https://github.com/enablebanking/OpenBankingJSExamples

$ git clone https://github.com/enablebanking/OpenBankingPythonExamples

Enable Banking SDK provides native Java, Javascript and Python libraries for connecting directly from your code to a number of Open Banking APIs without intermediate aggregation services. The libraries provide unified interface for interacting with multiple ASPSPs (banks), harmonize data and implement all cryptographic functionality needed for interaction with PSD2 APIs, such as mTLS connection using eIDAS QWAC and request signing using eIDAS QSeal certificate.

It's the easiest to get started with the SDK by using our code samples. The complete code samples for Java, Javascript and Python are available under our Github account: https://github.com/enablebanking.

For starting you need to have a developer license, which you can order on our website. You will get your developer SDK, which is connected Open Banking API sandboxes.

For production usage please contact us via e-mail.

User guide

Authorization and user token refresh

This section describes a basic authorization flow and access token refreshing flow (if it is supported by an ASPSP).

In order to execute this flow correctly for a specific ASPSP (bank) connector, one should obtain connector's meta information and build your flow according to that information.

Below is the basic example of how such flow can be implemented.

0. Import library and choose connector

import com.enablebanking.ApiClient;
import com.enablebanking.api.AuthApi;
import com.enablebanking.api.MetaApi;
import com.enablebanking.model.*;

// Initializing meta interface.
MetaApi metaApi = new MetaApi(new ApiClient());

// Getting connectors for a country.
HalConnectors connectors = metaApi.getConnectors("FI");

// Finding meta data for a desired connector
Connector connectorMeta = null;
for (Connector conn : connectors.getConnectors()) {
    if (conn.getName().equals('Sample')) {
        connectorMeta = conn;
        break;
    }
}

const enablebanking = require('enablebanking');

// Initializing meta interface.
const metaApi = new enablebanking.MetaApi(new enablebanking.ApiClient());

// Getting connectors for a country.
const connectors = await metaApi.getConnectors({country: 'FI'});

// Finding meta data for a desired connector
let connectorMeta;
for (const conn of connectors.connectors) {
    if (conn.name == 'Sample') {
      connectorMeta = conn;
      break;
    }
  }

import enablebanking

// Initializing meta interface.
meta_api = enablebanking.MetaApi(enablebanking.ApiClient())

// Getting connectors for a country.
connectors_info = meta_api.get_connectors(country='FI')

// Finding meta data for a desired connector
connector_meta = None
for conn in .connectors:
    if conn.name == 'Sample':
        connector_meta = conn
        break

First of all we are getting the list of connectors for a country and choosing one connector, which we are going to used. In real-world case a list of banks accessed with the connectors, shall be shown to a user for making a choise. In the code sample we are just using 'Sample'.

1. Initialize API client and authentication interface

// Initializing settings; connector settings class to be replaced with a real one.
ConnectorSettings settings = new SampleConnectorSettings()
    // other settings, including callback redirect URI, to be set here
    .sandbox(true);

// Creating client instance.
ApiClient apiClient = new ApiClient(settings);

// Initializing authentication interface.
AuthApi authApi = new AuthApi(apiClient);

// Creating client instance; connector name to be replaced with a real one.
const apiClient = new enablebanking.ApiClient('Sample', [
  true, // sandbox
  /* other settings, including callback redirect URI, to be set here */
]);

// Initializing authentication interface.
const authApi = new enablebanking.AuthApi(apiClient);

// Creating client instance; connector name to be replaced with a real one.
api_client = enablebanking.ApiClient(
    "Sample",
    {
        "sandbox": True,
        # other settings, including callback redirect URI, to be set here
    })

// Initializing authentication interface.
auth_api = enablebanking.AuthApi(api_client)

After the choise has been made, we need to initialize API client for the chosen connector and create the authentication interface.

Connector settings (i.e. set of parameters used when initializing API client) differ from one connector to another. Description of settings for every connector can be found here.

2. Initiate user authentication

// Checking if user ID is required when initiating user authentication.
String userId = null;
if (connectorMeta.getAuthInfo().get(0).getInfo().isUserIdRequired()) {
    // Setting userId; in real case it is coming from a user.
    userId = "someUserId";
}

// Checking if user consent can be received while user authentication.
Access access = null;
if (connectorMeta.getAuthInfo().get(0).getInfo().isAccess()) {
    // Initializing access, i.e. scope of access, which user needs to consent with.
    access = new Access(/* user consent parameters */);
}

// Initiating user authentication
Auth auth = authApi.getAuth(
    "test", // state returned to callback redirect URI
    userId,
    access);

// Sending user to this URL for authentication
String authUrl = auth.url;

// Checking if user ID is required when initiating user authentication.
let userId;
if (connectorMeta.authInfo[0].info.userIdRequired) {
  // Setting userId; in real case it is coming from a user.
  userId = "someUserId";
}

// Checking if user consent can be received while user authentication.
let access;
if (connectorMeta.authInfo[0].info.access) {
  // Initializing access, i.e. scope of access, which user needs to consent with.
  access = new Access(/* user consent parameters */);
}

// Initiating user authentication
const auth = await authApi.getAuth({
  state: 'test', // state returned to callback redirect URI
  access: access,
  userId: userId
});

// Sending user to this URL for authentication
const authUrl = auth.url;

# Checking if user ID is required when initiating user authentication.
user_id = None
if connector_meta.auth_info[0].info.user_id_required:
    # Setting userId; in real case it is coming from a user.
    user_id = "some_user_id"

# Checking if user consent can be received while user authentication.
access = None
if connector_meta.auth_info[0].info.access:
    # Initializing access, i.e. scope of access, which user needs to consent with.
    access = enablebanking.Access(
        # user consent parameters
    )

# Initiating user authentication
auth = auth_api.get_auth(
    state='test', # state returned to callback redirect URI
    user_id=user_id,
    access=access)

# Sending user to this URL for authentication
url = auth.url

Some connectors require user ID to be set when initiating user authentication. This information is available in connector meta and user ID shall be requested from a user.

Also scope of access, which user needs to consent with, shall be set. It will be used if user consent can be received while user authentication. If not, modify consents shall be used later on. By default widest possible scope will be requested.

And after the parameters are set, user authentication shall be initiated.

3. Obtain authorization code and get an access token

// Extracting data from the URL where user was redirected to after authentication.
AuthRedirect redirectInfo = authApi.parseRedirectUrl("https://your.domain/callback");

// Obtaining user access token (and possibly refresh token as well).
Token token = authApi.makeToken(
    "authorization_code", // grant type
    redirectInfo.code, // authorization code
    auth.env // authentication environment
);

// Extracting data from the URL where user was redirected to after authentication.
AuthRedirect redirectInfo = authApi.parseRedirectUrl('https://your.domain/callback');

// Obtaining user access token (and possibly refresh token as well).
const token = await authApi.makeToken(
  'authorization_code', // grant type
  redirectInfo.code, // authorization code
  auth.env // authentication environment
)

# Extracting data from the URL where user was redirected to after authentication.
redirect_info = auth_api.parse_redirect_url("https://your.domain/callback")

# Obtaining user access token (and possibly refresh token as well).
token = auth_api.make_token(
    "authorization_code",  # grant type
    code,  # authorization code
    auth.env)

After the user has authenticated (and is redirected back to the desired URL), we are parsing this callback redirect URL to obtain an authorization code and other data.

The authorization code is to be used when making user access token. Along with the access token, returned Token data structure contains lifetime of the access token in seconds and refresh token (if it is supported).

4. Refresh access token (when needed)

Token refreshedToken = null;
if (connectorMeta.isRefreshToken()) {
    refreshedToken = authApi.makeToken(
        "refresh_token",  // grant type
        token.getRefreshToken(),  // refresh token
        null // environment is not needed for token refresh
    );
}

let refreshedToken;
if (connectorMeta.refreshToken) {
  refreshedToken = authApi.makeToken(
    "refresh_token", // grant type
    token.refresh_token // refresh token
  );
}

refreshed_token = None
if connector_meta.refresh_token:
    refreshed_token = auth_api.make_token(
        "refresh_token",
        token.refresh_token
    )

When supported, refresh token can be used for obtaining new user access token.

Information on whether refresh tokens are supported by a connector can be seen in the connector meta.

SDK reference

enable:Banking SDK consists of 4 interfaces:

Meta provides information about available connectors;
Auth provides PSU (bank user) authentication and token creation functionality;
AISP provides functions for accessing account information, such as transactions and balances, on behalf of a PSU;
PISP provides functions for initiating and conforming payment requests.

The same calls and data structures are used for interacting with different ASPSPs (banks). In order to use each of the interfaces corresponding instance needs to be created. When instantiating any of the interfaces except Meta, ASPSP connector name and settings need to be supplied. The settings differ from one connector to another (although many of them have the same properties) and are described in the Connectors section of the documentation.

enable:Banking SDK interfaces are based on STET PSD2 specification, but have been modified and extended in order to support usage scenarious beyond the original specification.

License: LicenseRef-LICENSE

Meta API

getConnectors

const enablebanking = require('enablebanking');

const metaApi = new enablebanking.MetaApi(new enablebanking.ApiClient());

const connectors = await metaApi.getConnectors({
  country: 'FI' // requesting connectors for Finland
});

import enablebanking

meta_api = enablebanking.MetaApi(enablebanking.ApiClient())

connectors = meta_api.get_connectors(
    country='FI') # requesting connectors for Finland

import com.enablebanking.*;
import com.enablebanking.model.*;
import com.enablebanking.api.MetaApi;

MetaApi metaApi = new MetaApi(new ApiClient());

HalConnectors connectors = metaApi.getConnectors("FI"); // connectors for Finland

Retrieval of the available connectors

This call returns a list of available connectors, either all or for the specified country.

Parameters

Name	Type	Required	Description
country	string	false	Country ISO 3166-1 alpha-2 code

Returned value

Data type: HalConnectors

List of connectors

Auth API

getAuth

const enablebanking = require('enablebanking');

const authApi = new enablebanking.AuthApi(
  new enablebanking.ApiClient('Bank name', [ /* Bank settings */ ]));

const { url } = await authApi.getAuth(
  {
    state: 'test' // state to pass to redirect URL
  });

import enablebanking

auth_api = enablebanking.AuthApi(enablebanking.ApiClient(
    'Bank name',
    {
      # Bank settings
    })

url = auth_api.get_auth(
    state='test', # state to pass to redirect URL
).url

import java.util.List;
import java.util.ArrayList;
import java.util.Arrays;
import com.enablebanking.ApiClient;
import com.enablebanking.model.*;
import com.enablebanking.api.AuthApi;

List bankSettings = new ArrayList();
// Filling in bank settings here...

AuthApi authApi = new AuthApi(new ApiClient("Bank name", bankSettings));

String url = authApi.getAuth(
    "test", // state to pass to redirect URL
    null,  // user id
    null, // password
    null // not passing access request (bank's defaults will be used)
).url;

Request Authorization Data

Get authorization data such as authorization URL

Parameters

Name	Type	Required	Description
state	string	false	Arbitrary String to be returned from to redirect URI
user_id	string	false	Identification of a PSU to be authenticated (used only for ASPSPs, which do not provide user interface for entering user ID on the authentication web page)
password	string	false	Identification of a PSU to be authenticated (used only for ASPSPs, which do not provide user interface for entering user ID and password on the authentication web page)
access	Access	false	Request for access to account information

Detailed descriptions

access: Request for access to account information This parameter should be set to override defaults for the banks, which allow PSUs to give consent for account information sharing right after authentication.

Returned value

Data type: Auth

Authorization Data

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

makeToken

const enablebanking = require('enablebanking');

const authApi = new enablebanking.AuthApi(
  new enablebanking.ApiClient('Bank name', [ /* Bank settings */ ]));

const token = await authApi.makeToken(
  'authorization_code', // grant type, MUST be set to "authorization_code"
  'so43ls-3ldg03sd-hl4saa3l2sl5czfhl3'); // The code received in the query string when redirected from authorization

import enablebanking

auth_api = enablebanking.AuthApi(enablebanking.ApiClient(
    'Bank name',
    {
      # Bank settings
    })

token = auth_api.make_token(
    'authorization_code', # grant type, MUST be set to "authorization_code"
    'so43ls-3ldg03sd-hl4saa3l2sl5czfhl3') # The code received in the query string when redirected from authorization

import java.util.List;
import java.util.ArrayList;
import com.enablebanking.ApiClient;
import com.enablebanking.model.*;
import com.enablebanking.api.AuthApi;

List bankSettings = new ArrayList();
// Filling in bank settings here...

AuthApi authApi = new AuthApi(new ApiClient("Bank name", bankSettings));

Token token = authApi.makeToken(
    "authorization_code", // grant type, MUST be set to "authorization_code"
    "so43ls-3ldg03sd-hl4saa3l2sl5czfhl3" // The code received in the query string when redirected from authorization
);

Request Access Token

Requests new access token for retrieving data on behalf of the authenticated user.

Parameters

Name	Type	Required	Description
grant_type	string	true	Value should be set to `authorization_code` or `refresh_token` depending on what
code	string	true	Value of either the code received in the query string when redirected from
auth_env	string	false	Additional environment data for makeToken. This parameter is only required for some connectors.

Detailed descriptions

grant_type: Value should be set to authorization_code or refresh_token depending on what passed to code parameter.

code: Value of either the code received in the query string when redirected from authorization page or the refresh token used for renewing access token.

Enumerated Values

grant_type

Value	Description
authorization_code	Used to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
refresh_token	Used to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user. Please note that refresh token is likely to be changed when calling `makeToken` with `refresh_token` grant type.

Returned value

Data type: Token

Authorisation token (Bearer)

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

getCurrentToken

const enablebanking = require('enablebanking');

const authApi = new enablebanking.AuthApi(
  new enablebanking.ApiClient('Bank name', [ /* Bank settings */ ]));

const token = await authApi.getCurrentToken();

import enablebanking

auth_api = enablebanking.AuthApi(enablebanking.ApiClient(
    'Bank name',
    {
      # Bank settings
    })

token = auth_api.get_current_token()

import java.util.List;
import java.util.ArrayList;
import com.enablebanking.ApiClient;
import com.enablebanking.model.*;
import com.enablebanking.api.AuthApi;

List bankSettings = new ArrayList();
// Filling in bank settings here...

AuthApi authApi = new AuthApi(new ApiClient("Bank name", bankSettings));

Token token = authApi.getCurrentToken();

Get current token data

This method is used to retrieve current values of access, refresh and id tokens used for accessing AIS and PIS APIs.

Returned value

Data type: Token

Current token. Values for some fields might be missing if not used.

parseRedirectUrl

Parsing of redirect url during authorization

During authorization process user is redirected to a redirect url specified by TPP, where query/fragment parameters are added to the redirect url. This function parses those parameters.

Parameters

Name	Type	Required	Description
redirectUrl	string	true	Redirect url

Returned value

Data type: AuthRedirect

Structured data extracted from redirect URL

setClientInfo

Set extra PSU headers

Set extra PSU headers such as PSU-IP-Address

Parameters

Name	Type	Required	Description
clientInfo	ClientInfo	false	ClientInfo object with PSU headers

Returned value

Data type: None

Client Info was successfully set.

AISP API

getAccounts

const enablebanking = require('enablebanking');

const aispApi = new enablebanking.AISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

const accounts = await aispApi.getAccounts();

import enablebanking

aisp_api = enablebanking.AISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

accounts = aisp_api.get_accounts()

import com.enablebanking.ApiClient;
import com.enablebanking.api.AispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

AispApi aispApi = new AispApi(new ApiClient(connectorSettings));

HalAccounts accounts = aispApi.getAccounts();

Retrieval of the PSU accounts (AISP)

Description

This call returns all payment accounts that are relevant the PSU on behalf of whom the AISP is connected.

Prerequisites

Valid PSU access token shall be set in the connector.
For ASPSPs requiring PSU consent for listing the accounts, consent ID shall be set in the connector.

Business flow

The TPP sends a request to the ASPSP for retrieving the list of the PSU payment accounts. The ASPSP computes the relevant PSU accounts and builds the answer as an accounts list. Each payment account will be provided with its characteristics returned by ASPSP, which may vary between ASPSPs and depending on the consent given by the PSU.

Returned value

Data type: HalAccounts

Returned value consists of the list of the accounts that have been made available to the AISP by the PSU and HYPERMEDIA links to the related resources provided by ASPSP through the API.

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.
DataRetrievalException	Raised when unable to retrieve data requested from ASPSP API.
InsufficientScopeException	Raised when consent given by the PSU does not allow to retrieve requested data.
InvalidResponseSignatureException	none

getAccountBalances

const enablebanking = require('enablebanking');

const aispApi = new enablebanking.AISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

const balances = await aispApi.getAccountBalances('203059694928560295396833');

import enablebanking

aisp_api = enablebanking.AISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

balances = aisp_api.get_account_balances('203059694928560295396833')

import com.enablebanking.ApiClient;
import com.enablebanking.api.AispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

AispApi aispApi = new AispApi(new ApiClient(connectorSettings));

HalBalances balances = aispApi.getAccountBalances("203059694928560295396833")

Retrieval of an account balances report (AISP)

Description

This call returns a set of balances for a given PSU account that is specified by the AISP through an account resource identification.

ASPSPs provide at least the accounting balance on the account.
ASPSPs can provide other balance restitutions, e.g. instant balance, as well, if possible.
Actually, from the PSD2 perspective, any other balances that are provided through the Web-Banking service of the ASPSP must also be provided by this ASPSP through the API.

Prerequisites

Valid PSU access token shall be set in the connector.
Consent ID shall be set in the connector.
The TPP has previously retrieved the list of available accounts for the PSU.

Business flow

The AISP requests the ASPSP on one of the PSU’s accounts.
The ASPSP answers by providing a list of balances on this account.

Parameters

Name	Type	Required	Description
accountResourceId	string	true	Identification of account resource to fetch

Returned value

Data type: HalBalances

Returned value consists of the list of account balances and HYPERMEDIA links to the related resources provided by ASPSP through the API.

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.
DataRetrievalException	Raised when unable to retrieve data requested from ASPSP API.
InsufficientScopeException	Raised when consent given by the PSU does not allow to retrieve requested data.
InvalidResponseSignatureException	none

getAccountTransactions

const enablebanking = require('enablebanking');

const aispApi = new enablebanking.AISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

const transactions = await aispApi.getAccountTransactions('203059694928560295396833');

import enablebanking

aisp_api = enablebanking.AISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

transactions = aisp_api.get_account_transactions('203059694928560295396833')

import com.enablebanking.ApiClient;
import com.enablebanking.api.AispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

AispApi aispApi = new AispApi(new ApiClient(connectorSettings));

HalTransactions transactions = aispApi.getAccountTransactions("203059694928560295396833");

Retrieval of an account transaction set (AISP)

Description

This call returns transactions for an account for a given PSU account that is specified by the AISP through an account resource identification. The request may use some filter parameter in order to restrict the query

on a given imputation date range
past a given incremental technical identification

Prerequisites

Valid PSU access token shall be set in the connector.
Consent ID shall be set in the connector.
The TPP has previously retrieved the list of available accounts for the PSU.

Business flow

The AISP requests the ASPSP on one of the PSU’s accounts. It may specify some selection criteria. The ASPSP answers by a set of transactions that matches the query.

Parameters

Name	Type	Required	Description
accountResourceId	string	true	Identification of account resource to fetch
dateFrom	string(date-time)	false	Inclusive minimal imputation date of the transactions.
dateTo	string(date-time)	false	Exclusive maximal imputation date of the transactions.
continuationKey	string	false	Specifies the value on which the result has to be computed.
transactionStatus	TransactionStatus	false	Transactions having a transactionStatus equal to this parameter are included within the result.

Detailed descriptions

dateFrom: Inclusive minimal imputation date of the transactions.

Transactions having an imputation date equal to this parameter are included within the result.

dateTo: Exclusive maximal imputation date of the transactions.

Transactions having an imputation date equal to this parameter are not included within the result.

continuationKey: Specifies the value on which the result has to be computed.

Enumerated Values

transactionStatus

Value	Description
BOOK	(ISO20022 ClosingBooked) Accounted transaction
CNCL	Cancelled transaction
HOLD	Account hold
OTHR	Transaction with unknown status or not fitting the other options
PDNG	(ISO20022 Expected) Instant Balance Transaction
RJCT	Rejected transaction
SCHD	Scheduled transaction

Returned value

Data type: HalTransactions

Complete transactions response

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.
DataRetrievalException	Raised when unable to retrieve data requested from ASPSP API.
InsufficientScopeException	Raised when consent given by the PSU does not allow to retrieve requested data.
InvalidResponseSignatureException	none

modifyConsents

const enablebanking = require('enablebanking');

const aispApi = new enablebanking.AISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

const consent = await aispApi.modifyConsents({
  access: {
    balances: ['203059694928560295396833'],
    transactions: [],
    trustedBeneficiaries: false,
    psuIdentity: true
  }
});

import enablebanking

aisp_api = enablebanking.AISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

consent = aisp_api.modify_consents(
    access=enablebanking.Access(
        # default access to balances
        balances=enablebanking.BalancesAccess(),
        # default access to transactions
        transactions=enablebanking.TransacrionsAccess(),
        trusted_beneficiaries=False,
        psu_identity=True,
    ),
)

import com.enablebanking.ApiClient;
import com.enablebanking.api.AispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

AispApi aispApi = new AispApi(new ApiClient(connectorSettings));

Consent consent = aispApi.modifyConsents(
  new Access()
    .balances(new BalancesAccess()) // default access to balances
    .transactions(new TransactionsAccess()) // default access to transactions
    .trustedBeneficiaries(false)
    .psuIdentity(true));

Forwarding the PSU consent (AISP)

Description

This call requests ASPSP to set the consent of an authenticated PSU. In the mixed detailed consent on accounts

the AISP captures the consent of the PSU
then it forwards this consent to the ASPSP

This consent replaces any prior consent that was previously sent by the AISP.

Prerequisites

Valid PSU access token shall be set in the connector.
For ASPSPs allowing consent to be give only for specified accounts, the list of accounts shall be retrieved.

Business flow

The PSU specifies to the AISP which of his/her accounts will be accessible and which functionalities should be available. The AISP forwards these settings to the ASPSP.

Parameters

Name	Type	Required	Description
access	Access	false	List of consents granted to the AISP by the PSU.

Returned value

Data type: Consent

Created or modified consent

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

getCurrentConsent

const enablebanking = require('enablebanking');

const aispApi = new enablebanking.AISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

const consent = await aispApi.getCurrentConsent();

import enablebanking

aisp_api = enablebanking.AISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

consent = aisp_api.get_current_consent()

import com.enablebanking.ApiClient;
import com.enablebanking.api.AispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

AispApi aispApi = new AispApi(new ApiClient(connectorSettings));

Consent consent = aispApi.getCurrentConsent();

Returns current consent (AISP)

Description

This call returns the consent current being used by the ASPSP connector, i.e. either explicitly set when the connector is initialized or as side effect produced by `getAuth` call.

Returned value

Data type: Consent

Current consent used for accessing AIS APIs.

deleteConsent

Deletes consent (AISP)

Description

Revokes PSU consent by specified consent ID. After the consent is revoked, it becomes invalid and can not be used for futher API requests.

Business flow

The PSU signals that he/she wants to revoke his consent for TPP to access account information. The TPP makes a request to the ASPSP to revoke PSU consent. The consent becomes invalid and its ID can not be used for consequent calls.

Parameters

Name	Type	Required	Description
consentId	string	true	Identification of consent to fetch

Returned value

Data type: None

Consent successfully revoked

PISP API

makePaymentRequest

const enablebanking = require('enablebanking');

const pispApi = new enablebanking.PISPApi(
  new enablebanking.ApiClient('ConnectorName', [ /* Connector settings */ ]));

// Making payment request with credit transafer transaction of one element
const requestCreation = await pispApi.makePaymentRequest({
  creditTransferTransaction: [{
    instructedAmount: {
      amount: '12.25', // amount
      currency: 'EUR' // currency code
    },
    beneficiary: {
      creditor: {
        name: 'Creditor Name' // payee (merchant) name
      },
      creditorAccount: {
        iban: 'FI4966010005485495' // payee account number
      }
    }
  }],
  debtor: {
    name: 'Debtor Name' // payer (account holder) name
  },
  debtorAccount: {
    iban: 'FI3839390001384700' // payer account number
  }
});

import enablebanking

pisp_api = enablebanking.PISPApi(enablebanking.ApiClient(
    'ConnectorName',
    {
      # Connector settings
    }))

# Making payment request with credit transafer transaction of one element
request_creation = pisp_api.make_payment_request(
    enablebanking.PaymentRequestResource(
        credit_transfer_transaction=[
            enablebanking.CreditTransferTransaction(
                instructed_amount=enablebanking.AmountType(
                    amount='12.25', # amount
                    currency='EUR'), # currency code
                beneficiary=enablebanking.Beneficiary(
                    creditor=enablebanking.PartyIdentification(
                        name='Creditor Name'), # payee (merchant) name
                    creditor_account=enablebanking.AccountIdentification(
                        iban='FI4966010005485495'), # payee account number
                ),
            ),
        ],
        debtor=enablebanking.PartyIdentification(
            name='Debtor Name'), # payer (account holder) name
        debtor_account=enablebanking.AccountIdentification(
            iban='FI3839390001384700'), # payer account number
    ))

import java.math.BigDecimal;
import java.util.Arrays;

import com.enablebanking.ApiClient;
import com.enablebanking.api.PispApi;
import com.enablebanking.model.*;

// To be replaced with real connector settings class and set properties
ConnectorSettings connectorSettings = new SomeBankConnectorSettings();

PispApi pispApi = new PispApi(new ApiClient(connectorSettings));

// Making payment request with credit transafer transaction of one element
HalPaymentRequestCreation requestCreation = pispApi.makePaymentRequest(
  new PaymentRequestResource()
    .creditTransferTransaction(Arrays.asList(
      new CreditTransferTransaction()
        .instructedAmount(
          new AmountType()
            .currency("EUR")
            .amount(new BigDecimal("12.25")))
        .beneficiary(
          new Beneficiary()
            .creditor(
              new PartyIdentification()
                .name("Creditor Name"))
            .creditorAccount(
              new AccountIdentification()
                .iban("FI4966010005485495")))))
    .debtor(
      new PartyIdentification()
        .name("Debtor Name"))
    .debtorAccount(
      new AccountIdentification()
        .iban("FI3839390001384700")));

Payment request initiation (PISP)

Description

The following use cases can be applied:

payment request on behalf of a merchant
transfer request on behalf of the account's owner
standing-order request on behalf of the account's owner

Data content

A payment request or a transfer request might embed several payment instructions having

one single execution date or multiple execution dates,
one single beneficiary or multiple beneficiaries.

A standing order request must embed one single payment instruction and must address one single beneficiary.

Business flow

Payment Request use case

The PISP forwards a payment request on behalf of a merchant.
The PSU buys some goods or services on an e-commerce website held by a merchant. Among other payment method, the merchant suggests the use of a PISP service. As there is obviously a contract between the merchant and the PISP, there is no need of such a contract between the PSU and this PISP to initiate the process.
Case of the PSU that chooses to use the PISP service:

The merchant forwards the requested payment characteristics to the PISP and redirects the PSU to the PISP portal.
The PISP requests from the PSU which ASPSP will be used.
The PISP prepares the Payment Request and sends this request to the ASPSP.
The Request can embed several payment instructions having different requested execution date.
The beneficiary, as being the merchant, is set at the payment level.

Transfer Request use case

The PISP forwards a transfer request on behalf of the owner of the account.

The PSU provides the PISP with all information needed for the transfer.
The PISP prepares the Transfer Request and sends this request to the relevant ASPSP that holds the debtor account.
The Request can embed several payment instructions having different beneficiaries.
The requested execution date, as being the same for all instructions, is set at the payment level.

Standing Order Request use case

The PISP forwards a Standing Order request on behalf of the owner of the account.

The PSU provides the PISP with all information needed for the Standing Order.
The PISP prepares the Standing Order Request and sends this request to the relevant ASPSP that holds the debtor account.
The Request embeds one single payment instruction with

The requested execution date of the first occurrence
The requested execution frequency of the payment in order to compute further execution dates
An execution rule to handle cases when the computed execution dates cannot be processed (e.g. bank holydays)
An optional end date for closing the standing Order

Authentication flows for all use cases

As the request posted by the PISP to the ASPSP needs a PSU authentication before execution, this request will include:

The specification of the authentication approaches that are supported by both the PISP and the ASPSP (any combination of "REDIRECT", "EMBEDDED" and "DECOUPLED" values).
In case of possible REDIRECT or DECOUPLED authentication approach, one or two callback URLs will be passed to the ASPSP at the finalisation of the authentication and consent process. The URLs are set in the connector settings.
In case of possible "EMBEDDED" or "DECOUPLED" approaches, the PSU identifier that can be processed by the ASPSP for PSU recognition must have been set within the [debtor] structure.

When the ASPSP accepts the request and answers to the PISP embeds:

A resource identification of the accepted request that can be further used to retrieve the request and its status information.
The specification of the chosen authentication approach taking into account both the PISP and the PSU capabilities.
In case of chosen REDIRECT authentication approach, the URL to be used by the PISP for redirecting the PSU in order to perform a authentication.

In case the PSU neither gives nor denies his/her consent, the request will expire and is then rejected to the PISP. The expiration delay is specified by each ASPSP.

Redirect authentication approach

When the authentication approach within the ASPSP answer is set to "REDIRECT":

The PISP redirects the PSU to the ASPSP which authenticates the PSU.
The ASPSP asks the PSU to give (or deny) his/her consent to the payment request
The PSU chooses or confirms which of his/her accounts shall be used by the ASPSP for the future credit transfer.
The ASPSP is then able to initiate the subsequent credit transfer.
The ASPSP redirects the PSU to the PISP using one of the callback URLs.

Decoupled authentication approach

When the authentication approach is "DECOUPLED":

Based on the PSU identifier provided within the payment request by the PISP, the ASPSP gives the PSU with the payment request details and challenges the PSU for a Strong Customer Authentication on a decoupled device or application.
The PSU chooses or confirms which of his/her accounts shall be used by the ASPSP for the future credit transfer.
The ASPSP is then able to initiate the subsequent credit transfer.
The ASPSP notifies the PISP about the finalisation of the authentication and consent process by using one of the callback URLs.

Embedded authentication approach

When the authentication approach within the ASPSP answers is set to "EMBEDDED":

The TPP informs the PSU that a challenge is needed for completing the Payment Request processing. This challenge will be one of the following:

A One-Time-Password sent by the ASPSP to the PSU on a separate device or application.
A response computed by a specific device on base of a challenge sent by the ASPSP to the PSU on a separate device or application.

The PSU unlocks the device or application through a "knowledge factor" and/or an "inherence factor" (biometric), retrieves the payment request details and processes the data sent by the ASPSP.
The PSU might choose to confirm which of his/her accounts shall be used by the ASPSP for the future credit transfer when the device or application allows it.
When agreeing the payment request, the PSU enters the resulting authentication factor through the PISP interface.
The PISP shall confirm the payment request using the authentication factor received from the PSU.

Parameters

Name	Type	Required	Description
paymentRequest	PaymentRequestResource	true	ISO20022 based payment Initiation Request

Returned value

Data type: HalPaymentRequestCreation

The request has been created as a resource. The ASPSP must authenticate the PSU.

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

getPaymentRequest

Retrieval of a payment request (PISP)

Description

The following use cases can be applied:

retrieval of a payment request on behalf of a merchant
retrieval of a transfer request on behalf of the account's owner
retrieval of a standing-order request on behalf of the account's owner

The PISP has sent a payment request.
The ASPSP has registered the request, updated if necessary the relevant identifiers in order to avoid duplicates and returned the updated request.
The PISP gets the request that might have been updated with the resource identifiers, the status of the payment/transfer request and the status of the subsequent credit transfer.

Prerequisites

The TPP has previously posted a payment request which has been accepted by the ASPSP.

Business flow

The PISP asks to retrieve the payment/transfer request that has been accepted by the ASPSP. The PISP uses the payment request identifier provided by the ASPSP in response to the payment request.
The ASPSP returns the previously accepted payment/transfer request, which is enriched with:

The resource identifiers given by the ASPSP
The status information of the Payment Request and of the subsequent credit transfer

Parameters

Name	Type	Required	Description
paymentRequestResourceId	string	true	Identification of the Payment Request Resource

Returned value

Data type: HalPaymentRequest

Retrieval of the previously posted Payment Request

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

modifyPaymentRequest

Modification of a payment/transfer request (PISP)

Description

The PISP sent a payment/transfer request through a POST command.
The ASPSP registered the Payment/Transfer Request, updated if necessary the relevant identifiers in order to avoid duplicates and returned the location of the updated Request.
The PISP got the Payment/Transfer Request that might have been updated with the resource identifiers, the status of the Payment/Transfer Request and the status of the subsequent credit transfer.
The PISP request for the payment cancellation or for some payment instructions cancellation
No other modification of the Payment/Transfer Request is allowed.

Prerequisites

The TPP previously sent a payment/transfer request which was accepted by the ASPSP
The TPP presented the payment/transfer request.

Business flow

The following cases can be applied:

Case of a payment with multiple instructions or a standing order, the PISP asks to cancel the whole payment/transfer or standing order request including all non-executed payment instructions by setting the [paymentInformationStatus] to "RJCT" and the relevant [statusReasonInformation] to "DS02" at payment level.
Case of a payment with multiple instructions, the PISP asks to cancel one or several payment instructions by setting the [transactionStatus] to "RJCT" and the relevant [statusReasonInformation] to "DS02" at each relevant instruction level.

Since the modification request needs a PSU authentication before committing, the modification request includes:

The specification of the authentication approaches that are supported by the PISP (any combination of "REDIRECT", "EMBEDDED" and "DECOUPLED" values).
In case of possible REDIRECT or DECOUPLED authentication approach, one or two call-back URLs to be used by the ASPSP at the finalisation of the authentication and consent process :

The first call-back URL will be called by the ASPSP if the Transfer Request is processed without any error or rejection by the PSU
The second call-back URL is to be used by the ASPSP in case of processing error or rejection by the PSU. Since this second URL is optional, the PISP might not provide it. In this case, the ASPSP will use the same URL for any processing result.
Both call-back URLS must be used in a TLS-secured request, including mutual authentication based on each party’s TLS certificate.

In case of possible "EMBEDDED" or "DECOUPLED" approaches, a PSU identifier that can be processed by the ASPSP for PSU recognition.

The ASPSP saves the updated Payment/Transfer Request and answers to the PISP. The answer embeds

The specification of the chosen authentication approach taking into account both the PISP and the PSU capabilities.
In case of chosen REDIRECT authentication approach, the URL to be used by the PISP for redirecting the PSU in order to perform an authentication.

Authentication flows for both use cases

Redirect authentication approach

When the chosen authentication approach within the ASPSP answers is set to "REDIRECT":

The PISP redirects the PSU to the ASPSP which authenticates the PSU
The ASPSP asks the PSU to give (or deny) his/her consent to the Payment Request
The PSU chooses or confirms which of his/her accounts shall be used by the ASPSP for the future Credit Transfer.
The ASPSP is then able to initiate the subsequent Credit Transfer
The ASPSP redirects the PSU to the PISP using one of the call-back URLs provided within the posted Payment Request

If the PSU neither gives nor denies his/her consent, the Payment Request shall expire and is then rejected to the PISP. The expiration delay is specified by each ASPSP.

Decoupled authentication approach

When the chosen authentication approach is "DECOUPLED":

Based on the PSU identifier provided within the Payment Request by the PISP, the ASPSP gives the PSU with the Payment Request details and challenges the PSU for a Strong Customer Authentication on a decoupled device or application.
The PSU chooses or confirms which of his/her accounts shall be used by the ASPSP for the future Credit Transfer.
The ASPSP is then able to initiate the subsequent Credit Transfer
The ASPSP notifies the PISP about the finalisation of the authentication and consent process by using one of the call-back URLs provided within the posted Payment Request

If the PSU neither gives nor denies his/her consent, the Payment Request shall expire and is then rejected to the PISP. The expiration delay is specified by each ASPSP.

Embedded authentication approach

When the chosen authentication approach within the ASPSP answers is set to "EMBEDDED":

The TPP informs the PSU that a challenge is needed for completing the Payment Request processing. This challenge will be one of the following:

A One-Time-Password sent by the ASPSP to the PSU on a separate device or application.
A response computed by a specific device on base of a challenge sent by the ASPSP to the PSU on a separate device or application.

The PSU unlock the device or application through a "knowledge factor" and/or an "inherence factor" (biometric), retrieves the Payment Request details and processes the data sent by the ASPSP;
The PSU might choose or confirm which of his/her accounts shall be used by the ASPSP for the future Credit Transfer when the device or application allows it.
When agreeing the Payment Request, the PSU enters the resulting authentication factor through the PISP interface which will forward it to the ASPSP through a confirmation request (cf. § 4.7)

Case of the PSU neither gives nor denies his/her consent, the Payment Request shall expire and is then rejected to the PISP. The expiration delay is specified by each ASPSP.

Parameters

Name	Type	Required	Description
paymentRequestResourceId	string	true	Identification of the Payment Request Resource
paymentRequest	PaymentRequestResource	true	ISO20022 based payment Initiation Request

Returned value

Data type: HalPaymentRequestCreation

The modification request has been saved. The ASPSP must authenticate the PSU before committing the update.

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

makePaymentRequestConfirmation

Confirmation of a payment request or a modification request (PISP)

Description

The PISP confirms one of the following requests

payment request on behalf of a merchant
transfer request on behalf of the account's owner
standing-order request on behalf of the account's owner

The ASPSP answers with a status of the relevant request and the subsequent Credit Transfer.

Prerequisites

The TPP has previously set a request which has been accepted by the ASPSP.
The TPP has retrieved the accpeted request in order to get the relevant resource IDs.
The TPP provided the PSU necessary information and means for SCA required before the confirmation.

Business flow

Once the PSU has been authenticated, it is the due to the PISP to confirm the Request to the ASPSP in order to complete the process flow.
In REDIRECT and DECOUPLED approach, this confirmation is not a prerequisite to the execution of the Credit Transfer.

Parameters

Name	Type	Required	Description
paymentRequestResourceId	string	true	Identification of the Payment Request Resource
confirmation	PaymentRequestConfirmation	false	Data needed for confirmation of the Payment Request, especially in EMBEDDED approach

Detailed descriptions

confirmation: Data needed for confirmation of the Payment Request, especially in EMBEDDED approach

Returned value

Data type: HalPaymentRequest

retrieval of the Payment Request enriched with the status report

Exceptions

Data type	Description
HttpException	Raised when ASPSP API responses with unspecified error.

CBPII API

makeFundsConfirmation

Payment coverage check request (CBPII)

Description

The CBPII can ask an ASPSP to check if a given amount can be covered by the liquidity that is available on a PSU cash account or payment card.

Business flow

The CBPII requests the ASPSP for a payment coverage check against either a bank account or a card primary identifier.
The ASPSP answers with a structure embedding the original request and the result as a Boolean.

Parameters

Name	Type	Required	Description
paymentCoverage	PaymentCoverageRequestResource	true	parameters of a payment coverage request

Returned value

Data type: HalPaymentCoverageReport

payment coverage request

Data types

Access

Requested access services.

Fields

Name	Type	Required	Description
accounts	[AccountIdentification]	false	List of accounts access to which is requested. If not set behaviour depends on the bank: some banks allow users to choose list of accessible accounts through their access consent UI, while other may provide access to all accounts or just access to the list of accounts.
balances	BalancesAccess	false	Defines how balance information is going to be accessed. If not set balances are not explicitly requested
transactions	TransactionsAccess	false	Defines how transactions are going to be accessed. If not set transactions are not explicitly requested
trustedBeneficiaries	boolean	false	Indicator that access to the trusted beneficiaries list was granted or not to the AISP by the PSU true: the access was granted false: the access was not granted
psuIdentity	boolean	false	Indicator that access to the PSU identity, first name and last name, was granted or not to the AISP by the PSU true: the access was granted false: the access was not granted
accountDetails	boolean	false	Indicates if access to account details if explicitly requested
recurringIndicator	boolean	false	true: the consent is for recurring access to the account data. false: the consent is for one access to the account data.
frequencyPerDay	integer	false	This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to "1". The frequency needs to be greater equal to one.
validUntil	string(date-time)	false	This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISO-Date Format, e.g. 2017-10-30. Future dates might get adjusted by ASPSP.

AccountIdentification

Unique and unambiguous identification for the account between the account owner and the account servicer.

Fields

Name	Type	Required	Description
iban	string	false	ISO20022: International Bank Account Number (IBAN) - identification used internationally by financial institutions to uniquely identify the account of a customer. Further specifications of the format and content of the IBAN can be found in the standard ISO 13616 "Banking and related financial services - International Bank Account Number (IBAN)" version 1997-10-01, or later revisions.
other	GenericIdentification	false	ISO20022: Unique identification of an account, a person or an organisation, as assigned by an issuer. API: The ASPSP will document which account reference type it will support.

Name

Type

Required

Description

iban

string

false

ISO20022: International Bank Account Number (IBAN) - identification used internationally by financial institutions to uniquely identify the account of a customer.

Further specifications of the format and content of the IBAN can be found in the standard ISO 13616 "Banking and related financial services - International Bank Account Number (IBAN)" version 1997-10-01, or later revisions.

other

GenericIdentification

false

ISO20022: Unique identification of an account, a person or an organisation, as assigned by an issuer.
API: The ASPSP will document which account reference type it will support.

AccountResource

PSU account that is made available to the TPP

Fields

Name	Type	Required	Description
resourceId	ResourceId	false	Identifier assigned by the ASPSP for further use of the created resource through API calls
bicFi	string	false	ISO20022: Code allocated to a financial institution by the ISO 9362 Registration Authority as described in ISO 9362 "Banking - Banking telecommunication messages - Business identification code (BIC)".
accountId	AccountIdentification	false	Unique and unambiguous identification for the account between the account owner and the account servicer.
name	string	true	Label of the PSU account In case of a delayed debit card transaction set, the name shall specify the holder name and the imputation date
details	string	false	Specifications that might be provided by the ASPSP characteristics of the account characteristics of the relevant card
linkedAccount	string	false	Case of a set of pending card transactions, the APSP will provide the relevant cash account the card is set up on.
usage	string	false	Specifies the usage of the account
cashAccountType	string	true	Specifies the type of the account
product	string	false	Product Name of the Bank for this account, proprietary definition
currency	CurrencyCode	true	Currency used for the account
balances	[BalanceResource]	false	list of balances provided by the ASPSP
psuStatus	string	false	Relationship between the PSU and the account - Account Holder - Co-account Holder - Attorney
_links	AccountLinks	true	links that can be used for further navigation when browsing Account Information at one account level

Enumerated Values

usage

Value	Description
PRIV	private personal account
ORGA	professional account

cashAccountType

Value	Description
CACC	Account used to post debits and credits when no specific account has been nominated
CASH	Account used for the payment of cash
CARD	List of card based transactions (non ISO 20022)
LOAN	Loan account

AddressType

ISO20022: Identifies the nature of the postal address.

Base type

string

Enumerated Values

Value	Description
Business	—
Correspondence	—
DeliveryTo	—
MailTo	—
POBox	—
Postal	—
Residential	—
Statement	—

AmountType

ISO20022: structure aiming to carry either an instructed amount or equivalent amount. Both structures embed the amount and the currency to be used.

API: only instructed amount can be used

Fields

Name	Type	Required	Description
currency	CurrencyCode	true	Specifies the currency of the amount or of the account. A code allocated to a currency by a Maintenance Agency under an international identification scheme, as described in the latest edition of the international standard ISO 4217 "Codes for the representation of currencies and funds".
amount	string(number)	true	ISO20022: Amount of money to be moved between the debtor and creditor, before deduction of charges, expressed in the currency as ordered by the initiating party.

Auth

Fields

Name	Type	Required	Description
url	string	false	URL for authorization. Used for REDIRECT authorization flow
env	string	false	Additional authorization environment data. To be passed to makeToken.
authData	[AuthDataItem]	false	[structure used for returning auth parameters to be passed to user]

AuthDataItem

structure used for returning auth parameters to be passed to user

Fields

Name	Type	Required	Description
type	string	false	Type of the auth data item
value	string	false	Value of auth data item

Enumerated Values

type

Value	Description
otpIndex	—

AuthInfo

Information about usage of getAuth method

Fields

Name	Type	Required	Description
access	boolean	true	Shows if access parameter is supported in `getAuth` method
userIdRequired	boolean	true	Shows if it is necessary to provide user id in `getAuth` method
passwordRequired	boolean	false	Shows if it is necessary to provide user password in `getAuth` method
authData	boolean	false	Shows if `authData` is returned in `getAuth` response
brands	[Brand]	false	List of brands used by the ASPSP (in a certain country)

AuthRedirect

structure used for returning parameters of redirect url

Fields

Name	Type	Required	Description
code	string	false	redirect code received from a bank
id_token	string	false	Id of token received from a bank
state	string	false	state specified by TPP

AuthenticationApproach

The ASPSP, based on the authentication approaches proposed by the PISP, choose the one that it can processed, in respect with the preferences and constraints of the PSU and indicates in this field which approach has been chosen

Base type

string

Enumerated Values

Value	Description
REDIRECT	the PSU is redirected by the TPP to the ASPSP which processes identification and authentication
DECOUPLED	the TPP identifies the PSU and forwards the identification to the ASPSP which processes the authentication through a decoupled device
EMBEDDED	the TPP identifies the PSU and forwards the identification to the ASPSP which starts the authentication. The TPP forwards one authentication factor of the PSU (e.g. OTP or response to a challenge)

BalanceResource

Structure of an account balance

Fields

Name	Type	Required	Description
name	string	true	Label of the balance
balanceAmount	AmountType	true	ISO20022: structure aiming to carry either an instructed amount or equivalent amount. Both structures embed the amount and the currency to be used. API: only instructed amount can be used
balanceType	BalanceStatus	true	Type of balance
lastChangeDateTime	string(date-time)	false	Timestamp of the last change of the balance amount
referenceDate	string(date)	false	Reference date for the balance
lastCommittedTransaction	string	false	Identification of the last committed transaction. This is actually useful for instant balance.

BalanceStatus

Type of balance

Base type

string

Enumerated Values

Value	Description
CLBD	(ISO20022 ClosingBooked) Accounting Balance
FWAV	(ISO20022 ForwardAvailable) Balance of money that is at the disposal of the account owner on the date specified
ITAV	(ISO20022 InterimAvailable) Available balance calculated in the course of the day
ITBD	(ISO20022 InterimBooked) Booked balance calculated in the course of the day
OTHR	Other Balance
VALU	Value-date balance
XPCD	(ISO20022 Expected) Instant Balance

BalancesAccess

Defines what access to blanaces is requested

Fields

Name	Type	Required	Description
statuses	[BalanceStatus]	false	List of balance statuses, which are going to be accessed

BankTransactionCode

ISO20022: Allows the account servicer to correctly report a transaction, which in its turn will help account owners to perform their cash management and reconciliation operations.

Fields

Name	Type	Required	Description
description	string	false	Transaction type description
code	string	false	ISO20022: Specifies the family of a transaction within the domain
subCode	string	false	ISO20022: Specifies the sub-product family of a transaction within a specific family

Beneficiary

Specification of a beneficiary

Fields

Name	Type	Required	Description
id	string	false	Id of the beneficiary
isTrusted	boolean	false	The ASPSP having not implemented the trusted beneficiaries list must not set this flag. Otherwise, the ASPSP indicates whether or not the beneficiary has been registered by the PSU within the trusted beneficiaries list. true: the beneficiary is actually a trusted beneficiary (when set by ASPSP) false: the beneficiary is not a trusted beneficiary The PISP may set this flag to "true" to indicate that the PSU considers the beneficiary as trusted and to be inserted within the trusted beneficiaries list, as far as this feature was implemented by the ASPSP. true: the beneficiary should be registered as a trusted beneficiary (when set by PISP)
creditorAgent	FinancialInstitutionIdentification	false	ISO20022: Unique and unambiguous identification of a financial institution, as assigned under an internationally recognised or proprietary identification scheme.
creditor	PartyIdentification	false	API : Description of a Party which can be either a person or an organization.
creditorAccount	AccountIdentification	true	Unique and unambiguous identification for the account between the account owner and the account servicer.
creditorCurrency	string	false	Creditor account currency code

BookingInformation

indicator that the payment can be immediately booked or not

true: payment is booked

false: payment is not booked

Base type

boolean

Brand

Information about ASPSP end-user recognizable brand

Fields

Name	Type	Required	Description
name	string	true	End-customer facing name
logos	[Logo]	false	List of available logos

CategoryPurposeCode

ISO20022: Specifies the high level purpose of the instruction based on a set of pre-defined categories. This is used by the initiating party to provide information concerning the processing of the payment. It is likely to trigger special processing by any of the agents involved in the payment chain.

Base type

string

Enumerated Values

Value	Description
BONU	BonusPayment Transaction is the payment of a bonus.
CASH	CashManagementTransfer Transaction is a general cash management instruction.
CBLK	Card Bulk Clearing A Service that is settling money for a bulk of card transactions, while referring to a specific transaction file or other information like terminal ID, card acceptor ID or other transaction details.
CCRD	Credit Card Payment Transaction is related to a payment of credit card.
CORT	TradeSettlementPayment Transaction is related to settlement of a trade, eg a foreign exchange deal or a securities transaction.
DCRD	Debit Card Payment Transaction is related to a payment of debit card.
DIVI	Dividend Transaction is the payment of dividends.
DVPM	DeliverAgainstPayment Code used to pre-advise the account servicer of a forthcoming deliver against payment instruction.
EPAY	Epayment Transaction is related to ePayment.
FCOL	Fee Collection A Service that is settling card transaction related fees between two parties.
GOVT	GovernmentPayment Transaction is a payment to or from a government department.
HEDG	Hedging Transaction is related to the payment of a hedging operation.
ICCP	Irrevocable Credit Card Payment Transaction is reimbursement of credit card payment.
IDCP	Irrevocable Debit Card Payment Transaction is reimbursement of debit card payment.
INTC	IntraCompanyPayment Transaction is an intra-company payment, ie, a payment between two companies belonging to the same group.
INTE	Interest Transaction is the payment of interest.
LOAN	Loan Transaction is related to the transfer of a loan to a borrower.
MP2B	Commercial Mobile P2B Payment
MP2P	Consumer Mobile P2P Payment
OTHR	OtherPayment Other payment purpose.
PENS	PensionPayment Transaction is the payment of pension.
RPRE	Represented Collection used to re-present previously reversed or returned direct debit transactions.
RRCT	ReimbursementReceivedCreditTransfer Transaction is related to a reimbursement for commercial reasons of a correctly received credit transfer.
RVPM	ReceiveAgainstPayment Code used to pre-advise the account servicer of a forthcoming receive against payment instruction.
SALA	SalaryPayment Transaction is the payment of salaries.
SECU	Securities Transaction is the payment of securities.
SSBE	SocialSecurityBenefit Transaction is a social security benefit, ie payment made by a government to support individuals.
SUPP	SupplierPayment Transaction is related to a payment to a supplier.
TAXS	TaxPayment Transaction is the payment of taxes.
TRAD	Trade Transaction is related to the payment of a trade finance transaction.
TREA	TreasuryPayment Transaction is related to treasury operations. E.g. financial contract settlement.
VATX	ValueAddedTaxPayment Transaction is the payment of value added tax.
WHLD	WithHolding Transaction is the payment of withholding tax.

ChargeBearerCode

ISO20022: Specifies which party/parties will bear the charges associated with the processing of the payment transaction.

Base type

string

Enumerated Values

Value	Description
SLEV	Service level. Charges are to be applied following the rules agreed in the service level and/or scheme.
SHAR	Shared.
DEBT	The Payer (sender of the payment) will bear all of the payment transaction fees.
CRED	The Payee (recipient of the payment) will incur all of the payment transaction fees.

ClearingSystemMemberIdentification

ISO20022: Information used to identify a member within a clearing system. API: to be used for some specific international credit transfers in order to identify the beneficiary bank

Fields

Name	Type	Required	Description
clearingSystemId	string	false	ISO20022: Specification of a pre-agreed offering between clearing agents or the channel through which the payment instruction is processed.
memberId	string	false	ISO20022: Identification of a member of a clearing system.

ClientInfo

Client Data.

Fields

Name	Type	Required	Description
psuIpAddress	string	false	IP address used by the PSU's terminal when connecting to the TPP
psuIpPort	string	false	IP port used by the PSU's terminal when connecting to the TPP
psuHttpMethod	string	false	Http method for the most relevant PSU’s terminal request to the TTP
psuDate	string	false	Timestamp of the most relevant PSU’s terminal request to the TTP
psuUserAgent	string	false	"User-Agent" header field sent by the PSU terminal when connecting to the TPP
psuReferer	string	false	"Referer" header field sent by the PSU terminal when connecting to the TPP. Notice that an initial typo in RFC 1945 specifies that "referer" (incorrect spelling) is to be used. The correct spelling "referrer" can be used but might not be understood.
psuAccept	string	false	"Accept" header field sent by the PSU terminal when connecting to the TPP
psuAcceptCharset	string	false	"Accept-Charset" header field sent by the PSU terminal when connecting to the TPP
psuAcceptEncoding	string	false	"Accept-Encoding" header field sent by the PSU terminal when connecting to the TPP
psuAcceptLanguage	string	false	"Accept-Language" header field sent by the PSU terminal when connecting to the TPP
psuGeoLocation	string	false	Geographical location of the PSU as provided by the PSU mobile terminal if any to the TPP
psuDeviceId	string	false	UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of installation identification this ID need to be unaltered until removal from device.
psuLastLoggedTime	string	false	The time when the PSU last logged in with the TPP.

Connector

Information about the connector used for interaction with ASPSPs

Fields

Name	Type	Required	Description
name	string	false	Name of the connector
environments	[string]	false	List of supported environments (sandbox/production)
countries	[string]	false	List of supported countries supported
scopes	[string]	false	List of supported APIs (aisp/pisp) supported
modifyConsentsInfo	[CountryModifyConsentsInfo]	false	Details about usage of `modifyConsents` method by country
authInfo	[CountryAuthInfo]	false	Details about usage of `getAuth` method by country
consentRevocation	boolean	false	Flag showing if the consent revocation is supported in the connector
refreshToken	boolean	false	Flag showing if the `refresh_token` grant type is supported in the connector
payments	[CountryPaymentTypes]	false	Supported payment types by country
aspspIds	[string]	false	List of all ASPSP IDs supported in the connector
requiredPsuHeaders	[string]	false	List of required PSU headers

ConnectorSettings

Base settings for all connectors

Fields

Name	Type	Required	Description
sandbox	boolean	true	Defines whether connect to sandbox or production APIs
consentId	string	true	User consent identifier
accessToken	string	true	User access token
redirectUri	string	true	URI where clients are redirected to after giving consent.
connector	string	true	Connector identifier (discriminator)

ConnectorsLinks

links that can be used for further navigation when browsing connector information

Fields

Name	Type	Required	Description
self	GenericLink	true	hypertext reference

User consent

Name	Type	Required	Description
consentStatus	string	false	none
consentId	string	false	none
_links	ConsentLinks	false	none

Name	Type	Required	Description
xApiKey	string	true	API client key (obtained in developer portal)
country	string	true	Bank`s country

Name	Type	Required	Description
code	integer(int32)	true	Error code
message	string	true	Error description

Name	Type	Required	Description
paymentId	PaymentIdentification	false	ISO20022: Set of elements used to reference a payment instruction.
requestedExecutionDate	RequestedExecutionDate	false	ISO20022: Date at which the initiating party requests the clearing agent to process the payment. API: This date can be used in the following cases: - the single requested execution date for a payment having several instructions. In this case, this field must be set at the payment level. - the requested execution date for a given instruction within a payment. In this case, this field must be set at each instruction level. - The first date of execution for a standing order. When the payment cannot be processed at this date, the ASPSP is allowed to shift the applied execution date to the next possible execution date for non-standing orders. For standing orders, the [executionRule] parameter helps to compute the execution date to be applied.
endDate	EndDate	false	The last applicable day of execution for a given standing order. If not given, the standing order is considered as endless.
executionRule	ExecutionRule	false	Execution date shifting rule for standing orders This data attribute defines the behaviour when recurring payment dates falls on a weekend or bank holiday. The payment is then executed either the "preceding" or "following" working day. ASPSP might reject the request due to the communicated value, if rules in Online-Banking are not supporting this execution rule.
frequency	FrequencyCode	false	Frequency rule for standing orders. The following codes from the "EventFrequency7Code" of ISO 20022 are supported. However, each ASPSP might restrict these values into a subset.
instructedAmount	AmountType	true	ISO20022: structure aiming to carry either an instructed amount or equivalent amount. Both structures embed the amount and the currency to be used. API: only instructed amount can be used
exchangeRateInformation	ExchangeRate	false	Provides details on the currency exchange rate and contract.
ultimateDebtor	PartyIdentification	false	API : Description of a Party which can be either a person or an organization.
beneficiary	Beneficiary	true	Specification of a beneficiary
ultimateCreditor	PartyIdentification	false	API : Description of a Party which can be either a person or an organization.
regulatoryReportingCodes	RegulatoryReportingCodes	false	List of needed regulatory reporting codes for international payments
remittanceInformation	UnstructuredRemittanceInformation	false	ISO20022: Information supplied to enable the matching of an entry with the items that the transfer is intended to settle, such as commercial invoices in an accounts' receivable system. API: Only one occurrence is allowed
transactionStatus	TransactionIndividualStatusCode	false	ISO20022: Specifies the status of the payment information group.
statusReasonInformation	StatusReasonInformation	false	ISO20022: Provides detailed information on the status reason. Can only be used in status equal to "RJCT".

Name	Type	Required	Description
unitCurrency	CurrencyCode	false	Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP.
exchangeRate	string(number)	false	The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency.
rateType	string	false	none
contractIdentification	string	false	Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent.

Value	Description
SPOT	Spot – Exchange rate applied is the spot rate.
SALE	Sale – Exchange rate applied is the market rate at the time of the sale.
AGRD	Agreed – Exchange rate applied is the rate agreed between the parties.

Value	Description
DAIL	Daily
WEEK	Weekly
TOWK	EveryTwoWeeks
MNTH	Monthly
TOMN	EveryTwoMonths
QUTR	Quarterly
SEMI	SemiAnnual
YEAR	Annual

Name	Type	Required	Description
identification	string	true	API Identifier
schemeName	string	true	Name of the identification scheme. Partially based on ISO20022 external code list
issuer	string	false	ISO20022: Entity that assigns the identification. this could a country code or any organisation name or identifier that can be recognized by both parties

Value	Description
CHID	Clearing Identification Number
GS1G	GS1GLNIdentifier
DUNS	Data Universal Numbering System
BANK	BankPartyIdentification. Unique and unambiguous assignment made by a specific bank or similar financial institution to identify a relationship as defined between the bank and its client.
TXID	TaxIdentificationNumber
CUST	CorporateCustomerNumber
EMPL	EmployerIdentificationNumber
OTHC	OtherCorporate. Handelsbanken-specific code
DRLC	DriversLicenseNumber
CUSI	CustomerIdentificationNumberIndividual. Handelsbanken-specific code
SOSE	SocialSecurityNumber
ARNU	AlienRegistrationNumber
CCPT	PassportNumber
TXII	TaxIdentificationNumberIndividual. Handelsbanken-specific code
EMPI	EmployeeIdentificationNumberIndividual. Handelsbanken-specific code
OTHI	OtherIndividual. Handelsbanken-specific code
COID	CountryIdentificationCode. Country authority given organisation identification (e.g., corporate registration number)
SREN	The SIREN number is a 9 digit code assigned by INSEE, the French National Institute for Statistics and Economic Studies, to identify an organisation in France.
SRET	The SIRET number is a 14 digit code assigned by INSEE, the French National Institute for Statistics and Economic Studies, to identify an organisation unit in France. It consists of the SIREN number, followed by a five digit classification number, to identify the local geographical unit of that entity.
NIDN	NationalIdentityNumber. Number assigned by an authority to identify the national identity number of a person.
OAUT	OAUTH2 access token that is owned by the PISP being also an AISP and that can be used in order to identify the PSU
CPAN	Card PAN
BBAN	Basic Bank Account Number. Represents a country-specific bank account number.
BG	Swedish BankGiro account number. Used in domestic swedish giro payments
PG	Swedish PlusGiro account number. Used in domestic swedish giro payments

Name	Type	Required	Description
connectedPsu	string	false	Last name and first name that has granted access to the AISP on the accounts data This information can be retrieved based on the PSU's authentication that occurred during the OAUTH2 access token initialisation.
accounts	[AccountResource]	true	List of PSU account that are made available to the TPP
_links	AccountsLinks	true	Links that can be used for further navigation when browsing Account Information at top level

Name	Type	Required	Description
beneficiaries	[Beneficiary]	true	List of trusted beneficiaries
_links	BeneficiariesLinks	true	links that can be used for further navigation when browsing Account Information at one account level

Name	Type	Required	Description
connectors	[Connector]	true	List of connectors
_links	ConnectorsLinks	false	links that can be used for further navigation when browsing connector information

Name	Type	Required	Description
transactions	[Transaction]	true	List of transactions
continuationKey	string	false	Value to be passed to getAccountTransactions to retrieve next page of transactions. Null if there are no more pages. Only valid in current session.
_links	TransactionsLinks	true	links that can be used for further navigation when browsing Account Information at one account level

Name	Type	Required	Description
beforeAccounts	boolean	true	Shows if `modifyConsents` needs to be called for getting list of accounts (before `getAccounts` method)
extendsDetails	boolean	true	Shows if bank returns extended information about accounts from method `getAccounts` after user consent is received (meaning modifyConsents is called). This "additional information" may differ from bank to bank and is not specified
accountsRequired	boolean	true	Shows if `accounts` field has to be filled in for getting account details If `true` then `modifyConsents` needs to be called with accounts list in `Access` model before calling `getAccountTransactions` or `getAccountBalances`

Name	Type	Required	Description
paymentCoverageRequestId	string	true	Identification of the payment Coverage Request
payee	string	false	The merchant where the card is accepted as information to the PSU.
instructedAmount	AmountType	true	ISO20022: structure aiming to carry either an instructed amount or equivalent amount. Both structures embed the amount and the currency to be used. API: only instructed amount can be used
accountId	AccountIdentification	true	Unique and unambiguous identification for the account between the account owner and the account servicer.

Value	Description
ACCP	AcceptedCustomerProfile. Preceding check of technical validation was successful. Customer profile check was also successful.
ACSC	AcceptedSettlementCompleted. Settlement on the debtor's account has been completed.
ACSP	AcceptedSettlementInProcess. All preceding checks such as technical validation and customer profile were successful. Dynamic risk assessment is now also successful and therefore the Payment Request has been accepted for execution.
ACTC	AcceptedTechnicalValidation. Authentication and syntactical and semantical validation are successful.
ACWC	AcceptedWithChange. Instruction is accepted but a change will be made, such as date or remittance not sent.
ACWP	AcceptedWithoutPosting. Payment instruction included in the credit transfer is accepted without being posted to the creditor customer’s account.
PART	PartiallyAccepted. A number of transactions have been accepted, whereas another number of transactions have not yet achieved 'accepted' status.
RCVD	Received. Payment initiation has been received by the receiving agent.
PDNG	Pending. Payment request or individual transaction included in the Payment Request is pending. Further checks and status update will be performed.
RJCT	Rejected. Payment request has been rejected.

Name	Type	Required	Description
psuAuthenticationFactor	string	false	Authentication factor forwarded by the TPP to the ASPSP in order to fulfil the strong customer authentication process
paymentRequest	PaymentRequestResource	false	Original payment request used to initiate the payment

Name	Type	Required	Description
instructionPriority	PriorityCode	false	ISO20022: Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction.
serviceLevel	ServiceLevelCode	false	ISO20022: Agreement under which or rules under which the transaction should be processed. Specifies a pre-agreed service or level of service between the parties, as published in an external service level code list.
categoryPurpose	CategoryPurposeCode	false	ISO20022: Specifies the high level purpose of the instruction based on a set of pre-defined categories. This is used by the initiating party to provide information concerning the processing of the payment. It is likely to trigger special processing by any of the agents involved in the payment chain.
localInstrument	LocalInstrumentCode	false	ISO20022: User community specific instrument. Usage: This element is used to specify a local instrument, local clearing option and/or further qualify the service or service level.

Value	Description
HIGH	High priority
NORM	Normal priority
EXPR	Express priority. Polish-specific priority code

Value	Description
ACCT	Funds moved between 2 accounts of same account holder at the same bank.
CASH	general cash management instruction, may be used for Transfer Initiation.
COMC	Transaction is related to a payment of commercial credit or debit.
CPKC	General Carpark Charges Transaction is related to carpark charges.
TRPT	Transport RoadPricing Transaction is for the payment to top-up pre-paid card and electronic road pricing for the purpose of transportation.

Value	Description
BKTR	Book Transaction – Payment through internal book transfer.
G001	TrackedCustomerCreditTransfer – Tracked Customer Credit Transfer
G002	TrackedStopAndRecall – Tracked Stop and Recall
G003	TrackedCorporateTransfer – Tracked Corporate Transfer
G004	TrackedFinancialInstitutionTransfer – Tracked Financial Institution Transfer
NUGP	Non-urgent Priority Payment – Payment must be executed as a non-urgent transaction with priority settlement.
NURG	Non-urgent Payment – Payment must be executed as a non-urgent transaction, which is typically identified as an ACH or low value transaction.
PRPT	EBAPriorityService – Transaction must be processed according to the EBA Priority Service.
SDVA	SameDayValue – Payment must be executed with same day value to the creditor.
SEPA	SingleEuroPaymentsArea – Payment must be executed following the Single Euro Payments Area scheme.
SVDE	Domestic Cheque Clearing and Settlement – Payment execution following the cheque agreement and traveller cheque agreement of the German Banking Industry Committee (Die Deutsche Kreditwirtschaft - DK) and Deutsche Bundesbank – Scheck Verrechnung Deutschland
URGP	Urgent Payment – Payment must be executed as an urgent transaction cleared through a real-time gross settlement system, which is typically identified as a wire or high value transaction.
URNS	Urgent Payment Net Settlement – Payment must be executed as an urgent transaction cleared through a real-time net settlement system, which is typically identified as a wire or high value transaction.

Versions

Introduction

User guide

Authorization and user token refresh

0. Import library and choose connector

1. Initialize API client and authentication interface

2. Initiate user authentication

3. Obtain authorization code and get an access token

4. Refresh access token (when needed)

SDK reference

Meta API

getConnectors

Parameters

Returned value

Auth API

getAuth

Parameters

Detailed descriptions

Returned value

Exceptions

makeToken

Parameters

Detailed descriptions

Enumerated Values

grant_type

Returned value

Exceptions

getCurrentToken

Returned value

parseRedirectUrl

Parameters

Returned value

setClientInfo

Parameters

Returned value

AISP API

getAccounts

Description

Prerequisites

Business flow

Returned value

Exceptions

getAccountBalances

Description

Prerequisites

Business flow

Parameters

Returned value

Exceptions

getAccountTransactions

Description

Prerequisites

Business flow

Parameters

Detailed descriptions

Enumerated Values

transactionStatus

Returned value

Exceptions

modifyConsents

Description

Prerequisites

Business flow

Parameters

Returned value

Exceptions

getCurrentConsent

Description

Returned value

deleteConsent

Description

Business flow

Parameters

Returned value

PISP API

makePaymentRequest

Description

Data content

Business flow

Payment Request use case

Value	Description
AC01	IncorectAccountNumber. the account number is either invalid or does not exist
AC04	ClosedAccountNumber. the account is closed and cannot be used
AC06	BlockedAccount. the account is blocked and cannot be used
AG01	Transaction forbidden. Transaction forbidden on this type of account
CH03	RequestedExecutionDateOrRequestedCollectionDateTooFarInFuture. The requested execution date is too far in the future
CUST	RequestedByCustomer. The reject is due to the debtor (refusal or lack of liquidity)
DS02	OrderCancelled. An authorized user has cancelled the order
FF01	InvalidFileFormat. The reject is due to the original Payment Request which is invalid (syntax, structure or values)
FRAD	FraudulentOriginated. the Payment Request is considered as fraudulent
MS03	NotSpecifiedReasonAgentGenerated. No reason specified by the ASPSP
NOAS	NoAnswerFromCustomer. The PSU has neither accepted nor rejected the Payment Request and a time-out has occurred
RR01	MissingDebtorAccountOrIdentification. The Debtor account and/or Identification are missing or inconsistent
RR03	MissingCreditorNameOrAddress. Specification of the creditor’s name and/or address needed for regulatory requirements is insufficient or missing.
RR04	RegulatoryReason. Reject from regulatory reason
RR12	InvalidPartyID. Invalid or missing identification required within a particular country or payment type.

Name	Type	Required	Description
access_token	string	false	The access token value
token_type	string	false	Type of the token is set to "Bearer"
expires_in	integer(int32)	false	The lifetime in seconds of the access token
refresh_token	string	false	The refresh token value
scope	string	false	Scopes of the token

Value	Description
RCVD	Payment request or individual transaction included in the Payment Request has been received by the receiving agent.
RJCT	Payment request or individual transaction included in the Payment Request has been rejected.
PDNG	Pending. Payment request or individual transaction included in the Payment Request is pending. Further checks and status update will be performed.
ACSP	All preceding checks such as technical validation and customer profile were successful and therefore the Payment Request has been accepted for execution.
ACSC	Settlement on the debtor's account has been completed.

Name	Type	Required	Description
statuses	[TransactionStatus]	false	List of transaction statuses, which are going to be accessed
details	boolean	false	Indicator that access to transaction details is requested
limitDays	integer	false	Number of days in the past to access transactions

Name	Type	Required	Description
href	string	true	URI to be used
templated	boolean	false	specifies "true" if href is a URI template, i.e. with parameters. Otherwise, this property is absent or set to false

Name	Type	Required	Description
consentApproval	GenericLink	false	URL to be used by the PISP in order to start the ASPSP authentication and consent management process
confirmation	GenericLink	false	Link to the payment confirmation API endpoint

Name	Type	Required	Description
responseHeaders	[object]	true	Headers of http response
responseBody	string	true	Body of http response

Name	Type	Required	Description
clientId	string	true	API client ID (obtained from Aktia Developer Portal)
clientSecret	string	true	API client secret (obtained from Aktia Developer Portal)
sandboxPaymentId	string	false	ID of the payment request used in sandbox (sandbox only)
sandboxSafeguard	boolean	false	Flag whether to fix malformed sandbox data or not (sandbox only)

Name	Type	Required	Description
certPath	string	true	Path to QWAC certificate in PEM format
keyPath	string	true	Path to QWAC certificate private key in PEM format
authorizationHeader	string	true	Authorization header obtained from Aktia onboarding(without "Basic")

Name	Type	Required	Description
signKeyPath	string	true	Path to QSeal certificate in PEM format
sandboxConsentId	string	false	Static consent id with approved status used in sandbox