Account information API call flow (AISP)

API history

This guideline describes process how to call AISP service Account information (detail and balances).

Step 1: Use the access token based on Strong Customer Authentication (SCA) with the scope AISP
Obtaining access token based on SCA must be done by OAuth 2.0 Authorization code grant flow. See Authorization API/SCA section.

Step 2: Get account information
Initiate POST requests for Account information with valid access token and specific IBAN:

Account transaction
Version1
URL LIVE
URL SANDBOX
POST https://api.csob.sk/aisp/api/v1/accounts/information
POST https://api.csob.sk/aisp-test/api/v1/accounts/information

Account information can be downloaded 4 times a day without client. Client presence is handled by „Last login time“ atribute, where time no older than 1 hour means that client is present.
On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).

Request:

Header

Attributes structure
Optionality
Type
Description
Content-Type
Mandatory
String
application/json or application/xml
Authorization
Mandatory
String
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
Request-ID
Mandatory
String
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Correlation-ID
Optional
String
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Process-ID
Optional
String
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
PSU–IP-Address
Mandatory
String
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.
ASPSP shall indicate which values are acceptable.
PSU-Device-OS
Mandatory
String
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure.
PSU-User-Agent
Mandatory
String
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.)
PSU-GeoLocation
Optional
String
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude)
PSU-Last-Logged-Time
Optional
DateTime
Last date and time when user was logged to TPP app (RFC3339 format).

Body

Attributes structure
Optionality
Type
Description
iban
Mandatory
String [34]
International Bank Account Number (IBAN)

Response:

Header

Attributes structure
Optionality
Type
Description
Content-Type
Mandatory
String [34]
application/json or application/xml
Response-ID
Mandatory
String
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Correlation-ID
Optional
String
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Process-ID
Optional
String
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).

Body

Attributes structure
Optionality
Type
Description
Level 1
Level 2
Level 3
account
name
Mandatory
String [70]
Account name - usually client name
account
productName
Optional
String [70]
Product name - commercial product designation
account
type
Optional
Enum
Account type is enumeration: ISO 20022 - Cash Account Type Code e.g. (CACC - Current account)
account
baseCurrency
Mandatory
String [3]
Account currency (currency code according to ISO 4217 - 3 capital letters)
balances
typeCodeOr Proprietary
Mandatory
Enum
Balance type is enumeration: ISO 20022 - Balance Type Code. Following balances mandatory are published:
- ITBD (Interim booked balance)
- ITAV (Interim available balance)
balances
amount
value
Mandatory
Number Float [12.2]
Balance amount. Numeric value of the amount as a fractional number. The fractional part has a maximum of two digits
balances
amount
currency
Mandatory
String [3]
Balance currency (currency code according to ISO 4217 - 3 capital letters)
balances
creditDebit Indicator
Mandatory
Enum
Credit/Debit indicator is enumeration:
- CRDT (Credit)
- DBIT (Debit)
balances
dateTime
Mandatory
DateTime
Timestamp of balances (official local date and time of Slovak republic in RFC 3339 format)

Example:

Request

POST https://api.csob.sk/aisp/api/v1/accounts/information HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: 8c769bf992c9fc905ed93415f146a1be749f1e8c22a4b2926e59cfd488f51762
Request-ID: 5984407340
Correlation-ID: 0482029096
Process-ID: 8293555891
PSU-Device-OS: Windows
PSU-User-Agent: Chrome
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-10T10:17:19+01:00 
PSU-IP-Address: 192.168.88.1
Content-Type: application/json
Content-Length: 40
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{
  "iban": "SK4075000000007777777777"
}


Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: i3AdUUeg8wJL6yUyy3CM6QzUDRNm5e2H
Process-ID: 8293555891
Correlation-ID: 0482029096
Response-ID: 5984407340
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 10 Mar 2019 09:17:24 GMT 
{
   "account":    {
      "name": "TPP COMPANY 2 S.R.O.",
      "productName": "ČSOB Podnikateľské konto",
      "type": "CACC",
      "baseCurrency": "EUR"
   },
   "balances":    [
            {
         "typeCodeOrProprietary": "ITBD",
         "amount":          {
            "value": "3026.8",
            "currency": "EUR"
         },
         "creditDebitIndicator": "CRDT",
         "dateTime": "2019-03-01T07:31:19+01:00"
      },
            {
         "typeCodeOrProprietary": "ITAV",
         "amount":          {
            "value": "3026.8",
            "currency": "EUR"
         },
         "creditDebitIndicator": "CRDT",
         "dateTime": "2019-03-10T10:20:02+01:00"
      }
   ]
}