Account information API call flow (AISP) history
backVersion: 1.1 [current version]
Date: 19.6.2021
Changes: No change in API structure, only fix data type from String to Float for Amount-value field.
Previous versions:
Version: 1.0
Date: 4.12.2018
Changes: n/a [initial release]
Account information API call flow (AISP)
This guideline describes process how to call AISP service Account information (detail and balances).
Step 1: Use the access token based on Strong Customer Authentication (SCA) with the scope AISP
Obtaining access token based on SCA must be done by OAuth 2.0 Authorization code grant flow. See Authorization API/SCA section.
Step 2: Get account information
Initiate POST requests for Account information with valid access token and specific IBAN:
|
Account transaction
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/aisp/api/v1/accounts/information
POST https://api.csob.sk/aisp-test/api/v1/accounts/information
|
Account information can be downloaded 4 times a day without client. Client presence is handled by „PSU-Last-Logged-Time“ atribute, where time no older than 1 hour means that client is present.
On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).
Request:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/json;charset=UTF-8
|
|
Authorization
|
Mandatory
|
String
|
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
|
|
Request-ID
|
Mandatory
|
String
|
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Correlation-ID
|
Optional
|
String
|
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Process-ID
|
Optional
|
String
|
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
PSU–IP-Address
|
Mandatory
|
String
|
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.ASPSP shall indicate which values are acceptable.
|
|
PSU-Device-OS
|
Mandatory
|
String
|
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure.
|
|
PSU-User-Agent
|
Mandatory
|
String
|
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.)
|
|
PSU-GeoLocation
|
Optional
|
String
|
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude)
|
|
PSU-Last-Logged-Time
|
Optional
|
DateTime
|
Last date and time when user was logged to TPP app (RFC3339 format).
|
Body
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
iban
|
Mandatory
|
String [34]
|
International Bank Account Number (IBAN)
|
Response:
Header
Attributes structure |
Optionality |
Type |
Description |
Content-Type |
Mandatory |
String [34] |
application/json |
Response-ID |
Mandatory |
String |
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Correlation-ID |
Optional |
String |
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Process-ID |
Optional |
String |
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Body
Attributes structure |
Optionality |
Type |
Description |
||
Level 1 |
Level 2 |
Level 3 |
|||
account |
name |
Mandatory |
String [70] |
Account name - usually client name |
|
account |
productName |
Optional |
String [70] |
Product name - commercial product designation |
|
account |
type |
Optional |
Enum |
Account type is enumeration: ISO 20022 - Cash Account Type Code e.g. (CACC - Current account) |
|
account |
baseCurrency |
Mandatory |
String [3] |
Account currency (currency code according to ISO 4217 - 3 capital letters) |
|
balances |
typeCodeOrProprietary |
Mandatory |
Enum |
Balance type is enumeration: ISO 20022 - Balance Type Code. Following balances mandatory are published: - ITBD (Interim booked balance) - ITAV (Interim available balance) |
|
balances |
amount |
value |
Mandatory |
Number Float [12.2] |
Balance amount. Numeric value of the amount as a fractional number. The fractional part has a maximum of two digits |
balances |
amount |
currency |
Mandatory |
String [3] |
Balance currency (currency code according to ISO 4217 - 3 capital letters) |
balances |
creditDebitIndicator |
Mandatory |
Enum |
Credit/Debit indicator is enumeration: - CRDT (Credit) - DBIT (Debit) |
|
balances |
dateTime |
Mandatory |
DateTime |
Timestamp of balances (official local date and time of Slovak republic in RFC 3339 format) |
|
Example:
Request
POST https://api.csob.sk/aisp/api/v1/accounts/information HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: 8c769bf992c9fc905ed93415f146a1be749f1e8c22a4b2926e59cfd488f51762
Request-ID: 5984407340
Correlation-ID: 0482029096
Process-ID: 8293555891
PSU-Device-OS: Windows
PSU-User-Agent: Chrome
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-10T10:17:19+01:00
PSU-IP-Address: 192.168.88.1
Content-Type: application/json;charset=UTF-8
Content-Length: 40
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
{
"iban": "SK4075000000007777777777"
}
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: i3AdUUeg8wJL6yUyy3CM6QzUDRNm5e2H
Process-ID: 8293555891
Correlation-ID: 0482029096
Response-ID: 5984407340
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 10 Mar 2019 09:17:24 GMT
{
"account": {
"name": "TPP COMPANY 2 S.R.O.",
"productName": "ČSOB Podnikateľské konto",
"type": "CACC",
"baseCurrency": "EUR"
},
"balances": [
{
"typeCodeOrProprietary": "ITBD",
"amount": {
"value": "3026.8",
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2019-03-01T07:31:19+01:00"
},
{
"typeCodeOrProprietary": "ITAV",
"amount": {
"value": "3026.8",
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2019-03-10T10:20:02+01:00"
}
]
}