Account list API call flow (AISP)
API historyThis guideline describes process how to call Account list AISP service. Service returns list of accounts to which the client has given a mandate to specific TPP. Accounts are binded to the specific acces token during SCA process.
Step 1: Use existing access token based on Strong Customer Authentication (SCA) with the scope AISP, see Authorization API/SCA section. Only accounts which were binded to this access token wil be returned.
Step 2: Get account list
Initiate GET request for Account list with valid access token:
|
Account transaction
Version1
|
URL LIVE
URL SANDBOX
|
GET https://api.csob.sk/aisp/api/v1/accounts
GET https://api.csob.sk/aisp-test/api/v1/accounts
|
Account list service can be called 4 times a day without client. Client presence is handled by „Last login time“ atribute, where time no older than 1 hour means that client is present. Accounts with mandate set at the branch (PIISP only) are not covered by this service and must be anounced to TPP by client.
On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).
Request:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/json
|
|
Authorization
|
Mandatory
|
String
|
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
|
|
Request-ID
|
Mandatory
|
String
|
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Correlation-ID
|
Optional
|
String
|
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Process-ID
|
Optional
|
String
|
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
PSU–IP-Address
|
Mandatory
|
String
|
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.ASPSP shall indicate which values are acceptable.
|
|
PSU-Device-OS
|
Mandatory
|
String
|
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure.
|
|
PSU-User-Agent
|
Mandatory
|
String
|
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.)
|
|
PSU-GeoLocation
|
Optional
|
String
|
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude)
|
|
PSU-Last-Logged-Time
|
Optional
|
DateTime
|
Last date and time when user was logged to TPP app (RFC3339 format).
|
Body
Payload is empty.
Response:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/json
|
|
Response-ID
|
Mandatory
|
String
|
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Correlation-ID
|
Optional
|
String
|
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
|
Process-ID
|
Optional
|
String
|
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
|
Body
Attributes structure |
Optionality |
Type |
Description |
||
Level 1 |
Level 2 |
Level 3 |
|||
creationDateTime |
Mandatory |
DateTime |
The date and time in RFC3339 format at which a particular action has been requested or executed. |
||
accounts |
identification |
iban |
Mandatory |
String |
International Bank Account Number (IBAN) |
accounts |
name |
Mandatory |
String [70] |
Account name - usually client name |
|
accounts |
productName |
Optional |
String [3] |
Product name - commercial product designation |
|
accounts |
type |
Optional |
Enum |
Account type is enumeration: ISO 20022 - Cash Account Type Code e.g. (CACC - Current account) |
|
accounts |
baseCurrency |
Mandatory |
String [3] |
Account currency (currency code according to ISO 4217 - 3 capital letters) |
|
accounts |
servicer |
financialInstitutionIdentification |
Mandatory |
String [11] |
Corresponding identification of a servicing bank managing the account, usually Bank Identification Code (BIC). |
accounts |
consent |
Mandatory |
Array [String] |
Consent containts set of particular account’s scopes for TPP. Formated as array of following enumerations: AISP, PISP, PIISP. |
|
Example:
Request
GET https://api.csob.sk/aisp/api/v1/accounts HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: c1cfb2ab08643d31f206feabac99b63781c08dd4466dcab7b35ae9c6be777cb2
Request-ID: 5345301894
Correlation-ID: 8496498755
Process-ID: org.apache.commons.lang.RandomStringUtils.randomNumeric
PSU-Device-OS: Windows
PSU-User-Agent: Chrome
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-11T10:33:03+01:00
PSU-IP-Address: 192.168.88.1
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: Pac4h2v28g2UR9TgSqjKuPdd8a55exHz
Process-ID: org.apache.commons.lang.RandomStringUtils.randomNumeric
Correlation-ID: 8496498755
Response-ID: 5345301894
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 11 Mar 2019 09:33:10 GMT
{
"creationDateTime": "2019-03-11T10:30:44.817+01:00",
"accounts": [
{
"identification": {"iban": "SK4075000000007777777777"},
"name": "TPP COMPANY 2 S.R.O.",
"productName": "ČSOB Podnikateľské konto",
"type": "CACC",
"baseCurrency": "EUR",
"servicer": {"financialInstitutionIdentification": "CEKOSKBX"},
"consent": [
"AISP",
"PISP",
"PIISP"
]
},
{
"identification": {"iban": "SK8175000000002222222222"},
"name": "TPP COMPANY 2 S.R.O.",
"productName": "ČSOB Podnikateľské konto",
"type": "CACC",
"baseCurrency": "EUR",
"servicer": {"financialInstitutionIdentification": "CEKOSKBX"},
"consent": [
"AISP",
"PISP",
"PIISP"
]
}
]
}