TPP enroll create API call flow
API historyThis API allows to assign technical identificators to third party, which is listed in register of competent authority and owns eIDAS certificate according to ETSI standard.
Step 1: Request to assign technical identificators
Initiate POST requests for assigning technical identificators with valid certificate:
TPP enroll create
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/enroll/enroll
POST https://api.csob.sk/enroll-test/enroll
|
Only authorized third parties are allowed to request for technical identificators. This third party must be in register of competent authority and own eIDAS certificate (QWAC/QSEAL) according to ETSI standard (ETSI TS 119 495). Third party name, licence number and scopes in certificate must be exactly the same as in register of competent authority. Other third parties wil be rejected. After succesful enroll, third party has to be approved on bank side. Confirmation email will be sent to the third party‘s email address specified in enroll request.
On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).
Request:
Header
Attributes structure
|
Optionality
|
Type
|
Description
|
Content-Type
|
Mandatory
|
String
|
application/json;charset=UTF-8
|
Body
Attributes structure |
Optionality |
Type |
Description |
redirect_uris |
Mandatory |
Array of strings |
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URLs in the exact format |
client_name |
Mandatory |
String |
Third party name |
client_type |
Mandatory |
String |
OAuth defines two client types, based on their ability to authenticate securely with the authorization server (Confidential/Public). CSOB accepts confidential clients only. |
client_name#en-US |
Optional |
String |
Third party name in the appropriate language / encoding. |
logo_uri |
Optional |
URI |
Third party logo URL |
contacts |
Mandatory |
Array of strings |
E-mails as a contact to a responsible person at the third party side |
scopes |
Optional |
Array of strings |
Array of the required scopes by third party. At registration, scopes are validated against the content of the certificate used |
licensenumber |
Mandatory |
String |
License number assigned by national regulator |
Response:
Header
Attributes structure
|
Optionality
|
Type
|
Description
|
Content-Type
|
Mandatory
|
String
|
application/json
|
Body
Attributes structure |
Optionality |
Type |
Description |
client_id |
Mandatory |
String |
Client id assigned to the third party by the bank. This ID is needed in further communication with the bank |
client_secret |
Mandatory |
String |
Client secret issued by the bank for the third party |
client_secret_
expires_at |
Optional |
DateTime |
Value 0 always returned |
api_key |
Optional |
String |
Value "NOT_PROVIDED" always returned |
Example:
Request
POST https://api.csob.sk/enroll/enroll HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json;charset=UTF-8
Content-Length: 517
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
{
"redirect_uris": [
"https://www.csob.sk/psd2tpp"
],
"client_name": "PSD2 TPP a.s.",
"logo_uri": "http://www.csob.sk/images/logo.jpg",
"client_type": "Confidential",
"contacts": ["api@csob.sk"],
"scopes": ["AISP","PIISP","PISP"],
"licensenumber": "12312301"
}
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: Uay8r2qvz5wgTJSJHBEyKzDeBPVdncFP
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 05 Apr 2019 08:23:05 GMT
{
"client_id": "TIDgjzKuS7k",
"client_secret": "XxVMAk3UKiT8i58yQ353BzusnKCB5GQ6",
"client_secret_expires_at": "0",
"api_key": "NOT_PROVIDED"
}