Balance check API call flow (cPIISP)
API historyThis API allows to get YES/NO confirmation whether the specific amount is available on the account.
Step 1: Use the access token with the scope PIISP
Obtaining access token can be based on SCA by OAuth 2.0 Authorization code grant flow or on OAuth 2.0 Client credentials grant flow (Token by secret). See Authorization API section.
Step 2: Get the YES/NO confirmation of disponibility of funds on specific account
Initiate POST request for Balance check with valid access token:
|
Balance check
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/piisp/api/v1/accounts/balanceCheck
POST https://api.csob.sk/piisp-test/api/v1/accounts/balanceCheck
|
Balance check API can be used only with accounts where bank has explicit consent from client. This can be granted by client personally at the CSOB branch or electronically during SCA process. Personally granted consent is valid till client cancel it personally at the CSOB branch. For this type of consent, when calling this API, access token based on OAuth 2.0 Client credentials grant flow (see Authorization API / Token by secret section) is sufficient. Electronically granted consent is valid for 90 days and access token based on SCA on OAuth 2.0 Authorization code grant flow must be used when calling API. On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).
Request:
Header
Attributes structure |
Optionality |
Type |
Description |
Content-Type |
Mandatory |
String |
application/json |
Authorization |
Mandatory |
String |
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage Access token from step 1 wit the scope PISP must be used. |
Request-ID |
Mandatory |
String |
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Correlation-ID |
Optional |
String |
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Process-ID |
Optional |
String |
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
PSU–IP-Address |
Mandatory |
String |
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.ASPSP shall indicate which values are acceptable. |
PSU-Device-OS |
Mandatory |
String |
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure. |
PSU-User-Agent |
Mandatory |
String |
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.) |
PSU-GeoLocation |
Optional |
String |
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude) |
PSU-Last-Logged-Time |
Optional |
DateTime |
Last date and time when user was logged to TPP app (RFC3339 format). |
Body
Attributes structure |
|||||
Level 1 |
Level 2 |
Level 3 |
Optionality |
Type |
Description |
instructionIdentification |
Mandatory |
String |
Technical identification of payment, generated by the PIISP |
||
creationDateTime |
Optional |
DateTime |
The date and time in RFC3339 format at which a particular action has been requested or executed. |
||
iban |
Mandatory |
String[34] |
International Bank Account Number (IBAN) |
||
amount |
value |
Mandatory |
NumberFloat[12.2] |
Transaction amount value. Numeric value of the amount as a fractional number. |
|
amount |
currency |
Mandatory |
String[3] |
Transaction amount currency. Formated in Alphabetic codes from ISO 4712. |
|
relatedParties |
tradingParty |
identification |
Optional |
String[35] |
Unique identification of a third party. For card transaction, this is ID of merchant. |
relatedParties |
tradingParty |
name |
Optional |
String[140] |
Name of a third party. For card transaction, this is the name of merchant. |
relatedParties |
tradingParty |
address |
Optional |
String[70] |
Merchant cummulative address identification usually containing concatenation of street name, street number, etc. |
relatedParties |
tradingParty |
countryCode |
Optional |
String[2] |
The two letter merchant country code adopted from ISO3166. |
relatedParties |
tradingParty |
merchantCode |
Optional |
String[4] |
A Merchant Category Code (MCC) coordinated by MasterCard and Visa. |
references |
chequeNumber |
Optional |
String[35] |
For card transactions, this is the card number in format **** **** **** 1111 |
|
references |
holderName |
Optional |
String[35] |
Card holder name |
|
Response:
Header
Attributes structure |
Optionality |
Type |
Description |
Content-Type |
Mandatory |
String |
application/json |
Response-ID |
Mandatory |
String |
An unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Ifentifier (UUID) version 4 form (RFC4122). |
Correlation-ID |
Optional |
String |
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Process-ID |
Optional |
String |
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Body
Attributes structure |
Optionality |
Type |
Description |
response |
Mandatory |
Enum |
response is enumeration: - APPR (sufficient funds in the account) - DECL (insufficient funds in the account) |
dateTime |
Mandatory |
DateTime |
The date and time in RFC3339 format at which a particular action has been requested or executed. |
Example:
Request
POST https://api.csob.sk/piisp/api/v1/accounts/balanceCheck HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: ac6b6bcd88950cd87060eac1be8265350876e086afecb1a93e14e37991b492a8
Request-ID: 6692262113
Correlation-ID: 5490432417
Process-ID: 6629964145
PSU-IP-Address: 192.168.88.1
PSU-Device-OS: Windows
PSU-User-Agent: SoapUI
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-20T09:49:52+01:00
Content-Type: application/json
Content-Length: 535
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
{
"instructionIdentification": "25888333924483092751483450290638548",
"creationDateTime": "2019-03-20T09:49:55Z",
"iban": " SK4075000000007777777777",
"amount": {
"value": 34.56,
"currency": "EUR"
},
"relatedParties": {
"tradingParty": {
"identification": "SK22339988",
"name": "Spolocnost s.r.o.",
"address": "Obilna 7, Puchov",
"countryCode": "SK",
"merchantCode": "9999"
}
},
"references": {
"chequeNumber": "**** **** **** 9999",
"holderName": "Jan Drzitelsky"
}
}
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: ENaLbu5AiPeSUeNdLYmd2F8YTcHRWXtt
Process-ID: 6629964145
Correlation-ID: 5490432417
Response-ID: 6692262113
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 20 Mar 2019 08:49:59 GMT
{
"response": "APPR",
"dateTime": "2019-03-20T09:49:57+01:00"
}