Payment order status API call flow (PISP)

API history

This API allows to get actual status of initiated payment order.

Step 1: Use the access token with the scope PISP
Obtaining access token can be based on SCA by OAuth 2.0 Authorization code grant flow (SCA) or on OAuth 2.0 Client credentials grant flow (Token by secret). See Authorization API section.

Step 2: Get the payment order status
Initiate GET request for Payment order status with valid access token and OrderId of initiated payment order:

Payment order status
Version1
URL LIVE
URL SANDBOX
GET https://api.csob.sk/pisp/api/v1/payments/{orderId}/status
GET https://api.csob.sk/pisp-test/api/v1/payments/{orderId}/status

Status of initiated payment order is exchanged between bank and third party provider, and he is obliged to present this status to client in his application. Payment order status is available during payment order processing and 7 days after final status. After this period, payment with specific order id will no longer exist for this service.
On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).

Request:

Header

Attributes structure
Optionality
Type
Description
Content-Type
Mandatory
String
application/json or application/xml
Authorization
Mandatory
String
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
Access token from step 1 wit the scope PISP must be used.
Request-ID
Mandatory
String
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Correlation-ID
Optional
String
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Process-ID
Optional
String
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
PSU–IP-Address
Mandatory
String
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.
ASPSP shall indicate which values are acceptable.
PSU-Device-OS
Mandatory
String
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure.
PSU-User-Agent
Mandatory
String
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.)
PSU-GeoLocation
Optional
String
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude)
PSU-Last-Logged-Time
Optional
DateTime
Last date and time when user was logged to TPP app (RFC3339 format).

Body

Payload is empty

Response:

Header

Attributes structure
Optionality
Type
Description
Content-Type
Mandatory
String
application/json or application/xml
Response-ID
Mandatory
String
An unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Ifentifier (UUID) version 4 form (RFC4122).
Correlation-ID
Optional
String
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).
Process-ID
Optional
String
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122).

Body

Attributes structure
Optionality
Type
Description
orderId
Mandatory
String
OrderId is Unique reference, as assigned by the account
servicing institution, to unambiguously identify the instruction.
status
Mandatory
Enum
Transaction status indicator is enumeration:
- ACTC (AcceptedTechnicalValidation)
- ACWC (AcceptedWithChange)
- RJCT (Rejected)
- PDNG (Pending)
- ACSP (AcceptedSettlementInProcess)
- ACSC (AcceptedSettlementCompleted)
reasonCode
Optional
Enum
ISO 20022 Reason Code*
statusDateTime
Mandatory
DateTime
The date and time in RFC3339 format at which a particular action has been requested or executed.
*Link to Reason Code enumeration https://www.iso20022.org/sites/default/files/documents/External_code_lists/ ExternalCodeS ets_4Q2017_05Mar2018_v1.xls (sheets: 16-StatusReason, 60-ReceivedReason, 61-AcceptedReason, 62-PendingProcessingReason, 63-RejectedReason)

Example:

Request

GET https://api.csob.sk/pisp/api/v1/payments/6UYrbw35CddjepCndmGE51/status HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: 6540e9b156648591b54f27b9bb7f332504ef511e95b39ccf58da5682eab8710e
Request-ID: 4630101537
Correlation-ID: 7931484341
Process-ID: 7352564448
PSU-IP-Address: 192.168.8.1
PSU-Device-OS: windows
PSU-User-Agent: chrome
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-19T12:15:48+01:00
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)


Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: Fwje4fBESArfL72JABJ98B9Bq9dVt6vC
Process-ID: 7352564448
Correlation-ID: 7931484341
Response-ID: 4630101537
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 19 Mar 2019 11:15:57 GMT 
{
   "orderId": "6UYrbw35CddjepCndmGE51",
   "status": "RJCT",
   "reasonCode": "AB03",
   "statusDateTime": "2019-03-19T12:15:57.187+01:00"
}