Standard payment submision API call flow (PISP)
API historyThis API allows to submit authorized single payment order. This is the final step to initiate payment order and must be done using access token binded to specific payment.
Step 1: Use one-time access token binded with specific payment order
Obtaining access token is described in Payment initiation API (PISP) / Standard payment initiation (XML, JSON) flows.
Step 2: Initiate payment submission
Initiate POST request for Standard payment submission with valid access token:
|
Standard payment submission
Version1
|
URL LIVE
URL SANDBOX
|
POST https://api.csob.sk/pisp/api/v1/payments/submission
POST https://api.csob.sk/pisp-test/api/v1/payments/submission
|
On API Explorer web site there is a possibility to test the API online (Try it) and download API definition (WADL, Open API).
Request:
Header
Attributes structure |
Optionality |
Type |
Description |
Content-Type |
Mandatory |
String |
application/json;charset=UTF-8 |
Authorization |
Mandatory |
String |
Authorization is defined in RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage. One-time access token binded with specific payment order must be used. |
Request-ID |
Mandatory |
String |
A unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Correlation-ID |
Optional |
String |
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Process-ID |
Optional |
String |
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
PSU–IP-Address |
Mandatory |
String |
Identifier of a customer’s IP address from which he/she is connected to the TPP infrastructure. It might be in the format of IPv4 o IPv6 address.ASPSP shall indicate which values are acceptable. |
PSU-Device-OS |
Mandatory |
String |
A customer’s device and/or operating system identification from which he/she is connected to the TPP infrastructure. |
PSU-User-Agent |
Mandatory |
String |
A customer’s web browser of other client device identification from which he/she is connected to the TPP infrastructure. Agent header field of the http request between PSU and TPP.) |
PSU-GeoLocation |
Optional |
String |
The GPS coordinates of the current customer’s location in the moment of connection to the TPP infrastructure. (Required GPS format: Latitude, Longitude) |
PSU-Last-Logged-Time |
Optional |
DateTime |
Last date and time when user was logged to TPP app (RFC3339 format). |
Body
Payload is empty
Response:
Header
Attributes structure |
Optionality |
Type |
Description |
Content-Type |
Mandatory |
String |
application/json |
Response-ID |
Mandatory |
String |
An unique identifier of a particular request message. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Ifentifier (UUID) version 4 form (RFC4122). |
Correlation-ID |
Optional |
String |
A unique correlation identifier correlates the request and the response messages as a pair especially useful for audit logs. Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Process-ID |
Optional |
String |
Identifier of a business or technical process to what the set of requests and response pairs are organized (e.g. paging of transaction history should have same ProcessID). Although it may be arbitrary string, it is strongly recommended to use a Universally Unique Identifier (UUID) version 4 form (RFC4122). |
Body
Attributes structure |
Optionality |
Type |
Description |
orderId |
Mandatory |
String[35] |
OrderId is Unique reference, as assigned by the account servicing institution, to unambiguously identify the instruction. This ID is needed to be present in further requests |
status |
Mandatory |
Enum |
Transaction status indicator is enumeration: ACTC (AcceptedTechnicalValidation) ACWC (AcceptedWithChange) RJCT (Rejected) |
reasonCode |
Optional |
Enum |
ISO 20022 Status Reason Code |
statusDateTime |
Mandatory |
DateTime |
The date and time in RFC3339 format at which a particular action has been requested or executed. |
Example:
Request
POST https://api.csob.sk/pisp/api/v1/payments/submission HTTP/1.1
Accept-Encoding: gzip,deflate
Authorization: c66a40a9460b3786c5ef51e4415c116ae0556ee5dd63d5588b0e3f59e7b6c152
Request-ID: 8972778886
Correlation-ID: 2709918987
Process-ID: 9713302148
PSU-IP-Address: 192.168.88.1
PSU-Device-OS: Windows
PSU-User-Agent: Chrome
PSU-Geo-Location: 2.050279, 45.338591
PSU-Last-Logged-Time: 2019-03-15T10:43:40+01:00
Content-Type: application/json;charset=UTF-8
Content-Length: 0
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: MVb74aie7AWRJKQhqyyyhTwLH4qRv4qg
Process-ID: 9713302148
Correlation-ID: 2709918987
Response-ID: 8972778886
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 15 Mar 2019 09:43:46 GMT
{
"orderId": "n8Teu8Y1BXVnXSatumk50",
"status": "ACTC",
"statusDateTime": "2019-03-15T10:43:46+01:00"
}