docs.accounts.smartfintech.eu
Open in
urlscan Pro
18.198.132.246
Public Scan
URL:
https://docs.accounts.smartfintech.eu/
Submission: On November 25 via automatic, source certstream-suspicious — Scanned from DE
Submission: On November 25 via automatic, source certstream-suspicious — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
* Overview
* Which banks are currently integrated into Smart Accounts?
* How secure is Smart Accounts?
* What do I need to get started with Smart Accounts?
* What is the process of initiating the business relationship?
* Prior to the technical integration, Smart Fintech will request the
following from the partner:
* What do I need for the sandbox environment?
* What do I need for the production environment?
* Support
* Step 1 - Authentication
* postAuthenticate
* postResfreshToken
* Step 2 - Consent Initiation
* getBanks
* postCheck Email Account
* postInitConsent
* Step 3 - Consent Details
* getConsent
* getConsent status
* delDelete consent
* Step 4 - Account Information
* getAccounts
* getBalances
* getAccount Details
* getTransaction
* getTransaction details
API docs by Redocly
SMARTACCOUNTS (1.1.2)
Download OpenAPI specification:Download
API Support: support@smartfintech.eu URL: https://www.smartfintech.eu Terms of
Service
Onboarding Manual
OVERVIEW
**Smart Accounts** is the first account interrogation service (AIS) developed in
Romania and authorised by the National Bank of Romania (NBR). Our solution suits
individuals, legal entities (enabling access for all their bank accounts in one
place) and companies that process their customers' financial-banking data, such
as billing platforms, NFIs, ERP services, or personal finance management
providers. ## Simplify integration for consistent banking experience
Our Smart Accounts API solution is specifically designed to optimize the
integration process, thereby saving you considerable time and effort. With our
solution, you gain access to a bank selector API that simplifies the process of
connecting with multiple banks. This eliminates the need for you to individually
implement bank-specific requirements to request them from your users, automating
those needs and significantly reducing the integration time.
The API specifies the necessary data for each bank before starting the consent
initiation process. For instance, if the user selects Bank X from the bank
selector, you will know from this API if that bank requires no initial
information or the PSU_ID before starting the consent initiation process.
Furthermore, our solution normalizes the consent initiation and account
interrogation steps across all banks. This ensures that you can expect a uniform
and standardized process for consent initiation and account interrogation,
regardless of the specific bank. The selected bank only represents an input
parameter for our APIs, while the request and response objects of the API are
bank-agnostic. This saves you from having to navigate through varying consent
procedures and request/response mappings for each bank, further expediting the
integration process.
By leveraging our Smart Accounts API solution, you can seamlessly integrate with
multiple banks, reduce integration time, and ensure a consistent user experience
across different banking platforms. This not only saves you time and resources
but also enhances the overall efficiency and effectiveness of your integration
efforts.
WHICH BANKS ARE CURRENTLY INTEGRATED INTO SMART ACCOUNTS?
The largest and most popular banks in Romania are connected in Smart Accounts:
Banca Transilvania, Banca Comerciala Romana, ING Bank, BRD Groupe Societe
Generale, Raiffeisen Bank, CEC Bank, First Bank, UniCredit Bank, Revolut, OTP
Bank, Garanti BBVA, Libra Bank and Alpha Bank.
HOW SECURE IS SMART ACCOUNTS?
Beyond the ease of integration and use, security is another fundamental
principle of Smart Accounts. The implemented security policy ensures the
protection of our partners and their customers against payments risks, including
the risk of fraud and illegal use of sensitive payment data. All electronic
communication channels are secured using MTLS, digital signature, and the OAuth2
protocol with OpenID Connect. The Smart Accounts system permanently ensures the
integrity and confidentiality of data on payment transactions and payment
service users as follows:
* data in transit is encrypted using MTLS and digitally signed. Idle data is
stored encrypted with a unique encryption key. Encryption algorithm used is
AES, the encryption key being used only at the API level and stored in a
protected configuration file;
* access to Smart Accounts administration or reporting features is granted
using authentication with user / password credentials. The system requires
the use of passwords with a very high degree of complexity and password
rotation every 60 days.
WHAT DO I NEED TO GET STARTED WITH SMART ACCOUNTS?
You need to get an X.509 certificate from a certified authority of your choice.
* an X.509 certificate contains a public key and an identity (a hostname or
organisation or an individual) and it's signed by a certificate authority.
* a Certification Authority (CA) acts as a trusted third party for both the
subject (owner) of the certificate and the party relying on the certificate.
The X.509 certificate is used in both sandbox and production environments.
You can obtain it on your own, or we can assist you in obtaining one.
After that, we will walk together through the stage of initiating the business
relationship and integrate Smart Accounts into your platform.
WHAT IS THE PROCESS OF INITIATING THE BUSINESS RELATIONSHIP?
For the integration process we will collect the relevant data to configure your
profile and to ensure the proper functioning of the product with your platform
(company logo, company name, CUI).
PRIOR TO THE TECHNICAL INTEGRATION, SMART FINTECH WILL REQUEST THE FOLLOWING
FROM THE PARTNER:
1. The subject of the X.509 certificate and the name of the authority (CA) that
generated this certificate;
2. A redirectURL, where Smart Accounts will redirect the payment service user
after confirmation of consent initiation.
WHAT DO I NEED FOR THE SANDBOX ENVIRONMENT?
1. The NDA must be signed;
2. The onboarding procedure completed, where we will need the information
described in addition to partner's name (as it will be displayed on the
Smart Accounts page) and tax identification code / number;
3. The X.509 certificate for sandbox environment (apart from the one needed for
production environment). If certificate is missing, we can generate a one
for testing. The Smart Accounts team will provide a certificate (if
required), a Postman and an environment collection, as well as technical
documentation. Any partner will benefit from support during testing and
integration.
WHAT DO I NEED FOR THE PRODUCTION ENVIRONMENT?
1. The contract must be signed;
2. The subject of the X.509 certificate and the name of the authority (CA) that
generated this certificate;
3. The reconfirmation of the data submitted for partner's profile configuration
in Smart Accounts, listed above.
SUPPORT
Please contact us through our page https://www.smartfintech.eu/contact or send
us an email at contact@smartfintech.eu
STEP 1 - AUTHENTICATION
These APIs offer the following services:
* authentication based on a client_id already enrolled and associated with the
X.509 certificate;
* refresh the access token obtained after authentication.
AUTHENTICATE
After enrollment of the partner in Smart Accounts' systems, the partner will
receive a client_id which is assigned to a certificate's Subject DN. The API
will extract de Subject DN from client's certificate. Whenever the partner wants
to initiate a new consent, he will have to call
/authenticate/rest/api/authenticate/token API. The API receives the client_id of
the partner. The response of the API contains an access_token, a refresh_token
and an internalConsentId generated by Smart Accounts. The access and refresh
tokens are uniquely generated per internalConsentId. The access token expires
after 5 minutes, so it must be renewed using the refresh token provided ("POST
refreshToken API"). The refresh token expires after 90 days. Mixing tokens with
other internalConsentIds will cause an UNAUTHORIZED response from Smart
Accounts. Returned internalConsentId, access and refresh tokens should be saved
by partner's systems.
QUERY PARAMETERS
client_id
required
string
The client id of the partner
RESPONSES
200
SUCCESS
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
post/authenticate/rest/api/token
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/authenticate/rest/api/token
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/authenticate/rest/api/token
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "internalConsentId": 0,
* "access_token": "string",
* "refresh_token": "string"
}
}
RESFRESHTOKEN
This API will be used whenever the access_token expires for a consent. API
receives in its body the client_id, refresh_token of the expired access_token
and in access_token API's header the access token that expired. API responds
with a new set of access_token and refresh_token and the consent id for which
they are eligible. Note: Last refresh_token is the only one valid and previous
refresh_token is invalidated automatically.
QUERY PARAMETERS
client_id
required
string
refresh_token
required
string
HEADER PARAMETERS
access_token
required
string
internalConsentId
required
integer
RESPONSES
200
SUCCESS
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
post/authenticate/rest/api/refreshToken
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/authenticate/rest/api/refreshToken
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/authenticate/rest/api/refreshToken
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "internalConsentId": 0,
* "access_token": "string",
* "refresh_token": "string"
}
}
STEP 2 - CONSENT INITIATION
These APIs provide:
* the list of integrated banks;
* email based validation of the accepted T&C;
* consent initiation.
BANKS
GET Banks returns the list of integrated and available banks. Every bank object
contains the object "requiredParameters" which includes the parameters
"requiresPSUIdType", "requiresPSUId" and "requiresIban". The parameters are
boolean type and the value "true" means that the respective parameter should be
sent on further requests.
All API calls must be made using the "code" specific for each bank, otherwise an
error will be raised.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/banks
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/banks
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/banks
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": [
* {
* "id": 0,
* "code": "string",
* "name": "string",
* "logo": "string",
* "active": true,
* "bic": "string",
* "requiredParameters": {
* "requiresPSUIdType": true,
* "requiresPSUId": true,
* "requiresIban": true
}
}
]
}
CHECK EMAIL ACCOUNT
This API verifies:
* if the user has accepted Smart Fintech's terms and conditions;
* if the user has an existing account with this e-mail.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
REQUEST BODY SCHEMA: APPLICATION/JSON
psuEmail
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
post/core/rest/api/checkPsuEmail
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/checkPsuEmail
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/checkPsuEmail
REQUEST SAMPLES
* Payload
Content type
application/json
Copy
{
* "psuEmail": "string"
}
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "existingAccount": true,
* "message": "string",
* "t&c": "string"
}
}
INITCONSENT
At this point, the consent can be prepared to be sent to bank for authorisation.
In order to initialise a consent, Smart Accounts needs the following
information:
* Request body:
* codeBank – for which bank the PSU wants to create a consent (”code”
received on GET Banks API);
* periodOfValid – the period is with default value = 180 days. If Smart
Accounts receives a different value on this parameter, a "Bad request"
error will be raised. After 180 days, the PSU must re-authorise in the
bank's page. Please be aware that the re-authorisation in the bank's page
will generate a new consent ID so you must keep the evidence of the PSU's
consents to match the account information;
* psuEmail – it is the e-mail address of the PSU this address and it will be
used to inform the user about the consent initialisation;
* psuIntermediarId – is the unique ID associated to the PSU by the partner
systems;
* redirectURL– is the page where the PSU will be redirected after he finishes
the authorisation phase in the bank's page. It is recommended to be
redirect in the partner's page;
* TCaccepted – must be true, otherwise a "Bad request" error will be raised.
It is partner’s choice if for each new consent the user must check and
agree to the Smart Accounts Terms and Conditions, or it can implement a
different way of managing the PSU's T&C agreement;
* allAccounts – with attributes "iban" and "currency" (mandatory for RZB and
OTP);
* Request header:
* Content-Type – mandatory for all banks;
* PSU-IP-Address – is mandatory and without this information, there is a
limitation over the number of API calls that we can make (4 calls maximum
per day);
* PSU-ID – it is generated by the bank, also known as username. Mandatory for
BRD, RZB, OTP;
* PSU-ID-Type – mandatory for:
* BRD - accepted values are: "PF", "PJ" or "PFA";
* RZB – accepted value: "PJ" – only for corporate accounts. Do not send
PSU-ID-TYPE if you want to initiate a consent for an individual person.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
scaMethod
string
PSU-ID
string
PSU-ID-Type
string
REQUEST BODY SCHEMA: APPLICATION/JSON
codeBank
required
string
periodOfValid
required
integer <int32> [ 90 .. 180 ]
psuEmail
required
string
psuIntermediarId
required
string
redirectURL
required
string
allAccounts
Array of objects (AccountsInitConsent)
TCaccepted
required
boolean
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
post/core/rest/api/initConsent/{internalConsentId}
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/initConsent/{internalConsentId}
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/initConsent/{internalConsentId}
REQUEST SAMPLES
* Payload
Content type
application/json
Copy
Expand all Collapse all
{
* "codeBank": "string",
* "periodOfValid": 90,
* "psuEmail": "string",
* "psuIntermediarId": "string",
* "redirectURL": "string",
* "allAccounts": [
* {
* "iban": "string",
* "currency": "string"
}
],
* "TCaccepted": true
}
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "consentStatus": "string",
* "consentId": "string",
* "_links": {
* "scaOAuth": {
* "href": "string"
}
}
}
}
STEP 3 - CONSENT DETAILS
These APIs:
* provide information about consents;
* delete consent.
CONSENT
The purpose of this API is to check the consent details and the list of
available accounts. The list of available accounts means the list of accounts
for which the user has granted access through the consent authorisation.
Depending on each bank's integration, this API will respond as follows:
* will return the list of the selected accounts by PSU and the parameter
"availableAccounts" will be null:
* BT,
* BRD when PSU-ID-Type = PJ/PFA,
* RZB,
* FB,
* UNC,
* OTP,
* LIB;
* will NOT return the list of the selected accounts by PSU and the parameter
"availableAccounts" will be null:
* CEC – if only an account is selected, then its IBAN will appear in
"accounts", "balances" and "transactions",
* REV;
* will NOT return the list of the selected accounts by PSU and the parameter
"availableAccounts" will have the value."allAccounts":
* BCR,
* ING,
* BRD (PSU-ID-Type = PF),
* GRT,
* ALPH.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/consent/{bankName}/{internalConsentId}
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/consent/{bankName}/{internalConsentId}
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/consent/{bankName}/{internalConsentId}
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "access": {
* "accounts": [
* {
* "iban": "string",
* "currency": "string",
* "name": "string"
}
],
* "balances": [
* {
* "iban": "string",
* "currency": "string",
* "name": "string"
}
],
* "transactions": [
* {
* "iban": "string",
* "currency": "string",
* "name": "string"
}
],
* "availableAccounts": "string"
},
* "consentStatus": "string",
* "frequencyPerDay": 0,
* "lastActionDate": "2019-08-24T14:15:22Z",
* "validUntil": "2019-08-24T14:15:22Z",
* "recurringIndicator": true,
* "combinedServiceIndicator": true,
* "creationDate": "2019-08-24T14:15:22Z"
}
}
CONSENT STATUS
This API will return the status of the consent sent on request.
The list of possible statuses, according to Berlin Group Implementation
Guidelines. The bold statuses are the ones we have encountered in production
environment tests, until now:
Status name Description received The consent data have been received and are
technically correct. The data is not authorised yet. rejected The consent data
have been rejected e.g. since no successful authorisation has taken place.
partiallyAuthorised
The consent is due to a multi-level authorisation, some but not all mandated
authorisations have been performed yet. valid The consent is accepted and valid
for GET account data calls and others as specified in the consent object.
revokedByPsu The consent has been revoked by the PSU towards the ASPSP. expired
The consent expired. terminatedByTPP The corresponding TPP has terminated the
consent by applying the DELETE method to the consent resource.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/consent/{bankName}/{internalConsentId}/status
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/consent/{bankName}/{internalConsentId}/status
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/consent/{bankName}/{internalConsentId}/status
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "consentStatus": "string"
}
}
DELETE CONSENT
This API can be used to revoke access given through a consent.
After calling the API DeleteConsent, any other called API will respond with
UNAUTHORIZED (TerminatedByTPP).
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
delete/core/rest/api/deleteConsent/{bankName}/{internalConsentId}
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/deleteConsent/{bankName}/{internalConsentId}
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/deleteConsent/{bankName}/{internalConsentId}
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "message": "string"
}
}
STEP 4 - ACCOUNT INFORMATION
These APIs provide information about:
* account(s);
* balance(s);
* transaction(s).
The bank's name must be according to the "codeBanks" from Get Banks, otherwise
an error will be raised. Validation performed on all resource APIs: If the
bank’s name and "internalConsentId" are not the same as the ones from
"initConsent", an error will be raised.
ACCOUNTS
Returns a list of payment accounts to which an account access has been granted
through the "initConsent" endpoint by the PSU.
The partner must use the access_token in order to read the list of account(s)
for the provided internalConsentId.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/accounts/{bankName}/{internalConsentId}
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{internalConsentId}
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{internalConsentId}
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": [
* {
* "resourceId": "string",
* "iban": "string",
* "currency": "string",
* "name": "string",
* "ownerName": "string",
* "product": "string",
* "cashAccountType": "string",
* "status": "string",
* "bic": "string",
* "accountOfficerDescription": "string",
* "openingDate": "string",
* "customerSector": "string",
* "customerType": "string",
* "accountUsage": "string",
* "workingBalance": true,
* "onlineActualBalance": true,
* "balances": [
* {
* "balanceAmount": {
* "currency": "string",
* "amount": 0
},
* "balanceType": "string",
* "referenceDate": "string",
* "creditLimitIncluded": "string",
* "creditDebitIndicator": "string"
}
],
* "sortCodeAccountNumber": "string",
* "isCardAccount": true
}
]
}
BALANCES
Balances can be checked for each account - "resourceId" from GetAccounts must be
sent.
The partner will use the access_token in order to read balance(s) for the
provided internalConsentid.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
resourceId
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/balances
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/balances
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/balances
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "account": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "balances": [
* {
* "balanceAmount": {
* "currency": "string",
* "amount": 0
},
* "balanceType": "string",
* "referenceDate": "string",
* "creditLimitIncluded": "string",
* "creditDebitIndicator": "string",
* "lastChangeDateTime": "string",
* "lastCommittedTransaction": "string",
* "transactionStatus": "string"
}
]
}
}
ACCOUNT DETAILS
This API is used to obtain account details for a specific account, not for all
accounts.
Only ING did not implement this API.
The partner will use the access_token in order to read account's details for the
provided internalConsentId.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
internalConsentId
required
integer
resourceId
required
string
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/details
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/details
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/details
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "resourceId": "string",
* "iban": "string",
* "currency": "string",
* "name": "string",
* "ownerName": "string",
* "product": "string",
* "cashAccountType": "string",
* "status": "string",
* "bic": "string",
* "accountOfficerDescription": "string",
* "openingDate": "string",
* "customerSector": "string",
* "customerType": "string",
* "accountUsage": "string",
* "workingBalance": true,
* "onlineActualBalance": true,
* "balances": [
* {
* "balanceAmount": {
* "currency": "string",
* "amount": 0
},
* "balanceType": "string",
* "referenceDate": "string",
* "creditLimitIncluded": "string",
* "creditDebitIndicator": "string"
}
],
* "sortCodeAccountNumber": "string",
* "isCardAccount": true
}
}
TRANSACTION
API used to obtain the transactions for each account. The partner will use the
access_token in the process of reading transactions for the provided
internalConsentid. Some banks have a limited period for which transactions can
be retrieved:
Bank Transactions period Notes BCR 90 days BT 120 days 90 days capped in
Sandbox by the bank BRD 2 years OTP 90 days RZB 180 days ING, CEC, GRT,
LIB, UNC, REV, FB, ALPH unlimited ALPH is capped at 18 months in Sandbox
Read transaction reports or transaction lists of a given account addressed by
"account-id" (resourceId), depending on the steering parameter "bookingStatus".
For a given account, additional parameters are the attributes "dateFrom" and
"dateTo". Depending on each bank, these parameters are requested as follows:
Parameter BT BCR ING BRD RZB CEC FB UNC REV OTP LIB GRT ALPH bookingStatus M
M N.R. M M M M M M M N.R. M M dateFrom M M M M M M M M M M
M M M dateTo M M M M M M M M M M M M M
* M – mandatory * N.R. – not requested Banks with pagination include a "next"
parameter in the API response. If "next" has a value, another page of
transactions is available. When "next" is null, there are no more pages. To
access the next page, the partner must include the "next" parameter and its
value (link) in the header of the request. Note that "next" is tied to the
"dateFrom" and "dateTo" parameters, so changing this period requires a new
GetTransactions call with updated dates to retrieve transactions for that new
period. Transactions are sent either bulk or with pagination, as following:
Bank How the transactions are sent BT 100 transactions / page BCR Bulk
CEC Bulk BRD 200 transactions / page ING 20 transactions / page REV 50
transactions / page UNC 400 transactions / page RZB 50 transactions / page
OTP Bulk LIB Bulk FB Bulk GRT Bulk ALPH Bulk
To be considered that transactionID is not sent by the following banks: - BRD -
the endToEndId can be used as an alternative; - ING - not sent in most cases; -
UNC; - OTP.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
resourceId
required
string
internalConsentId
required
integer
QUERY PARAMETERS
dateFrom
required
string <date>
dateTo
required
string <date>
bookingStatus
string
isCardAccount
boolean
Default: false
HEADER PARAMETERS
PSU-IP-Address
required
string
next
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "acocunt": {
* "resourceId": "string",
* "iban": "string",
* "currency": "string",
* "name": "string",
* "ownerName": "string",
* "product": "string",
* "cashAccountType": "string",
* "status": "string",
* "bic": "string",
* "accountOfficerDescription": "string",
* "openingDate": "string",
* "customerSector": "string",
* "customerType": "string",
* "accountUsage": "string",
* "workingBalance": true,
* "onlineActualBalance": true,
* "balances": [
* {
* "balanceAmount": {
* "currency": "string",
* "amount": 0
},
* "balanceType": "string",
* "referenceDate": "string",
* "creditLimitIncluded": "string",
* "creditDebitIndicator": "string"
}
],
* "sortCodeAccountNumber": "string",
* "isCardAccount": true
},
* "transactions": {
* "booked": [
* {
* "transactionId": "string",
* "entryReference": "string",
* "endToEndId": "string",
* "bookingDate": "string",
* "valueDate": "string",
* "executionDateTime": "string",
* "transactionAmount": {
* "currency": "string",
* "amount": 0
},
* "transactionType": "string",
* "exchangeRate": [
* {
* "currencyFrom": "string",
* "rateFrom": 0,
* "currencyTo": "string",
* "rateDate": "2019-08-24"
}
],
* "creditorName": "string",
* "creditorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "debtorName": "string",
* "debtorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "remittanceInformationUnstructured": "string",
* "proprietaryBankTransactionCode": "string",
* "merchantDetails": {
* "merchantName": "string"
},
* "additionalInformation": "string",
* "smartRemittance": {
* "creditorName": "string",
* "creditorAccount": "string",
* "debtorName": "string",
* "debtorAccount": "string",
* "fiscalRegistrationNumber": "string",
* "transactionDetails": "string",
* "cardNumber": "string",
* "transactionType": "string",
* "merchantName": "string",
* "transactionFee": "string",
* "exchangeRate": "string",
* "currencyExchanged": "string",
* "identificationId": "string"
},
* "transactionStatus": "string",
* "creditDebitIndicator": "string"
}
],
* "pendding": [
* {
* "transactionId": "string",
* "entryReference": "string",
* "endToEndId": "string",
* "bookingDate": "string",
* "valueDate": "string",
* "executionDateTime": "string",
* "transactionAmount": {
* "currency": "string",
* "amount": 0
},
* "transactionType": "string",
* "exchangeRate": [
* {
* "currencyFrom": "string",
* "rateFrom": 0,
* "currencyTo": "string",
* "rateDate": "2019-08-24"
}
],
* "creditorName": "string",
* "creditorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "debtorName": "string",
* "debtorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "remittanceInformationUnstructured": "string",
* "proprietaryBankTransactionCode": "string",
* "merchantDetails": {
* "merchantName": "string"
},
* "additionalInformation": "string",
* "smartRemittance": {
* "creditorName": "string",
* "creditorAccount": "string",
* "debtorName": "string",
* "debtorAccount": "string",
* "fiscalRegistrationNumber": "string",
* "transactionDetails": "string",
* "cardNumber": "string",
* "transactionType": "string",
* "merchantName": "string",
* "transactionFee": "string",
* "exchangeRate": "string",
* "currencyExchanged": "string",
* "identificationId": "string"
},
* "transactionStatus": "string",
* "creditDebitIndicator": "string"
}
],
* "links": {
* "next": {
* "href": "string"
}
}
}
}
}
TRANSACTION DETAILS
This API returns the same information as GetTransactions but only for a specific
transaction (you must complete the "transactionId" and "resourceId").
Only BT, BCR, CEC and GRT have implemented this API.
The partner will use the access_token in the process of reading transactions
details for the provided internalConsentId.
API must be called with Authorization header containing the access_token value
received on Authenticate step.
PATH PARAMETERS
bankName
required
string
resourceId
required
string
transactionId
required
string
internalConsentId
required
integer
HEADER PARAMETERS
PSU-IP-Address
required
string
RESPONSES
200
Success
400
Bad request
401
Unauthorized
404
Not found
503
Service Temporarily Unavailable
get/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions/{transactionId}/details
Staging server
https://docs.accounts.smartfintech.eu/swagger/mtls.sandboxaccounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions/{transactionId}/details
Production server
https://docs.accounts.smartfintech.eu/swagger/mtls.accounts.smartfintech.eu/gateway/core/rest/api/accounts/{bankName}/{resourceId}/{internalConsentId}/transactions/{transactionId}/details
RESPONSE SAMPLES
* 200
* 400
* 401
* 404
* 503
Content type
application/json
Copy
Expand all Collapse all
{
* "status": 200,
* "messageStatus": "Success",
* "payload": {
* "transactionId": "string",
* "entryReference": "string",
* "endToEndId": "string",
* "bookingDate": "string",
* "valueDate": "string",
* "executionDateTime": "string",
* "transactionAmount": {
* "currency": "string",
* "amount": 0
},
* "transactionType": "string",
* "exchangeRate": [
* {
* "currencyFrom": "string",
* "rateFrom": 0,
* "currencyTo": "string",
* "rateDate": "2019-08-24"
}
],
* "creditorName": "string",
* "creditorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "debtorName": "string",
* "debtorAccount": {
* "iban": "string",
* "currency": "string",
* "name": "string"
},
* "remittanceInformationUnstructured": "string",
* "proprietaryBankTransactionCode": "string",
* "merchantDetails": {
* "merchantName": "string"
},
* "additionalInformation": "string"
}
}