PSD2 Compliant XS2A API

Download OpenAPI specification:Download

Overview

PSD2 Compliant XS2A Payment services (PSD 2) - Directive (EU) 2015/2366 API based on Berlin Group NextGenPSD2 XS2A Specification v1.3 (BGS)

SCA Approach

We use REDIRECT SCA approach with implicit start of the authorisation process (detailed description and schemes can be found in page 54 for payments and page 108 for consents of BGS document). Implicit process means that we automatically create authorisation resource and return this information in the response.

Consent Model

We let PSU to choose what he allows in the consent, so information passed in the consent works only as a reference to mark checkboxes. In case consent information contains accounts that do not belong to user or does not exist in the system, or overall consent is passed without accounts, then checkbox’s will not be marked for the PSU after he logs into the application.

Differences From Berlin Group Standart

Different Versioning Approach

Instead of path versioning that is mentioned in the BGS documentation, we use header versioning. More information about this can be found later in the document (API Versioning).

Optional parameters

Get account transactions endpoint uses two optional parameters for paging:

pageSize – sets record count per page;
page – sets which page is displayed;

Differences in responses

Get account transactions endpoint uses different response structure. Instead of returning two lists (pending and booked) in the response, we simply return a single list with additional boolean parameter peding in the transaction record, where value of true indicates that transaction is pending and value of false that is booked.

API Versioning

API uses X-API-Version header parameter to determine current API version. If this parameter is not passed, the system will return 404 Not Found error. Version header usage can be found in examples. We use only major version of API, so all changes that does not break backward compatibility does not increase version number. New API version is added on when non backward compatible changes are made:

Adding restrictive logic (e.g. making fields mandatory, business validation logic);
Removing fields;
Removing endpoints;

Upcoming major API versions are instantly released to production and will run in parallel with old version. Old version will be available for at least 6 months before removal.

All upcoming documentation will be provided in the documentation page, so it is advisable to check this page once a month.

HTTP Response Codes

The HTTP response code is communicating the success or failure of a TPP request message. The 4XX HTTP response codes should only be given if the current request cannot be fulfilled, e.g. a payment initiation cannot be posted or account transactions cannot be retrieved. A request to get the status of an existing payment or a consent usually returns HTTP response code 200 since the actual request to retrieve the status succeeded, regardless if that payment or consent state is set to failure or not.

This specification supports the following HTTP response codes:

Status code	Description
200 OK	PUT, GET Response Codes The POST for a Funds request will also return 200 since it does not create a new resource. DELETE Response Code where a payment resource has been cancelled successfully and no further cancellation authorisation is required.
201 Created	POST response code where Payment Initiation or Consent Request was correctly performed.
204 No Content	DELETE response code where a consent resource was successfully deleted. The code indicates that the request was performed, but no content was returned.
400 Bad Request	Validation error occurred. This code will cover malformed syntax in request or incorrect data in payload.
401 Unauthorized	The TPP or the PSU is not correctly authorized to perform the request. Retry the request with correct authentication information.
403 Forbidden	Returned if the resource that was referenced in the path exists but cannot be accessed by the TPP or the PSU. This code should only be used for non-sensitive id references as it will reveal that the resource exists even though it cannot be accessed.
404 Not found	Returned if the resource or endpoint that was referenced in the path does not exist or cannot be referenced by the TPP or the PSU. When in doubt if a specific id in the path is sensitive or not, use the HTTP response code 404 instead of the HTTP response code 403.
405 Method Not Allowed	This code is only sent when the HTTP method (PUT, POST, DELETE, GET etc.) is not supported on a specific endpoint. It has nothing to do with the consent, payment or account information data model.
406 Not Acceptable	The ASPSP cannot generate the content that the TPP specified in the Accept header.
408 Request Timeout	The server is still working correctly, but an individual request has timed out.
415 Unsupported Media Type	The TPP has supplied a media type which the ASPSP does not support.
429 Too Many Requests	The TPP has exceeded the number of requests allowed by the consent or by the RTS.
500 Internal Server Error	Internal server error occurred.
503 Service Unavailable	The ASPSP server is currently unavailable. Generally, this is a temporary state.

Additional Error Information

In RFC7807, a standardised efinition of reporting error information is described. In the following, requirements of how to use this standardised error information reporting in the context of the PSD2 XS2A interface are defined.

Response Code

The HTTP response code is 4xx or 5xx as defined in HTTP Response Codes for response codes in case of errors.

Response Header

Atttribut	Type	Condition	Description
Content-Type	String	Mandatory	The string application/problem+json is used.

Response Body

Atttribut	Type	Condition	Description
type	String	Mandatory	A URI reference RFC3986 that identifies the problem type.
title	String	Optional	Short human readable description of error type.
detail	String	Optional	Detailed human readable text specific to this instance of the error.
code	Message Code	Mandatory	Message code to explain the nature of the underlying error.
additionalErrors	Array	Optional	Used if more than one error is to be communicated.

Example

  
    {
    "code": "RESOURCE_UNKNOWN",
    "title": "The addressed resource is unknown relative to the TPP.",
    "description": "Requested account not found.",
    "type": "https://psd2.nano.lt/api#RESOURCE_UNKNOWN",
    "additionalErrors": null
    }

HTTP Error Codes

Message Code	HTTP Response Code	Description
CERTIFICATE_INVALID	401	The contents of the signature/corporate seal certificate are not matching PSD2 general PSD2 or attribute requirements.
CERTIFICATE_EXPIRED	401	Signature/corporate seal certificate is expired.
CERTIFICATE_BLOCKED	401	Signature/corporate seal certificate has been blocked by the ASPSP.
CERTIFICATE_REVOKED	401	Signature/corporate seal certificate has been revoked by QSTP.
CERTIFICATE_MISSING	401	Signature/corporate seal certificate was not available in the request but is mandated for the corresponding.
SIGNATURE_INVALID	401	Application layer eIDAS Signature for TPP authentication is not correct.
SIGNATURE_MISSING	401	Application layer eIDAS Signature for TPP authentication is mandated by the ASPSP but is missing.
FORMAT_ERROR	400	Format of certain request fields are not matching the XS2A requirements. An explicit path to the corresponding field might be added in the return message.
PARAMETER_NOT_CONSISTENT	400	Parameters submitted by TPP are not consistent.
PARAMETER_NOT_SUPPORTED	400	The parameter is not supported.
CONSENT_UNKNOWN	403 (if path), 400 (if payload)	The Consent-ID cannot be matched by the ASPSP relative to the TPP.
CONSENT_INVALID	401	The consent was created by this TPP but is not valid for the addressed service/resource.
CONSENT_EXPIRED	401	The consent was created by this TPP but has expired and needs to be renewed.
RESOURCE_UNKNOWN	404 (if account-id path), 403 (if other resource in path)	The addressed resource is unknown relative to the TPP.
RESOURCE_EXPIRED	403 (if path), 400 (if payload)	The addressed resource is associated with the TPP but has expired, not addressable anymore.
STATUS_INVALID	409	The addressed resource does not allow additional authorisation.
PAYMENT_FAILED	400	The payment initiation POST request failed during the initial process. Additional information may be provided by the ASPSP.

PSD2 fallback

The Fallback solution is a set of API-s as a alternative for exiting Nano PSD2 solution. PSD2 Fallback is based on Nano Internet Banking API It contains the following functions:

- authenticating TPPs based on QWAC certificates
- limiting access to respective functions based on the TPP role
- customer authentication and authorization using Nano IB supported security means m-signature, Vasco Digipass, SMS+password
- fetching customer accounts information for AISP
- initiating payments for PISPs

The Fallback solution does not have:

- customer consent management
- fetching funds confirmation information for PIISPs - agent features are not supported

List of endpoints:

psd-fallback/auth/login
psd-fallback/auth/logout
psd-fallback/auth/resend
psd-fallback/operations/(:id)/confirmation
psd-fallback/operations/(:id)/resend
psd-fallback/payments
psd-fallback/payments/validate/turnover
psd-fallback/classifiers/institutions/(:id)
psd-fallback/payment-entries

Note in order to execute payment using UI-API services, after user authentication it is mandatory to perform /ui-api/parties/self action

Account Information Service (AIS)

Get accounts

Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.

header Parameters

Consent-ID required	string Example: 995486ed-a2c5-4a93-b245-51ba9e341367 ID of the corresponding consent object as returned by an Account Information Consent Request.
X-Request-ID required	string <uuid> Example: b4e7bdf9-37db-47c0-9b64-db94b3579aee ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "accounts": [
    {
      "resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410",
      "iban": "LT053570010000000226",
      "currency": "EUR",
      "name": "My first account",
      "product": "ACC_INT_SAVER",
      "status": "enabled",
      "_links": {
        "self": {
          "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
        },
        "balances": {
          "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
        },
        "transactions": {
          "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
          "templated": true
        }
      }
    },
    {
      "resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447",
      "iban": "LT323570010000000031",
      "currency": "EUR",
      "name": "My second account",
      "product": "ACC_INT_SAVER",
      "status": "enabled",
      "_links": {
        "self": {
          "href": "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447"
        },
        "balances": {
          "href": "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/balances"
        },
        "transactions": {
          "href": "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
          "templated": true
        }
      }
    },
    {
      "resourceId": "1d29fc2b-ef87-39dd-b604-78f5a1d072dd",
      "iban": "LT323570010000000031",
      "currency": "USD",
      "name": "My second account",
      "product": "ACC_INT_SAVER",
      "status": "enabled",
      "_links": {
        "self": {
          "href": "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
        },
        "balances": {
          "href": "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd/balances"
        },
        "transactions": {
          "href": "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
          "templated": true
        }
      }
    }
  ]
}

Get account

Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

path Parameters

accountId

required

string

Example: b4b921f9-2c91-3f60-9940-057b9b2cc410

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

header Parameters

Consent-ID required	string Example: 09c7895e-56ab-4187-8ca9-a89870e53a85 ID of the corresponding consent object as returned by an Account Information Consent Request.
X-Request-ID required	string <uuid> Example: 8e83863a-ce5f-4af6-92c7-61b34c142f26 ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "account": {
    "resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410",
    "iban": "LT053570010000000226",
    "currency": "EUR",
    "name": "My first account",
    "product": "ACC_INT_SAVER",
    "status": "enabled",
    "_links": {
      "self": {
        "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
      },
      "balances": {
        "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
      },
      "transactions": {
        "href": "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
        "templated": true
      }
    }
  }
}

Get account balances

Read account balances. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

path Parameters

accountId

required

string

Example: b4b921f9-2c91-3f60-9940-057b9b2cc410

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

header Parameters

Consent-ID required	string Example: 09c7895e-56ab-4187-8ca9-a89870e53a85 ID of the corresponding consent object as returned by an Account Information Consent Request.
X-Request-ID required	string <uuid> Example: 0b759630-298e-40c0-a43a-ec240fa5a7c9 ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "balances": [
    {
      "account": {
        "iban": "LT053570010000000226",
        "currency": "EUR"
      },
      "balanceAmount": {
        "currency": "EUR",
        "amount": "1950.30"
      },
      "balanceType": "closingBooked",
      "referenceDate": "2018-11-27T13:54:03.946"
    }
  ]
}

Get account transactions

Read account transactions. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

path Parameters

accountId

required

string

Example: b4b921f9-2c91-3f60-9940-057b9b2cc410

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

query Parameters

bookingStatus	string Default: "both" Enum: "booked" "pending" "both" Available values: "booked", "pending" and "both". Must be one of [booked, pending, both]. Default value: 'both'.
dateFrom required	string <date> Example: dateFrom=2022-09-01 Starting date (inclusive the date dateFrom) of the transaction list.
dateTo	string <date> Example: dateTo=2023-09-10 End date (inclusive the data dateTo) of the transaction list, default is "now" if not provided.
page	integer <int32> Default: 1
pageSize	integer <int32> Default: 25

header Parameters

Consent-ID required	string Example: 09c7895e-56ab-4187-8ca9-a89870e53a85 ID of the corresponding consent object as returned by an Account Information Consent Request.
X-Request-ID required	string <uuid> Example: 383bf10f-a1a3-4f2d-b83f-30e2d297ff1a ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "account": {
    "iban": "LT053570010000000226",
    "currency": "EUR"
  },
  "transactions": [
    {
      "transactionId": "00016236",
      "endToEndId": "TEST_END_TO_END_ID",
      "bookingDate": "2018-09-14T12:33:40.811",
      "valueDate": "2018-09-13",
      "transactionAmount": {
        "currency": "EUR",
        "amount": "134.40"
      },
      "creditorName": "TEST_CREDITOR_NAME",
      "creditorAccount": {
        "iban": "LT053570010000000226",
        "currency": "EUR"
      },
      "ultimateCreditor": "TEST_ULTIMATE_CREDITOR",
      "debtorName": "TEST_DEBTOR_NAME",
      "ultimateDebtor": "TEST_ULTIMATE_DEBTOR",
      "remittanceInformationUnstructured": "Internal transfer",
      "remittanceInformationStructured": "TEST_REMITTANCE_INFORMATION_STRUCTURED",
      "bankTransactionCode": "INTERNAL_TRANSFER.TRANSFER",
      "pending": false
    },
    {
      "transactionId": "00016237",
      "bookingDate": "2018-09-14T12:41:26.59",
      "valueDate": "2018-09-14",
      "transactionAmount": {
        "currency": "EUR",
        "amount": "50.30"
      },
      "creditorName": "Jayme Bame",
      "creditorAccount": {
        "iban": "LT323570010000000031",
        "currency": "EUR"
      },
      "ultimateCreditor": "TEST_ULTIMATE_CREDITOR",
      "debtorName": "Vina Herbert",
      "debtorAccount": {
        "iban": "LT053570010000000226",
        "currency": "EUR"
      },
      "ultimateDebtor": "TEST_ULTIMATE_DEBTOR",
      "remittanceInformationUnstructured": "For you",
      "bankTransactionCode": "INTERNAL_TRANSFER.TRANSFER",
      "pending": false
    }
  ],
  "_links": {
    "self": {
      "href": "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=2"
    },
    "first": {
      "href": "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=1"
    },
    "prev": {
      "href": "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=1"
    },
    "next": {
      "href": "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=3"
    },
    "last": {
      "href": "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=9"
    }
  }
}

Create account consent

This method create a consent resource, defining access rights to dedicated accounts.

header Parameters

X-Request-ID required	string <uuid> Example: 94001a88-eb9f-45ca-8d56-d68b24f2075e ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI required	string Example: https://client.nano.com/consent=09c7895e-56ab-4187-8ca9-a89870e53a85&status=ok URI of the TPP, where the transaction flow shall be redirected to after a Redirect.
TPP-Nok-Redirect-URI required	string Example: https://client.nano.com/consent=09c7895e-56ab-4187-8ca9-a89870e53a85&status=nok If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

Request Body schema: application/json

required	object (AccountAccess)
recurringIndicator required	boolean True, if the consent is for recurring access to the account data. false, if the consent is for one access to the account data.
validUntil required	string <date> This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format The date can not be older than today
frequencyPerDay required	integer <int32> This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1". Number must be positive
combinedServiceIndicator required	boolean If true indicates that a payment initiation service will be addressed in the same "session".

Responses

Request samples

Payload

Content type

application/json

{"access": {"accounts": [{"iban": "LT053570010000000226",
"currency": "EUR",
"resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410"
},
{"iban": "LT323570010000000031",
"currency": "EUR",
"resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
},
{"iban": "LT323570010000000031",
"currency": "USD",
"resourceId": "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
}
],
"balances": [{"iban": "LT323570010000000031",
"currency": "EUR",
"resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
},
{"iban": "LT323570010000000031",
"currency": "USD",
"resourceId": "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
}
],
"transactions": [{"iban": "LT053570010000000226",
"currency": "EUR",
"resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410"
},
{"iban": "LT323570010000000031",
"currency": "EUR",
"resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
}
]
},
"recurringIndicator": true,
"validUntil": "2023-09-09T00:00:00.000Z",
"frequencyPerDay": 5,
"combinedServiceIndicator": true
}

Response samples

200

Content type

*/*

{
  "consentId": "09c7895e-56ab-4187-8ca9-a89870e53a85",
  "consentStatus": "received",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85"
    },
    "status": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
    },
    "scaRedirect": {
      "href": "http://localhost/authorisation/09c7895e-56ab-4187-8ca9-a89870e53a85/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IkNPTlNFTlQiLCJ0bmEiOiJURVNUIiwiaXNzIjoiVklBIFBheW1lbnRzIFVBQiIsIm5vayI6InRlc3QiLCJyaWQiOiIwOWM3ODk1ZS01NmFiLTQxODctOGNhOS1hODk4NzBlNTNhODUiLCJvayI6InRlc3QiLCJleHAiOjE1NTM1Mjk5NTgsImFpZCI6ImIwODRjNzk5LTEyMzQtNGYzMi1iYzQwLTQyMjI4YTkwZjY2YyIsImlhdCI6MTU1MzUyNzI1OCwidGlkIjoiVEVTVCJ9.6YLlFG6EiDg0q9dXpEPes1ofqBS_qpRndSe54COHma8"
    }
  }
}

Delete account consent

The TPP can delete an account information consent object if needed.

path Parameters

consentId

required

string

Example: 09c7895e-56ab-4187-8ca9-a89870e53a85

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: 9039d573-57d9-45dd-b152-422c699d892d

ID of the request, unique to the call, as determined by the initiating party.

Responses

Get account consent

Returns the content of an account information consent object.

path Parameters

consentId

required

string

Example: 09c7895e-56ab-4187-8ca9-a89870e53a85

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: 443220e5-6aa4-4f56-b795-f700f0dc069e

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "access": {
    "accounts": [
      {
        "iban": "LT053570010000000226",
        "currency": "EUR",
        "resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410"
      },
      {
        "iban": "LT323570010000000031",
        "currency": "EUR",
        "resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
      },
      {
        "iban": "LT323570010000000031",
        "currency": "USD",
        "resourceId": "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
      }
    ],
    "balances": [
      {
        "iban": "LT323570010000000031",
        "currency": "EUR",
        "resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
      },
      {
        "iban": "LT323570010000000031",
        "currency": "USD",
        "resourceId": "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
      }
    ],
    "transactions": [
      {
        "iban": "LT053570010000000226",
        "currency": "EUR",
        "resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410"
      },
      {
        "iban": "LT323570010000000031",
        "currency": "EUR",
        "resourceId": "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
      }
    ]
  },
  "validUntil": "2023-07-11",
  "frequencyPerDay": 4,
  "recurringIndicator": false,
  "combinedServiceIndicator": false,
  "consentStatus": "valid",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85"
    },
    "status": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
    }
  }
}

Get account consent status

Read the status of an account information consent resource.

path Parameters

consentId

required

string

Example: 09c7895e-56ab-4187-8ca9-a89870e53a85

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: 057f9727-2939-4f5a-853f-5e7240505dc3

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "consentStatus": "valid"
}

Get account consent authorisation status

Read the SCA status of a authorisation sub-resource.

path Parameters

consentId required	string Example: 09c7895e-56ab-4187-8ca9-a89870e53a85 ID of the corresponding consent object as returned by an Account Information Consent Request.
authorisationId required	string Example: b084c799-1234-4f32-bc40-42228a90f66c ID of the authorisation sub-resource.

header Parameters

X-Request-ID

required

string <uuid>

Example: 89f0f022-5794-4adb-b33e-34a508371d3b

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "scaStatus": "received"
}

Confirmation of Funds Service

Check availability of funds

Creates a confirmation of funds request at the ASPSP. Checks whether a specific amount is available at point of time of the request on an account linked to a given tuple card issuer(TPP)/card number, or addressed by IBAN and TPP respectively.

header Parameters

Consent-ID required	string Example: 0da4b182-23a3-476f-8608-87773586ff8a ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.
X-Request-ID required	string <uuid> Example: edfc910c-6dbc-4bd7-bfe5-2cb033502a22 ID of the request, unique to the call, as determined by the initiating party.

Request Body schema: application/json

required	object (AccountReference)
required	object (CurrencyAmount)

Responses

Request samples

Payload

Content type

application/json

{"account": {"iban": "LT053570010000000226",
"currency": "EUR"
},
"instructedAmount": {"currency": "EUR",
"amount": 1950.03
}
}

Response samples

200

Content type

*/*

{
  "fundsAvailable": true
}

Create fund consent

This method create a consent resource, defining confirmation of funds access rights to dedicated account.

header Parameters

X-Request-ID required	string <uuid> Example: cbbe4e82-076a-4828-acfa-205cd71aea53 ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI required	string Example: https://client.nano.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=ok URI of the TPP, where the transaction flow shall be redirected to after a Redirect.
TPP-Nok-Redirect-URI required	string Example: https://client.nano.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=nok If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

Request Body schema: application/json

required	object (AccountResource)
registrationInformation	string

Responses

Request samples

Payload

Content type

application/json

{"account": {"iban": "LT053570010000000226",
"currency": "EUR",
"resourceId": "abc123"
},
"registrationInformation": "Registration information"
}

Response samples

200

Content type

*/*

{
  "consentId": "0da4b182-23a3-476f-8608-87773586ff8a",
  "consentStatus": "received",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
    },
    "status": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
    },
    "scaRedirect": {
      "href": "http://localhost/authorisation/0da4b182-23a3-476f-8608-87773586ff8a/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IkZVTkRfQ09OU0VOVCIsInRuYSI6IlRFU1QiLCJpc3MiOiJWSUEgUGF5bWVudHMgVUFCIiwibm9rIjoidGVzdCIsInJpZCI6IjBkYTRiMTgyLTIzYTMtNDc2Zi04NjA4LTg3NzczNTg2ZmY4YSIsIm9rIjoidGVzdCIsImV4cCI6MTU1MzUyOTk1OCwiYWlkIjoiN2RkMTlmODAtMGJlNC00ZmM0LTg4MGUtZjIwZThmMmY1NDFhIiwiaWF0IjoxNTUzNTI3MjU4LCJ0aWQiOiJURVNUIn0.xY5b7_o8BypkHmNU3jUqiDk5ijDnCD8_SVF3v5Ky86w"
    }
  }
}

Delete fund consent

The TPP can delete a confirmation of funds consent object if needed.

path Parameters

consentId

required

string

Example: 0da4b182-23a3-476f-8608-87773586ff8a

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: b6ce6fe9-3f8d-453f-8072-22c29d5bc66f

ID of the request, unique to the call, as determined by the initiating party.

Responses

Get fund consent

Returns the content of a confirmation of funds consent object.

path Parameters

consentId

required

string

Example: 0da4b182-23a3-476f-8608-87773586ff8a

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: b1291402-a88c-4487-a261-f18ebc70e004

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "account": {
    "iban": "LT053570010000000226",
    "currency": "EUR",
    "resourceId": "b4b921f9-2c91-3f60-9940-057b9b2cc410"
  },
  "consentStatus": "valid",
  "registrationInformation": "Test registration information",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
    },
    "status": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
    }
  }
}

Get fund consent status

Read the status of a confirmation of funds consent resource.

path Parameters

consentId

required

string

Example: 0da4b182-23a3-476f-8608-87773586ff8a

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: fdcbd6a1-b524-40bf-9b28-59c67c640fe1

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "consentStatus": "valid"
}

Get fund consent authorisation status

Read the SCA status of a authorisation sub-resource.

path Parameters

consentId required	string Example: 0da4b182-23a3-476f-8608-87773586ff8a ID of the corresponding consent object as returned by an Account Information Consent Request.
authorisationId required	string Example: 7dd19f80-0be4-4fc4-880e-f20e8f2f541a ID of the authorisation sub-resource.

header Parameters

X-Request-ID

required

string <uuid>

Example: 7a9d409a-6e13-4e8f-ac63-067765dc8329

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "scaStatus": "received"
}

Payment Initiation Service (PIS)

Initiate payment

Create a payment initiation resource addressable under {paymentId}. This is the first step in the API to initiate the related payment.

header Parameters

X-Request-ID required	string <uuid> Example: 7262dcb3-ea3b-4fe0-bad8-caf3239b0f75 ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI required	string Example: https://client.nano.com/payment=c8a325bc-1ed4-4c0b-bb25-474ae2ed8392&status=ok URI of the TPP, where the transaction flow shall be redirected to after a Redirect.
TPP-Nok-Redirect-URI required	string Example: https://client.nano.com/payment=c8a325bc-1ed4-4c0b-bb25-474ae2ed8392&status=nok If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address required	string Example: 88.119.96.5 The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.

Request Body schema: application/json

	object (AccountReference)
required	object (AccountReference)
creditorName required	string Name of the creditor if a "Debited" transaction.
creditorInstitutionName	string Credit institution name.
creditorInstitutionCode	string Creditor institution code.
remittanceInformationUnstructured required	string Unstructured remittance reference.
required	object (CurrencyAmount)

Responses

Request samples

Payload

Content type

application/json

{"debtorAccount": {"iban": "LT053570010000000226",
"currency": "EUR"
},
"creditorAccount": {"iban": "LT053570010000000226",
"currency": "EUR"
},
"creditorName": "Name Surname",
"creditorInstitutionName": "Creditor Institution",
"creditorInstitutionCode": "DEMOLT22XXX",
"remittanceInformationUnstructured": "Test payment",
"instructedAmount": {"currency": "EUR",
"amount": 1950.03
}
}

Response samples

201

Content type

*/*

{
  "paymentId": "c8a325bc-1ed4-4c0b-bb25-474ae2ed8392",
  "transactionStatus": "RCVD",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392"
    },
    "status": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
    },
    "scaRedirect": {
      "href": "http://localhost/authorisation/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IlBBWU1FTlQiLCJ0bmEiOiJURVNUIiwiaXNzIjoiVklBIFBheW1lbnRzIFVBQiIsIm5vayI6InRlc3QiLCJyaWQiOiJjOGEzMjViYy0xZWQ0LTRjMGItYmIyNS00NzRhZTJlZDgzOTIiLCJvayI6InRlc3QiLCJleHAiOjE1NTM1MzAxMTEsImFpZCI6IjExMTE4NzE2LWZjNTMtNGQ0Ny04MDIyLWRjNzdjYjFjNjVjMiIsImlhdCI6MTU1MzUyNzQxMSwidGlkIjoiVEVTVCJ9.xe3Y05W4C4IWKepLscPgvm-qimopLoG0GXE97spTrD4"
    }
  }
}

Get payment

Read the details of an initiated payment.

path Parameters

paymentId

required

string

Example: c8a325bc-1ed4-4c0b-bb25-474ae2ed8392

ID of the corresponding payment initiation object as returned by an Payment Initiation Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: 73296702-7330-42e6-9802-f2369e5e566e

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "debtorAccount": {
    "iban": "LT323570010000000031",
    "currency": "EUR"
  },
  "creditorAccount": {
    "iban": "LT237300010131568793",
    "currency": "EUR"
  },
  "creditorName": "Jonas Jonaitis",
  "creditorInstitutionName": "Swedbank, AB",
  "creditorInstitutionCode": "HABALT22XXX",
  "remittanceInformationUnstructured": "Test payment",
  "instructedAmount": {
    "currency": "EUR",
    "amount": "10.50"
  },
  "transactionStatus": "RCVD",
  "_links": {
    "self": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392"
    },
    "status": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/status"
    },
    "scaStatus": {
      "href": "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
    }
  }
}

Get payment status

Read the transaction status of the payment.

path Parameters

paymentId

required

string

Example: c8a325bc-1ed4-4c0b-bb25-474ae2ed8392

ID of the corresponding payment initiation object as returned by an Payment Initiation Request.

header Parameters

X-Request-ID

required

string <uuid>

Example: d728020b-19f3-490d-bdb9-c45e00e7e9c3

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "transactionStatus": "RCVD"
}

Get payment authorisation status

Read the SCA status of a authorisation sub-resource.

path Parameters

paymentId required	string Example: c8a325bc-1ed4-4c0b-bb25-474ae2ed8392 Resource identification of the related payment initiation resource.
authorisationId required	string Example: 11118716-fc53-4d47-8022-dc77cb1c65c ID of the authorisation sub-resource.

header Parameters

X-Request-ID

required

string <uuid>

Example: ea970119-a37c-48e9-80c4-0485ea88d2cd

ID of the request, unique to the call, as determined by the initiating party.

Responses

Response samples

200

Content type

*/*

{
  "scaStatus": "received"
}