NAV Navbar
  • Introduction
  • Authentication
  • API Explorer
  • Resources
  • AIS
  • PIS
  • Errors
  • Introduction

    Welcome

    Welcome to the Fintecture Sandbox API documentation.

    Fintecture is a standarised and licensed gateway to Open Banking.

    Our APIs allow easy and secure access to bank account data and payment initiation. The account data accessible are account holder's personal information, account balances, transaction history and much more. The available payment methods depend on the banks implementation but typically are domestic transfers, SEPA credit transfer, instant SEPA credit transfer, fast payment scheme, and SWIFT international payments.

    Our Sandbox has the particularity of being connected to other banks' Sandbox. This will give you a flavour of what you can expect in production in terms of user experience and data sets.

    JSON:API Specification

    The APIs are based on the JSON:API Specification. We believe that following a shared convention promotes consistency and enhances the productivity of development. Furthermore, JSON:API offers enough flexibility to the API queries to optimize the calls for specific use cases such as mobile apps which can be sensitive to the size of data returned.

    At your service

    We are here to best serve your needs, so please contact us to request a specific feature, to report a bug or just a general enquiry.

    Getting Started

    1. Create an account

    Get started by subscribing to a free developer account. Join today to get access to our sandbox by registering on the developer console.

    2. Store your credentials

    In the developer console, create an application by providing the necessary fields such as your redirect URL and the IP addresses or domain names with which you will interact with the Fintecture API services, and take note of your app_id and your app_secret. These are your keys to access our APIs.

    3. Authenticate and connect to real banks!

    Using your keys, start by querying our Sandbox about all the banks which you can connect to. Then, request all the test accounts from the bank of your choice and receive the credentials necessary to connect to the banks' Sandbox.

    Authentication

    This guide explains the different levels of Authentication depending on what you are trying to achieve. Depending whether you want to know which banks our APIs are connected to or to initiate a payment on behalf of a customer, this requires different levels of authentication. The guide is divided into 3 sections:

    1. ID only simple identification to retrieve Fintecture resources
    2. Three-legged authentication to access account information services AIS
    3. Three-legged with OTP authentication to access payment initiation services PIS

    Each documented API will have the authentication level specified. Look for Auth Level to know what to expect.

    01 Get Available Banks

    GET v1/res/providers HTTP/1.1
    Accept: application/json
    app_id: [app_id]
    

    02 Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "data" : [{
            "type": "provider",
            "id": "bbvaes",
            "attributes": {
                "provider": "bbvaes",
                "name": "BBVA",
                "country": "ES",
                "country_full": "Spain",
                "ais": [
                    "Accountholders",
                    "Accounts",
                    "Transactions"
                ],
                "pis": [
                    "SEPA"
                ]
            }
        }]
    }
    

    1. ID only resources

    The first endpoints you will want to access are the Fintecture resources. These endpoints will tell you which banks are available and to what services. As they are not providing any customer data, these resources can be accessed simply by providing your app_id.

    The first step is to list all available banks to let your customer choose which bank to connect to, this can be done with the API request as shown in the example. Notice the app_id parameter in the request header.

    Once you have successfully selected a bank, remember the bank id as you will need it later (a.k.a. provider_id). Then, query the /testaccounts API to receive one or more test accounts for the selected banks. This brings us to the next step, three legged authentication enabling you to access the AIS and PIS APIs.

    2. Three-legged Authentication

    First things first, to access an AIS or PIS endpoint you must first authenticate to the Fintecture Authentication Server. The authententication is done in 3 steps:

    Step 1: Get code

    The first step is to provide your app_id and a valid redirect_uri to the authentication service as shown in the example. Notice the 3 query parameters:

    03 App Authentication (Step 1)

    GET oauth/token/authorize?app_id=[app_id]&redirect_uri=[redirect_uri]&response_type=code HTTP/1.1
    

    If the authentication service recognizes your app_id and the redirect_uri you have provided when creating the application, it will redirect you to :

    Step 2: Get tokens

    Once the code received, you will need to create your client_token to finalize the authentication. To do so, encode the following string using a base64 encoder:

    Then, you will need to POST the code back to the server along with your client_token and the authorization_code grant type in order to receive you access_token which will grant you access to our API services.

    05 App Authentication (Step 2)

    POST oauth/accesstoken?code=[code] HTTP/1.1
    Authorization: Basic [client_token]
    Accept: application/json
    Content-Type: application/x-www-form-urlencoded
    
    {
      "grant_type": "authorization_code",
      "code": [code]
    }
    

    06 Deliver access token

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
      "token_type": "Bearer",
      "access_token": "eyJhbGciOiJub25lIn0.eyJleHAiOjE1MTQwODA0MjQsI...",
      "expires_in":599,
      "refresh_token": "4n7WgFIi1Pq5texGOza4tMGBZbnIfd5vrQXPs7E7hg3L..."
    }
    

    Once you successfully received the access_token, you are now able to access all AIS and PIS endpoints. Note that the access_token is only valid for a certain amount of time specified by the expires_in parameter. Once the access_token is expired, you have the possibility to either go through the authentication process again or use the /refreshtoken endpoint to generate a new access_token. The particularity of using the /refreshtoken enpoint enables you to refresh the token at any given time without having to go through the redirection flow, enabling a flawless user experience.

    Refresh Token

    POST oauth/refreshtoken HTTP/1.1
    Authorization: Basic [client_token]
    Accept: application/json
    Content-Type: application/x-www-form-urlencoded
    
    {
      "grant_type": "refresh_token",
      "refresh_token": [refresh_token]
    }
    

    New Access Token

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
      "token_type": "Bearer",
      "access_token": "eyJhbGciOiJub25lIn0.eyJleHAiOjE1MTQwODA0MjQsI...",
      "expires_in":599,
      "refresh_token": "4n7WgFIi1Pq5texGOza4tMGBZbnIfd5vrQXPs7E7hg3L..."
    }
    

    Step 3: Customer Authentication

    To complete the three legged authentication, the customer must authenticate himself to his bank. By definition, a three-legged authentication is used when an authorized third party (Your app via Fintecture) acts on behalf of the resource owner (Customer) to access his data. In order to delegate the access of his data to a third party, the resource owner must first authenticate himself to the resource server (the Bank) and formally give consent to the disclosure of this data within the agreed scope to the resource server.

    In other words, redirect your customer to his bank's authentication page URL given by the provider auth API as shown in the example. Note the provider_id which was identified at the very beginning.

    07 Get Bank Authentication URL (Step 3)

    GET provider/[provider_id]/auth HTTP/1.1
    Authorization: Bearer [access_token]
    Accept: application/json
    

    08 Response with Bank Authentication URL

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "provider": "deutde",
        "url": "https://simulator-api.db.com/gw/oidc/authorize?client_id=abcd&response_type=code&redirect_uri=https://api-sandbox.fintecture.com/provider/deutde/auth/callback&state=169"
    }
    

    After the resource owner (customer) successfully logs into the resource server (his bank), the resource owner will be redirected to the return_uri specified by Your App including the resource owner's id defined by customer_id found as query parameter.

    If you've managed this far, well done! You can now access all of the customer AIS data. However, if you're stuck somewhere and can't figure it out, don't hesitate to reach out and contact us via our console.

    11 Request Resource A

    GET v1/ais/customer/32d3ddd3f3r323d3/accounts/ HTTP/1.1
    Authorization: Bearer [access_token]
    Accept: application/json
    

    The customer's authentication is only valid for a certain amount of time and can be revoked by the customer at any given moment. In case the token is expired, Fintecture will do its best to refresh the token on your behalf. However, if the customer has revoked the access or the bank has not provided a refresh_token, you will have to authenticate the customer once more. Both scenarios are shown in the examples on the side.

    12 Response Resource A (if token expired)

    HTTP/1.1 401 Unauthorized 
    Content-Type: application/json
    
    {
      "errors": [
          {
            "code":     "401",
            "id":       "unauthorized",
            "title":    "Unauthorized",
            "detail":   "Access expired or revoked, please authenticate to the provider to continue.",
            "provider": "deutde"
          }
      ]
    }
    

    12 Response A (if token valid)

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "meta": {
            "customer_id": "abdeefreg43t434"
        },
        "data" {
        ...
        }
    }
    

    If the token is expired, simply start the authentication process from step 03 again.

    Below is a summary of each step of the authentication and the flows between each parties:

    3. Three-legged Authentication with OTP

    A three-legged authentication with OTP occurs when the customer is about to initiate a payment via PIS or in some exceptional cases to access some sensitive data via AIS. An OTP is a One Time Password used during the second factor authentication.

    13 Redirect to Bank's OTP page

    HTTP/1.1 428 Precondition Required
    Content-Type: application/json
    
    {
      "errors": [
          {
            "status":   "428",
            "code":     "sca_required",
            "title":    "SCA Required",
            "message":  "The payment requires Strong Customer Authentication.",
            "provider": "bbvaes"
          }
      ]
    }
    

    Redirect your customer to the 2FA URL provided by the /pis/2fa API so that he can complete the 2FA. If successful, this will redirect the customer back to your app with the payment created.

    API Explorer

    The APIs are split into 3 categories based on the scopes defined by your app:

    Resources Scope Description
    Resources - These endpoints only interact with our servers and are used to support your interaction with the AIS and PIS APIs.
    AIS AIS The AIS endpoints are to access data from customer accounts such as account balances, transactions and account holder information.
    PIS PIS The PIS endpoints are used to initiate payments from a customer's bank account.

    Resources

    GET /providers

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "data" : [{
            "type": "provider",
            "id": "bbvaes",
            "attributes": {
                "provider": "bbvaes",
                "name": "BBVA",
                "country": "ES",
                "country_full": "Spain",
                "ais": [
                    "Accountholders",
                    "Accounts",
                    "Transactions"
                ],
                "pis": [
                    "SEPA"
                ]
            }
        }
    }
    

    This endpoint retrieves all banks to which you can access account data and initiate payments.

    The services provided by the banks which are currently available through the Fintecture APIs are the following:

    Authentication Level

    ID Only

    HTTP Request

    GET https://api-sandbox.fintecture.com/res/v1/providers/[provider_id]

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    Parameter Description Type Usage
    provider_id the id of the financial institution string optional

    Query Parameters

    Parameter Description Type Usage
    filter[country] filter providers by country string optional
    filter[ais] filter providers by AIS services available string optional
    filter[pis] filter providers by PIS services available string optional

    GET /testaccounts

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "data" : [{
            "type": "testaccounts",
            "id": "1",
            "attributes": {
                "provider": "bbvaes",
                "username": "020000B",
                "credentials": {
                    "user" : "020000B",
                    "pass" : "123456"
                }
            }
        },
        {
            "type": "testaccounts",
            "id": "2",
            "attributes": {
                "username": "100000001692",
                "provider": "deutde",
                "credentials": {
                    "pin" : "53345",
                    "branch" : "100",
                    "account" : "124564"
                }
            }
        }
        ]
    }
    

    This endpoint retrieves a set of test accounts by bank to be used in the sandbox environment only. These accounts are actual test accounts in the corresponding bank.

    Authentication Level

    ID Only

    HTTP Request

    GET https://api-sandbox.fintecture.com/res/v1/testaccounts

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    null

    Query Parameters

    Parameter Description Type Usage
    filter[provider] filter testaccounts by provider string optional

    AIS

    GET /accounts

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "meta": {
            "customer_id": "a8dd747459a761f"
        },
        "data": [
            {
                "id": "b71722204d1a3f5ecd895",
                "type": "accounts",
                "attributes": {
                    "iban": "ES9401824000680201862164",
                    "balance": 1.19,
                    "account_name": "Euro Account",
                    "account_id": "ES0182002000000000000000000042075349XXXXXXXXX",
                    "account_type": "CHECKING",
                    "currency": "EUR",
                    "product": "BBVA CHECKING ACCOUNT"
                },
                "relationships": {
                    "transactions": {
                        "links": {
                            "related": "https://api-sandbox.fintecture.com/v1/customer/a8dd747459a761f/accounts/b71722204d1a3f5ecd895/transactions"
                        }
                    }
                }
            },
            {
                "id": "e8993e4e7027bb600",
                "type": "accounts",
                "attributes": {
                    "iban": "ES3801824000690201882814",
                    "balance": 0.64,
                    "account_id": "ES0182002000000000500000000315017926XXXXXXXXX",
                    "account_type": "CHECKING",
                    "currency": "EUR",
                    "product": "BBVA CHECKING ACCOUNT"
                },
                "relationships": {
                    "transactions": {
                        "links": {
                            "related": "https://api-sandbox.fintecture.com/v1/customer/a8dd747459a761f/accounts/e8993e4e7027bb600/transactions"
                        }
                    }
                }
            }
        ]
    }
    

    This endpoint returns all information regarding the customer's account(s)

    Authentication Level

    Three-legged Authentication

    HTTP Request

    GET https://api-sandbox.fintecture.com/ais/v1/customer/[customer_id]/accounts/[accounts_id]

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    Parameter Description Type Usage
    customer_id the customer id of the requested account holder's personal information string required
    account_id the account id of the requested account information. If no account id is provider, all accounts are returned string optional

    Query Parameters

    Parameter Description Type Usage
    remove_nulls remove all fields with null value boolean optional

    GET /transactions

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "meta": {
            "customer_id": "0cf2ebf7e73c8144d51e60aea454add9"
        },
        "data": [
            {
                "id": "1c09eb2ebb41dc72b70ad",
                "type": "transactions",
                "attributes": {
                    "transaction_id": "RB-4567813",
                    "booking_date": "2017-01-31T00:00:00.000+01",
                    "value_date": "2017-01-31T00:00:00.000+01",
                    "amount": 10000,
                    "currency": "CZK",
                    "communication": "Domácí platba - S24/IB,záloha plyn Bohemia Energy",
                    "beneficiary": {
                        "name": "Spokojený Jiří",
                        "account_id": "CZ0827000000002108589434"
                    },
                    "transaction_type": "DBIT",
                    "status": "BOOK"
                }
            },
            {
                "id": "31f48d3ae770630348",
                "type": "transactions",
                "attributes": {
                    "transaction_id": "FP-4156489123",
                    "booking_date": "2017-01-31T00:00:00.000+01",
                    "value_date": "2017-01-31T00:00:00.000+01",
                    "amount": 2328262,
                    "currency": "CZK",
                    "communication": "8201701069595 BIC: GIBACZPXXXX; #71A# SHA ZALOHA DLE SMLOUVY O DODAVKACH,zaloha dle smlouvy o dodavkach c. 45678/2017,VS0250117002/SS0000000000/KS0000SEPA poevod",
                    "beneficiary": {
                        "name": "RENWORTH s.r.o",
                        "account_id": "CZ1308001800640033122856"
                    },
                    "transaction_type": "CRDT",
                    "foreign_currency": "EUR",
                    "foreign_amount": 86200,
                    "status": "BOOK"
                }
            }
        ]
    }
    

    This endpoint lists all transactions on the given account

    Authentication Level

    Three-legged Authentication

    HTTP Request

    GET https://api-sandbox.fintecture.com/ais/v1/customer/[customer_id]/accounts/[accounts_id]/transactions

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    Parameter Value Usage
    customer_id the customer id of the requested beneficial owner personal information required
    account_id the account id of the requested transactions as returned from /accounts required

    Query Parameters

    Parameter Description Type Usage
    remove_nulls remove all fields with null value. Default is false boolean optional
    convert_dates convert all date fields to ISO8601 yyyy-mm-ddThh:mm:ss.fffZ format. Default is false boolean optional
    filter[date_to] filter transactions by booking date. Default is today yyyy-mm-dd optional
    filter[date_from] filter transactions by booking date. Default is 1 year ago yyyy-mm-dd optional

    GET /accountholders

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "meta": {
            "customer_id": "98a2358374"
        },
        "data": [
            {
                "id": "1593ca222ce8bf015",
                "type": "accountholders",
                "attributes": {
                    "first_name": "Kim",
                    "middle_name": null,
                    "last_name": "Schmid",
                    "sex": "FEMALE",
                    "birthdate": "1986-08-05",
                    "emails": [
                        {
                            "email_type": "BUSINESS_ADDRESS",
                            "email": "KimSchmid@test.com"
                        }
                    ],
                    "phones": [
                        {
                            "phone_number": "0873448764",
                            "phone_type": "MOBILE_PHONE",
                            "phone_extension": "+49"
                        }
                    ],
                    "identity_documents": [
                        {
                            "id_number": "X324775743",
                            "id_type": "PASSPORT",
                            "id_expiration_date": "2020-05-02",
                            "id_issue_date": "2010-05-02",
                            "id_country": "DEU",
                            "id_issue_city": "Munich"
                        }
                    ],
                    "addresses": [
                        {
                            "address_type": "BUSINESS_ADDRESS",
                            "address1": "Am Sandtorkai",
                            "address2": "4",
                            "zip": "20457",
                            "city": "Hamburg",
                            "country": "DEU"
                        },
                        {
                            "address_type": "PRIVATE_ADDRESS",
                            "address1": "Am Sandtorkai",
                            "address2": "4",
                            "zip": "20457",
                            "city": "Hamburg",
                            "country": "DEU"
                        }
                    ],
                    "accountholder_type": "NATURAL_PERSON",
                    "birth_city": "München",
                    "marital_status": "Married"
                }
            }
        ]
    }
    

    This endpoint retrieves all personal information of the clients such as name, address and contact details for all the beneficiary owners.

    Authentication Level

    Three-legged Authentication

    HTTP Request

    GET https://api-sandbox.fintecture.com/ais/v1/customer/[customer_id]/accountholders

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    Parameter Description Type Usage
    customer_id the customer id of the requested beneficial owner personal information string required

    Query Parameters

    Parameter Description Type Usage
    remove_nulls remove all fields with null value. Default is false boolean boolean

    PIS

    POST /initiate

    Request Body

    { 
        "data": {
            "type" : "SEPA", 
            "attributes" : {
                "debited_account_id" : "17-1453334-9",
                "amount" : "149.30", 
                "currency": "EUR", 
                "communication" : "March Household expenses",
                "value_date": null,
                "beneficiary" : {
                    "name" : "Bob Smith",
                    "address" : "8 road of somewhere, 80330 Lisboa",
                    "country" : "Lisboa",
                    "iban" : "DE07BARC20325388680799",
                    "swift_bic": "DEUTDEFF"
                },
                "_external_uid": "RF43235534"
            }
        }
    }
    

    Response 201

    HTTP/1.1 201 Created
    Accept: application/json
    Content-Type: application/json
    
    {
        "meta": {
            "status": 201,
            "code": "payment_created",
            "message": "Payment order successfully created.",
            "payment_id": "4MDExNTA0MTMwNzAzM2",
            "customer_id": "e233F7he30denje=ef2"
        }
    }
    

    Response 202

    HTTP/1.1 202 Accepted
    Accept: application/json
    Content-Type: application/json
    
    {
        "meta": {
            "status": 202,
            "code": "payment_accepted",
            "message": "Payment has been accepted by provider. Check progress of payment by using the payment_id.",
            "payment_id": "4MDExNTA0MTMwNzAzM2",
            "customer_id": "e233F7he30denje=ef2"
        }
    }
    

    Response 428

    HTTP/1.1 201 Created
    Accept: application/json
    Content-Type: application/json
    
    {
        "meta": {
            "status": 428,
            "code": "sca_required",
            "message": "The payment requires Strong Customer Authentication.",
            "session_id": "4MDExNTA0MTMwNzAzM2",
            "customer_id": "e233F7he30denje=ef2"
        }
    }
    

    Authentication Level

    Three-legged Authentication with OTP

    HTTP Request

    POST https://api-sandbox.fintecture.com/pis/v1/customer/[customer_id]/payments/[type]/initiate

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required
    Content-Type application/json required

    URL Parameters

    Parameter Description Usage
    customer_id the customer id of the requested beneficial owner personal information required
    type Payment scheme type, either SEPA or FPS required

    Body Parameters

    Parameter Type Description SEPA FPS
    debited_account_id string The account ID from which the account has to be debited from required required
    debited_account_type "internal"/"provider" Internal is the account id provided by the /accounts API in the "id" field. Provider is the account id provided by the provider. Default is "provider" optional optional
    amount integer the requested amount to be transferred required required
    currency string the currency of the transferred amount required required
    communication string the transfer communication shared with the beneficiary optional optional
    counterparty.name string the name of the beneficiary required required
    counterparty.iban string the IBAN of the beneficiary required N/a
    counterparty.account_id string the account id of the beneficiary N/a required
    counterparty.swift_bic string the swift/bic of the beneficiary's bank required N/a
    counterparty.sort_code string the sort code of the beneficiary's bank N/a required
    counterparty.address string address of the beneficiary optional optional
    counterparty.country string address of the beneficiary optional optional
    _external_uid string A unique ID given by the creator of the transfer. In case a uid is reused for a transfer, it is not executed. This mechanism can be used to prevent double bookings in case of network failure or a similar event where the transfer status is unknown. The ID is also used as payment reference. required required

    Return Values

    The payments API will return a payment status which defines the next step to be taken in order to complete the payment initiation cycle. As defined by the PSD2 regulation, payments need to go through a Strong Customer Authentication (SCA) with the exception of certain scenarios such as a low value transfers. In the case of a SCA, the provider will require a Second Factor Authentication (2FA).

    The possible return values are defined and the next step is defined in the following table:

    Status Code Description Next Step
    sca_required 428 The provider requires a 2FA GET /pis/2fa
    payment_accepted 202 The provider is processing the payment GET /payments
    payment_created 202 the provider has succesfully created the payment -
    payment_unsuccessful 500 The provider rejected the payment View error details

    GET /pis/2fa

    This endpoint redirects the customer to the 2FA page of the provider following a payment initiation.

    Authentication Level

    Two-legged Authentication

    HTTP Request

    GET https://api-sandbox.fintecture.com/public/v1/customer/[customer_id]/pis/2fa

    Header Parameters

    Parameter Value Usage

    null

    URL Parameters

    Parameter Value Usage
    customer_id the customer id of the requested beneficial owner personal information required

    Query Parameters

    Parameter Value Usage
    session_id the payment session id received from the payment initiation required
    redirect_uri URL the customer will be redirected to after authenticating required

    Redirection Values

    If the customer has successfully gone through the 2FA of his bank, he will be redirected to the redirect_uri provided in to the endpoint, with the following 2 parameters:

    If the 2FA resulted in an error, the customer will be redirected to the redirect_uri with the following parameter:

    Parameter Description Value
    session_id The payment session id string
    status The payment status confirmation_required
    error Error code string

    PUT /confirm

    Request Body

    { 
        "meta": {
            "session_id": "e233F7he30denj"
        }
    }
    

    Response 201

    HTTP/1.1 201 Created
    Accept: application/json
    Content-Type: application/json
    
    {
        "meta": {
            "status": 201,
            "code": "payment_created",
            "message": "Payment order successfully created.",
            "payment_id": "4MDExNTA0MTMwNzAzM2",
            "customer_id": "e233F7he30denje=ef2"
        }
    }
    

    Response 202

    HTTP/1.1 202 Accepted
    Accept: application/json
    Content-Type: application/json
    
    {
        "meta": {
            "status": 202,
            "code": "payment_accepted",
            "message": "Payment has been accepted by provider. Check progress of payment by using the payment_id.",
            "payment_id": "4MDExNTA0MTMwNzAzM2",
            "customer_id": "e233F7he30denje=ef2"
        }
    }
    

    Authentication Level

    Three-legged Authentication with OTP

    HTTP Request

    PUT https://api-sandbox.fintecture.com/pis/v1/customer/[customer_id]/payments/[type]/confirm

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required
    Content-Type application/json required

    URL Parameters

    Parameter Description Usage
    customer_id the customer id of the requested beneficial owner personal information required
    type Payment scheme type, either SEPA or FPS required

    Body Parameters

    Parameter Type Description Usage
    session_id string Payment session ID received after SCA required

    Returned Values

    Status Code Description Next Step
    payment_accepted 202 The provider is processing the payment GET /payments
    payment_created 202 the provider has succesfully created the payment -
    payment_unsuccessful 500 The provider rejected the payment View error details

    GET /payments

    Response

    HTTP/1.1 200 OK
    Content-Type: application/json
    
    {
        "meta": {
            "payment_status": "created",
            "provider_payment_id": "db9aa00d-c41e-49c9-aa6a-623eab9d34e9",
            "customer_id": "747fa582a1c69ed7a3f3020edffbfc25",
            "payment_code": "payment_created"
        },
        "data": {
            "id": "dc0ec84957d682306fdbaf5ae9ec1f5e3edba44c65f84c63ee6def94f33e3061",
            "type": "payments",
            "attributes": {
                "amount": "149",
                "currency": "EUR",
                "code": null,
                "reference": "RF1321321",
                "payment_id": "db9aa00d-c41e-49c9-aa6a-623eab9d34e9",
                "fees_currency": null,
                "fees_amount": null,
                "operation_type": null,
                "debited_account_id": "FI6593857450293470-EUR",
                "beneficiary": {
                    "name": null,
                    "iban": "GB07BARC20325388680799",
                    "swift_bic": null
                },
                "status": "Paid",
                "created_at": null,
                "communication": "Beer Money"
            }
        }
    }
    

    This endpoint returns the details of all transfers or of a specific transfer

    Authentication Level

    Two-legged Authentication

    HTTP Request

    GET https://api-sandbox.fintecture.com/pis/v1/customer/[customer_id]/payments/[payment_id]

    Header Parameters

    Parameter Value Usage
    Authorization Bearer [access_token] required
    Accept application/json required

    URL Parameters

    Parameter Description Usage
    customer_id the customer id of the requested beneficial owner personal information required
    payment_id the payment ID of the payment following payment acceptance or creation required

    Errors

    Status Title Code Description
    400 - Bad Request Bad Request bad_request Invalid parameters or malformed syntax.
    400 - Bad Request Customer ID invalid customer_unknown Invalid customer_id. Use a valid customer_id or authenticate to a bank to continue.
    400 - Bad Request Account ID invalid account_unknown Invalid account_id. You must specify an account_id as defined by the /accounts API.
    400 - Bad Request Session ID Invalid or Expired session_id_invalid_or_expired The session ID used is either expired or invalid.
    400 - Bad Request Invalid Field invalid_field The value or format of field [field] is incorrect
    400 - Bad Request Missing Field mandatory_field_missing The mandatory field is missing: [field] has not been defined.
    400 - Bad Request Invalid Debited Account ID invalid_debited_account Invalid debited_account_id. The debited_account_type is set to internal, please use an id provider by the accounts API.
    400 - Bad Request Provider Error provider_error The provider has returned an unexpected error. [details]
    401 - Unauthorized Invalid Token invalid_token The token is either invalid or expired.
    401 - Unauthorized Invalid Scopes invalid_scopes Your app does not have the necessary scopes to access this API.
    401 - Unauthorized Invalid Code invalid_code The authorization code is either wrong or expired.
    401 - Unauthorized Invalid App ID invalid_app_id Invalid app redirect URL.
    401 - Unauthorized Invalid Redirect URL invalid_app_url Invalid app_id.
    403 - Forbidden forbidden You do not have the necessary permissions to access this resource.
    404 - Not Found Not Found not_found The requested resource could not be found. The requested resource either does not exist or is temporarly down.
    405 - Method Not Allowed Method Not Allowed method_not_allowed A request method is not supported for the requested resource.
    406 - Not Acceptable Not Acceptable not_accepted The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
    410 - Gone Gone gone Indicates that the resource requested is no longer available and will not be available again.
    428 - Precondition Required SCA required sca_required The payment requires Strong Customer Authentication.
    429 - Too Many Requests Too Many Requests too_many_requests The user has sent too many requests in a given amount of time.
    500 - Internal Server Error Internal Error internal_error An internal error has occured. If the error persists, please contact our support.
    500 - Internal Server Error Payment Initiation Unsuccessful payment_unsuccessful The payment initiation was unsuccessful. The user either has not enough funds or has not authorized online transfers.
    500 - Internal Server Error Internal Error payment_unsupported The payment method is unsupported. Contact support to request this method if needed.
    501 - Not Implemented Provider Endpoint Unavailable provider_endpoint_unavailable The provider endpoint is currently unavailable or has not been implemented yet.
    503 - Service Unavailable Provider Unavailable provider_unavailable The provider is currently unavailable. Please try again later.
    {
        "meta": {
            "title": "copyright",
            "details": "copyright© 2018 Fintecture. All rights reserved."
        }
    }
    

    Copyright © 2018 Fintecture. All rights reserved.