AIS (v1.0)

Download OpenAPI specification:Download

API Support: info-api@abanca.com

Authentication

BearerAuthOAuth

Bearer Token. Is needed, if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.

Security scheme type: HTTP
HTTP Authorization Scheme bearer

Account Information Service (AIS)

The Account Information Service (AIS) offers the following services

  • Transaction reports for a given account including balances if applicable.
  • Balances of a given account
  • A list of available accounts
  • Account details of a given account or of the list of all accessible accountsrelative to a granted consent

Read Account List

Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.

It is assumed that a consent of the PSU to this access is already given and stored on the bank system. The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId, respectively the OAuth2 access token.

Returns all identifiers of the accounts, to which an account access has been granted to through the /consents endpoint by the PSU. In addition, relevant information about the accounts and hyperlinks to corresponding account information resources are provided if a related consent has been already granted.

Remark: Note that the /consents endpoint optionally offers to grant an access on all available payment accounts of a PSU. In this case, this endpoint will deliver the information about all available payment accounts of the PSU.

Authorizations:
query Parameters
withBalance
boolean

This parameter will be ignored by the bank.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Consent-ID
required
string (consentId)

This then contains the consentId of the related AIS consent, which was performed prior to this account request.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/accounts

Production server

https://apiserv.novobanco.es/psd2/v1/accounts

sandbox

https://api.novobanco.es/psd2/sandbox/ais/v1/accounts

Response samples

Content type
application/json
Example

Response in case of an example, where the consent has been given on two different IBANs

Copy
Expand all Collapse all
{
  • "accounts":
    [
    ]
}

Read Account Details

Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the bank system. The addressed details of this account depends then on the stored consent addressed by consentId, respectively the OAuth2 access token.

NOTE: The account-id can represent a multicurrency account. In this case the currency code is set to "XXX".

Give detailed information about the addressed account.

Give detailed information about the addressed account together with balance information

Authorizations:
path Parameters
account-id
required
string (accountId)
Example: {account-id}

This identification is denoting the addressed account. The account-id is retrieved by using a "Read Account List" call. The account-id is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

query Parameters
withBalance
boolean

This parameter will be ignored by the bank.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Consent-ID
required
string (consentId)

This then contains the consentId of the related AIS consent, which was performed prior to this account request.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/accounts/{account-id}

Production server

https://apiserv.novobanco.es/psd2/v1/accounts/{account-id}

sandbox

https://api.novobanco.es/psd2/sandbox/ais/v1/accounts/{account-id}

Response samples

Content type
application/json
Example

Account Details for a regular Account

Copy
Expand all Collapse all
{
  • "account":
    {
    }
}

Read Balance

Reads account data from a given account addressed by "account-id".

This account-id then can be retrieved by the "GET Account List" call.

The account-id is constant at least throughout the lifecycle of a given consent.

Authorizations:
path Parameters
account-id
required
string (accountId)
Example: {account-id}

This identification is denoting the addressed account. The account-id is retrieved by using a "Read Account List" call. The account-id is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Consent-ID
required
string (consentId)

This then contains the consentId of the related AIS consent, which was performed prior to this account request.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/accounts/{account-id}/balances

Production server

https://apiserv.novobanco.es/psd2/v1/accounts/{account-id}/balances

sandbox

https://api.novobanco.es/psd2/sandbox/ais/v1/accounts/{account-id}/balances

Response samples

Content type
application/json
Example

Response for a read balance request in case of a regular account.

Copy
Expand all Collapse all
{
  • "account":
    {
    },
  • "balances":
    [
    ]
}

Read transaction list of an account

Read transaction lists of a given account addressed by "account-id", depending on the steering parameter "bookingStatus" together with balances.

For a given account, additional parameters are e.g. the attributes "dateFrom" and "dateTo".

Authorizations:
path Parameters
account-id
required
string (accountId)
Example: {account-id}

This identification is denoting the addressed account. The account-id is retrieved by using a "Read Account List" call. The account-id is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

query Parameters
dateFrom
string <date>

Starting date (inclusive the date dateFrom) of the transaction list.

For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date.

  • Limited to 90 days of history
dateTo
string <date>

End date (inclusive the data dateTo) of the transaction list, default is "now" if not given. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date.

entryReferenceFrom
string

Not supported.

bookingStatus
required
string
Enum:"booked" "pending" "both"

Permitted codes are

  • "booked",
  • "pending" and
  • "both"
deltaList
boolean

Not supported.

withBalance
boolean

This parameter will be ignored by the bank.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Consent-ID
required
string (consentId)

This then contains the consentId of the related AIS consent, which was performed prior to this account request.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/accounts/{account-id}/transactions/

Production server

https://apiserv.novobanco.es/psd2/v1/accounts/{account-id}/transactions/

sandbox

https://api.novobanco.es/psd2/sandbox/ais/v1/accounts/{account-id}/transactions/

Response samples

Content type
application/json

Response in JSON format for an access on a regular account

Copy
Expand all Collapse all
{
  • "account":
    {
    },
  • "transactions":
    {
    }
}