--- swagger: "2.0" info: version: 1.2.0 title: AIS API Live description: |- Account Information Service Provider API **New version 1.2.0** Update information: * Added information about exchange rate in transactions - new definition ReportExchangeRate * Added owner name in account list and account details * Added new endpoint - transaction details x-ibm-name: account-information-live contact: email: api@postbank.bg name: Postbank url: https://www.postbank.bg externalDocs: description: Latest update is published here url: https://www.postbank.bg schemes: - https securityDefinitions: ClientId: type: apiKey name: X-IBM-Client-Id x-key-type: client_id in: header OAuth2: type: oauth2 x-ibm-oauth-provider: oauth2-1-0-0-efac flow: accessCode authorizationUrl: https://gate.postbank.bg:444/postbank/psd2/live/oauth2/authorize tokenUrl: https://gate.postbank.bg:444/postbank/psd2/live/oauth2/token scopes: aisp: Account Information Service definitions: Amount: type: object required: - currency - amount properties: currency: $ref: '#/definitions/CurrencyCode' amount: pattern: ^[0-9]\d{0,13}(\.\d{1,2})?$ type: string Account: type: object required: - currency - resourceId - iban - name - product properties: resourceId: type: string description: This is the data element to be used in the path when retrieving data from a dedicated account. iban: type: string description: IBAN of an account name: type: string description: Name given by the bank or the PSU in OnlineBanking. ownerName: type: string description: Name of the account owner. product: type: string description: Product Name of the Bank for this account currency: type: string description: ISO 4217 code balances: type: array items: $ref: '#/definitions/SingleBalance' _links: $ref: '#/definitions/Links' description: Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to “balances” and/or “transactions” AccountReport: type: object required: - booked properties: booked: type: array items: $ref: '#/definitions/Transactions' Balances: type: object properties: interimAvailable: $ref: '#/definitions/SingleBalance' description: Available balance calculated in the course of the account ’ervicer's business day, at the time specified, and subject to further changes during the business day. The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period specified. SingleBalance: type: object required: - balanceType - balanceAmount - referenceDate properties: balanceType: type: string enum: - interimAvailable - openingBooked - closingBooked balanceAmount: $ref: '#/definitions/Amount' referenceDate: type: string format: ISODate pattern: ([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) Transactions: type: object required: - transactionAmount - transactionId properties: transactionId: type: string description: Can be used as access-id in the API, where more details on an transaction is offered. bookingDate: type: string format: date valueDate: type: string format: date transactionAmount: $ref: '#/definitions/Amount' creditorName: type: string description: Creditor name creditorAccount: $ref: '#/definitions/AccountReference' debtorName: type: string description: Debtor name debtorAccount: $ref: '#/definitions/AccountReference' remittanceInformationUnstructured: type: string currencyExchange: type: array items: $ref: '#/definitions/ReportExchangeRate' transactionDetails: $ref: '#/definitions/Href' description: Available in transactions list ReportExchangeRate: type: object properties: sourceCurrency: $ref: '#/definitions/CurrencyCode' description: Currency from which an amount is to be converted in a currency conversion. exchangeRate: type: string description: Factor used to convert an amount from one currency into another. This reflects the price at which one currency was bought with another currency. unitCurrency: $ref: '#/definitions/CurrencyCode' description: Currency in which the rate of exchange is expressed in a currency exchange. In the example 1EUR = xxxCUR, the unit currency is EUR. targetCurrency: $ref: '#/definitions/CurrencyCode' description: Currency into which an amount is to be converted in a currency conversion. quotationDate: type: string format: ISOdate pattern: ([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) description: Date at which an exchange rate is quoted. contractIdentification: type: string description: Unique identification to unambiguously identify the foreign exchange contract. CurrencyCode: type: string pattern: ^[A-Z]{3} description: ISO 4217 code Links: type: object properties: scaRedirect: $ref: '#/definitions/Href' description: A link to a Postbank site where SCA is performed within the Redirect SCA approach. self: $ref: '#/definitions/Href' description: The link to the resource created by the undergoing request. This link can be used to retrieve the resource data. status: $ref: '#/definitions/Href' account: $ref: '#/definitions/Href' description: A link to an account, which can be directly used for retrieving account information from this dedicated account. balances: $ref: '#/definitions/Href' description: A link to the resource providing the balance of a dedicated account. transactions: $ref: '#/definitions/Href' description: A link to the resource providing the transaction history of a dedicated account. first: $ref: '#/definitions/Href' description: Navigation link for account reports. next: $ref: '#/definitions/Href' description: Navigation link for account reports. previous: $ref: '#/definitions/Href' description: Navigation link for account reports. last: $ref: '#/definitions/Href' description: Navigation link for account reports. ErrorModel: type: object properties: tppMessages: type: array items: type: object properties: category: type: string code: type: string text: type: string ConsentRequestBody: type: object required: - access - frequencyPerDay - recurringIndicator - validUntil properties: access: type: object properties: balances: type: array items: type: string transactions: type: array items: type: string recurringIndicator: type: string format: boolean description: TRUE, if the consent is for recurring access to the account data. FALSE, if the consent is for one access to the account data. pattern: (true|false) validUntil: type: string format: date description: This parameter is requesting a valid until date for the requested consent. Max validity is 90 day. If the consent is for one access to the account data value is current date.The content is the local Postbank date in ISODate Format, e.g. 2018-11-25 pattern: ([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) frequencyPerDay: type: string format: integer description: This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to “1”. Max value is “4”. pattern: '[1-4]' Consent: required: - access - recurringIndicator - validUntil - frequencyPerDay - consentStatus - _links type: object properties: access: $ref: '#/definitions/AccountAccess' recurringIndicator: type: boolean description: TRUE, if the consent is for recurring access to the account data FALSE, if the consent is for one access to the account data validUntil: type: string format: date description: This parameter is requesting a valid until date for the requested consent. The content is the local Postbank date in ISODate Format, e.g. 2017-10-30 frequencyPerDay: type: integer description: Max value is "4". consentStatus: $ref: '#/definitions/ConsentStatus' _links: $ref: '#/definitions/Links' example: access: balances: - iban: BG77BPBI000001 transactions: - iban: BG77BPBI000001 - iban: BG77BPBI000002 recurringIndicator: true validUntil: "2018-12-25" frequencyPerDay: 2 consentStatus: valid _links: account: href: /v1/accounts/ AccountReference: properties: iban: type: string bban: type: string additionalProperties: false ConsentStatus: type: string description: The following code values are permitted “received”, “rejected”, “valid”, “revokedByPsu”, “expired”, “terminatedByTpp” enum: - received - rejected - valid - revokedByPsu - expired - terminatedByTpp additionalProperties: false AccountAccess: properties: balances: type: array items: $ref: '#/definitions/AccountReference' transactions: type: array items: $ref: '#/definitions/AccountReference' additionalProperties: false Href: type: object properties: href: type: string paths: /accounts: get: tags: - account summary: Read account list description: Read the list of all accessible accounts relative to a granted consent. It is assumed that a consent of the PSU to this access is already given and stored on the Postbank system. The addressed list of accounts depends then on the PSU ID and OAuth2 access token. Returns all identifiers of the accounts, to which an account access has been granted to through the /consents endpoint by the PSU. In addition, relevant information about the accounts and hyperlinks to corresponding account information resources are provided if a related consent has been already granted. operationId: getAccounts consumes: - application/json produces: - application/json responses: 200: description: OK schema: type: object properties: accounts: type: array items: $ref: '#/definitions/Account' example: accounts: - resourceId: BG77BPBI000001 iban: BG77BPBI000001 currency: BGN product: Postbank Product name: salary _links: balances: href: /v1.2.0/accounts/BG77BPBI000001/balances transactions: href: /v1.2.0/accounts/BG77BPBI000001/transactions - resourceId: BG77BPBI000002 iban: BG77BPBI000002 currency: EUR product: Postbank Product name: за спестяване“ _links: balances: href: /v1.2.0/accounts/BG77BPBI000002/balances headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 401: description: Unauthorized schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 403: description: Forbidden schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. parameters: - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE in: header - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. - name: withBalance type: boolean required: false in: query description: With balance flag. /accounts/{account-id}: get: tags: - account summary: Read Account Details description: Reads details about the addressed account. It is assumed that a consent of the PSU to this access is already given and stored on the Postbank system. The addressed details of this account depends then on the stored consent addressed by the OAuth2 access token. operationId: getAccountByAccountId consumes: - application/json produces: - application/json parameters: - name: account-id in: path description: The account-id is retrieved by using a "Read Account List" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. required: true type: string - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. - name: withBalance type: boolean required: false in: query description: With balance flag. responses: 200: description: OK schema: type: object properties: account: $ref: '#/definitions/Account' example: account: resourceId: BG77BPBI000001 iban: BG77BPBI000001 currency: BGN product: Postbank Product name: salary balances: - balanceType: interimAvailable balanceAmount: currency: BGN amount: 120.900000 referenceDate: "2021-10-01" _links: balances: href: /v1.2.0/accounts/BG77BPBI000001/balances transactions: href: /v1.2.0/accounts/BG77BPBI000001/transactions headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 401: description: Unauthorized schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 403: description: Forbidden schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. /accounts/{account-id}/balances: get: tags: - account summary: Read Balance description: Reads the balance list for a given account addressed by "account-id". operationId: getBalanceForAccountByAccountId consumes: - application/json produces: - application/json parameters: - name: account-id in: path description: The account-id is retrieved by using a "Read Account List" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. required: true type: string - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. responses: 200: description: OK schema: type: object properties: account: $ref: '#/definitions/AccountReference' balances: type: array items: $ref: '#/definitions/SingleBalance' example: account: iban: BG77BPBI000001 balances: - balanceType: interimAvailable balanceAmount: currency: BGN amount: 123.450000 referenceDate: "2021-10-01" - balanceType: openingBooked balanceAmount: currency: BGN amount: 200.450000 referenceDate: "2021-10-01" headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 401: description: Unauthorized schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 403: description: Forbidden schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. /accounts/{account-id}/transactions: get: tags: - account summary: Read Transaction List description: Read transaction lists of a given account аddressed by "account-id", depending on the steering parameter "bookingStatus" and the attributes "dateFrom" and "dateTo". operationId: getTransactionsForAccountByAccountId consumes: - application/json produces: - application/json parameters: - name: account-id in: path description: The account-id is retrieved by using a "Read Account List" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. required: true type: string - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: dateFrom type: string pattern: ([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) format: ISODate in: query description: Starting date (inclusive the date dateFrom) of the transaction list. Within 30 minutes after validation of PSU's consent, it is possible to request information for more than 90 days back. There is information available for a 5 year period. required: true - name: dateTo type: string pattern: ([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) format: ISOdate in: query description: End date (inclusive the data dateTo) of the transaction list, default is now if not given. required: false - name: bookingStatus type: string pattern: (booked) in: query required: true description: Permitted codes are “booked”. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. - name: withBalance type: boolean required: false in: query responses: 200: description: OK schema: type: object required: - account - transactions - _links properties: account: $ref: '#/definitions/AccountReference' transactions: $ref: '#/definitions/AccountReport' balances: type: array items: $ref: '#/definitions/SingleBalance' _links: $ref: '#/definitions/Links' example: account: iban: BG77BPBI000001 transactions: booked: - debtorAccount: iban: BG77BPBI000001 creditorName: Иван Иванов creditorAccount: iban: BG77BPBI000002 transactionAmount: currency: BGN amount: "200.00" bookingDate: "2018-07-02" valueDate: "2018-07-03" remittanceInformationUnstructured: Захранване на сметка transactionDetails: href: /v1.2.0/accounts/BG77BPBI000001/transactions/123456 - debtorName: Фирма ЕООД debtorAccount: iban: BG77BPBI000003 creditorAccount: iban: BG77BPBI000001 transactionAmount: currency: BGN amount: "49.51" bookingDate: "2018-07-04" valueDate: "2018-07-05" remittanceInformationUnstructured: Такса курс transactionDetails: href: /v1.2.0/accounts/BG77BPBI000001/transactions/321456 - debtorName: Eurobank Bulgaria AD creditorAccount: iban: BG77BPBI000001 transactionAmount: currency: BGN amount: "1.00" bookingDate: "2018-08-04" valueDate: "2018-08-05" remittanceInformationUnstructured: Месечна лихва transactionDetails: href: /v1.2.0/accounts/BG77BPBI000001/transactions/654321 _links: account: href: /v1.2.0/accounts/BG77BPBI000001 headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 401: description: Unauthorized schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 403: description: Forbidden schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. /accounts/{account-id}/transactions/{transactionId}: get: tags: - account summary: Get Transaction Details description: Reads transaction details from a given transaction addressed by "transactionId" on a given account addressed by "account-id". operationId: getTransactionsForAccountByAccountIdAndTransactionId consumes: - application/json produces: - application/json parameters: - name: account-id in: path description: The account-id is retrieved by using a "Read Account List" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. required: true type: string - name: transactionId in: path description: transactionId required: true type: string - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. responses: 200: description: OK schema: type: object required: - account - transactionDetails - _links properties: account: $ref: '#/definitions/AccountReference' transactionDetails: $ref: '#/definitions/Transactions' _links: $ref: '#/definitions/Links' example: account: iban: BG77BPBI000001 transactionDetails: debtorAccount: iban: BG77BPBI000001 creditorName: Иван Иванов creditorAccount: iban: BG77BPBI000002 transactionAmount: currency: BGN amount: "200.00" bookingDate: "2018-07-02" valueDate: "2018-07-03" remittanceInformationUnstructured: Захранване на сметка currencyExchange: - sourceCurrency: EUR exchangeRate: "1" unitCurrency: BGN targetCurrency: BGN quotationDate: "2018-07-02" contractIdentification: "1234" _links: account: href: /v1.2.0/accounts/BG77BPBI000001 headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 401: description: Unauthorized schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 403: description: Forbidden schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: 'ID of the request, unique to the call, as determined by the initiating party. ' /consents: get: tags: - Consent summary: Get Consent description: Return valid Consent Id for PSU-TPP consent. operationId: getAllConsets produces: - application/json parameters: - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. responses: 200: description: OK schema: type: object properties: consents: type: array items: type: object properties: consentId: type: string headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. post: tags: - Consent summary: Create consent description: This method create a consent resource, defining access rights to dedicated accounts of a given PSU. Only access rights are inserted without mentioning the addressed account. The relation to accounts is then handled afterwards between PSU and Postbank. operationId: postConsent consumes: - application/json produces: - application/json parameters: - name: X-Request-ID in: header required: true type: string description: ID of the request, unique to the call, as determined by the initiating party. - name: TPP-Redirect-URI in: header required: true type: string description: URI of the TPP, where the transaction flow shall be redirected to after a Redirect - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false in: header - name: PSU-Accept-Encoding type: string required: false in: header - name: PSU-Accept-Language type: string required: false in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: true in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. - name: body in: body required: true schema: $ref: '#/definitions/ConsentRequestBody' responses: 201: description: Created schema: type: object properties: consentStatus: $ref: '#/definitions/ConsentStatus' consentId: type: string _links: $ref: '#/definitions/Links' example: consentStatus: received consentId: "12345687878" _links: scaRedirect: href: https://www.postbank.bg/authentication/12345687878 self: href: /v1/consents/12345687878 status: href: /v1/consents/12345687878/status headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. Location: type: string description: hyperlink for the status of the resource. ASPSP-SCA-Approach: type: string description: Possible value is REDIRECT. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. /consents/{consent-id}: get: tags: - Consent summary: Get Consent Request description: Reads the exact definition of the given consent resource {consent-id} produces: - application/json parameters: - name: consent-id in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request - name: X-Request-ID in: header required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ type: string description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. responses: 200: description: OK schema: $ref: '#/definitions/Consent' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. operationId: getConsent delete: tags: - Consent summary: Delete consent description: The TPP can delete an account information consent object if needed. operationId: deleteConsentWithID produces: - application/json parameters: - name: consent-id in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request - name: X-Request-ID in: header required: true type: integer format: string description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false in: header - name: PSU-Accept-Encoding type: string required: false in: header - name: PSU-Accept-Language type: string required: false in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. responses: 204: description: No Content headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. /consents/{consent-id}/status: get: tags: - Consent summary: Consent status request description: Reads the transaction status of the addressed consent resource. produces: - application/json parameters: - name: consent-id in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request - name: X-Request-ID type: string required: true pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ in: header description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-User-Agent in: header type: string description: The forwarded Agent header field of the http request between PSU and TPP, if available. - name: PSU-IP-Port in: header type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP, if available. required: false - name: PSU-Geo-Location in: header type: string description: The forwarded Geo Location header field of the corresponding http request between PSU and TPP if available. required: false - name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. - name: PSU-Accept-Charset type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Encoding type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Accept-Language type: string required: false description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header - name: PSU-Http-Method type: string enum: - GET - POST - PUT - PATCH - DELETE required: false in: header description: | HTTP method used at the PSU – TPP interface, if available. Valid values are\: * GET * POST * PUT * PATCH * DELETE - name: PSU-Device-ID type: string required: false in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. - name: PSU-IP-Address type: string pattern: ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ required: false in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initialed by the PSU. responses: 200: description: OK schema: type: object required: - consentStatus properties: consentStatus: $ref: '#/definitions/ConsentStatus' scaStatus: type: string enum: - finalised example: consentStatus: terminatedByTpp scaStatus: finalised headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 400: description: Bad Request schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. 500: description: Internal Server Error schema: $ref: '#/definitions/ErrorModel' headers: X-Request-ID: type: string description: ID of the request, unique to the call, as determined by the initiating party. operationId: getConsentStatus x-ibm-configuration: phase: realized enforced: true testable: false type: rest consumes: - application/json produces: - application/json basePath: /live/v1.2.0 security: - ClientId: [] OAuth2: - aisp x-ibm-endpoints: - endpointUrl: https://gate.postbank.bg/postbank/psd2 type: - production - development ...