AISP (Account And Transactions)

An AISP is a market player using a customer’s account information to build new advisory and information services for customers. An AISP has no agreements with your bank, but as a customer you can give AISP full access to all your account information, regardless of how many bank accounts you have.

Access Management

The Al Salam Bank APIs use OAuth2 as authorization mechanism for access management to the endpoints. OAuth is an open standard that provides secure access to protected resources. Al Salam Bank authorisation server issues three types of tokens (Access Token, Refresh Token, ID Token)

Access tokens are used to allow AISPs access to protected resources (including APIs), the tokens are only valid for a short duration (e.g. 30 minutes).

ID tokens (also known as Identity Token) are provided in a standard JWT format and signed by the OpenID Provider (i.e. Al Salam Bank authorisation server), these are issued to AISP as part of a successful Consent journey.

Refresh tokens are required to obtain new access tokens when the current token becomes invalid or expires. Refresh tokens are issued to the AISP by the authorisation server.

Authorization Codes must be validated by the TPP (AISP/PISP)

How it works

The below sets out the steps you should take to use the Al Salam Bank API Exchange

  1. Request Account Information

    • The process begins with a PSU consenting to an AISP accessing their account information
  2. Setup Account Access Consent

    • The AISP connects to Al Salam Bank’s API Gateway and creates an account-access-consent resource
    • This informs Al Salam Bank that one of our PSUs is granting access to account and/or transaction information to an AISP
    • Al Salam Bank responds with an identifier for the resource, ConsentId - the intent identifier
    • This step is carried out by making a POST request to /account-access-consents endpoint
    • The account-access-consent resource will include the fields below which describe data the PSU has consented with the AISP:
      • Permissions - a list of data clusters that have been consented for access
      • Expiration Date - an expiration for when the AISP will no longer have access to the PSU's data
      • Transaction Validity Period - the From/To date range which specifies a historical period for transactions and statements which may be accessed by the AISP
    • An AISP may be a broker for data to other parties, and so it is valid for a PSU to have multiple account-access-consents for the same accounts, with different consent/authorisation parameters agreed
  3. Authorise Consent

    • The AISP requests the PSU to give its consent to authorise the AISP to deliver services enabling access to account information and to access this information for the designated payment accounts and associated
    • The AISP redirects the PSU to the ASPSP
    • The redirect includes the ConsentId generated in the previous step
    • The PSU should have an access to the Al Salam Netbanking (https://online-banking.alsalambahrain.com/RetailBanking) in order to processed with this step.
    • The PSU will be required to enter his/her CPR, Mobile and CIF and upone successful authinitcation an OTP (One Time Password - 6 digit) will be sent to his/her Bank registered mobile
    • This allows the ASPSP to correlate the account-access-consent that was setup
    • The ASPSP authenticates the PSU
    • The ASPSP updates the state of the account-access-consent resource internally to indicate that the account access consent has been authorised
    • Once the consent has been authorised, the PSU is redirected back to the AISP
    • The principle is that consent is managed between the PSU and the AISP - the account-access-consent details must not be changed in this step.
    • The PSU will only be able to authorise or reject the account-access-consent details in its entirety
    • During authorisation, the PSU selects accounts that are authorised for the AISP request in the ASPSP's banking interface
  4. Request Data

    • This is carried out by making a GET request the relevant resource
    • The unique AccountId(s) that are valid for the consent will be returned with a call to GET /accounts
    • This will always be the first call once an AISP has a valid access token

Obtaining an Access Token to Register Intent

Firstly, you authenticate with us and obtain an Public Token. This token is used later to register payment requests.

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2

Header Request

Content-Type:application/x-www-form-urlencoded

Body Request

grant_type:client_credentials
scope:payments
client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA

Corresponding Response:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg",
    "expires_in": 86400,
    "token_type": "bearer",
    "scope": "payments"
}

Then we need register new consent using retrieved public token. In this step we will be redirected to AuthPage for consents authorization and in case of successful authorization will be issue authorized key which will be change on resource token (This will be used in the next query as/token.oauth2)

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/api/account-access-consents

Header Request

Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg

Body Request

{
  "Data": {
    "Permissions": [
      "ReadAccountsDetail",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2019-06-29T00:00:00+00:00",
    "TransactionFromDateTime": "2019-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2019-12-03T00:00:00+00:00"
  },
  "Risk": {}
}

Corresponding Response:

{
    "Data": {
        "ConsentId": "lX7D-Ej4Tr6Qn8GwbWU5FA",
        "Status": "AwaitingAuthorisation",
        "StatusUpdateDateTime": "2019-06-10T08:38:25.064+0000",
        "CreationDateTime": "2019-06-10T08:38:25.064+0000",
        "Permissions": [
            "ReadAccountsDetail",
            "ReadProducts",
            "ReadStandingOrdersDetail",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail",
            "ReadPAN",
            "ReadParty",
            "ReadPartyPSU",
            "ReadScheduledPaymentsDetail",
            "ReadStatementsDetail"
        ],
        "ExpirationDateTime": "2019-06-29T00:00:00.000+0000",
        "TransactionFromDateTime": "2019-05-03T00:00:00.000+0000",
        "TransactionToDateTime": "2019-12-03T00:00:00.000+0000"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/lX7D-Ej4Tr6Qn8GwbWU5FA"
    }
}

And code response

ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnNXRGRFTFVWcU5GUnlObEZ1T0VkM1lsZFZOVVpCSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl3TWpReU5EUXdMQ0pwWVhRaU9qRTFOakF4TlRZd05EQjkubHc4NEVPYjZFVDJ2R0RSTU1rSHdxRWQwczVDc3FKanRjcUpkSDdjNGZLR1FGdm0tbVpLR0dOekdmS3hXTDNIZ3BxY21iMjJJNEtkN2RSVk0tcFpKVWZCZVR5ZVFuNWd1V3NFdmt6N3QzdHByazJoQmtzVC1GOE00S2hKNUhFSGt5dlpyVkExQ19VaGxVVDJoT2ZCbnRtZkxHd3JGam5vQUNmNEt4Rk9IMWtLY3p1MXVUbzBKbzJuVWI4UzFNb0U2U1JYREJvUkk5aldEZ3NyelAxaFdFeldXdDhJU3pHcWVuWHVMbm80X05MNjdPdWRRbERYaTlOeWpJU1FTZndwTTlCT2Y2VkRpejdCTHVpNTJpbmtFYTZxeEVwOG9SMWdQcTRPaXJKS1ZuZmRjQUhyUDVJa0haRjE4Z3JKUXVtd1NxYWhMZ0E0VFNYOFoxcjhzZkpzR3h3

This example post request describe how to exchange authorized key to resource token

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2

Header Request

Content-Type:application/x-www-form-urlencoded

Body Request

grant_type:authorization_code
code:ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnNXRGRFTFVWcU5GUnlObEZ1T0VkM1lsZFZOVVpCSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl3TWpReU5EUXdMQ0pwWVhRaU9qRTFOakF4TlRZd05EQjkubHc4NEVPYjZFVDJ2R0RSTU1rSHdxRWQwczVDc3FKanRjcUpkSDdjNGZLR1FGdm0tbVpLR0dOekdmS3hXTDNIZ3BxY21iMjJJNEtkN2RSVk0tcFpKVWZCZVR5ZVFuNWd1V3NFdmt6N3QzdHByazJoQmtzVC1GOE00S2hKNUhFSGt5dlpyVkExQ19VaGxVVDJoT2ZCbnRtZkxHd3JGam5vQUNmNEt4Rk9IMWtLY3p1MXVUbzBKbzJuVWI4UzFNb0U2U1JYREJvUkk5aldEZ3NyelAxaFdFeldXdDhJU3pHcWVuWHVMbm80X05MNjdPdWRRbERYaTlOeWpJU1FTZndwTTlCT2Y2VkRpejdCTHVpNTJpbmtFYTZxeEVwOG9SMWdQcTRPaXJKS1ZuZmRjQUhyUDVJa0haRjE4Z3JKUXVtd1NxYWhMZ0E0VFNYOFoxcjhzZkpzR3h3
client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA

Responce

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwiY29uc2VudElkIjoibFg3RC1FajRUcjZRbjhHd2JXVTVGQSIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjUyMSwiaWF0IjoxNTYwMTU2MTIxfQ.HHDDSZgo4OYuH1H2BTXfYg0dWal9LOGiUx0crlxaZDzxJ4GxnEJIeWctkllD_8XcN-DlGih2R3aMmJdIqi0Dk5wvOU3nv0DN50nKTbTdjzce4DLFL2nYV21lhv0xNHKx5nG6DWXfAdLt3p_MrgMR_PO3i-4tzOrpU_QASWnlczfdxbZYbauscWdXksoaMAnVxvwqXT4TjPtCdVfm3YKSSHfC9U-698c16r0uAXZ2gmzA0GnWGqbfyv8gwV6bRY8rBv4R7huEoK0OUZtUL6NF8xbLTCJ3hHN6Gjm9kpdj-5j8fjYYbd3TgfO5Dlc_v5POrWva5E6tFlI4fJCAJET96Q",
    "expires_in": 86400,
    "token_type": "bearer"
}

In last step we will use resource token to get resource URLs via get request

Example Get Request

https://ob-dev.alsalambahrain.com/apigateway/accounts

Header Request

Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwiY29uc2VudElkIjoibFg3RC1FajRUcjZRbjhHd2JXVTVGQSIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjUyMSwiaWF0IjoxNTYwMTU2MTIxfQ.HHDDSZgo4OYuH1H2BTXfYg0dWal9LOGiUx0crlxaZDzxJ4GxnEJIeWctkllD_8XcN-DlGih2R3aMmJdIqi0Dk5wvOU3nv0DN50nKTbTdjzce4DLFL2nYV21lhv0xNHKx5nG6DWXfAdLt3p_MrgMR_PO3i-4tzOrpU_QASWnlczfdxbZYbauscWdXksoaMAnVxvwqXT4TjPtCdVfm3YKSSHfC9U-698c16r0uAXZ2gmzA0GnWGqbfyv8gwV6bRY8rBv4R7huEoK0OUZtUL6NF8xbLTCJ3hHN6Gjm9kpdj-5j8fjYYbd3TgfO5Dlc_v5POrWva5E6tFlI4fJCAJET96Q

Responce

{
    "Data": {
        "Account": [
            {
                "AccountId": "K1iEoUt4RmuoKZkVyGKXCA",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "PAN",
                        "Identification": "599995xxxxxx8997"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "TxcKRRkvTA69PNWu3641vQ",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "PAN",
                        "Identification": "799995xxxxxx1999"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "jmSNPTYCTcCQm7XR1_4x0g",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120103"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "n5ORPZKIQ5KX_PmVWGsW0A",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120102"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "0TMho2SATQOBJcAfYtfCDg",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120101"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            }
        ]
    },
    "Links": null
}

API endpoints

APIs are grouped into API products, each with a subset of the API endpoints exposed as part of the banking APIs. Check out the products, API signatures, parameters, and response structure to understand the APIs from a functional perspective.

Account information APIs provide information for accounts held by the bank customer. Information is categorized into:

Link Resource Endpoints
Account Access Consent account-access-consents POST /account-access-consents
GET /account-access-consents/
DELETE /account-access-consents/
Accounts accounts GET /accounts
GET /accounts/
Balances balances GET /accounts/{AccountId}/balances
GET /balances
Transactions transactions GET /accounts/{AccountId}/transactions
GET /transactions

AISP Endpoints and Examples

Create account initiation request

This API resource can be used to send an account initiation request. This allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API resource allows the AISP to send a copy of the consent to the ASPSP to authorise access to account information.
  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
  • The status of the consent is set to AwaitingAuthorisation.

POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. This is because the behaviour of the pre-selected accounts, after authorisation, is not clear from a legal perspective.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

    An example initiating request

    https://ob-dev.alsalambahrain.com/authpage/account-access-consents
    

    Request Headers

    Authorization: Bearer Cr352SewGFe
    Accept: application/json
    Content-Type:application/json
    

    An example initiating request body:

{
    "Data": {
  		"Permissions": [
  		  "ReadAccountsDetail",
  		  "ReadBalances",
  		  "ReadBeneficiariesDetail",
  		  "ReadDirectDebits",
  		  "ReadProducts",
  		  "ReadStandingOrdersDetail",
  		  "ReadTransactionsCredits",
  		  "ReadTransactionsDebits",
  		  "ReadTransactionsDetail",
  		  "ReadOffers",
  		  "ReadPAN",
  		  "ReadParty",
  		  "ReadPartyPSU",
  		  "ReadScheduledPaymentsDetail",
  		  "ReadStatementsDetail"
  		],
  	"ExpirationDateTime": "2020-05-02T00:00:00+00:00",
  	"TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
  	"TransactionToDateTime": "2020-12-03T00:00:00+00:00"
  	  },
  	 "Risk": {}
}

A sample successful response:

  {
    "Data": {
          "ConsentId": "DWwlf3L_SQKGV-_t-KjdvA",
        "Status": "AwaitingAuthorisation",
          "StatusUpdateDateTime": "2019-06-07T11:08:15.496+0000",
        "CreationDateTime": "2019-06-07T11:08:15.496+0000",
          "Permissions": [
            "ReadAccountsDetail",
              "ReadBalances",
            "ReadBeneficiariesDetail",
              "ReadDirectDebits",
            "ReadProducts",
              "ReadStandingOrdersDetail",
            "ReadTransactionsCredits",
              "ReadTransactionsDebits",
            "ReadTransactionsDetail",
              "ReadOffers",
            "ReadPAN",
              "ReadParty",
              "ReadPartyPSU",
              "ReadScheduledPaymentsDetail",
              "ReadStatementsDetail"
          ],
          "ExpirationDateTime": "2020-05-02T00:00:00.000+0000",
          "TransactionFromDateTime": "2017-05-03T00:00:00.000+0000",
          "TransactionToDateTime": "2020-12-03T00:00:00.000+0000"
      },
      "Links": {
          "Self": "https://ob-dev.alsalambahrain.com/authpage/"
      }
  }

Account Access Consent Status

The PSU must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup.

The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

AwaitingAuthorisation: The account access consent is awaiting authorisation.

After authorisation has taken place the account-access-consent resource may have these following statuses.

Rejected: The account access consent has been rejected.

Authorised: The account access consent has been successfully authorised.

Revoked: The account access consent has been revoked via the ASPSP interface.

GET /account-access-consents/

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

The usage of this API endpoint will be subject to an ASPSP's fair usage policies.

Account Access Consent Status

Once the PSU authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are:

Status Status Description
1 Rejected The account access consent has been rejected.
2 AwaitingAuthorisation The account access consent is awaiting authorisation.
3 Authorised The account access consent has been successfully authorised.
4 Revoked The account access consent has been revoked via the ASPSP interface.

An example initiating request body:

https://ob-dev.alsalambahrain.com/authpage/account-access-consents/4ZLw3hVjTBGe6oYW0aooiQ

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json
Content-Type:application/json

A sample successful response:

{
    "Data": {
        "ConsentId": "4ZLw3hVjTBGe6oYW0aooiQ",
        "Status": "Authorised",
        "StatusUpdateDateTime": "2019-06-06T16:03:37.586+0000",
        "CreationDateTime": "2019-06-06T16:03:37.586+0000",
        "Permissions": [
            "ReadAccountsDetail",
            "ReadBalances",
            "ReadBeneficiariesDetail",
            "ReadDirectDebits",
            "ReadProducts",
            "ReadStandingOrdersDetail",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail",
            "ReadOffers",
            "ReadPAN",
            "ReadParty",
            "ReadPartyPSU",
            "ReadScheduledPaymentsDetail",
            "ReadStatementsDetail"
        ],
        "ExpirationDateTime": "2020-05-02T00:00:00.000+0000",
        "TransactionFromDateTime": "2017-05-03T00:00:00.000+0000",
        "TransactionToDateTime": "2020-12-03T00:00:00.000+0000"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/"
    }
}

DELETE /account-access-consents/

If the PSU revokes consent to data access with the AISP, the AISP must delete the account-access-consent resource with the ASPSP before confirming consent revocation with the PSU.

  • This is done by making a call to DELETE the account-access-consent resource.
  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
  • The ConsentId should be passed as a path parameter.
  • The status of the consent is set to Revoked.

For account Access Consents resource successfully deleted will be delete request:

https://ob-dev.alsalambahrain.com/authpage/account-access-consents/jigXEFxsRBmXrP6-8T7hCQ

Response header without body:

HTTP/1.1 204 No Content

Account access consent status

The PSU must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following status code-list enumeration:

After authorisation has taken place, the account-access-consent resource may have any of the following statuses.

Setup Account Access Consent - All Permissions Granted

Example Request: Post Account Access Consents Request

POST /account-access-consents HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
Accept: application/json
 
{
  "Data": {
    "Permissions": [
      "ReadAccountsDetail",
      "ReadBalances",
      "ReadBeneficiariesDetail",
      "ReadDirectDebits",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadOffers",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2017-05-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {}
}

Example Response: Post Account Access Consents Response

HTTP/1.1 201 Created
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
{
  "Data": {
    "ConsentId": "urn-alphabank-intent-88379",
    "Status": "AwaitingAuthorisation",,
    "StatusUpdateDateTime": "2017-05-02T00:00:00+00:00"
    "CreationDateTime": "2017-05-02T00:00:00+00:00",
    "Permissions": [
      "ReadAccountsDetail",
      "ReadBalances",
      "ReadBeneficiariesDetail",
      "ReadDirectDebits",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadOffers",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2017-08-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {},
  "Links": {
    "Self": "https://ob-dev.alsalambahrain.com/authpage/account-access-consents/urn-alphabank-intent-88379"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Status - AwaitingAuthorisation

This is an example of a GET request which is made before the account access consent resource is authorised.

Example Request: Get Account Access Consents Request

GET /account-access-consents/urn-alphabank-intent-88379 HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Example Response: Get Account Access Consents Response

HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "ConsentId": "urn-alphabank-intent-88379",
    "Status": "AwaitingAuthorisation",
    "StatusUpdateDateTime": "2017-05-02T00:00:00+00:00",
    "CreationDateTime": "2017-05-02T00:00:00+00:00",
    "Permissions": [
      "ReadAccountsDetail",
      "ReadBalances",
      "ReadBeneficiariesDetail",
      "ReadDirectDebits",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadOffers",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2017-08-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {},
  "Links": {
    "Self": "https://ob-dev.alsalambahrain.com/authpage/account-access-consents/urn-alphabank-intent-88379"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Status - Authorised

This is an example of a GET request which is made after the account access consent resource is authorised.

Example Request

GET /account-access-consents/urn-alphabank-intent-88379 HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Example Response

HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "ConsentId": "urn-alphabank-intent-88379",
    "Status": "Authorised",
    "StatusUpdateDateTime": "2017-05-02T00:05:00+00:00",
    "CreationDateTime": "2017-05-02T00:00:00+00:00",
    "Permissions": [
      "ReadAccountsDetail",
      "ReadBalances",
      "ReadBeneficiariesDetail",
      "ReadDirectDebits",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadOffers",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2017-08-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {},
  "Links": {
    "Self": "https://ob-dev.alsalambahrain.com/authpage/account-access-consents/urn-alphabank-intent-88379"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Delete Account Access Consent

The DELETE /account-access-consents call allows an AISP to delete a previously created account-access-consent (whether it is currently authorised or not). The PSU may want to remove their consent via the AISP instead of revoking authorisation with the ASPSP.

This API call allows the PSU to revoke consent with the AISP - and for that consent to be reflected in authorisation with the ASPSP.

Example Request: Delete Account Access Consents Request

DELETE /account-access-consents/urn-alphabank-intent-88379 HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time:  Sun, 10 Sep 2017 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Example Response: Delete Account Access Consents Response

HTTP/1.1 204 No Content
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Setup Account Access Consent with Limited Permissions

Example Request: Post Account Access Consent Request

POST /account-access-consents HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time:  Sun, 10 Sep 2017 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
Accept: application/json
 
{
  "Data": {
    "Permissions": [
      "ReadAccountsBasic",
      "ReadBalances"
    ],
    "ExpirationDateTime": "2017-05-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {}
}

Example Response: Post Account Access Consents Response

HTTP/1.1 201 Created
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "ConsentId": "urn-alphabank-intent-88379",
    "Status": "AwaitingAuthorisation",
    "StatusUpdateDateTime": "2017-05-02T00:00:00+00:00",
    "CreationDateTime": "2017-05-02T00:00:00+00:00",
    "Permissions": [
      "ReadAccountsBasic",
      "ReadBalances"
    ],
    "ExpirationDateTime": "2017-08-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {},
  "Links": {
    "Self": "https://ob-dev.alsalambahrain.com/authpage/account-access-consents/urn-alphabank-intent-88379"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Accounts

GET /accounts

Read Accounts Detail

The call to GET /accounts is the first step after an account-request is authorised. This will allow the AISP to discover which accounts (and AccountId values) are associated with the authorisation of consent.
In this scenario, AccountId iAAvzHbwSj-mx5ESUJluzg has a building society roll number;

The ReadAccountsDetail permission has been granted.

Get Bulk Accounts Request

https://ob-dev.alsalambahrain.com/apigatway/accounts

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json

Get Accounts Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "PAN",
                        "Identification": "599995xxxxxx8997"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "QAiVQHbKQUuPH6JAuSLu0A",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "PAN",
                        "Identification": "799995xxxxxx1999"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "ye1XbKC1QNmrwRHkugEoPQ",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120102"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "zW7tnExITyaOMjdVbzBLTw",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120103"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            },
            {
                "AccountId": "AaFsDejqSWeR81AnbDflSQ",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "IBAN",
                        "Identification": "BH02ALSA01010200120101"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            }
        ]
    },
    "Links": null
}

GET /accounts/

Specific Account - Detail Permission

An AISP may also retrieve the account resource details specifically for AccountId iAAvzHbwSj-mx5ESUJluzg.
The ReadAccountsDetail permission has been granted.

Get Accounts Request

https://ob-dev.alsalambahrain.com/apigatway/accounts/iAAvzHbwSj-mx5ESUJluzg

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json

Get Accounts Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "CurrentAccount",
                "Account": [
                    {
                        "SchemeName": "PAN",
                        "Identification": "599995xxxxxx8997"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BICFI",
                    "Identification": "ALSABHBM"
                }
            }
        ]
    },
    "Links": null
}

Balances

GET /balances

If an ASPSP has implemented the bulk retrieval endpoints, an AISP may optionally retrieve the account information resources in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

An example initiating request body:

https://ob-dev.alsalambahrain.com/apigatway/balances

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json

A sample successful response:

{
    "Data": {
        "Balance": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "3467.516",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "121.538",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Closing",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "32.484",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Type": "Outstanding",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "QAiVQHbKQUuPH6JAuSLu0A",
                "Amount": {
                    "Amount": "3467.516",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "QAiVQHbKQUuPH6JAuSLu0A",
                "Amount": {
                    "Amount": "121.538",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Closing",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "QAiVQHbKQUuPH6JAuSLu0A",
                "Amount": {
                    "Amount": "32.484",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Type": "Outstanding",
                "DateTime": "2019-06-07T12:45:16.465+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "ye1XbKC1QNmrwRHkugEoPQ",
                "Amount": {
                    "Amount": "2780.335",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:45:16.465+0000"
            },
            {
                "AccountId": "zW7tnExITyaOMjdVbzBLTw",
                "Amount": {
                    "Amount": "3780.335",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:45:16.465+0000"
            },
            {
                "AccountId": "AaFsDejqSWeR81AnbDflSQ",
                "Amount": {
                    "Amount": "1780.335",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:45:16.465+0000"
            }
        ]
    },
    "Links": null
}

GET /accounts/{AccountId}/balances

An AISP may retrieve the account balance information resource for a specific AccountId (which is retrieved in the call to GET /accounts).

Get Account Balances Request

https://ob-dev.alsalambahrain.com/apigatway/accounts/iAAvzHbwSj-mx5ESUJluzg/balances

Get Account Balances Response

{
    "Data": {
        "Balance": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "3467.516",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Available",
                "DateTime": "2019-06-07T12:44:59.606+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "121.538",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Closing",
                "DateTime": "2019-06-07T12:44:59.606+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "32.484",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Type": "Outstanding",
                "DateTime": "2019-06-07T12:44:59.606+0000",
                "CreditLine": {
                    "Included": true,
                    "Amount": {
                        "Amount": "3500",
                        "Currency": "BHD"
                    },
                    "Type": "Credit"
                }
            }
        ]
    },
    "Links": null
}

Transactions

GET /transactions

An AISP may retrieve the transaction resource for a specific AccountId (which is retrieved in the call to GET /accounts).

An example initiating request:

https://ob-dev.alsalambahrain.com/apigatway/transactions

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json

A sample successful response:

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "352.5",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "2016-06-25T21:00:00.000+0000",
                "TransactionInformation": "PURCHASE",
                "ProprietaryBankTransactionCode": {
                    "Code": "PURCHASE"
                },
                "DebtorAgent": {
                    "SchemeName": "599995xxxxxx8997",
                    "Identification": "599995xxxxxx8997"
                },
                "DebtorAccount": {}
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "3350",
                    "Currency": "USD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "0001-01-02T21:00:00.000+0000",
                "TransactionInformation": "PURCHASES & SERVICES",
                "ProprietaryBankTransactionCode": {
                    "Code": "PURCHASES & SERVICES"
                },
                "DebtorAgent": {
                    "SchemeName": "599995xxxxxx8997",
                    "Identification": "599995xxxxxx8997"
                },
                "DebtorAccount": {}
            },
            {
                "AccountId": "AaFsDejqSWeR81AnbDflSQ",
                "Amount": {
                    "Amount": "108.145",
                    "Currency": "BHD"
                },
                "Status": "Booked",
                "BookingDateTime": "2019-05-30T00:00:00.000+0000",
                "ProprietaryBankTransactionCode": {},
                "DebtorAgent": {
                    "SchemeName": "BH02ALSA01010200120101",
                    "Identification": "BH02ALSA01010200120101"
                },
                "DebtorAccount": {}
            }
        ]
    },
    "Links": null
}

GET /accounts/{AccountId}/transactions

If an ASPSP has implemented the bulk retrieval endpoints, an AISP may optionally retrieve the transactions in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

Data Model

The OBReadTransaction5 object will be used for the call to:

  • GET /accounts/{AccountId}/transactions

Resource Definition

A resource that describes a posting to an account that results in an increase or decrease to a balance.

For a specific date range, an account (AccountId) may have no transactions booked, or may have multiple transactions booked.

The ASPSP must treat the following as valid input:

  • Non-working days (e.g. a Sunday or a Bank holiday) or any other days on which no transactions are recorded.
  • Dates that fall outside the range for which transaction information is provided through APIs.
  • Dates that fall outside the range for which a consent authorisation is available.
  • Timezone may be included in the filter request, but must be ignored by the ASPSP.

In the above situations, the ASPSP must return data for the remaining valid period specified by the filter.

An example initiating request body:

https://ob-dev.alsalambahrain.com/apigatway/accounts/iAAvzHbwSj-mx5ESUJluzg/transactions

Request Headers

Authorization: Bearer Cr352SewGFe
Accept: application/json

A sample successful response:

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "352.5",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "2016-06-25T21:00:00.000+0000",
                "TransactionInformation": "PURCHASE",
                "ProprietaryBankTransactionCode": {
                    "Code": "PURCHASE"
                },
                "DebtorAgent": {
                    "SchemeName": "599995xxxxxx8997",
                    "Identification": "599995xxxxxx8997"
                },
                "DebtorAccount": {}
            },
            {
                "AccountId": "iAAvzHbwSj-mx5ESUJluzg",
                "Amount": {
                    "Amount": "3350",
                    "Currency": "USD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "0001-01-02T21:00:00.000+0000",
                "TransactionInformation": "PURCHASES & SERVICES",
                "ProprietaryBankTransactionCode": {
                    "Code": "PURCHASES & SERVICES"
                },
                "DebtorAgent": {
                    "SchemeName": "599995xxxxxx8997",
                    "Identification": "599995xxxxxx8997"
                },
                "DebtorAccount": {}
            }
        ]
    },
    "Links": null
}

No Access

In this example, the AISP does not have access to call the transactions endpoint. This will result in a 403 error.

GET Account Transactions Request

GET /accounts/22289/transactions HTTP/1.1
Authorization: Bearer Cr352SewGFe
Accept: application/json

GET Account Transactions Response

HTTP/1.1 403 Forbidden