AISP (Account Information Service Provider), supported since 2021

An AISP is a market player using a customer’s account information to build new advisory and information services for customers. An AISP has no agreements with your bank, but as a customer you can give AISP full access to all your account information, regardless of how many bank accounts you have.

Access Management

The Al Salam Bank APIs use OAuth2 as authorization mechanism for access management to the endpoints. OAuth is an open standard that provides secure access to protected resources. Al Salam Bank authorisation server issues three types of tokens (Access Token, Refresh Token, ID Token)

Access tokens are used to allow AISPs access to protected resources (including APIs), the tokens are only valid for a short duration (e.g. 30 minutes).

ID tokens (also known as Identity Token) are provided in a standard JWT format and signed by the OpenID Provider (i.e. Al Salam Bank authorisation server), these are issued to AISP as part of a successful Consent journey.

Refresh tokens are required to obtain new access tokens when the current token becomes invalid or expires. Refresh tokens are issued to the AISP by the authorisation server.

Authorization Codes must be validated by the TPP (AISP/PISP)

How it works

The below sets out the steps you should take to use the Al Salam Bank API Exchange

  1. Request Account Information

    • The process begins with a PSU consenting to an AISP accessing their account information
  2. Setup Account Access Consent

    • The AISP connects to Al Salam Bank’s API Gateway and creates an account-access-consent resource
    • This informs Al Salam Bank that one of our PSUs is granting access to account and/or transaction information to an AISP
    • Al Salam Bank responds with an identifier for the resource, ConsentId - the intent identifier
    • This step is carried out by making a POST request to /account-access-consents endpoint
    • The account-access-consent resource will include the fields below which describe data the PSU has consented with the AISP:
      • Permissions - a list of data clusters that have been consented for access
      • Expiration Date - an expiration for when the AISP will no longer have access to the PSU's data
      • Transaction Validity Period - the From/To date range which specifies a historical period for transactions and statements which may be accessed by the AISP
    • An AISP may be a broker for data to other parties, and so it is valid for a PSU to have multiple account-access-consents for the same accounts, with different consent/authorisation parameters agreed
  3. Authorise Consent

    • The AISP requests the PSU to give its consent to authorise the AISP to deliver services enabling access to account information and to access this information for the designated payment accounts and associated
    • The AISP redirects the PSU to the ASPSP
    • The redirect includes the ConsentId generated in the previous step
    • The PSU should have an access to the Al Salam Netbanking (https://online-banking.alsalambahrain.com/RetailBanking) in order to processed with this step.
    • The PSU will be required to enter his/her CPR, Mobile and CIF and upone successful authinitcation an OTP (One Time Password - 6 digit) will be sent to his/her Bank registered mobile
    • This allows the ASPSP to correlate the account-access-consent that was setup
    • The ASPSP authenticates the PSU
    • The ASPSP updates the state of the account-access-consent resource internally to indicate that the account access consent has been authorised
    • Once the consent has been authorised, the PSU is redirected back to the AISP
    • The principle is that consent is managed between the PSU and the AISP - the account-access-consent details must not be changed in this step.
    • The PSU will only be able to authorise or reject the account-access-consent details in its entirety
    • During authorisation, the PSU selects accounts that are authorised for the AISP request in the ASPSP's banking interface
  4. Request Data

    • This is carried out by making a GET request the relevant resource
    • The unique AccountId(s) that are valid for the consent will be returned with a call to GET /accounts
    • This will always be the first call once an AISP has a valid access token

Obtaining an Access Token to Register Intent

Firstly, you authenticate with us and obtain an Public Token. This token is used later to register payment requests.

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2

Header Request

Content-Type:application/x-www-form-urlencoded

Body Request

grant_type:client_credentials
scope:accounts
client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA

Corresponding Response:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg",
    "expires_in": 86400,
    "token_type": "bearer",
    "scope": "accounts"
}

Then we need register new consent using retrieved public token. In this step we will be redirected to AuthPage for consents authorization and in case of successful authorization will be issue authorized key which will be change on resource token (This will be used in the next query as/token.oauth2)

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/bobf/release1.0.0/account-access-consents

Header Request


Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg

Body Request

{
  "Data": {
    "Permissions": [
    	"ReadAccountsBasic",
        "ReadAccountsDetail",
        "ReadBalances",
        "ReadBeneficiariesBasic",
        "ReadBeneficiariesDetail",
        "ReadDirectDebits",
        "ReadOffers",
        "ReadPAN",
        "ReadParty",
        "ReadSupplementaryAccountInfo",
        "ReadFutureDatedPaymentsBasic",
        "ReadFutureDatedPaymentsDetail",
        "ReadStandingOrdersBasic",
        "ReadStandingOrdersDetail",
        "ReadStatementsBasic",
        "ReadStatementsDetail",
        "ReadTransactionsBasic",
        "ReadTransactionsCredits",
        "ReadTransactionsDebits",
        "ReadTransactionsDetail"
    ],
    "TransactionFromDateTime": "2021-05-22T07:05:34.327+03:00",
    "TransactionToDateTime": "2021-05-23T07:05:34.327+03:00"
  }
}

Corresponding Response:

{
    "Data": {
        "ConsentId": "glBChqDKSK2SkOUS3n1pOQ",
        "Status": "AwaitingAuthorisation",
        "StatusUpdateDateTime": "2021-05-22T17:45:04.004Z",
        "CreationDateTime": "2021-05-22T17:45:04.004Z",
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail",
            "ReadBalances",
            "ReadBeneficiariesBasic",
            "ReadBeneficiariesDetail",
            "ReadDirectDebits",
            "ReadOffers",
            "ReadPAN",
            "ReadParty",
            "ReadSupplementaryAccountInfo",
            "ReadFutureDatedPaymentsBasic",
            "ReadFutureDatedPaymentsDetail",
            "ReadStandingOrdersBasic",
            "ReadStandingOrdersDetail",
            "ReadStatementsBasic",
            "ReadStatementsDetail",
            "ReadTransactionsBasic",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail"
        ],
        "TransactionFromDateTime": "2021-05-22T04:10:27.027Z",
        "TransactionToDateTime": "2021-05-23T04:10:27.027Z"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/glBChqDKSK2SkOUS3n1pOQ"
    }
}

And code response

ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKcGMzTWlPaUpVVFZOY0wxZ2lMQ0p6ZFdJaU9pSmhkWFJvWDJOdlpHVWlMQ0pqYjI1elpXNTBTV1FpT2lKNmRIVmpOM1ZWTWxSMVMyRkdMVWRIVVdSalRsOVJJaXdpWlhod0lqb3hOakl4Tnprek16Y3dMQ0pwWVhRaU9qRTJNakUzTURZNU56QjkuVHpTNEFHRWxJTWlGRmZwd3FNWlY3Vno0VEM1d3NiSUJLNjZiZmhfV19EOGdNNUphNnhGZng0QklWa1F1eUk2MDhhUDdSZVBkYlc4aWJfMHY1VGZjcUJiLU9HNEpNeTd5azRJaV9IWTlHTlBkRUpHc2pCREtFdUVhY0JzaXdkU05JUTl4YmJMM2lxTUVKN0ZKWXgtT2JJN09HbXpsRE5QWW5vWEF2U2lZcEM3a1RkbzJvNnQ1T2RfX1BxdV9NdWQyWEtmNndnWmFJbWc0NG1RaHNjMF91SF9VbHFrT0xHZ2VMUXY0eWRNZkJjU2g3MDBTYU9SUE13WHl5VklJR2NPYVhCRGlSQS0zN1FzR1J4OXdzUWpnWkpRWFRiaVRwMDNRckxaLU5MY3htN21JeHUwTkVCdUctT1FsM0lyWlhTMC1nQzVsR1gwQndQZXdRMXZhbEJ1RGhR

This example post request describe how to exchange authorized key to resource token

Example Post Request

https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2

Header Request

Content-Type:application/x-www-form-urlencoded

Body Request

grant_type:authorization_code
code:ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnNXRGRFTFVWcU5GUnlObEZ1T0VkM1lsZFZOVVpCSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl3TWpReU5EUXdMQ0pwWVhRaU9qRTFOakF4TlRZd05EQjkubHc4NEVPYjZFVDJ2R0RSTU1rSHdxRWQwczVDc3FKanRjcUpkSDdjNGZLR1FGdm0tbVpLR0dOekdmS3hXTDNIZ3BxY21iMjJJNEtkN2RSVk0tcFpKVWZCZVR5ZVFuNWd1V3NFdmt6N3QzdHByazJoQmtzVC1GOE00S2hKNUhFSGt5dlpyVkExQ19VaGxVVDJoT2ZCbnRtZkxHd3JGam5vQUNmNEt4Rk9IMWtLY3p1MXVUbzBKbzJuVWI4UzFNb0U2U1JYREJvUkk5aldEZ3NyelAxaFdFeldXdDhJU3pHcWVuWHVMbm80X05MNjdPdWRRbERYaTlOeWpJU1FTZndwTTlCT2Y2VkRpejdCTHVpNTJpbmtFYTZxeEVwOG9SMWdQcTRPaXJKS1ZuZmRjQUhyUDVJa0haRjE4Z3JKUXVtd1NxYWhMZ0E0VFNYOFoxcjhzZkpzR3h3
client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA

Responce

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6dHVjN3VVMlR1S2FGLUdHUWRjTl9RIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxNzkzNTk4LCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3MDcxOTh9.AuaiJIJRezTXeDZXWfqWjDZBiqIfaA3t6Ekf2oGvT5AAXpxYPbNBpl7Gr2kBpQqpoVCKGIPVxDee6QJVQgQm_s1dLB21lDg6v3xKKAlTehqnWUE_8177DWhu0KUNXWwpt3GeEnbJOSC6jlbEmeISs30tx2r4N9L4UtqzWTNdMCFxB22z-gPUxd7-AhHm0FN7Z86CH4HyaYClvxLs4_3OqJluBJTqREEJNbINgQUwxzalinVYbQY5qn-fXra5fkCoTomWaDVyCbGgXm-mydfos-Gm_QuyhF-s-xhIladdmhHq8e1ljauu4MQ4gC_aLDfYL7Xv2DIlEm30rOeSLyHNeA",
    "expires_in": 86400,
    "token_type": "bearer",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6dHVjN3VVMlR1S2FGLUdHUWRjTl9RIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODc5OTk4LCJ0b2tlbl90eXBlIjoiUkVGUkVTSCIsImlhdCI6MTYyMTcwNzE5OH0.XiPAHiZPX6qYaM6C8_udM7aPdE1XRrdy5ZvTfAoxbUXHXOejVvBO6ZLpqkyuuE4EqbZqoIt07_q-2a8lVICNZTixco6DIDplB9tI5Ly3MQnFq4-yvP7Uoi-FcBpYMPXFnkOXY2QIf5C220N2GOKQkRD8NlxDZNThGqqzWsyaMhAFw78qz0gW6sP19u0RIoWNKm0ZC1dkriLYo_HGjv2CXul7VtM_cNMUJELBECzaUUWGmIRICTJUgr-X_YEbm7TinxF-PNzworUlzhyiINeoCvKiQkScHmFCWhYTU66MY5R36SnmnDzyAdL8oyDfXTTxeICEBKKDwCcSIkeQmpA4aA"
}

In last step we will use resource token to get resource URLs via get request

Example Get Request

https://ob-dev.alsalambahrain.com/apigateway/bobf/release1.0.0/accounts

Header Request

Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwiY29uc2VudElkIjoibFg3RC1FajRUcjZRbjhHd2JXVTVGQSIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjUyMSwiaWF0IjoxNTYwMTU2MTIxfQ.HHDDSZgo4OYuH1H2BTXfYg0dWal9LOGiUx0crlxaZDzxJ4GxnEJIeWctkllD_8XcN-DlGih2R3aMmJdIqi0Dk5wvOU3nv0DN50nKTbTdjzce4DLFL2nYV21lhv0xNHKx5nG6DWXfAdLt3p_MrgMR_PO3i-4tzOrpU_QASWnlczfdxbZYbauscWdXksoaMAnVxvwqXT4TjPtCdVfm3YKSSHfC9U-698c16r0uAXZ2gmzA0GnWGqbfyv8gwV6bRY8rBv4R7huEoK0OUZtUL6NF8xbLTCJ3hHN6Gjm9kpdj-5j8fjYYbd3TgfO5Dlc_v5POrWva5E6tFlI4fJCAJET96Q

Responce

{
    "Data": {
        "Account": [
            {
                "AccountId": "dBuwH2xDSPKhiA0DQkjWaw",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "SAVINGS",
                "Nickname": "Name-1 106976",
                "Account": [
                    {
                        "SchemeName": "BH.OBF.IBAN",
                        "Identification": "BH13ALSA00106976100100"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BH.OBF.BICFI",
                    "Identification": "ALSABHB0"
                }
            }
        ]
    }
}

API endpoints

APIs are grouped into API products, each with a subset of the API endpoints exposed as part of the banking APIs. Check out the products, API signatures, parameters, and response structure to understand the APIs from a functional perspective.

Account information APIs provide information for accounts held by the bank customer. Information is categorized into:

Link Resource Endpoints
Account Access Consent account-access-consents POST /bobf/release1.0.0/account-access-consents
account-access-consents GET /bobf/release1.0.0/account-access-consents/
account-access-consents PATCH /bobf/release1.0.0/account-access-consents/
Accounts accounts GET /bobf/release1.0.0/accounts
accounts GET /bobf/release1.0.0/accounts/
Balances balances GET /bobf/release1.0.0/accounts/{AccountId}/balances
balances GET /bobf/release1.0.0/balances
Transactions transactions GET /bobf/release1.0.0/accounts/{AccountId}/transactions
transactions GET /bobf/release1.0.0/transactions
Beneficiaries beneficiaries GET /bobf/release1.0.0/accounts/{AccountId}/beneficiaries
beneficiaries GET /bobf/release1.0.0/beneficiaries
Direct Debits direct-debits GET /bobf/release1.0.0/accounts/{AccountId}/direct-debits
direct-debits GET /bobf/release1.0.0/direct-debits
Standing Orders standing-orders GET /bobf/release1.0.0/accounts/{AccountId}/standing-orders
standing-orders GET /bobf/release1.0.0/standing-orders
Statements statements GET /bobf/release1.0.0/accounts/{AccountId}/statements
statements GET /bobf/release1.0.0/accounts/{AccountId}/statements/
statements GET /bobf/release1.0.0/accounts/{AccountId}/statements/{StatementId}/file
transactions GET /bobf/release1.0.0/accounts/{AccountId}/statements/{StatementId}/transactions
statements GET /bobf/release1.0.0/statements
Sharing Product Details sharing product details GET /bobf/release1.0.0/sharing-product-details

AISP Endpoints and Examples

Create account initiation request

This API resource can be used to send an account initiation request. This allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API resource allows the AISP to send a copy of the consent to the ASPSP to authorise access to account information.
  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
  • The status of the consent is set to AwaitingAuthorisation.

POST /bobf/release1.0.0/account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. This is because the behaviour of the pre-selected accounts, after authorisation, is not clear from a legal perspective.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

    An example initiating request

    https://ob-dev.alsalambahrain.com/authpage/bobf/release1.0.0/account-access-consents
    

    Request Headers

    Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ
    Accept: application/json
    Content-Type:application/json
    

    An example initiating request body:

{
  "Data": {
    "Permissions": [
    	"ReadAccountsBasic",
        "ReadAccountsDetail",
        "ReadBalances",
        "ReadBeneficiariesBasic",
        "ReadBeneficiariesDetail",
        "ReadDirectDebits",
        "ReadOffers",
        "ReadPAN",
        "ReadParty",
        "ReadSupplementaryAccountInfo",
        "ReadFutureDatedPaymentsBasic",
        "ReadFutureDatedPaymentsDetail",
        "ReadStandingOrdersBasic",
        "ReadStandingOrdersDetail",
        "ReadStatementsBasic",
        "ReadStatementsDetail",
        "ReadTransactionsBasic",
        "ReadTransactionsCredits",
        "ReadTransactionsDebits",
        "ReadTransactionsDetail"
    ],
    "TransactionFromDateTime": "2021-05-22T07:05:34.327+03:00",
    "TransactionToDateTime": "2021-05-23T07:05:34.327+03:00"
  }
}

A sample successful response:

  {
    "Data": {
        "ConsentId": "PTmhIm9kTjq1LK49u8PI-A",
        "Status": "AwaitingAuthorisation",
        "StatusUpdateDateTime": "2021-05-23T09:18:18.018Z",
        "CreationDateTime": "2021-05-23T09:18:18.018Z",
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail",
            "ReadBalances",
            "ReadBeneficiariesBasic",
            "ReadBeneficiariesDetail",
            "ReadDirectDebits",
            "ReadOffers",
            "ReadPAN",
            "ReadParty",
            "ReadSupplementaryAccountInfo",
            "ReadFutureDatedPaymentsBasic",
            "ReadFutureDatedPaymentsDetail",
            "ReadStandingOrdersBasic",
            "ReadStandingOrdersDetail",
            "ReadStatementsBasic",
            "ReadStatementsDetail",
            "ReadTransactionsBasic",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail"
        ],
        "TransactionFromDateTime": "2021-05-22T04:10:27.027Z",
        "TransactionToDateTime": "2021-05-23T04:10:27.027Z"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/PTmhIm9kTjq1LK49u8PI-A"
    }
}

Account Access Consent Status

The PSU must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup.

The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

AwaitingAuthorisation: The account access consent is awaiting authorisation.

After authorisation has taken place the account-access-consent resource may have these following statuses.

Rejected: The account access consent has been rejected.

Authorised: The account access consent has been successfully authorised.

Revoked: The account access consent has been revoked via the ASPSP interface.

GET /bobf/release1.0.0/account-access-consents/

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

The usage of this API endpoint will be subject to an ASPSP's fair usage policies.

Account Access Consent Status

Once the PSU authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are:

Status Status Description
1 Rejected The account access consent has been rejected.
2 AwaitingAuthorisation The account access consent is awaiting authorisation.
3 Authorised The account access consent has been successfully authorised.
4 Revoked The account access consent has been revoked via the ASPSP interface.

An example initiating request body:

https://ob-dev.alsalambahrain.com/authpage/account-access-consents/4ZLw3hVjTBGe6oYW0aooiQ

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ
Accept: application/json
Content-Type:application/json

A sample successful response:

{
    "Data": {
        "ConsentId": "CnzJtO4sQeGwr4NxfSDEPQ",
        "Status": "Revoked",
        "StatusUpdateDateTime": "2021-04-28T09:28:55.055Z",
        "CreationDateTime": "2021-04-28T09:28:55.055Z",
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail",
            "ReadBalances",
            "ReadBeneficiariesBasic",
            "ReadBeneficiariesDetail",
            "ReadDirectDebits",
            "ReadOffers",
            "ReadPAN",
            "ReadParty",
            "ReadSupplementaryAccountInfo",
            "ReadFutureDatedPaymentsBasic",
            "ReadFutureDatedPaymentsDetail",
            "ReadStandingOrdersBasic",
            "ReadStandingOrdersDetail",
            "ReadStatementsBasic",
            "ReadStatementsDetail",
            "ReadTransactionsBasic",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail"
        ],
        "TransactionFromDateTime": "2020-03-17T04:10:27.027Z",
        "TransactionToDateTime": "2020-05-17T04:10:27.027Z"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/CnzJtO4sQeGwr4NxfSDEPQ"
    }
}


PATCH /bobf/release1.0.0/account-access-consents/

If the PSU revokes consent to data access with the AISP, the AISP must delete the account-access-consent resource with the ASPSP before confirming consent revocation with the PSU.

  • This is done by making a call to DELETE the account-access-consent resource.
  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
  • The ConsentId should be passed as a path parameter.
  • The status of the consent is set to Revoked.

For account Access Consents resource successfully deleted will be delete request:

https://ob-dev.alsalambahrain.com/authpage/bobf/release1.0.0/account-access-consents/PTmhIm9kTjq1LK49u8PI-A

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ
Accept: application/json
Content-Type:application/json

A sample successful response:

{
    "Data": {
        "ConsentId": "PTmhIm9kTjq1LK49u8PI-A",
        "Status": "Revoked",
        "StatusUpdateDateTime": "2021-05-23T09:18:18.018Z",
        "CreationDateTime": "2021-05-23T09:18:18.018Z",
        "Permissions": [
            "ReadAccountsBasic",
            "ReadAccountsDetail",
            "ReadBalances",
            "ReadBeneficiariesBasic",
            "ReadBeneficiariesDetail",
            "ReadDirectDebits",
            "ReadOffers",
            "ReadPAN",
            "ReadParty",
            "ReadSupplementaryAccountInfo",
            "ReadFutureDatedPaymentsBasic",
            "ReadFutureDatedPaymentsDetail",
            "ReadStandingOrdersBasic",
            "ReadStandingOrdersDetail",
            "ReadStatementsBasic",
            "ReadStatementsDetail",
            "ReadTransactionsBasic",
            "ReadTransactionsCredits",
            "ReadTransactionsDebits",
            "ReadTransactionsDetail"
        ],
        "TransactionFromDateTime": "2021-05-22T04:10:27.027Z",
        "TransactionToDateTime": "2021-05-23T04:10:27.027Z"
    },
    "Links": {
        "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/PTmhIm9kTjq1LK49u8PI-A"
    }
}

Accounts

GET /bobf/release1.0.0/accounts

Read Accounts Detail

The call to GET /bobf/release1.0.0/accounts is the first step after an account-request is authorised. This will allow the AISP to discover which accounts (and AccountId values) are associated with the authorisation of consent.
In this scenario, AccountId Zz83yzNPQv6u5aWQbCwQWQ has a building society roll number;

The ReadAccountsBasic permission has been granted.

Get Bulk Accounts Request

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts

Request Headers

Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

Get Accounts Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "SAVINGS",
                "Nickname": "Name-1 106976",
                "Account": [
                    {
                        "SchemeName": "BH.OBF.IBAN",
                        "Identification": "BH13ALSA00106976100100"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BH.OBF.BICFI",
                    "Identification": "ALSABHB0"
                }
            }
        ]
    }
}

GET /bobf/release1.0.0/accounts/

Specific Account - Detail Permission

An AISP may also retrieve the account resource details specifically for AccountId Zz83yzNPQv6u5aWQbCwQWQ.
The ReadAccountsDetail permission has been granted.

Get Accounts Request

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

Get Accounts Response

{
    "Data": {
        "Account": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "Status": "Enabled",
                "Currency": "BHD",
                "AccountType": "Personal",
                "AccountSubType": "SAVINGS",
                "Nickname": "Name-1 106976",
                "Account": [
                    {
                        "SchemeName": "BH.OBF.IBAN",
                        "Identification": "BH13ALSA00106976100100"
                    }
                ],
                "Servicer": {
                    "SchemeName": "BH.OBF.BICFI",
                    "Identification": "ALSABHB0"
                }
            }
        ]
    }
}

Balances

GET /bobf/release1.0.0/balances

If an ASPSP has implemented the bulk retrieval endpoints, an AISP may optionally retrieve the account information resources in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

The ReadBalances permission has been granted.

An example initiating request body:

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/balances

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Balance": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "Amount": {
                    "Amount": "273.102",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Information",
                "DateTime": "2021-05-23T13:11:00.117+03:00[Europe/Moscow]"
            }
        ]
    },
    "Links": null
}

GET /bobf/release1.0.0/accounts/ {AccountId}/balances

An AISP may retrieve the account balance information resource for a specific AccountId (which is retrieved in the call to GET /bobf/release1.0.0/accounts).

The ReadBalances permission has been granted.

Get Account Balances Request

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ/balances

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Balance": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "Amount": {
                    "Amount": "273.102",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Credit",
                "Type": "Information",
                "DateTime": "2021-05-23T13:12:13.539+03:00[Europe/Moscow]"
            }
        ]
    },
    "Links": null
}

Transactions

GET /bobf/release1.0.0/transactions

An AISP may retrieve the transaction resource for a specific AccountId (which is retrieved in the call to GET /bobf/release1.0.0/accounts).

The ReadTransactionsBasic permission has been granted.

An example initiating request:

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/transactions

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "TransactionReference": "TT183440",
                "Amount": {
                    "Amount": "2200.00000",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "2018-12-10T13:50:00+0000",
                "TransactionInformation": "Cash Withdrawal-TT183440",
                "DebtorAgent": {
                    "SchemeName": "BH.OBF.BICFI",
                    "Identification": "ALSABHB0"
                },
                "DebtorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": "00106976100100"
                }
            }
        ]
    },
    "Links": null
}

GET /bobf/release1.0.0/accounts/ {AccountId}/transactions

If an ASPSP has implemented the bulk retrieval endpoints, an AISP may optionally retrieve the transactions in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

The ReadTransactionsDetail permission has been granted.

Data Model

The OBReadTransaction5 object will be used for the call to:

  • GET /accounts/{AccountId}/transactions

Resource Definition

A resource that describes a posting to an account that results in an increase or decrease to a balance.

For a specific date range, an account (AccountId) may have no transactions booked, or may have multiple transactions booked.

The ASPSP must treat the following as valid input:

  • Non-working days (e.g. a Sunday or a Bank holiday) or any other days on which no transactions are recorded.
  • Dates that fall outside the range for which transaction information is provided through APIs.
  • Dates that fall outside the range for which a consent authorisation is available.
  • Timezone may be included in the filter request, but must be ignored by the ASPSP.

In the above situations, the ASPSP must return data for the remaining valid period specified by the filter.

An example initiating request body:

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ/transactions

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Transaction": [
            {
                "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ",
                "TransactionReference": "TT183440",
                "Amount": {
                    "Amount": "2200.00000",
                    "Currency": "BHD"
                },
                "CreditDebitIndicator": "Debit",
                "Status": "Booked",
                "BookingDateTime": "2018-12-10T13:50:00+0000",
                "TransactionInformation": "Cash Withdrawal-TT183440",
                "DebtorAgent": {
                    "SchemeName": "BH.OBF.BICFI",
                    "Identification": "ALSABHB0"
                },
                "DebtorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": "00106976100100"
                }
            }
        ]
    },
    "Links": null
}

Beneficiaries

GET /bobf/release1.0.0/beneficiaries

The ReadBeneficiariesBasic permission has been granted.

An example initiating request body:

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/beneficiaries

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Beneficiary": [
            {
                "AccountId": "rvLMP0Y1T1uItFyryIwqYQ",
                "BeneficiaryId": "2247",
                "Reference": "Installment",
                "CreditorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": "BH10XYZU00100000005698",
                    "Name": "Khalid Ahmed Ali"
                }
            },
            {
                "AccountId": "rvLMP0Y1T1uItFyryIwqYQ",
                "BeneficiaryId": "1567",
                "Reference": "Investment",
                "CreditorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": " BH10XYZU00100000008876",
                    "Name": "Ali Hassan Mohammed"
                }
            }
        ]
    }
}

GET /bobf/release1.0.0/accounts/{AccountId}/beneficiaries

The ReadBeneficiariesDetail permission has been granted.

Get Account Balances Request

https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/rvLMP0Y1T1uItFyryIwqYQ/beneficiaries

Request Headers

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A
Accept: application/json

A sample successful response:

{
    "Data": {
        "Beneficiary": [
            {
                "AccountId": "rvLMP0Y1T1uItFyryIwqYQ",
                "BeneficiaryId": "2247",
                "Reference": "Installment",
                "CreditorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": "BH10XYZU00100000005698",
                    "Name": "Khalid Ahmed Ali"
                }
            },
            {
                "AccountId": "rvLMP0Y1T1uItFyryIwqYQ",
                "BeneficiaryId": "1567",
                "Reference": "Investment",
                "CreditorAccount": {
                    "SchemeName": "BH.OBF.IBAN",
                    "Identification": " BH10XYZU00100000008876",
                    "Name": "Ali Hassan Mohammed"
                }
            }
        ]
    }
}

Products

GET /bobf/release1.0.0/sharing-product-details

Type of required token is Public token

An example initiating request:


https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/sharing-product-details

Request Headers

Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTYyMTg3NDAyMCwidG9rZW5fdHlwZSI6IlBVQkxJQyIsImlhdCI6MTYyMTc4NzYyMH0.iJfMcKjGR7YpK5xvUlos8i_lR3BDEQpkxUt_WpravIWDvRKYZ-1IFfpwxCqpbDEHBOJaoDqAhwQbSR6hRu3Z-D9z2XtqLtGGG5ADzTb5CSmhRBcd14TLhgZVg7PvXluQtLCR_U2OvzqlYhqM7VEtWXnnaCDN3VZAG4wqu1TKYPQEs0Gplr0l8YDxMH3NHIeE9Rtgms4KiT5KEw7mIoor1wBJ1kkTBVdFmA-5Z_UcNxtoqKdN7kxJTP3O5nDQjOE-65LiWXNP0wR9uUtJYpRduybHc-EoxfplS2zRT4YqXfsYNQrl7ae5B0xb9UB_4GDJOB40h3C9z4tQr6tg7BJUKg
Accept:application/json
x-idempotency-key:XYZ.51403.MLT.30
x-jws-signature:LMlmPSqzISEpar72ce5deMGue4RsZMDnZYG1bW6hdPlvriZ=..G1rrM18vVYBmdmRurS6nIR1yFHR8bGZyIJdvaB5nKGRvm35hTr==
x-fapi-auth-date:Tue, 12 Mar 2021 09:10:17 GMT+3
x-fapi-customer-ip-address:204.35.213.15
x-fapi-interaction-id:75bdc714-b2dg-7676-c759-780d6815689f

A sample successful response:

{
    "Data": {
        "CreditCards": [
            {
                "ProductDetails": {
                    "CategoryName": "123",
                    "CategoryCode": "123",
                    "ProductDescription": "123",
                    "ProductCode": "123",
                    "SubProductCode": "123",
                    "Segment": "123"
                },
                "Features": {
                    "Currency": "BHD"
                },
                "Eligibility": {},
                "Benefits": {},
                "TermsAndConditions": {}
            }
        ],
        "Loans": [
            {
                "ProductDetails": {
                    "CategoryName": "123",
                    "CategoryCode": "123",
                    "ProductDescription": "123",
                    "ProductCode": "123",
                    "SubProductCode": "123",
                    "Segment": "123"
                },
                "Features": {
                    "Currency": "BHD"
                },
                "Eligibility": {},
                "Benefits": {},
                "TermsAndConditions": {}
            }
        ],
        "OBBranch": {
            "Branch": [
                {
                    "Identification": "1",
                    "PostalAddress": {
                        "GeoLocation": {}
                    }
                }
            ]
        }
    }
}