<!-- TITLE: AISP (Account Information Service Provider), supported since 2021 --> <!-- SUBTITLE: An AISP is a market player using a customer’s account information to build new advisory and information services for customers. An AISP has no agreements with your bank, but as a customer you can give AISP full access to all your account information, regardless of how many bank accounts you have. --> # Access Management The Al Salam Bank APIs use OAuth2 as authorization mechanism for access management to the endpoints. OAuth is an open standard that provides secure access to protected resources. Al Salam Bank authorisation server issues three types of tokens (Access Token, Refresh Token, ID Token) **Access tokens** are used to allow AISPs access to protected resources (including APIs), the tokens are only valid for a short duration (e.g. 30 minutes). **ID tokens** (also known as Identity Token) are provided in a standard JWT format and signed by the OpenID Provider (i.e. Al Salam Bank authorisation server), these are issued to AISP as part of a successful Consent journey. **Refresh tokens** are required to obtain new access tokens when the current token becomes invalid or expires. Refresh tokens are issued to the AISP by the authorisation server. **Authorization Codes** must be validated by the TPP (AISP/PISP) # How it works The below sets out the steps you should take to use the Al Salam Bank API Exchange 1. Request Account Information > - The process begins with a PSU consenting to an AISP accessing their account information 2. Setup Account Access Consent > - The AISP connects to Al Salam Bank’s API Gateway and creates an account-access-consent resource > - This informs Al Salam Bank that one of our PSUs is granting access to account and/or transaction information to an AISP > - Al Salam Bank responds with an identifier for the resource, ConsentId - the intent identifier > - This step is carried out by making a POST request to /account-access-consents endpoint > - The account-access-consent resource will include the fields below which describe data the PSU has consented with the AISP: > - Permissions - a list of data clusters that have been consented for access > - Expiration Date - an expiration for when the AISP will no longer have access to the PSU's data > - Transaction Validity Period - the From/To date range which specifies a historical period for transactions and statements which may be accessed by the AISP > - An AISP may be a broker for data to other parties, and so it is valid for a PSU to have multiple account-access-consents for the same accounts, with different consent/authorisation parameters agreed 3. Authorise Consent > - The AISP requests the PSU to give its consent to authorise the AISP to deliver services enabling access to account information and to access this information for the designated payment accounts and associated > - The AISP redirects the PSU to the ASPSP > - The redirect includes the ConsentId generated in the previous step > - The PSU should have an access to the Al Salam Netbanking (https://online-banking.alsalambahrain.com/RetailBanking) in order to processed with this step. > - The PSU will be required to enter his/her CPR, Mobile and CIF and upone successful authinitcation an OTP (One Time Password - 6 digit) will be sent to his/her Bank registered mobile > - This allows the ASPSP to correlate the account-access-consent that was setup > - The ASPSP authenticates the PSU > - The ASPSP updates the state of the account-access-consent resource internally to indicate that the account access consent has been authorised > - Once the consent has been authorised, the PSU is redirected back to the AISP > - The principle is that consent is managed between the PSU and the AISP - the account-access-consent details must not be changed in this step. > - The PSU will only be able to authorise or reject the account-access-consent details in its entirety > - During authorisation, the PSU selects accounts that are authorised for the AISP request in the ASPSP's banking interface 4. Request Data > - This is carried out by making a GET request the relevant resource > - The unique AccountId(s) that are valid for the consent will be returned with a call to GET /accounts > - This will always be the first call once an AISP has a valid access token # Obtaining an Access Token to Register Intent Firstly, you authenticate with us and obtain an Public Token. This token is used later to register payment requests. *Example Post Request* ``` https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2 ``` *Header Request* ``` Content-Type:application/x-www-form-urlencoded ``` *Body Request* ``` grant_type:client_credentials scope:accounts client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA ``` *Corresponding Response:* ```html { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg", "expires_in": 86400, "token_type": "bearer", "scope": "accounts" } ``` Then we need register new consent using retrieved public token. In this step we will be redirected to AuthPage for consents authorization and in case of successful authorization will be issue authorized key which will be change on resource token (This will be used in the next query as/token.oauth2) *Example Post Request* ``` https://ob-dev.alsalambahrain.com/apigateway/bobf/release1.0.0/account-access-consents ``` *Header Request* ``` Content-Type:application/json Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjIyMiwiaWF0IjoxNTYwMTU1ODIyfQ.eNpQEwvlHZ09h44N9Ds2j11PfWaldI925aBBQc1UnQVXg1NqDIipbPwqwt9AkU2m7M2HvPnXuxd_LBIKsUlPtz4e5P2fP4bBLa9rmzFCZqwyn8TyOFUd8Uzg4YsP9y2AE_k-MN0Ggd0FFVlLWj1Xcs5YbQxdlnhDKcwhO-4yw946qXQ4jAtA1zuoPwDkzHqojf8iSHQyPvmgvqee8XgpSLG4qEw0QGR6pKQ6VLA4WfLjVnQZVTqyHfAMA7wxS65ZhmspM6mq2xcd52BDyOw7QaecB8Tz6APt-86o7fwxQBg8YsP_Rk2sLoUdCxkePG6dwXn1pyd3WsaSGWi5oBMaNg ``` *Body Request* ``` { "Data": { "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2021-05-22T07:05:34.327+03:00", "TransactionToDateTime": "2021-05-23T07:05:34.327+03:00" } } ``` *Corresponding Response:* ``` { "Data": { "ConsentId": "glBChqDKSK2SkOUS3n1pOQ", "Status": "AwaitingAuthorisation", "StatusUpdateDateTime": "2021-05-22T17:45:04.004Z", "CreationDateTime": "2021-05-22T17:45:04.004Z", "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2021-05-22T04:10:27.027Z", "TransactionToDateTime": "2021-05-23T04:10:27.027Z" }, "Links": { "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/glBChqDKSK2SkOUS3n1pOQ" } } ``` And code response ``` ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKcGMzTWlPaUpVVFZOY0wxZ2lMQ0p6ZFdJaU9pSmhkWFJvWDJOdlpHVWlMQ0pqYjI1elpXNTBTV1FpT2lKNmRIVmpOM1ZWTWxSMVMyRkdMVWRIVVdSalRsOVJJaXdpWlhod0lqb3hOakl4Tnprek16Y3dMQ0pwWVhRaU9qRTJNakUzTURZNU56QjkuVHpTNEFHRWxJTWlGRmZwd3FNWlY3Vno0VEM1d3NiSUJLNjZiZmhfV19EOGdNNUphNnhGZng0QklWa1F1eUk2MDhhUDdSZVBkYlc4aWJfMHY1VGZjcUJiLU9HNEpNeTd5azRJaV9IWTlHTlBkRUpHc2pCREtFdUVhY0JzaXdkU05JUTl4YmJMM2lxTUVKN0ZKWXgtT2JJN09HbXpsRE5QWW5vWEF2U2lZcEM3a1RkbzJvNnQ1T2RfX1BxdV9NdWQyWEtmNndnWmFJbWc0NG1RaHNjMF91SF9VbHFrT0xHZ2VMUXY0eWRNZkJjU2g3MDBTYU9SUE13WHl5VklJR2NPYVhCRGlSQS0zN1FzR1J4OXdzUWpnWkpRWFRiaVRwMDNRckxaLU5MY3htN21JeHUwTkVCdUctT1FsM0lyWlhTMC1nQzVsR1gwQndQZXdRMXZhbEJ1RGhR ``` This example post request describe how to exchange authorized key to resource token *Example Post Request* ``` https://ob-dev.alsalambahrain.com/apigateway/as/token.oauth2 ``` *Header Request* ``` Content-Type:application/x-www-form-urlencoded ``` *Body Request* ``` grant_type:authorization_code code:ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUpoZFhSb1gyTnZaR1VpTENKamIyNXpaVzUwU1dRaU9pSnNXRGRFTFVWcU5GUnlObEZ1T0VkM1lsZFZOVVpCSWl3aWFYTnpJam9pVkUxVFhDOVlJaXdpWlhod0lqb3hOVFl3TWpReU5EUXdMQ0pwWVhRaU9qRTFOakF4TlRZd05EQjkubHc4NEVPYjZFVDJ2R0RSTU1rSHdxRWQwczVDc3FKanRjcUpkSDdjNGZLR1FGdm0tbVpLR0dOekdmS3hXTDNIZ3BxY21iMjJJNEtkN2RSVk0tcFpKVWZCZVR5ZVFuNWd1V3NFdmt6N3QzdHByazJoQmtzVC1GOE00S2hKNUhFSGt5dlpyVkExQ19VaGxVVDJoT2ZCbnRtZkxHd3JGam5vQUNmNEt4Rk9IMWtLY3p1MXVUbzBKbzJuVWI4UzFNb0U2U1JYREJvUkk5aldEZ3NyelAxaFdFeldXdDhJU3pHcWVuWHVMbm80X05MNjdPdWRRbERYaTlOeWpJU1FTZndwTTlCT2Y2VkRpejdCTHVpNTJpbmtFYTZxeEVwOG9SMWdQcTRPaXJKS1ZuZmRjQUhyUDVJa0haRjE4Z3JKUXVtd1NxYWhMZ0E0VFNYOFoxcjhzZkpzR3h3 client_assertion_type:urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer client_assertion:eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1IiwidHlwIjoiSldUIn0.eyJpc3MiOiJUUFAxIiwiaWF0IjoxNTYwMTUyNDM4LCJleHAiOjE1NjAyNTQ0MDAsImF1ZCI6Imh0dHBzOi8vcGctbXNzcWwubW9zY293LmNtYS5ydTo5ODc2L2FzL3Rva2VuLm9hdXRoMiIsInN1YiI6InM2QmhkUmtxdDMifQ.Sseu8PEDRWFiU-VwBoF9mlWGzjAfWB_Thy_xY5-6lnQkHiHd7qDnYUkfFfdfRvV2HKNRuiMAlv60CkRabZ6ibGbej1xOK_kBd2UfJU6bkpYhigUygDhN8J1zwE3pGLtwA6lgICv0ihELb5S2EWz7A_mXouZoydgytHuUtG1PpujIhaKnlXTDJX010Nrs3HmdrRRDLBcvPdsQHc6-ghNYTT9fAq3bMr2PNwofpvZxoNK2DpAE5Qf1ZY4sPNZAFfp8xkIFXSIX6zRaqo3rbopxKuDbhWKEXP92GIk5IRUhGzZ1j3ZD9GnT_QiBQ_GNpy53bt0f4izSZqhNM7Fg0W99UA ``` *Responce* ``` { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6dHVjN3VVMlR1S2FGLUdHUWRjTl9RIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxNzkzNTk4LCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3MDcxOTh9.AuaiJIJRezTXeDZXWfqWjDZBiqIfaA3t6Ekf2oGvT5AAXpxYPbNBpl7Gr2kBpQqpoVCKGIPVxDee6QJVQgQm_s1dLB21lDg6v3xKKAlTehqnWUE_8177DWhu0KUNXWwpt3GeEnbJOSC6jlbEmeISs30tx2r4N9L4UtqzWTNdMCFxB22z-gPUxd7-AhHm0FN7Z86CH4HyaYClvxLs4_3OqJluBJTqREEJNbINgQUwxzalinVYbQY5qn-fXra5fkCoTomWaDVyCbGgXm-mydfos-Gm_QuyhF-s-xhIladdmhHq8e1ljauu4MQ4gC_aLDfYL7Xv2DIlEm30rOeSLyHNeA", "expires_in": 86400, "token_type": "bearer", "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6dHVjN3VVMlR1S2FGLUdHUWRjTl9RIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODc5OTk4LCJ0b2tlbl90eXBlIjoiUkVGUkVTSCIsImlhdCI6MTYyMTcwNzE5OH0.XiPAHiZPX6qYaM6C8_udM7aPdE1XRrdy5ZvTfAoxbUXHXOejVvBO6ZLpqkyuuE4EqbZqoIt07_q-2a8lVICNZTixco6DIDplB9tI5Ly3MQnFq4-yvP7Uoi-FcBpYMPXFnkOXY2QIf5C220N2GOKQkRD8NlxDZNThGqqzWsyaMhAFw78qz0gW6sP19u0RIoWNKm0ZC1dkriLYo_HGjv2CXul7VtM_cNMUJELBECzaUUWGmIRICTJUgr-X_YEbm7TinxF-PNzworUlzhyiINeoCvKiQkScHmFCWhYTU66MY5R36SnmnDzyAdL8oyDfXTTxeICEBKKDwCcSIkeQmpA4aA" } ``` In last step we will use resource token to get resource URLs via get request *Example Get Request* ``` https://ob-dev.alsalambahrain.com/apigateway/bobf/release1.0.0/accounts ``` *Header Request* ``` Content-Type:application/json Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwiY29uc2VudElkIjoibFg3RC1FajRUcjZRbjhHd2JXVTVGQSIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MDI0MjUyMSwiaWF0IjoxNTYwMTU2MTIxfQ.HHDDSZgo4OYuH1H2BTXfYg0dWal9LOGiUx0crlxaZDzxJ4GxnEJIeWctkllD_8XcN-DlGih2R3aMmJdIqi0Dk5wvOU3nv0DN50nKTbTdjzce4DLFL2nYV21lhv0xNHKx5nG6DWXfAdLt3p_MrgMR_PO3i-4tzOrpU_QASWnlczfdxbZYbauscWdXksoaMAnVxvwqXT4TjPtCdVfm3YKSSHfC9U-698c16r0uAXZ2gmzA0GnWGqbfyv8gwV6bRY8rBv4R7huEoK0OUZtUL6NF8xbLTCJ3hHN6Gjm9kpdj-5j8fjYYbd3TgfO5Dlc_v5POrWva5E6tFlI4fJCAJET96Q ``` *Responce* ``` { "Data": { "Account": [ { "AccountId": "dBuwH2xDSPKhiA0DQkjWaw", "Status": "Enabled", "Currency": "BHD", "AccountType": "Personal", "AccountSubType": "SAVINGS", "Nickname": "Name-1 106976", "Account": [ { "SchemeName": "BH.OBF.IBAN", "Identification": "BH13ALSA00106976100100" } ], "Servicer": { "SchemeName": "BH.OBF.BICFI", "Identification": "ALSABHB0" } } ] } } ``` # API endpoints APIs are grouped into API products, each with a subset of the API endpoints exposed as part of the banking APIs. Check out the products, API signatures, parameters, and response structure to understand the APIs from a functional perspective. Account information APIs provide information for accounts held by the bank customer. Information is categorized into: | Link | Resource | Endpoints | | :--------------------- | ----------------------- | :------------------------------------------ | | Account Access Consent | account-access-consents | POST /bobf/release1.0.0/account-access-consents | | |account-access-consents| GET /bobf/release1.0.0/account-access-consents/{ConsentId} | | |account-access-consents| PATCH /bobf/release1.0.0/account-access-consents/{ConsentId} | | Accounts | accounts | GET /bobf/release1.0.0/accounts | | |accounts| GET /bobf/release1.0.0/accounts/{AccountId} | | Balances | balances | GET /bobf/release1.0.0/accounts/{AccountId}/balances | | |balances| GET /bobf/release1.0.0/balances | | Transactions | transactions | GET /bobf/release1.0.0/accounts/{AccountId}/transactions | | | transactions | GET /bobf/release1.0.0/transactions | | Beneficiaries | beneficiaries | GET /bobf/release1.0.0/accounts/{AccountId}/beneficiaries | | | beneficiaries | GET /bobf/release1.0.0/beneficiaries | | Direct Debits | direct-debits | GET /bobf/release1.0.0/accounts/{AccountId}/direct-debits | | | direct-debits | GET /bobf/release1.0.0/direct-debits | | Standing Orders | standing-orders | GET /bobf/release1.0.0/accounts/{AccountId}/standing-orders | | | standing-orders | GET /bobf/release1.0.0/standing-orders | | Statements | statements | GET /bobf/release1.0.0/accounts/{AccountId}/statements | | | statements | GET /bobf/release1.0.0/accounts/{AccountId}/statements/{StatementId} | | | statements | GET /bobf/release1.0.0/accounts/{AccountId}/statements/{StatementId}/file | | | transactions | GET /bobf/release1.0.0/accounts/{AccountId}/statements/{StatementId}/transactions | | | statements | GET /bobf/release1.0.0/statements | | Sharing Product Details | sharing product details | GET /bobf/release1.0.0/sharing-product-details | # AISP Endpoints and Examples ## Create account initiation request This API resource can be used to send an account initiation request. This allows the AISP to ask an ASPSP to create a new `account-access-consent` resource. - This API resource allows the AISP to send a copy of the consent to the ASPSP to authorise access to account information. - An ASPSP creates the `account-access-consent` resource and responds with a unique `ConsentId` to refer to the resource. - The status of the consent is set to `AwaitingAuthorisation`. ## POST /bobf/release1.0.0/account-access-consents The API allows the AISP to ask an ASPSP to create a new account-access-consent resource. - This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information. - An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. This is because the behaviour of the pre-selected accounts, after authorisation, is not clear from a legal perspective. - An ASPSP creates the account-access-consent resource and responds with a unique `ConsentId` to refer to the resource. - Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. *An example initiating request* ``` https://ob-dev.alsalambahrain.com/authpage/bobf/release1.0.0/account-access-consents ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ Accept: application/json Content-Type:application/json ``` *An example initiating request body:* ``` { "Data": { "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2021-05-22T07:05:34.327+03:00", "TransactionToDateTime": "2021-05-23T07:05:34.327+03:00" } } ``` *A sample successful response:* ``` { "Data": { "ConsentId": "PTmhIm9kTjq1LK49u8PI-A", "Status": "AwaitingAuthorisation", "StatusUpdateDateTime": "2021-05-23T09:18:18.018Z", "CreationDateTime": "2021-05-23T09:18:18.018Z", "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2021-05-22T04:10:27.027Z", "TransactionToDateTime": "2021-05-23T04:10:27.027Z" }, "Links": { "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/PTmhIm9kTjq1LK49u8PI-A" } } ``` **Account Access Consent Status** The PSU **must** authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration: **AwaitingAuthorisation**: The account access consent is awaiting authorisation. After authorisation has taken place the account-access-consent resource may have these following statuses. **Rejected**: The account access consent has been rejected. **Authorised**: The account access consent has been successfully authorised. **Revoked**: The account access consent has been revoked via the ASPSP interface. ## GET /bobf/release1.0.0/account-access-consents/{ConsentId} An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. The usage of this API endpoint will be subject to an ASPSP's fair usage policies. **Account Access Consent Status** Once the PSU authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised". The available Status code-list enumerations for the account-access-consent resource are: | | Status | Status Description | | :--- | :-------------------- | :----------------------------------------------------------- | | 1 | Rejected | The account access consent has been rejected. | | 2 | AwaitingAuthorisation | The account access consent is awaiting authorisation. | | 3 | Authorised | The account access consent has been successfully authorised. | | 4 | Revoked | The account access consent has been revoked via the ASPSP interface. | *An example initiating request body:* ``` https://ob-dev.alsalambahrain.com/authpage/account-access-consents/4ZLw3hVjTBGe6oYW0aooiQ ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ Accept: application/json Content-Type:application/json ``` *A sample successful response:* ``` { "Data": { "ConsentId": "CnzJtO4sQeGwr4NxfSDEPQ", "Status": "Revoked", "StatusUpdateDateTime": "2021-04-28T09:28:55.055Z", "CreationDateTime": "2021-04-28T09:28:55.055Z", "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2020-03-17T04:10:27.027Z", "TransactionToDateTime": "2020-05-17T04:10:27.027Z" }, "Links": { "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/CnzJtO4sQeGwr4NxfSDEPQ" } } ``` ## PATCH /bobf/release1.0.0/account-access-consents/{ConsentId} If the PSU revokes consent to data access with the AISP, the AISP must delete the account-access-consent resource with the ASPSP before confirming consent revocation with the PSU. - This is done by making a call to DELETE the account-access-consent resource. - Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. - The `ConsentId` should be passed as a path parameter. - The status of the consent is set to `Revoked`. *For account Access Consents resource successfully deleted will be delete request:* ``` https://ob-dev.alsalambahrain.com/authpage/bobf/release1.0.0/account-access-consents/PTmhIm9kTjq1LK49u8PI-A ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJzY29wZSI6ImFjY291bnRzIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODQ3ODY3LCJ0b2tlbl90eXBlIjoiUFVCTElDIiwiaWF0IjoxNjIxNzYxNDY3fQ.m92fBPN2ieinn2RrpGlhytUbASbDf5fu3R-97nkWxsSN_CLmzDFn4czxW2uZ1VhHhfY_RcMfCcg-ghamdxZBN1csQKkHJUcM7UIiaORtNl9UFotoNCLM73pOQZOthwMgqs7u-frCv8Om4qJZTO-21hqGWifH3ErPcgMSXGLhiLaGhGkJBGyML34AR6c7NkaVna-_jR8qoUsH5EJFvmQUSWrw93jBbLx3bZAXdt6HrvFwDss1DzIyxm62LcaDkDZDZ5HKGRJvqCh06-au7lhyYpPESg62vEYhm6IMsmMLTJapepbfWmbrdD6LhV4y5eBGLLV7JnYnI6jMvdp3rwo8hQ Accept: application/json Content-Type:application/json ``` *A sample successful response:* ``` { "Data": { "ConsentId": "PTmhIm9kTjq1LK49u8PI-A", "Status": "Revoked", "StatusUpdateDateTime": "2021-05-23T09:18:18.018Z", "CreationDateTime": "2021-05-23T09:18:18.018Z", "Permissions": [ "ReadAccountsBasic", "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesBasic", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadOffers", "ReadPAN", "ReadParty", "ReadSupplementaryAccountInfo", "ReadFutureDatedPaymentsBasic", "ReadFutureDatedPaymentsDetail", "ReadStandingOrdersBasic", "ReadStandingOrdersDetail", "ReadStatementsBasic", "ReadStatementsDetail", "ReadTransactionsBasic", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "TransactionFromDateTime": "2021-05-22T04:10:27.027Z", "TransactionToDateTime": "2021-05-23T04:10:27.027Z" }, "Links": { "Self": "https://ob-dev.alsalambahrain.com/authpage/consentId/PTmhIm9kTjq1LK49u8PI-A" } } ``` # Accounts ## GET /bobf/release1.0.0/accounts Read Accounts Detail The call to **GET /bobf/release1.0.0/accounts** is the first step after an account-request is authorised. This will allow the AISP to discover which accounts (and AccountId values) are associated with the authorisation of consent. In this scenario, AccountId Zz83yzNPQv6u5aWQbCwQWQ has a building society roll number; The **ReadAccountsBasic** permission has been granted. *Get Bulk Accounts Request* ```html https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts ``` *Request Headers* ``` Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *Get Accounts Response* ```html { "Data": { "Account": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "Status": "Enabled", "Currency": "BHD", "AccountType": "Personal", "AccountSubType": "SAVINGS", "Nickname": "Name-1 106976", "Account": [ { "SchemeName": "BH.OBF.IBAN", "Identification": "BH13ALSA00106976100100" } ], "Servicer": { "SchemeName": "BH.OBF.BICFI", "Identification": "ALSABHB0" } } ] } } ``` ## GET /bobf/release1.0.0/accounts/ {AccountId} Specific Account - Detail Permission An AISP may also retrieve the account resource details specifically for AccountId ***Zz83yzNPQv6u5aWQbCwQWQ***. The **ReadAccountsDetail** permission has been granted. *Get Accounts Request* ```html https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *Get Accounts Response* ```html { "Data": { "Account": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "Status": "Enabled", "Currency": "BHD", "AccountType": "Personal", "AccountSubType": "SAVINGS", "Nickname": "Name-1 106976", "Account": [ { "SchemeName": "BH.OBF.IBAN", "Identification": "BH13ALSA00106976100100" } ], "Servicer": { "SchemeName": "BH.OBF.BICFI", "Identification": "ALSABHB0" } } ] } } ``` # Balances ## **GET /bobf/release1.0.0/balances** If an ASPSP has implemented the bulk retrieval endpoints, an AISP may optionally retrieve the account information resources in bulk. This will retrieve the resources for all authorised accounts linked to the account-request. The **ReadBalances** permission has been granted. *An example initiating request body:* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/balances ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Balance": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "Amount": { "Amount": "273.102", "Currency": "BHD" }, "CreditDebitIndicator": "Credit", "Type": "Information", "DateTime": "2021-05-23T13:11:00.117+03:00[Europe/Moscow]" } ] }, "Links": null } ``` ## **GET /bobf/release1.0.0/accounts/ {AccountId}/balances** An AISP may retrieve the account balance information resource for a specific AccountId (which is retrieved in the call to GET /bobf/release1.0.0/accounts). The **ReadBalances** permission has been granted. *Get Account Balances Request* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ/balances ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Balance": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "Amount": { "Amount": "273.102", "Currency": "BHD" }, "CreditDebitIndicator": "Credit", "Type": "Information", "DateTime": "2021-05-23T13:12:13.539+03:00[Europe/Moscow]" } ] }, "Links": null } ``` # Transactions ## **GET /bobf/release1.0.0/transactions** An AISP **may** retrieve the transaction resource for a specific AccountId (which is retrieved in the call to GET /bobf/release1.0.0/accounts). The **ReadTransactionsBasic** permission has been granted. *An example initiating request:* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/transactions ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Transaction": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "TransactionReference": "TT183440", "Amount": { "Amount": "2200.00000", "Currency": "BHD" }, "CreditDebitIndicator": "Debit", "Status": "Booked", "BookingDateTime": "2018-12-10T13:50:00+0000", "TransactionInformation": "Cash Withdrawal-TT183440", "DebtorAgent": { "SchemeName": "BH.OBF.BICFI", "Identification": "ALSABHB0" }, "DebtorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": "00106976100100" } } ] }, "Links": null } ``` ## **GET /bobf/release1.0.0/accounts/ {AccountId}/transactions** If an ASPSP has implemented the bulk retrieval endpoints, an AISP **may** optionally retrieve the transactions in bulk. This will retrieve the resources for all authorised accounts linked to the account-request. The **ReadTransactionsDetail** permission has been granted. **Data Model** The OBReadTransaction5 object will be used for the call to: - **GET /accounts/{AccountId}/transactions** **Resource Definition** A resource that describes a posting to an account that results in an increase or decrease to a balance. For a specific date range, an account (**AccountId**) may have no transactions booked, or may have multiple transactions booked. The ASPSP must treat the following as valid input: - Non-working days (e.g. a Sunday or a Bank holiday) or any other days on which no transactions are recorded. - Dates that fall outside the range for which transaction information is provided through APIs. - Dates that fall outside the range for which a consent authorisation is available. - Timezone may be included in the filter request, but must be ignored by the ASPSP. In the above situations, the ASPSP must return data for the remaining valid period specified by the filter. *An example initiating request body:* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/Zz83yzNPQv6u5aWQbCwQWQ/transactions ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Transaction": [ { "AccountId": "Zz83yzNPQv6u5aWQbCwQWQ", "TransactionReference": "TT183440", "Amount": { "Amount": "2200.00000", "Currency": "BHD" }, "CreditDebitIndicator": "Debit", "Status": "Booked", "BookingDateTime": "2018-12-10T13:50:00+0000", "TransactionInformation": "Cash Withdrawal-TT183440", "DebtorAgent": { "SchemeName": "BH.OBF.BICFI", "Identification": "ALSABHB0" }, "DebtorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": "00106976100100" } } ] }, "Links": null } ``` # Beneficiaries ## **GET /bobf/release1.0.0/beneficiaries** The **ReadBeneficiariesBasic** permission has been granted. *An example initiating request body:* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/beneficiaries ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Beneficiary": [ { "AccountId": "rvLMP0Y1T1uItFyryIwqYQ", "BeneficiaryId": "2247", "Reference": "Installment", "CreditorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": "BH10XYZU00100000005698", "Name": "Khalid Ahmed Ali" } }, { "AccountId": "rvLMP0Y1T1uItFyryIwqYQ", "BeneficiaryId": "1567", "Reference": "Investment", "CreditorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": " BH10XYZU00100000008876", "Name": "Ali Hassan Mohammed" } } ] } } ``` ## **GET /bobf/release1.0.0/accounts/{AccountId}/beneficiaries** The **ReadBeneficiariesDetail** permission has been granted. *Get Account Balances Request* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/accounts/rvLMP0Y1T1uItFyryIwqYQ/beneficiaries ``` *Request Headers* ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAzMjUiLCJjb25zZW50SWQiOiJ6THk2TDlYelRqNktnYlBLTFpRTnVnIiwiaXNzIjoiQVBJX0dXIiwiZXhwIjoxNjIxODUwNDYyLCJ0b2tlbl90eXBlIjoiUkVTT1VSQ0UiLCJpYXQiOjE2MjE3NjQwNjJ9.BlpNU7DL41EtU1RGRTlKtsy650YadcWyPzUXiXNI7zmLxmjqdrSsd32_v7Pe_YhjWZ1tG33OORLpjA-f76e1WBd3zm4L43bQ4BtMY2AVC9g_BSpzytBTm3QNvB6e-FL_yrBJOpCoaVDcLDpGxq7Z-kUI5esNpD3GvJyHUgBGe8t8wCvcUY45j_pKqvYsXvZ9Gjitv-ig7vSs5iBzvfXPHeUtDn4bL_AbideRS54DPVZIZMFjvocfcWQVy2JNXvCX1r_5Yh6uGqlIGuHynZUZGKakyP9eHejz8fcT-mO9R-YD2GaHZ-wGcP2mtd2oBVAh17oLJJ-R66qIAgcnGa7D_A Accept: application/json ``` *A sample successful response:* ``` { "Data": { "Beneficiary": [ { "AccountId": "rvLMP0Y1T1uItFyryIwqYQ", "BeneficiaryId": "2247", "Reference": "Installment", "CreditorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": "BH10XYZU00100000005698", "Name": "Khalid Ahmed Ali" } }, { "AccountId": "rvLMP0Y1T1uItFyryIwqYQ", "BeneficiaryId": "1567", "Reference": "Investment", "CreditorAccount": { "SchemeName": "BH.OBF.IBAN", "Identification": " BH10XYZU00100000008876", "Name": "Ali Hassan Mohammed" } } ] } } ``` # Products ## **GET /bobf/release1.0.0/sharing-product-details** Type of required token is **Public token** *An example initiating request:* ``` https://ob-dev.alsalambahrain.com/apigatway/bobf/release1.0.0/sharing-product-details ``` *Request Headers* ``` Content-Type:application/json Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJwYXltZW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTYyMTg3NDAyMCwidG9rZW5fdHlwZSI6IlBVQkxJQyIsImlhdCI6MTYyMTc4NzYyMH0.iJfMcKjGR7YpK5xvUlos8i_lR3BDEQpkxUt_WpravIWDvRKYZ-1IFfpwxCqpbDEHBOJaoDqAhwQbSR6hRu3Z-D9z2XtqLtGGG5ADzTb5CSmhRBcd14TLhgZVg7PvXluQtLCR_U2OvzqlYhqM7VEtWXnnaCDN3VZAG4wqu1TKYPQEs0Gplr0l8YDxMH3NHIeE9Rtgms4KiT5KEw7mIoor1wBJ1kkTBVdFmA-5Z_UcNxtoqKdN7kxJTP3O5nDQjOE-65LiWXNP0wR9uUtJYpRduybHc-EoxfplS2zRT4YqXfsYNQrl7ae5B0xb9UB_4GDJOB40h3C9z4tQr6tg7BJUKg Accept:application/json x-idempotency-key:XYZ.51403.MLT.30 x-jws-signature:LMlmPSqzISEpar72ce5deMGue4RsZMDnZYG1bW6hdPlvriZ=..G1rrM18vVYBmdmRurS6nIR1yFHR8bGZyIJdvaB5nKGRvm35hTr== x-fapi-auth-date:Tue, 12 Mar 2021 09:10:17 GMT+3 x-fapi-customer-ip-address:204.35.213.15 x-fapi-interaction-id:75bdc714-b2dg-7676-c759-780d6815689f ``` *A sample successful response:* ``` { "Data": { "CreditCards": [ { "ProductDetails": { "CategoryName": "123", "CategoryCode": "123", "ProductDescription": "123", "ProductCode": "123", "SubProductCode": "123", "Segment": "123" }, "Features": { "Currency": "BHD" }, "Eligibility": {}, "Benefits": {}, "TermsAndConditions": {} } ], "Loans": [ { "ProductDetails": { "CategoryName": "123", "CategoryCode": "123", "ProductDescription": "123", "ProductCode": "123", "SubProductCode": "123", "Segment": "123" }, "Features": { "Currency": "BHD" }, "Eligibility": {}, "Benefits": {}, "TermsAndConditions": {} } ], "OBBranch": { "Branch": [ { "Identification": "1", "PostalAddress": { "GeoLocation": {} } } ] } } } ```