Account Information (AISP) API | RAML Definition
API Notebook
Banking AISP Experience API
This API exposes endpoints for external applications to retrieve account information (general information, balance, transactions).
License Agreement
Note that using this template is subject to the conditions of this License Agreement.
Please review the terms of the license before downloading and using this template. In short, you are allowed to use the template for free with Mule ESB Enterprise Edition, CloudHub, or as a trial in Anypoint Studio.
APIs security considerations
This Experience API is meant to be deployed to CloudHub and managed using the API Platform Manager. All endpoints use HTTPS.
In order to retrieve the information, the third party application must be first registered with the bank's authorization server (AS) to obtain application credentials (client_id
and client_secret
). With possession of this information, classic OAuth 2.0 /authorize
request on AS with authorization code response type can be made (it is required to provide client_id
, redirect_uri
set during registration and response_type=code
or response_type=token
). User then enters username and password to grant access to his/her account. User is then redirected to the specified redirect_uri
along with the authorization code. Application then sends POST request to the AS OAuth 2.0 /token
endpoint with required information (client_id
, client_secret
, authorization_code
, redirect_uri
) and the response will contain the access_token
. If response_type=token
was used, the access_token is provided right away. This token must be used in the Authorization header (Authorization: Bearer ) in order to access this API. The token is signed and encrypted JWT.
This API cannot be deployed standalone, you must apply and configure Oauth 2.0 JWE access token enforcement policy which takes care of the validation of provided access_token. If no token is provided or the token is not valid, the request is rejected. Follow the instructions on the provided link on how to configure the policy.
This API consumes the Banking accounts process API which is secured by Client ID Enforcement Policy using Basic Authenication. Therefore the Banking AISP Experience API needs to request client ID
and client secret
from Banking accounts process API developer portal.
Banking AISP Experience API demo
Create the Banking AISP Expereince API client
First we need to create the API client using the global method API.createClient
to access the defined operations in the RAML.
API.createClient
accepts two parameters: client name and RAML URL. The client name will become a global variable with the client object, and the URL is referencing to the RAML specification of the Banking AISP Expereince API in the public API portal.
User authorization
User needs to authenticate to Authorization Server (AS) to get the JWT token that contains his/her information. As we presume that AISP Experience API is registered with the bank's AS we have a client_id
and client_secret
.
NOTE: When asked for login, use the following
username: test-user
password: testpassword
Getting accounts information
To retrieve accounts information the following request is needed: GET https://banking-aisp-experience-api-host/api/info
along with Authorization
header containing valid access token
retrieved from the AS after user authorization (eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh
).
Getting accounts balance information
To retrieve accounts balance information the following request is needed: GET https://banking-aisp-experience-api-host/api/balance
along with Authorization
header containing valid access token
retrieved from the AS after user authorization eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh
.
Getting transactions information
To retrieve transactions information the following request is needed: GET https://banking-aisp-experience-api-host/api/transactions
along with Authorization
header containing valid access token
retrieved from the AS after user authorization eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh
.