Account Information Service Providers (AISP) is authorized to view the customer’s payment account information if such permission is given by the customer.
Citadele API contains these endpoints:
Get user accounts – read the list of customers’ available accounts
Get one account balance(s) –to receive the actual balance of the addressed account.
Get customer statements – to receive the transactions of the given time of addressed account.
How to authorise consent to get Accounts info
Create unauthorized consent
Register consent request
curl --cert /path/to/cert \
-H "TPP-Redirect-URI: <TPP_callback_url_in_case_of_success>" \
-H "TPP-Nok-Redirect-URI: <TPP_callback_url_in_case_of_failure>" \
-H "X-Request-ID: <unique_uuid>" \
-H "Content-Type: application/json" \
-s https://api.citadele.lv/psd2/v1/consents -X POST \
-d '{"access":{"accounts":[],"balances":[],"transactions":[],"availableAccounts":"allAccounts","allPsd2":"allAccounts"},"recurringIndicator":true,"validUntil":"2019-12-31","frequencyPerDay":4,"combinedServiceIndicator":true}'
In response you will receive
Register consent
{
"consentStatus": "received",
"consentId": "bb854c4c-b1c5-4204-a6b7-a8d9d15f2c05",
"scaMethods": null,
"chosenScaMethod": null,
"challengeData": null,
"_links": {
"scaStatus": "\/consent\/bb854c4c-b1c5-4204-a6b7-a8d9d15f2c05\/status",
"scaRedirect": "http:\/\/online.citadele.lv\/amai\/startp.htm?loc=LV&lang=EN&url=<TPP_callback_url_in_case_of_success>\u00acOkUrl=<TPP_callback_url_in_case_of_failure>&token=<generated_token>"
},
"message": null
}
Mind the consentId parameter as it will be used later to access PSD2 API.
From response - extract links.scaRedirect field
open extracted url (i.e. in browser)
PSU will fill valid username, password and will be redirected to authorization page
After entering valid authorization code (based on users authorization device) user will be prompted with confirmation screen
After user taps Confirm → browser redirects to url specified in TPP-Redirect-URI header (specified in create consent request)
In case if user cancels the operation → browser redirects to url specified in TPP-Nok-Redirect-URI header (specified in create consent request)
After that consentId can be successfully for PSD2 API
Get accounts
curl --cert ${cert} \
-X GET "https://api.citadele.lv/psd2/v1/accounts?withBalance=false" \
-H "Consent-ID: bb854c4c-b1c5-4204-a6b7-a8d9d15f2c05" \
-H "Accept: application/json" \
-H "X-Request-ID: <randomly_generated_uuid>"
Response:
{
"accounts": [
{
"resourceId": "436906412",
"iban": "LV57PARX00XXXXXXX0002",
"bban": null,
"msisdn": null,
"currency": "EUR",
"name": null,
"product": "Current account",
"cashAccountType": null,
"status": "enabled",
"bic": "PARXLV22",
"linkedAccounts": null,
"usage": "PRIV",
"details": null,
"balances": null,
"_links": null
},
{
"resourceId": "436906404",
"iban": "LV84PARX00XXXXXXX0001",
"bban": null,
"msisdn": null,
"currency": "EUR",
"name": null,
"product": "X smart",
"cashAccountType": null,
"status": "enabled",
"bic": "PARXLV22",
"linkedAccounts": null,
"usage": "PRIV",
"details": null,
"balances": null,
"_links": null
}
]
}