Overview

SCA Approach

We use REDIRECT SCA approach with implicit start of the authorisation process (detailed description and schemes can be found in page 54 for payments and page 108 for consents of BGS document). Implicit process means that we automatically create authorisation resource and return this information in the response.

We let PSU to choose what he allows in the consent, so information passed in the consent works only as a reference to mark checkboxes. In case consent information contains accounts that do not belong to user or does not exist in the system, or overall consent is passed without accounts, then checkbox’s will not be marked for the PSU after he logs into the application.

conset ui

Differences From Berlin Group Standard

Different Versioning Approach

Instead of path versioning that is mentioned in the BGS documentation, we use header versioning. More information about this can be found later in the document (API Versioning).

Optional parameters

Get account transactions endpoint uses two optional parameters for paging:

  • pageSize – sets record count per page;

  • page – sets which page is displayed;

Differences in responses

Get account transactions endpoint uses different response structure. Instead of returning two lists (pending and booked) in the response, we simply return a single list with additional boolean parameter peding in the transaction record, where value of true indicates that transaction is pending and value of false that is booked.

API Versioning

Current API version: 1

API uses X-API-Version header parameter to determine current API version. If this parameter is not passed, the system will return 404 Not Found error. Version header usage can be found in examples. We use only major version of API, so all changes that does not break backward compatibility does not increase version number. New API version is added on when non backward compatible changes are made:

  • Adding restrictive logic (e.g. making fields mandatory, business validation logic);

  • Removing fields;

  • Removing endpoints;

Upcoming major API versions are instantly released to production and will run in parallel with old version. Old version will be available for at least 6 months before removal.

All upcoming documentation will be provided in the documentation page, so it is advisable to check this page once a month.

1. Account Information Service (AIS)

1.1. Get accounts

GET /api/public/accounts

Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.

1.1.1. Path parameters

No parameters.

1.1.2. Query parameters

No parameters.

1.1.3. Request headers

Header Type Optional Description

Consent-ID

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.1.4. Request fields

No request body.

1.1.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.1.6. Response fields

Path Type Description

accounts[].resourceId

String

Unique identification of corresponding resource.

accounts[].iban

String

International Bank Account Number.

accounts[].currency

String

Account’s currency.

accounts[].name

String

Account name.

accounts[].product

String

This parameter not supported. Support might be implemented in the future.

accounts[].status

String

Account status.

accounts[]._links.self.href

String

A link to the account resource itself.

accounts[]._links.balances.href

String

A link to the resource providing the balance of a dedicated account.

accounts[]._links.transactions.href

String

A link to the resource providing the transaction history of a dedicated account.

1.1.7. Example request

GET /api/public/accounts HTTP/1.1
Accept: application/hal+json
X-Request-ID: c83c47ef-ecfc-4b0b-8a89-f73d5413c95b
X-API-Version: 1
Consent-ID: 09c7895e-56ab-4187-8ca9-a89870e53a85
Host: psd2.nano.lt

1.1.8. Example response

HTTP/1.1 200 OK
X-Request-ID: c83c47ef-ecfc-4b0b-8a89-f73d5413c95b
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 2186

{
  "accounts" : [ {
    "resourceId" : "b4b921f9-2c91-3f60-9940-057b9b2cc410",
    "iban" : "LT053570010000000226",
    "currency" : "EUR",
    "name" : "My first account",
    "product" : "ACC_INT_SAVER",
    "status" : "enabled",
    "_links" : {
      "self" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
      },
      "balances" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
      },
      "transactions" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
        "templated" : true
      }
    }
  }, {
    "resourceId" : "b78cb40c-1eba-3b1e-8b2b-08575dd70447",
    "iban" : "LT323570010000000031",
    "currency" : "EUR",
    "name" : "My second account",
    "product" : "ACC_INT_SAVER",
    "status" : "enabled",
    "_links" : {
      "self" : {
        "href" : "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447"
      },
      "balances" : {
        "href" : "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/balances"
      },
      "transactions" : {
        "href" : "http://localhost/api/public/accounts/b78cb40c-1eba-3b1e-8b2b-08575dd70447/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
        "templated" : true
      }
    }
  }, {
    "resourceId" : "1d29fc2b-ef87-39dd-b604-78f5a1d072dd",
    "iban" : "LT323570010000000031",
    "currency" : "USD",
    "name" : "My second account",
    "product" : "ACC_INT_SAVER",
    "status" : "enabled",
    "_links" : {
      "self" : {
        "href" : "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
      },
      "balances" : {
        "href" : "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd/balances"
      },
      "transactions" : {
        "href" : "http://localhost/api/public/accounts/1d29fc2b-ef87-39dd-b604-78f5a1d072dd/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
        "templated" : true
      }
    }
  } ]
}

1.2. Get account

GET /api/public/accounts/{accountId}

Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

1.2.1. Path parameters

Parameter Type Optional Description

accountId

String

false

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

1.2.2. Query parameters

No parameters.

1.2.3. Request headers

Header Type Optional Description

Consent-ID

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.2.4. Request fields

No request body.

1.2.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.2.6. Response fields

Path Type Description

account.resourceId

String

Unique identification of corresponding resource.

account.iban

String

International Bank Account Number.

account.currency

String

Account’s currency.

account.name

String

Account name.

account.product

String

This parameter not supported. Support might be implemented in the future.

account.status

String

Account status.

account._links.self.href

String

A link to the account resource itself.

account._links.balances.href

String

A link to the resource providing the balance of a dedicated account.

account._links.transactions.href

String

A link to the resource providing the transaction history of a dedicated account.

1.2.7. Example request

GET /api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410 HTTP/1.1
Accept: application/hal+json
X-Request-ID: 3e207f7c-22eb-422b-942f-da695720acc4
X-API-Version: 1
Consent-ID: 09c7895e-56ab-4187-8ca9-a89870e53a85
Host: psd2.nano.lt

1.2.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 3e207f7c-22eb-422b-942f-da695720acc4
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 737

{
  "account" : {
    "resourceId" : "b4b921f9-2c91-3f60-9940-057b9b2cc410",
    "iban" : "LT053570010000000226",
    "currency" : "EUR",
    "name" : "My first account",
    "product" : "ACC_INT_SAVER",
    "status" : "enabled",
    "_links" : {
      "self" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410"
      },
      "balances" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances"
      },
      "transactions" : {
        "href" : "http://localhost/api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom={dateFrom}&page=0&pageSize=0{&bookingStatus,dateTo}",
        "templated" : true
      }
    }
  }
}

1.3. Get account balances

GET /api/public/accounts/{accountId}/balances

Read account balances. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

1.3.1. Path parameters

Parameter Type Optional Description

accountId

String

false

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

1.3.2. Query parameters

No parameters.

1.3.3. Request headers

Header Type Optional Description

Consent-ID

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.3.4. Request fields

No request body.

1.3.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.3.6. Response fields

Path Type Description

balances[].account.iban

String

International Bank Account Number.

balances[].account.currency

String

Account’s currency.

balances[].balanceAmount.currency

String

Balance amount currency.

balances[].balanceAmount.amount

String

Balance amount value.

balances[].balanceType

String

Balance type. Must be one of [closingBooked, expected, openingBooked, interimAvailable, forwardAvailable, nonInvoiced].

balances[].referenceDate

String

Reference date of the balance.

1.3.7. Example request

GET /api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/balances HTTP/1.1
Accept: application/hal+json
X-Request-ID: 309acaf1-664e-46b7-bcbf-d2f0070f60f0
X-API-Version: 1
Consent-ID: 09c7895e-56ab-4187-8ca9-a89870e53a85
Host: psd2.nano.lt

1.3.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 309acaf1-664e-46b7-bcbf-d2f0070f60f0
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 286

{
  "balances" : [ {
    "account" : {
      "iban" : "LT053570010000000226",
      "currency" : "EUR"
    },
    "balanceAmount" : {
      "currency" : "EUR",
      "amount" : "1950.30"
    },
    "balanceType" : "closingBooked",
    "referenceDate" : "2018-11-27T13:54:03.946"
  } ]
}

1.4. Get account transactions

GET /api/public/accounts/{accountId}/transactions

Read account transactions. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.

1.4.1. Path parameters

Parameter Type Optional Description

accountId

String

false

This identification is denoting the addressed account. The accountId is retrieved by using a "Read Account List" call. The accountId is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

1.4.2. Query parameters

Parameter Type Optional Description

bookingStatus

String

true

Available values: "booked", "pending" and "both".

Must be one of [booked, pending, both].

Default value: 'both'.

dateFrom

Object

false

Starting date (inclusive the date dateFrom) of the transaction list.

dateTo

Object

true

End date (inclusive the data dateTo) of the transaction list, default is "now" if not give.

page

Integer

true

Default value: '1'.

pageSize

Integer

true

Default value: '25'.

1.4.3. Request headers

Header Type Optional Description

Consent-ID

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.4.4. Request fields

No request body.

1.4.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.4.6. Response fields

Path Type Description

account.iban

String

International Bank Account Number.

account.currency

String

Account’s currency.

transactions[].transactionId

String

Internal identification number.

transactions[].endToEndId

String

Unique end to end identity.

transactions[].bookingDate

ISODate

The Date when an entry is posted to an account on the ASPSPs books.

transactions[].valueDate

ISODate

The Date at which assets become available to the account owner in case of a credit.

transactions[].transactionAmount.currency

String

The amount of the transaction as billed to the account (currency).

transactions[].transactionAmount.amount

String

The amount of the transaction as billed to the account (value).

transactions[].creditorName

String

Name of the creditor if a "Debited" transaction.

transactions[].creditorAccount.iban

String

Creditor International Bank Account Number.

transactions[].creditorAccount.currency

String

Creditor International Bank Account currency.

transactions[].ultimateCreditor

String

Name of ultimate creditor.

transactions[].debtorName

String

Name of the debtor if a "Credited" transaction.

transactions[].debtorAccount.iban

String

Debtor International Bank Account Number.

transactions[].debtorAccount.currency

String

Debtor International Bank Account currency.

transactions[].ultimateDebtor

String

Name of ultimate debtor.

transactions[].remittanceInformationUnstructured

String

Unstructured remittance reference.

transactions[].remittanceInformationStructured

String

Reference as contained in the structured remittance reference structure (without the surrounding XML structure).

transactions[].bankTransactionCode

String

Bank transaction code as used by the ASPSP and using the sub elements of this structured code defined by ISO20022.

transactions[].pending

Boolean

Transaction status flag. "True" means that transaction is still "pending". "False" means that transaction has been processed.

_links.self.href

String

A link to the account transactions resource itself.

_links.first.href

String

Navigation link for paginated account transactions (first page).

_links.prev.href

String

Navigation link for paginated account transactions (previous page).

_links.next.href

String

Navigation link for paginated account transactions (next page).

_links.last.href

String

Navigation link for paginated account transactions (last page).

1.4.7. Example request

GET /api/public/accounts/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?dateFrom=2018-09-01&dateTo=2018-11-27&page=1&pageSize=2&bookingStatus=both HTTP/1.1
Accept: application/hal+json
X-Request-ID: 2a43a180-e256-4e92-9c2f-7b0a9d6e040e
X-API-Version: 1
Consent-ID: 09c7895e-56ab-4187-8ca9-a89870e53a85
Host: psd2.nano.lt

1.4.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 2a43a180-e256-4e92-9c2f-7b0a9d6e040e
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 2479

{
  "account" : {
    "iban" : "LT053570010000000226",
    "currency" : "EUR"
  },
  "transactions" : [ {
    "transactionId" : "00016236",
    "endToEndId" : "TEST_END_TO_END_ID",
    "bookingDate" : "2018-09-14T12:33:40.811",
    "valueDate" : "2018-09-13",
    "transactionAmount" : {
      "currency" : "EUR",
      "amount" : "134.40"
    },
    "creditorName" : "TEST_CREDITOR_NAME",
    "creditorAccount" : {
      "iban" : "LT053570010000000226",
      "currency" : "EUR"
    },
    "ultimateCreditor" : "TEST_ULTIMATE_CREDITOR",
    "debtorName" : "TEST_DEBTOR_NAME",
    "ultimateDebtor" : "TEST_ULTIMATE_DEBTOR",
    "remittanceInformationUnstructured" : "Internal transfer",
    "remittanceInformationStructured" : "TEST_REMITTANCE_INFORMATION_STRUCTURED",
    "bankTransactionCode" : "INTERNAL_TRANSFER.TRANSFER",
    "pending" : false
  }, {
    "transactionId" : "00016237",
    "bookingDate" : "2018-09-14T12:41:26.59",
    "valueDate" : "2018-09-14",
    "transactionAmount" : {
      "currency" : "EUR",
      "amount" : "50.30"
    },
    "creditorName" : "Jayme Bame",
    "creditorAccount" : {
      "iban" : "LT323570010000000031",
      "currency" : "EUR"
    },
    "ultimateCreditor" : "TEST_ULTIMATE_CREDITOR",
    "debtorName" : "Vina Herbert",
    "debtorAccount" : {
      "iban" : "LT053570010000000226",
      "currency" : "EUR"
    },
    "ultimateDebtor" : "TEST_ULTIMATE_DEBTOR",
    "remittanceInformationUnstructured" : "For you",
    "bankTransactionCode" : "INTERNAL_TRANSFER.TRANSFER",
    "pending" : false
  } ],
  "_links" : {
    "self" : {
      "href" : "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=2"
    },
    "first" : {
      "href" : "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=1"
    },
    "prev" : {
      "href" : "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=1"
    },
    "next" : {
      "href" : "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=3"
    },
    "last" : {
      "href" : "http://localhost/b4b921f9-2c91-3f60-9940-057b9b2cc410/transactions?bookingStatus=both&dateFrom=2018-09-01&dateTo=2018-11-27&pageSize=2&page=9"
    }
  }
}

POST /api/public/consents

This method create a consent resource, defining access rights to dedicated accounts.

1.5.1. Path parameters

No parameters.

1.5.2. Query parameters

No parameters.

1.5.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

TPP-Redirect-URI

String

false

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

TPP-Nok-Redirect-URI

String

false

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

1.5.4. Request fields

Path Type Optional Description

access

Object

false

Requested access services.

access.accounts

Array[Object]

true

Is asking for detailed account information.

If the array is empty, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for balances or transactions shall be empty, if used.

access.accounts[].iban

String

false

Must match the regular expression ^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$.

access.accounts[].currency

String

true

Must match the regular expression ^[A-Z]{3}$.

access.accounts[].resourceId

String

false

Unique identification of corresponding resource.

access.balances

Array[Object]

true

Is asking for balances of the addressed accounts.

If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for accounts or transactions shall be empty, if used.

access.balances[].iban

String

false

Must match the regular expression ^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$.

access.balances[].currency

String

true

Must match the regular expression ^[A-Z]{3}$.

access.balances[].resourceId

String

false

Unique identification of corresponding resource.

access.transactions

Array[Object]

true

Is asking for transactions of the addressed accounts.

If the array is empty, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorisation dialogue. If the array is empty, also the arrays for accounts or balances shall be empty, if used.

access.transactions[].iban

String

false

Must match the regular expression ^[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}$.

access.transactions[].currency

String

true

Must match the regular expression ^[A-Z]{3}$.

access.transactions[].resourceId

String

false

Unique identification of corresponding resource.

recurringIndicator

Boolean

false

True, if the consent is for recurring access to the account data. false, if the consent is for one access to the account data.

validUntil

Object

false

This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30.

javax.validation.constraints.FutureOrPresent.

frequencyPerDay

Integer

false

This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".

javax.validation.constraints.Positive.

combinedServiceIndicator

Boolean

false

If true indicates that a payment initiation service will be addressed in the same "session".

1.5.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

Location

Location of the created resource.

ASPSP-SCA-Approach

SCA approach.

1.5.6. Response fields

Path Type Description

consentId

String

ID of the corresponding consent object as returned by an Account Information Consent Request.

consentStatus

String

Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

_links.self.href

String

The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the consent initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

_links.scaRedirect.href

String

In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.

1.5.7. Example request

POST /api/public/consents HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: 12909c58-2aec-4755-9dc5-ce31e7df1706
X-API-Version: 1
TPP-Redirect-URI: https://client.nano.com/consent=09c7895e-56ab-4187-8ca9-a89870e53a85&status=ok
TPP-Nok-Redirect-URI: https://client.nano.com/consent=09c7895e-56ab-4187-8ca9-a89870e53a85&status=nok
Host: psd2.nano.lt
Content-Length: 725

{
  "access" : {
    "accounts" : [ {
      "iban" : "LT053570010000000226",
      "currency" : "EUR"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "EUR"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "USD"
    } ],
    "balances" : [ {
      "iban" : "LT323570010000000031",
      "currency" : "EUR"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "USD"
    } ],
    "transactions" : [ {
      "iban" : "LT053570010000000226",
      "currency" : "EUR"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "EUR"
    } ]
  },
  "recurringIndicator" : false,
  "validUntil" : "2025-02-06",
  "frequencyPerDay" : 4,
  "combinedServiceIndicator" : false
}

1.5.8. Example response

HTTP/1.1 201 Created
X-Request-ID: 12909c58-2aec-4755-9dc5-ce31e7df1706
Location: http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 998

{
  "consentId" : "09c7895e-56ab-4187-8ca9-a89870e53a85",
  "consentStatus" : "received",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85"
    },
    "status" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
    },
    "scaRedirect" : {
      "href" : "http://localhost/authorisation/09c7895e-56ab-4187-8ca9-a89870e53a85/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IkNPTlNFTlQiLCJ0bmEiOiJURVNUIiwiaXNzIjoiVklBIFBheW1lbnRzIFVBQiIsIm5vayI6InRlc3QiLCJyaWQiOiIwOWM3ODk1ZS01NmFiLTQxODctOGNhOS1hODk4NzBlNTNhODUiLCJvayI6InRlc3QiLCJleHAiOjE1NTM1Mjk5NTgsImFpZCI6ImIwODRjNzk5LTEyMzQtNGYzMi1iYzQwLTQyMjI4YTkwZjY2YyIsImlhdCI6MTU1MzUyNzI1OCwidGlkIjoiVEVTVCJ9.6YLlFG6EiDg0q9dXpEPes1ofqBS_qpRndSe54COHma8"
    }
  }
}

DELETE /api/public/consents/{consentId}

The TPP can delete an account information consent object if needed.

1.6.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

1.6.2. Query parameters

No parameters.

1.6.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.6.4. Request fields

No request body.

1.6.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.6.6. Response fields

No response body.

1.6.7. Example request

DELETE /api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85 HTTP/1.1
Accept: application/hal+json
X-Request-ID: fada8e2e-9a3c-441f-9703-9c099ad887e2
X-API-Version: 1
Host: psd2.nano.lt

1.6.8. Example response

HTTP/1.1 204 No Content
X-Request-ID: fada8e2e-9a3c-441f-9703-9c099ad887e2

GET /api/public/consents/{consentId}

Returns the content of an account information consent object.

1.7.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

1.7.2. Query parameters

No parameters.

1.7.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.7.4. Request fields

No request body.

1.7.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.7.6. Response fields

Path Type Description

access

Object

Requested access services.

access.accounts[].iban

String

International Bank Account Number.

access.accounts[].currency

String

International Bank Account currency.

access.accounts[].resourceId

String

Unique identification of corresponding resource.

access.balances[].iban

String

International Bank Account Number.

access.balances[].currency

String

International Bank Account currency.

access.balances[].resourceId

String

Unique identification of corresponding resource.

access.transactions[].iban

String

International Bank Account Number.

access.transactions[].currency

String

International Bank Account currency.

access.transactions[].resourceId

String

Unique identification of corresponding resource.

validUntil

String

This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30.

frequencyPerDay

Number

This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1"

recurringIndicator

Boolean

true, if the consent is for recurring access to the account data false, if the consent is for one access to the account data.

combinedServiceIndicator

Boolean

If true indicates that a payment initiation service will be addressed in the same "session". Currently not supported.

consentStatus

String

Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

_links.self.href

String

The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the consent initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

1.7.7. Example request

GET /api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85 HTTP/1.1
Accept: application/hal+json
X-Request-ID: f1cdfcb8-7706-4dcf-a132-871e8357d376
X-API-Version: 1
Host: psd2.nano.lt

1.7.8. Example response

HTTP/1.1 200 OK
X-Request-ID: f1cdfcb8-7706-4dcf-a132-871e8357d376
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 1605

{
  "access" : {
    "accounts" : [ {
      "iban" : "LT053570010000000226",
      "currency" : "EUR",
      "resourceId" : "b4b921f9-2c91-3f60-9940-057b9b2cc410"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "EUR",
      "resourceId" : "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "USD",
      "resourceId" : "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
    } ],
    "balances" : [ {
      "iban" : "LT323570010000000031",
      "currency" : "EUR",
      "resourceId" : "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "USD",
      "resourceId" : "1d29fc2b-ef87-39dd-b604-78f5a1d072dd"
    } ],
    "transactions" : [ {
      "iban" : "LT053570010000000226",
      "currency" : "EUR",
      "resourceId" : "b4b921f9-2c91-3f60-9940-057b9b2cc410"
    }, {
      "iban" : "LT323570010000000031",
      "currency" : "EUR",
      "resourceId" : "b78cb40c-1eba-3b1e-8b2b-08575dd70447"
    } ]
  },
  "validUntil" : "2025-02-06",
  "frequencyPerDay" : 4,
  "recurringIndicator" : false,
  "combinedServiceIndicator" : false,
  "consentStatus" : "valid",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85"
    },
    "status" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c"
    }
  }
}

GET /api/public/consents/{consentId}/status

Read the status of an account information consent resource.

1.8.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by an Account Information Consent Request.

1.8.2. Query parameters

No parameters.

1.8.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

1.8.4. Request fields

No request body.

1.8.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.8.6. Response fields

Path Type Optional Description

consentStatus

String

false

Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

1.8.7. Example request

GET /api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: efa459fc-53f0-43e8-9c42-60ee993dc900
X-API-Version: 1
Host: psd2.nano.lt

1.8.8. Example response

HTTP/1.1 200 OK
X-Request-ID: efa459fc-53f0-43e8-9c42-60ee993dc900
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 31

{
  "consentStatus" : "valid"
}

GET /api/public/consents/{consentId}/authorisations/{authorisationId}

Reads status of an SCA process.

1.9.1. Path parameters

/api/public/consents/{consentId}/authorisations/{authorisationId}
Parameter Description

consentId

ID of the corresponding consent object as returned by an Account Information Consent Request.

authorisationId

ID of the authorisation sub-resource.

1.9.2. Query parameters

No parameters.

1.9.4. Request fields

No request body.

1.9.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

1.9.6. Response fields

Path Type Optional Description

scaStatus

String

true

Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted].

1.9.7. Example request

GET /api/public/consents/09c7895e-56ab-4187-8ca9-a89870e53a85/authorisations/b084c799-1234-4f32-bc40-42228a90f66c HTTP/1.1
Accept: application/hal+json
X-Request-ID: 86259a0f-fa48-426d-bcba-9f65f98deff5
X-API-Version: 1
Host: psd2.nano.lt

1.9.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 86259a0f-fa48-426d-bcba-9f65f98deff5
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 30

{
  "scaStatus" : "received"
}

2. Confirmation of Funds Service

Confirmation of Funds Service returns a confirmation of funds request at the ASPSP.

2.1. Check availability of funds

POST /api/public/funds-confirmations

Creates a confirmation of funds request at the ASPSP. Checks whether a specific amount is available at point of time of the request on an account linked to a given tuple card issuer(TPP)/card number, or addressed by IBAN and TPP respectively.

2.1.1. Path parameters

No parameters.

2.1.2. Query parameters

No parameters.

2.1.3. Request headers

Header Type Optional Description

Consent-ID

String

false

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

2.1.4. Request fields

Path Type Description

account.iban

String

International Bank Account Number.

account.currency

String

This parameter not supported. Support might be implemented in the future.

instructedAmount.amount

String

Transaction amount to be checked within the funds check mechanism.

instructedAmount.currency

String

Transaction amount currency.

2.1.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

2.1.6. Response fields

Path Type Optional Description

fundsAvailable

Boolean

true

True if sufficient funds are available at the time of the request, false otherwise.

2.1.7. Example request

POST /api/public/funds-confirmations HTTP/1.1
Content-Type: application/json;charset=UTF-8
X-Request-ID: 8c43b61c-43bc-41a1-a74a-01613901e37c
Consent-ID: 0da4b182-23a3-476f-8608-87773586ff8a
X-API-Version: 1
Host: psd2.nano.lt
Content-Length: 160

{
  "account" : {
    "iban" : "LT323570010000000031",
    "currency" : "EUR"
  },
  "instructedAmount" : {
    "currency" : "EUR",
    "amount" : "10.50"
  }
}

2.1.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 8c43b61c-43bc-41a1-a74a-01613901e37c
Content-Type: application/json;charset=UTF-8
Content-Length: 29

{
  "fundsAvailable" : true
}

POST /api/public/consents/confirmation-of-funds

This method create a consent resource, defining confirmation of funds access rights to dedicated account.

2.2.1. Path parameters

No parameters.

2.2.2. Query parameters

No parameters.

2.2.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

TPP-Redirect-URI

String

false

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

TPP-Nok-Redirect-URI

String

false

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

2.2.4. Request fields

Path Type Description

account

Object

Account resource.

account.iban

String

International Bank Account Number.

account.currency

String

If not provided, consent will be valid for all current and future currencies.

registrationInformation

String

Additional information about the registration process for the PSU, e.g. a reference to the TPP / PSU contract.

2.2.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

Location

Location of the created resource.

ASPSP-SCA-Approach

SCA approach.

2.2.6. Response fields

Path Type Description

consentId

String

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

consentStatus

String

Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

_links.self.href

String

The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the consent initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

_links.scaRedirect.href

String

In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.

2.2.7. Example request

POST /api/public/consents/confirmation-of-funds HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: b5be731f-8422-4654-bb0b-661de17e6a19
X-API-Version: 1
TPP-Redirect-URI: https://client.nano.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=ok
TPP-Nok-Redirect-URI: https://client.nano.com/consent=0da4b182-23a3-476f-8608-87773586ff8a&status=nok
Host: psd2.nano.lt
Content-Length: 146

{
  "account" : {
    "iban" : "LT053570010000000226",
    "currency" : "EUR"
  },
  "registrationInformation" : "Test registration information"
}

2.2.8. Example response

HTTP/1.1 201 Created
X-Request-ID: b5be731f-8422-4654-bb0b-661de17e6a19
Location: http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 1071

{
  "consentId" : "0da4b182-23a3-476f-8608-87773586ff8a",
  "consentStatus" : "received",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
    },
    "status" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
    },
    "scaRedirect" : {
      "href" : "http://localhost/authorisation/0da4b182-23a3-476f-8608-87773586ff8a/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IkZVTkRfQ09OU0VOVCIsInRuYSI6IlRFU1QiLCJpc3MiOiJWSUEgUGF5bWVudHMgVUFCIiwibm9rIjoidGVzdCIsInJpZCI6IjBkYTRiMTgyLTIzYTMtNDc2Zi04NjA4LTg3NzczNTg2ZmY4YSIsIm9rIjoidGVzdCIsImV4cCI6MTU1MzUyOTk1OCwiYWlkIjoiN2RkMTlmODAtMGJlNC00ZmM0LTg4MGUtZjIwZThmMmY1NDFhIiwiaWF0IjoxNTUzNTI3MjU4LCJ0aWQiOiJURVNUIn0.xY5b7_o8BypkHmNU3jUqiDk5ijDnCD8_SVF3v5Ky86w"
    }
  }
}

DELETE /api/public/consents/confirmation-of-funds/{consentId}

The TPP can delete a confirmation of funds consent object if needed.

2.3.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by Fund Confirmation Consent Request.

2.3.2. Query parameters

No parameters.

2.3.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

2.3.4. Request fields

No request body.

2.3.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

2.3.6. Response fields

No response body.

2.3.7. Example request

DELETE /api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a HTTP/1.1
Accept: application/hal+json
X-Request-ID: c94b08c9-26a8-49f5-9cb6-d9d8b8b74369
X-API-Version: 1
Host: psd2.nano.lt

2.3.8. Example response

HTTP/1.1 204 No Content
X-Request-ID: c94b08c9-26a8-49f5-9cb6-d9d8b8b74369

GET /api/public/consents/confirmation-of-funds/{consentId}

Returns the content of a confirmation of funds consent object.

2.4.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by Fund Confirmation Consent Request.

2.4.2. Query parameters

No parameters.

2.4.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

2.4.4. Request fields

No request body.

2.4.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

2.4.6. Response fields

Path Type Description

account

Object

Account resource.

account.resourceId

String

Unique identification of corresponding resource.

account.iban

String

International Bank Account Number.

account.currency

String

International Bank Account currency.

consentStatus

String

Consent status. Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

registrationInformation

String

Additional information about the registration process for the PSU, e.g. a reference to the TPP / PSU contract.

_links.self.href

String

The link to the consent initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the consent initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

2.4.7. Example request

GET /api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a HTTP/1.1
Accept: application/hal+json
X-Request-ID: bb6323d4-f976-4c68-acc8-bebf4336d395
X-API-Version: 1
Host: psd2.nano.lt

2.4.8. Example response

HTTP/1.1 200 OK
X-Request-ID: bb6323d4-f976-4c68-acc8-bebf4336d395
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 724

{
  "account" : {
    "iban" : "LT053570010000000226",
    "currency" : "EUR",
    "resourceId" : "b4b921f9-2c91-3f60-9940-057b9b2cc410"
  },
  "consentStatus" : "valid",
  "registrationInformation" : "Test registration information",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a"
    },
    "status" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a"
    }
  }
}

GET /api/public/consents/confirmation-of-funds/{consentId}/status

Read the status of a confirmation of funds consent resource.

2.5.1. Path parameters

Parameter Type Optional Description

consentId

String

false

ID of the corresponding consent object as returned by Fund Confirmation Consent Request.

2.5.2. Query parameters

No parameters.

2.5.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

2.5.4. Request fields

No request body.

2.5.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

2.5.6. Response fields

Path Type Optional Description

consentStatus

String

false

Must be one of [received, rejected, valid, revokedByPsu, expired, terminatedByTpp].

2.5.7. Example request

GET /api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: f6774815-c2be-435e-a9b5-2b174a9dda00
X-API-Version: 1
Host: psd2.nano.lt

2.5.8. Example response

HTTP/1.1 200 OK
X-Request-ID: f6774815-c2be-435e-a9b5-2b174a9dda00
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 31

{
  "consentStatus" : "valid"
}

GET /api/public/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}

Reads status of an SCA process.

2.6.1. Path parameters

/api/public/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}
Parameter Description

consentId

ID of the corresponding consent object as returned by an Fund Confirmation Consent Request.

authorisationId

ID of the authorisation sub-resource.

2.6.2. Query parameters

No parameters.

2.6.4. Request fields

No request body.

2.6.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

2.6.6. Response fields

Path Type Optional Description

scaStatus

String

true

Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted].

2.6.7. Example request

GET /api/public/consents/confirmation-of-funds/0da4b182-23a3-476f-8608-87773586ff8a/authorisations/7dd19f80-0be4-4fc4-880e-f20e8f2f541a HTTP/1.1
Accept: application/hal+json
X-Request-ID: 7661acd8-ec27-49dc-a390-d321bd8a3c3c
X-API-Version: 1
Host: psd2.nano.lt

2.6.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 7661acd8-ec27-49dc-a390-d321bd8a3c3c
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 30

{
  "scaStatus" : "received"
}

3. Payment Initiation Service (PIS)

The Payment Initiation Service (PIS) offers the following services:

  • Initiation and update of a payment request

  • Status information of a payment

3.1. Initiate payment

POST /api/public/payments/sepa-credit-transfers

Create a payment initiation resource addressable under {paymentId}. This is the first step in the API to initiate the related payment.

3.1.1. Path parameters

No parameters.

3.1.2. Query parameters

No parameters.

3.1.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

TPP-Redirect-URI

String

false

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

TPP-Nok-Redirect-URI

String

false

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

PSU-IP-Address

String

false

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.

3.1.4. Request fields

Path Type Description

debtorAccount.iban

String

Debtor International Bank Account Number. Parameter is optional. Possibility to choose debtor account after authorization.

debtorAccount.currency

String

Debtor International Bank Account currency.

creditorAccount.iban

String

Creditor International Bank Account Number.

creditorAccount.currency

String

Creditor International Bank Account currency.

creditorName

String

Name of the creditor if a "Debited" transaction.

creditorInstitutionName

String

Credit institution name.

creditorInstitutionCode

String

Creditor institution code. e.g. (DEMOLT22XXX).

remittanceInformationUnstructured

String

Unstructured remittance reference.

instructedAmount.currency

String

Instructed amount currency

instructedAmount.amount

String

Instructed amount value

3.1.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

Location

Location of the created resource.

ASPSP-SCA-Approach

SCA approach.

3.1.6. Response fields

Path Type Description

paymentId

String

Resource identification of the generated payment initiation resource.

transactionStatus

String

Transaction Status of the payment resource. Status values are defined in the ISO20022.

_links.self.href

String

The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the payment initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

_links.scaRedirect.href

String

In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.

3.1.7. Example request

POST /api/public/payments/sepa-credit-transfers HTTP/1.1
Content-Type: application/json;charset=UTF-8
Accept: application/hal+json
X-Request-ID: c9b06ddb-c792-4984-88ed-103506f163fd
X-API-Version: 1
TPP-Redirect-URI: https://client.nano.com/payment=c8a325bc-1ed4-4c0b-bb25-474ae2ed8392&status=ok
TPP-Nok-Redirect-URI: https://client.nano.com/payment=c8a325bc-1ed4-4c0b-bb25-474ae2ed8392&status=nok
PSU-IP-Address: 88.119.96.5
Host: psd2.nano.lt
Content-Length: 348

{
  "debtorAccount" : {
    "iban" : "LT323570010000000031",
    "currency" : "EUR"
  },
  "creditorAccount" : {
    "iban" : "LT237300010131568793",
    "currency" : "EUR"
  },
  "creditorName" : "Jonas Jonaitis",
  "remittanceInformationUnstructured" : "Test payment",
  "instructedAmount" : {
    "currency" : "EUR",
    "amount" : "10.50"
  }
}

3.1.8. Example response

HTTP/1.1 201 Created
X-Request-ID: c9b06ddb-c792-4984-88ed-103506f163fd
Location: http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392
ASPSP-SCA-Approach: REDIRECT
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 1063

{
  "paymentId" : "c8a325bc-1ed4-4c0b-bb25-474ae2ed8392",
  "transactionStatus" : "RCVD",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392"
    },
    "status" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
    },
    "scaRedirect" : {
      "href" : "http://localhost/authorisation/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJydCI6IlBBWU1FTlQiLCJ0bmEiOiJURVNUIiwiaXNzIjoiVklBIFBheW1lbnRzIFVBQiIsIm5vayI6InRlc3QiLCJyaWQiOiJjOGEzMjViYy0xZWQ0LTRjMGItYmIyNS00NzRhZTJlZDgzOTIiLCJvayI6InRlc3QiLCJleHAiOjE1NTM1MzAxMTEsImFpZCI6IjExMTE4NzE2LWZjNTMtNGQ0Ny04MDIyLWRjNzdjYjFjNjVjMiIsImlhdCI6MTU1MzUyNzQxMSwidGlkIjoiVEVTVCJ9.xe3Y05W4C4IWKepLscPgvm-qimopLoG0GXE97spTrD4"
    }
  }
}

3.2. Get payment

GET /api/public/payments/sepa-credit-transfers/{paymentId}

Read the details of an initiated payment.

3.2.1. Path parameters

Parameter Type Optional Description

paymentId

String

false

ID of the corresponding payment initiation object as returned by an Payment Initiation Request.

3.2.2. Query parameters

No parameters.

3.2.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

3.2.4. Request fields

No request body.

3.2.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

3.2.6. Response fields

Path Type Description

debtorAccount.iban

String

Debtor International Bank Account Number.

debtorAccount.currency

String

Debtor International Bank Account currency.

creditorAccount.iban

String

Creditor International Bank Account Number.

creditorAccount.currency

String

Creditor International Bank Account currency.

creditorName

String

Name of the creditor if a "Debited" transaction.

creditorInstitutionName

String

Credit institution name.

creditorInstitutionCode

String

Creditor institution code. e.g. (DEMOLT22XXX).

remittanceInformationUnstructured

String

Unstructured remittance reference.

instructedAmount.currency

String

Instructed amount currency

instructedAmount.amount

String

Instructed amount value

feeAmount.currency

String

Fee amount currency

feeAmount.amount

String

Fee amount value

transactionStatus

String

Transaction Status of the payment resource. Status values are defined in the ISO20022.

_links.self.href

String

The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data.

_links.status.href

String

The link to retrieve status of the payment initiation.

_links.scaStatus.href

String

The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

3.2.7. Example request

GET /api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392 HTTP/1.1
Accept: application/hal+json
X-Request-ID: fa219b82-16ca-4c8c-9dfc-b8618e0d5c93
X-API-Version: 1
Host: psd2.nano.lt

3.2.8. Example response

HTTP/1.1 200 OK
X-Request-ID: fa219b82-16ca-4c8c-9dfc-b8618e0d5c93
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 960

{
  "debtorAccount" : {
    "iban" : "LT323570010000000031",
    "currency" : "EUR"
  },
  "creditorAccount" : {
    "iban" : "LT237300010131568793",
    "currency" : "EUR"
  },
  "creditorName" : "Jonas Jonaitis",
  "creditorInstitutionName" : "Swedbank, AB",
  "creditorInstitutionCode" : "HABALT22XXX",
  "remittanceInformationUnstructured" : "Test payment",
  "instructedAmount" : {
    "currency" : "EUR",
    "amount" : "10.50"
  },
  "transactionStatus" : "RCVD",
  "_links" : {
    "self" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392"
    },
    "status" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/status"
    },
    "scaStatus" : {
      "href" : "http://localhost/api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c"
    }
  }
}

3.3. Get payment status

GET /api/public/payments/sepa-credit-transfers/{paymentId}/status

Read the transaction status of the payment.

3.3.1. Path parameters

Parameter Type Optional Description

paymentId

String

false

ID of the corresponding payment initiation object as returned by an Payment Initiation Request.

3.3.2. Query parameters

No parameters.

3.3.3. Request headers

Header Type Optional Description

X-Request-ID

Object

false

ID of the request, unique to the call, as determined by the initiating party.

3.3.4. Request fields

No request body.

3.3.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

3.3.6. Response fields

Path Type Description

transactionStatus

String

Transaction Status of the payment resource. Status values are defined in the ISO20022.

3.3.7. Example request

GET /api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/status HTTP/1.1
Accept: application/hal+json
X-Request-ID: 91b72916-c3b3-4fe2-b480-2e811d719932
X-API-Version: 1
Host: psd2.nano.lt

3.3.8. Example response

HTTP/1.1 200 OK
X-Request-ID: 91b72916-c3b3-4fe2-b480-2e811d719932
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 34

{
  "transactionStatus" : "RCVD"
}

3.4. Get payment authorisation status

GET /api/public/payments/sepa-credit-transfers/{paymentId}/authorisations/{authorisationId}

Reads status of an SCA process.

3.4.1. Path parameters

/api/public/payments/sepa-credit-transfers/{paymentId}/authorisations/{authorisationId}
Parameter Description

paymentId

Resource identification of the related payment initiation resource.

authorisationId

ID of the authorisation sub-resource.

3.4.2. Query parameters

No parameters.

3.4.4. Request fields

No request body.

3.4.5. Response headers

Name Description

X-Request-ID

ID of the request, unique to the call, as determined by the initiating party.

3.4.6. Response fields

Path Type Optional Description

scaStatus

String

true

Must be one of [received, psuIdentified, psuAuthenticated, started, finalised, failed, exempted].

3.4.7. Example request

GET /api/public/payments/sepa-credit-transfers/c8a325bc-1ed4-4c0b-bb25-474ae2ed8392/authorisations/11118716-fc53-4d47-8022-dc77cb1c65c HTTP/1.1
Accept: application/hal+json
X-Request-ID: dc2a8529-3c42-4811-8d45-26edec147888
X-API-Version: 1
Host: psd2.nano.lt

3.4.8. Example response

HTTP/1.1 200 OK
X-Request-ID: dc2a8529-3c42-4811-8d45-26edec147888
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 30

{
  "scaStatus" : "received"
}

HTTP Response Codes

The HTTP response code is communicating the success or failure of a TPP request message. The 4XX HTTP response codes should only be given if the current request cannot be fulfilled, e.g. a payment initiation cannot be posted or account transactions cannot be retrieved. A request to get the status of an existing payment or a consent usually returns HTTP response code 200 since the actual request to retrieve the status succeeded, regardless if that payment or consent state is set to failure or not.

This specification supports the following HTTP response codes:

Status code Description

200 OK

PUT, GET Response Codes

The POST for a Funds request will also return 200 since it does not create a new resource.

DELETE Response Code where a payment resource has been cancelled successfully and no further cancellation authorisation is required.

201 Created

POST response code where Payment Initiation or Consent Request was correctly performed.

204 No Content

DELETE response code where a consent resource was successfully deleted. The code indicates that the request was performed, but no content was returned.

400 Bad Request

Validation error occurred. This code will cover malformed syntax in request or incorrect data in payload.

401 Unauthorized

The TPP or the PSU is not correctly authorized to perform the request. Retry the request with correct authentication information.

403 Forbidden

Returned if the resource that was referenced in the path exists but cannot be accessed by the TPP or the PSU. This code should only be used for non-sensitive id references as it will reveal that the resource exists even though it cannot be accessed.

404 Not found

Returned if the resource or endpoint that was referenced in the path does not exist or cannot be referenced by the TPP or the PSU. When in doubt if a specific id in the path is sensitive or not, use the HTTP response code 404 instead of the HTTP response code 403.

405 Method Not Allowed

This code is only sent when the HTTP method (PUT, POST, DELETE, GET etc.) is not supported on a specific endpoint. It has nothing to do with the consent, payment or account information data model.

406 Not Acceptable

The ASPSP cannot generate the content that the TPP specified in the Accept header.

408 Request Timeout

The server is still working correctly, but an individual request has timed out.

415 Unsupported Media Type

The TPP has supplied a media type which the ASPSP does not support.

429 Too Many Requests

The TPP has exceeded the number of requests allowed by the consent or by the RTS.

500 Internal Server Error

Internal server error occurred.

503 Service Unavailable

The ASPSP server is currently unavailable. Generally, this is a temporary state.

Additional Error Information

In RFC7807, a standardised definition of reporting error information is described. In the following, requirements of how to use this standardised error information reporting in the context of the PSD2 XS2A interface are defined.

Response Code

The HTTP response code is 4xx or 5xx as defined in HTTP Response Codes for response codes in case of errors.

Response Header

Attribute Type Condition Description

Content-Type

String

Mandatory

The string application/problem+json is used.

Response Body

Attribute Type Condition Description

type

String

Mandatory

A URI reference RFC3986 that identifies the problem type.

title

String

Optional

Short human readable description of error type.

detail

String

Optional

Detailed human readable text specific to this instance of the error.

code

Message Code

Mandatory

Message code to explain the nature of the underlying error.

additionalErrors

Array

Optional

Used if more than one error is to be communicated.

Example

{
    "code": "RESOURCE_UNKNOWN",
    "title": "The addressed resource is unknown relative to the TPP.",
    "description": "Requested account not found.",
    "type": "https://psd2.nano.lt/api#RESOURCE_UNKNOWN",
    "additionalErrors": null
}

HTTP Error Codes

Message Code

HTTP Response Code

Description

CERTIFICATE_INVALID

401

The contents of the signature/corporate seal certificate are not matching PSD2 general PSD2 or attribute requirements.

CERTIFICATE_EXPIRED

401

Signature/corporate seal certificate is expired.

CERTIFICATE_BLOCKED

401

Signature/corporate seal certificate has been blocked by the ASPSP.

CERTIFICATE_REVOKED

401

Signature/corporate seal certificate has been revoked by QSTP.

CERTIFICATE_MISSING

401

Signature/corporate seal certificate was not available in the request but is mandated for the corresponding.

SIGNATURE_INVALID

401

Application layer eIDAS Signature for TPP authentication is not correct.

SIGNATURE_MISSING

401

Application layer eIDAS Signature for TPP authentication is mandated by the ASPSP but is missing.

FORMAT_ERROR

400

Format of certain request fields are not matching the XS2A requirements. An explicit path to the corresponding field might be added in the return message.

PARAMETER_NOT_CONSISTENT

400

Parameters submitted by TPP are not consistent.

PARAMETER_NOT_SUPPORTED

400

The parameter is not supported.

CONSENT_UNKNOWN

403 (if path), 400 (if payload)

The Consent-ID cannot be matched by the ASPSP relative to the TPP.

CONSENT_INVALID

401

The consent was created by this TPP but is not valid for the addressed service/resource.

CONSENT_EXPIRED

401

The consent was created by this TPP but has expired and needs to be renewed.

RESOURCE_UNKNOWN

404 (if account-id path), 403 (if other resource in path)

The addressed resource is unknown relative to the TPP.

RESOURCE_EXPIRED

403 (if path), 400 (if payload)

The addressed resource is associated with the TPP but has expired, not addressable anymore.

STATUS_INVALID

409

The addressed resource does not allow additional authorisation.

PAYMENT_FAILED

400

The payment initiation POST request failed during the initial process. Additional information may be provided by the ASPSP.

PSD2 fallback

The Fallback solution is a set of API-s as a alternative for exiting Nano PSD2 solution. PSD2 Fallback is based on Nano Internet Banking API It contains the following functions:

authenticating TPPs based on QWAC certificates
limiting access to respective functions based on the TPP role
customer authentication and authorization using Nano IB supported security means m-signature, Vasco Digipass, SMS+password
fetching customer accounts information for AISP
initiating payments for PISPs

The Fallback solution does not have:

customer consent management
fetching funds confirmation information for PIISPs
agent features are not supported

List of endpoints:

psd-fallback/auth/login
psd-fallback/auth/logout
psd-fallback/auth/resend
psd-fallback/operations/(:id)/confirmation
psd-fallback/operations/(:id)/resend
psd-fallback/payments
psd-fallback/payments/validate/turnover
psd-fallback/classifiers/institutions/(:id)
psd-fallback/payment-entries

Note in order to execute payment using UI-API services, after user authentication it is mandatory to perform /ui-api/parties/self action