This method creates a consent resource, defining access rights to dedicated accounts of a given PSU-ID. These accounts are addressed explicitly in the method as parameters as a core function. When this Consent Request is a request where the "recurringIndicator" equals "true", and if a former consent already exists for recurring access on account information for the addressed PSU, then the former consent automatically expires as soon as the new consent request is authorised by the PSU.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-ID

Optional in header

string

Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.

PSU-ID-Type

Optional in header

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

PSU-Corporate-ID

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

PSU-Corporate-ID-Type

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

TPP-Redirect-Preferred

Optional in header

string

If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.

{
    "enum": [
        true,
        false
    ]
}

TPP-Redirect-URI

Optional in header

string

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field.

Remark for Future: This field might be changed to mandatory in the next version of the specification.

TPP-Nok-Redirect-URI

Optional in header

string

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.

TPP-Explicit-Authorisation-Preferred

Optional in header

string

If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality.

If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket.

{
    "enum": [
        true,
        false
    ]
}

PSU-IP-Address

Optional in header

string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

body

Optional in body

object

Requestbody for a consents request

consents

Content-Type

Optional in header

string

application/json

Optional in header

string

application/json

Responses

201

Created

consentsResponse-201

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

POST https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents

Body

Headers

content-type

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-ID

PSU-ID-Type

PSU-Corporate-ID

PSU-Corporate-ID-Type

TPP-Redirect-Preferred

TPP-Redirect-URI

TPP-Nok-Redirect-URI

TPP-Explicit-Authorisation-Preferred

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Request

Response

/consents/{consentId}

Account Information Service (AIS)

Summary

getConsentInformation

Description

Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

Optional in header

string

application/json

Responses

200

consentInformationResponse-200_json

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

GET https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}

Headers

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

Request

Response

Account Information Service (AIS)

Summary

deleteConsent

Description

The TPP can delete an account information consent object if needed.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

Optional in header

string

application/json

Responses

204

No Content

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

DELETE https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}

Headers

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

Request

Response

/consents/{consentId}/status

Account Information Service (AIS)

Summary

getConsentStatus

Description

Read the status of an account information consent resource.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

Optional in header

string

application/json

Responses

200

consentStatusResponse-200

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

GET https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/status

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/status

Headers

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

Request

Response

/consents/{consentId}/authorisations

Account Information Service (AIS)

Summary

startConsentAuthorisation

Description

Create an authorisation sub-resource and start the authorisation process of a consent. The message might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the consent.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-ID

Optional in header

string

PSU-ID-Type

Optional in header

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

PSU-Corporate-ID

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

PSU-Corporate-ID-Type

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

TPP-Redirect-Preferred

Optional in header

string

{
    "enum": [
        true,
        false
    ]
}

TPP-Redirect-URI

Optional in header

string

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field.

Remark for Future: This field might be changed to mandatory in the next version of the specification.

TPP-Nok-Redirect-URI

Optional in header

string

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

body

Optional in body

object

transactionAuthorisation

Content-Type

Optional in header

string

application/json

Optional in header

string

application/json

Responses

201

Created

startScaprocessResponse

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

POST https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations

Body

Headers

content-type

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-ID

PSU-ID-Type

PSU-Corporate-ID

PSU-Corporate-ID-Type

TPP-Redirect-Preferred

TPP-Redirect-URI

TPP-Nok-Redirect-URI

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

Request

Response

/consents/{consentId}/authorisations/{authorisationId}

Summary

getConsentScaStatus

Description

This method returns the SCA status of a consent initiation's authorisation sub-resource.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

authorisationId

Required in path

string

Resource identification of the related SCA.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding.Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

body

Optional in body

object

transactionAuthorisation

Content-Type

Optional in header

string

application/json

Optional in header

string

application/json

Responses

200

scaStatusResponse

400

Bad Request

Error400_NG_AIS

401

Unauthorized

Error401_NG_AIS

403

Forbidden

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Method Not Allowed

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Conflict

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

GET https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations/{authorisationId}

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations/{authorisationId}

Body

Headers

content-type

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

authorisationId

Request

Response

Summary

updateConsentsPsuData

Description

This method update PSU data on the consents resource if needed.It may authorise a consent within the Embedded SCA Approach where needed.Independently from the SCA Approach it supports e.g. the selection ofthe authentication method and a non-SCA PSU authentication.This methods updates PSU data on the cancellation authorisation resource if needed.There are several possible Update PSU Data requests in the context of a consent request if needed,which depends on the SCA approach: Redirect SCA Approach: A specific Update PSU Data Request is applicable for the selection of authentication methods, before choosing the actual SCA approach. Decoupled SCA Approach: A specific Update PSU Data Request is only applicable for adding the PSU Identification, if not provided yet in the Payment Initiation Request or the Account Information Consent Request, or if no OAuth2 access token is used, or the selection of authentication methods. Embedded SCA Approach: The Update PSU Data Request might be used to add credentials as a first factor authentication data of the PSU and to select the authentication method and transaction authorisation.The SCA Approach might depend on the chosen SCA method.For that reason, the following possible Update PSU Data request can apply to all SCA approaches: Select an SCA method in case of several SCA methods are available for the customer.There are the following request types on this access path: Update PSU Identification Update PSU Authentication Select PSU Autorization Method WARNING: This method need a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change. Transaction Authorisation WARNING: This method need a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

consentId

Required in path

string

ID of the corresponding consent object as returned by an Account Information Consent Request.

authorisationId

Required in path

string

Resource identification of the related SCA.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-ID

Optional in header

string

PSU-ID-Type

Optional in header

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

PSU-Corporate-ID

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

PSU-Corporate-ID-Type

Optional in header

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

body

Optional in body

object

The request body has one of the following schemas, depending on the data to be updated: 1) selectPsuAuthenticationMethod, 2) transactionAuthorisation. The respective success responses (200 OK) are 1)SelectPsuAuthenticationMethodResponse and 2)scaStatusResponse.

{
    "schema": {
        "type": "object"
    }
}

Content-Type

Optional in header

string

application/json

Optional in header

string

application/json

Responses

200

{
    "schema": {
        "type": "object"
    },
    "headers": {
        "X-Request-ID": {
            "type": "string",
            "default": "99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
        },
        "ASPSP-SCA-Approach": {
            "type": "string",
            "default": "EMBEDDED"
        }
    }
}

400

Bad Request

Error400_NG_AIS

401

Unauthorized

Error401_NG_AIS

403

Forbidden

Error403_NG_AIS

404

Not found

Error404_NG_AIS

405

Method Not Allowed

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

409

Conflict

Error409_NG_AIS

415

Unsupported Media Type

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

default

Internal Server Error

Example Request

Example Response

Definition

PUT https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations/{authorisationId}

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/consents/{consentId}/authorisations/{authorisationId}

Body

Headers

content-type

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Digest

Signature

TPP-Signature-Certificate

PSU-ID

PSU-ID-Type

PSU-Corporate-ID

PSU-Corporate-ID-Type

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

consentId

authorisationId

Request

Response

/accounts

Account Information Service (AIS)

Summary

getAccountList

Description

Read the identifiers of the available payment account together with booking balance information, depending on the consent granted.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Consent-ID

Required in header

string

This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.

withBalance

Optional in query

boolean

If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP.

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

Optional in header

string

application/json

Responses

200

accountList

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

GET https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/accounts

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/accounts

Headers

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Consent-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

withBalance

Request

Response

/accounts/{account-id}

Account Information Service (AIS)

Summary

readAccountDetails

Description

Reads details about an account, with balances where required.

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

offline_access

Required for refresh tokens

Parameters

Authorization

Required in header

string

This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2.

X-IBM-Client-Id

Required in header

string

Application's client id

X-Client-Certificate

Required in header

string

EIDAS QWac Client Certificate, for EBA Catalog verification

account-id

Required in path

string

This identification is denoting the addressed account. The account-id is retrieved by using a "Read Account List" call. The account-id is the "id" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.

X-Request-ID

Required in header

string / uuid

ID of the request, unique to the call, as determined by the initiating party.

Consent-ID

Required in header

string

This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.

withBalance

Optional in query

boolean

Digest

Optional in header

string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature

Optional in header

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate

Optional in header

string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address

Optional in header

string

PSU-IP-Port

Optional in header

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language

Optional in header

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent

Optional in header

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method

Optional in header

string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

GET
POST
PUT
PATCH
DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ]
}

PSU-Device-ID

Optional in header

string / uuid

PSU-Geo-Location

Optional in header

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "GEO:-?[0-9]{1,2}\\.[0-9]{6};-?[0-9]{1,3}\\.[0-9]{6}"
}

Optional in header

string

application/json

Responses

200

accountDetails

400

Bad Request

Error400_NG_AIS

401

Not Authorized

Error401_NG_AIS

403

Consent Unknown

Error403_NG_AIS

404

Not Found

Error404_NG_AIS

405

Service Invalid

Error405_NG_AIS

406

Not Acceptable

Error406_NG_AIS

408

Request Timeout

Error408_NG_AIS

409

Status Invalid

Error409_NG_AIS

415

Unsupported Media Type

Error415_NG_AIS

429

Too Many Requests

Error429_NG_AIS

503

Service Unavailable

Error503_NG_AIS

default

Internal Server Error

Example Request

Example Response

Definition

GET https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/accounts/{account-id}

Response

Try this operation

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/psd2/v3.1/accounts/{account-id}

Headers

Authorization

X-IBM-Client-Id

X-Client-Certificate

X-Request-ID

Consent-ID

Digest

Signature

TPP-Signature-Certificate

PSU-IP-Address

PSU-IP-Port

PSU-Accept

PSU-Accept-Charset

PSU-Accept-Encoding

PSU-Accept-Language

PSU-User-Agent

PSU-Http-Method

PSU-Device-ID

PSU-Geo-Location

Parameters

account-id

withBalance

Request

Response

/accounts/{account-id}/balances

Account Information Service (AIS)

Summary

getBalances

Description

Reads account balances data from a given account addressed by "account-id"

Security

To use this operation you must use one of the following sets of security requirements.

MSIS OAuth

(oauth2 accessCode)

Authorization URL

https://openbank.piraeusbank.gr/identityserver/connect/authorize

Token URL

https://openbank.piraeusbank.gr/identityserver/connect/token

Scopes

winbankAccess winbankAccess.info

offline_access

Required for refresh tokens

Sandbox OAuth

(oauth2 accessCode)

Resource Owner Implicit Grant Type

Authorization URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/authorize

Token URL

https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v3/oauth/oauth2/token

Scopes

sandboxapi

Access to all Assets resources

rAPId Link

Menu

PSD2 AIS

PSD2 AIS 3.1.0

Paths

/consents

/consents/{consentId}

/consents/{consentId}/status

/consents/{consentId}/authorisations

/consents/{consentId}/authorisations/{authorisationId}

/accounts

/accounts/{account-id}

/accounts/{account-id}/balances