Sandbox (PB APIs)

The main objective of the Sandbox Environment is to expose the bank’s APIs without offering access to sensitive data. It basically provides a simulation of the functionality of the bank’s actual backend systems, using a dummy set of data for testing purposes.

 Quick Navigation to:


 

Sandbox Database Assumptions

The Sandbox Database was designed to address the particular needs and meet the purposes of this Environment. To this end, the database implementation was based on a few assumptions:

  1. For greater flexibility and independence among various third-party developers and their applications, each client application with a specific clientId will have access to a different subset of data. To achieve this, a template of basic data has been set, which is replicated each time an application with a new clientId attempts to connect to the database. The purpose of this replication is to provide each client application that connects to the Sandbox environment with the same initial set of dummy data.
  2.  A data reset mechanism is also provided, in case the tests performed block one or more of the available functions (for instance, by draining the available balance  of all the provided accounts, thus impeding future transactions).
  3. The template dataset consists of 3 individual users (UserA, UserB, UserC) and 2 corporate users (UserD, UserE), with each one holding a specific number of accounts and/or cards (credit, debit, prepaid).
  4. Since the database contains only the particular dummy data, in order to get a valid response from several of the APIs, certain predefined values must be used, otherwise exceptions are thrown. These values are presented in detail in the following sections.
  5. Each login session with a generated oAuth token will expire after 60 minutes. After this timeframe, the client application will need to login again.

 


 

Valid Data Scenarios

Since the Sandbox database contains only a limited sample of dummy data, it is necessary to follow certain guidelines and use specific predefined data values in order to get valid responses. Otherwise, exceptions are thrown as explained below.

      • Login - User Authentication - Authorization

Sandbox uses the oAuth protocol for user authentication and authorization. Each client application will redirect to a specific page where users must insert their credentials to get authenticated. Upon successful authentication, they are redirected to an authorization page, and once they grant authorization rights to the client application, they are ready to use the application, via which they implicitly invoke the bank’s APIs.

Within the Sandbox environment, the valid credentials for user authentication are :

User User Type Username (case Insensitive) Password
UserA INDIVIDUAL usera 123
UserB INDIVIDUAL userb 123
UserC INDIVIDUAL userc 123
UserD CORPORATE userd 123
UserE CORPORATE usere 123

 

If the aforementioned process is completed successfully, an oAuth Bearer token is generated which is saved in the Sandbox database and required as an Authorization Header for every request when calling the APIs (except for General Info APIs which do not require user authentication to generate a valid response).

 

      • Customer APIs

The existing API GET /customer/info does not require any further input apart from the Authorization Header containing an active token.

 

      • Security APIs

The calls of the implemented APIs are :

POST /{TokenType}/generate,

POST /{TokenType}/generate/force,

GET /token/validate/{TokenValue},

GET /{TokenType}/validate/{TokenValue} and

POST  /token/select/{TokenType}/for/{SessionKey}

All the above API calls require the Authorization Header, as well as one or two path parameters :

TokenType

extrapin / otp

TokenValue

3288000

 

Another couple set of APIs that belong to the category of Security APIs are those of Trusted Beneficiaries and Approvals:

      • TrustedBeneficiaries APIs

The calls of the implemented APIs are:

GET /

GET /list

POST /list

DELETE /list

DELETE /list/{stagedId}

POST /validate

POST /execute

DELETE /{trustedBeneficiaryID}

All the above API calls require the Authorization Header.

GET / returns a list of the current trusted beneficiaries. In Sandbox this list is fixed and its data will not be changed even when deleting existing items using DELETE /{trustedBeneficiaryIDor adding new ones. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/ 

Response Example: 

{ 

    "whitelistEntries": [ 

        { 

            "whitelistId": "VDA6RPYZ2Mp", 

            "operationDescription": "Vodafone Mobile/Fixed", 

            "whitelistType": 4, 

            "whitelistTypeDescription": "Operation", 

            "displayName": "Vodafone Mobile/Fixed", 

            "updateDate": "2023-01-16T16:33:38.917" 

        }, 

        { 

            "whitelistId": "3GYqGBJZ7P1", 

            "operationDescription": "Transfer to Other Bank / Remittance", 

            "whitelistType": 2, 

            "whitelistTypeDescription": "Destination", 

            "displayName": "GR0401106710000067150700077 (Unique display name here or auto)", 

            "updateDate": "2022-12-08T18:17:39.647" 

        } 

    ] 

} 

 

GET /list returns a list of the currently staged trusted beneficiaries. This list will contain data posted using the call POST /list. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list

Response Example: 

{ 

    "trustedBeneficiaries": [ 

        { 

            "stagedId": "Bl5DqyO8Vbd", 

            "timestamp": "2023-02-13T16:06:02.287", 

            "displayName": "Bank of Greece", 

            "productValue": "GR1601101250000000012300695", 

            "beneficiaryBank": { 

                "name": "ΕΘΝΙΚΗΤΡΑΠΕΖΑΤΗΣΕΛΛΑΔΟΣ", 

                "bic": "ETHNGRAAXXX", 

                "address": "AIOLOU STR 86", 

                "countryIsoCode": "GRC", 

                "city": "Athens" 

            }, 

            "beneficiaryName": "John Doe" 

        } 

    ] 

} 

 

POST /list is used to stage a trusted beneficiary. One entry per call is allowed. Besides the authorization header, the trusted beneficiary as aJSON object is also required. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list 

Body Input example:  

{ 

"DisplayName": "Bank of Greece", 

"ProductValue": "GR1601101250000000012300695", 

"BeneficiaryBank": { 

"Name": "ΕΘΝΙΚΗ ΤΡΑΠΕΖΑ ΤΗΣ ΕΛΛΑΔΟΣ", 

"Bic": "ETHNGRAAXXX", 

"Address": "AIOLOU STR 86", 

"CountryIsoCode": "GRC", 

"City": "Athens", 

"DomesticBankCode": null 

}, 

"BeneficiaryName": "John Doe" 

} 

Response example: 

{ 

    "message": "Successfully added to list" 

} 

 

DELETE /list is used to clear the entire list of staged beneficiaries. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list 

Response example: 

{ 

    "message": "list successfully cleared" 

} 

 

DELETE /list/{stagedId} is used to delete a specific entry in the list of staged trusted beneficiaries.Besides the authorization header, the entry’s stagedId is also required in the URL path. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list/Bl5DqyO8Vbd 

Path Input example: Bl5DqyO8Vbd 

Response example: 

{ 

    "message": "staged entry Bl5DqyO8Vbd successfully deleted" 

} 

 

POST /validate stages the current entries before final insertion. It returns the SessionKey which is required to call POST /execute. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/validate 

Response example: 

{ 

    "sessionKey": " i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7" 

} 

 

POST /execute is the final step for manipulating the list of trusted beneficiaries. In Sandbox, this call does not manipulate any rows and returns a fixed set of data. Besides the authorization header, the SessionKey and ExtraPinarerequiredin the form of a JSON object. In Sandbox, ExtraPin is always required and is 3288000. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/execute 

Body Input example:  

{ 

    "SessionKey": "i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7", 

    "ExtraPin": "3288000" 

} 

Response example: 

{ 

    "message": [ 

        { 

            "displayName": "Bank of Greece", 

            "success": false, 

            "message": "Exists - alias id (766841)." 

        }, 

        { 

            "displayName": "John Doe 1", 

            "success": true 

        }, 

        { 

            "displayName": "6303", 

            "success": true 

        } 

    ] 

} 

 

DELETE /{trustedBeneficiaryID} directly deletes an active trusted beneficiary using the WhitelistID fetched from GET /. Besides the authorization header, the trustedBeneficiaryID is required in the URL path. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/VDA6RPYZ2Mp 

Route Input example: VDA6RPYZ2Mp 

Response example: 

{ 

    "message": "VDA6RPYZ2Mpsuccessfully deleted" 

} 

stages the current entries before final insertion. It returns the SessionKey which is required to call POST /execute. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/validate 

Response example: 

{ 

    "sessionKey": " i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7" 

} 

 

        • Approvals APIs 

The calls of the implemented APIs are: 

GET / 

GET /list 

DELETE /list 

DELETE /list/{approvalKey} 

POST /list/{approvalKey} 

POST /validate 

DELETE /validate 

POST /execute 

All the above API calls require the Authorization Header. 

 

GET / returns two lists, one with the user’s own pending transactions and one with others’ pending transactions. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/ 

Response Example: 

{ 

"own": [ 

{ 

"approvalKey": "MV80ODM0NTNfOTI4NF83NTQ2MzMxNA", 

"keyType": 1, 

"pendingOperationiD": 9284, 

"paymentOrderId": 75463314, 

"userName": "ΑΝΑΣΤΑΣΙΟΣ ΒΟΥΡΝΑΖΙΔΗΣ", 

"userAlias": "UserD", 

"transactionDescription": "RFPayment", 

"postDate": "2023-01-03T00:00:00", 

"amount": 55, 

"currency": "EUR", 

"assetNumber": "GR28 0171 8220 0070 5212 4122 143", 

"destination": "RF51907738000300007213168", 

"approvalStarted": false 

}, 

{ 

"approvalKey": "MV80ODM0NTNfOTI4NF83NTQ2MzMxNA", 

"keyType": 1, 

"pendingOperationiD": 9284, 

"paymentOrderId": 75463314, 

"userName": "ΑΝΑΣΤΑΣΙΟΣ ΒΟΥΡΝΑΖΙΔΗΣ", 

"userAlias": "UserD", 

"transactionDescription": "TransferToOwnAccount", 

"postDate": "2023-01-03T00:00:00", 

"amount": 55, 

"currency": "EUR", 

"assetNumber": "GR28 0171 8220 0070 5212 4122 143", 

"destination": "", 

"approvalStarted": false 

} 

], 

"other": [ 

{ 

"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg", 

"keyType": 0, 

"pendingOperationiD": 9286, 

"paymentOrderId": 75463316, 

"userName": "ΓΚΙΚΑΣ ΝΙΚΟΛΑΟΣ", 

"userAlias": "UserE", 

"transactionDescription": "BILL PAYMENT", 

"postDate": "2023-01-04T00:00:00", 

"amount": 45, 

"currency": "EUR", 

"assetNumber": "GR28 0171 8220 0070 6113 3122 113", 

"destination": "1234567", 

"approvalStarted": false 

}, 

{ 

"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg", 

"keyType": 0, 

"pendingOperationiD": 9286, 

"paymentOrderId": 75463316, 

"userName": "ΓΚΙΚΑΣ ΝΙΚΟΛΑΟΣ", 

"userAlias": "UserE", 

"transactionDescription": "TransferToOwnAccount", 

"postDate": "2023-01-04T00:00:00", 

"amount": 45, 

"currency": "EUR", 

"assetNumber": "GR28 0171 8220 0070 6113 3122 113", 

"destination": "", 

"approvalStarted": false 

} 

] 

} 

GET /list returns a list with the currently staged pending transactions for approval or rejection. Besides the authorization header, an optional analyseKey” Boolean parameter can be used which determines the inclusion of the following fields In the response object: 

    • KeyType 

    • SavedUserId 

    • PendingOperationId 

    • PaymentOrderId 

 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list 

Response Example, where analyseKey is not included or set to False: 

{ 

    "approvalListEntries": [ 

        { 

            "timeStamp": "2023-02-14T12:39:56.4266667", 

            "userID": "483453", 

            "clientID": "ea9e2c7e-fb43-4e77-9cac-f7472da38bcf", 

            "approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg" 

        } 

    ] 

} 

Response Example, where analyseKey is set to True: 

{ 

    "approvalListEntries": [ 

        { 

            "timeStamp": "2023-02-14T12:39:56.4266667", 

            "userID": "483453", 

            "clientID": "ea9e2c7e-fb43-4e77-9cac-f7472da38bcf", 

            "approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg", 

            "keyType": 0, 

            "savedUserId": "483453", 

            "pendingOperationiD": 9286, 

            "paymentOrderId": 75463316 

        } 

    ] 

} 

 

DELETE /list clears the list with the currently staged pending transactions. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list 

Response example: 

{ 

    "message": "List successfully cleared" 

} 

DELETE /list/{approvalKeydeletes a specific entry from the list with the currently staged pending transactions. Besides the authorization header, approvalKey is required in the URL path. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list/MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg 

Response example: 

{ 

    "message": "Successfully added" 

} 

Response in case it already exists: 

{ 

    "message": "key MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg is already in the list" 

} 

 

POST /list/{approvalKeyadds a pending transaction to the list with the staged ones. Besides the authorization header, approvalKey is required in the URL path. 

Note: During the staging process it is not allowed to combine Own and Others’ transactions, otherwise the following will be returned: 

{ 

    "message": "there are already 'own' type entries in list. this is an 'other' type and they can't be combined" 

} 

 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list/MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg 

Response example: 

{ 

    "message": "SuccessfullyAdded" 

} 

 

POST /validate stages the current entries forapproval. It returns the SessionKey, which is required to call POST /execute, and a list of the approvalKeys. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/validate 

Response example: 

{ 

    "sessionKey": "FlZ2vkNamdbyGQRKnwfHsNoS23QGSatXj6V", 

    "approvalKeys": [ 

        "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg" 

    ] 

} 

 

DELETE /validate stages the current entries forrejection. Like POST /validate, it returns a SessionKey, which is required to call POST /execute, and a list of the approvalKeys. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/validate 

Response example: 

{ 

    "sessionKey": "550jyZ6vpXuSTwRVWVezcxMIJQ1lLYmVXx", 

    "approvalKeys": [ 

        "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg" 

    ] 

} 

 

POST /execute is the last step to the process. Besides the authorization header, the SessionKey fetched above and an ExtraPin is required. In Sandbox, ExtraPin is always required and is 3288000. 

URL Example (case sensitive): 
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/execute 

Response example for a rejection: 

{ 

    "message": "The transaction approved successfully", 

    "approvalResults": [ 

        { 

            "approvalKey": "MF80ODM0NTNfNDEwNTYzN183OTk0MTg4", 

            "status": 4, 

            "statusDescription": "Completed", 

            "comment": "EB17061900626009" 

        } 

    ] 

} 

 

        • Lookups APIs

The API call GET /POP/list has no required parameters, while the API call GET /POP/{PointTypeName}/list needs one parameter :

PointTypeName

none / atm / aps / branch / ebranch / all

 

      • Accounts & Cards APIs

The API call GET /accounts/list does not require any further input apart from the Authorization Header containing an active token.

The API /accounts/{accountId}/details requires the Authorization Header, as well as one path parameter:

accountId

The accountId can be retrieved from the response generated by invoking the first API

The API /accounts/{accountId}/transactions/{input_filter} requires the Authorization Header, as well as two path parameters :

accountId

The accountId can be retrieved from the response generated by invoking the first API

input_filter

{

      "fromDate": "2017-9-1",

      "toDate": "2018-1-30",

      "fromRow": "",

      "pageSize": 20,

      "lastBalance": 0.0

  }

Note

There are a couple of sample transactions for every user and account. To retrieve them, try the above input_filter, with different from and to dates.

As soon as the user performs a single or mass monetary transaction, the Account Transactions API will return a valid response when the proper timeframes are selected.

On the contrary, if there are no records of transactions within the selected timeframe, the following json object will be returned :

{

              “AccountTransactions”: [],

              “PagingInfo”: {

                            “RowIndex”: 0,

                            “MaxRows”: 0,

                            “CountRows”: false,

                            “TotalRowsCount”: 0

              }

}

 

The following Cards API calls require only the Authorization Header :

/cards/list
/cards/credit/list
/cards/debit/list
/cards/prepaid/list

The APIs regarding card details are :

/cards/{cardId}/details
/cards/credit/{cardId}/details
/cards/debit/{cardId}/details
/cards/prepaid/{cardId}/details

These APIs require the Authorization Header, as well as one path parameter:

cardId

The cardId can be retrieved from the response generated by invoking the respective ‘list’ API

The APIs regarding card transactions are :

/cards/{cardId}/transactions/{input_filter}
/cards/credit/{cardId}/transactions/{input_filter}
/cards/debit/{cardId}/transactions/{input_filter}
/cards/prepaid/{cardId}/transactions/{input_filter}

These APIs require the Authorization Header, as well as two path parameters :

cardId

The cardId can be retrieved from the response generated by invoking the respective ‘list’ API

input_filter

{

      "fromDate": "2017-9-1",

      "toDate": "2018-1-30",

      "fromRow": "",

      "pageSize": 20,

      "lastBalance": 0.0

  }

Note

There are a couple of sample transactions for every user and card. To retrieve them, try the above input_filter with different from and to dates. 

 

Valid values for account and card numbers, as well as valid dates to retreive the transaction lists are provided in the following tables.

 

  User Accounts & Cards

User Accounts Cards
UserA

GR2801718220007022123123123

GR9001718220007025111222333

-
UserB

GR0101718220007027000224226
GR0101718220007052999999000

430589******6006
UserC

GR0101718220007027000112113
GR1801718220007022123456789

-
[accounts from other banks] 

GR9202600260000000000299650

CY22002001550000000000084100

 

 

User Account & Card Transactions

User Account / Card Valid Transaction Dates
UserA

GR2801718220007022123123123

01/12/2017 - 31/12/2017

GR9001718220007025111222333

01/01/2018 - 31/01/2018
UserB

GR0101718220007027000224226

01/01/2018 - 31/01/2018

GR0101718220007052999999000

-

430589******6006

01/10/2017 - 31/12/2017
UserC

GR0101718220007027000112113

-

GR1801718220007022123456789

01/01/2018 - 31/01/2018

 

 

      • Transactions APIs

The first set of APIs involve single monetary transfers from an account owned by the user to an IBAN of an account, either within the bank (owned by the same user or another client of Piraeus Bank) or from another bank (remittance).

The API /TransferToIban and /TransferToIban/Validate require the Authorization Header, as well as a JSON object within the request body :

transferToIban_input

{  

      "AccountId": "string",

      "IBAN": "string",

      "Amount": 0.0,

      "Reason": "string",

      "Currency": "EUR",

      "ChargeType": "string",

      "Priority": "string",

      "ContactPhone": "306911111111",

      "BeneficiaryName": "string",

      "SepaInfo": "123456"

}

 The API /TransferToIban/Execute/{SessionKey} needs the Authorization Header, as well as one path parameter :

SessionKey

The SessionKey can be retrieved from the response generated by invoking the /TransferToIban/Validate API

 

Warning

As mentioned before, TransferToIban refers to single monetary transactions between an account owned by the user and an account belonging to one of three potential destinations: the same user, another user within the bank and another person holding an account in a different bank.

Therefore, for this API to generate valid results, the destination IBAN should be one of the following :

 

Valid IBANs in case of Transfers within the  Bank

GR2801718220007022123123123

GR1801718220007022123456789

GR9001718220007025111222333

GR0101718220007027000112113

GR0101718220007052999999000

Valid IBANs in case of Remittance

GR9202600260000000000299650

CY22002001550000000000084100

 

The second set of APIs below, which will soon be DEPRECATED, refers to bulk monetary transfers from an account owned by the user to a set of other IBANs, according to a file, which is to be uploaded. In Sandbox environment, the file can be random, however its filename has to be unique every time.

The APIs /BulkPayment and /BulkPayment/Validate require the Authorization Header, as well as the file to be uploaded, while the API /BulkPayment/Execute/{SessionKey} requires the Authorization Header, as well as one path parameter :

SessionKey

The SessionKey can be retrieved from the response generated by invoking the /BulkPayment/Validate API

 

The third set of transactions APIs refers to payroll payments from an account owned by the user to a set of other IBANs, according to file, which is to be uploaded. Again, in Sandbox environment, the file can be random, however its filename has to be unique every time.

The APIs /Payroll and /Payroll/Validate require the Authorization Header, as well as the file to be uploaded, and a JSON object being one of the form-data elements containing the extra payroll information :

payroll_params

{

"AssetFrom":"agBqAGcAdwAxAHUAZQBpALcKtwDKV%2bLF%2bkC3Fc7p%2fLY%3d",

"AssetType":1,

"ContractNumber":"3051",

"DisketteNumber":1,

"NumberOfPayments":2,

"Description":"AAA",

"PaymentDate":"2017-06-07T21:00:00.000Z",

"Amount":2.3,

"Currency":"EUR",

"payload" : ""

}

 The API /Payroll/Execute/{SessionKey} requires the Authorization Header, as well as one path parameter :

SessionKey

The SessionKey can be retrieved from the response generated by invoking the /Payroll/Validate API

 

Note

Since the purpose of the Sandbox environment is to provide a simulation with dummy data, the process of file upload has been simplified and does not involve file content validation. Therefore, the only data stored includes information about the user performing the upload, the filename and date / time of upload.

The only precondition to validate the upload is that the filename has not been used before by the same User and ClientId. Then, a FileID is generated and returned, which will be used for the next step of BulkPayment / Payroll Validate.

 

Finally, there are four APIs which return history and details for BulkPayment and Payroll transactions :

 

/BulkPayment/History/{input_filter}

This API requires the Authorization Header, as well as one path parameter :

input_filter

{

"fromDate": "2017-01-01T14:36:55.6597275+03:00",

"toDate": "2017-12-09T14:36:55.6597275+03:00"

}

 /BulkPayment/{PaymentCode}/{PaymentDate}/Details

This API requires the Authorization Header, as well as two path parameters :

PaymentCode

The PaymentCode can be retrieved from the response generated by invoking the /BulkPayment/History API

PaymentDate

The PaymentDate can be retrieved from the response generated by invoking the /BulkPayment/History API

/Payroll/History/{input_filter}

This API requires the Authorization Header, as well as one path parameter :

input_filter

{

"TypeOfAction": 0,

"fromDate": "2017-01-01T14:36:55.6597275+03:00",

"toDate": "2017-12-09T14:36:55.6597275+03:00"

}

/Payroll/{PaymentCode}/Details

This API requires the Authorization Header, as well as two path parameters :

PaymentCode

The PaymentCode can be retrieved from the response generated by invoking the /Payroll/History API

 

Note

As soon as the user performs a BulkPayment or Payroll the respective History API will return a valid response when proper timeframes are selected. On the contrary, the Details APIs will only return the following message :

       “Τα αναλυτικά στοιχεία δεν είναι διαθέσιμα”

If there are no records of BulkPayment or Payroll transactions within the selected timeframe, the following message will be generated :

       “Η συναλλαγή σας δεν εκτελέστηκε λόγω προβλήματος στην επικοινωνία. Παρακαλούμε ξαναδοκιμάστε σε λίγο”

However, as described below, there are certain predefined scenarios where both History and Details are available.

 

In order to retrieve information from both the History and Details APIs, the required input and expected output is summarized in the following tables.

 

A. BulkPayment History

Input

{

"fromDate": "2015-02-01T00:00:00.00",

"toDate": "2015-08-01T00:00:00.00"

}

Output

{

"MassTransferFiles": [

{

"WinbankReference": "999000836",

"UserFileName": "PPS_3483057_15012801.EPPS",

"InputDate": "2015-02-12 00:00:00.0",

"SequenceNo": "999000836",

"TotalPayments": 3,

"StatusCode": "77",

"StatusCodeDescription": "",

"Comments": "",

"TotalOrderAmount": 60

},

{

"WinbankReference": "424",

"UserFileName": "καινουργιο_ νεο _30 χαρακτηρες",

"InputDate": "2015-04-01 00:00:00.0",

"SequenceNo": "653",

"TotalPayments": 3,

"StatusCode": "91",

"StatusCodeDescription": "Απέτυχε",

"Comments": "Ασυμφωνία Κωδικού Εταιρείας",

"TotalOrderAmount": 502085.05

},

{

"WinbankReference": "999001215",

"UserFileName": "PPS 3483057 15012801.EPPS",

"InputDate": "2015-06-05 00:00:00.0",

"SequenceNo": "999001215",

"TotalPayments": 3,

"StatusCode": "94",

"StatusCodeDescription": "",

"Comments": "Ολοκλήρωση επεξεργασίας αρχείου",

"TotalOrderAmount": 60

},

{

"WinbankReference": "999001218",

"UserFileName": "PPS 3483057 15012801.EPPS",

"InputDate": "2015-06-05 00:00:00.0",

"SequenceNo": "999001218",

"TotalPayments": 2,

"StatusCode": "2",

"StatusCodeDescription": "Εκτελείται Τώρα",

"Comments": "Επιτυχής έλεγχος αρχείου EPPS",

"TotalOrderAmount": 40

},

{

"WinbankReference": "999001217",

"UserFileName": "PPS 3483057 15012801.EPPS",

"InputDate": "2015-06-05 00:00:00.0",

"SequenceNo": "999001217",

"TotalPayments": 3,

"StatusCode": "4",

"StatusCodeDescription": "Παραλήφθηκε το απαντητικό αρχείο",

"Comments": "Ολοκλήρωση επεξεργασίας αρχείου",

"TotalOrderAmount": 60

},

{

"WinbankReference": "999001206",

"UserFileName": "PPS 3483057 15012801.EPPS",

"InputDate": "2015-06-05 00:00:00.0",

"SequenceNo": "999001206",

"TotalPayments": 2,

"StatusCode": "16",

"StatusCodeDescription": "",

"Comments": "Ολοκλήρωση επεξεργασίας αρχείου",

"TotalOrderAmount": 40

}

],

"EppsCode": 3483057

}

 

Input

{

"fromDate": "2017-01-01T00:00:00.00",

"toDate": "2017-06-30T00:00:00.00"

}

Output

{
"
MassTransferFiles": [

{
"WinbankReference": "981383524",
"UserFileName": "SEPA-20170626-12.xml",
"InputDate": "2017-06-26 00:00:00.0",
"SequenceNo": "981383524","TotalPayments": 1,
"StatusCode": "91",
"StatusCodeDescription": "Απέτυχε",
"Comments": "Εχει ξανασταλεί αρχείο με unq file nbr:12",
"TotalOrderAmount": 22
}],
"
EppsCode": 0

}

 

B. BulkPayment Details

Input

/BulkPayment/981383524/2017-06-26/Details

Output

{
"
FileData": {

"WinbankReference": "981383524",
"UserFileName": "SEPA-20170626-12.xml",
"InputDate": "2017-06-26 00:00:00.0",
"SequenceNo": "981383524",
"TotalPayments": 1,
"StatusCode": "91",
"StatusCodeDescription": "Απέτυχε",
"Comments": "Εχει ξανασταλεί αρχείο με unq file nbr:12",
"TotalOrderAmount": 22
},
"
FileDetails": [{

"RemittanceIndex": "1",
"PaymentReference": "",
"ExecutionDate": 1498435200000,
"BranchCode": "",
"PaymentType": "-",
"Country": "",
"Beneficiary": "Γιώργος Ανδρέου",
"PaymentDetails": "Μαζική Πληρωμή 2017-06-26",
"DebitAccount": "",
"CreditAccount": "GR1501720530005053000154783",
"BeneficiaryBank": "",
"BeneficiaryBankBic": "",
"PaymentNumber": "",
"Amount": 22
}],
"
ExecutionDate": 1498435200000,
"
DebitAccount": "GR1501720530005053000154783"

}

 

C. Payroll History

Input

{

"fromDate": "2015-02-01T00:00:00.00",

"toDate": "2015-08-01T00:00:00.00"

}

Output

{
"
FilePaymentsList": [{

"PayrollPayment": {
"AssetFromAccountNumberDashed": "5054-017448-432",
"AssetFromAccountIbanDashed": "",
"PayrollPaymentCode": "20170626-9273-2",
"PayrollPaymentDate": 1498424400000,
"ContractNumber": "9273",
"EmployeeCount": 1,
"PaymentDate": 1498424400000
},
"Description": "Payroll 06-2017",
"ReturnedEmployees": 0,
"ReturnedAmount": {
"Amount": 0,
"Currency": null,
"AmountType": null,
"BackendAmountType": null,
"AmountDate": null
},
"SubmittedAt": 1498424400000,
"ReceivedBy": "Διαδίκτυο"
}]
}

 

    • Payments APIs

The calls of the implemented APIs are:

GET /codes

GET /codes/{paymentCode}

POST /single/{RFCode}/validate

POST /single/{RFCode}/execute/{SessionKey}

POST /{paymentCode}/validate

POST /{paymentCode}/execute/{SessionKey}

GET /{paymentOrderID}/history

GET /{paymentOrderID}/{paymentID}

PUT /{paymentOrderID}/action/{action}

GET /history/type/{type}

All the API calls above require the Authorization Header.

 

GET /codes returns a list of payment definitions. These include the definitions of the required input fields later used in POST /{paymentCode/validate.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/codes

Response Example:

{

    "paymentCodes": [

        {

            "id": "6201",

            "name": "EFKA Employers Contributions",

            "definition": {

                "categoryID": 5,

                "categoryDescription": "Public Sector",

                "subCategoryID": 504,

                "subCategoryDescription": "Social Security Funds",

                "paymentCode": "6201",

                "paymentDescription": "EFKA Employers Contributions",

                "paymentLogo": "images/BillPayments/Logo/6201.png",

                "isPopularPayment": true,

                "sample": {},

                "requires2FA": false,

                "ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6201",

                "hostTxCode": "1000115",

                "useCreditCard": true,

                "numberOfInstallments": 1,

                "useDebitCard": true,

                "usePrepaidCard": true,

                "useAccount": true,

                "onlyPiraeusCards": false,

                "fields": [

                    {

                        "name": "AssetFrom",

                        "type": "text",

                        "mandatory": true,

                        "showOnResult": false,

                        "partOfPayment": true,

                        "size": 50,

                        "length": 50,

                        "assetType": [

                            {

                                "name": "creditCard",

                                "title": {

                                    "gr": "CreditCard",

                                    "en": "CreditCard"

                                }

                            },

                            {

                                "name": "debitCard",

                                "title": {

                                    "gr": "DebitCard",

                                    "en": "DebitCard"

                                }

                            },

                            {

                                "name": "prepaidCard",

                                "title": {

                                    "gr": "PrepaidCard",

                                    "en": "PrepaidCard"

                                }

                            },

                            {

                                "name": "account",

                                "title": {

                                    "gr": "Account",

                                    "en": "Account"

                                }

                            }

                        ]

                    },

                    {

                        "name": "SubscriberCode",

                        "type": "text",

                        "mandatory": true,

                        "showOnResult": true,

                        "partOfPayment": true,

                        "size": 0,

                        "length": 30,

                        "title": {

                            "gr": "IKAPaymentCode",

                            "en": "IKAPaymentCode"

                        }

                    },

                    {

                        "name": "AmountValue",

                        "type": "money",

                        "mandatory": true,

                        "showOnResult": false,

                        "partOfPayment": true,

                        "size": 0,

                        "length": 13,

                        "title": {

                            "gr": "amount",

                            "en": "amount"

                        }

                    }

                ]

            }

        },

        {

            "id": "6202",

            "name": "OAEE",

            "definition": {

                "categoryID": 5,

                "categoryDescription": "Public Sector",

                "subCategoryID": 504,

                "subCategoryDescription": "Social Security Funds",

                "paymentCode": "6202",

                "paymentDescription": "OAEE",

                "paymentLogo": "images/BillPayments/Logo/6202.png",

                "isPopularPayment": false,

                "sample": {},

                "requires2FA": false,

                "ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6202",

                "hostTxCode": "1000117",

                "useCreditCard": true,

                "numberOfInstallments": 1,

                "useDebitCard": true,

                "usePrepaidCard": true,

                "useAccount": true,

                "onlyPiraeusCards": false,

                "fields": [

                    {

                        "name": "AssetFrom",

                        "type": "text",

                        "mandatory": true,

                        "showOnResult": false,

                        "partOfPayment": true,

                        "size": 50,

                        "length": 50,

                        "assetType": [

                            {

                                "name": "creditCard",

                                "title": {

                                    "gr": "CreditCard",

                                    "en": "CreditCard"

                                }

                            },

                            {

                                "name": "debitCard",

                                "title": {

                                    "gr": "DebitCard",

                                    "en": "DebitCard"

                                }

                            },

                            {

                                "name": "prepaidCard",

                                "title": {

                                    "gr": "PrepaidCard",

                                    "en": "PrepaidCard"

                                }

                            },

                            {

                                "name": "account",

                                "title": {

                                    "gr": "Account",

                                    "en": "Account"

                                }

                            }

                        ]

                    },

                    {

                        "name": "PayeeName",

                        "type": "text",

                        "mandatory": true,

                        "showOnResult": true,

                        "partOfPayment": false,

                        "size": 0,

                        "length": 50,

                        "title": {

                            "gr": "fullName",

                            "en": "fullName"

                        }

                    },

                    {

                        "name": "SubscriberCode",

                        "type": "text",

                        "mandatory": true,

                        "showOnResult": true,

                        "partOfPayment": true,

                        "size": 0,

                        "length": 13,

                        "title": {

                            "gr": "paymentCode",

                            "en": "paymentCode"

                        }

                    },

                    {

                        "name": "AmountValue",

                        "type": "money",

                        "mandatory": true,

                        "showOnResult": false,

                        "partOfPayment": true,

                        "size": 0,

                        "length": 13,

                        "title": {

                            "gr": "amount",

                            "en": "amount"

                        }

                    }

                ]

            }

        }

    ]

}

 

GET /codes/{paymentCode} returns the definition of a specific payment. Besides the Authorization Header, the paymentCode is also required in the path.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/codes/6201

Route Input example: 6201

Response Example:

{

    "id": "6201",

    "name": "EFKA Employers Contributions",

    "definition": {

        "categoryID": 5,

        "categoryDescription": "Public Sector",

        "subCategoryID": 504,

        "subCategoryDescription": "Social Security Funds",

        "paymentCode": "6201",

        "paymentDescription": "EFKA Employers Contributions",

        "paymentLogo": "images/BillPayments/Logo/6201.png",

        "isPopularPayment": true,

        "sample": {},

        "requires2FA": false,

        "ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6201",

        "hostTxCode": "1000115",

        "useCreditCard": true,

        "numberOfInstallments": 1,

        "useDebitCard": true,

        "usePrepaidCard": true,

        "useAccount": true,

        "onlyPiraeusCards": false,

        "fields": [

            {

                "name": "AssetFrom",

                "type": "text",

                "mandatory": true,

                "showOnResult": false,

                "partOfPayment": true,

                "size": 50,

                "length": 50,

                "assetType": [

                    {

                        "name": "creditCard",

                        "title": {

                            "gr": "CreditCard",

                            "en": "CreditCard"

                        }

                    },

                    {

                        "name": "debitCard",

                        "title": {

                            "gr": "DebitCard",

                            "en": "DebitCard"

                        }

                    },

                    {

                        "name": "prepaidCard",

                        "title": {

                            "gr": "PrepaidCard",

                            "en": "PrepaidCard"

                        }

                    },

                    {

                        "name": "account",

                        "title": {

                            "gr": "Account",

                            "en": "Account"

                        }

                    }

                ]

            },

            {

                "name": "SubscriberCode",

                "type": "text",

                "mandatory": true,

                "showOnResult": true,

                "partOfPayment": true,

                "size": 0,

                "length": 30,

                "title": {

                    "gr": "IKAPaymentCode",

                    "en": "IKAPaymentCode"

                }

            },

            {

                "name": "AmountValue",

                "type": "money",

                "mandatory": true,

                "showOnResult": false,

                "partOfPayment": true,

                "size": 0,

                "length": 13,

                "title": {

                    "gr": "amount",

                    "en": "amount"

                }

            }

        ]

    }

}

 

POST /single/{RFCode}/validate validates and stages a payment before execution. In Sandbox, the response will always refer to Wind no matter the RF Code used. Besides the Authorization Header, a body in the form of a JSON Object and an RFCode in the URL path are required as inputs.

Notes:

Scheduling object is optional.
Two AssetTypes are supported; “account” and “creditcard”.
Installments field available only for creditcard.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/single/RF32901909000007301106135/validate

Route Input example: RF32901909000007301106135

Body Input example for account:

{

    "assetId": "NjVBMENEMTAtNUI2Mi00QjhELTlFMDYtMkZBOENDQUQ0ODlCMUIzNUQxRDUtMzc4",

    "assetType": "account",

    "amount": 10.5,

    "currency": "EUR",

    "scheduling": {

        "executionDate": "2023-03-03",

        "recurrence": "2",

        "recurrenceDay": "3"

    }

}

 

Body Input example for creditcard :

{

    "assetId": "5311 4602 9991 3003",

    "assetType": "creditcard",

    "amount": 10.5,

    "currency": "EUR",

    "installments": 0,

    "scheduling": {

        "executionDate": "2023-03-03"

    }

}

 

Response example for account:

{

    "installments": 0,

    "rfCode": "RF32901909000007301106135",

    "paymentCode": "8862",

    "paymentDescription": "Wind",

    "sessionKey": "qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC",

    "status": "Success",

    "amount": 10.5,

    "currency": "EUR",

    "requiresApproval": false,

    "requiresTransactionalPin": false,

    "execute": "On 2023-03-03 00:00:00.000",

    "commission": 0

}

Response example for creditcard:

 

POST /single/{RFCode}/execute/{SessionKey} finalizes the transaction after “validate”. Besides the Authorization Header, the SessionKey is required in the path.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/single/RF32901909000007301106135/execute/qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC

Route Input example:
RFCode: RF32901909000007301106135
SessionKey: qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC

Response Example:

{

    "succeeded": true,

    "transactionReference": "37807944690208",

    "status": "Success",

    "message": "Your RF payment was successfully completed with the following details: ",

    "requiresApproval": false,

    "requiresTransactionalPin": false,

    "assetType": "Bank Account",

    "assetNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",

    "rfCode": "RF32901909000007301106135",

    "amount": 10.5,

    "currency": "EUR",

    "commission": 0,

    "commissionCurrency": "",

    "execute": "On 2023-03-03 00:00:00.000"

}

 

POST /{paymentCode}/validate validates and stages a payment before execution. Besides the Authorization Header, a body in the form of a JSON Object and a paymentCode in the URL path are required as inputs.

Notes:

Call GET /codes or GET /codes/{paymentCode} to find the fields required in the input body for validation.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/6202/validate

Route Input examples: 6303 (Vodafone), 6202 (OAEE), 7394 (Brokins)

Body Input example for 6202:

{

    "fields": [

        {

            "name": "AssetFrom",

            "value": "MUVBRUZBN0YtRUM4NS00QUU5LTk4RkMtOTM1MjIyMUU1MTgyRjYyMUZDNTQtM0Uw",

            "assetType": "account"

        },

        {

            "name": "SubscriberCode",

            "value": "3947749202221"

        },

        {

            "name": "AmountValue",

            "value": "1.5",

            "currency": "EUR"

        },

        {

            "name": "PayeeName",

            "value": "test"

        }

    ]

}

Response example for 6202:

{

    "requiredTokenType": 0,

    "succeeded": true,

    "sessionKey": "ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2",

    "status": "Success",

    "requiresApproval": false,

    "requiresTransactionalPin": false,

    "account": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",

    "amount": 1.5,

    "currency": "EUR",

    "commission": 0,

    "execute": "On Feb 16 2023 11:42AM"

}

 

POST /{paymentCode}/execute/{SessionKey} executes the payment. Besides the Authorization Header the following are also required:

paymentCode, located in URL path. Example: 6202
SessionKey, located in URL path. Example: ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2
ExtraPin, located in body. Example:

{

    "ExtraPin": "3288000"

}

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/6202/execute/ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2

Response example:

{

    "succeeded": true,

    "transactionReference": "42909789769115",

    "status": "Success",

    "requiresApproval": false,

    "bankAccount": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",

    "amount": 1.5,

    "currency": "EUR",

    "commission": 0.6,

    "commissionCurrency": "EUR",

    "execute": "On 2023-02-16 00:00:00.000",

    "message": "Your transaction was successfully completed with the following details: "

}

 

GET /{paymentOrderID}/history returns the details of a specific payment using its OrderID, which can be found by calling GET /history/type/{type}. Besides the Authorization Header, the paymentOrderID value is required in the URL path.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463360/history

Route Input example: 75463360

Response example:

{

    "payments": [

        {

            "nextPaymentId": 83789636,

            "scheduledDate": "2023-02-16T12:11:00",

            "amount": {

                "amount": 1.5,

                "currency": "EUR"

            },

            "status": 4,

            "statusDescription": "Completed",

            "paymentStatus": 1,

            "isRecurring": false,

            "paymentType": "OAEE",

            "recipient": "3947749202221"

        }

    ]

}

 

GET /{paymentOrderID}/{paymentID} returns the details of a specific payment using both PaymentOrderID and PaymentID:

paymentOrderID: 75463359
paymentID: 83789635

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463359/83789635

Response example:

{

    "paymentTypeDescription": "Brokins",

    "transactionSearchType": 0,

    "executionDate": "2023-02-16T11:47:00",

    "paymentOrderId": 0,

    "status": 2,

    "statusDescription": "Pending",

    "channel": "Internet Banking",

    "amount": 3,

    "currency": "EUR",

    "commission": 0,

    "executeOn": "On 2023-02-16T11:47:00"

}

 

PUT /{paymentOrderID}/action/{action}  updates a payment using its PaymentOrderID. Besides the Authorization Header, the following are required:

PaymentOrderID: Located in URL path. Example: 75463359
Action: Located in URL path. Values: suspend, resume, cancel, complete, reversal. Default “cancel”.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463359/action/cancel

 

GET /history/type/{type} returns payments within the date interval set by the caller. Besides the Authorization Header, the following inputs can be used:

Type: Located in Path. Required. Available values: active, done, dashboard, all, cancelled

pageSize: Parameter, default 10. Sets the number of max rows to return.

dateFrom: Parameter, default: Today – 12 months. Refers to ExecutionDate of payment.

dateTo: Parameter, default: Today. Refers to ExecutionDate of payment.

pagingId: Parameter, default null. Setting with a PaymentID will return that and subsequent payments.

URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/history/type/all

Response example:

{

    "lastPaymentId": 0,

    "transactions": [

        {

            "paymentOrderId": 75463323,

            "paymentId": 83789599,

            "paymentAction": "PiraeusBank.InternationalBanking.Services.RFPayment.114",

            "customerName": "ΘΕΟΦΑΝΗΣ ΑΝΑΓΝΩΣΤΑΚΗΣ",

            "externalApp": "",

            "description": "RF Payment",

            "executionDate": "2023-02-15T14:45:12.94",

            "postedDate": "2023-02-15T00:00:00",

            "lastExecutionStatus": 1,

            "lastExecutionStatusDescription": "Completed",

            "status": 2,

            "statusDescription": "Pending",

            "accountNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",

            "sourceType": 1,

            "amount": {

                "amount": 13,

                "currency": "EUR"

            },

            "recipient": "RF32901909000007301106135",

            "searchTransactionType": 0,

            "paymentTransactionType": 0

        },

        {

            "paymentOrderId": 75463324,

            "paymentId": 83789600,

            "paymentAction": "PiraeusBank.InternationalBanking.Services.RFPayment.114",

            "customerName": "ΘΕΟΦΑΝΗΣ ΑΝΑΓΝΩΣΤΑΚΗΣ",

            "externalApp": "",

            "description": "RF Payment",

            "executionDate": "2023-02-15T15:06:48.3",

            "postedDate": "2023-02-15T00:00:00",

            "lastExecutionStatus": 1,

            "lastExecutionStatusDescription": "Completed",

            "status": 2,

            "statusDescription": "Pending",

            "accountNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",

            "sourceType": 1,

            "amount": {

                "amount": 13,

                "currency": "EUR"

            },

            "recipient": "RF32901909000007301106135",

            "searchTransactionType": 0,

            "paymentTransactionType": 0

        }

    ]

}