The main objective of the Sandbox Environment is to expose the bank’s APIs without offering access to sensitive data. It basically provides a simulation of the functionality of the bank’s actual backend systems, using a dummy set of data for testing purposes.
Quick Navigation to:
Sandbox Database Assumptions
The Sandbox Database was designed to address the particular needs and meet the purposes of this Environment. To this end, the database implementation was based on a few assumptions:
- For greater flexibility and independence among various third-party developers and their applications, each client application with a specific clientId will have access to a different subset of data. To achieve this, a template of basic data has been set, which is replicated each time an application with a new clientId attempts to connect to the database. The purpose of this replication is to provide each client application that connects to the Sandbox environment with the same initial set of dummy data.
- A data reset mechanism is also provided, in case the tests performed block one or more of the available functions (for instance, by draining the available balance of all the provided accounts, thus impeding future transactions).
- The template dataset consists of 3 individual users (UserA, UserB, UserC) and 2 corporate users (UserD, UserE), with each one holding a specific number of accounts and/or cards (credit, debit, prepaid).
- Since the database contains only the particular dummy data, in order to get a valid response from several of the APIs, certain predefined values must be used, otherwise exceptions are thrown. These values are presented in detail in the following sections.
- Each login session with a generated oAuth token will expire after 60 minutes. After this timeframe, the client application will need to login again.
Valid Data Scenarios
Since the Sandbox database contains only a limited sample of dummy data, it is necessary to follow certain guidelines and use specific predefined data values in order to get valid responses. Otherwise, exceptions are thrown as explained below.
Sandbox uses the oAuth protocol for user authentication and authorization. Each client application will redirect to a specific page where users must insert their credentials to get authenticated. Upon successful authentication, they are redirected to an authorization page, and once they grant authorization rights to the client application, they are ready to use the application, via which they implicitly invoke the bank’s APIs.
Within the Sandbox environment, the valid credentials for user authentication are :
User | User Type | Username (case Insensitive) | Password |
UserA | INDIVIDUAL | usera | 123 |
UserB | INDIVIDUAL | userb | 123 |
UserC | INDIVIDUAL | userc | 123 |
UserD | CORPORATE | userd | 123 |
UserE | CORPORATE | usere | 123 |
If the aforementioned process is completed successfully, an oAuth Bearer token is generated which is saved in the Sandbox database and required as an Authorization Header for every request when calling the APIs (except for General Info APIs which do not require user authentication to generate a valid response).
The existing API GET /customer/info does not require any further input apart from the Authorization Header containing an active token.
The calls of the implemented APIs are :
POST /{TokenType}/generate,
POST /{TokenType}/generate/force,
GET /token/validate/{TokenValue},
GET /{TokenType}/validate/{TokenValue} and
POST /token/select/{TokenType}/for/{SessionKey}
All the above API calls require the Authorization Header, as well as one or two path parameters :
TokenType |
extrapin / otp |
TokenValue |
3288000 |
Another couple set of APIs that belong to the category of Security APIs are those of Trusted Beneficiaries and Approvals:
The calls of the implemented APIs are:
GET /
GET /list
POST /list
DELETE /list
DELETE /list/{stagedId}
POST /validate
POST /execute
DELETE /{trustedBeneficiaryID}
All the above API calls require the Authorization Header.
GET / returns a list of the current trusted beneficiaries. In Sandbox this list is fixed and its data will not be changed even when deleting existing items using DELETE /{trustedBeneficiaryID} or adding new ones.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/
Response Example:
{
"whitelistEntries": [
{
"whitelistId": "VDA6RPYZ2Mp",
"operationDescription": "Vodafone Mobile/Fixed",
"whitelistType": 4,
"whitelistTypeDescription": "Operation",
"displayName": "Vodafone Mobile/Fixed",
"updateDate": "2023-01-16T16:33:38.917"
},
{
"whitelistId": "3GYqGBJZ7P1",
"operationDescription": "Transfer to Other Bank / Remittance",
"whitelistType": 2,
"whitelistTypeDescription": "Destination",
"displayName": "GR0401106710000067150700077 (Unique display name here or auto)",
"updateDate": "2022-12-08T18:17:39.647"
}
]
}
GET /list returns a list of the currently staged trusted beneficiaries. This list will contain data posted using the call POST /list.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list
Response Example:
{
"trustedBeneficiaries": [
{
"stagedId": "Bl5DqyO8Vbd",
"timestamp": "2023-02-13T16:06:02.287",
"displayName": "Bank of Greece",
"productValue": "GR1601101250000000012300695",
"beneficiaryBank": {
"name": "ΕΘΝΙΚΗ ΤΡΑΠΕΖΑ ΤΗΣ ΕΛΛΑΔΟΣ",
"bic": "ETHNGRAAXXX",
"address": "AIOLOU STR 86",
"countryIsoCode": "GRC",
"city": "Athens"
},
"beneficiaryName": "John Doe"
}
]
}
POST /list is used to stage a trusted beneficiary. One entry per call is allowed. Besides the authorization header, the trusted beneficiary as aJSON object is also required.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list
Body Input example:
{
"DisplayName": "Bank of Greece",
"ProductValue": "GR1601101250000000012300695",
"BeneficiaryBank": {
"Name": "ΕΘΝΙΚΗ ΤΡΑΠΕΖΑ ΤΗΣ ΕΛΛΑΔΟΣ",
"Bic": "ETHNGRAAXXX",
"Address": "AIOLOU STR 86",
"CountryIsoCode": "GRC",
"City": "Athens",
"DomesticBankCode": null
},
"BeneficiaryName": "John Doe"
}
Response example:
{
"message": "Successfully added to list"
}
DELETE /list is used to clear the entire list of staged beneficiaries.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list
Response example:
{
"message": "list successfully cleared"
}
DELETE /list/{stagedId} is used to delete a specific entry in the list of staged trusted beneficiaries.Besides the authorization header, the entry’s stagedId is also required in the URL path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/list/Bl5DqyO8Vbd
Path Input example: Bl5DqyO8Vbd
Response example:
{
"message": "staged entry Bl5DqyO8Vbd successfully deleted"
}
POST /validate stages the current entries before final insertion. It returns the SessionKey which is required to call POST /execute.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/validate
Response example:
{
"sessionKey": " i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7"
}
POST /execute is the final step for manipulating the list of trusted beneficiaries. In Sandbox, this call does not manipulate any rows and returns a fixed set of data. Besides the authorization header, the SessionKey and ExtraPinarerequiredin the form of a JSON object. In Sandbox, ExtraPin is always required and is 3288000.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/execute
Body Input example:
{
"SessionKey": "i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7",
"ExtraPin": "3288000"
}
Response example:
{
"message": [
{
"displayName": "Bank of Greece",
"success": false,
"message": "Exists - alias id (766841)."
},
{
"displayName": "John Doe 1",
"success": true
},
{
"displayName": "6303",
"success": true
}
]
}
DELETE /{trustedBeneficiaryID} directly deletes an active trusted beneficiary using the WhitelistID fetched from GET /. Besides the authorization header, the trustedBeneficiaryID is required in the URL path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/VDA6RPYZ2Mp
Route Input example: VDA6RPYZ2Mp
Response example:
{
"message": "VDA6RPYZ2Mpsuccessfully deleted"
}
stages the current entries before final insertion. It returns the SessionKey which is required to call POST /execute.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/trustedBeneficiaries/validate
Response example:
{
"sessionKey": " i5wTG5ZVXm4vL8zZj2AF0z0VGpYHvYWMX7"
}
The calls of the implemented APIs are:
GET /
GET /list
DELETE /list
DELETE /list/{approvalKey}
POST /list/{approvalKey}
POST /validate
DELETE /validate
POST /execute
All the above API calls require the Authorization Header.
GET / returns two lists, one with the user’s own pending transactions and one with others’ pending transactions.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/
Response Example:
{
"own": [
{
"approvalKey": "MV80ODM0NTNfOTI4NF83NTQ2MzMxNA",
"keyType": 1,
"pendingOperationiD": 9284,
"paymentOrderId": 75463314,
"userName": "ΑΝΑΣΤΑΣΙΟΣ ΒΟΥΡΝΑΖΙΔΗΣ",
"userAlias": "UserD",
"transactionDescription": "RFPayment",
"postDate": "2023-01-03T00:00:00",
"amount": 55,
"currency": "EUR",
"assetNumber": "GR28 0171 8220 0070 5212 4122 143",
"destination": "RF51907738000300007213168",
"approvalStarted": false
},
{
"approvalKey": "MV80ODM0NTNfOTI4NF83NTQ2MzMxNA",
"keyType": 1,
"pendingOperationiD": 9284,
"paymentOrderId": 75463314,
"userName": "ΑΝΑΣΤΑΣΙΟΣ ΒΟΥΡΝΑΖΙΔΗΣ",
"userAlias": "UserD",
"transactionDescription": "TransferToOwnAccount",
"postDate": "2023-01-03T00:00:00",
"amount": 55,
"currency": "EUR",
"assetNumber": "GR28 0171 8220 0070 5212 4122 143",
"destination": "",
"approvalStarted": false
}
],
"other": [
{
"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg",
"keyType": 0,
"pendingOperationiD": 9286,
"paymentOrderId": 75463316,
"userName": "ΓΚΙΚΑΣ ΝΙΚΟΛΑΟΣ",
"userAlias": "UserE",
"transactionDescription": "BILL PAYMENT",
"postDate": "2023-01-04T00:00:00",
"amount": 45,
"currency": "EUR",
"assetNumber": "GR28 0171 8220 0070 6113 3122 113",
"destination": "1234567",
"approvalStarted": false
},
{
"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg",
"keyType": 0,
"pendingOperationiD": 9286,
"paymentOrderId": 75463316,
"userName": "ΓΚΙΚΑΣ ΝΙΚΟΛΑΟΣ",
"userAlias": "UserE",
"transactionDescription": "TransferToOwnAccount",
"postDate": "2023-01-04T00:00:00",
"amount": 45,
"currency": "EUR",
"assetNumber": "GR28 0171 8220 0070 6113 3122 113",
"destination": "",
"approvalStarted": false
}
]
}
GET /list returns a list with the currently staged pending transactions for approval or rejection. Besides the authorization header, an optional “analyseKey” Boolean parameter can be used which determines the inclusion of the following fields In the response object:
-
-
KeyType
-
SavedUserId
-
PendingOperationId
-
PaymentOrderId
-
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list
Response Example, where analyseKey is not included or set to False:
{
"approvalListEntries": [
{
"timeStamp": "2023-02-14T12:39:56.4266667",
"userID": "483453",
"clientID": "ea9e2c7e-fb43-4e77-9cac-f7472da38bcf",
"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg"
}
]
}
Response Example, where analyseKey is set to True:
{
"approvalListEntries": [
{
"timeStamp": "2023-02-14T12:39:56.4266667",
"userID": "483453",
"clientID": "ea9e2c7e-fb43-4e77-9cac-f7472da38bcf",
"approvalKey": "MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg",
"keyType": 0,
"savedUserId": "483453",
"pendingOperationiD": 9286,
"paymentOrderId": 75463316
}
]
}
DELETE /list clears the list with the currently staged pending transactions.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list
Response example:
{
"message": "List successfully cleared"
}
DELETE /list/{approvalKey} deletes a specific entry from the list with the currently staged pending transactions. Besides the authorization header, approvalKey is required in the URL path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list/MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg
Response example:
{
"message": "Successfully added"
}
Response in case it already exists:
{
"message": "key MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg is already in the list"
}
POST /list/{approvalKey} adds a pending transaction to the list with the staged ones. Besides the authorization header, approvalKey is required in the URL path.
Note: During the staging process it is not allowed to combine Own and Others’ transactions, otherwise the following will be returned:
{
"message": "there are already 'own' type entries in list. this is an 'other' type and they can't be combined"
}
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/list/MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg
Response example:
{
"message": "Successfully Added"
}
POST /validate stages the current entries forapproval. It returns the SessionKey, which is required to call POST /execute, and a list of the approvalKeys.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/validate
Response example:
{
"sessionKey": "FlZ2vkNamdbyGQRKnwfHsNoS23QGSatXj6V",
"approvalKeys": [
"MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg"
]
}
DELETE /validate stages the current entries forrejection. Like POST /validate, it returns a SessionKey, which is required to call POST /execute, and a list of the approvalKeys.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/validate
Response example:
{
"sessionKey": "550jyZ6vpXuSTwRVWVezcxMIJQ1lLYmVXx",
"approvalKeys": [
"MF80ODM0NTNfOTI4Nl83NTQ2MzMxNg"
]
}
POST /execute is the last step to the process. Besides the authorization header, the SessionKey fetched above and an ExtraPin is required. In Sandbox, ExtraPin is always required and is 3288000.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/security/approvals/execute
Response example for a rejection:
{
"message": "The transaction approved successfully",
"approvalResults": [
{
"approvalKey": "MF80ODM0NTNfNDEwNTYzN183OTk0MTg4",
"status": 4,
"statusDescription": "Completed",
"comment": "EB17061900626009"
}
]
}
The API call GET /POP/list has no required parameters, while the API call GET /POP/{PointTypeName}/list needs one parameter :
PointTypeName |
none / atm / aps / branch / ebranch / all |
The API call GET /accounts/list does not require any further input apart from the Authorization Header containing an active token.
The API /accounts/{accountId}/details requires the Authorization Header, as well as one path parameter:
accountId |
The accountId can be retrieved from the response generated by invoking the first API |
The API /accounts/{accountId}/transactions/{input_filter} requires the Authorization Header, as well as two path parameters :
accountId |
The accountId can be retrieved from the response generated by invoking the first API |
input_filter |
{ "fromDate": "2017-9-1", "toDate": "2018-1-30", "fromRow": "", "pageSize": 20, "lastBalance": 0.0 } |
Note
There are a couple of sample transactions for every user and account. To retrieve them, try the above input_filter, with different from and to dates.
As soon as the user performs a single or mass monetary transaction, the Account Transactions API will return a valid response when the proper timeframes are selected.
On the contrary, if there are no records of transactions within the selected timeframe, the following json object will be returned :
{
“AccountTransactions”: [],
“PagingInfo”: {
“RowIndex”: 0,
“MaxRows”: 0,
“CountRows”: false,
“TotalRowsCount”: 0
}
}
The following Cards API calls require only the Authorization Header :
/cards/list
/cards/credit/list
/cards/debit/list
/cards/prepaid/list
The APIs regarding card details are :
/cards/{cardId}/details
/cards/credit/{cardId}/details
/cards/debit/{cardId}/details
/cards/prepaid/{cardId}/details
These APIs require the Authorization Header, as well as one path parameter:
cardId |
The cardId can be retrieved from the response generated by invoking the respective ‘list’ API |
The APIs regarding card transactions are :
/cards/{cardId}/transactions/{input_filter}
/cards/credit/{cardId}/transactions/{input_filter}
/cards/debit/{cardId}/transactions/{input_filter}
/cards/prepaid/{cardId}/transactions/{input_filter}
These APIs require the Authorization Header, as well as two path parameters :
cardId |
The cardId can be retrieved from the response generated by invoking the respective ‘list’ API |
input_filter |
{ "fromDate": "2017-9-1", "toDate": "2018-1-30", "fromRow": "", "pageSize": 20, "lastBalance": 0.0 } |
Note
There are a couple of sample transactions for every user and card. To retrieve them, try the above input_filter with different from and to dates.
Valid values for account and card numbers, as well as valid dates to retreive the transaction lists are provided in the following tables.
User Accounts & Cards
User | Accounts | Cards |
UserA |
GR2801718220007022123123123 GR9001718220007025111222333 |
- |
UserB |
GR0101718220007027000224226 |
430589******6006 |
UserC |
GR0101718220007027000112113 |
- |
[accounts from other banks] |
GR9202600260000000000299650 CY22002001550000000000084100 |
User Account & Card Transactions
User | Account / Card | Valid Transaction Dates |
UserA |
GR2801718220007022123123123 |
01/12/2017 - 31/12/2017 |
GR9001718220007025111222333 |
01/01/2018 - 31/01/2018 | |
UserB |
GR0101718220007027000224226 |
01/01/2018 - 31/01/2018 |
GR0101718220007052999999000 |
- | |
430589******6006 |
01/10/2017 - 31/12/2017 | |
UserC |
GR0101718220007027000112113 |
- |
GR1801718220007022123456789 |
01/01/2018 - 31/01/2018 |
The first set of APIs involve single monetary transfers from an account owned by the user to an IBAN of an account, either within the bank (owned by the same user or another client of Piraeus Bank) or from another bank (remittance).
The API /TransferToIban and /TransferToIban/Validate require the Authorization Header, as well as a JSON object within the request body :
transferToIban_input |
{ "AccountId": "string", "IBAN": "string", "Amount": 0.0, "Reason": "string", "Currency": "EUR", "ChargeType": "string", "Priority": "string", "ContactPhone": "306911111111", "BeneficiaryName": "string", "SepaInfo": "123456" } |
The API /TransferToIban/Execute/{SessionKey} needs the Authorization Header, as well as one path parameter :
SessionKey |
The SessionKey can be retrieved from the response generated by invoking the /TransferToIban/Validate API |
Warning
As mentioned before, TransferToIban refers to single monetary transactions between an account owned by the user and an account belonging to one of three potential destinations: the same user, another user within the bank and another person holding an account in a different bank.
Therefore, for this API to generate valid results, the destination IBAN should be one of the following :
Valid IBANs in case of Transfers within the Bank |
GR2801718220007022123123123 GR1801718220007022123456789 GR9001718220007025111222333 GR0101718220007027000112113 GR0101718220007052999999000 |
Valid IBANs in case of Remittance |
GR9202600260000000000299650 CY22002001550000000000084100 |
The second set of APIs below, which will soon be DEPRECATED, refers to bulk monetary transfers from an account owned by the user to a set of other IBANs, according to a file, which is to be uploaded. In Sandbox environment, the file can be random, however its filename has to be unique every time.
The APIs /BulkPayment and /BulkPayment/Validate require the Authorization Header, as well as the file to be uploaded, while the API /BulkPayment/Execute/{SessionKey} requires the Authorization Header, as well as one path parameter :
SessionKey |
The SessionKey can be retrieved from the response generated by invoking the /BulkPayment/Validate API |
The third set of transactions APIs refers to payroll payments from an account owned by the user to a set of other IBANs, according to file, which is to be uploaded. Again, in Sandbox environment, the file can be random, however its filename has to be unique every time.
The APIs /Payroll and /Payroll/Validate require the Authorization Header, as well as the file to be uploaded, and a JSON object being one of the form-data elements containing the extra payroll information :
payroll_params |
{ "AssetFrom":"agBqAGcAdwAxAHUAZQBpALcKtwDKV%2bLF%2bkC3Fc7p%2fLY%3d", "AssetType":1, "ContractNumber":"3051", "DisketteNumber":1, "NumberOfPayments":2, "Description":"AAA", "PaymentDate":"2017-06-07T21:00:00.000Z", "Amount":2.3, "Currency":"EUR", "payload" : "" } |
The API /Payroll/Execute/{SessionKey} requires the Authorization Header, as well as one path parameter :
SessionKey |
The SessionKey can be retrieved from the response generated by invoking the /Payroll/Validate API |
Note
Since the purpose of the Sandbox environment is to provide a simulation with dummy data, the process of file upload has been simplified and does not involve file content validation. Therefore, the only data stored includes information about the user performing the upload, the filename and date / time of upload.
The only precondition to validate the upload is that the filename has not been used before by the same User and ClientId. Then, a FileID is generated and returned, which will be used for the next step of BulkPayment / Payroll Validate.
Finally, there are four APIs which return history and details for BulkPayment and Payroll transactions :
/BulkPayment/History/{input_filter}
This API requires the Authorization Header, as well as one path parameter :
input_filter |
{ "fromDate": "2017-01-01T14:36:55.6597275+03:00", "toDate": "2017-12-09T14:36:55.6597275+03:00" } |
/BulkPayment/{PaymentCode}/{PaymentDate}/Details
This API requires the Authorization Header, as well as two path parameters :
PaymentCode |
The PaymentCode can be retrieved from the response generated by invoking the /BulkPayment/History API |
PaymentDate |
The PaymentDate can be retrieved from the response generated by invoking the /BulkPayment/History API |
/Payroll/History/{input_filter}
This API requires the Authorization Header, as well as one path parameter :
input_filter |
{ "TypeOfAction": 0, "fromDate": "2017-01-01T14:36:55.6597275+03:00", "toDate": "2017-12-09T14:36:55.6597275+03:00" } |
/Payroll/{PaymentCode}/Details
This API requires the Authorization Header, as well as two path parameters :
PaymentCode |
The PaymentCode can be retrieved from the response generated by invoking the /Payroll/History API |
Note
As soon as the user performs a BulkPayment or Payroll the respective History API will return a valid response when proper timeframes are selected. On the contrary, the Details APIs will only return the following message :
“Τα αναλυτικά στοιχεία δεν είναι διαθέσιμα”
If there are no records of BulkPayment or Payroll transactions within the selected timeframe, the following message will be generated :
“Η συναλλαγή σας δεν εκτελέστηκε λόγω προβλήματος στην επικοινωνία. Παρακαλούμε ξαναδοκιμάστε σε λίγο”
However, as described below, there are certain predefined scenarios where both History and Details are available.
In order to retrieve information from both the History and Details APIs, the required input and expected output is summarized in the following tables.
A. BulkPayment History
Input |
{ "fromDate": "2015-02-01T00:00:00.00", "toDate": "2015-08-01T00:00:00.00" } |
Output |
{ "MassTransferFiles": [ { "WinbankReference": "999000836", "UserFileName": "PPS_3483057_15012801.EPPS", "InputDate": "2015-02-12 00:00:00.0", "SequenceNo": "999000836", "TotalPayments": 3, "StatusCode": "77", "StatusCodeDescription": "", "Comments": "", "TotalOrderAmount": 60 }, { "WinbankReference": "424", "UserFileName": "καινουργιο_ νεο _30 χαρακτηρες", "InputDate": "2015-04-01 00:00:00.0", "SequenceNo": "653", "TotalPayments": 3, "StatusCode": "91", "StatusCodeDescription": "Απέτυχε", "Comments": "Ασυμφωνία Κωδικού Εταιρείας", "TotalOrderAmount": 502085.05 }, { "WinbankReference": "999001215", "UserFileName": "PPS 3483057 15012801.EPPS", "InputDate": "2015-06-05 00:00:00.0", "SequenceNo": "999001215", "TotalPayments": 3, "StatusCode": "94", "StatusCodeDescription": "", "Comments": "Ολοκλήρωση επεξεργασίας αρχείου", "TotalOrderAmount": 60 }, { "WinbankReference": "999001218", "UserFileName": "PPS 3483057 15012801.EPPS", "InputDate": "2015-06-05 00:00:00.0", "SequenceNo": "999001218", "TotalPayments": 2, "StatusCode": "2", "StatusCodeDescription": "Εκτελείται Τώρα", "Comments": "Επιτυχής έλεγχος αρχείου EPPS", "TotalOrderAmount": 40 }, { "WinbankReference": "999001217", "UserFileName": "PPS 3483057 15012801.EPPS", "InputDate": "2015-06-05 00:00:00.0", "SequenceNo": "999001217", "TotalPayments": 3, "StatusCode": "4", "StatusCodeDescription": "Παραλήφθηκε το απαντητικό αρχείο", "Comments": "Ολοκλήρωση επεξεργασίας αρχείου", "TotalOrderAmount": 60 }, { "WinbankReference": "999001206", "UserFileName": "PPS 3483057 15012801.EPPS", "InputDate": "2015-06-05 00:00:00.0", "SequenceNo": "999001206", "TotalPayments": 2, "StatusCode": "16", "StatusCodeDescription": "", "Comments": "Ολοκλήρωση επεξεργασίας αρχείου", "TotalOrderAmount": 40 } ], "EppsCode": 3483057 } |
Input |
{ "fromDate": "2017-01-01T00:00:00.00", "toDate": "2017-06-30T00:00:00.00" } |
Output |
|
B. BulkPayment Details
Input |
/BulkPayment/981383524/2017-06-26/Details |
Output |
|
C. Payroll History
Input |
{ "fromDate": "2015-02-01T00:00:00.00", "toDate": "2015-08-01T00:00:00.00" } |
Output |
|
The calls of the implemented APIs are:
GET /codes
GET /codes/{paymentCode}
POST /single/{RFCode}/validate
POST /single/{RFCode}/execute/{SessionKey}
POST /{paymentCode}/validate
POST /{paymentCode}/execute/{SessionKey}
GET /{paymentOrderID}/history
GET /{paymentOrderID}/{paymentID}
PUT /{paymentOrderID}/action/{action}
GET /history/type/{type}
All the API calls above require the Authorization Header.
GET /codes returns a list of payment definitions. These include the definitions of the required input fields later used in POST /{paymentCode/validate.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/codes
Response Example:
{
"paymentCodes": [
{
"id": "6201",
"name": "EFKA Employers Contributions",
"definition": {
"categoryID": 5,
"categoryDescription": "Public Sector",
"subCategoryID": 504,
"subCategoryDescription": "Social Security Funds",
"paymentCode": "6201",
"paymentDescription": "EFKA Employers Contributions",
"paymentLogo": "images/BillPayments/Logo/6201.png",
"isPopularPayment": true,
"sample": {},
"requires2FA": false,
"ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6201",
"hostTxCode": "1000115",
"useCreditCard": true,
"numberOfInstallments": 1,
"useDebitCard": true,
"usePrepaidCard": true,
"useAccount": true,
"onlyPiraeusCards": false,
"fields": [
{
"name": "AssetFrom",
"type": "text",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 50,
"length": 50,
"assetType": [
{
"name": "creditCard",
"title": {
"gr": "CreditCard",
"en": "CreditCard"
}
},
{
"name": "debitCard",
"title": {
"gr": "DebitCard",
"en": "DebitCard"
}
},
{
"name": "prepaidCard",
"title": {
"gr": "PrepaidCard",
"en": "PrepaidCard"
}
},
{
"name": "account",
"title": {
"gr": "Account",
"en": "Account"
}
}
]
},
{
"name": "SubscriberCode",
"type": "text",
"mandatory": true,
"showOnResult": true,
"partOfPayment": true,
"size": 0,
"length": 30,
"title": {
"gr": "IKAPaymentCode",
"en": "IKAPaymentCode"
}
},
{
"name": "AmountValue",
"type": "money",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 0,
"length": 13,
"title": {
"gr": "amount",
"en": "amount"
}
}
]
}
},
{
"id": "6202",
"name": "OAEE",
"definition": {
"categoryID": 5,
"categoryDescription": "Public Sector",
"subCategoryID": 504,
"subCategoryDescription": "Social Security Funds",
"paymentCode": "6202",
"paymentDescription": "OAEE",
"paymentLogo": "images/BillPayments/Logo/6202.png",
"isPopularPayment": false,
"sample": {},
"requires2FA": false,
"ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6202",
"hostTxCode": "1000117",
"useCreditCard": true,
"numberOfInstallments": 1,
"useDebitCard": true,
"usePrepaidCard": true,
"useAccount": true,
"onlyPiraeusCards": false,
"fields": [
{
"name": "AssetFrom",
"type": "text",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 50,
"length": 50,
"assetType": [
{
"name": "creditCard",
"title": {
"gr": "CreditCard",
"en": "CreditCard"
}
},
{
"name": "debitCard",
"title": {
"gr": "DebitCard",
"en": "DebitCard"
}
},
{
"name": "prepaidCard",
"title": {
"gr": "PrepaidCard",
"en": "PrepaidCard"
}
},
{
"name": "account",
"title": {
"gr": "Account",
"en": "Account"
}
}
]
},
{
"name": "PayeeName",
"type": "text",
"mandatory": true,
"showOnResult": true,
"partOfPayment": false,
"size": 0,
"length": 50,
"title": {
"gr": "fullName",
"en": "fullName"
}
},
{
"name": "SubscriberCode",
"type": "text",
"mandatory": true,
"showOnResult": true,
"partOfPayment": true,
"size": 0,
"length": 13,
"title": {
"gr": "paymentCode",
"en": "paymentCode"
}
},
{
"name": "AmountValue",
"type": "money",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 0,
"length": 13,
"title": {
"gr": "amount",
"en": "amount"
}
}
]
}
}
]
}
GET /codes/{paymentCode} returns the definition of a specific payment. Besides the Authorization Header, the paymentCode is also required in the path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/codes/6201
Route Input example: 6201
Response Example:
{
"id": "6201",
"name": "EFKA Employers Contributions",
"definition": {
"categoryID": 5,
"categoryDescription": "Public Sector",
"subCategoryID": 504,
"subCategoryDescription": "Social Security Funds",
"paymentCode": "6201",
"paymentDescription": "EFKA Employers Contributions",
"paymentLogo": "images/BillPayments/Logo/6201.png",
"isPopularPayment": true,
"sample": {},
"requires2FA": false,
"ib_action": "PiraeusBank.InternationalBanking.Services.GenericPayment.6201",
"hostTxCode": "1000115",
"useCreditCard": true,
"numberOfInstallments": 1,
"useDebitCard": true,
"usePrepaidCard": true,
"useAccount": true,
"onlyPiraeusCards": false,
"fields": [
{
"name": "AssetFrom",
"type": "text",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 50,
"length": 50,
"assetType": [
{
"name": "creditCard",
"title": {
"gr": "CreditCard",
"en": "CreditCard"
}
},
{
"name": "debitCard",
"title": {
"gr": "DebitCard",
"en": "DebitCard"
}
},
{
"name": "prepaidCard",
"title": {
"gr": "PrepaidCard",
"en": "PrepaidCard"
}
},
{
"name": "account",
"title": {
"gr": "Account",
"en": "Account"
}
}
]
},
{
"name": "SubscriberCode",
"type": "text",
"mandatory": true,
"showOnResult": true,
"partOfPayment": true,
"size": 0,
"length": 30,
"title": {
"gr": "IKAPaymentCode",
"en": "IKAPaymentCode"
}
},
{
"name": "AmountValue",
"type": "money",
"mandatory": true,
"showOnResult": false,
"partOfPayment": true,
"size": 0,
"length": 13,
"title": {
"gr": "amount",
"en": "amount"
}
}
]
}
}
POST /single/{RFCode}/validate validates and stages a payment before execution. In Sandbox, the response will always refer to Wind no matter the RF Code used. Besides the Authorization Header, a body in the form of a JSON Object and an RFCode in the URL path are required as inputs.
Notes:
Scheduling object is optional.
Two AssetTypes are supported; “account” and “creditcard”.
Installments field available only for creditcard.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/single/RF32901909000007301106135/validate
Route Input example: RF32901909000007301106135
Body Input example for account:
{
"assetId": "NjVBMENEMTAtNUI2Mi00QjhELTlFMDYtMkZBOENDQUQ0ODlCMUIzNUQxRDUtMzc4",
"assetType": "account",
"amount": 10.5,
"currency": "EUR",
"scheduling": {
"executionDate": "2023-03-03",
"recurrence": "2",
"recurrenceDay": "3"
}
}
Body Input example for creditcard :
{
"assetId": "5311 4602 9991 3003",
"assetType": "creditcard",
"amount": 10.5,
"currency": "EUR",
"installments": 0,
"scheduling": {
"executionDate": "2023-03-03"
}
}
Response example for account:
{
"installments": 0,
"rfCode": "RF32901909000007301106135",
"paymentCode": "8862",
"paymentDescription": "Wind",
"sessionKey": "qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC",
"status": "Success",
"amount": 10.5,
"currency": "EUR",
"requiresApproval": false,
"requiresTransactionalPin": false,
"execute": "On 2023-03-03 00:00:00.000",
"commission": 0
}
Response example for creditcard:
POST /single/{RFCode}/execute/{SessionKey} finalizes the transaction after “validate”. Besides the Authorization Header, the SessionKey is required in the path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/single/RF32901909000007301106135/execute/qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC
Route Input example:
RFCode: RF32901909000007301106135
SessionKey: qXAA37uZQer1S7MGIhJSUf4H3RXLYbBC
Response Example:
{
"succeeded": true,
"transactionReference": "37807944690208",
"status": "Success",
"message": "Your RF payment was successfully completed with the following details: ",
"requiresApproval": false,
"requiresTransactionalPin": false,
"assetType": "Bank Account",
"assetNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",
"rfCode": "RF32901909000007301106135",
"amount": 10.5,
"currency": "EUR",
"commission": 0,
"commissionCurrency": "",
"execute": "On 2023-03-03 00:00:00.000"
}
POST /{paymentCode}/validate validates and stages a payment before execution. Besides the Authorization Header, a body in the form of a JSON Object and a paymentCode in the URL path are required as inputs.
Notes:
Call GET /codes or GET /codes/{paymentCode} to find the fields required in the input body for validation.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/6202/validate
Route Input examples: 6303 (Vodafone), 6202 (OAEE), 7394 (Brokins)
Body Input example for 6202:
{
"fields": [
{
"name": "AssetFrom",
"value": "MUVBRUZBN0YtRUM4NS00QUU5LTk4RkMtOTM1MjIyMUU1MTgyRjYyMUZDNTQtM0Uw",
"assetType": "account"
},
{
"name": "SubscriberCode",
"value": "3947749202221"
},
{
"name": "AmountValue",
"value": "1.5",
"currency": "EUR"
},
{
"name": "PayeeName",
"value": "test"
}
]
}
Response example for 6202:
{
"requiredTokenType": 0,
"succeeded": true,
"sessionKey": "ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2",
"status": "Success",
"requiresApproval": false,
"requiresTransactionalPin": false,
"account": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",
"amount": 1.5,
"currency": "EUR",
"commission": 0,
"execute": "On Feb 16 2023 11:42AM"
}
POST /{paymentCode}/execute/{SessionKey} executes the payment. Besides the Authorization Header the following are also required:
paymentCode, located in URL path. Example: 6202
SessionKey, located in URL path. Example: ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2
ExtraPin, located in body. Example:
{
"ExtraPin": "3288000"
}
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/6202/execute/ZMXg40JIJ4e11YUh0qADoUXSB9iLwY0fxL2
Response example:
{
"succeeded": true,
"transactionReference": "42909789769115",
"status": "Success",
"requiresApproval": false,
"bankAccount": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",
"amount": 1.5,
"currency": "EUR",
"commission": 0.6,
"commissionCurrency": "EUR",
"execute": "On 2023-02-16 00:00:00.000",
"message": "Your transaction was successfully completed with the following details: "
}
GET /{paymentOrderID}/history returns the details of a specific payment using its OrderID, which can be found by calling GET /history/type/{type}. Besides the Authorization Header, the paymentOrderID value is required in the URL path.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463360/history
Route Input example: 75463360
Response example:
{
"payments": [
{
"nextPaymentId": 83789636,
"scheduledDate": "2023-02-16T12:11:00",
"amount": {
"amount": 1.5,
"currency": "EUR"
},
"status": 4,
"statusDescription": "Completed",
"paymentStatus": 1,
"isRecurring": false,
"paymentType": "OAEE",
"recipient": "3947749202221"
}
]
}
GET /{paymentOrderID}/{paymentID} returns the details of a specific payment using both PaymentOrderID and PaymentID:
paymentOrderID: 75463359
paymentID: 83789635
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463359/83789635
Response example:
{
"paymentTypeDescription": "Brokins",
"transactionSearchType": 0,
"executionDate": "2023-02-16T11:47:00",
"paymentOrderId": 0,
"status": 2,
"statusDescription": "Pending",
"channel": "Internet Banking",
"amount": 3,
"currency": "EUR",
"commission": 0,
"executeOn": "On 2023-02-16T11:47:00"
}
PUT /{paymentOrderID}/action/{action} updates a payment using its PaymentOrderID. Besides the Authorization Header, the following are required:
PaymentOrderID: Located in URL path. Example: 75463359
Action: Located in URL path. Values: suspend, resume, cancel, complete, reversal. Default “cancel”.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/75463359/action/cancel
GET /history/type/{type} returns payments within the date interval set by the caller. Besides the Authorization Header, the following inputs can be used:
Type: Located in Path. Required. Available values: active, done, dashboard, all, cancelled
pageSize: Parameter, default 10. Sets the number of max rows to return.
dateFrom: Parameter, default: Today – 12 months. Refers to ExecutionDate of payment.
dateTo: Parameter, default: Today. Refers to ExecutionDate of payment.
pagingId: Parameter, default null. Setting with a PaymentID will return that and subsequent payments.
URL Example (case sensitive):
https://api.rapidlink.piraeusbank.gr/piraeusbank/production/v1.2/transactions/payments/history/type/all
Response example:
{
"lastPaymentId": 0,
"transactions": [
{
"paymentOrderId": 75463323,
"paymentId": 83789599,
"paymentAction": "PiraeusBank.InternationalBanking.Services.RFPayment.114",
"customerName": "ΘΕΟΦΑΝΗΣ ΑΝΑΓΝΩΣΤΑΚΗΣ",
"externalApp": "",
"description": "RF Payment",
"executionDate": "2023-02-15T14:45:12.94",
"postedDate": "2023-02-15T00:00:00",
"lastExecutionStatus": 1,
"lastExecutionStatusDescription": "Completed",
"status": 2,
"statusDescription": "Pending",
"accountNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",
"sourceType": 1,
"amount": {
"amount": 13,
"currency": "EUR"
},
"recipient": "RF32901909000007301106135",
"searchTransactionType": 0,
"paymentTransactionType": 0
},
{
"paymentOrderId": 75463324,
"paymentId": 83789600,
"paymentAction": "PiraeusBank.InternationalBanking.Services.RFPayment.114",
"customerName": "ΘΕΟΦΑΝΗΣ ΑΝΑΓΝΩΣΤΑΚΗΣ",
"externalApp": "",
"description": "RF Payment",
"executionDate": "2023-02-15T15:06:48.3",
"postedDate": "2023-02-15T00:00:00",
"lastExecutionStatus": 1,
"lastExecutionStatusDescription": "Completed",
"status": 2,
"statusDescription": "Pending",
"accountNumber": "GR28 0171 8220 0070 2212 3123 123 (ΠΟΛΥΜΟΡΦΙΚΟΣ ΛΟΓΣΜΟΣ -Κ-1-5iρd)",
"sourceType": 1,
"amount": {
"amount": 13,
"currency": "EUR"
},
"recipient": "RF32901909000007301106135",
"searchTransactionType": 0,
"paymentTransactionType": 0
}
]
}