psd2 apis mocked data - otp bankathird party provider must use a registration form on otp bank...
Post on 07-Jul-2020
8 Views
Preview:
TRANSCRIPT
PSD2 APIS – MOCKED DATA
OTP BANKA SLOVENSKO, A.S.
Version: 2.0
Bratislava, 01.06.2019
PSD2 APIs – Mocked data Version 2.0
2
CONTENT 1 General information and general errors 3
1.1 Used abbreviations 3
1.2 Differences between OTP Bank (OBD) and production 3
1.3 How to read MOCKs 3
1.4 General MOCK information 4
1.5 General error structure 4
1.6 Other specific general errors 4
2 Enrollment 11
3 Authorization 15
4 Tokens 17
5 Mocked data for AISP operations 23
5.1 AISP Operation: Account information 23
5.2 AISP Operation: Account transactions 29
5.3 AISP Operation: List of accounts 46
6 Mocked data for PISP operations 49
6.1 PISP Operation: Standard payment initialization (XML) 49
6.2 PISP Operation: Standard payment submission 75
6.3 PISP Operation: Payment order status 77
6.4 PISP Operation: Standard payment initialization (JSON) 79
6.5 PISP Operation: Payment order cancellation 94
6.6 PISP Operation: SWIFT payment initialization (XML) 97
6.7 PISP Operation: Balance check 126
7 Mocked data fro PIISP Operation 126
7.1 PIISP Operation: Balance check 126
8 Swagger 134
PSD2 APIs – Mocked data Version 2.0
3
1 GENERAL INFORMATION AND GENERAL ERRORS OTP Bank Devportal's API is using a custom HTTP header MOCK-
Authorization:<client_id>:<client_secret>. This header is used for third party provider authorization to
all API mocks. All requests must contain this header. This header is not used on production
environment!!!
Third party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept
(or reject) the registration and after that, third party provider will receive an e-mail containing client_id
and client_secret.
1.1 USED ABBREVIATIONS
Term Meaning
OBD OTP Bank
Devportal
PROD production
1.2 DIFFERENCES BETWEEN OTP BANK (OBD) AND PRODUCTION URL:
● OBD: https://developerhub.otpbanka.sk
● PROD: https://api.otpbanka.sk
MOCK-Authorization
● OBD: sending
● PROD: not sending
Response Body:
● OBD: some request has response body - please check Scenario 4 - 7
● PROD: some request has no response body
1.3 HOW TO READ MOCKS 1st column - Scenario description, Production authorization (no / Basic auth / access_token), When it
happens (example) / What's wrong
PSD2 APIs – Mocked data Version 2.0
4
2nd column - full cURL request, formatted request header, formatted request body
3rd column - HTTP status code, formatted response body
1.4 GENERAL MOCK INFORMATION Authorization: Basic Basic BASE64(client_id + ":" + client_secret) - please check Scenario 4, 5, 6
Authorization: Bearer access_token - only value Bearer at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v is valid, other value is invalid - please check Scenario 7
HTTP header Host is not presented in mock samples because it is a standard HTTP/1.1 header (required
by RFC7230).
1.5 GENERAL ERROR STRUCTURE
HTTP status code: 500
Body
{
"errors": [{
"messageCode": "....",
"messageArgs": [
["....", "...."]
],
"message": "...."
}]
}
1.6 OTHER SPECIFIC GENERAL ERRORS
Test scenario Request Response
1. Negative scenario: wrong MOCK
credentials - client_id
Auth: no
What's wrong: client_id not found
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
HTTP status code: 401
Body
{
"error": "invalid_client",
PSD2 APIs – Mocked data Version 2.0
5
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:Alz:a'
Header
MOCK-Authorization:Alz:a
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
"error_description": "Alz"
}
2. Negative scenario: missing MOCK
credentials
Auth: no
What's wrong: MOCK credentials not
presented
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
HTTP status code: 401
Body
{
"error": "unauthorized_client"
PSD2 APIs – Mocked data Version 2.0
6
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }'
Header
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
}
Response body can contain field
error_description.
3. Negative scenario: MOCK credentials -
wrong password
Auth: no
What's wrong: password
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 401
Body
{
"error": "access_denied"
}
Response body can contain field
PSD2 APIs – Mocked data Version 2.0
7
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:a'
Header
MOCK-Authorization:TPP:a
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
error_description.
4. Negative scenario: missing Basic Auth
Header
Auth: Basic auth
What's wrong: Basic Auth header is missing
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -H "Content-Type: application/x-www-
form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 400
Body
{
"errors": [{
"message": "Missing
request header 'Authorization' for method
parameter of type String"
PSD2 APIs – Mocked data Version 2.0
8
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
}]
}
On production environment:
HTTP status code: 401 without Body
5. Negative scenario: wrong Basic Auth
Header - client_id
Auth: no
What's wrong: client_id not found
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u Alz:b -H "Content-Type: application/x-
www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic QWx6OmI=
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "invalid_client",
"error_description": "Alz"
}
On production environment:
HTTP status code: 401 without Body
PSD2 APIs – Mocked data Version 2.0
9
6. Negative scenario: Basic Auth Header -
wrong password
Auth: no
What's wrong: password
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:b -H "Content-Type: application/x-
www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic VFBQOmI=
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "access_denied"
}
On production environment:
HTTP status code: 401 without Body
7. Negative scenario: Invalid Bearer
access_token
Auth: Bearer access_token
What's wrong: acess_token doesn't exist /
expired
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer 123"
-H 'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 403
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
PSD2 APIs – Mocked data Version 2.0
10
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer 123
"messageCode":
"exception.forbidden",
"messageArgs": [],
"message": "Access
denied"
}]
}
On production environment:
HTTP status code: 403 without Body
8. Negative scenario: missing Request-ID
header
Auth: Bearer access_token
What's wrong: missing Request-ID header
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK0252009999930000000107" }' -H
"Content-Type: application/json" -H
"Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code 400:
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"message": "Missing
request header 'Request-ID' for method
parameter of type String"
}]
}
9. Negative scenario: OTP Bank unavailable
Auth: Bearer access_token
What's wrong: OTP bank backend is
unavailabe
It is necessary to use Request-ID below to get
proper response.
curl -i -X
GET https://developerhub.otpbanka.sk/api/v
2/accounts -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-1111' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
HTTP status code 500:
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
11
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-1111
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"errors": [{
"messageCode":
"exception.backend.profile.OFFLINE",
"messageArgs": [
[]
],
"message":
"exception.backend.profile.OFFLINE"
}]
}
2 ENROLLMENT URL: https://developerhub.otpbanka.sk/enroll
Test scenario Request Response
1. Positive scenario
Auth: no
When it happens (example): third party
provider wants to obtain client_id and
client_secret
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["admin@multipay.sk"],
HTTP status code: 200
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
PSD2 APIs – Mocked data Version 2.0
12
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
portal",
"client_type": "confidential",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"licence_number":
"v@Nn123456",
"client_id": "TPP",
"client_secret": "6389dcc9-a17c-
4bcf-8cdf-5ecf84ade813"
}
2. Negative scenario: invalid scope value
Auth: no
What's wrong: invalid scope value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_scope",
PSD2 APIs – Mocked data Version 2.0
13
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "abc"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "abc"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
"error_description": "abc"
}
3. Negative scenario: invalid request input
Auth: no
What's wrong: missing client_name value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": null, "client_name#en-US":
"My payment portal", "logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_request",
"error_description": "clientName:
PSD2 APIs – Mocked data Version 2.0
14
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": null,
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "abc"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
May not be empty"
}
4. Negative scenario: invalid redirect URI
Auth: no
What's wrong: invalid redirect_uris value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"abc://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_redirect_uri",
"error_description":
"abc://www.multipay.sk/start2"
PSD2 APIs – Mocked data Version 2.0
15
"contacts": ["admin@multipay.sk"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"abc://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["admin@multipay.sk"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
}
3 AUTHORIZATION SBA standard difference:
● URL:
PSD2 APIs – Mocked data Version 2.0
16
o SBA: /authorize,
o OTP Banka: /auth/authorize
● Request:
o SBA: code_challenge and code_challenge_method are mandatory, Content-Type:
application/x-www-form-urlencoded
o OTP Banka: code_challenge and code_challenge_method are not used, standard GET
request (RFC6749 OAuth2 - 4.1.1. Authorization Request)
● Response:
o SBA: Content-type: application/x-www-form-urlencoded, HTTP status code 303
o OTP Banka: standard GET response, HTTP status code 302 (RFC6749 OAuth2 - 4.1.2.
Authorization Response)
URL: https://developerhub.otpbanka.sk/auth/authorize
Response_type: code
Test scenario Request Response
1. Authorize code - positive scenario AISP
Auth: no
When it happens (example): user action -
open SCA web for AISP scope
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&scope=AISP&state=c1734c7d-
bae0-4d86-9a49-90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
1. automatic redirect user to SCA
2. third party provider waiting for user
authorization
3. redirect user from SCA back to third party
provider after user authorization - example:
HTTP status code: 302
Location:
http://www.tpp.sk/redirect?code=ac_a3NDN
JxbCh1ydBZQlcqZIkaTUA2QMCOth8OvDjhu&
state=c1734c7d-bae0-4d86-9a49-
90b5357642b1
2. Authorize code - negative scenario:
missing client_id
Auth: no
What's wrong: client_id not sent
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&redirect_uri=ht
tp%3A%2F%2Fwww.tpp.sk%2Fredirect&scop
e=AISP&state=c1734c7d-bae0-4d86-9a49-
90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Body
{
"errors": [{
"messageCode":
"exception.badRequest.missingParameter",
"messageArgs":
["client_id"],
"message": "Required
PSD2 APIs – Mocked data Version 2.0
17
46ec-95fa-5917fda9a959
parameter client_id is not present"
}]
}
3. Authorize code - negative scenario: scope
missing
Auth: no
What's wrong: mandate field response_type
/ redirect_uri / scope / state not sent
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&state=c1734c7d-bae0-4d86-9a49-
90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 400
Body
{
"errors": [{
"messageCode":
"exception.badRequest.missingParameter",
"messageArgs":
["scope"],
"message": "Required
parameter scope is not present"
}]
}
4. Authorize code - positive scenario PISP
Auth: no
When it happens (example): user action -
open SCA web for authorize payment
Note: PAYMENT_tr_j5I13Xv-AcZs-I-
tOH92m9tQvZ4_ZrxoShNxVI2W is orderId
from paymment initialization:
/api/v1/payments/standard/iso
/api/v2/payments/standard/sba
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&scope=PAYMENT_tr_j5I13Xv-AcZs-
I-
tOH92m9tQvZ4_ZrxoShNxVI2W&state=6ebc
9a58-307d-49b8-8c7a-f5feccedff75" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
1. automatic redirect user to SCA
2. third party provider waiting for user
authorize payment
3. redirect user from SCA back to third party
provider after user authorization - example:
HTTP status code: 302
Location:
http://www.tpp.sk/redirect?code=ac_a3NDN
JxbCh1ydBZQlcqZIkaTUA2QMCOth8OvDjhu&
state=6ebc9a58-307d-49b8-8c7a-
f5feccedff75
4 TOKENS SBA standard difference:
PSD2 APIs – Mocked data Version 2.0
18
● URL:
o SBA: /token,
o OTP Banka: /auth/token
● Request with authorization_code:
o SBA: code_verifier field is mandatory
o OTP Banka: not used (RFC6749 OAuth2 -4.1.3. Access Token Request)
URL: https://developerhub.otpbanka.sk/auth/token
Grand types: authorization_code (AISP), refresh_token (AISP), client_credentials (PISP, PIISP)
Test scenario Request Response
1. Token authorization_code - positive
scenario
Auth: Basic auth
When it happens (example): After user SCA
before AISP web service call
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
HTTP status code: 200
Body
{
"scope": "AISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199,
"refresh_token":
"rt_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30"
}
PSD2 APIs – Mocked data Version 2.0
19
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
2. Token authorization_code - negative
scenario: client_id
Auth: Basic auth
What's wrong: auth client_id not equals to
url client_id
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP2&redirect_uri=http%3A%2F%2Fwww.
tpp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP2&redirect_uri=http%3A%2F%2Fwww.
tpp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "unauthorized_client",
"error_description": "authorized
client differs from client in request"
}
3. Token authorization_code - negative
scenario: unknown code
Auth: Basic auth
What's wrong: not valid code sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=not
mycode&client_id=TPP&redirect_uri=http%3
A%2F%2Fwww.tpp.sk%2Fredirect" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Body
{
"error": "invalid_grant",
"error_description": "unknown
PSD2 APIs – Mocked data Version 2.0
20
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=authorization_code&code=notm
ycode&client_id=TPP&redirect_uri=http%3A
%2F%2Fwww.tpp.sk%2Fredirect
code"
}
4. Token authorization_code - negative
scenario: not valid request
Auth: Basic auth
What's wrong: missing client_id
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=&redirect_uri=http%3A%2F%2Fwww.tpp.s
k%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
HTTP status code: 400
Body
{
"errors": [{
"property": "clientId",
"messageCode":
"javax.validation.constraints.NotEmpty.mess
age",
"message": "May not
be empty",
"invalidValue": ""
}]
}
PSD2 APIs – Mocked data Version 2.0
21
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=&redirect_uri=http%3A%2F%2Fwww.tpp.s
k%2Fredirect
5. Token refresh_token - positive scenario
Auth: Basic auth
When it happens (example): get new
access_token AISP
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=rt
_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=AISP" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=rt_
DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=AISP
HTTP status code: 200
Body
{
"scope": "AISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199
}
6. Token refresh_token - negative scenario:
uknown refresh_token
Auth: Basic auth
What's wrong: not valid refresh_token sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=n
otmycode&scope=AISP" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Body
{
"error": "invalid_grant",
"error_description": "unknown
refresh token"
PSD2 APIs – Mocked data Version 2.0
22
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=no
tmycode&scope=AISP
}
7. Token refresh_token - negative scenario:
not valid scope
Auth: Basic auth
What's wrong: AISP scope not sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=rt
_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=PISP" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=rt_
DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=PISP
HTTP status code: 400
Body
{
"error": "invalid_scope",
"error_description": "invalid
scope PISP"
}
PSD2 APIs – Mocked data Version 2.0
23
8. Token client_credentials - positive
scenario
Auth: Basic auth
When it happens (example): Before PIISP
web service call
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=client_credentials&scope=PIISP"
-H 'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=client_credentials&scope=PIISP
HTTP status code: 200
Body
{
"scope": "PIISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199
}
5 MOCKED DATA FOR AISP OPERATIONS
5.1 AISP OPERATION: ACCOUNT INFORMATION URL: https://developerhub.otpbanka.sk/api/v1/accounts/information
Test scenario Request Response
1. Positive scenario
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK0252009999930000000107" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
PSD2 APIs – Mocked data Version 2.0
24
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK0252009999930000000107"
}
Content-Type: application/json;charset=UTF-
8
Body
{
"account": {
"name": "Ján Novák",
"productName": "Bežný účet 1",
"type": "CACC",
"baseCurrency": "EUR"
},
"balance": [
{
"typeCodeOrProprietary": "ITBD",
"amount": {
"value": 3188.14,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2018-01-
13T13:46:18.941+01:00"
},
{
"typeCodeOrProprietary": "ITAV",
"amount": {
"value": 54.49,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2018-01-
PSD2 APIs – Mocked data Version 2.0
25
13T13:46:18.941+01:00"
}
]
}
2. Negative scenario: a legal term of 90 days
has passed without the SCA being executed
Auth: Bearer access_token
What's wrong: calling account information
after 90 days has passed without SCA being
executed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK3352009999930000000131" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK3352009999930000000131"
}
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
PSD2 APIs – Mocked data Version 2.0
26
3. Negative scenario: the client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: calling account information
without user mandate for his account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8052009999930000000158" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8052009999930000000158"
}
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
4. Negative scenario: missing mandatory
parameter
Auth: Bearer access_token
In production TPP will get the same response
(Error Code 400) also for other PSD2 services
if there is a missing mandatory attribute.
curl -i -X POST
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
PSD2 APIs – Mocked data Version 2.0
27
What's wrong: IBAN is empty https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban": "" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": ""
}
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.NotEmpty.mess
age",
"message": "May not
be empty"
}]
}
5. Negative scenario: invalid parameter
value
Auth: Bearer access_token
What's wrong: IBAN didn't match regex
In production TPP will get the same response
(Error Code 400) also for other PSD2 services
if there is an invalid attribute value.
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8000009999930000000158" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
28
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8000009999930000000158"
}
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK8000009999930000000158"
}]
}
6. Negative scenario: 24 hours request
counter for third party provider was
exceeded
Auth: Bearer access_token
What's wrong: third party provider exceeded
the count of AISP requests (account
information and account transactions) in 24
hours without user authentication
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8552009999930000000262" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
PSD2 APIs – Mocked data Version 2.0
29
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8552009999930000000262"
}
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
5.2 AISP OPERATION: ACCOUNT TRANSACTIONS URL: https://developerhub.otpbanka.sk/api/v1/accounts/transactions
Test scenario Request Response
1. Positive scenario - without filter
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
30
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107"
}
Body
{
"pageCount": 1,
"transactions": [{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
"value": 7.7,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"status":
PSD2 APIs – Mocked data Version 2.0
31
"INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"relatedParties": {
"debtorAccount": {
"identification":
"SK0252009999930000000107"
},
"creditorAccount": {
"identification":
"SK7752009999930000000115"
}
},
"relatedAgents": {
"debtorAgent": {
"financialInstitutionIdentification"
: "OTPVSKBX"
},
"creditAgent": {
"financialInstitutionIdentification"
PSD2 APIs – Mocked data Version 2.0
32
: "OTPVSKBXXXX"
}
},
"remittanceInformation": "príkaz
na úhradu"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-11-28",
"valueDate": "2017-11-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
PSD2 APIs – Mocked data Version 2.0
33
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-10-28",
"valueDate": "2017-10-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-09-28",
"valueDate": "2017-09-28",
"transactionDetails": {
PSD2 APIs – Mocked data Version 2.0
34
"remittanceInformation":
"SERVICE FEES"
}
}
]
}
2. Positive scenario - with date filter, not
empty result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 1,
"transactions": [
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29"
"transactionDetails": {
"remittanceInformation": "SERVICE
FEES"
}
PSD2 APIs – Mocked data Version 2.0
35
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
},
{
"amount": {
"value": 7.7,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"status": "INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"relatedParties": {
"debtorAccount": {
"identification":
"SK0252009999930000000107"
},
"creditorAccount": {
"identification":
"SK7752009999930000000115"
}
},
"relatedAgents": {
"debtorAgent": {
"financialInstitutionIdentification":
"OTPVSKBX"
},
"creditAgent": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
}
PSD2 APIs – Mocked data Version 2.0
36
},
"remittanceInformation": "príkaz na
úhradu"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "INFO",
"bookingDate": "2017-11-28",
"valueDate": "2017-11-28",
"transactionDetails": {
"remittanceInformation": "SERVICE
FEES"
}
}
]
}
3. Positive scenario - with date filter, empty
result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-08-01", "dateTo": "2017-08-30" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
PSD2 APIs – Mocked data Version 2.0
37
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-08-01",
"dateTo": "2017-08-30"
}
"pageCount": 1,
"transactions": []
}
4. Positive scenario - with date filter and
paging, not empty result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-08-01", "dateTo": "2017-11-30",
"page": 2, "pageSize": 2, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 3,
"transactions": [{
PSD2 APIs – Mocked data Version 2.0
38
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-08-01",
"dateTo": "2017-11-30",
"page": 2,
"pageSize": 2,
"status": "ALL"
}
"amount": {
"value": 1,
"currency":
"EUR"
},
"creditDebitIndicator":
"DBIT",
"status": "INFO",
"valueDate": "2017-09-
28",
"bookingDate": "2017-
09-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
}]
}
5. Negative scenario: a legal term of 90 days
has passed without the SCA being executed
Auth: Bearer access_token
What's wrong: calling account transactions
after 90 days has passed without SCA being
executed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK3352009999930000000131", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
PSD2 APIs – Mocked data Version 2.0
39
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK3352009999930000000131",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
6. Negative scenario: the client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: calling account transactions
without user mandate for his account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK8052009999930000000158", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
PSD2 APIs – Mocked data Version 2.0
40
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK8052009999930000000158",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
7. Positive scenario - transaction history for
status "BOOK"
Auth: Bearer access_token
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
HTTP status code: 200
PSD2 APIs – Mocked data Version 2.0
41
When it happens (example): AISP mandate
was assigned to user account (IBAN)
"page": 0, "pageSize": 10, "status": "BOOK" }'
-H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "BOOK"
}
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 1,
"transactions": []
}
PSD2 APIs – Mocked data Version 2.0
42
8. Negative scenario: value "dateFrom" is
higher than "dateTo"
Auth: Bearer access_token
What's wrong: invalid value of dateTo
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2018-10-01", "dateTo": "2017-12-31",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2018-10-01",
"dateTo": "2017-12-31",
"page": 0,
"pageSize": 10,
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"transactionHistoryApiRequest",
"message": "Date
dateTo should be equals or later than
dateFrom"
}]
}
PSD2 APIs – Mocked data Version 2.0
43
"status": "ALL"
}
9. Negative scenario: dateFrom is more than
3 years ago
Auth: Bearer access_token
What's wrong: invalid value of dateFrom
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2010-10-01", "dateTo": "2017-12-31",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2010-10-01",
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"dateFrom",
"messageCode":
"validation.minimalFilterDateFrom.message"
,
"message": "Time
range is too long",
"invalidValue": "2010-
10-01"
}]
}
PSD2 APIs – Mocked data Version 2.0
44
"dateTo": "2017-12-31",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
10. Negative scenario: dateFrom - invalid
date format
Auth: Bearer access_token
What's wrong: invalid value of dateFrom
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2010-10-01", "dateTo": "2018-01-
14T14:02:32.807+01:00", "page": 0,
"pageSize": 10, "status": "ALL" }' -H 'Content-
Type: application/json' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.field.wrong.date.format",
"messageArgs":
["dateTo", "2018-01-
14T14:02:32.807+01:00"],
"message": "Field
dateTo contains invalid date: 2018-01-
14T14:02:32.807+01:00"
}]
}
PSD2 APIs – Mocked data Version 2.0
45
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2010-10-01",
"dateTo": "2018-01-
14T14:02:32.807+01:00",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
11. Negative scenario: 24 hours request
counter for third party provider was
exceeded
Auth: Bearer access_token
What's wrong: third party provider exceeded
the count of AISP requests (account
information and account transactions) in 24
hours without user authentication
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK8552009999930000000262", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
PSD2 APIs – Mocked data Version 2.0
46
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK8552009999930000000262",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
5.3 AISP OPERATION: LIST OF ACCOUNTS URL: https://developerhub.otpbanka.sk/api/v2/accounts
Test scenario Request Response
1. Positive scenario
Auth: Bearer access_token
When it happens (example): at least one AISP
mandate was assigned to user accounts
It is necessary to use Request-ID below to get
proper response.
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"creationDateTime": "2018-01-
13T14:40:28.903+01:00",
PSD2 APIs – Mocked data Version 2.0
47
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
"accounts": [
{
"name": "Ján Novák",
"productName": "OTP Konto",
"type": "CACC",
"baseCurrency": "EUR",
"identification": {
"iban":
"SK0252009999930000000107"
},
"servicer": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
},
"scope": [
"AISP"
]
},
{
"name": "Účet 2",
"productName": "BÚ",
"type": "CACC",
"baseCurrency": "EUR",
"identification": {
"iban":
"SK5552009999930000000123"
},
"servicer": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
},
PSD2 APIs – Mocked data Version 2.0
48
"scope": [
"AISP"
]
}
]
}
2. Positive scenario
Auth: Bearer access_token
When it happens (example): no AISP
mandate was assigned to user accounts
It is necessary to use Request-ID below to get
proper response.
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0001' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0001
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"creationDateTime": "2018-01-
13T15:24:27.553+01:00",
"accounts": []
}
PSD2 APIs – Mocked data Version 2.0
49
6 MOCKED DATA FOR PISP OPERATIONS
6.1 PISP OPERATION: STANDARD PAYMENT INITIALIZATION (XML) URL: https://developerhub.otpbanka.sk/api/v1/payments/standard/iso
Note: ReqdExctnDt - always NOW() or near future
Cut of time: 21:00 (requests sent between 21:00 and 0:00 end up with error code 400).
Test scenario Request Response
1. Positive scenario
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>NOW()</ReqdExctnDt
><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
02.001.03">
<CstmrPmtStsRpt>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
</GrpHdr>
<OrgnlGrpInfAndSts>
<OrgnlMsgId>8b4265e6-45a5-4755-
b8ce-a3d374067cd</OrgnlMsgId>
<OrgnlMsgNmId />
PSD2 APIs – Mocked data Version 2.0
50
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
</OrgnlGrpInfAndSts>
<OrgnlPmtInfAndSts>
<TxInfAndSts>
<TxSts>ACTC</TxSts>
<StsRsnInf>
<Rsn />
</StsRsnInf>
<AcctSvcrRef>PAYMENT_tr_uSmwffUaB-
gLCB3z-mC6iBcP0BOwj76d7UlfB-
mr</AcctSvcrRef>
</TxInfAndSts>
</OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</Document>
PSD2 APIs – Mocked data Version 2.0
51
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
PSD2 APIs – Mocked data Version 2.0
52
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
2. Negative scenario: the source account is
not an OTP Bank account
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not OTP Bank account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K2952009999930000000203</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
PSD2 APIs – Mocked data Version 2.0
53
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
PSD2 APIs – Mocked data Version 2.0
54
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK2952009999930000000203</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
PSD2 APIs – Mocked data Version 2.0
55
</CstmrCdtTrfInitn>
</Document>
3. Negative scenario: the source account is
not an OTP Bank account (bank code: 5200)
Auth: access_token
What's wrong:
debtor IBAN is not OTP Bank account
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K2911119999930000000203</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Must match "^(SK[0-9]{2,2}5200[0-
9]{16,16})$"
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
PSD2 APIs – Mocked data Version 2.0
56
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
PSD2 APIs – Mocked data Version 2.0
57
<Id>
<IBAN>SK2911119999930000000203</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
PSD2 APIs – Mocked data Version 2.0
58
4. Negative scenario: target account is not in
SEPA format
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not in SEPA format
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK5
452009999930000000238</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
PSD2 APIs – Mocked data Version 2.0
59
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
PSD2 APIs – Mocked data Version 2.0
60
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK5452009999930000000238</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
5. Negative scenario: unavailable banking
system
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
HTTP status code: 400
PSD2 APIs – Mocked data Version 2.0
61
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K1052009999930000000254</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK0
752009999930000000211</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Unable to get BIC code from IBAN.
Only today timestamp before COT or near
future timestamp is valid.
PSD2 APIs – Mocked data Version 2.0
62
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK1052009999930000000254</IBAN
>
</Id>
PSD2 APIs – Mocked data Version 2.0
63
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK0752009999930000000211</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
6. Negative scenario: the currency is
different from the EUR
Auth: access_token
What's wrong:
requestedExecutionDate is not today
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
PSD2 APIs – Mocked data Version 2.0
64
timestamp before COT or near future
timestamp
banking system offline
currency is not EUR
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="CZK">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK0
752009999930000000211</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Content-Type: text/plain;charset=UTF-8
Body
Only EUR currency value is allowed.
Unable to get BIC code from IBAN.
Only today timestamp before COT or near
future timestamp is valid.
PSD2 APIs – Mocked data Version 2.0
65
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
PSD2 APIs – Mocked data Version 2.0
66
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="CZK">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK0752009999930000000211</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
7. Negative scenario: debtor IBAN is equals
to creditor IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
IBAN of the debtor and creditor are the
PSD2 APIs – Mocked data Version 2.0
67
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK5
852009999930000000166</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
same.
Only today timestamp before COT or near
future timestamp is valid.
PSD2 APIs – Mocked data Version 2.0
68
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
PSD2 APIs – Mocked data Version 2.0
69
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>9999-02-
12</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
PSD2 APIs – Mocked data Version 2.0
70
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
PSD2 APIs – Mocked data Version 2.0
71
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>9999-02-
12</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
PSD2 APIs – Mocked data Version 2.0
72
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
9. Negative scenario: blacklist IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN is forbidden
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>9999-02-
12</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
IBAN of creditor is forbidden.
Only today timestamp before COT or near
future timestamp is valid.
PSD2 APIs – Mocked data Version 2.0
73
352009999930000000270</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
PSD2 APIs – Mocked data Version 2.0
74
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>9999-02-
12</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
PSD2 APIs – Mocked data Version 2.0
75
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6352009999930000000270</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
6.2 PISP OPERATION: STANDARD PAYMENT SUBMISSION URL: https://developerhub.otpbanka.sk/api/v1/payments/submission
Note: Request-ID is not a part of response's orderId. It's just a mock!
Test scenario Request Response
1. Positive scenario - payment completed
ACSC
Auth: Bearer access_token
When it happens (example): submit payment
call after user authorize payment
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/submission -H 'Content-Type:
application/json' -H 'Request-ID: ffdc2f2d-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-0000-0000",
"status": "ACSC",
"statusDateTime": "2018-01-
PSD2 APIs – Mocked data Version 2.0
76
Content-Type: application/json
Request-ID: ffdc2f2d-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
14T09:38:04.586+01:00"
}
2. Negative scenario - payment rejected
RJCT
Auth: Bearer access_token
What's wrong: submitted payment failed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/submission -H 'Content-Type:
application/json' -H 'Request-ID: ffdc2f2d-
0000-0001' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: ffdc2f2d-0000-0001
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-0000-0001",
"status": "RJCT",
"reasonCode": "AM04",
"statusDateTime": "2018-01-
14T14:32:36.693+01:00"
}
PSD2 APIs – Mocked data Version 2.0
77
6.3 PISP OPERATION: PAYMENT ORDER STATUS URL: https://developerhub.otpbanka.sk/api/v1/payments/{orderId}/status
Test scenario Request Response
1. Positive scenario: ACSC - settlement
completed
Auth: Bearer access_token
When it happens (example): after payment
processed correctly
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0000/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":"PAYMENT_tr_ffdc2f2d-1288-
0000-0000",
"status": "ACSC",
"statusDateTime": "2018-01-
14T14:02:32.807+01:00"
}
2. Negative scenario: RJCT - rejected
payment
Auth: Bearer access_token
When it happens (example): after payment
processed not correctly
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0001/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
78
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"orderId":"PAYMENT_tr_ffdc2f2d-1288-
0000-0001",
"status": "RJCT",
"reasonCode": "AM04",
"statusDateTime": "2018-01-
14T14:02:32.807+01:00"
}
3. Negative scenario: non-existent orderId
Auth: Bearer access_token
What's wrong: invalid orderId value
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0002/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notFound",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0002"],
PSD2 APIs – Mocked data Version 2.0
79
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
"message": "Unknown
orderId ffdc2f2d-1288-0000-0002."
}]
}
6.4 PISP OPERATION: STANDARD PAYMENT INITIALIZATION (JSON) URL: https://developerhub.otpbanka.sk/api/v2/payments/standard/sba
Note: requestedExecutionDate - always NOW() or near future
Cut of time: 21:00 (requests sent between 21:00 and 0:00 end up with error code 400).
Test scenario Request Response
1. Positive scenario
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "NOW()" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId": "PAYMENT_tr_ffdc2f2d-1288-
4212-be38-a011838ee051",
"status": "ACTC",
"statusDateTime": "2018-01-
13T17:15:27.350+01:00"
}
PSD2 APIs – Mocked data Version 2.0
80
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
PSD2 APIs – Mocked data Version 2.0
81
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"NOW()"
}
2. Negative scenario: the source account is
not an OTP Bank account
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not OTP Bank account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK2952009999930000000203", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"debtor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK2952009999930000000203"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
PSD2 APIs – Mocked data Version 2.0
82
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK2952009999930000000203",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
3. Negative scenario: the source account is
not an OTP Bank account (bank code: 5200)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
HTTP status code: 400
PSD2 APIs – Mocked data Version 2.0
83
Auth: access_token
What's wrong:
debtor IBAN is not OTP Bank account
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK2911119999930000000203", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"debtor.iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK2911119999930000000203"
}, {
"property":
"debtor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK2911119999930000000203"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
PSD2 APIs – Mocked data Version 2.0
84
"Ivana Prva"
},
"debtor":{
"iban":
"SK2911119999930000000203",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
01-13T17:14:44.85+01:00"
}]
}
4. Negative scenario: target account is not in
SEPA format
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not in SEPA format
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK5452009999930000000238", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
PSD2 APIs – Mocked data Version 2.0
85
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK5452009999930000000238",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK5452009999930000000238"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
PSD2 APIs – Mocked data Version 2.0
86
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
5. Negative scenario: unavailable banking
system
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK0752009999930000000211", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK1052009999930000000254", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}, {
"property":
PSD2 APIs – Mocked data Version 2.0
87
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK0752009999930000000211",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK1052009999930000000254",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK0752009999930000000211"
}]
}
PSD2 APIs – Mocked data Version 2.0
88
"2018-01-13T17:14:44.850+01:00"
}
6. Negative scenario: the currency is
different from the EUR
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
currency is not EUR
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK0752009999930000000211", "name":
"Ivana Prva" }, "debtor": { "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount": {
"currency": "CZK", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK0752009999930000000211"
}, {
"property":
"instructedAmount",
"messageCode":
"validation.currencyValue.message",
"message": "Only EUR
currency value is allowed.",
"invalidValue": {
"value":
5.50,
"currency":
"CZK"
}
}, {
PSD2 APIs – Mocked data Version 2.0
89
{
"creditor":{
"iban":
"SK0752009999930000000211",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"CZK",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
7. Negative scenario: debtor IBAN is equals
to creditor IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK5852009999930000000166", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
90
creditor IBAN "remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK5852009999930000000166",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}, {
"property":
"standardSbaPaymentApiRequest",
"message": "IBAN of
the debtor and creditor are the same."
}]
}
PSD2 APIs – Mocked data Version 2.0
91
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "9999-02-
12T00:00:00.000+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
PSD2 APIs – Mocked data Version 2.0
92
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
timestamp is valid.",
"invalidValue": "9999-
02-12T00:00:00.000+01:00"
}]
}
PSD2 APIs – Mocked data Version 2.0
93
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"9999-02-12T00:00:00.000+01:00"
}
9. Negative scenario: blacklist IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN is forbidden
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK6352009999930000000270", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "9999-02-
12T00:00:00.000+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property": "requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only today timestamp
before COT or near future timestamp is
valid.",
"invalidValue": "9999-02-
12T00:00:00+01:00"
}, {
"property": "creditor.iban",
"messageCode":
"validation.blacklistValue.message",
"message": "IBAN of creditor is
forbidden.",
"invalidValue":
"SK6352009999930000000270"
PSD2 APIs – Mocked data Version 2.0
94
}]
}
6.5 PISP OPERATION: PAYMENT ORDER CANCELLATION URL: https://developerhub.otpbanka.sk/api/v1/payments/{orderId}/rcp
Test scenario Request Response
1. Positive scenario: successfully
cancellation of payment
Auth: Bearer access_token
When it happens (example): after SEPA
payment in near future processed correctly,
third party provider can cancel it
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0000/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
v
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-1288-0000-0000"
}
2. Negative scenario: non-existent orderId
Auth: Bearer access_token
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0001/rcp -H 'Content-Type: application/json'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
PSD2 APIs – Mocked data Version 2.0
95
What's wrong: invalid orderId value
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notFound",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0001"],
"message": "Unknown orderId
PAYMENT_tr_ffdc2f2d-1288-0000-0001."
}]
}
3. Negative scenario: payment was already
canceled
Auth: Bearer access_token
What's wrong: canceled orderId value
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0002/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.alreadyCanceled",
"messageArgs":
PSD2 APIs – Mocked data Version 2.0
96
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
["PAYMENT_tr_ffdc2f2d-1288-0000-0002"],
"message": "Payment with orderId
PAYMENT_tr_ffdc2f2d-1288-0000-0002 was
already canceled."
}]
}
4. Negative scenario: SWIFT payment
cancellation
Auth: Bearer access_token
What's wrong: only SEPA payment can be
canceled
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0003/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notSepa",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0003"],
"message": "Only SEPA payment can be
canceled."
}]
}
PSD2 APIs – Mocked data Version 2.0
97
5. Negative scenario: not near future SEPA
payment
Auth: Bearer access_token
What's wrong: only SEPA payment with near
future timestamp (requestedExecutionDate)
can be canceled
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0004/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.unableToCancel",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0004"],
"message": "This SEPA payment can't be
canceled."
}]
}
6.6 PISP OPERATION: SWIFT PAYMENT INITIALIZATION (XML) URL: https://developerhub.otpbanka.sk/api/v1/payments/swift/iso
Note: requestedExecutionDate - always NOW() or near future
Swift processing time: 00:00 - 15:00 (requests sent between 15:00 and 23:59 end up with error code
400).
This section is not duplicated the negative scenarios from the section 'Standard payment initialization
(XML)'. Only new negative scenarios are included.
Test scenario Request Response
PSD2 APIs – Mocked data Version 2.0
98
1. Positive scenario: creditor IBAN
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
PSD2 APIs – Mocked data Version 2.0
99
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
PSD2 APIs – Mocked data Version 2.0
100
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
PSD2 APIs – Mocked data Version 2.0
101
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
2. Positive scenario: creditor BBAN and
creditor bank BIC code
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><BIC>S
UBASKBX</BIC></FinInstnId></CdtrAgt><Cdt
r><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
PSD2 APIs – Mocked data Version 2.0
102
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
PSD2 APIs – Mocked data Version 2.0
103
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<BIC>SUBASKBX</BIC>
</FinInstnId>
</CdtrAgt>
PSD2 APIs – Mocked data Version 2.0
104
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
3. Positive scenario: creditor BBAN and
creditor bank information
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
PSD2 APIs – Mocked data Version 2.0
105
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><Nm>
Moja
Banka</Nm><PstlAdr><StrtNm>Nova</StrtN
m><BldgNb>15/A</BldgNb><PstCd>82101</
PstCd><TwnNm>Bratislava</TwnNm><Ctry>
SK</Ctry></PstlAdr></FinInstnId></CdtrAgt>
<Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
PSD2 APIs – Mocked data Version 2.0
106
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
PSD2 APIs – Mocked data Version 2.0
107
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<Nm>Moja Banka</Nm>
<PstlAdr>
<StrtNm>Nova</StrtNm>
<BldgNb>15/A</BldgNb>
<PstCd>82101</PstCd>
<TwnNm>Bratislava</TwnNm>
<Ctry>SK</Ctry>
</PstlAdr>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
PSD2 APIs – Mocked data Version 2.0
108
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
4. Negative scenario: missing creditor
information
Auth: access_token
What's wrong:
missing countryCode in creditorBank object
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Creditor bank identification is missing. Please
fill BIC code or name plus address of creditor
bank.
PSD2 APIs – Mocked data Version 2.0
109
SHAR</ChrgBr><CdtrAgt><FinInstnId><Nm>
Moja
Banka</Nm><PstlAdr><StrtNm>Nova</StrtN
m><BldgNb>15/A</BldgNb><PstCd>82101</
PstCd><TwnNm>Bratislava</TwnNm></PstlA
dr></FinInstnId></CdtrAgt><Cdtr><Nm>Ivan
a
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
PSD2 APIs – Mocked data Version 2.0
110
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
PSD2 APIs – Mocked data Version 2.0
111
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<Nm>Moja Banka</Nm>
<PstlAdr>
<StrtNm>Nova</StrtNm>
<BldgNb>15/A</BldgNb>
<PstCd>82101</PstCd>
<TwnNm>Bratislava</TwnNm>
<Ctry>SK</Ctry>
</PstlAdr>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
PSD2 APIs – Mocked data Version 2.0
112
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
5. Negative scenario: wrong creditor
information
Auth: access_token
What's wrong:
payload contains creditor IBAN and also
creditor BBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><BIC>S
UBASKBX</BIC></FinInstnId></CdtrAgt><Cdt
r><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
invalid_request cvc-complex-type.2.4.d:
Invalid content was found starting with
element 'Othr'. No child element is expected
at this point.
PSD2 APIs – Mocked data Version 2.0
113
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
PSD2 APIs – Mocked data Version 2.0
114
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
PSD2 APIs – Mocked data Version 2.0
115
<CdtrAgt>
<FinInstnId>
<BIC>SUBASKBX</BIC>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
PSD2 APIs – Mocked data Version 2.0
116
6. Negative scenario: creditor from OTP
Bank
Auth: access_token
What's wrong:
creditor IBAN or BIC code is from OTP Bank
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Creditor IBAN can't be from OTP Bank.
PSD2 APIs – Mocked data Version 2.0
117
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
PSD2 APIs – Mocked data Version 2.0
118
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
PSD2 APIs – Mocked data Version 2.0
119
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
7. Negative scenario: Amount value with
currency HUF or JPY can't have decimal
places.
Auth: access_token
What's wrong:
amount value with decimal places and
currency HUF
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="HUF">100.12</InstdAmt></Amt><Chrg
Br>SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Amount value with currency HUF or JPY can't
have decimal places.
PSD2 APIs – Mocked data Version 2.0
120
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
PSD2 APIs – Mocked data Version 2.0
121
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="HUF">100.12</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
PSD2 APIs – Mocked data Version 2.0
122
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>9999-12-
31</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before 3pm is valid.
Maximum timestamp is today + {days} days,
except weekends and public holidays.
PSD2 APIs – Mocked data Version 2.0
123
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
PSD2 APIs – Mocked data Version 2.0
124
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>9999-12-
31</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
PSD2 APIs – Mocked data Version 2.0
125
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
PSD2 APIs – Mocked data Version 2.0
126
6.7 PISP OPERATION: BALANCE CHECK URL: https://developerhub.otpbanka.sk/api/v1/accounts/balanceCheck
Note: Please see chapter 7.1 for futher information.
7 MOCKED DATA FOR PIISP OPERATION
7.1 PIISP OPERATION: BALANCE CHECK URL: https://developerhub.otpbanka.sk/api/v1/accounts/balanceCheck
Test Scenario Request Response
1. Positive scenario: APPR - sufficient
financial resources in the account
Auth: Bearer access_token
When it happens (example): enough money
in the account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 100 },
"creationDate": "2018-01-
13T14:24:39.534+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"result": "APPR",
"creationDateTime": "2018-01-
13T14:24:56.408+01:00"
}
PSD2 APIs – Mocked data Version 2.0
127
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 100
},
"creationDate": "2018-01-
13T14:24:39.534+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
2. Positive scenario: DECL - insufficient
financial resources in the account
Auth: Bearer access_token
When it happens (example): not enough
money in the account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 1000 },
"creationDate": "2018-01-
13T14:54:44.480+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"result": "DECL",
"creationDateTime": "2018-01-
13T14:55:06.314+01:00"
}
PSD2 APIs – Mocked data Version 2.0
128
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 10000
},
"creationDate": "2018-01-
13T14:54:44.480+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
3. Negative scenario: The currency in the
request is different from the account
currency
Auth: Bearer access_token
What's wrong: wrong currency
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "CZK", "value": 10000 },
"creationDate": "2018-01-
13T14:54:44.480+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
PSD2 APIs – Mocked data Version 2.0
129
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "CZK",
"value": 10000
},
"creationDate": "2018-01-
13T14:54:44.480+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
"exception.account.wrong.currency",
"messageArgs":
["CZK"],
"message": "Payer's
account currency is incorrect - wrong
currency CZK."
}]
}
4. Negative scenario: The account is not OTP
Bank account (request validation)
Auth: Bearer access_token
What's wrong: wrong IBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 0 },
"creationDate": "2018-01-
13T08:51:15.778+01:00", "iban":
"SK3611119999930000000174",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
PSD2 APIs – Mocked data Version 2.0
130
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 0
},
"creationDate": "2018-01-
13T08:51:15.778+01:00",
"iban": "SK3611119999930000000174",
"instructionIdentification": "piisp"
}
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK14511119999930000000182"
}]
}
5. Negative scenario: The account is not OTP curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
HTTP status code: 401
PSD2 APIs – Mocked data Version 2.0
131
Bank account (service validation)
Auth: Bearer access_token
What's wrong: wrong IBAN
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 0 },
"creationDate": "2018-01-
13T08:51:15.778+01:00", "iban":
"SK3652009999930000000174",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 0
},
"creationDate": "2018-01-
13T08:51:15.778+01:00",
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
PSD2 APIs – Mocked data Version 2.0
132
"iban": "SK3652009999930000000174",
"instructionIdentification": "piisp"
}
6. Negative scenario: The client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: missing PIISP mandate for
given IBAN (client) and third party provider
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 100 },
"creationDate": "2018-01-
13T14:24:39.534+01:00", "iban":
"SK1452009999930000000182",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
PSD2 APIs – Mocked data Version 2.0
133
"currency": "EUR",
"value": 1
},
"creationDate": "2018-01-
13T14:09:43.759+01:00",
"iban": "SK1452009999930000000182",
"instructionIdentification": "piisp"
}
PSD2 APIs – Mocked data Version 2.0
134
8 SWAGGER URL: https://developerhub.otpbanka.sk/swagger-ui.html
Third party provider can call PSD2 mock web services via curl command and also via swagger. Swagger
web site is protected by basic authentication where user name is client_id and password is client_secret.
This information was delivered via registration confirmation email.
Third party provider will also need their client_id and client_secret for every PSD2 web service call (see
1.). POST Rest web services also contain the model of request payload (see 2.) and the example of
request payload (see 3.). For the model and the example of XML request payload please see referenced
XSD schema (see 4.).
PSD2 APIs – Mocked data Version 2.0
135
Swagger website overview:
top related