![Page 1: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/1.jpg)
PSD2 APIS – MOCKED DATA
OTP BANKA SLOVENSKO, A.S.
Version: 2.0
Bratislava, 01.06.2019
![Page 2: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/2.jpg)
PSD2 APIs – Mocked data Version 2.0
2
CONTENT 1 General information and general errors 3
1.1 Used abbreviations 3
1.2 Differences between OTP Bank (OBD) and production 3
1.3 How to read MOCKs 3
1.4 General MOCK information 4
1.5 General error structure 4
1.6 Other specific general errors 4
2 Enrollment 11
3 Authorization 15
4 Tokens 17
5 Mocked data for AISP operations 23
5.1 AISP Operation: Account information 23
5.2 AISP Operation: Account transactions 29
5.3 AISP Operation: List of accounts 46
6 Mocked data for PISP operations 49
6.1 PISP Operation: Standard payment initialization (XML) 49
6.2 PISP Operation: Standard payment submission 75
6.3 PISP Operation: Payment order status 77
6.4 PISP Operation: Standard payment initialization (JSON) 79
6.5 PISP Operation: Payment order cancellation 94
6.6 PISP Operation: SWIFT payment initialization (XML) 97
6.7 PISP Operation: Balance check 126
7 Mocked data fro PIISP Operation 126
7.1 PIISP Operation: Balance check 126
8 Swagger 134
![Page 3: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/3.jpg)
PSD2 APIs – Mocked data Version 2.0
3
1 GENERAL INFORMATION AND GENERAL ERRORS OTP Bank Devportal's API is using a custom HTTP header MOCK-
Authorization:<client_id>:<client_secret>. This header is used for third party provider authorization to
all API mocks. All requests must contain this header. This header is not used on production
environment!!!
Third party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept
(or reject) the registration and after that, third party provider will receive an e-mail containing client_id
and client_secret.
1.1 USED ABBREVIATIONS
Term Meaning
OBD OTP Bank
Devportal
PROD production
1.2 DIFFERENCES BETWEEN OTP BANK (OBD) AND PRODUCTION URL:
● OBD: https://developerhub.otpbanka.sk
● PROD: https://api.otpbanka.sk
MOCK-Authorization
● OBD: sending
● PROD: not sending
Response Body:
● OBD: some request has response body - please check Scenario 4 - 7
● PROD: some request has no response body
1.3 HOW TO READ MOCKS 1st column - Scenario description, Production authorization (no / Basic auth / access_token), When it
happens (example) / What's wrong
![Page 4: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/4.jpg)
PSD2 APIs – Mocked data Version 2.0
4
2nd column - full cURL request, formatted request header, formatted request body
3rd column - HTTP status code, formatted response body
1.4 GENERAL MOCK INFORMATION Authorization: Basic Basic BASE64(client_id + ":" + client_secret) - please check Scenario 4, 5, 6
Authorization: Bearer access_token - only value Bearer at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v is valid, other value is invalid - please check Scenario 7
HTTP header Host is not presented in mock samples because it is a standard HTTP/1.1 header (required
by RFC7230).
1.5 GENERAL ERROR STRUCTURE
HTTP status code: 500
Body
{
"errors": [{
"messageCode": "....",
"messageArgs": [
["....", "...."]
],
"message": "...."
}]
}
1.6 OTHER SPECIFIC GENERAL ERRORS
Test scenario Request Response
1. Negative scenario: wrong MOCK
credentials - client_id
Auth: no
What's wrong: client_id not found
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
HTTP status code: 401
Body
{
"error": "invalid_client",
![Page 5: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/5.jpg)
PSD2 APIs – Mocked data Version 2.0
5
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["[email protected]"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:Alz:a'
Header
MOCK-Authorization:Alz:a
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
"error_description": "Alz"
}
2. Negative scenario: missing MOCK
credentials
Auth: no
What's wrong: MOCK credentials not
presented
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
HTTP status code: 401
Body
{
"error": "unauthorized_client"
![Page 6: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/6.jpg)
PSD2 APIs – Mocked data Version 2.0
6
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["[email protected]"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }'
Header
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
}
Response body can contain field
error_description.
3. Negative scenario: MOCK credentials -
wrong password
Auth: no
What's wrong: password
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 401
Body
{
"error": "access_denied"
}
Response body can contain field
![Page 7: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/7.jpg)
PSD2 APIs – Mocked data Version 2.0
7
"contacts": ["[email protected]"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:a'
Header
MOCK-Authorization:TPP:a
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
error_description.
4. Negative scenario: missing Basic Auth
Header
Auth: Basic auth
What's wrong: Basic Auth header is missing
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -H "Content-Type: application/x-www-
form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 400
Body
{
"errors": [{
"message": "Missing
request header 'Authorization' for method
parameter of type String"
![Page 8: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/8.jpg)
PSD2 APIs – Mocked data Version 2.0
8
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
}]
}
On production environment:
HTTP status code: 401 without Body
5. Negative scenario: wrong Basic Auth
Header - client_id
Auth: no
What's wrong: client_id not found
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u Alz:b -H "Content-Type: application/x-
www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic QWx6OmI=
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "invalid_client",
"error_description": "Alz"
}
On production environment:
HTTP status code: 401 without Body
![Page 9: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/9.jpg)
PSD2 APIs – Mocked data Version 2.0
9
6. Negative scenario: Basic Auth Header -
wrong password
Auth: no
What's wrong: password
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:b -H "Content-Type: application/x-
www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic VFBQOmI=
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "access_denied"
}
On production environment:
HTTP status code: 401 without Body
7. Negative scenario: Invalid Bearer
access_token
Auth: Bearer access_token
What's wrong: acess_token doesn't exist /
expired
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer 123"
-H 'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 403
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
![Page 10: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/10.jpg)
PSD2 APIs – Mocked data Version 2.0
10
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer 123
"messageCode":
"exception.forbidden",
"messageArgs": [],
"message": "Access
denied"
}]
}
On production environment:
HTTP status code: 403 without Body
8. Negative scenario: missing Request-ID
header
Auth: Bearer access_token
What's wrong: missing Request-ID header
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK0252009999930000000107" }' -H
"Content-Type: application/json" -H
"Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code 400:
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"message": "Missing
request header 'Request-ID' for method
parameter of type String"
}]
}
9. Negative scenario: OTP Bank unavailable
Auth: Bearer access_token
What's wrong: OTP bank backend is
unavailabe
It is necessary to use Request-ID below to get
proper response.
curl -i -X
GET https://developerhub.otpbanka.sk/api/v
2/accounts -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-1111' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
HTTP status code 500:
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 11: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/11.jpg)
PSD2 APIs – Mocked data Version 2.0
11
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-1111
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"errors": [{
"messageCode":
"exception.backend.profile.OFFLINE",
"messageArgs": [
[]
],
"message":
"exception.backend.profile.OFFLINE"
}]
}
2 ENROLLMENT URL: https://developerhub.otpbanka.sk/enroll
Test scenario Request Response
1. Positive scenario
Auth: no
When it happens (example): third party
provider wants to obtain client_id and
client_secret
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts": ["[email protected]"],
HTTP status code: 200
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
![Page 12: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/12.jpg)
PSD2 APIs – Mocked data Version 2.0
12
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
portal",
"client_type": "confidential",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"licence_number":
"v@Nn123456",
"client_id": "TPP",
"client_secret": "6389dcc9-a17c-
4bcf-8cdf-5ecf84ade813"
}
2. Negative scenario: invalid scope value
Auth: no
What's wrong: invalid scope value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_scope",
![Page 13: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/13.jpg)
PSD2 APIs – Mocked data Version 2.0
13
"contacts": ["[email protected]"],
"scopes": ["aisp", "abc"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "abc"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
"error_description": "abc"
}
3. Negative scenario: invalid request input
Auth: no
What's wrong: missing client_name value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": null, "client_name#en-US":
"My payment portal", "logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_request",
"error_description": "clientName:
![Page 14: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/14.jpg)
PSD2 APIs – Mocked data Version 2.0
14
"contacts": ["[email protected]"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"https://www.multipay.sk/start2"],
"client_name": null,
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "abc"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
May not be empty"
}
4. Negative scenario: invalid redirect URI
Auth: no
What's wrong: invalid redirect_uris value
curl -i -X POST
https://developerhub.otpbanka.sk/enroll -H
'Content-Type: application/json' -d '{
"redirect_uris":
["https://www.multipay.sk/start",
"abc://www.multipay.sk/start2"],
"client_name": "Moj platobny portal",
"client_name#en-US": "My payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
HTTP status code: 400
Body
{
"error": "invalid_redirect_uri",
"error_description":
"abc://www.multipay.sk/start2"
![Page 15: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/15.jpg)
PSD2 APIs – Mocked data Version 2.0
15
"contacts": ["[email protected]"],
"scopes": ["aisp", "pisp"], "client_type":
"confidential", "licence_number":
"v@Nn123456" }' -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Body
{
"redirect_uris":
["https://www.multipay.sk/start",
"abc://www.multipay.sk/start2"],
"client_name": "Moj platobny
portal",
"client_name#en-US": "My
payment portal",
"logo_uri":
"https://www.multipay.sk/logo.png",
"contacts":
["[email protected]"],
"scopes": ["aisp", "pisp"],
"client_type": "confidential",
"licence_number":
"v@Nn123456"
}
}
3 AUTHORIZATION SBA standard difference:
● URL:
![Page 16: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/16.jpg)
PSD2 APIs – Mocked data Version 2.0
16
o SBA: /authorize,
o OTP Banka: /auth/authorize
● Request:
o SBA: code_challenge and code_challenge_method are mandatory, Content-Type:
application/x-www-form-urlencoded
o OTP Banka: code_challenge and code_challenge_method are not used, standard GET
request (RFC6749 OAuth2 - 4.1.1. Authorization Request)
● Response:
o SBA: Content-type: application/x-www-form-urlencoded, HTTP status code 303
o OTP Banka: standard GET response, HTTP status code 302 (RFC6749 OAuth2 - 4.1.2.
Authorization Response)
URL: https://developerhub.otpbanka.sk/auth/authorize
Response_type: code
Test scenario Request Response
1. Authorize code - positive scenario AISP
Auth: no
When it happens (example): user action -
open SCA web for AISP scope
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&scope=AISP&state=c1734c7d-
bae0-4d86-9a49-90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
1. automatic redirect user to SCA
2. third party provider waiting for user
authorization
3. redirect user from SCA back to third party
provider after user authorization - example:
HTTP status code: 302
Location:
http://www.tpp.sk/redirect?code=ac_a3NDN
JxbCh1ydBZQlcqZIkaTUA2QMCOth8OvDjhu&
state=c1734c7d-bae0-4d86-9a49-
90b5357642b1
2. Authorize code - negative scenario:
missing client_id
Auth: no
What's wrong: client_id not sent
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&redirect_uri=ht
tp%3A%2F%2Fwww.tpp.sk%2Fredirect&scop
e=AISP&state=c1734c7d-bae0-4d86-9a49-
90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Body
{
"errors": [{
"messageCode":
"exception.badRequest.missingParameter",
"messageArgs":
["client_id"],
"message": "Required
![Page 17: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/17.jpg)
PSD2 APIs – Mocked data Version 2.0
17
46ec-95fa-5917fda9a959
parameter client_id is not present"
}]
}
3. Authorize code - negative scenario: scope
missing
Auth: no
What's wrong: mandate field response_type
/ redirect_uri / scope / state not sent
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&state=c1734c7d-bae0-4d86-9a49-
90b5357642b1" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 400
Body
{
"errors": [{
"messageCode":
"exception.badRequest.missingParameter",
"messageArgs":
["scope"],
"message": "Required
parameter scope is not present"
}]
}
4. Authorize code - positive scenario PISP
Auth: no
When it happens (example): user action -
open SCA web for authorize payment
Note: PAYMENT_tr_j5I13Xv-AcZs-I-
tOH92m9tQvZ4_ZrxoShNxVI2W is orderId
from paymment initialization:
/api/v1/payments/standard/iso
/api/v2/payments/standard/sba
curl -i -X GET
"https://developerhub.otpbanka.sk/auth/aut
horize?response_type=code&client_id=TPP&
redirect_uri=http%3A%2F%2Fwww.tpp.sk%2
Fredirect&scope=PAYMENT_tr_j5I13Xv-AcZs-
I-
tOH92m9tQvZ4_ZrxoShNxVI2W&state=6ebc
9a58-307d-49b8-8c7a-f5feccedff75" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
1. automatic redirect user to SCA
2. third party provider waiting for user
authorize payment
3. redirect user from SCA back to third party
provider after user authorization - example:
HTTP status code: 302
Location:
http://www.tpp.sk/redirect?code=ac_a3NDN
JxbCh1ydBZQlcqZIkaTUA2QMCOth8OvDjhu&
state=6ebc9a58-307d-49b8-8c7a-
f5feccedff75
4 TOKENS SBA standard difference:
![Page 18: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/18.jpg)
PSD2 APIs – Mocked data Version 2.0
18
● URL:
o SBA: /token,
o OTP Banka: /auth/token
● Request with authorization_code:
o SBA: code_verifier field is mandatory
o OTP Banka: not used (RFC6749 OAuth2 -4.1.3. Access Token Request)
URL: https://developerhub.otpbanka.sk/auth/token
Grand types: authorization_code (AISP), refresh_token (AISP), client_credentials (PISP, PIISP)
Test scenario Request Response
1. Token authorization_code - positive
scenario
Auth: Basic auth
When it happens (example): After user SCA
before AISP web service call
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
HTTP status code: 200
Body
{
"scope": "AISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199,
"refresh_token":
"rt_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30"
}
![Page 19: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/19.jpg)
PSD2 APIs – Mocked data Version 2.0
19
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP&redirect_uri=http%3A%2F%2Fwww.t
pp.sk%2Fredirect
2. Token authorization_code - negative
scenario: client_id
Auth: Basic auth
What's wrong: auth client_id not equals to
url client_id
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP2&redirect_uri=http%3A%2F%2Fwww.
tpp.sk%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=TPP2&redirect_uri=http%3A%2F%2Fwww.
tpp.sk%2Fredirect
HTTP status code: 401
Body
{
"error": "unauthorized_client",
"error_description": "authorized
client differs from client in request"
}
3. Token authorization_code - negative
scenario: unknown code
Auth: Basic auth
What's wrong: not valid code sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=not
mycode&client_id=TPP&redirect_uri=http%3
A%2F%2Fwww.tpp.sk%2Fredirect" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Body
{
"error": "invalid_grant",
"error_description": "unknown
![Page 20: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/20.jpg)
PSD2 APIs – Mocked data Version 2.0
20
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=authorization_code&code=notm
ycode&client_id=TPP&redirect_uri=http%3A
%2F%2Fwww.tpp.sk%2Fredirect
code"
}
4. Token authorization_code - negative
scenario: not valid request
Auth: Basic auth
What's wrong: missing client_id
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=authorization_code&code=ac_d
YXNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=&redirect_uri=http%3A%2F%2Fwww.tpp.s
k%2Fredirect" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
HTTP status code: 400
Body
{
"errors": [{
"property": "clientId",
"messageCode":
"javax.validation.constraints.NotEmpty.mess
age",
"message": "May not
be empty",
"invalidValue": ""
}]
}
![Page 21: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/21.jpg)
PSD2 APIs – Mocked data Version 2.0
21
Body
grant_type=authorization_code&code=ac_dY
XNRRagzMn-
qLzUdxqdXubwMC8biwLiX1Y5mJa1&client_i
d=&redirect_uri=http%3A%2F%2Fwww.tpp.s
k%2Fredirect
5. Token refresh_token - positive scenario
Auth: Basic auth
When it happens (example): get new
access_token AISP
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=rt
_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=AISP" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=rt_
DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=AISP
HTTP status code: 200
Body
{
"scope": "AISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199
}
6. Token refresh_token - negative scenario:
uknown refresh_token
Auth: Basic auth
What's wrong: not valid refresh_token sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=n
otmycode&scope=AISP" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Body
{
"error": "invalid_grant",
"error_description": "unknown
refresh token"
![Page 22: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/22.jpg)
PSD2 APIs – Mocked data Version 2.0
22
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=no
tmycode&scope=AISP
}
7. Token refresh_token - negative scenario:
not valid scope
Auth: Basic auth
What's wrong: AISP scope not sent
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=refresh_token&refreshToken=rt
_DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=PISP" -H
'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=refresh_token&refreshToken=rt_
DxCYMdboCT9G0SWuDTM-
xRwlqCZS_9xsOdsdrP30&scope=PISP
HTTP status code: 400
Body
{
"error": "invalid_scope",
"error_description": "invalid
scope PISP"
}
![Page 23: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/23.jpg)
PSD2 APIs – Mocked data Version 2.0
23
8. Token client_credentials - positive
scenario
Auth: Basic auth
When it happens (example): Before PIISP
web service call
curl -i -X POST
https://developerhub.otpbanka.sk/auth/toke
n -u TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959 -H "Content-Type:
application/x-www-form-urlencoded" -d
"grant_type=client_credentials&scope=PIISP"
-H 'MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/x-www-form-
urlencoded
Authorization: Basic
VFBQOjUwNDdiMmRmLTBmMDUtNDZlYy05
NWZhLTU5MTdmZGE5YTk1OQ==
Body
grant_type=client_credentials&scope=PIISP
HTTP status code: 200
Body
{
"scope": "PIISP",
"access_token":
"at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v",
"token_type": "Bearer",
"expires_in": 7199
}
5 MOCKED DATA FOR AISP OPERATIONS
5.1 AISP OPERATION: ACCOUNT INFORMATION URL: https://developerhub.otpbanka.sk/api/v1/accounts/information
Test scenario Request Response
1. Positive scenario
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK0252009999930000000107" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
![Page 24: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/24.jpg)
PSD2 APIs – Mocked data Version 2.0
24
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK0252009999930000000107"
}
Content-Type: application/json;charset=UTF-
8
Body
{
"account": {
"name": "Ján Novák",
"productName": "Bežný účet 1",
"type": "CACC",
"baseCurrency": "EUR"
},
"balance": [
{
"typeCodeOrProprietary": "ITBD",
"amount": {
"value": 3188.14,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2018-01-
13T13:46:18.941+01:00"
},
{
"typeCodeOrProprietary": "ITAV",
"amount": {
"value": 54.49,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"dateTime": "2018-01-
![Page 25: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/25.jpg)
PSD2 APIs – Mocked data Version 2.0
25
13T13:46:18.941+01:00"
}
]
}
2. Negative scenario: a legal term of 90 days
has passed without the SCA being executed
Auth: Bearer access_token
What's wrong: calling account information
after 90 days has passed without SCA being
executed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK3352009999930000000131" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK3352009999930000000131"
}
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
![Page 26: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/26.jpg)
PSD2 APIs – Mocked data Version 2.0
26
3. Negative scenario: the client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: calling account information
without user mandate for his account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8052009999930000000158" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8052009999930000000158"
}
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
4. Negative scenario: missing mandatory
parameter
Auth: Bearer access_token
In production TPP will get the same response
(Error Code 400) also for other PSD2 services
if there is a missing mandatory attribute.
curl -i -X POST
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
![Page 27: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/27.jpg)
PSD2 APIs – Mocked data Version 2.0
27
What's wrong: IBAN is empty https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban": "" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": ""
}
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.NotEmpty.mess
age",
"message": "May not
be empty"
}]
}
5. Negative scenario: invalid parameter
value
Auth: Bearer access_token
What's wrong: IBAN didn't match regex
In production TPP will get the same response
(Error Code 400) also for other PSD2 services
if there is an invalid attribute value.
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8000009999930000000158" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 28: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/28.jpg)
PSD2 APIs – Mocked data Version 2.0
28
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8000009999930000000158"
}
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK8000009999930000000158"
}]
}
6. Negative scenario: 24 hours request
counter for third party provider was
exceeded
Auth: Bearer access_token
What's wrong: third party provider exceeded
the count of AISP requests (account
information and account transactions) in 24
hours without user authentication
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/information -d '{ "iban":
"SK8552009999930000000262" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
![Page 29: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/29.jpg)
PSD2 APIs – Mocked data Version 2.0
29
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban": "SK8552009999930000000262"
}
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
5.2 AISP OPERATION: ACCOUNT TRANSACTIONS URL: https://developerhub.otpbanka.sk/api/v1/accounts/transactions
Test scenario Request Response
1. Positive scenario - without filter
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 30: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/30.jpg)
PSD2 APIs – Mocked data Version 2.0
30
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107"
}
Body
{
"pageCount": 1,
"transactions": [{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
"value": 7.7,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"status":
![Page 31: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/31.jpg)
PSD2 APIs – Mocked data Version 2.0
31
"INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"relatedParties": {
"debtorAccount": {
"identification":
"SK0252009999930000000107"
},
"creditorAccount": {
"identification":
"SK7752009999930000000115"
}
},
"relatedAgents": {
"debtorAgent": {
"financialInstitutionIdentification"
: "OTPVSKBX"
},
"creditAgent": {
"financialInstitutionIdentification"
![Page 32: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/32.jpg)
PSD2 APIs – Mocked data Version 2.0
32
: "OTPVSKBXXXX"
}
},
"remittanceInformation": "príkaz
na úhradu"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-11-28",
"valueDate": "2017-11-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
![Page 33: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/33.jpg)
PSD2 APIs – Mocked data Version 2.0
33
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-10-28",
"valueDate": "2017-10-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status":
"INFO",
"bookingDate": "2017-09-28",
"valueDate": "2017-09-28",
"transactionDetails": {
![Page 34: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/34.jpg)
PSD2 APIs – Mocked data Version 2.0
34
"remittanceInformation":
"SERVICE FEES"
}
}
]
}
2. Positive scenario - with date filter, not
empty result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 1,
"transactions": [
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29"
"transactionDetails": {
"remittanceInformation": "SERVICE
FEES"
}
![Page 35: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/35.jpg)
PSD2 APIs – Mocked data Version 2.0
35
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
},
{
"amount": {
"value": 7.7,
"currency": "EUR"
},
"creditDebitIndicator": "CRDT",
"status": "INFO",
"bookingDate": "2017-11-29",
"valueDate": "2017-11-29",
"transactionDetails": {
"relatedParties": {
"debtorAccount": {
"identification":
"SK0252009999930000000107"
},
"creditorAccount": {
"identification":
"SK7752009999930000000115"
}
},
"relatedAgents": {
"debtorAgent": {
"financialInstitutionIdentification":
"OTPVSKBX"
},
"creditAgent": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
}
![Page 36: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/36.jpg)
PSD2 APIs – Mocked data Version 2.0
36
},
"remittanceInformation": "príkaz na
úhradu"
}
},
{
"amount": {
"value": 1,
"currency": "EUR"
},
"creditDebitIndicator": "DBIT",
"status": "INFO",
"bookingDate": "2017-11-28",
"valueDate": "2017-11-28",
"transactionDetails": {
"remittanceInformation": "SERVICE
FEES"
}
}
]
}
3. Positive scenario - with date filter, empty
result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-08-01", "dateTo": "2017-08-30" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
![Page 37: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/37.jpg)
PSD2 APIs – Mocked data Version 2.0
37
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-08-01",
"dateTo": "2017-08-30"
}
"pageCount": 1,
"transactions": []
}
4. Positive scenario - with date filter and
paging, not empty result
Auth: Bearer access_token
When it happens (example): AISP mandate
was assigned to user account (IBAN)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-08-01", "dateTo": "2017-11-30",
"page": 2, "pageSize": 2, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 3,
"transactions": [{
![Page 38: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/38.jpg)
PSD2 APIs – Mocked data Version 2.0
38
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-08-01",
"dateTo": "2017-11-30",
"page": 2,
"pageSize": 2,
"status": "ALL"
}
"amount": {
"value": 1,
"currency":
"EUR"
},
"creditDebitIndicator":
"DBIT",
"status": "INFO",
"valueDate": "2017-09-
28",
"bookingDate": "2017-
09-28",
"transactionDetails": {
"remittanceInformation":
"SERVICE FEES"
}
}]
}
5. Negative scenario: a legal term of 90 days
has passed without the SCA being executed
Auth: Bearer access_token
What's wrong: calling account transactions
after 90 days has passed without SCA being
executed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK3352009999930000000131", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
![Page 39: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/39.jpg)
PSD2 APIs – Mocked data Version 2.0
39
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK3352009999930000000131",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
6. Negative scenario: the client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: calling account transactions
without user mandate for his account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK8052009999930000000158", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
![Page 40: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/40.jpg)
PSD2 APIs – Mocked data Version 2.0
40
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK8052009999930000000158",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
7. Positive scenario - transaction history for
status "BOOK"
Auth: Bearer access_token
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
HTTP status code: 200
![Page 41: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/41.jpg)
PSD2 APIs – Mocked data Version 2.0
41
When it happens (example): AISP mandate
was assigned to user account (IBAN)
"page": 0, "pageSize": 10, "status": "BOOK" }'
-H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "BOOK"
}
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"pageCount": 1,
"transactions": []
}
![Page 42: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/42.jpg)
PSD2 APIs – Mocked data Version 2.0
42
8. Negative scenario: value "dateFrom" is
higher than "dateTo"
Auth: Bearer access_token
What's wrong: invalid value of dateTo
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2018-10-01", "dateTo": "2017-12-31",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2018-10-01",
"dateTo": "2017-12-31",
"page": 0,
"pageSize": 10,
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"transactionHistoryApiRequest",
"message": "Date
dateTo should be equals or later than
dateFrom"
}]
}
![Page 43: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/43.jpg)
PSD2 APIs – Mocked data Version 2.0
43
"status": "ALL"
}
9. Negative scenario: dateFrom is more than
3 years ago
Auth: Bearer access_token
What's wrong: invalid value of dateFrom
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2010-10-01", "dateTo": "2017-12-31",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2010-10-01",
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"dateFrom",
"messageCode":
"validation.minimalFilterDateFrom.message"
,
"message": "Time
range is too long",
"invalidValue": "2010-
10-01"
}]
}
![Page 44: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/44.jpg)
PSD2 APIs – Mocked data Version 2.0
44
"dateTo": "2017-12-31",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
10. Negative scenario: dateFrom - invalid
date format
Auth: Bearer access_token
What's wrong: invalid value of dateFrom
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK0252009999930000000107", "dateFrom":
"2010-10-01", "dateTo": "2018-01-
14T14:02:32.807+01:00", "page": 0,
"pageSize": 10, "status": "ALL" }' -H 'Content-
Type: application/json' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.field.wrong.date.format",
"messageArgs":
["dateTo", "2018-01-
14T14:02:32.807+01:00"],
"message": "Field
dateTo contains invalid date: 2018-01-
14T14:02:32.807+01:00"
}]
}
![Page 45: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/45.jpg)
PSD2 APIs – Mocked data Version 2.0
45
{
"iban":
"SK0252009999930000000107",
"dateFrom": "2010-10-01",
"dateTo": "2018-01-
14T14:02:32.807+01:00",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
11. Negative scenario: 24 hours request
counter for third party provider was
exceeded
Auth: Bearer access_token
What's wrong: third party provider exceeded
the count of AISP requests (account
information and account transactions) in 24
hours without user authentication
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/transactions -d '{ "iban":
"SK8552009999930000000262", "dateFrom":
"2017-10-01", "dateTo": "2017-11-30",
"page": 0, "pageSize": 10, "status": "ALL" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
![Page 46: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/46.jpg)
PSD2 APIs – Mocked data Version 2.0
46
0ggCuLQu2pRacz-kyaYww4v
Body
{
"iban":
"SK8552009999930000000262",
"dateFrom": "2017-10-01",
"dateTo": "2017-11-30",
"page": 0,
"pageSize": 10,
"status": "ALL"
}
5.3 AISP OPERATION: LIST OF ACCOUNTS URL: https://developerhub.otpbanka.sk/api/v2/accounts
Test scenario Request Response
1. Positive scenario
Auth: Bearer access_token
When it happens (example): at least one AISP
mandate was assigned to user accounts
It is necessary to use Request-ID below to get
proper response.
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0000' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"creationDateTime": "2018-01-
13T14:40:28.903+01:00",
![Page 47: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/47.jpg)
PSD2 APIs – Mocked data Version 2.0
47
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
"accounts": [
{
"name": "Ján Novák",
"productName": "OTP Konto",
"type": "CACC",
"baseCurrency": "EUR",
"identification": {
"iban":
"SK0252009999930000000107"
},
"servicer": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
},
"scope": [
"AISP"
]
},
{
"name": "Účet 2",
"productName": "BÚ",
"type": "CACC",
"baseCurrency": "EUR",
"identification": {
"iban":
"SK5552009999930000000123"
},
"servicer": {
"financialInstitutionIdentification":
"OTPVSKBXXXX"
},
![Page 48: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/48.jpg)
PSD2 APIs – Mocked data Version 2.0
48
"scope": [
"AISP"
]
}
]
}
2. Positive scenario
Auth: Bearer access_token
When it happens (example): no AISP
mandate was assigned to user accounts
It is necessary to use Request-ID below to get
proper response.
curl -i -X GET
https://developerhub.otpbanka.sk/api/v2/ac
counts -H 'Content-Type: application/json' -H
'Request-ID: c2c48fc8-0000-0001' -H 'PSU-IP-
Address: 192.168.0.100' -H 'PSU-Device-OS:
iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0001
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"creationDateTime": "2018-01-
13T15:24:27.553+01:00",
"accounts": []
}
![Page 49: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/49.jpg)
PSD2 APIs – Mocked data Version 2.0
49
6 MOCKED DATA FOR PISP OPERATIONS
6.1 PISP OPERATION: STANDARD PAYMENT INITIALIZATION (XML) URL: https://developerhub.otpbanka.sk/api/v1/payments/standard/iso
Note: ReqdExctnDt - always NOW() or near future
Cut of time: 21:00 (requests sent between 21:00 and 0:00 end up with error code 400).
Test scenario Request Response
1. Positive scenario
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>NOW()</ReqdExctnDt
><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
02.001.03">
<CstmrPmtStsRpt>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
</GrpHdr>
<OrgnlGrpInfAndSts>
<OrgnlMsgId>8b4265e6-45a5-4755-
b8ce-a3d374067cd</OrgnlMsgId>
<OrgnlMsgNmId />
![Page 50: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/50.jpg)
PSD2 APIs – Mocked data Version 2.0
50
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
</OrgnlGrpInfAndSts>
<OrgnlPmtInfAndSts>
<TxInfAndSts>
<TxSts>ACTC</TxSts>
<StsRsnInf>
<Rsn />
</StsRsnInf>
<AcctSvcrRef>PAYMENT_tr_uSmwffUaB-
gLCB3z-mC6iBcP0BOwj76d7UlfB-
mr</AcctSvcrRef>
</TxInfAndSts>
</OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</Document>
![Page 51: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/51.jpg)
PSD2 APIs – Mocked data Version 2.0
51
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
![Page 52: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/52.jpg)
PSD2 APIs – Mocked data Version 2.0
52
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
2. Negative scenario: the source account is
not an OTP Bank account
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not OTP Bank account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K2952009999930000000203</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
![Page 53: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/53.jpg)
PSD2 APIs – Mocked data Version 2.0
53
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
![Page 54: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/54.jpg)
PSD2 APIs – Mocked data Version 2.0
54
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK2952009999930000000203</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
![Page 55: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/55.jpg)
PSD2 APIs – Mocked data Version 2.0
55
</CstmrCdtTrfInitn>
</Document>
3. Negative scenario: the source account is
not an OTP Bank account (bank code: 5200)
Auth: access_token
What's wrong:
debtor IBAN is not OTP Bank account
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K2911119999930000000203</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Must match "^(SK[0-9]{2,2}5200[0-
9]{16,16})$"
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
![Page 56: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/56.jpg)
PSD2 APIs – Mocked data Version 2.0
56
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
![Page 57: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/57.jpg)
PSD2 APIs – Mocked data Version 2.0
57
<Id>
<IBAN>SK2911119999930000000203</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
![Page 58: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/58.jpg)
PSD2 APIs – Mocked data Version 2.0
58
4. Negative scenario: target account is not in
SEPA format
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not in SEPA format
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK5
452009999930000000238</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
Unable to get BIC code from IBAN.
![Page 59: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/59.jpg)
PSD2 APIs – Mocked data Version 2.0
59
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
![Page 60: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/60.jpg)
PSD2 APIs – Mocked data Version 2.0
60
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK5452009999930000000238</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
5. Negative scenario: unavailable banking
system
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
HTTP status code: 400
![Page 61: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/61.jpg)
PSD2 APIs – Mocked data Version 2.0
61
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K1052009999930000000254</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK0
752009999930000000211</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Unable to get BIC code from IBAN.
Only today timestamp before COT or near
future timestamp is valid.
![Page 62: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/62.jpg)
PSD2 APIs – Mocked data Version 2.0
62
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK1052009999930000000254</IBAN
>
</Id>
![Page 63: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/63.jpg)
PSD2 APIs – Mocked data Version 2.0
63
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK0752009999930000000211</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
6. Negative scenario: the currency is
different from the EUR
Auth: access_token
What's wrong:
requestedExecutionDate is not today
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
![Page 64: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/64.jpg)
PSD2 APIs – Mocked data Version 2.0
64
timestamp before COT or near future
timestamp
banking system offline
currency is not EUR
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="CZK">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK0
752009999930000000211</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Content-Type: text/plain;charset=UTF-8
Body
Only EUR currency value is allowed.
Unable to get BIC code from IBAN.
Only today timestamp before COT or near
future timestamp is valid.
![Page 65: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/65.jpg)
PSD2 APIs – Mocked data Version 2.0
65
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
![Page 66: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/66.jpg)
PSD2 APIs – Mocked data Version 2.0
66
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="CZK">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK0752009999930000000211</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
7. Negative scenario: debtor IBAN is equals
to creditor IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="utf-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
IBAN of the debtor and creditor are the
![Page 67: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/67.jpg)
PSD2 APIs – Mocked data Version 2.0
67
mtMtd><ReqdExctnDt>2018-01-
14</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>0a514acf-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK5
852009999930000000166</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
same.
Only today timestamp before COT or near
future timestamp is valid.
![Page 68: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/68.jpg)
PSD2 APIs – Mocked data Version 2.0
68
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>2018-01-
14</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
![Page 69: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/69.jpg)
PSD2 APIs – Mocked data Version 2.0
69
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>9999-02-
12</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before COT or near
future timestamp is valid.
![Page 70: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/70.jpg)
PSD2 APIs – Mocked data Version 2.0
70
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
![Page 71: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/71.jpg)
PSD2 APIs – Mocked data Version 2.0
71
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>9999-02-
12</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
![Page 72: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/72.jpg)
PSD2 APIs – Mocked data Version 2.0
72
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
9. Negative scenario: blacklist IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN is forbidden
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/standard/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"
standalone="yes"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId><CreDtTm>2018-01-
14T12:12:12</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty/></GrpHdr><PmtInf><PmtInfId
>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><ReqdExctnDt>9999-02-
12</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5552000000000001773099</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId/></DbtrAgt>
<CdtTrfTxInf><PmtId><EndToEndId>0a514ac
f-cdc7-4292-abc5-
165e642142b</EndToEndId></PmtId><Amt>
<InstdAmt
Ccy="EUR">5.50</InstdAmt></Amt><Cdtr><
Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
IBAN of creditor is forbidden.
Only today timestamp before COT or near
future timestamp is valid.
![Page 73: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/73.jpg)
PSD2 APIs – Mocked data Version 2.0
73
352009999930000000270</IBAN></Id></Cdt
rAcct></CdtTrfTxInf></PmtInf></CstmrCdtTrf
Initn></Document>' -H 'Content-Type:
application/xml' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="utf-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</MsgId>
<CreDtTm>2018-01-
14T12:12:12</CreDtTm>
![Page 74: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/74.jpg)
PSD2 APIs – Mocked data Version 2.0
74
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<ReqdExctnDt>9999-02-
12</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>0a514acf-cdc7-4292-
abc5-165e642142b</EndToEndId>
</PmtId>
<Amt>
<InstdAmt Ccy="EUR">5.50</InstdAmt>
</Amt>
<Cdtr>
![Page 75: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/75.jpg)
PSD2 APIs – Mocked data Version 2.0
75
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6352009999930000000270</IBAN
>
</Id>
</CdtrAcct>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
6.2 PISP OPERATION: STANDARD PAYMENT SUBMISSION URL: https://developerhub.otpbanka.sk/api/v1/payments/submission
Note: Request-ID is not a part of response's orderId. It's just a mock!
Test scenario Request Response
1. Positive scenario - payment completed
ACSC
Auth: Bearer access_token
When it happens (example): submit payment
call after user authorize payment
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/submission -H 'Content-Type:
application/json' -H 'Request-ID: ffdc2f2d-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-0000-0000",
"status": "ACSC",
"statusDateTime": "2018-01-
![Page 76: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/76.jpg)
PSD2 APIs – Mocked data Version 2.0
76
Content-Type: application/json
Request-ID: ffdc2f2d-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
14T09:38:04.586+01:00"
}
2. Negative scenario - payment rejected
RJCT
Auth: Bearer access_token
What's wrong: submitted payment failed
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/submission -H 'Content-Type:
application/json' -H 'Request-ID: ffdc2f2d-
0000-0001' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: ffdc2f2d-0000-0001
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-0000-0001",
"status": "RJCT",
"reasonCode": "AM04",
"statusDateTime": "2018-01-
14T14:32:36.693+01:00"
}
![Page 77: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/77.jpg)
PSD2 APIs – Mocked data Version 2.0
77
6.3 PISP OPERATION: PAYMENT ORDER STATUS URL: https://developerhub.otpbanka.sk/api/v1/payments/{orderId}/status
Test scenario Request Response
1. Positive scenario: ACSC - settlement
completed
Auth: Bearer access_token
When it happens (example): after payment
processed correctly
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0000/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId":"PAYMENT_tr_ffdc2f2d-1288-
0000-0000",
"status": "ACSC",
"statusDateTime": "2018-01-
14T14:02:32.807+01:00"
}
2. Negative scenario: RJCT - rejected
payment
Auth: Bearer access_token
When it happens (example): after payment
processed not correctly
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0001/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 78: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/78.jpg)
PSD2 APIs – Mocked data Version 2.0
78
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"orderId":"PAYMENT_tr_ffdc2f2d-1288-
0000-0001",
"status": "RJCT",
"reasonCode": "AM04",
"statusDateTime": "2018-01-
14T14:02:32.807+01:00"
}
3. Negative scenario: non-existent orderId
Auth: Bearer access_token
What's wrong: invalid orderId value
curl -i -X GET
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0002/status -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notFound",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0002"],
![Page 79: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/79.jpg)
PSD2 APIs – Mocked data Version 2.0
79
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
"message": "Unknown
orderId ffdc2f2d-1288-0000-0002."
}]
}
6.4 PISP OPERATION: STANDARD PAYMENT INITIALIZATION (JSON) URL: https://developerhub.otpbanka.sk/api/v2/payments/standard/sba
Note: requestedExecutionDate - always NOW() or near future
Cut of time: 21:00 (requests sent between 21:00 and 0:00 end up with error code 400).
Test scenario Request Response
1. Positive scenario
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "NOW()" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"orderId": "PAYMENT_tr_ffdc2f2d-1288-
4212-be38-a011838ee051",
"status": "ACTC",
"statusDateTime": "2018-01-
13T17:15:27.350+01:00"
}
![Page 80: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/80.jpg)
PSD2 APIs – Mocked data Version 2.0
80
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
![Page 81: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/81.jpg)
PSD2 APIs – Mocked data Version 2.0
81
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"NOW()"
}
2. Negative scenario: the source account is
not an OTP Bank account
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not OTP Bank account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK2952009999930000000203", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"debtor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK2952009999930000000203"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
![Page 82: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/82.jpg)
PSD2 APIs – Mocked data Version 2.0
82
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK2952009999930000000203",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
3. Negative scenario: the source account is
not an OTP Bank account (bank code: 5200)
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
HTTP status code: 400
![Page 83: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/83.jpg)
PSD2 APIs – Mocked data Version 2.0
83
Auth: access_token
What's wrong:
debtor IBAN is not OTP Bank account
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK2911119999930000000203", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"debtor.iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK2911119999930000000203"
}, {
"property":
"debtor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK2911119999930000000203"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
![Page 84: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/84.jpg)
PSD2 APIs – Mocked data Version 2.0
84
"Ivana Prva"
},
"debtor":{
"iban":
"SK2911119999930000000203",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
01-13T17:14:44.85+01:00"
}]
}
4. Negative scenario: target account is not in
SEPA format
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
debtor IBAN is not in SEPA format
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK5452009999930000000238", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
![Page 85: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/85.jpg)
PSD2 APIs – Mocked data Version 2.0
85
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK5452009999930000000238",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK5452009999930000000238"
}, {
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
![Page 86: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/86.jpg)
PSD2 APIs – Mocked data Version 2.0
86
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
5. Negative scenario: unavailable banking
system
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK0752009999930000000211", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK1052009999930000000254", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}, {
"property":
![Page 87: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/87.jpg)
PSD2 APIs – Mocked data Version 2.0
87
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK0752009999930000000211",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK1052009999930000000254",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK0752009999930000000211"
}]
}
![Page 88: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/88.jpg)
PSD2 APIs – Mocked data Version 2.0
88
"2018-01-13T17:14:44.850+01:00"
}
6. Negative scenario: the currency is
different from the EUR
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
banking system offline
currency is not EUR
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK0752009999930000000211", "name":
"Ivana Prva" }, "debtor": { "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount": {
"currency": "CZK", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"creditor.iban",
"messageCode":
"validation.bankCodeValidator.message",
"message": "Unable to
get BIC code from IBAN.",
"invalidValue":
"SK0752009999930000000211"
}, {
"property":
"instructedAmount",
"messageCode":
"validation.currencyValue.message",
"message": "Only EUR
currency value is allowed.",
"invalidValue": {
"value":
5.50,
"currency":
"CZK"
}
}, {
![Page 89: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/89.jpg)
PSD2 APIs – Mocked data Version 2.0
89
{
"creditor":{
"iban":
"SK0752009999930000000211",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"CZK",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}]
}
7. Negative scenario: debtor IBAN is equals
to creditor IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK5852009999930000000166", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 90: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/90.jpg)
PSD2 APIs – Mocked data Version 2.0
90
creditor IBAN "remittanceInformation": "string",
"requestedExecutionDate": "2018-01-
13T17:14:44.850+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK5852009999930000000166",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
timestamp is valid.",
"invalidValue": "2018-
01-13T17:14:44.85+01:00"
}, {
"property":
"standardSbaPaymentApiRequest",
"message": "IBAN of
the debtor and creditor are the same."
}]
}
![Page 91: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/91.jpg)
PSD2 APIs – Mocked data Version 2.0
91
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"2018-01-13T17:14:44.850+01:00"
}
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK8952009999930000000190", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "9999-02-
12T00:00:00.000+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property":
"requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only
today timestamp before COT or near future
![Page 92: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/92.jpg)
PSD2 APIs – Mocked data Version 2.0
92
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"creditor":{
"iban":
"SK8952009999930000000190",
"name":
"Ivana Prva"
},
"debtor":{
"iban":
"SK5852009999930000000166",
"name":
"Jan Novak"
},
"instructedAmount":{
"currency":
"EUR",
"value":
"5.50"
},
timestamp is valid.",
"invalidValue": "9999-
02-12T00:00:00.000+01:00"
}]
}
![Page 93: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/93.jpg)
PSD2 APIs – Mocked data Version 2.0
93
"endToEndIdentification": "pisp",
"instructionIdentification":
"payment 1",
"remittanceInformation":
"string",
"requestedExecutionDate":
"9999-02-12T00:00:00.000+01:00"
}
9. Negative scenario: blacklist IBAN
Auth: access_token
What's wrong:
requestedExecutionDate is not today
timestamp before COT or near future
timestamp
creditor IBAN is forbidden
curl -i -X POST
https://developerhub.otpbanka.sk/api/v2/pa
yments/standard/sba -H "Content-Type:
application/json" -d '{ "creditor":{ "iban":
"SK6352009999930000000270", "name":
"Ivana Prva" }, "debtor":{ "iban":
"SK5852009999930000000166", "name":
"Jan Novak" }, "instructedAmount":{
"currency": "EUR", "value": "5.50" },
"endToEndIdentification": "pisp",
"instructionIdentification": "payment 1",
"remittanceInformation": "string",
"requestedExecutionDate": "9999-02-
12T00:00:00.000+01:00" }' -H 'Content-Type:
application/json' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"property": "requestedExecutionDate",
"messageCode":
"validation.sepaRequestedExecutionDate.me
ssage",
"message": "Only today timestamp
before COT or near future timestamp is
valid.",
"invalidValue": "9999-02-
12T00:00:00+01:00"
}, {
"property": "creditor.iban",
"messageCode":
"validation.blacklistValue.message",
"message": "IBAN of creditor is
forbidden.",
"invalidValue":
"SK6352009999930000000270"
![Page 94: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/94.jpg)
PSD2 APIs – Mocked data Version 2.0
94
}]
}
6.5 PISP OPERATION: PAYMENT ORDER CANCELLATION URL: https://developerhub.otpbanka.sk/api/v1/payments/{orderId}/rcp
Test scenario Request Response
1. Positive scenario: successfully
cancellation of payment
Auth: Bearer access_token
When it happens (example): after SEPA
payment in near future processed correctly,
third party provider can cancel it
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0000/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
v
Body
{
"orderId":
"PAYMENT_tr_ffdc2f2d-1288-0000-0000"
}
2. Negative scenario: non-existent orderId
Auth: Bearer access_token
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0001/rcp -H 'Content-Type: application/json'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
![Page 95: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/95.jpg)
PSD2 APIs – Mocked data Version 2.0
95
What's wrong: invalid orderId value
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notFound",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0001"],
"message": "Unknown orderId
PAYMENT_tr_ffdc2f2d-1288-0000-0001."
}]
}
3. Negative scenario: payment was already
canceled
Auth: Bearer access_token
What's wrong: canceled orderId value
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0002/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.alreadyCanceled",
"messageArgs":
![Page 96: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/96.jpg)
PSD2 APIs – Mocked data Version 2.0
96
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
["PAYMENT_tr_ffdc2f2d-1288-0000-0002"],
"message": "Payment with orderId
PAYMENT_tr_ffdc2f2d-1288-0000-0002 was
already canceled."
}]
}
4. Negative scenario: SWIFT payment
cancellation
Auth: Bearer access_token
What's wrong: only SEPA payment can be
canceled
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0003/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.notSepa",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0003"],
"message": "Only SEPA payment can be
canceled."
}]
}
![Page 97: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/97.jpg)
PSD2 APIs – Mocked data Version 2.0
97
5. Negative scenario: not near future SEPA
payment
Auth: Bearer access_token
What's wrong: only SEPA payment with near
future timestamp (requestedExecutionDate)
can be canceled
curl -i -X DELETE
https://developerhub.otpbanka.sk/api/v1/pa
yments/PAYMENT_tr_ffdc2f2d-1288-0000-
0004/rcp -H 'Content-Type: application/json'
-H 'Request-ID: c2c48fc8-0000-0000' -H 'PSU-
IP-Address: 192.168.0.100' -H 'PSU-Device-
OS: iOS 11' -H 'PSU-User-Agent: Mozilla/5.0
(Windows NT 6.1) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.36' -H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.order.id.unableToCancel",
"messageArgs":
["PAYMENT_tr_ffdc2f2d-1288-0000-0004"],
"message": "This SEPA payment can't be
canceled."
}]
}
6.6 PISP OPERATION: SWIFT PAYMENT INITIALIZATION (XML) URL: https://developerhub.otpbanka.sk/api/v1/payments/swift/iso
Note: requestedExecutionDate - always NOW() or near future
Swift processing time: 00:00 - 15:00 (requests sent between 15:00 and 23:59 end up with error code
400).
This section is not duplicated the negative scenarios from the section 'Standard payment initialization
(XML)'. Only new negative scenarios are included.
Test scenario Request Response
![Page 98: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/98.jpg)
PSD2 APIs – Mocked data Version 2.0
98
1. Positive scenario: creditor IBAN
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
![Page 99: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/99.jpg)
PSD2 APIs – Mocked data Version 2.0
99
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
![Page 100: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/100.jpg)
PSD2 APIs – Mocked data Version 2.0
100
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
![Page 101: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/101.jpg)
PSD2 APIs – Mocked data Version 2.0
101
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
2. Positive scenario: creditor BBAN and
creditor bank BIC code
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><BIC>S
UBASKBX</BIC></FinInstnId></CdtrAgt><Cdt
r><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
![Page 102: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/102.jpg)
PSD2 APIs – Mocked data Version 2.0
102
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
![Page 103: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/103.jpg)
PSD2 APIs – Mocked data Version 2.0
103
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<BIC>SUBASKBX</BIC>
</FinInstnId>
</CdtrAgt>
![Page 104: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/104.jpg)
PSD2 APIs – Mocked data Version 2.0
104
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
3. Positive scenario: creditor BBAN and
creditor bank information
Auth: access_token
When it happens (example): after
access_token generation
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/xml;charset=UTF-
8
Body
![Page 105: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/105.jpg)
PSD2 APIs – Mocked data Version 2.0
105
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><Nm>
Moja
Banka</Nm><PstlAdr><StrtNm>Nova</StrtN
m><BldgNb>15/A</BldgNb><PstCd>82101</
PstCd><TwnNm>Bratislava</TwnNm><Ctry>
SK</Ctry></PstlAdr></FinInstnId></CdtrAgt>
<Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
<?xml version="1.0" encoding="UTF-8"?>
<ns2:Document
xmlns:ns2="urn:iso:std:iso:20022:tech:xsd:pa
in.002.001.03">
<CstmrPmtStsRpt>
<ns2:GrpHdr>
<ns2:MsgId>payment 1</ns2:MsgId>
<ns2:CreDtTm>2018-01-
13T14:24:39</ns2:CreDtTm>
</ns2:GrpHdr>
<ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlMsgId>payment
1</ns2:OrgnlMsgId>
<ns2:OrgnlMsgNmId />
</ns2:OrgnlGrpInfAndSts>
<ns2:OrgnlPmtInfAndSts>
<ns2:TxInfAndSts>
<ns2:TxSts>ACTC</ns2:TxSts>
<ns2:StsRsnInf>
<ns2:Rsn />
</ns2:StsRsnInf>
<ns2:AcctSvcrRef>PAYMENT_tr_ffdc2f2d-
1288-4212-be38-
a011838ee051</ns2:AcctSvcrRef>
</ns2:TxInfAndSts>
</ns2:OrgnlPmtInfAndSts>
</CstmrPmtStsRpt>
</ns2:Document>
![Page 106: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/106.jpg)
PSD2 APIs – Mocked data Version 2.0
106
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
![Page 107: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/107.jpg)
PSD2 APIs – Mocked data Version 2.0
107
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<Nm>Moja Banka</Nm>
<PstlAdr>
<StrtNm>Nova</StrtNm>
<BldgNb>15/A</BldgNb>
<PstCd>82101</PstCd>
<TwnNm>Bratislava</TwnNm>
<Ctry>SK</Ctry>
</PstlAdr>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
![Page 108: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/108.jpg)
PSD2 APIs – Mocked data Version 2.0
108
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
4. Negative scenario: missing creditor
information
Auth: access_token
What's wrong:
missing countryCode in creditorBank object
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Creditor bank identification is missing. Please
fill BIC code or name plus address of creditor
bank.
![Page 109: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/109.jpg)
PSD2 APIs – Mocked data Version 2.0
109
SHAR</ChrgBr><CdtrAgt><FinInstnId><Nm>
Moja
Banka</Nm><PstlAdr><StrtNm>Nova</StrtN
m><BldgNb>15/A</BldgNb><PstCd>82101</
PstCd><TwnNm>Bratislava</TwnNm></PstlA
dr></FinInstnId></CdtrAgt><Cdtr><Nm>Ivan
a
Prva</Nm></Cdtr><CdtrAcct><Id><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
![Page 110: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/110.jpg)
PSD2 APIs – Mocked data Version 2.0
110
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
![Page 111: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/111.jpg)
PSD2 APIs – Mocked data Version 2.0
111
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<CdtrAgt>
<FinInstnId>
<Nm>Moja Banka</Nm>
<PstlAdr>
<StrtNm>Nova</StrtNm>
<BldgNb>15/A</BldgNb>
<PstCd>82101</PstCd>
<TwnNm>Bratislava</TwnNm>
<Ctry>SK</Ctry>
</PstlAdr>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
![Page 112: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/112.jpg)
PSD2 APIs – Mocked data Version 2.0
112
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
5. Negative scenario: wrong creditor
information
Auth: access_token
What's wrong:
payload contains creditor IBAN and also
creditor BBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><CdtrAgt><FinInstnId><BIC>S
UBASKBX</BIC></FinInstnId></CdtrAgt><Cdt
r><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN><Othr><Id
>10010659</Id></Othr></Id></CdtrAcct><R
mtInf><Ustrd>string</Ustrd><Strd><AddtlR
mtInf>string2</AddtlRmtInf></Strd></RmtIn
f></CdtTrfTxInf></PmtInf></CstmrCdtTrfInitn
></Document>' -H 'Request-ID: c2c48fc8-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
invalid_request cvc-complex-type.2.4.d:
Invalid content was found starting with
element 'Othr'. No child element is expected
at this point.
![Page 113: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/113.jpg)
PSD2 APIs – Mocked data Version 2.0
113
0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
![Page 114: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/114.jpg)
PSD2 APIs – Mocked data Version 2.0
114
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
![Page 115: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/115.jpg)
PSD2 APIs – Mocked data Version 2.0
115
<CdtrAgt>
<FinInstnId>
<BIC>SUBASKBX</BIC>
</FinInstnId>
</CdtrAgt>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
<Othr>
<Id>10010659</Id>
</Othr>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
![Page 116: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/116.jpg)
PSD2 APIs – Mocked data Version 2.0
116
6. Negative scenario: creditor from OTP
Bank
Auth: access_token
What's wrong:
creditor IBAN or BIC code is from OTP Bank
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK8
952009999930000000190</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Creditor IBAN can't be from OTP Bank.
![Page 117: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/117.jpg)
PSD2 APIs – Mocked data Version 2.0
117
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
![Page 118: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/118.jpg)
PSD2 APIs – Mocked data Version 2.0
118
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK8952009999930000000190</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
![Page 119: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/119.jpg)
PSD2 APIs – Mocked data Version 2.0
119
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
7. Negative scenario: Amount value with
currency HUF or JPY can't have decimal
places.
Auth: access_token
What's wrong:
amount value with decimal places and
currency HUF
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>NOW()</Re
qdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="HUF">100.12</InstdAmt></Amt><Chrg
Br>SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Amount value with currency HUF or JPY can't
have decimal places.
![Page 120: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/120.jpg)
PSD2 APIs – Mocked data Version 2.0
120
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
![Page 121: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/121.jpg)
PSD2 APIs – Mocked data Version 2.0
121
</PmtTpInf>
<ReqdExctnDt>NOW()</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="HUF">100.12</InstdAmt>
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
![Page 122: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/122.jpg)
PSD2 APIs – Mocked data Version 2.0
122
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
8. Negative scenario: requested execution
date is in distant future
Auth: access_token
What's wrong:
requestedExecutionDate is not near future
timestamp
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/pa
yments/swift/iso -H "Content-Type:
application/xml" -d '<?xml version="1.0"
encoding="UTF-8"?><Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03"><CstmrCdtTrfInitn><GrpHdr><Ms
gId>payment 1</MsgId><CreDtTm>2018-01-
13T14:24:39</CreDtTm><NbOfTxs>1</NbOf
Txs><InitgPty
/></GrpHdr><PmtInf><PmtInfId>8b4265e6-
45a5-4755-b8ce-
a3d374067cd</PmtInfId><PmtMtd>CHK</P
mtMtd><PmtTpInf><InstrPrty>NORM</Instr
Prty></PmtTpInf><ReqdExctnDt>9999-12-
31</ReqdExctnDt><Dbtr><Nm>Jan
Novak</Nm></Dbtr><DbtrAcct><Id><IBAN>S
K5852009999930000000166</IBAN></Id></
DbtrAcct><DbtrAgt><FinInstnId
/></DbtrAgt><CdtTrfTxInf><PmtId><EndToEn
dId>pisp</EndToEndId></PmtId><Amt><Inst
dAmt
Ccy="EUR">100</InstdAmt></Amt><ChrgBr>
SHAR</ChrgBr><Cdtr><Nm>Ivana
Prva</Nm></Cdtr><CdtrAcct><Id><IBAN>SK6
807200002891987426353</IBAN></Id></Cdt
rAcct><RmtInf><Ustrd>string</Ustrd><Strd>
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: text/plain;charset=UTF-8
Body
Only today timestamp before 3pm is valid.
Maximum timestamp is today + {days} days,
except weekends and public holidays.
![Page 123: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/123.jpg)
PSD2 APIs – Mocked data Version 2.0
123
<AddtlRmtInf>string2</AddtlRmtInf></Strd>
</RmtInf></CdtTrfTxInf></PmtInf></CstmrCd
tTrfInitn></Document>' -H 'Request-ID:
c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/xml
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
<?xml version="1.0" encoding="UTF-8"?>
<Document
xmlns="urn:iso:std:iso:20022:tech:xsd:pain.0
01.001.03">
<CstmrCdtTrfInitn>
<GrpHdr>
<MsgId>payment 1</MsgId>
<CreDtTm>2018-01-
13T14:24:39</CreDtTm>
<NbOfTxs>1</NbOfTxs>
![Page 124: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/124.jpg)
PSD2 APIs – Mocked data Version 2.0
124
<InitgPty />
</GrpHdr>
<PmtInf>
<PmtInfId>8b4265e6-45a5-4755-b8ce-
a3d374067cd</PmtInfId>
<PmtMtd>CHK</PmtMtd>
<PmtTpInf>
<InstrPrty>NORM</InstrPrty>
</PmtTpInf>
<ReqdExctnDt>9999-12-
31</ReqdExctnDt>
<Dbtr>
<Nm>Jan Novak</Nm>
</Dbtr>
<DbtrAcct>
<Id>
<IBAN>SK5852009999930000000166</IBAN
>
</Id>
</DbtrAcct>
<DbtrAgt>
<FinInstnId />
</DbtrAgt>
<CdtTrfTxInf>
<PmtId>
<EndToEndId>pisp</EndToEndId>
</PmtId>
<Amt>
<InstdAmt
Ccy="EUR">100</InstdAmt>
![Page 125: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/125.jpg)
PSD2 APIs – Mocked data Version 2.0
125
</Amt>
<ChrgBr>SHAR</ChrgBr>
<Cdtr>
<Nm>Ivana Prva</Nm>
</Cdtr>
<CdtrAcct>
<Id>
<IBAN>SK6807200002891987426353</IBAN
>
</Id>
</CdtrAcct>
<RmtInf>
<Ustrd>string</Ustrd>
<Strd>
<AddtlRmtInf>string2</AddtlRmtInf>
</Strd>
</RmtInf>
</CdtTrfTxInf>
</PmtInf>
</CstmrCdtTrfInitn>
</Document>
![Page 126: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/126.jpg)
PSD2 APIs – Mocked data Version 2.0
126
6.7 PISP OPERATION: BALANCE CHECK URL: https://developerhub.otpbanka.sk/api/v1/accounts/balanceCheck
Note: Please see chapter 7.1 for futher information.
7 MOCKED DATA FOR PIISP OPERATION
7.1 PIISP OPERATION: BALANCE CHECK URL: https://developerhub.otpbanka.sk/api/v1/accounts/balanceCheck
Test Scenario Request Response
1. Positive scenario: APPR - sufficient
financial resources in the account
Auth: Bearer access_token
When it happens (example): enough money
in the account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 100 },
"creationDate": "2018-01-
13T14:24:39.534+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"result": "APPR",
"creationDateTime": "2018-01-
13T14:24:56.408+01:00"
}
![Page 127: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/127.jpg)
PSD2 APIs – Mocked data Version 2.0
127
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 100
},
"creationDate": "2018-01-
13T14:24:39.534+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
2. Positive scenario: DECL - insufficient
financial resources in the account
Auth: Bearer access_token
When it happens (example): not enough
money in the account
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 1000 },
"creationDate": "2018-01-
13T14:54:44.480+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
HTTP status code: 200
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"result": "DECL",
"creationDateTime": "2018-01-
13T14:55:06.314+01:00"
}
![Page 128: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/128.jpg)
PSD2 APIs – Mocked data Version 2.0
128
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 10000
},
"creationDate": "2018-01-
13T14:54:44.480+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
3. Negative scenario: The currency in the
request is different from the account
currency
Auth: Bearer access_token
What's wrong: wrong currency
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "CZK", "value": 10000 },
"creationDate": "2018-01-
13T14:54:44.480+01:00", "iban":
"SK0252009999930000000107",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
![Page 129: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/129.jpg)
PSD2 APIs – Mocked data Version 2.0
129
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "CZK",
"value": 10000
},
"creationDate": "2018-01-
13T14:54:44.480+01:00",
"iban": "SK0252009999930000000107",
"instructionIdentification": "piisp"
}
"exception.account.wrong.currency",
"messageArgs":
["CZK"],
"message": "Payer's
account currency is incorrect - wrong
currency CZK."
}]
}
4. Negative scenario: The account is not OTP
Bank account (request validation)
Auth: Bearer access_token
What's wrong: wrong IBAN
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 0 },
"creationDate": "2018-01-
13T08:51:15.778+01:00", "iban":
"SK3611119999930000000174",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
HTTP status code: 400
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
![Page 130: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/130.jpg)
PSD2 APIs – Mocked data Version 2.0
130
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 0
},
"creationDate": "2018-01-
13T08:51:15.778+01:00",
"iban": "SK3611119999930000000174",
"instructionIdentification": "piisp"
}
Body
{
"errors": [{
"property": "iban",
"messageCode":
"javax.validation.constraints.Pattern.messag
e",
"message": "Must
match \"^(SK[0-9]{2,2}5200[0-9]{16,16})$\"",
"invalidValue":
"SK14511119999930000000182"
}]
}
5. Negative scenario: The account is not OTP curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
HTTP status code: 401
![Page 131: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/131.jpg)
PSD2 APIs – Mocked data Version 2.0
131
Bank account (service validation)
Auth: Bearer access_token
What's wrong: wrong IBAN
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 0 },
"creationDate": "2018-01-
13T08:51:15.778+01:00", "iban":
"SK3652009999930000000174",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
"currency": "EUR",
"value": 0
},
"creationDate": "2018-01-
13T08:51:15.778+01:00",
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
![Page 132: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/132.jpg)
PSD2 APIs – Mocked data Version 2.0
132
"iban": "SK3652009999930000000174",
"instructionIdentification": "piisp"
}
6. Negative scenario: The client has not
given a mandate for this account
Auth: Bearer access_token
What's wrong: missing PIISP mandate for
given IBAN (client) and third party provider
curl -i -X POST
https://developerhub.otpbanka.sk/api/v1/ac
counts/balanceCheck -d '{ "amount": {
"currency": "EUR", "value": 100 },
"creationDate": "2018-01-
13T14:24:39.534+01:00", "iban":
"SK1452009999930000000182",
"instructionIdentification": "piisp" }' -H
'Content-Type: application/json' -H 'Request-
ID: c2c48fc8-0000-0000' -H 'PSU-IP-Address:
192.168.0.100' -H 'PSU-Device-OS: iOS 11' -H
'PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36' -
H "Authorization: Bearer
at_a5VmY38s1sLXzskf-0ggCuLQu2pRacz-
kyaYww4v" -H 'MOCK-
Authorization:TPP:5047b2df-0f05-46ec-95fa-
5917fda9a959'
Header
MOCK-Authorization:TPP:5047b2df-0f05-
46ec-95fa-5917fda9a959
Content-Type: application/json
Request-ID: c2c48fc8-0000-0000
PSU-IP-Address: 192.168.0.100
PSU-Device-OS: iOS 11
PSU-User-Agent: Mozilla/5.0 (Windows NT
6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/41.0.2228.0 Safari/537.36
Authorization: Bearer at_a5VmY38s1sLXzskf-
0ggCuLQu2pRacz-kyaYww4v
Body
{
"amount": {
HTTP status code: 401
Header
Response-ID: 71ac4012-e21d-421b-b776-
988564f1fbb4
Content-Type: application/json;charset=UTF-
8
Body
{
"errors": [{
"messageCode":
"exception.unauthorized.newEnrollment",
"messageArgs": [],
"message": "Invalid
access token - not valid, expired, not valid
scope or mandates - new enrollment is
required."
}]
}
![Page 133: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/133.jpg)
PSD2 APIs – Mocked data Version 2.0
133
"currency": "EUR",
"value": 1
},
"creationDate": "2018-01-
13T14:09:43.759+01:00",
"iban": "SK1452009999930000000182",
"instructionIdentification": "piisp"
}
![Page 134: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/134.jpg)
PSD2 APIs – Mocked data Version 2.0
134
8 SWAGGER URL: https://developerhub.otpbanka.sk/swagger-ui.html
Third party provider can call PSD2 mock web services via curl command and also via swagger. Swagger
web site is protected by basic authentication where user name is client_id and password is client_secret.
This information was delivered via registration confirmation email.
Third party provider will also need their client_id and client_secret for every PSD2 web service call (see
1.). POST Rest web services also contain the model of request payload (see 2.) and the example of
request payload (see 3.). For the model and the example of XML request payload please see referenced
XSD schema (see 4.).
![Page 135: PSD2 APIS MOCKED DATA - OTP BankaThird party provider must use a registration form on OTP Bank Devportal website. OTP Bank will accept (or reject) the registration and after that,](https://reader033.vdocument.in/reader033/viewer/2022052803/5f272b2b6985ca2ff1404f7a/html5/thumbnails/135.jpg)
PSD2 APIs – Mocked data Version 2.0
135
Swagger website overview: