OP Corporate Service Provider API (1.0.3)

Download OpenAPI specification:Download


OP Corporate Service Provider API allows registered service providers to manage and view mandates related to OP Corporate Banking APIs. See the documentation for currently available API products:

OP Corporate Account Data API
OP Corporate Payment API
OP Corporate Refund API
OP Corporate Transaction Filter API
OP Corporate Transaction Info API

Authentication

Authentication in OP Corporate Service Provider API is based on practices from OpenID Connect (OIDC) 1.0 and OAuth 2.0. For further information on the token management and generation, please see OP Corporate Banking APIs Token management.

Security Considerations

It is extremely important that the Client ID, Client Secret and certificate private key are not exposed at any point. Together they represent the identity of the client and thereby the corporation. In the possession of an attacker they could be used to make fraudulent API calls potentially causing considerable damage.

Sandbox

To test the API in the sandbox environment, please send an email at corp-payment-APIs@op.fi. You will be granted a user ID and password to access OP API Admin in the sandbox environment.

Production access

You can get production access for this API on OP API Admin in production. To use these APIs in production you should replace host in the API examples below with https://api.corporate-api.op.fi/

Change log

v1.0.3 (05/2024)

Added

  • Link to OP Corporate Banking APIs Token management (see Authentication section above)
  • Missing http error response codes and samples

V1.0.2 (04/2024)

Changed

  • Changed sandbox and production URLs for APIs and OP API Admin

V1.0.1 (01/2024)

Added

  • Code examples added

    Changed

  • Usage example section removed
  • Servers updated

V1.0 (12/2021)

Initial version

Mandates

Returns all mandates given to your company by client companies

header Parameters
authorization
required
string

Bearer JWT token

X-Request-ID
string

Unique identifier for a specific request. Used for debugging purposes

Responses

Request samples

#!/bin/bash

# To run this you need openssl and jq installed.

# Steps for registering the required keys and certificates
# 1. A valid service provider agreement created on OP API Admin
# 2. OAuth clientId and clientSecret provisioned
# 3. MTLS private key generated: openssl genrsa -out sandbox-mtls.key 4096
# 4. MTLS certificate signing request (CN and other attributes are ignored): openssl req -new -key sandbox-mtls.key -out sandbox-mtls.csr
# 5. Valid MTLS certificate acquired from OP API Admin using the csr from step 4 and in "sandbox-mtls.crt" file

# OAuth credentials
clientId="TODO put here oauth client id"
clientSecret="TODO and here client secret"

# MTLS credentials
mtlsKey="sandbox-mtls.key"
mtlsCertificate="sandbox-mtls.crt"

API_SERVER="https://api.corp-api-sandbox.test.aws.op-palvelut.net"

echo "Getting access token"
reply=$(curl -s ${API_SERVER}/corporate-oidc/v1/token \
    --key ${mtlsKey} \
    --cert ${mtlsCertificate} \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d "grant_type=client_credentials&client_id=${clientId}&client_secret=${clientSecret}")

token=$(echo $reply | jq -r .access_token)
echo "Access token is: $token"

echo "Fetching mandate listing"
contracts=$(curl -s ${API_SERVER}/corporate-service-provider/v1/mandates \
--key ${mtlsKey} \
--cert ${mtlsCertificate} \
-H "Authorization: Bearer $token")

echo $contracts | jq -C .

Response samples

Content type
application/json; charset=UTF-8
[
  • {
    }
]

Mandates per company

Returns mandates for a single client company with given business ID.

path Parameters
companyId
required
string

Business ID (Business Identity Code) for the company whose mandates are queried.

header Parameters
authorization
required
string

Bearer JWT token

X-Request-ID
string

Unique identifier for a specific request. Used for debugging purposes

Responses

Request samples

#!/bin/bash

# To run this you need openssl and jq installed.

# Steps for registering the required keys and certificates
# 1. A valid service provider agreement created on OP API Admin
# 2. OAuth clientId and clientSecret provisioned
# 3. MTLS private key generated: openssl genrsa -out sandbox-mtls.key 4096
# 4. MTLS certificate signing request (CN and other attributes are ignored): openssl req -new -key sandbox-mtls.key -out sandbox-mtls.csr
# 5. Valid MTLS certificate acquired from OP API Admin using the csr from step 4 and in "sandbox-mtls.crt" file

# OAuth credentials
clientId="TODO put here oauth client id"
clientSecret="TODO and here client secret"

# MTLS credentials
mtlsKey="sandbox-mtls.key"
mtlsCertificate="sandbox-mtls.crt"

API_SERVER="https://api.corp-api-sandbox.test.aws.op-palvelut.net"

echo "Getting access token"
reply=$(curl -s ${API_SERVER}/corporate-oidc/v1/token \
    --key ${mtlsKey} \
    --cert ${mtlsCertificate} \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d "grant_type=client_credentials&client_id=${clientId}&client_secret=${clientSecret}")

token=$(echo $reply | jq -r .access_token)
echo "Access token is: $token"

echo "Fetching mandate listing"
contracts=$(curl -s ${API_SERVER}/corporate-service-provider/v1/mandates \
--key ${mtlsKey} \
--cert ${mtlsCertificate} \
-H "Authorization: Bearer $token")

echo $contracts | jq -C .

COMPANYID=$(echo $contracts | jq -r .[0].companyId)

echo "Fetching mandate info for company $COMPANYID"
contractinfo=$(curl -s ${API_SERVER}/corporate-service-provider/v1/mandates/$COMPANYID \
--key ${mtlsKey} \
--cert ${mtlsCertificate} \
-H "Authorization: Bearer $token")

echo $contractinfo | jq -C .

Response samples

Content type
application/json; charset=UTF-8
[
  • {
    }
]

Generate Client ID and Secret

This endpoint can be used to generate OAuth credentials for the client company that has given you a mandate. On the first time both Client ID and Client Secret are generated for the contract. Later on Client ID stays the same and only Client Secret is updated.

path Parameters
companyId
required
string

Business ID (Business Identity Code) for the company whose mandates are queried.

header Parameters
authorization
required
string

Bearer JWT token

X-Req-Signature
required
string

Body signature

X-Request-ID
string

Unique identifier for a specific request. Used for debugging purposes

Request Body schema: application/json; charset=UTF-8
required

Contract ID for which the credentials want to be generated.

contractId
string

ID for the contract for which client secret needs to be generated

Responses

Request samples

Content type
application/json; charset=UTF-8
{
  • "contractId": "7654321"
}

Response samples

Content type
application/json; charset=UTF-8
{
  • "contractId": "1234567",
  • "clientId": "abCd1Ef2ghijK3",
  • "clientSecret": "abCdeFG_12IjkLm-345NOpqR"
}