OP PSD2 Confirmation of Funds API (v1.0)

Download OpenAPI specification:Download

PSD2 support: tpp-support@op.fi


OP PSD2 Confirmation of Funds API allows Third-Party Providers to create and authorize requests regarding availability of funds on an account. Read more about PSD2 regulation and our APIs.

Please note that calling OP's PSD2 APIs with Postman is not supported at this time.

Using this API requires authenticating the client application, and end user authentication and authorization.

Go to the full workflow for PSD2 CoF API >

Terminology

  • AISP: Account Information Service Provider
  • ASPSP: Account Servicing Payment Service Provider
  • CoF: Confirmation of Funds
  • PISP: Payment Initiation Service Provider
  • PSP: Payment Service Provider
  • PSU: Payment Service User
  • TPP: Third-Party Provider accessing the API

Sandbox

PSD2 APIs are available in sandbox free of charge for both licensed and unlicensed developers. See full details for sandbox access.

Production access

Following the regulation, using PSD2 APIs is free of charge also in production. However, a Third-Party Provider has to apply for an AISP/PISP licence from a financial authority (e.g. FIN-FSA in Finland) and obtain valid QWAC and QSEAL certificates. See full details for production access.

Access to business accounts

Only the account holder, i.e. the company, can grant TPPs the right to access the company's business accounts. However, technically the company representative, i.e. the business user, is the actor who in practice confirms with their banking codes the access to business accounts for the TPP.

As the business user is not the holder of the account, the user needs an additional access right from the account holder in order to be able to confirm the requests sent by authorized TPPs.

Instructions for the additional access right registration are available at op.fi in Finnish, Swedish, and English.

After this registration, the business user is able to confirm (or reject) the requests sent by TPPs.

Funds confirmation

Create funds confirmation

This request is used to check the availability of funds on authorized EUR account.

header Parameters
Authorization
required
string

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

Accept
required
string
Value: "application/json"

The Accept request HTTP header advertises which content types, expressed as MIME types, the client is able to understand. This header must be set to 'application/json' or HTTP status Bad Request (400) will be returned.

x-api-key
required
string

API Key

x-fapi-customer-last-logged-time
string^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Fe...
Example: Thu, 21 Sep 2019 19:43:31 UTC

The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates.

x-fapi-customer-ip-address
string

The PSU's IP address if the PSU is currently logged in with the TPP.

x-fapi-interaction-id
string

An RFC4122 UID used as a correlation ID.

x-customer-user-agent
string

Indicates the user-agent that the PSU is using.

Request Body schema: application/json; charset=utf-8
authorizationId
string

Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation authorization.

amountEUR
string <number> ^\d{1,13}(?:\.\d\d)?$

Amount of money whose availability on the account is to be confirmed. Value is a positive (greater-than zero) monetary amount in currency of EUR.

Responses

Request samples

Content type
application/json; charset=utf-8
{
  • "authorizationId": "6d07d98e-e406-443e-b75b-ce2af15928b8",
  • "amountEUR": "string"
}

Response samples

Content type
application/json; charset=utf-8
{
  • "fundsConfirmationId": "d99a5c3b-a989-4b6f-8af1-9b62e3de9058",
  • "authorizationId": "6d07d98e-e406-443e-b75b-ce2af15928b8",
  • "created": "2019-02-21T10:43:07+02:00",
  • "amountEUR": "string",
  • "fundsAvailable": true
}

Authorization

Create authorization request

Authorization request which must be authorized by the PSU. Creates an authorization request for confirming availability of funds. Returns an authorizationId which can be used for authorizing the confirmation of funds. Authorization must be done in advance prior to the first actual Funds confirmation request.

header Parameters
Authorization
required
string

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

Accept
required
string
Value: "application/json"

The Accept request HTTP header advertises which content types, expressed as MIME types, the client is able to understand. This header must be set to 'application/json' or HTTP status Bad Request (400) will be returned.

x-api-key
required
string

API Key

x-fapi-customer-last-logged-time
string^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Fe...
Example: Thu, 21 Sep 2019 19:43:31 UTC

The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates.

x-fapi-customer-ip-address
string

The PSU's IP address if the PSU is currently logged in with the TPP.

x-fapi-interaction-id
string

An RFC4122 UID used as a correlation ID.

x-customer-user-agent
string

Indicates the user-agent that the PSU is using.

Request Body schema: application/json; charset=utf-8
expires
string <date-time> ^\d{4}(-\d\d(-\d\d(T\d\d:\d\d(:\d\d)?(\.\d+)?...

Specified date and time the funds confirmation authorization will expire. If this is not defined, the authorization will expire after a year which is the maximum valid period for single authorization. If expires value is define, it cannot exceed the maximum valid period of one year. Value is represented in ISO 8601 date-time format and it must include the timezone.

iban
string

IBAN (without formatting spaces) of the debtors account to which the confirmation of funds authorization will be applied.

Responses

Request samples

Content type
application/json; charset=utf-8
{
  • "expires": "2012-03-05T10:43:07Z",
  • "iban": "FI8659986920068681"
}

Response samples

Content type
application/json; charset=utf-8
{
  • "authorizationId": "6d07d98e-e406-443e-b75b-ce2af15928b8",
  • "created": "2019-02-21T10:43:07+02:00",
  • "status": "Unauthorized",
  • "expires": "2012-03-05T10:43:07Z",
  • "iban": "FI8659986920068681"
}

Get account authorization

Get account authorization request is used to obtain information related to authorization made by the PSU.

path Parameters
authorizationId
required
string <uuid>
Example: 6d07d98e-e406-443e-b75b-ce2af15928b8

Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation authorization.

header Parameters
Accept
required
string
Value: "application/json"

The Accept request HTTP header advertises which content types, expressed as MIME types, the client is able to understand. This header must be set to 'application/json' or HTTP status Bad Request (400) will be returned.

Authorization
required
string

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

x-api-key
required
string

API Key

x-fapi-customer-last-logged-time
string^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Fe...
Example: Thu, 21 Sep 2019 19:43:31 UTC

The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates.

x-fapi-customer-ip-address
string

The PSU's IP address if the PSU is currently logged in with the TPP.

x-fapi-interaction-id
string

An RFC4122 UID used as a correlation ID.

x-customer-user-agent
string

Indicates the user-agent that the PSU is using.

Responses

Request samples

curl -X GET https://psd2.mtls.sandbox.apis.op.fi/confirmation-of-funds-psd2/v1/authorizations/{authorizationId} \
-H 'Authorization: string' \
-H 'x-api-key: string' \
-H 'x-fapi-customer-last-logged-time: string' \
-H 'x-fapi-customer-ip-address: string' \
-H 'x-fapi-interaction-id: string' \
-H 'x-customer-user-agent: string' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' 

Response samples

Content type
application/json; charset=utf-8
{
  • "authorizationId": "6d07d98e-e406-443e-b75b-ce2af15928b8",
  • "created": "2019-02-21T10:43:07+02:00",
  • "modified": "2019-02-21T10:44:07+02:00",
  • "authorized": "2019-02-21T10:45:07+02:00",
  • "status": "Authorized",
  • "expires": "2012-03-05T10:43:07Z",
  • "iban": "FI8659986920068681"
}

Revoke authorization

path Parameters
authorizationId
required
string <uuid>
Example: 6d07d98e-e406-443e-b75b-ce2af15928b8

Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation authorization.

header Parameters
Accept
required
string
Value: "application/json"

The Accept request HTTP header advertises which content types, expressed as MIME types, the client is able to understand. This header must be set to 'application/json' or HTTP status Bad Request (400) will be returned.

Authorization
required
string

An Authorisation Token as per https://tools.ietf.org/html/rfc6750

x-api-key
required
string

API Key

x-fapi-customer-last-logged-time
string^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Fe...
Example: Thu, 21 Sep 2019 19:43:31 UTC

The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates.

x-fapi-customer-ip-address
string

The PSU's IP address if the PSU is currently logged in with the TPP.

x-fapi-interaction-id
string

An RFC4122 UID used as a correlation ID.

x-customer-user-agent
string

Indicates the user-agent that the PSU is using.

Responses

Request samples

curl -X DELETE https://psd2.mtls.sandbox.apis.op.fi/confirmation-of-funds-psd2/v1/authorizations/{authorizationId} \
-H 'Authorization: string' \
-H 'x-api-key: string' \
-H 'x-fapi-customer-last-logged-time: string' \
-H 'x-fapi-customer-ip-address: string' \
-H 'x-fapi-interaction-id: string' \
-H 'x-customer-user-agent: string' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' 

Response samples

Content type
application/json; charset=utf-8
{
  • "authorizationId": "6d07d98e-e406-443e-b75b-ce2af15928b8",
  • "created": "2019-02-21T10:43:07+02:00",
  • "modified": "2019-02-21T10:44:07+02:00",
  • "authorized": "2019-02-21T10:45:07+02:00",
  • "status": "Revoked",
  • "expires": "2012-03-05T10:43:07Z",
  • "iban": "FI8659986920068681"
}