bank-io/bankio-sdk-php

# Summary The **NextGenPSD2** *Framework Version 1.3.6* (with errata) offers a modern, open, harmonised and interoperable set of Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely. The NextGenPSD2 Framework reduces XS2A complexity and costs, addre

Maintainers

Details

github.com/bank-io/bankIO-sdk-php

Homepage

Source

Issues

Installs: 104

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

v1.1.2 2020-08-02 07:45 UTC

Requires

Requires (Dev)

MIT ecbaf811a398369c54505495863ba89718173aa6

phprestapisdkopenapipsd2openapitoolsopenapi-generatoropenbankingbankio

This package is not auto-updated.

Last update: 2024-05-06 02:22:19 UTC

README

Summary

The NextGenPSD2 Framework Version 1.3.6 (with errata) offers a modern, open, harmonised and interoperable set of Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely. The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards in Europe and, aligned with the goals of the Euro Retail Payments Board, enables European banking customers to benefit from innovative products and services ('Banking as a Service') by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.

The possible Approaches are:

  • Redirect SCA Approach
  • OAuth SCA Approach
  • Decoupled SCA Approach
  • Embedded SCA Approach without SCA method
  • Embedded SCA Approach with only one SCA method available
  • Embedded SCA Approach with Selection of a SCA method

Not every message defined in this API definition is necessary for all approaches. Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional. Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support a certain subset of the methods defined in this API definition.

Please have a look at the implementation guidelines if you are not sure which message has to be used for the approach you are going to use.

Some General Remarks Related to this version of the OpenAPI Specification:

  • This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API. It is not a replacement in any sense. The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.

  • This API definition contains the REST-API for requests from the PISP to the ASPSP.

  • This API definition contains the messages for all different approaches defined in the Implementation Guidelines.

  • According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]

    "If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."

    The element "Accept" will not be defined in this file at any place.

    The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".

  • There are several predefined types which might occur in payment initiation messages, but are not used in the standard JSON messages in the Implementation Guidelines. Therefore they are not used in the corresponding messages in this file either. We added them for the convenience of the user. If there is a payment product, which needs these fields, one can easily use the predefined types. But the ASPSP need not to accept them in general.

  • We omit the definition of all standard HTTP header elements (mandatory/optional/conditional) except they are mentioned in the Implementation Guidelines. Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.

General Remarks on Data Types

The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters

a b c d e f g h i j k l m n o p q r s t u v w x y z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9

/ - ? : ( ) . , ' +

Space

This PHP package is automatically generated by the OpenAPI Generator project:

  • API version: 1.3.6_2020-05-28
  • Build package: org.openapitools.codegen.languages.PhpClientCodegen For more information, please visit https://bankio.co.uk/

Requirements

PHP 7.2 and later

Installation & Usage

Composer

To install the bindings via Composer, add the following to composer.json:

{
  "repositories": [
    {
      "type": "vcs",
      "url": "https://github.com/bank-io/bankio-sdk-php.git"
    }
  ],
  "require": {
    "bank-io/bankio-sdk-php": "*@dev"
  }
}

Then run composer install

Manual Installation

Download the files and include autoload.php:

    require_once('/path/to/OpenAPIClient-php/vendor/autoload.php');

Tests

To run the unit tests:

composer install
./vendor/bin/phpunit

Getting Started

Please follow the installation procedure and then run the following:

<?php
require_once(__DIR__ . '/vendor/autoload.php');



// Configure OAuth2 access token for authorization: oAuth2ClientCredentials
$config = BankIO\Sdk\Configuration::getDefaultConfiguration()->setAccessToken('YOUR_ACCESS_TOKEN');


$client = HttpClientDiscovery::find();
$apiInstance = new BankIO\Sdk\Api\AccountInformationServiceAISApi(
    // If you want use custom http client, pass your client which implements `Http\Client\HttpClient`.
    // This is optional, `HTTPlug` will be used as default.
    $client,
    $config
);
$organisation = 'organisation_example'; // string | This identification is denoting the addressed bankIO organisation. The organisation is the \"name\" attribute of the organisation structure.  Its value is constant at least throughout the lifecycle of a given consent.
$x_request_id = '99391c7e-ad88-49ec-a2ad-99ddcb1f7721'; // string | ID of the request, unique to the call, as determined by the initiating party.
$tpp_psu_id = 'PSU-1234'; // string | Client ID of the PSU in the TPP client interface.  It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.
$psu_ip_address = '192.168.8.78'; // string | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request.
$digest = 'SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A='; // string | Is contained if and only if the \"Signature\" element is contained in the header of the request.
$signature = 'keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))"'
; // string | A signature of the request by the TPP on application level. This might be mandated by ASPSP.
$tpp_signature_certificate = 'tpp_signature_certificate_example'; // string | The certificate used for signing the request, in base64 encoding.  Must be contained if a signature is contained.
$psu_id = 'PSU-1234'; // string | Client ID of the PSU in the ASPSP client interface.   Might be mandated in the ASPSP's documentation.  It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. In this case the ASPSP might check whether PSU-ID and token match,  according to ASPSP documentation.
$psu_id_type = 'psu_id_type_example'; // string | Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.  In this case, the mean and use are then defined in the ASPSP’s documentation.
$psu_corporate_id = 'psu_corporate_id_example'; // string | Might be mandated in the ASPSP's documentation. Only used in a corporate context.
$psu_corporate_id_type = 'psu_corporate_id_type_example'; // string | Might be mandated in the ASPSP's documentation. Only used in a corporate context.
$tpp_redirect_preferred = True; // bool | If it equals \"true\", the TPP prefers a redirect over an embedded SCA approach. If it equals \"false\", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.
$tpp_redirect_uri = 'tpp_redirect_uri_example'; // string | URI of the TPP, where the transaction flow shall be redirected to after a Redirect.  Mandated for the Redirect SCA Approach, specifically  when TPP-Redirect-Preferred equals \"true\". It is recommended to always use this header field.  **Remark for Future:**  This field might be changed to mandatory in the next version of the specification.
$tpp_nok_redirect_uri = 'tpp_nok_redirect_uri_example'; // string | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.
$tpp_explicit_authorisation_preferred = True; // bool | If it equals \"true\", the TPP prefers to start the authorisation process separately,  e.g. because of the usage of a signing basket.  This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality.  If it equals \"false\" or if the parameter is not used, there is no preference of the TPP.  This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step,  without using a signing basket.
$tpp_brand_logging_information = 'tpp_brand_logging_information_example'; // string | This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU.  This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP.  This header might be ignored by the ASPSP.
$tpp_notification_uri = 'tpp_notification_uri_example'; // string | URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP.  For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies:  URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant.  Wildcard definitions shall be taken into account for compliance checks by the ASPSP.  ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply.
$tpp_notification_content_preferred = 'tpp_notification_content_preferred_example'; // string | The string has the form   status=X1, ..., Xn  where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics:    SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP.    PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP.   LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP.  This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.
$psu_ip_port = 1234; // string | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
$psu_accept = 'psu_accept_example'; // string | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
$psu_accept_charset = 'psu_accept_charset_example'; // string | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
$psu_accept_encoding = 'psu_accept_encoding_example'; // string | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
$psu_accept_language = 'psu_accept_language_example'; // string | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
$psu_user_agent = 'psu_user_agent_example'; // string | The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
$psu_http_method = 'psu_http_method_example'; // string | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE
$psu_device_id = '99435c7e-ad88-49ec-a2ad-99ddcb1f5555'; // string | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device.
$psu_geo_location = 'GEO:52.506931;13.144558'; // string | The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
$consents = new \BankIO\Sdk\Model\Consents(); // \BankIO\Sdk\Model\Consents | Request body for a consents request.

try {
    $result = $apiInstance->createConsent($organisation, $x_request_id, $tpp_psu_id, $psu_ip_address, $digest, $signature, $tpp_signature_certificate, $psu_id, $psu_id_type, $psu_corporate_id, $psu_corporate_id_type, $tpp_redirect_preferred, $tpp_redirect_uri, $tpp_nok_redirect_uri, $tpp_explicit_authorisation_preferred, $tpp_brand_logging_information, $tpp_notification_uri, $tpp_notification_content_preferred, $psu_ip_port, $psu_accept, $psu_accept_charset, $psu_accept_encoding, $psu_accept_language, $psu_user_agent, $psu_http_method, $psu_device_id, $psu_geo_location, $consents);
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling AccountInformationServiceAISApi->createConsent: ', $e->getMessage(), PHP_EOL;
}

?>

Documentation for API Endpoints

All URIs are relative to https://ob.bankio.ro

Class Method HTTP request Description
AccountInformationServiceAISApi createConsent POST /api/org/{organisation}/v1/consents Create consent
AccountInformationServiceAISApi deleteConsent DELETE /api/org/{organisation}/v1/consents/{consentId} Delete consent
AccountInformationServiceAISApi getAccountList GET /api/org/{organisation}/v1/accounts Read account list
AccountInformationServiceAISApi getBalances GET /api/org/{organisation}/v1/accounts/{account-id}/balances Read balance
AccountInformationServiceAISApi getCardAccount GET /api/org/{organisation}/v1/card-accounts Read a list of card accounts
AccountInformationServiceAISApi getCardAccountBalances GET /api/org/{organisation}/v1/card-accounts/{account-id}/balances Read card account balances
AccountInformationServiceAISApi getCardAccountTransactionList GET /api/org/{organisation}/v1/card-accounts/{account-id}/transactions Read transaction list of an account
AccountInformationServiceAISApi getConsentAuthorisation GET /api/org/{organisation}/v1/consents/{consentId}/authorisations Get consent authorisation sub-resources request
AccountInformationServiceAISApi getConsentInformation GET /api/org/{organisation}/v1/consents/{consentId} Get consent request
AccountInformationServiceAISApi getConsentScaStatus GET /api/org/{organisation}/v1/consents/{consentId}/authorisations/{authorisationId} Read the SCA status of the consent authorisation
AccountInformationServiceAISApi getConsentStatus GET /api/org/{organisation}/v1/consents/{consentId}/status Consent status request
AccountInformationServiceAISApi getTransactionDetails GET /api/org/{organisation}/v1/accounts/{account-id}/transactions/{transactionId} Read transaction details
AccountInformationServiceAISApi getTransactionList GET /api/org/{organisation}/v1/accounts/{account-id}/transactions Read transaction list of an account
AccountInformationServiceAISApi readAccountDetails GET /api/org/{organisation}/v1/accounts/{account-id} Read account details
AccountInformationServiceAISApi readCardAccount GET /api/org/{organisation}/v1/card-accounts/{account-id} Read details about a card account
AccountInformationServiceAISApi startConsentAuthorisation POST /api/org/{organisation}/v1/consents/{consentId}/authorisations Start the authorisation process for a consent
AccountInformationServiceAISApi updateConsentsPsuData PUT /api/org/{organisation}/v1/consents/{consentId}/authorisations/{authorisationId} Update PSU Data for consents
AuthenticationApi authorize GET /api/auth/authorize Authenticate a user
AuthenticationApi token POST /api/auth/token Request Access Tokens
AuthenticationApi userInfo GET /api/auth/me Retrieve user profile
ClientManagementApi clientClientId DELETE /api/auth/register/{client_id} Delete a client
ClientManagementApi getClient GET /api/auth/register/{client_id} View a client
ClientManagementApi updateClient PUT /api/auth/register/{client_id} Update a client
CommonServicesApi getConsentScaStatus GET /api/org/{organisation}/v1/consents/{consentId}/authorisations/{authorisationId} Read the SCA status of the consent authorisation
CommonServicesApi getPaymentCancellationScaStatus GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} Read the SCA status of the payment cancellation's authorisation
CommonServicesApi getPaymentInitiationAuthorisation GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations Get payment initiation authorisation sub-resources request
CommonServicesApi getPaymentInitiationScaStatus GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} Read the SCA status of the payment authorisation
CommonServicesApi startConsentAuthorisation POST /api/org/{organisation}/v1/consents/{consentId}/authorisations Start the authorisation process for a consent
CommonServicesApi startPaymentAuthorisation POST /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations Start the authorisation process for a payment initiation
CommonServicesApi startPaymentInitiationCancellationAuthorisation POST /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations Start the authorisation process for the cancellation of the addressed payment
CommonServicesApi updateConsentsPsuData PUT /api/org/{organisation}/v1/consents/{consentId}/authorisations/{authorisationId} Update PSU Data for consents
CommonServicesApi updatePaymentCancellationPsuData PUT /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} Update PSU data for payment initiation cancellation
CommonServicesApi updatePaymentPsuData PUT /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} Update PSU data for payment initiation
ConfirmationOfFundsServicePIISApi checkAvailabilityOfFunds POST /api/org/{organisation}/v1/funds-confirmations Confirmation of funds request
PaymentInitiationServicePISApi cancelPayment DELETE /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId} Payment cancellation request
PaymentInitiationServicePISApi getPaymentCancellationScaStatus GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} Read the SCA status of the payment cancellation's authorisation
PaymentInitiationServicePISApi getPaymentInformation GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId} Get payment information
PaymentInitiationServicePISApi getPaymentInitiationAuthorisation GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations Get payment initiation authorisation sub-resources request
PaymentInitiationServicePISApi getPaymentInitiationCancellationAuthorisationInformation GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations Will deliver an array of resource identifications to all generated cancellation authorisation sub-resources
PaymentInitiationServicePISApi getPaymentInitiationScaStatus GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} Read the SCA status of the payment authorisation
PaymentInitiationServicePISApi getPaymentInitiationStatus GET /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/status Payment initiation status request
PaymentInitiationServicePISApi initiatePayment POST /api/org/{organisation}/v1/{payment-service}/{payment-product} Payment initiation request
PaymentInitiationServicePISApi startPaymentAuthorisation POST /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations Start the authorisation process for a payment initiation
PaymentInitiationServicePISApi startPaymentInitiationCancellationAuthorisation POST /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations Start the authorisation process for the cancellation of the addressed payment
PaymentInitiationServicePISApi updatePaymentCancellationPsuData PUT /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{authorisationId} Update PSU data for payment initiation cancellation
PaymentInitiationServicePISApi updatePaymentPsuData PUT /api/org/{organisation}/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId} Update PSU data for payment initiation

Documentation For Models

Documentation For Authorization

BearerAuthOAuth

basicAuth

  • Type: HTTP basic authentication

client_registration_token

  • Type: API key
  • API key parameter name: Authorization
  • Location: HTTP header

client_secret

  • Type: OAuth
  • Flow: password
  • Authorization URL:
  • Scopes:
  • clients: Enable client management

oAuth2AuthCode

  • Type: OAuth
  • Flow: accessCode
  • Authorization URL: /api/auth/authorize
  • Scopes:
  • openid: openid
  • offline_access: Offline access - refresh token
  • aisp: Account information
  • pisp: Payment initiation

oAuth2ClientCredentials

  • Type: OAuth
  • Flow: application
  • Authorization URL:
  • Scopes:
  • aisp: Account information
  • pisp: Payment initiation

oAuth2SSO

  • Type: OAuth
  • Flow: accessCode
  • Authorization URL: /api/auth/authorize
  • Scopes:
  • openid: openid
  • offline_access: Offline access - refresh token
  • email: Email address

openId

Author

hello@bankio.co.uk