PSD2 services

Our implementation follows loosely the STET framework v1.6.2 recommendations, to which you can refer to on their website.

Mandatory HTTP Headers

In each request, a group of mandatory headers must be sent as described below:

Header Description
X-Request-ID Correlation header to be set in a request and retrieved in the relevant response
TPP-Signing-Certificate The PEM-formatted certificate of the QSeal
Authorization  Access token to be passed as a header (prefixed by the Bearer keyword)
Proxy-Authorization API key. Can be retrieved on your TPP Account
Digest Digest of the body - see QSEAL Signatures
Signature  http-signature of the request  - see QSEAL Signatures

Optional HTTP Headers

In addition, these headers can be sent (obtained in the interaction between the TPP and the PSU):

Header Description
PSU-IP-Address IP address used by the PSU’s terminal when connecting to the TPP
PSU-IP-Port IP port used by the PSU’s terminal when connecting to the TPP
PSU-HTTP-Method  Http method for the most relevant PSU’s terminal request to the TPP
PSU-Date Timestamp of the most relevant PSU’s terminal request to the TPP
PSU-User-Agent  Timestamp of the most relevant PSU’s terminal request to the TPP
PSU-Referer “Referer” header field sent by the PSU terminal when connecting to the TPP. Notice that an initial typo in RFC 1945 specifies that “referer” (incorrect spelling) is to be used. The correct spelling “referrer” can be used but might not be understood.
PSU-Accept “Accept” header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Charset “Accept-Charset” header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Encoding “Accept-Encoding” header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Language “Accept-Language” header field sent by the PSU terminal when connecting to the TPP
PSU-Device-Id UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of installation identification this ID need to be unaltered until removal from device.

Sandbox URL: https://ob.psd2.services.sandbox.meowallet.pt

Production URL: https://ob.psd2.services.wallet.pt

AISP services

Accounts

All details about this request are here: /openbanking/ai/v1/accounts.

Balances

All details about this request are here: /openbanking/ai/v1/accounts/{accountResourceId}/balances.

Transactions

All details about this request are here: /openbanking/ai/v1/accounts/{accountResourceId}/transactions.

PISP services

Payment

All details about this request are here: /openbanking/pi/v1/payment-requests.

Get Payment

All details about this request are here: /openbanking/pi/v1/payment-requests/{operationId}

Confirm Payment

All details about this request are here: /openbanking/pi/v1/payment-requests/{paymentResourceId}/confirmation