Our implementation follows loosely the STET framework v1.6.2 recommendations, to which you can refer to on their website.
In each request, a group of mandatory headers must be sent as described below:
Header | Description |
---|---|
X-Request-ID | Correlation header to be set in a request and retrieved in the relevant response |
TPP-Signing-Certificate | The PEM-formatted certificate of the QSeal |
Authorization | Access token to be passed as a header (prefixed by the Bearer keyword) |
Proxy-Authorization | API key. Can be retrieved on your TPP Account |
Digest | Digest of the body - see QSEAL Signatures |
Signature | http-signature of the request - see QSEAL Signatures |
In addition, these headers can be sent (obtained in the interaction between the TPP and the PSU):
Header | Description |
---|---|
PSU-IP-Address | IP address used by the PSU’s terminal when connecting to the TPP |
PSU-IP-Port | IP port used by the PSU’s terminal when connecting to the TPP |
PSU-HTTP-Method | Http method for the most relevant PSU’s terminal request to the TPP |
PSU-Date | Timestamp of the most relevant PSU’s terminal request to the TPP |
PSU-User-Agent | Timestamp of the most relevant PSU’s terminal request to the TPP |
PSU-Referer | “Referer” header field sent by the PSU terminal when connecting to the TPP. Notice that an initial typo in RFC 1945 specifies that “referer” (incorrect spelling) is to be used. The correct spelling “referrer” can be used but might not be understood. |
PSU-Accept | “Accept” header field sent by the PSU terminal when connecting to the TPP |
PSU-Accept-Charset | “Accept-Charset” header field sent by the PSU terminal when connecting to the TPP |
PSU-Accept-Encoding | “Accept-Encoding” header field sent by the PSU terminal when connecting to the TPP |
PSU-Accept-Language | “Accept-Language” header field sent by the PSU terminal when connecting to the TPP |
PSU-Device-Id | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of installation identification this ID need to be unaltered until removal from device. |
Sandbox URL: https://ob.psd2.services.sandbox.meowallet.pt
Production URL: https://ob.psd2.services.wallet.pt
All details about this request are here: /openbanking/ai/v1/accounts.
All details about this request are here: /openbanking/ai/v1/accounts/{accountResourceId}/balances.
All details about this request are here: /openbanking/ai/v1/accounts/{accountResourceId}/transactions.
All details about this request are here: /openbanking/pi/v1/payment-requests.
All details about this request are here: /openbanking/pi/v1/payment-requests/{operationId}
All details about this request are here: /openbanking/pi/v1/payment-requests/{paymentResourceId}/confirmation