Payment initiation service
This API allows transactions to be initiated for the PSD2 Payment Initiation Service.
This API will support the following payment services and products:
Payment services:
-
payments
Payment products- sepa-credit-transfers
- cross-border-credit-transfers
-
bulk-payments
Payment products-
pain.001-sepa-credit-transfers
-
pain.008-sepa-direct-debits
-
pain.001-sepa-credit-transfers
NOTE: To use these APIs a valid TLS certificate is required.
The following methods are supported:
- Initiate SEPA payment
- Initiate Cross-Border payment
- Initiate bulk payment
- Initiate bulk payment for direct debits
- Save / confirm payment
- Retrieve access token
- Retrieve payment status
- Retrieve payment details
- Retrieve authorisations
- Retrieve authorisation details
Initiate SEPA payment
The following steps are required to initiate a payment
- Create JSON body
- Generate signature and set headers
- Perform request
Create JSON body
This endpoint can be used to create a SEPA payment (regular, urgent/target2(SEPA-NL) or periodic).
Depending on the type of payment being created, fields may be required, optional or forbidden.
Field | SEPA Payment | Urgent/Target2(SEPA-NL) | Periodic |
---|---|---|---|
endToEndIdentification | Optional | Optional | Optional |
debtorAccount.iban | Required | Required | Required |
debtorAccount.currency | Optional | Optional | Optional |
instructedAmount.currency | Required | Required | Required |
instructedAmount.amount | Required | Required | Required |
creditorAccount.iban | Required | Required | Required |
creditorAccount.currency | Optional | Optional | Optional |
creditorAgent | Forbidden | Forbidden | Forbidden |
creditorName | Required | Required | Required |
creditorAddress.streetName | Optional | Optional | Optional |
creditorAddress.townName | Optional | Optional | Optional |
creditorAddress.postcode | Optional | Optional | Optional |
creditorAddress.country | Required | Required | Required |
remittanceInformationUnstructured * | Optional | Optional | Optional |
remittanceInformationStructured * | Optional | Optional | Optional |
remittanceInformationStructured.reference | Required | Required | Required |
remittanceInformationStructured.referenceType | Optional | Optional | Optional |
remittanceInformationStructured.referenceIssuer | Optional | Optional | Optional |
urgent | Forbidden | Required | Forbidden |
requestedExecutionDate | Required | Required | Forbidden |
frequency ** weekly, everyTwoWeeks, everyFourWeeks, monthly, everyTwoMonths, quarterly, semiAnnual, annual | Forbidden | Forbidden | Required |
startDate | Forbidden | Forbidden | Required |
endDate | Forbidden | Forbidden | Optional |
1 none, remittanceInformationUnstructured or remittanceInformationStructured may be submitted, not both.
2 EventFrequency7Code: daily is missing from this list because it is not not supported. The value everyFourWeeks is not a part of EventFrequency7Code.
This example contains the minimum amount of information required to initiate a SEPA payment. Please refer to the API DOCUMENTATION page for more information.
{ "debtorAccount": { "iban": "ACCOUNT_NUMBER" }, "instructedAmount": { "currency": "EUR", "amount": "10.11" }, "creditorAccount": { "iban": "NL91ABNA0417164300" }, "creditorName": "Mr. Test", "requestedExecutionDate": "2021-01-25" }
field | description |
---|---|
debtorAccount.iban | The debtor account. Replace ACCOUNT_NUMBER with one of the account numbers in the test data table. Remember the accompanying test usernames to be able to create/confirm this payment in later steps. |
instructedAmount.currency | ISO 4217 Alpha 3 currency code, "EUR" |
instructedAmount.amount | The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 9 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. |
creditorAccount.iban | The creditor account number. This must be a valid IBAN. |
creditorName | The creditor name, max 140 characters |
requestedExecutionDate | Format yyyy-MM-dd. Must be a business day. May not be a holiday. |
Generate signature and set headers
The generate a signature, see Signature setup
The following headers must be provided
Header | Example | Description |
---|---|---|
Content-Type | application/json | Only application/json is supported. |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
PSU-IP-Address | 123.12.12.12 | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. |
PSU-User-Agent | Chrome OS | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Geo-Location | 51.20,4.2 | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
TPP-Redirect-URI | https://tpp.com/some-redirect | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. This field is currently optional. |
Accept | application/json | xxx |
Digest | SHA-256=262LaJygmoifcl5pVlhlUXW1QNUfGhfryy03ud/uxMs= | Digest of the body of the request. This field is mandatory, because the ASPSP mandates the use of a signature. |
Signature | A signature of the request. The ASPSP mandates the use of a signature. | |
TPP-Signature-Certificate | The certificate used for signing the request, in base64 encoding. This field is mandatory, because the ASPSP mandates the use of a signature. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/sepa-credit-transfers |
Method | POST |
After a successful payment initiation, status code 201 is returned along with the initiate payment response.
{ "transactionStatus": "PDNG", "paymentId": "dea36cf3-63fa-48b3-b203-2136f5453751", "_links": { "scaOAuth": { "href": "https://w2.web.xs2a.bngbank.nl/well-known/oauth-configuration" }, "self": { "href": "/api/v1/payments/sepa-credit-transfers/dea36cf3-63fa-48b3-b203-2136f5453751" }, "status": { "href": "/api/v1/payments/sepa-credit-transfers/dea36cf3-63fa-48b3-b203-2136f5453751/status" } } }
Initiate Cross-Border payment
The following steps are required to initiate a Cross-Border Payment
- Create JSON body
- Generate signature and set headers
- Perform request
Create JSON body
This endpoint can be used to create a Cross-Border payment.
Depending on the type of payment being created, fields may be required, optional or forbidden.
Field | Cross-Border Payment | |
---|---|---|
endToEndIdentification | Optional | |
debtorAccount.iban | Required | |
debtorAccount.currency | Optional | |
instructedAmount.currency | Required | |
instructedAmount.amount | Required | |
creditorAccount.bban | Required | |
creditorAccount.currency | Optional | |
creditorAgent | Required if no bankcode | Required if |
creditorName | Required | |
creditorAddress.streetName | Optional | |
creditorAddress.townName | Optional | |
creditorAddress.postcode | Optional | |
creditorAddress.country | Required | |
chargeBearer | Required | |
remittanceInformationUnstructured | Optional | |
requestedExecutionDate | Required | |
bankcode | Required if no creditorAgent | Required if |
contraBankName | Required | |
contraBankCity | Required | |
contraBankCountryCode | Required |
This example contains the minimum amount of information required to initiate a SEPA payment. Please refer to the API DOCUMENTATION page for more information.
{ "debtorAccount": { "iban": "ACCOUNT_NUMBER" }, "instructedAmount": { "currency": "USD", "amount": "10.11" }, "creditorAccount": { "bban": "US123456789" }, "chargeBearer": "DEBT", "creditorName": "Mr. Test", "bankCode": "12345678", "contraBankName": "Bank of Amerika", "contraBankCity": "New York", "contraBankCountryCode": "US", "requestedExecutionDate": "2021-01-25" }
field | description |
---|---|
debtorAccount.iban | The debtor account. Replace ACCOUNT_NUMBER with one of the account numbers in the test data table. Remember the accompanying test usernames to be able to create/confirm this payment in later steps. |
instructedAmount.currency | ISO 4217 Alpha 3 currency code for example "EUR" or "USD" etc |
instructedAmount.amount | The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 9 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. |
chargeBearer | The charge bearer for the payment transaction, supported values are DEBT, CRED, SHAR and SLEV (for this environment only DEBT and SHAR are enabled) |
creditorAccount.bban | The creditor account number |
creditorName | The creditor name, max 140 characters |
bankCode | The bank code, max 20 characters |
contraBankName | The creditor bank name, max 70 characters |
contraBankCity | The creditor bank city, max 70 characters |
contraBankCountryCode | The creditor bank country code |
requestedExecutionDate | Format yyyy-MM-dd. Must be a business day. May not be a holiday. |
Generate signature and set headers
The generate a signature, see Signature setup
The following headers must be provided
Header | Example | Description |
---|---|---|
Content-Type | application/json | Only application/json is supported. |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
PSU-IP-Address | 123.12.12.12 | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. |
PSU-User-Agent | Chrome OS | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Geo-Location | 51.20,4.2 | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
TPP-Redirect-URI | https://tpp.com/some-redirect | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. This field is currently optional. |
Accept | application/json | xxx |
Digest | SHA-256=262LaJygmoifcl5pVlhlUXW1QNUfGhfryy03ud/uxMs= | Digest of the body of the request. This field is mandatory, because the ASPSP mandates the use of a signature. |
Signature | A signature of the request. The ASPSP mandates the use of a signature. | |
TPP-Signature-Certificate | The certificate used for signing the request, in base64 encoding. This field is mandatory, because the ASPSP mandates the use of a signature. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/cross-border-credit-transfers |
Method | POST |
After a successful payment initiation, status code 201 is returned along with the initiate payment response.
{ "transactionStatus": "PDNG", "paymentId": "dea36cf3-63fa-48b3-b203-2136f5453751", "_links": { "scaOAuth": { "href": "https://w2.web.xs2a.bngbank.nl/well-known/oauth-configuration" }, "self": { "href": "/api/v1/payments/cross-border-credit-transfers/dea36cf3-63fa-48b3-b203-2136f5453751" }, "status": { "href": "/api/v1/payments/cross-border-credit-transfers/dea36cf3-63fa-48b3-b203-2136f5453751/status" } } }
Please store payment-id somewhere, for example in Notepad, as it is required in later steps.
Initiate bulk payment (SEPA payments)
The following steps are required to initiate a bulk payment
- Create the XML content
- Generate signature and set headers
- Perform request
Create the XML content
This endpoint can be used to create a SEPA bulk payment, an RVR (rijksverrekening/government settlement) bulk payment or a salary bulk payment (note that: urgent/target2(SEPA-NL) bulk payments are no longer supported, use the single sepa-credit-transfers endpoint using the urgent indication instead).
This endpoint supports pain.001.01.03 and pain.001.001.09 XML in the body or using a file stream containing an XML file with pain.001.01.03 XML or pain.001.001.09 or a ZIP file containing a pain.001.01.03 XML or pain.001.001.09 file:
-
Using XML in the body:
To use the body containing the XML, set the header 'Content-Type' to 'application/xml' and add the XML as the body content. -
Using a file stream:
To use a file stream, set the header 'Content-Type' to 'multipart/form-data' and add the file content as stream to the request. Only 1 file is supported.
This example contains the minimum amount of information required to initiate a bulk payment using pain.001.001.03. Please refer to the API DOCUMENTATION page for more information.
<?xml version="1.0" encoding="utf-8" ?> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:pain.001.001.03"> <CstmrCdtTrfInitn> <GrpHdr> <MsgId>137233368626402520</MsgId> <CreDtTm>2019-07-01T00:00:00</CreDtTm> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <InitgPty> <Nm>Initiating party name</Nm> </InitgPty> </GrpHdr> <PmtInf> <PmtInfId>SOCRA312575584575543422</PmtInfId> <PmtMtd>TRF</PmtMtd> <BtchBookg>true</BtchBookg> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <PmtTpInf> <SvcLvl> <Cd>SEPA</Cd> </SvcLvl> </PmtTpInf> <ReqdExctnDt>2019-07-01</ReqdExctnDt> <Dbtr> <Nm>Debtor name</Nm> </Dbtr> <DbtrAcct> <Id> <IBAN>ACCOUNT_NUMBER</IBAN> </Id> </DbtrAcct> <DbtrAgt> <FinInstnId> <BIC>NEMONL2G</BIC> </FinInstnId> </DbtrAgt> <CdtTrfTxInf> <PmtId> <EndToEndId>12345678</EndToEndId> </PmtId> <Amt> <InstdAmt Ccy="EUR">10</InstdAmt> </Amt> <CdtrAgt> <FinInstnId> <BIC>NEMONL2G</BIC> </FinInstnId> </CdtrAgt> <Cdtr> <Nm>Creditor name</Nm> <PstlAdr> <Ctry>NL</Ctry> <AdrLine>Creditor adress</AdrLine> </PstlAdr> </Cdtr> <CdtrAcct> <Id> <IBAN>NL92NEMO5284338277</IBAN> </Id> </CdtrAcct> <RmtInf> <Strd> <CdtrRefInf> <Tp> <CdOrPrtry> <Cd>SCOR</Cd> </CdOrPrtry> <Issr>CUR</Issr> </Tp> </CdtrRefInf> </Strd> </RmtInf> </CdtTrfTxInf> </PmtInf> </CstmrCdtTrfInitn> </Document>
This example contains the minimum amount of information required to initiate a bulk payment using pain.001.001.09. Please refer to the API DOCUMENTATION page for more information.
<?xml version="1.0" encoding="utf-8" ?> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:pain.001.001.09"> <CstmrCdtTrfInitn> <GrpHdr> <MsgId>137233368626402520</MsgId> <CreDtTm>2019-07-01T00:00:00</CreDtTm> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <InitgPty> <Nm>Initiating party name</Nm> </InitgPty> </GrpHdr> <PmtInf> <PmtInfId>SOCRA312575584575543422</PmtInfId> <PmtMtd>TRF</PmtMtd> <BtchBookg>true</BtchBookg> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <PmtTpInf> <SvcLvl> <Cd>SEPA</Cd> </SvcLvl> </PmtTpInf> <ReqdExctnDt> <Dt>2019-07-01</Dt> </ReqdExctnDt> <Dbtr> <Nm>Debtor name</Nm> </Dbtr> <DbtrAcct> <Id> <IBAN>ACCOUNT_NUMBER</IBAN> </Id> </DbtrAcct> <DbtrAgt> <FinInstnId> <BICFI>NEMONL2G</BICFI> </FinInstnId> </DbtrAgt> <CdtTrfTxInf> <PmtId> <EndToEndId>12345678</EndToEndId> </PmtId> <Amt> <InstdAmt Ccy="EUR">10</InstdAmt> </Amt> <CdtrAgt> <FinInstnId> <BICFI>NEMONL2G</BICFI> </FinInstnId> </CdtrAgt> <Cdtr> <Nm>Creditor name</Nm> <PstlAdr> <Ctry>NL</Ctry> <AdrLine>Creditor adress</AdrLine> </PstlAdr> </Cdtr> <CdtrAcct> <Id> <IBAN>NL92NEMO5284338277</IBAN> </Id> </CdtrAcct> <RmtInf> <Ustrd>description</Ustrd> </RmtInf> </CdtTrfTxInf> </PmtInf> </CstmrCdtTrfInitn> </Document>
Generate signature and set headers
The generate a signature, see Signature setup
The following headers must be provided
Header | Example | Description |
---|---|---|
Content-Type | application/xml or multipart/form-data | The content type used to submit the bulk payment |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
PSU-IP-Address | 123.12.12.12 | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. |
PSU-User-Agent | Chrome OS | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Geo-Location | 51.20,4.2 | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
TPP-Redirect-URI | https://tpp.com/some-redirect | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. This field is currently optional. |
Accept | application/json | xxx |
Digest | SHA-256=262LaJygmoifcl5pVlhlUXW1QNUfGhfryy03ud/uxMs= | Digest of the body of the request. This field is mandatory, because the ASPSP mandates the use of a signature. |
Signature | A signature of the request. The ASPSP mandates the use of a signature. | |
TPP-Signature-Certificate | The certificate used for signing the request, in base64 encoding. This field is mandatory, because the ASPSP mandates the use of a signature. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/bulk-payments/pain.001-sepa-credit-transfers |
Method | POST |
After a successful payment initiation, status code 201 is returned along with the initiate payment response.
{ "transactionStatus": "PDNG", "paymentId": "d22a62b5-0f7b-4b9b-b07f-4216c659dd64", "paymentInitiationBatchGroupId": "51912e49-f89b-e911-a8eb-fa33f58ed396", "paymentInitiationInitiations": [ { "paymentInitiationId": "d22a62b5-0f7b-4b9b-b07f-4216c659dd64", "batchIndex": 0 } ], "_links": { "scaOAuth": { "href": "https://w2.web.xs2a.bngbank.nl/well-known/oauth-configuration" } } }
Please store the paymentInitiationBatchGroupId and paymentInitiationIds (in case of a batch file containing a single batch also store the paymentId) somewhere, for example in Notepad, as it is required in later steps. For each batch contained in the posted bulk payment file a paymentInitiationId is generated, this makes it possible to confirm each batch/bulk payment individually. However the batches/bulk payments need to be reviewed and processed first, always use the paymentInitiationBatchGroupId for this purpose, because a posted file is processed as a whole.
Initiate bulk payment (SEPA Direct Debits)
The following steps are required to initiate a bulk payment for SEPA Direct Debits
- Create the XML content
- Generate signature and set headers
- Perform request
Create the XML content
This endpoint can be used to create a SEPA bulk direct debits, an RVR (rijksverrekening/government settlement) bulk direct debit or a NLGOV (overheidsvordering) bulk direct debit.
This endpoint supports pain.008.01.02 and pain.008.001.08 XML in the body or using a file stream containing an XML file with pain.008.01.02 or pain.008.001.08 XML or a ZIP file containing a pain.008.01.02 or pain.008.001.08 XML file:
-
Using XML in the body:
To use the body containing the XML, set the header 'Content-Type' to 'application/xml' and add the XML as the body content. -
Using a file stream:
To use a file stream, set the header 'Content-Type' to 'multipart/form-data' and add the file content as stream to the request. Only 1 file is supported.
This example contains the minimum amount of information required to initiate a bulk payment (Direct Debit) using pain.008.001.02. Please refer to the API DOCUMENTATION page for more information.
<?xml version="1.0" encoding="utf-8"?> <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:iso:std:iso:20022:tech:xsd:pain.008.001.02"> <CstmrDrctDbtInitn> <GrpHdr> <MsgId>137233368626402521</MsgId> <CreDtTm>2019-07-01T00:00:00</CreDtTm> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <InitgPty> <Nm>Initiating party name</Nm> </InitgPty> </GrpHdr> <PmtInf> <PmtInfId>SOCRA312575584575543423</PmtInfId> <PmtMtd>DD</PmtMtd> <BtchBookg>true</BtchBookg> <PmtTpInf> <SvcLvl> <Cd>SEPA</Cd> </SvcLvl> <SeqTp>RCUR</SeqTp> </PmtTpInf> <ReqdColltnDt>2019-07-01</ReqdColltnDt> <Cdtr> <Nm>Creditor name</Nm> </Cdtr> <CdtrAcct> <Id> <IBAN>ACCOUNT_NUMBER</IBAN> </Id> </CdtrAcct> <CdtrAgt> <FinInstnId> <BIC>NEMONL2G</BIC> </FinInstnId> </CdtrAgt> <ChrgBr>SLEV</ChrgBr> <DrctDbtTxInf> <PmtId> <EndToEndId>12345678</EndToEndId> </PmtId> <InstdAmt Ccy="EUR">10</InstdAmt> <DrctDbtTx> <MndtRltdInf> <MndtId>12345678</MndtId> <DtOfSgntr>2019-07-01</DtOfSgntr> </MndtRltdInf> <CdtrSchmeId> <Id> <PrvtId> <Othr> <Id>T</Id> </Othr> </PrvtId> </Id> </CdtrSchmeId> </DrctDbtTx> <DbtrAgt> <FinInstnId> <BIC>BNGHNL2G</BIC> </FinInstnId> </DbtrAgt> <Dbtr> <Nm>Debitor name</Nm> <PstlAdr> <Ctry>NL</Ctry> <AdrLine>Debitor adress</AdrLine> </PstlAdr> </Dbtr> <DbtrAcct> <Id> <IBAN>NL92NEMO5284338277</IBAN> </Id> </DbtrAcct> </DrctDbtTxInf> </PmtInf> </CstmrDrctDbtInitn> </Document>
This example contains the minimum amount of information required to initiate a bulk payment (Direct Debit) using pain.008.001.08. Please refer to the API DOCUMENTATION page for more information.
<Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:iso:std:iso:20022:tech:xsd:pain.008.001.08"> <CstmrDrctDbtInitn> <GrpHdr> <MsgId>137233368626402521</MsgId> <CreDtTm>2019-07-01T00:00:00</CreDtTm> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <InitgPty> <Nm>Initiating party name</Nm> </InitgPty> </GrpHdr> <PmtInf> <PmtInfId>SOCRA312575584575543423</PmtInfId> <PmtMtd>DD</PmtMtd> <BtchBookg>true</BtchBookg> <NbOfTxs>1</NbOfTxs> <CtrlSum>10.00</CtrlSum> <PmtTpInf> <SvcLvl> <Cd>SEPA</Cd> </SvcLvl> <LclInstrm> <Cd>CORE</Cd> </LclInstrm> <SeqTp>RCUR</SeqTp> </PmtTpInf> <ReqdColltnDt>2019-07-01</ReqdColltnDt> <Cdtr> <Nm>Creditor name</Nm> </Cdtr> <CdtrAcct> <Id> <IBAN>ACCOUNT_NUMBER</IBAN> </Id> </CdtrAcct> <CdtrAgt> <FinInstnId> <BICFI>NEMONL2G</BICFI> </FinInstnId> </CdtrAgt> <ChrgBr>SLEV</ChrgBr> <DrctDbtTxInf> <PmtId> <EndToEndId>12345678</EndToEndId> </PmtId> <InstdAmt Ccy="EUR">10</InstdAmt> <DrctDbtTx> <MndtRltdInf> <MndtId>12345678</MndtId> <DtOfSgntr>2019-07-01</DtOfSgntr> </MndtRltdInf> <CdtrSchmeId> <Id> <PrvtId> <Othr> <Id>T</Id> <SchmeNm> <Prtry>SEPA</Prtry> </SchmeNm> </Othr> </PrvtId> </Id> </CdtrSchmeId> </DrctDbtTx> <DbtrAgt> <FinInstnId> <BICFI>BNGHNL2G</BICFI> </FinInstnId> </DbtrAgt> <Dbtr> <Nm>Debitor name</Nm> <PstlAdr> <Ctry>NL</Ctry> <AdrLine>Debitor adress</AdrLine> </PstlAdr> </Dbtr> <DbtrAcct> <Id> <IBAN>NL92NEMO5284338277</IBAN> </Id> </DbtrAcct> </DrctDbtTxInf> </PmtInf> </CstmrDrctDbtInitn> </Document>
Generate signature and set headers
The generate a signature, see Signature setup
The following headers must be provided
Header | Example | Description |
---|---|---|
Content-Type | application/xml or multipart/form-data | The content type used to submit the bulk payment |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
PSU-IP-Address | 123.12.12.12 | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. |
PSU-User-Agent | Chrome OS | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Geo-Location | 51.20,4.2 | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
TPP-Redirect-URI | https://tpp.com/some-redirect | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. This field is currently optional. |
Accept | application/json | xxx |
Digest | SHA-256=262LaJygmoifcl5pVlhlUXW1QNUfGhfryy03ud/uxMs= | Digest of the body of the request. This field is mandatory, because the ASPSP mandates the use of a signature. |
Signature | A signature of the request. The ASPSP mandates the use of a signature. | |
TPP-Signature-Certificate | The certificate used for signing the request, in base64 encoding. This field is mandatory, because the ASPSP mandates the use of a signature. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/bulk-payments/pain.008-sepa-direct-debits |
Method | POST |
After a successful payment initiation, status code 201 is returned along with the initiate payment response.
{ "transactionStatus": "PDNG", "paymentId": "d22a62b5-0f7b-4b9b-b07f-4216c659dd64", "paymentInitiationBatchGroupId": "51912e49-f89b-e911-a8eb-fa33f58ed396", "paymentInitiationInitiations": [ { "paymentInitiationId": "d22a62b5-0f7b-4b9b-b07f-4216c659dd64", "batchIndex": 0 } ], "_links": { "scaOAuth": { "href": "https://w2.web.xs2a.bngbank.nl/well-known/oauth-configuration" } } }
Please store the paymentInitiationBatchGroupId and paymentInitiationIds (in case of a batch file containing a single batch also store the paymentId) somewhere, for example in Notepad, as it is required in later steps. For each batch contained in the posted bulk payment file a paymentInitiationId is generated, this makes it possible to confirm each batch/bulk payment individually. However the batches/bulk payments need to be reviewed and processed first, always use the paymentInitiationBatchGroupId for this purpose, because a posted file is processed as a whole.
Save / confirm payment
After a payment or bulk payments have been initiated, it has to be created and confirmed. To do so, the following actions have to be taken:
- Redirect to OAuth2.0 endpoint
- Review payment or process bulk payments
- Save and confirm
Redirect to OAuth2.0 endpoint
To create an OAuth2.0 redirect URL, please refer to the Oauth2.0 page.
When creating an OAuth2.0 redirect, a scope is required. This scope should look like: "PIS:[payment-id]". Where payment-id is the paymentId or the paymentInitiationBatchGroupId (in case of a bulk payment and when multiple batches are contained in the posted bulk payment file, use the paymentInitiationBatchGroupId to process it. In case of a single bulk payment, the paymentId returned can be used. If the bulk payments are already processed and only need confirming, use the related paymentInitiationId of the corresponding bulk payment) returned in the previous step. For example: "PIS:dea36cf3-63fa-48b3-b203-2136f5453751".
Please find below a flow diagram of payment confirmation. Note that users within BNG Bank can have different authorisations. Some users can only create payments, some users can only confirm payments but not create them and some users can do both. Both are authorisations are now required. Refer to the test data table on this page to see test user authorisations.
Review payment or bulk payments
After navigating to the OAuth2.0 redirect URL. A confirmation details page will be displayed. Before details are shown, the user has to be known. To identify the user, a form will be displayed to submit the username who will be initiating the confirmation. A username can also be supplied using the username querystring parameter. If the username is valid, the payment initiation details will be displayed. In case of a bulk payment, some validations and processing will be performed first. In case of multiple bulk payments in one file which has not been processed yet, the bulk payments must all be confirmed, the user will need to have authorisations to both save and confirm all the bulk payments. In case of 2 confirmations, the second confirmation can be done separately per bulk payment.
Status
A payment initiation can have one of the following statuses. Depending on the status of the payment initiation and the authorisations of the logged in user, certain actions can be performed on the payment initiation.
Status | Description |
---|---|
RJCT | Rejected: The payment has been rejected. For example, because the requested execution date is no longer valid. No actions are possible on the payment. |
PDNG | Pending: The payment has been initiated, but not yet created. |
RCVD | Received: Payment has been created, it is visible in the WebFront application, but has not yet been confirmed (this status is only possible if a confirmation on a payment initiation has been withdrawn in the Webfront application). |
PATC | Partially accepted technically correct: This payment has been created and confirmed but needs another confirmation. |
ACTC | Accepted, technically correct: The payment has been confirmed, no further actions possible. |
Confirm payment or bulk payments
If the payment has the correct status and the user has sufficient authorisation, the payment can be confirmed. Click "Back" to return to redirect_url without confirming. No access code will be returned.
IBAN name and switch check
After the save or confirm button has been clicked, an IBAN name and switch check will be performed on the IBAN and name of the payment. Name suggestions will automatically be taken over and in case the IBAN has an active switching status, the new IBAN will also automatically be taken over, in both cases a warning will be shown that the IBAN and/or name have been changed.
Redirect
After a payment has been created and confirmed, the user is redirected back to the redirect_uri that has been passed on the query string. This redirect_uri will contain an additional query string parameter "code". This code can be used to obtain an access token. With this access token, data regarding this payment initiation can be retrieved.
Retrieve access token
An access code from the previous step can be exchanged for an access token by the following API
Body
Example of request body. Note: line breaks are for clarifying the example.
client_id=PSDNL-AUT-SANDBOX& grant_type=authorization_code& code=f1084fea123e4bc3bcca0a1e5a0a54e5b70e91811dce483aa2168dc539c5f70f& code_verifier=someverifierdata1234& state=438b3d36666341019366cf190b57a349& redirect_uri=redirect_uri
Field | Example value | Description |
---|---|---|
client_id | PSDNL-AUT-SANDBOX | The same client id as present in the TLS certificate. |
grant_type | authorization_code | The grant type requested |
code | f10...70f | The access code as returned by the confirmation site. |
code_verifier | someverifierdata1234 | The code_verifier as passed to the OAuth2.0 authorisation request. |
state | 438b3d36666341019366cf190b57a349 | The state |
redirect_uri | https://tpp.com/access_token | The redirect_uri as passed to the OAuth2.0 authorisation request. |
Headers
The following headers are required for the request
Header | Example value | Description |
---|---|---|
Content-Type | application/x-www-form-urlencoded | |
Accept | application/json |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/token |
Method | POST |
If the call was successful, a 201 status is returned along with the response body. See below an example of a response.
{ "access_token": "eyJh...R49Q", "token_type": "Bearer", "expires_in": "604782", "refresh_token": "91f557fe-e01d-4498-bcb9-46dba668de08", "scope": "PIS:ec1bff9e-79d2-4588-9112-2ae65ae2a14b" }
For other possible return codes, see the API DOCUMENTATION page.
Please store access_token somewhere, for example in Notepad, as it is required in later steps. Note that the access token gives access to all API methods for the corresponding paymentInitiationId. In case a paymentInitiationBatchGroupId was used in a redirect, the access token will give access to all paymentInitiationIds that were generated from the bulk payment file, e.g. in a bulk payment file containing multiple bulk-payments/batches.
Retrieve payment status
To retrieve the status of a payment, a payment-id (or paymentInitiationId of the corresponding bulk payment, change the endpoint accordingly e.g. /bulk-payments/pain.001-sepa-credit-transfers or for Cross-Border payment use /payments/cross-border-credit-transfers) as well as an access_token is required, please see previous steps for directions on how to obtain those.
Headers
Header | Example | Description |
---|---|---|
Content-Type | application/json | |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
Accept | application/json | |
Digest | SHA-256=spt...rrI | Digest of the body |
Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID/status | Replace PAYMENT_ID with the id of a payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 |
Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{ "transactionStatus": "ACTC" }
For other possible return codes, see the API DOCUMENTATION page.
Retrieve payment details
To retrieve details of a payment, a payment-id as well as an access_token is required, please see previous steps for directions on how to obtain those. For Cross-Border payment use /payments/cross-border-credit-transfers.
Headers
Header | Example | Description |
---|---|---|
Content-Type | application/json | |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
Accept | application/json | |
Digest | SHA-256=spt...rrI | Digest of the body |
Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID | Replace PAYMENT_ID with the id of a payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 |
Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{ "transactionStatus": "ACTC", "debtorAccount": { "iban": "NL34BNGT5532530633" }, "instructedAmount": { "currency": "EUR", "amount": "10.11" }, "creditorAccount": { "iban": "NL91ABNA0417164300" }, "CreditorName": "A. Hoogland", "creditorAddress": { "streetName": "Bernardstraat 12", "townName": "Den Haag", "postcode": "1234AB", "country": "NL" }, "remittanceInformationStructured": { "reference": "6000000178319454" }, "requestedExecutionDate": "Mon, 25 Jan 2021 00:00:00 GMT" }
For other possible return codes, see the API DOCUMENTATION page.
Retrieve bulk payment details
To retrieve details of a bulk payment, a paymentInitiationId of the corresponding bulk payment as well as an access_token is required, please see previous steps for directions on how to obtain those.
Headers
Header | Example | Description |
---|---|---|
Content-Type | application/json | |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
Accept | application/json | |
Digest | SHA-256=spt...rrI | Digest of the body |
Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/bulk-payments/pain.001-sepa-credit-transfers/PAYMENT_ID | Replace PAYMENT_ID with the paymentInitiationId of a bulk payment, for example: d22a62b5-0f7b-4b9b-b07f-4216c659dd64 |
Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{ "transactionStatus": "RCVD", "accountNumber": "ACCOUNT_NUMBER", "paymentInformationId": "SOCRA312575584575543422", "paymentMethod": "TRF", "batchBooking": true, "numberOfTransactions": 1, "totalAmount": 10, "requestedExecutionDate": "2019-07-01T00:00:00+02:00", "serviceLevelCode": "SEPA" }
For other possible return codes, see the API DOCUMENTATION page.
Retrieve authorisations
To retrieve authorisations (confirmations) of a payment, a payment-id (or paymentInitiationId of the corresponding bulk payment, change the endpoint accordingly e.g. /bulk-payments/pain.001-sepa-credit-transfers or for Cross-Border payment use /payments/cross-border-credit-transfers) as well as an access_token is required, please see previous steps for directions on how to obtain those.
Headers
Header | Example | Description |
---|---|---|
Content-Type | application/json | |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
Accept | application/json | |
Digest | SHA-256=spt...rrI | Digest of the body |
Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID/authorisations | Replace PAYMENT_ID with the id of a payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 |
Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{ "authorisationIds": [ "19e54cc4-400e-4ba5-a9cd-0bfd39753f64" ] }
Store an authorisation-id somewhere, for example in Notepad, as it is required for the next step.
For other possible return codes, see the API DOCUMENTATION page.
Retrieve authorisation details
To retrieve the details of an authorisation (confirmation) of a payment, a payment-id (or paymentInitiationId of the corresponding bulk payment, change the endpoint accordingly e.g. /bulk-payments/pain.001-sepa-credit-transfers or for Cross-Border payment use /payments/cross-border-credit-transfers) as well as an access_token and an authorisation-id is required, please see previous steps for directions on how to obtain those.
Headers
Header | Example | Description |
---|---|---|
Content-Type | application/json | |
Date | Fri, 09 Apr 2021 15:11:22 GMT | The date of the request. |
X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
Accept | application/json | |
Digest | SHA-256=spt...rrI | Digest of the body |
Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
Endpoint | https://api.xs2a.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID/authorisations/AUTHORISATION_ID | Replace PAYMENT_ID with the id of a payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329. Also replace AUTHORISATION_ID for the id of the authorisation (confirmation), for example: fb74e2f0-6807-4c2a-8662-8d519d87e0a4 |
Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{ "scaStatus": "finalised" }
For other possible return codes, see the API DOCUMENTATION page.