Skip to main content

Create CBCT payment

POST 

/v1/payments/cross-border-credit-transfers

See XS2A Framework Implementation Guidelines, Section 5.3.1 and 11.1 for additional details.

Sample Request Body

  "instructedAmount": {
"amount": "100.33",
"currency": "SEK"
},
"creditorName": "Company 123",
"creditorAgent": "AAA100",
"creditorAccount": {
"bban": "95360573002",
"currency": "SEK"
},
"creditorAddress": {
"street": "Street",
"buildingNumber": "56",
"postalCode": "7014",
"city": "Trondheim",
"country": "NO"
},
"debtorAccount": {
"bban": "95360573002",
"currency": "NOK"
}
}

Request

Query Parameters

    allowLogicalDuplicate boolean

    Advertises whether or not logical duplicate payments should be allowed.

    Example: true

Header Parameters

    x-accept-fix stringrequired

    Make a published future breaking change active before the date when it is going to be made default, for adopting changes early. (see Future Breaking Changes)

    Example: new-feature-name-as-publised-in-documentation
    Accept string

    Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header.

    Example: application/json
    Accept-Charset string

    Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header.

    Example: utf-8
    Accept-Encoding string

    Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header.

    Example: deflate, gzip;q=1.0, *;q=0.5
    Accept-Language string

    Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header.

    Example: en-US,en;q=0.7,nb;q=0.3
    Host string

    The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.

    Example: openbanking.paretobank.no
    X-Request-ID stringrequired

    Request identifier, unique to the call, as determined by the TPP.

    Example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19
    TPP-Session-ID stringrequired

    TPP session identifier.

    Example: b29f79d9-12ea-462b-ad8a-8ad38b8c57b7
    TPP-Redirect-URI stringrequired

    URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

    Example: https://httpbin.org/get
    TPP-Redirect-Preferred string

    Set to false to automatically trigger biometric authentication for mobile apps whenever available. Default is true.

    Example: false
    TPP-Brand-Logging-Information string

    Logged TPP brand used towards the PSU if applicable

    Example: Brand X
    Digest stringrequired

    Base64 encoded sha256 or sha512 hash of the message body, used with the signature.

    The Digest header is defined by RFC3230 and sha256/sha512 si defined by RFC5843.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOabcX3YxNoH4k==
    TPP-Signature-Certificate stringrequired

    The certificate used for signing the request in base64 encoding.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k==
    Signature stringrequired

    HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework.

    • keyId must be formatted as keyId="SN=XXX,CA=YYY" where XXX is the serial number of the signing certificate in hexadecimal encoding and YYY is the ful Distinguished Name of the Certificate Authority having certificate
    • algorithm must identify the same algorithm for the signature as presented in the signing certificate and should be rsa-sha256
    • headers must contain date, digest, x-request-id, psu-id, psu-corporate-id, and tpp-redirect-uri when available
    • signature must be computed as Base64(RSA-SHA256(signingString))

    If any values in the Signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the Signature header according to RFC 2047 which means MIME encoding the signature.

    Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?=

    Example of this encoding: =?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=

    Java example of how to implement encoding:

    if (charset.equals(StandardCharsets.UTF_8)) {
    Signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8)));
    }
    Example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************"
    PSU-ID UUIDrequired

    The PSU identifier.

    Example: 49ae0cfe-6b72-4310-81f5-ad4eef897fe3
    X-PSU-IDENTITY string

    As an alternative to PSU-ID, the PSU can be identified by norwegian personal identification number (national identity number/D-number)

    Example: 01010123456
    PSU-Corporate-ID string

    The PSU Corporate agreement identifier.

    Example: aog5kNSbDNo2srEPAqsCGaR8LNCAfLVlKPzbwKZQJzI=
    PSU-Context string

    Possible values: [PRIVATE, CORPORATE]

    Explicitly set PSU context. Required for single SCA payment initiation.

    Example: PRIVATE
    PSU-IP-Address stringrequired

    The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.

    Example: 153.110.241.229
    PSU-IP-Port string

    The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

    Example: 443
    PSU-User-Agent string

    The forwarded value for the User-Agent header field between the PSU and TPP, if available.

    Example: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/63.0
    PSU-Accept string

    The forwarded value for the Accept header field between the PSU and TPP, if available.

    Example: application/json
    PSU-Accept-Charset string

    The forwarded value for the Accept-Charset header field between the PSU and TPP, if available.

    Example: utf-8
    PSU-Accept-Encoding string

    The forwarded value for the Accept-Encoding header field between the PSU and TPP, if available.

    Example: gzip, deflate, br
    PSU-Accept-Language string

    The forwarded value for the Accept-Language header field between the PSU and TPP, if available.

    Example: en-US,en;q=0.7,nb;q=0.3
    PSU-HTTP-Method string

    Possible values: [GET, POST, PUT, PATCH, DELETE]

    The forwarded value for the HTTP method used between the PSU and TPP, if available.

    Example: GET
    PSU-Device-ID UUID

    The forwarded value of the device ID used by the PSU, if available.

    Example: 35-67660-48540-8
    PSU-Geo-Location string

    The forwarded value of the Geo Location of the corresponding HTTP request between the PSU and TPP, if available.

    Example: GEO:52.506931,13.144558

Body

required

payload

    instructedAmount

    object

    required

    amount stringrequired

    Note that even though the contract sets a precision of 18 and a scale of 5, the provided fraction digits must adhere to the minor units as defined in ISO 4217 for the provided currency code.

    currency Currency (string)required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    creditorName stringrequired

    Possible values: <= 70 characters

    The creditor's full name.

    creditorAgent string

    The creditor's agent, otherwise known as BIC, BICFI or SWIFT, required if using BBAN in creditorAccount.

    creditorAccount

    object

    required

    A reference to either a BBAN or an IBAN of an account.

    bban Bban (string)

    Possible values: <= 30 characters

    Identifier that uniquely identifies an individual account at a specific financial institution in a particular country and which includes a bank identifier of the financial institution servicing that account.

    iban string

    Possible values: <= 34 characters

    Expanded version of the basic bank account number (BBAN), structured as defined by ISO 13616-1:2007, intended for use internationally, which uniquely identifies an individual account at a specific financial institution, in a particular country.

    currency Currency (string)required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    creditorAddress

    object

    street string

    Possible values: <= 70 characters

    buildingNumber string
    postalCode string
    city string
    country Country (string)required

    Possible values: <= 2 characters, [AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BH, BS, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW]

    ISO 3166-1 Alpha-2 Country Code.

    debtorAccount

    object

    required

    A reference to either a BBAN or an IBAN of an account.

    bban Bban (string)

    Possible values: <= 30 characters

    Identifier that uniquely identifies an individual account at a specific financial institution in a particular country and which includes a bank identifier of the financial institution servicing that account.

    iban string

    Possible values: <= 34 characters

    Expanded version of the basic bank account number (BBAN), structured as defined by ISO 13616-1:2007, intended for use internationally, which uniquely identifies an individual account at a specific financial institution, in a particular country.

    currency Currency (string)required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    remittanceInformationUnstructured string

    Possible values: non-empty and <= 140 characters

    Unstructured representation of remittance information. Supported character encodings are ASCII and UTF-8. Note that this information may be truncated or change encoding during processing.

    purposeCode PurposeCode (string)

    Possible values: [INVS, SALA, IDCP, CASH, CORT, INTC, PENS, SSBE, SUPP, TAXS, TREA, VATX, LOAN, OTHR]

    Supported subset of ISO 20022 ExternalPurpose1Code.

    requestedExecutionDate Date

    Payment execution date as ISO 8601 Date.

Responses

CREATED

Schema

    paymentId stringrequired
    transactionStatus TransactionStatus (string)required

    Possible values: [ACCP, ACSC, ACSP, ACTC, ACWC, ACWP, RCVD, PDNG, RJCT, CANC, PART]

    transactionFees

    object

    amount stringrequired

    Note that even though the contract sets a precision of 18 and a scale of 5, the provided fraction digits must adhere to the minor units as defined in ISO 4217 for the provided currency code.

    currency Currency (string)required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    transactionFeeIndicator boolean

    Indicates if the created payment will incur a fee. The total transaction fee amount will then be available in the transactionFees property. This total will also include any currency conversion fees if applicable.

    tppMessages

    object[]

    messages to the TPP on operational issues.

  • Array [

  • category stringrequired

    Possible values: [ERROR, WARNING]

    code stringrequired

    Possible values: [SYSTEM_ERROR, BAD_REQUEST, FORBIDDEN, NOT_FOUND, CONFLICT, HTTP_HEADER_REQUIRED, QUERY_PARAMETER_REQUIRED, SCA_NOT_FOUND, SCA_EXPIRED, SCA_INVALID, FORMAT_ERROR, RESOURCE_UNKNOWN, PSU_CREDENTIALS_INVALID, CONSENT_UNKNOWN, CONSENT_INVALID, CONSENT_EXPIRED, ACCESS_EXCEEDED, PRODUCT_UNKNOWN, PRODUCT_INVALID, KID_MISSING, KID_INVALID, PAYMENT_FAILED, EXECUTION_DATE_INVALID]

    path string
    text string

    Possible values: <= 512 characters

  • ]

  • psuMessage string

    Possible values: <= 512 characters

    Text to be displayed to the PSU

    _links

    object

    A collection of hyperlinks.

    property name*

    Link

    href stringrequired
    verbs string[]required

    Possible values: [GET, PUT, POST, DELETE]

Loading...