API products are available through various subsciption plans. These plans will be made available after enrollment and verification. Once you've subscribed to a plan, you can use the APIs using the app credentials. APIs are categorized into these API products:
Account information APIs
Account information APIs provide information for accounts held by the bank customer. Information is categorized into:
- Standing Orders
- Direct Debits
An API end point is provided for each type of information.
Banking APIs provide developers with the information needed to create innovative fintech apps for consumers. While you probably have some use cases in mind, there are a few obvious ones worth mentioning:
- Aggregation of financial metrics such as net worth and savings across multiple accounts
- Analysis and recommendations for better money management
- Reccomendation of products and deals based on monthly statements
For accessing account access API end points and payment API end points, the app will first make a call to the OAuth API, so that it can get an access token. The OAuth APIs support the implicit grant flow wherein the access token is returned directly to the app once the user has been authenticated. To keep the authentication more secure (it should do this, unless the app is trusted), the app could also use the authorization code flow wherein a code is returned back to the app. The app should then exchange it for an access token.
The two flows are differentiated by specifying the response_code parameter as ‘code’ for the three-legged authorization code flow and as ‘token’ for the implicit grant.
The app can then use this access token to make the calls to the accounts APIs, userinfo API, and payment APIs. When the API is called, the customer and request id is retrieved from the access token to proceed with the API call flow.
Payment APIs enable the transfer of funds from a consumer's account to a recipient. The initation of transfer is done by the consumer and the recipient's account number is provided by the third-party payment provider (TPPs or PISPs).
For initiating a transfer the user will have to provide the payment request Id and will have to authenticate using two-factor authentication following which an access token will be generated
Using the Access token generated, one-time payment submission can be done. Take a look at some of the use cases:
- Immediate payment transfers for online purchases, thus providing guaranteed services
- Push payments providing merchant with immediate access to the transferred amount
- Fast retail loans from third-party lenders