NAV Navbar
Priora logo

Setup

Generate RSA key pair

openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem
  1. Go to Bank Registration page, input your bank’s name, your email and password.
  2. Go to your profile details tab and save your app_id and app_secret.
  3. Set the url of your connector
  4. Generate public/private key pair
  5. Go to your profile security tab and paste your public key there.

API Endpoints

All the incoming requests are encrypted with the public key you pasted before in your profile.

The following endpoints MUST be implemented in your connector:

Enrollment Flow

Request from Priora

Request payload

{
  "data": {
    "session_secret": "STk_HeFrzSCoK4BOkfpbOkXKXyQiR2Hy7ZarHNzVuGc",
    "original_request": {
      "method": "POST",
      "original_url": "https://priora.saltedge.com/api/authenticator/v1/tokens",

      "body_content": {
        "data": {
          "provider_code": "demobank",
          "credentials": {
            "login": "test",
            "password": "test"
          },
          "scopes": [
            "authenticator"
          ]
        }
      }
    }
  }
}

Request headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

Priora sends a request to https://your.connector.com/api/priora/v1/tokens/create

Validate

Connector has to check signature using priora’s public key.

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95VEwkM1qHxgEdkTlX9TOxK70
REPQ/4lAWZkq6qnfzEEMSaeSwnv1aZnKXe82DEkaDx4qYyhybetnhcMaNYgrf4pp
Gl4pHyrko+J4uVeu0oUVvAdaOWtnzcpkIvPZs4f0e3se4H7MJ4XoOROnYKTAKaGh
03ipCDa4KH//7ZtHHwIDAQAB
-----END PUBLIC KEY-----

Connector should validate whether request is not expired and request’s signature.

Token creation

Token Instructions

  {
    "extra": {
      "instructions": "Confirm your authotization."
    },
    "session_expires_at": "2017-06-01T12:37:33.000Z",
    "name": "instructions",
    "session_secret": "STk_HeFrzSCoK4BOkfpbOkXKXyQiR2Hy7ZarHNzVuGc"
  }

Next connector validates user credentials and if they are correct create a Token in its database. Then connector should send signed POST request to /api/connectors/v1/sessions/update on Priora with Token Instructions.

Token confirmation

Token Confirmation

  {
    "user_id": "1",
    "provider_token": "generated token string",
    "provider_token_expires_at": "expires_at for generated token",
    "session_secret": "STk_HeFrzSCoK4BOkfpbOkXKXyQiR2Hy7ZarHNzVuGc"
  }

Token has unconfirmed status until user confirms it using channel different from Priora. When user confirms a token, connector should send signed POST request to /api/connectors/v1/sessions/success on Priora with Token Confirmation.

AISP Linking Flow

Request from Priora

Request payload

{
  "data": {
    "session_secret": "STk_HeFrzSCoK4BOkfpbOkXKXyQiR2Hy7ZarHNzVuGc",
    "original_request": {
      "signature": "aisp_request_signature",
      "expires_at": "1496159522",
      "method": "POST",
      "original_url": "https://priora.saltedge.com/api/aisp/v1/tokens",
      "body_content": {
        "data": {
          "provider_code": "demobank",
          "credentials": {
            "login": "test",
            "password": "test"
          },
          "scopes": [
            "accounts"
          ]
        }
      }
    }
  }
}

Request headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

Priora sends a request to https://your.connector.com/api/priora/v1/tokens/create

Validate

Connector has to check signature using priora’s public key.

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95VEwkM1qHxgEdkTlX9TOxK70
REPQ/4lAWZkq6qnfzEEMSaeSwnv1aZnKXe82DEkaDx4qYyhybetnhcMaNYgrf4pp
Gl4pHyrko+J4uVeu0oUVvAdaOWtnzcpkIvPZs4f0e3se4H7MJ4XoOROnYKTAKaGh
03ipCDa4KH//7ZtHHwIDAQAB
-----END PUBLIC KEY-----

Connector should validate whether request is not expired and request’s signature.

Validate original request

Signature from the original request should also be validated using AISP app public key (later will be requested from eIDAS).

Waiting for confirmation

Confirmation Await

  {
    "name": "waiting_confirmation_code",
    "confirmation_code": "234abc",
    "session_secret": "unique session identifier"
  }

Token has unconfirmed status until user confirms it using channel different from Priora. When user confirms a token, connector should send signed POST request to /api/connectors/v1/sessions/success on Priora with Confirmation Await.

AISP Data Extraction

Know Your Customer

Headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

GET request to https://your.connector.com/api/priora/v1/kyc?token=token-of-the-linked-aisp.

Accounts

Headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

GETrequest to https://your.connector.com/api/priora/v1/accounts?token=token-of-the-linked-aisp.

Transactions

Headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

GET request to https://your.connector.com/api/priora/v1/transactions?token=token-of-the-linked-aisp&account-id=1.

PISP Linking Flow

Request from Priora

Request payload

{
  "data": {
    "session_secret": "STk_HeFrzSCoK4BOkfpbOkXKXyQiR2Hy7ZarHNzVuGc",
    "original_request": {
      "signature": "pisp_request_signature",
      "expires_at": "1496159522",
      "method": "POST",
      "original_url": "https://priora.saltedge.com/api/pisp/v1/tokens",
      "body_content": {
        "data": {
          "provider_code": "demobank",
          "credentials": {
            "login": "test",
            "password": "test"
          },
          "scopes": [
            "payments"
          ]
        }
      }
    }
  }
}

Request headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159522
}

Priora sends a request to https://your.connector.com/api/priora/v1/tokens/create

Validate

Connector has to check signature using priora’s public key.

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95VEwkM1qHxgEdkTlX9TOxK70
REPQ/4lAWZkq6qnfzEEMSaeSwnv1aZnKXe82DEkaDx4qYyhybetnhcMaNYgrf4pp
Gl4pHyrko+J4uVeu0oUVvAdaOWtnzcpkIvPZs4f0e3se4H7MJ4XoOROnYKTAKaGh
03ipCDa4KH//7ZtHHwIDAQAB
-----END PUBLIC KEY-----

Connector should validate whether request is not expired and request’s signature.

Validate original request

Signature from the original request should also be validated using PISP app public key (later will be requested from eIDAS).

Waiting for confirmation

Confirmation Await

{
  "confirmation_code": "234abc",
  "session_secret": "unique session identifier"
}

Token has unconfirmed status until user confirms it using channel different from Priora. When user confirms a token, connector should send signed POST request to /api/connectors/v1/sessions/success on Priora with Confirmation Await.

PISP Payment Flow

Payment creation

Payload

{
  "fees": {
    "internal": {
      "amount": 0.0025,
      "currency_code": "EUR",
      "description": "Priora service fee",
      "code": "priora_service_fee"
    }
  },
  "session_secret": "F6567XbVjHsr0Z1-1bRct6V5rvYDmQZA0YoKTpNIpiY",
  "token": "186WKRXPdcSf_m-SimSG3AmjcnVlbbDVELshWD6qDf4",
  "payment_id": 95,
  "original_request": {
    "signature": "BaCt2sr67XbRV/IuKxhjaApByDMQ10THF1zgY9tYCFzg==",
    "expires_at": "1496232936",
    "method": "POST",
    "original_url": "http://priora.saltedge.com/api/pisp/v1/payments",
    "body_content": {
      "data": {
        "provider_code": "demobank",
        "amount": "101.0",
        "description": "Test transaction",
        "currency_code": "USD",
        "merchant": {
          "name": "Amazon"
        },
        "type": "transfer",
        "source": {
          "iban": "DE12345678123456781233"
        },
        "destination": {
          "iban": "DE12345678123456781232"
        }
      }
    }
  }
}

Headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159558
}

POST request to https://your.connector.com/api/priora/v1/payments/create.

Payment confirmation

Payload

{
  "token": "186WKRXPdcSf_m-SimSG3AmjcnVlbbDVELshWD6qDf4",
  "payment_id": 95,
  "connector_payment_id": "8",
  "original_request": {
    "signature": "UGHqO2SgruBAARN/L7XoEBpo3IXGylcq4ceAcrN3DNVLpnam8p3zjUQ==",
    "expires_at": "1496232946",
    "method": "PUT",
    "original_url": "http://priora.saltedge.com/api/pisp/v1/sessions/confirm",
    "body_content": {
      "data": {
        "secret": "F6567XbVjHsr0Z1-1bRct6V5rvYDmQZA0YoKTpNIpiY",
        "confirmation_code": "0ad484"
      }
    }
  }
} 

Headers

{
  "Signature": "priora_signature"
  "Expires-At": 1496159558
}

POST request to https://your.connector.com/api/priora/v1/payments/confirm.

Access Token Scopes

Type Description
authenticator grants application access to view confirmation codes issued by Bank
payments grants application right to initiate payments on User’s behalf
accounts grants application access to User’s accounts within specific Bank
transactions grants application access to transactions listed under specific account
kyc grants application access to view User’s KYC data
sign_in used to identify User on Priora