Skip to main content

Create SCT payment

See XS2A Framework Implementation Guidelines, Section 5.3.1 and 11.1 for additional details.

Sample Request Body

  "instructedAmount": {
"amount": "100.33",
"currency": "EUR"
},
"creditorName": "Company 123",
"creditorAccount": {
"iban": "DE89 3704 0044 0532 0130 00",
"currency": "EUR"
},
"debtorAccount": {
"iban": "NO95360573002",
"currency": "NOK"
}
}
Query Parameters
    allowLogicalDuplicate boolean

    Advertises whether or not logical duplicate payments should be allowed.

    Example: true
Header Parameters
    x-accept-fix string required

    Make a published future breaking change active before the date when it is going to be made default, for adopting changes early. (see Future Breaking Changes)

    Example: new-feature-name-as-publised-in-documentation
    Accept string

    Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header.

    Example: application/json
    Accept-Charset string

    Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header.

    Example: utf-8
    Accept-Encoding string

    Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header.

    Example: deflate, gzip;q=1.0, *;q=0.5
    Accept-Language string

    Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header.

    Example: en-US,en;q=0.7,nb;q=0.3
    Host string

    The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.

    Example: psd2.s1bv.no
    X-Request-ID string required

    Request identifier, unique to the call, as determined by the TPP.

    Example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19
    TPP-Session-ID string required

    TPP session identifier.

    Example: b29f79d9-12ea-462b-ad8a-8ad38b8c57b7
    TPP-Redirect-URI string required

    URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

    Example: https://httpbin.org/get
    TPP-Redirect-Preferred string

    Set to false to automatically trigger biometric authentication for mobile apps whenever available. Default is true.

    Example: false
    TPP-Brand-Logging-Information string

    Logged TPP brand used towards the PSU if applicable

    Example: Brand X
    Digest string required

    Base64 encoded sha256 or sha512 hash of the message body, used with the signature.

    The Digest header is defined by RFC3230 and sha256/sha512 si defined by RFC5843.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOabcX3YxNoH4k==
    TPP-Signature-Certificate string required

    The certificate used for signing the request in base64 encoding.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k==
    Signature string required

    HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework.

    • keyId must be formatted as keyId="SN=XXX,CA=YYY" where XXX is the serial number of the signing certificate in hexadecimal encoding and YYY is the ful Distinguished Name of the Certificate Authority having certificate
    • algorithm must identify the same algorithm for the signature as presented in the signing certificate and should be rsa-sha256
    • headers must contain date, digest, x-request-id, psu-id, psu-corporate-id, and tpp-redirect-uri when available
    • signature must be computed as Base64(RSA-SHA256(signingString))

    If any values in the Signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the Signature header according to RFC 2047 which means MIME encoding the signature.

    Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?=

    Example of this encoding: =?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=

    Java example of how to implement encoding:

    if (charset.equals(StandardCharsets.UTF_8)) {
    Signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8)));
    }
    Example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************"
    PSU-ID UUID required

    The PSU identifier.

    Example: 49ae0cfe-6b72-4310-81f5-ad4eef897fe3
    X-PSU-IDENTITY string

    As an alternative to PSU-ID, the PSU can be identified by norwegian personal identification number (national identity number/D-number)

    Example: 01010123456
    X-PSU-AuthMethod-Preferred string

    Preferred authentication method will be selected if available for the PSU

    Example: N/A
    PSU-Corporate-ID string

    The PSU Corporate agreement identifier.

    Example: aog5kNSbDNo2srEPAqsCGaR8LNCAfLVlKPzbwKZQJzI=
    PSU-Context string

    Possible values: [PRIVATE, CORPORATE]

    Explicitly set PSU context. Required for single SCA payment initiation.

    Example: PRIVATE
    PSU-IP-Address string required

    The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.

    Example: 153.110.241.229
    PSU-IP-Port string

    The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

    Example: 443
    PSU-User-Agent string

    The forwarded value for the User-Agent header field between the PSU and TPP, if available.

    Example: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/63.0
    PSU-Accept string

    The forwarded value for the Accept header field between the PSU and TPP, if available.

    Example: application/json
    PSU-Accept-Charset string

    The forwarded value for the Accept-Charset header field between the PSU and TPP, if available.

    Example: utf-8
    PSU-Accept-Encoding string

    The forwarded value for the Accept-Encoding header field between the PSU and TPP, if available.

    Example: gzip, deflate, br
    PSU-Accept-Language string

    The forwarded value for the Accept-Language header field between the PSU and TPP, if available.

    Example: en-US,en;q=0.7,nb;q=0.3
    PSU-HTTP-Method string

    Possible values: [GET, POST, PUT, PATCH, DELETE]

    The forwarded value for the HTTP method used between the PSU and TPP, if available.

    Example: GET
    PSU-Device-ID UUID

    The forwarded value of the device ID used by the PSU, if available.

    Example: 35-67660-48540-8
    PSU-Geo-Location string

    The forwarded value of the Geo Location of the corresponding HTTP request between the PSU and TPP, if available.

    Example: GEO:52.506931,13.144558
Request Body required

payload

    endToEndIdentification string

    Possible values: <= 35 characters

    An optional end-to-end identification for diagnostic and audit purposes.

    instructedAmount object required
    amount string required

    Note that even though the contract sets a precision of 18 and a scale of 5, the provided fraction digits must adhere to the minor units as defined in ISO 4217 for the provided currency code.

    currency Currency required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    creditorName string required

    Possible values: <= 70 characters

    The creditor's full name.

    creditorAccount object required
    iban string required

    Possible values: <= 34 characters

    Expanded version of the basic bank account number (BBAN), structured as defined by ISO 13616-1:2007, intended for use internationally, which uniquely identifies an individual account at a specific financial institution, in a particular country.

    currency Currency required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    creditorAddress object
    street string

    Possible values: <= 70 characters

    buildingNumber string
    postalCode string
    city string
    country Country required

    Possible values: <= 2 characters, [AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BH, BS, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW]

    ISO 3166-1 Alpha-2 Country Code.

    debtorAccount object required
    iban string required

    Possible values: <= 34 characters

    Expanded version of the basic bank account number (BBAN), structured as defined by ISO 13616-1:2007, intended for use internationally, which uniquely identifies an individual account at a specific financial institution, in a particular country.

    currency Currency required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    remittanceInformationUnstructured string

    Possible values: non-empty and <= 140 characters

    Unstructured representation of remittance information. Supported character encodings are ASCII and UTF-8. Note that this information may be truncated or change encoding during processing.

    requestedExecutionDate Date

    Payment execution date as ISO 8601 Date.

Responses

CREATED


Schema
    paymentId string required
    transactionStatus TransactionStatus required

    Possible values: [ACCP, ACSC, ACSP, ACTC, ACWC, ACWP, RCVD, PDNG, RJCT, CANC, PART]

    transactionFees object
    amount string required

    Note that even though the contract sets a precision of 18 and a scale of 5, the provided fraction digits must adhere to the minor units as defined in ISO 4217 for the provided currency code.

    currency Currency required

    Possible values: [AED, AFN, ALL, AMD, ANG, AOA, ARS, AUD, AWG, AZN, BAM, BBD, BDT, BGN, BHD, BIF, BMD, BND, BOB, BRL, BSD, BTN, BWP, BYR, BZD, CAD, CDF, CHF, CLP, CNY, COP, CRC, CUC, CUP, CVE, CZK, DJF, DKK, DOP, DZD, EGP, ERN, ETB, EUR, FJD, FKP, GBP, GEL, GGP, GHS, GIP, GMD, GNF, GTQ, GYD, HKD, HNL, HRK, HTG, HUF, IDR, ILS, IMP, INR, IQD, IRR, ISK, JEP, JMD, JOD, JPY, KES, KGS, KHR, KMF, KPW, KRW, KWD, KYD, KZT, LAK, LBP, LKR, LRD, LSL, LYD, MAD, MDL, MGA, MKD, MMK, MNT, MOP, MRO, MUR, MVR, MWK, MXN, MYR, MZN, NAD, NGN, NIO, NOK, NPR, NZD, OMR, PAB, PEN, PGK, PHP, PKR, PLN, PYG, QAR, RON, RSD, RUB, RWF, SAR, SBD, SCR, SDG, SEK, SGD, SHP, SLL, SOS, SPL, SRD, STD, SVC, SYP, SZL, THB, TJS, TMT, TND, TOP, TRY, TTD, TVD, TWD, TZS, UAH, UGX, USD, UYU, UZS, VEF, VND, VUV, WST, XAF, XCD, XDR, XOF, XPF, YER, ZAR, ZMW, ZWD]

    ISO 4217 Alphabetic Currency Code.

    transactionFeeIndicator boolean

    Indicates if the created payment will incur a fee. The total transaction fee amount will then be available in the transactionFees property. This total will also include any currency conversion fees if applicable.

    tppMessages object[]

    messages to the TPP on operational issues.

  • Array [
  • category string required

    Possible values: [ERROR, WARNING]

    code string required

    Possible values: [SYSTEM_ERROR, BAD_REQUEST, FORBIDDEN, NOT_FOUND, CONFLICT, HTTP_HEADER_REQUIRED, QUERY_PARAMETER_REQUIRED, SCA_NOT_FOUND, SCA_EXPIRED, SCA_INVALID, FORMAT_ERROR, RESOURCE_UNKNOWN, PSU_CREDENTIALS_INVALID, CONSENT_UNKNOWN, CONSENT_INVALID, CONSENT_EXPIRED, ACCESS_EXCEEDED, PRODUCT_UNKNOWN, PRODUCT_INVALID, KID_MISSING, KID_INVALID, PAYMENT_FAILED, EXECUTION_DATE_INVALID]

    path string
    text string

    Possible values: <= 512 characters

  • ]
  • psuMessage string

    Possible values: <= 512 characters

    Text to be displayed to the PSU

    _links object

    A collection of hyperlinks.

    property name* Link
    href string required
    verbs string[] required

    Possible values: [GET, PUT, POST, DELETE]

Loading...