1. Register

Before you can start using our APIs, you will first need to register on the developer portal.

We will get back to you soon with the registration details.

2. Start Using our APIs

To start using our APIs you must follow the below steps

2.1. Get the Access Token (Authentication)

AstroBank uses the OAuth 2.0 protocol to provide to our Customers a secure way to be authenticated, without sharing their personal credentials. AstroBank, through the OAuth 2.0 protocol and the authorization server, will issue an Access Token on behalf of the customer and pass this Access Token to you so that you can issue new requests without the need of re-authentication. The flow is stated on the below diagram:

To obtain the Access Token:

a. Get The Access Code: Call the Authentication API shown below to retrieve the access code. The {{ClientID}} and the {{redirectURI}} as shown below, must be replaced by the client ID and the Redirect Uri that were defined during the creation of your application respectively.

https://openapi.astrobank.com/astrobank/sb/astrobankoauth/oauth2/authorize?response_type=token&client_id={{ClientID}}&redirect_uri={{redirectURI}}&scope=AccountRead

You will then be redirected to a simulated page of AstroBank Web Banking login screen. This will be the screen where AstroBank Customers will have to provide their AstroBank Web Banking credentials to grant access. For testing purposes, you can use the testing credentials as defined below in the section “Sandbox Testing Data”.

Upon Logon, the authentication server will redirect to the redirection URL passing to it the Code generated. This will be used to create The Access Token.As shown below you should Retrieve your Access Token from the redirection URI. As as shown below and you can retrieve you Access Token and you are ready to start

b. Get the Access Token: After retrieving the Code you have to call the “token” method of the “Authentication” product providing the Code retrieved from the above call, the client ID, the grant_type = authorization_code and the scope = psd2. You can find out how to call our APIs programatically by reading the section “4. How to use our Sandbox”. This method will return the Access Token that will be used in every call. Also this method to refresh you access token when it is expired.

2.2. Call an API

To call any API the Access Token and the Client ID must be provided. The below diagram illustrates the process of obtaining the Access Token and through this making a consecutive call an API. Authentication Flow and Example of a subsequent transaction call

2.3. Make a Payment

To create a payment you must call the “InitiatePayment API”. A payment ID will be generated by the Bank and returned with the payment details. To submit the payment for execution the “SubmitPayment API” must be called. For payments that need approval for several users, the SubmitPayment API must me called as many time as the numbe rof the Approver Users of this transaction. The diagram below shows the flow in detail.

2.4. Customer Consent Error

For each application the Bank Customer has to give a consent to the Bank. The consent means that a TPP can issue requests by the calling respective APIs on behalf of our customer for Viewing Account Details, Viewing Account Transactions and for performing Payments.

When no consent is given by the Bank Customer, an error will be returned prompting the Bank Customer to give consent for the respective action. The Bank Customer has login to the Consent website created by AstroBank https://myapps.astrobank.com and give consent for the selected application/ account/ transaction. For the sandbox purposes we have create a Sandbox Consent website which you can use to simulate this behaviour https://myapps-sb.astrobank.com/

3. Sandbox

Please read the below sections which will guide you of how you can use our sandbox and sandbox data

3.1. How to use our Sandbox

By selecting the product and viewing it’s documentation you will be redirected to a screen similar to the below. Each product (Authentication, Accounts and Payments) has a similar documentation page.

The screen above is divided into three sections. 

a. The first one (red rectangle) defines the operations that are allowed for the product as well as the Definitions that each operation has. As you can see below the Accounts products has 3 Operations, the Get Accounts, the Get Accounts details and then Get Transactions

b. The second section (blue rectangle) describes each operation among with the parameters that each API accepts. As you can see below you can view the end point of the API, a summary of the API, the header parameters (Client ID, Authorization URL Access Token and the scope) and the actual parameters of the API accepts (IBAN and Accept). Also you can view the responses that the API returns. Moreover as shown below the API returns a response 200 with the Definition of AccountDetails and a 404 response in the case of an error.

c. The third section (green rectangle) provides examples of how you will actually call each API. On the below screen you can see an example request and an example response. On the top section of the screen, you can switch between different programming languages that you may wish to retrieve the code for.

Moreover using this screen you can also make the call to our APIs. To call any one of them first you have to login to the developers portal and then as shown below fill the necessary parameters and hit the “Call Operation”. On the below screen the “AstrobankTestApp” is selected as the application that will make the call, the “AccountRead” is selected as the scope and the Access Token is pasted into the Access Token field. You can also press the “Authorize” option to create a new Access token and then paste it in the relevant field. Moreover the “application/json” is selected for the accept parameter an and IBAN is entered on the IBAN field.

3.2. How to use the Sandbox Data

The below data can be used for testing on the sandbox environment. There are three scenarios that can be used to simulate the customer behavior. Each of them has a set of credentials and accounts with different properties. You can view the accounts, get account details, retrieve transactions and generate payments from one account to the other. When creating and approving payments you can view the changes on the balances and the transactions of each account in real time.

Scenario 1

	Username: MICHAEL
	Password: MICHAEL

Scenario 2

	Username: ALBERT
	Password: ALBERT

Scenario 3

	Username: ANGELINA
	Password: ANGELINA

Scenario 4

	Username: LEONARDO
	Password: LEONARDO