--- swagger: "2.0" info: x-ibm-name: psd2-rbcz-cards-api title: BalanceCheck API CZ version: 1.0.1 description: | # Czech standard for Open Banking ## general notes Unless explicitly stated otherwise, for all request is expected following definition of processed headers. * **Content-Type**: - *Typ*: string - *Obligation*: yes - *Description*: Specification of transfer format. Assuming on technical specification for this API standard is in this case primarily supported format application/json. * **API-key**: - *Typ*: string - *Obligation*: no - *Description*: Optional string provided by third party as identifier of request from third party which is iused as configuration element of comunication. * **Authorization**: - *Type*: string - *Obligation*: yes - *Description*: Parameter which is used for handover to access token of authenticated user together with his type. contact: [] schemes: - https basePath: /v1/banks/rbcz/cisp consumes: - application/json produces: - application/json securityDefinitions: OAuth2: type: oauth2 description: "" flow: accessCode scopes: CISP: Card services (CISP) authorizationUrl: https://api-public.rbi-developer.rb.cz/psd2-rbcz-cards-oauth2-api/oauth2/authorize tokenUrl: https://api-public.rbi-developer.rb.cz/psd2-rbcz-cards-oauth2-api/oauth2/token clientIdHeader: type: apiKey in: header name: X-IBM-Client-Id security: - clientIdHeader: [] OAuth2: - CISP x-ibm-configuration: testable: true enforced: true phase: realized application-authentication: certificate: false paths: /accounts/balanceCheck: post: summary: Request for balance check description: Source for balance check request on specific account of specific payer. This source is not directly authorized by account owner via authorization resource. Access to  information has to be granted by client outside of this API before it will be used to this source. tags: - CISP produces: - application/json parameters: - in: body name: accountsBalanceCheck required: true schema: $ref: '#/definitions/AccountsBalanceCheckRequest' - description: | The flag identifies if the end user is online and the request was made based on his activity. in: header name: User-Involved required: true type: boolean - description: | Identifies the API's end-user IP address. The TPP should fill this value if the IP address can be detected. The address can be in IPv4 or IPv6 format. in: header maxLength: 50 name: User-IP-Address required: true type: string - description: | An element used to pass on information about what end-user IP port is using. in: header maxLength: 40 name: User-IP-Port required: false type: string - description: | The element is used to forward information about the end user operating system used. in: header maxLength: 100 name: User-Device-OS required: true type: string - description: | Contains information about the end-user web browser. The format should be the same as the standard HTTP parameter User-Agent. in: header maxLength: 200 name: User-User-Agent required: true type: string - description: | Local time on User's device. in: header name: User-Timestamp required: false type: string - description: | End-user GPS coordinates (if the coordinates can be reliably detected). **Required format:** GEO:Latitude;Longitude Based on [RFC2426] in signed degrees format (DDD.dddd) in: header maxLength: 100 name: User-Geo-Location required: false type: string - description: | It contains a unique identifier of end user equipment, if available. For example, a unique mobile device identifier (IMEI). in: header name: User-Device-ID required: false type: string - description: | Unique identifier for each request specified by TPP. It is recommended to use a UUID format with a length of 36 to 60 characters. in: header maxLength: 60 name: X-Request-ID required: true type: string - description: | Defines MIME media type of the resource. For example application/json or application/x-www-form-urlencoded (OAuth2 /auth resources) and application/xml in case of bulk payment initiation. in: header maxLength: 50 name: Content-Type required: true type: string - description: | Each request of a transaction contains the date and time at which the message was originated. In timestamp format. in: header name: Date required: true type: string - description: | IDs that identify the technical or business process within the call of each API request. For example, it can be used to identify the process of retrieving a transaction history that is provided as a paged response available through multiple requests. in: header maxLength: 60 name: Action-ID required: false type: string - description: | The name of the original TPP that created the request. Eg. ‘Star corporation, a.s.’. in: header name: TPP-Name required: true type: string - description: | The identification (licence number) of the original TPP that created the request. Eg. ‘CZ013574-15’. in: header name: TPP-Identification required: false type: string responses: 200: description: Successful response schema: $ref: '#/definitions/AccountsBalanceCheckResponse' 400: description: | - Missing mandatory field in request. (FIELD_MISSING) - Invalid field value. (FIELD_INVALID) - [InvalidDebtorAccountNumber] - Invalid account identifier in request values. (AC02) - [InvalidAccountCurrency] - Invalid currency on requested account. (AC09) - [InvalidTransactionCurrency] - In request is filled unsupported currency. (AM11) - [InvalidAmount] - Invalid ammount. eg. too low, too high or invalid fomat of filled number, including decimal part of number by ISO 4217. (AM12) - [Invalid File Format] - invalid JSON format, or different problem with processing of request. (FF01) - Narrative - general problem for payment rejection, with additional information about problem. (NARR) - [NotUniqueTransactionReference] - Non-unique application identifier. (RF01) - [InvalidCharacterSet] - Invalid charset in request. (RR10) schema: type: object required: - errors properties: errors: type: array description: Parent element with collection of all error statuses items: type: object description: Error status required: - error properties: error: type: string description: Include specific error code parameters: type: object additionalProperties: true description: Field with additiona specific elements for error code. These parameters are every time specified in description of specific error. scope: type: string description: Defines JSON path of request element, which leads to causing of error status. message: type: string description: Optional text description. It´s not used to interpretation for client. It is used for example to enrich error log. 401: description: Missing certificate. (UNAUTHORISED) schema: type: object required: - errors properties: errors: type: array description: Parent element with collection of all error statuses items: type: object description: Error status required: - error properties: error: type: string description: Include specific error code parameters: type: object additionalProperties: true description: Field with additiona specific elements for error code. These parameters are every time specified in description of specific error. scope: type: string description: Defines JSON path of request element, which leads to causing of error status. message: type: string description: Optional text description. It´s not used to interpretation for client. It is used for example to enrich error log. 403: description: | - Call of method which does not respond to license or certificate. (FORBIDDEN) - [TransactionForbidden] - Unexsisting consent with access to information about balance on account. (AG01) schema: type: object required: - errors properties: errors: type: array description: Parent element with collection of all error statuses items: type: object description: Error status required: - error properties: error: type: string description: Include specific error code parameters: type: object additionalProperties: true description: Field with additional specific elements for error code. These parameters are every time specified in description of specific error. scope: type: string description: Defines JSON path of request element, which leads to causing of error status. message: type: string description: |- Optional text description. It´s not used to interpretation for client. It is used for example to enrich error log. definitions: AccountsBalanceCheckRequest: description: Request for balance check type: object required: - exchangeIdentification - debtorAccount - transactionDetails properties: exchangeIdentification: type: string minLength: 1 maxLength: 18 description: Identification of request card: description: Transaction card type: object required: - maskedPan properties: cardholderName: type: string maxLength: 45 description: Card holder name maskedPan: type: string minLength: 1 maxLength: 30 description: Masked card number debtorAccount: type: object required: - identification properties: identification: description: Payer account identification type: object required: - iban properties: iban: type: string description: IBAN pattern: ^[A-Z]{2}\d{2}\w{1,30}$ currency: type: string description: Payer account currency eg. CZK pattern: ^[A-Z]{3}$ authenticationMethod: description: Authentication method type: string enum: - NPIN - PPSG - PSWD - SCRT - SCNL - SNCT - CPSG - ADDB - BIOM - CDHI - CRYP - CSCV - PSVE - CSEC - ADDS - TOKP merchant: description: Merhcant whose providing transaction type: object required: - identification - shortName - commonName - merchantCategoryCode properties: identification: type: string minLength: 1 maxLength: 35 description: Merchant identification type: description: Merchant type type: string enum: - OPOI - MERC - ACCP - ITAG - ACQR - CISS - DLIS shortName: type: string minLength: 1 maxLength: 35 description: Merchant name commonName: type: string minLength: 1 maxLength: 70 description: Merchant name how it was filled in payment confirmation address: type: string maxLength: 140 description: Merchant address countryCode: type: string description: Merchant country merchantCategoryCode: type: string minLength: 3 maxLength: 4 description: Merchant code aligned with business type transactionDetails: description: Transaction detail type: object required: - currency - totalAmount properties: currency: type: string description: Currency used in balance check request eg. CZK pattern: ^[A-Z]{3}$ totalAmount: type: number minimum: 0.000000 description: Amount requested in balance check request AccountsBalanceCheckResponse: description: Response for balance check request type: object required: - responseIdentification - exchangeIdentification - response properties: responseIdentification: type: integer format: int64 description: Unambiguous identification of response for balance check (from ASPSP). exchangeIdentification: type: string description: Repeated identification of payment transaction (balance check request) from card issuer, to which is bound balance check request. response: type: string description: | Response for balance check request. APPR - Enough balance on account for transaction DECL - Not enough balance on account for transaction enum: - APPR - DECL x-ibm-endpoints: - endpointUrl: https://api.rbi-developer.rb.cz type: - production - development ...