Getting started

  1. Browse the available APIs

    Take a look at our APIs to see what choices are available. Is there an API you can exploit in one of your applications? Use the supplied APIs to quickly construct a fully featured application.

    Explore our APIs

  2. Sign Up

    Found an API? Sign up now to create an account and get started. It is free to join.

    Create an account

  3. Register an application

    Before you can use an API you have to register your application. When you register an application, the application is assigned a unique client ID and client secret. You must use the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client secret. Check the API description for the details.

  4. Select a plan

    Finally, now that your application is registered, you need to subscribe to a plan. The plan determines the number of API calls that your application can make. 

    - For the Api Products that are not tagged as production the subscription is free.
    - For the production Api Products an approval is required.

  5. Authorization (Oauth2)

    In order to access the APIs you should get an access token and then pass it as Authorization header to the API calls.

    - The first step before getting the access token is to call the Oauth Authorize url in order to get an authorization code.'

    - The Scope Values are: 
                        - Accounts for the Accounts Product
                        - Transactions for the Transactions Product
                        - FundsConfirmation for the Confirmation of funds product

    - The above call redirects client to the authentication page where the user provides her user credentials(for testing purposes you can use the usernames: user1, user2 and the password: demo#@!). After a successfull authentication the client is redirected in the authorization page where the user is asked to approve that the client will access her private information.

    - Ather the successull authentication and authorization an authorization code is posted back in the provided redirect_uri. The client should post this code to the Oauth Token url in order to get the access token. Below you can see an example curl call of the Oauth Token API.

    curl --request POST \
      --url \
      --header 'accept: application/json' \
      --header 'content-type: application/x-www-form-urlencoded' \
      --data 'grant_type=authorization_code&client_id=4040706496659456&code=tugoj&'

    - If the above request is successfull, an access token is posted back in the redirect url. The client now is ready to call the protected APIs by providing the access token in the authorization Header of the request.

    You can see full specification for the Oauth 2.0 authorization framework in the bellow link.
    Oauth 2.0

  6. One Time Passwords For Sandbox

    Every time a call requires an OTP for sandbox purposes you may use the code 123456.

  7. EIDAS Certificates

    For the APIS that require mutual Authentication you should
    1. Insert the Base64 text of your Qwac Certificate during the application registration in the developers portal.
    2. Fill the header X-Client-Certificate during the API call with the same BASE64 text of your Qwac certificate.

All done! You are signed up, registered, and ready to go.