This document details how to use the BankingSDK. We will see how to use the various endpoints and how do they work in the context of the application's flow.

Commonly used terms

See the definitions and the contexts explanations first.

Dev/test redirect URL

In, each flow with the bank, you'll have to provide a callback URL. You can use our URL It simply displays the query string and has a button to copy it to the clipboard.


In this section we will document the available endpoints and their use, in a typical usage order, with examples on how to use them. Each endpoint has a link to their reference in our official documentation, which has more information.


Several endpoints require and return these unique headers. These are necessary for us to identify the request in case of an issue.

  • X-Request-ID: Request identifier, unique for each call, as determined by the client. Maximum length of 50 characters.
  • X-Correlation-ID: Unique identifier for all the calls of the same flow. Set in the request by the client in direct/TPP mode, supplied by us in response in Gateway mode. Maximum length of 50 characters. Required for customer support.
  • X-Operation-ID: Unique identifier of the request. Gateway mode only. Empty in direct/TPP mode. Required for customer support.

Common Properties

In most of the endpoints, these properties will be required. They are omitted in the examples for each endpoint in order to simplify them but they can be seen in the full object examples.

  • tppContext: additional TPP data for logging purposes, see this article.
"tppContext": {
    "tppId": "string",
    "app": "string",
    "flow": "string",
    "transaction": "string",
    "unit": "string"
  • bankSettings: used only in Direct/TPP mode. Settings to be used for connection with the bank. Use them only if they differ from default settings and if they apply to the specific connector.
    • ncaId – TPP NCA id / legal id
    • settingsId - a simple string that could contain your internal id of the bank credentials set used for this operation. Allows you to memorize which bank settings you have used to establish a consent. This could be used when you have multiple certificates or bank credentials, e.g. switching to a new certificate.
    • appClientId – client Id of the application for specific bank,
    • appClientSecret – client secret of the application for specific bank,
    • appApiKey – client API key of the application for specific bank,
    • tlsCertificateName – PKCS12 QWAC (TLS) certificate file name with extension,
    • tlsCertificatePassword – QWAC (TLS) certificate password,
    • tlsCertificateKeyId – a key for QWAC (TLS) used by some banks (see bank's specific dev portal),
    • signingCertificateName – PKCS12 QSEAL (signing) certificate file name with extension,
    • signingCertificatePassword – QSEAL (signing) certificate password,
    • signingCertificateKeyId – a key for QSEAL (signing) used by some banks (see bank's specific dev portal),
    • pemFileUrl - URL to the QSEAL (signing) public key or JWSK
      The TLS and signing certificates files are expected to be a PKCS12 file containing X509 and key.