API Overview

Overview

APIs for initiating and managing customer consent on subject such as Account or Card Information Services

If you want to get information on account or cards, at first you have to initiate consent request which is processed by us. Then customer is redirected to consent page, where she or he confirms to share information on accounts chosen on page.

Meanwhile you can access to consent resource to get its' status or details.

Consent details contains access rights, the validity, status and etc.

📘

Abbreviations used in the documentation:

  • TPP - Third Party Providers
  • AIS - Account Information Service
  • ASPSP - Account Servicing Payment Service Provider
  • PSU - Payment Service User
  • SCA - Strong Customer Authentication

These Steps will help you to initiate and authorize Consent

in order your customer was able to add his/her account(s), you need customer consent. To begin consent obtaining process, you need to:

  • POST Create Consent - which will return consent ID (ConsentId) and urls to continue process (ScaOauth) and obtaining resources (self, status). ScaOauth url gives you our oauth server configuration address.
  • GET Oauth Authorization Server - will return our metadata. there are our oauth/authorize endpoint; oauth/token endpoint. Take oauth/authorize endpoint to call.
  • GET Oauth Authorize to get customer authorization url, GET method returns HTTP status 302 and it causes customer's automatic redirection to TBC Login Page. Customer will authenticat, then authorizes consent to share his/her accounts with you. You will get oauth authorization code (code) in redirectUri, which you have specified in the oauth/authorize request.
  • Now you can retrieve or refresh access_token using POST Authorize or Refresh Token. Tokens are required to access accounts services

Json Web Signature (JWS)

🚧

Any call requires a JWS signature, a JWS signature is a mechanism for electronically signing API requests and responses with a structure based on the JSON format.

The signature must include the request body and the following headers:

  1. host

  2. X-Request-ID

  3. digest

  4. content-type(optional)

  5. content-length(optional)

  6. Headers starting with the prefix "psu-"

Signed data must be passed in header "x-jws-signature" for all the requests described in Consents

📘

More details on our JWS library on GitHub: Open Banking JWS Library

More details on JWS Signature standards can be found in the official file of the Georgian Banking Association

📘

In order to make test integration, please use

https://test-openbanking.tbcbank.ge/0.8