This service provides third-party providers (TPPs) access to account information on behalf of SMBC Group's payment service users (PSUs). Within the Sandbox environment, SMBC Group makes available simulated datasets.
To use this service, the TPP will first:
use the token service to obtain a TPP access token;
use this TPP access token via the consents service to create a consents resource and receive a redirect;
(sandbox only) use the token service to request an authorisation code via a dedicated authorisation service, exclusive to the sandbox;
(production only) redirect the PSU to perform strong customer authentication (SCA) against the Bank's online web portal, receive an authorisation code and be redirected back to the TPP with the authorisation code; and
provide the returned authorisation code to the token service to obtain a PSU access token and a PSU refresh token.
Requests for transaction history older than 90 days:
Historical transaction requests (where the dateFrom parameter is earlier than 90 days) are not exemption from SCA. To access this data, the TPP must creating a one-off Consent Resource which will provide them with a PSU Access Token lasting 20 minutes. Using the consentId of the one-off Consent Resource and the short-lived access token, the TPP may make any number of request required for historical transaction history up to the limit of 730 days in the past.
The one-off Consent request body must contain:
recurringIndicator = false;
validUntil = current date plus 2 (e.g. a call made on 1 Jan must have the date 3 Jan)
Creating a one-off Consent Resource will not expire any existing recurring Consent Resource for that user
Info message
For further details, refer to the Getting Started section of this website.