Skip to main content

Signing Baskets Service Berlin Group v1.3 - SMBC Group v1.0.1

About this service

This service provides third-party providers (TPPs) access to start authorisation for a basket of payment initiation requests.

Within the Sandbox environment, SMBC Group makes available simulated datasets.

How to use this service

To use this service, the TPP will first:

  • use the token service to obtain a TPP access token;
  • use this TPP access token via the consents service to create a consents resource and receive a redirect;
  • (sandbox only) use the token service to request an authorisation code via a dedicated authorisation service, exclusive to the sandbox;
  • (production only) redirect the PSU to perform strong customer authentication (SCA) against the Bank's online web portal, receive an authorisation code and be redirected back to the TPP with the authorisation code; and
  • provide the returned authorisation code to the token service to obtain a PSU access token and a PSU refresh token.

Digital signature requirements

While the full set of mandatory fields in the digital signature Signature/headers field will vary by operation, the common mandatory fields in production are as follows:

  • (request-target) - This is the request URI including any request parameters of the production endpoint, e.g., "POST /berlingroup/v1/signing-baskets
  • date - The current date-time when the request is generated in the format defined in RFC 7231.
  • digest - SHA-256 hash of the request message payload.
  • consent-id
  • x-request-id
  • psu-id
  • tpp-redirect-uri
  • psu-ip-address
  • psu-device-id

When invoking Berlin Group operations that require digital signatures, you must include all the mandatory headers for the respective operation. Furthermore, all the mandatory headers for the operation must be included in the signing string, per the Cavage specification, when generating the digital signature.

Need help?

Check our FAQs for common queries, otherwise please get in touch with our API support team to discuss your on-boarding.