Skip to main content

Access for third-party providers

Third Party Providers (TPPs) can use the Weavr Open BankingOpen Banking A service that allows customers to securely share their bank account information and authorize payments directly from their bank account. In Payment Run, Open Banking can be used to link accounts and fund payment runs, providing a seamless experience for buyers. APIs to:

  • Access end-customer account information.
  • Submit a payment for an end-customer.

Open a Weavr Sandbox TPP account

Open a Sandbox TPP account by sending a request to the support team. You need to provide the following information:

  • Company Name
  • eIDAS/OBWAC certificate
  • Contact details
    • Name & Surname
    • Email address
    • Position
  • Innovator applications to access
  • Access level
    • Account Information
    • Payment Initiation
  • Redirect URL (for consent flow completion)
info

You can use the Sandbox environment even if you haven't received a valid certificate yet. In this case, you can sendSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary. a Certificate Signing Request (CSR) instead. A signed Sandbox certificate is issued for you.

TPP Authentication

Requests performed to the Weavr Open BankingOpen Banking A service that allows customers to securely share their bank account information and authorize payments directly from their bank account. In Payment Run, Open Banking can be used to link accounts and fund payment runs, providing a seamless experience for buyers. APIs must present the following headers as means of authentication:

  • Digest
  • TPP-Signature
  • Programme-Key

Digest

The Digest header contains a hash of the HTTP request body. It should take the form of Digest: {digest-algorithm}={base64-encoded-digest}. Only SHA-256 and SHA-512 are allowed as {digest-algorithm}.

To obtain the digest, ensure that it is computed over the unmodified body contents. If the request does not require a body, then the Digest should be that of a null input.

TPP-Signature

The TPP-Signature header should take the form of:

TPP-Signature: keyId="{key-identifier}",algorithm="{signature-algorithm}",headers="{header1} {header2} {headerN}",signature="{message-signature}"

  • {key-identifier} is the key identifier provided by Weavr during registration.

  • {signature-algorithm} is the identifier of the algorithm used to sign the message, one of rsa-sha256 or rsa-sha512.

  • {headers} is the list of message header parameters included in {signing string} (read more below). It’s mandatory to include at least the following:

    • Date (in standard RFC 1123 format)
    • Digest
    • TPP-Consent-ID (if required for the request, it is also required for the signature)

  • {key-identifier} is the key identifier provided by Weavr during registration.

  • {signature-algorithm} is the identifier of the algorithm used to sign the message, one of rsa-sha256 or rsa-sha512.

  • {headers} is the list of message header parameters included in {signing string} (read more below). It's mandatory to include at least the following:

    • Date (in standard RFC 1123 format)
    • Digest
    • TPP-Consent-ID (if required for the request, it is also required for the signature)

  • {signature} is the base64 encoded result of the signature algorithm.

The {signing string} should be obtained by concatenating all the headers specified in {headers}, in the same order, and observing the following rules:

  • The included header names are in lowercase
  • The included header names are immediately followed by an ASCII colon : (with no spaces in between)
  • The : is followed by a single space.
  • Each header is followed by a newline (\n) character, except the last header

Accessing Account Information

In order to access account information, you must first obtain consent from the user with the appropriate authentication headers:

POST {{server-url}}/openbanking/account_information/consents
// empty body

Example response:

{
    "createdTimestamp": 1640194737893,
    "expiry": 1647970737893,
    "id": "107491802074120201",
    "lastUpdated": 1640194737893,
    "links": {
        "redirect": "https://openbanking.weavr.io/consent?programmeKey=1WH5wMcFqRYBfeM3MsMACQ%3D%3D&scope=ACCOUNT_INFORMATION&consentId=107491802074120201&tppId=107491800561942537"
    },
    "state": "AWAITING_AUTHORISATION",
    "tppId": "107491800561942537",
    "tppName": "Test2"
}

From this point, redirect the user to the given URL to obtain their consent. Once the user completes the flow, they are redirected to the redirection URL provided during registration, with the additional request-parameters:

  • consentId: The original consentId that this flow corresponded to
  • consentState: The state of the consent, which at this point could be either AUTHORISED or REJECTED

Once the consent flow is completed, the following endpoints are available to obtain account and transaction information by inclusion of the additional Consent-ID header:

Initiating a Payment

With the Weavr Open BankingOpen Banking A service that allows customers to securely share their bank account information and authorize payments directly from their bank account. In Payment Run, Open Banking can be used to link accounts and fund payment runs, providing a seamless experience for buyers. APIs, you can initiate wire transfersWire Transfer A transaction that moves funds between accounts. An incoming wire transfer moves funds from a third-party bank account to a Weavr managed account, while an outgoing wire transfer moves funds from a Weavr managed account to a third-party bank account. Wire transfers require the managed account to have an assigned IBAN (for EUR) or sort code and account number (for GBP). from managed accountsManaged Account An account held at a financial institution that can be created and managed through the Weavr platform. Each account has a balance where customers can hold funds. Optionally, an IBAN can be assigned to enable wire transfers to bank accounts outside of Weavr..

Initiate a payment by sending a outgoing wire transferWire Transfer A transaction that moves funds between accounts. An incoming wire transfer moves funds from a third-party bank account to a Weavr managed account, while an outgoing wire transfer moves funds from a Weavr managed account to a third-party bank account. Wire transfers require the managed account to have an assigned IBAN (for EUR) or sort code and account number (for GBP). payment initiation request.

POST {{server-url}}/openbanking/payment_initiation/outgoing_wire_transfers

{
  "sourceInstrument": {
    "type": "managed_accounts",
    "id": "107485916782985225"
  },
  "transferAmount": {
    "currency": "EUR",
    "amount": "9000"
  },
  "tag": "tag",
  "description": "wired transfer test",
  "destinationBeneficiary": {
    "name": "test beneficiary",
    "bankAccountDetails": {
      "iban": "DE75512108001245126199",
      "bankIdentifierCode": "AARBDE5W250"
    },
    "address": "address",
    "bankName": "bank name",
    "bankAddress": "bank address",
    "bankCountry": "DE"
  }
}

Example response:

{
    "consent": {
        "createdTimestamp": 1640194918703,
        "expiry": 1647970918703,
        "id": "107491813923684361",
        "lastUpdated": 1640194918703,
        "links": {
            "redirect": "https://openbanking.weavr.io/consent?programmeKey=1WH5wMcFqRYBfeM3MsMACQ%3D%3D&scope=PAYMENT_INITIATION&consentId=107491813923684361&tppId=107491800561942537&paymentType=OUTGOING_WIRE_TRANSFER"
        },
        "state": "AWAITING_AUTHORISATION",
        "tppId": "107491800561942537",
        "tppName": "Test2"
    },
    "paymentRequest": {
        "description": "wired transfer test",
        "destinationBeneficiary": {
            "address": "address",
            "bankAccountDetails": {
                "bankIdentifierCode": "AARBDE5W250",
                "iban": "DE75512108001245126199"
            },
            "bankAddress": "bank address",
            "bankCountry": "DE",
            "bankName": "bank name",
            "name": "test beneficiary"
        },
        "sourceInstrument": {
            "id": "107485916782985225",
            "type": "managed_accounts"
        },
        "tag": "tag",
        "transferAmount": {
            "amount": 9000,
            "currency": "EUR"
        }
    }
}

From this point, redirect the user to the given URL to obtain their consent. Once the user completes the flow, they are redirected to the redirection URL provided during registration, with the additional request-parameters:

  • consentId: The original consentId that this flow corresponded to
  • consentState: The state of the consent, which at this point could be either AUTHORISED or REJECTED