Frequently asked questions

In this section you will find the collection of frequently asked questions asked by the developer community. We will expand this section in the upcoming weeks.

If you have trouble to find answer to your question, do not hesitate to contact us on developer@tatrabanka.sk

Questions

How does the registration process work?

After filling in all of the required fields and submitting the registration form, you will be notified about approval of your registration request by e-mail. E-mail contains an activation hyperlink, which redirects you to our Developer portal. Your account will be activated after filling in the login credentials (username and password).

If the hyperlink for account activation expires, you will not be able to login. In that case, please contact us on developer@tatrabanka.sk

Colleagues have already registered our organization, do I need to register again?

No, you do not need to register the organization again. User who registered your organization (organizationAdmin) is able to invite you to such organization on our developer portal. You will need to fill in only user information after opening the hyperlink in the invitation e-mail.

Your organization admin will find invitations under Organization -> Invitations -> Invite New Users

How do I create an application?

In order to create the application, navigate yourself to Applications -> Add Application. Fill in all the required fields and set up the application according to your needs. After clicking the „Save“ button, the application is created and ready to be used.

How can I call the API endpoints?

You are able to call the API endpoints via our testing facility called API Explorer directly on our Developer portal. Furthermore, it is possible to use open source applications such as Postman, Insomnia, SoapUI, etc.

How can I test the functionality before switching to production environment?

By default, created applications are set to Sandbox (testing) environment. Registered users are therefore able to test the API endpoints via API Explorer or via open source applications such as Postman, Insomnia, SoapUI, etc. Testing endpoints contain the string „sandbox“ e.g.:

  • https://api.tatrabanka.sk/sandbox/api/v1/accounts
  • https://api.raiffeisen.sk/rbsandbox/api/v1/accounts

You are able to test the API endpoints with:

How can I access the production environment?

After fulfilling the required conditions (valid eIDAS certificate for PSD2 APIs; signed contract for Premium APIs) you have to navigate yourself to Applications -> Edit (under Option button of specific application) -> Tab API Management. Change the Sandbox plan to Production Plan, then click Save.

How does the authorization work?

Currently, in PSD2 APIs and in Premium APIs, user has to authorize the access to his/her accounts, or to authorize the payments. Our APIs use in all cases  the OAuth 2.0 protocol for authentication and authorization. You will find the high level description on our Developer portal. In case you want to find out more, read the RFC 6749 about OAuth 2.0 Protocol.

Which API standard is being followed by Tatra banka and Raiffeisen bank?

PSD2 APIs of Tatra banka and Raiffeisen bank are in accord with PSD2 legislation and RTS on SCA and CSC.

Tatra banka and Raiffeisen bank in Slovakia follow Slovak API Standard v 2.0. You can find more about API Standard on Slovak Banking Association website.

How long is the transaction history which can be retrieved via API?

The transaction history differs according to the API:

  • In case of PSD2 Accounts API: 13 months
  • In case of Premium Accounts API: 15 months

How many transactions am I able to retrieve in one API call?

You are able to determine the number of transactions retrieved in one API call to the resource /transactions with a parameter pageSize. It differs according to the API :

  • In case of PSD2 Accounts API: max. 100
  • In case of Premium Accounts API: max. 1000

Is it possible to access the accounts of legal entities via APIs, or is it only for retail customers?

Yes, it is possible to access accounts of both legal entities as well as retail customers. In case of PSD2 APIs it is possible only with user´s consent.

I am having trouble with Authorization API. How do I implement it?

Our documentation covers the Authorization API jointly for different user flows. In order to implement Authorization API correctly, you should also check the RFCs connected to the Authorization API.

  • RFC 6749 for OAuth 2.0 Protocol
  • RFC 7636 for Proof Key for Code Exchange by OAuth Public Clients

Authorization calls differs mainly in usage of scope, grant types, and proof key (code challenge + verifier)

Which scope should I use in the Authorization API?

Scope differs according to the API resources, which you want to call. Our APIs support following scopes:

  • AISP (to access Accounts API)
  • PISP (to access payment initiation in Payments API)
  • payments (to access payment submission in Payments API)
  • PIISP (to access Funds API)
  • PREMIUM_AIS (to access Premium API)

Which grant type should I use in the Authorization API?

Grant type differs according to the API resources, which you want to call. Our APIs support two different grant types: (1) Authorization code grant, where you have to authorize the client in the beginning, (2) Client credentials grant, where you do not need to authorize the client in the beginning.

Authorization code grant is used in:

  • Accounts API
  • Payments API (payment submission)
  • Premium API

Client credentials grant is used in:

  • Payments API (payment initiation)
  • Funds API

Is it possible to avoid Authorization API calls to access endpoints of Accounts API/Premium API?

No, it is not possible. User has to authorize access to his/her accounts at least once in 90 days. However during the period, when the authorization is valid, you do not need to authorize again in order to access list of accounts, acount detail or list of transactions.

Where do I need to put parameters for getting transactions in Premium API?

You have to use parameters in the GET/.../transactions call, so the request contains the parameters after the question mark (eg. GET/.../transactions?dateFrom=2020-09-01). The request will not work properly if you put the parameters into the Body of the request (neither as parameters nor as json file).