Account Information Services APIs

1.0.x
(0 reviews)

Important Information & Bank of Ireland’s API Implementation

This page is a reflection of Bank of Ireland’s implementation of the Open Banking ‘Account and Transaction Service API’. Please use the below details for access to information on Bank of Ireland’s account(s).

Accounts supported
  • Personal Current Account (PCA)
  • Business Current Account (BCA)
  • Demand Deposit Account
  • Credit cards
Customer profiles supported

Customers registered on the following Bank of Ireland’s online channel

  • 365 online
  • Business On Line (BOL)
APIs supported – What’s on?

Please refer to the BOI API list for full details of what APIs are available in the Sandbox or in production, and on which brand

Bank of Ireland UK PLC
  • Accounts
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Balances
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Transactions
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
    • Pagination, filtering supported (filter transactions by date as provided by the TPP)
    • Pagination supported only for PCA, BCA and Demand Deposit accounts
  • Standing orders
    • Accounts supported – PCA, BCA, Demand Deposit
  • Beneficiaries
    • Accounts supported – PCA, BCA, Demand Deposit
  • Products
    • Accounts supported – PCA, BCA
  • Scheduled payments
    • Accounts supported – PCA, BCA, Demand Deposit
  • Statements
    • List of statements
    • Filtering for list of statements supported
    • Retrieve PDF version of a statement
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
    • Pagination not supported for Statement List
Bank of Ireland (ROI)
  • Accounts
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Balances
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Transactions
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
    • Pagination, filtering supported
    • Pagination supported only for PCA, BCA and Demand Deposit accounts
UK Post Office

UK Post Office Current Accounts are no longer available and access to these accounts is not available via APIs.

Bank of Ireland UK, Post Office and AA Credit Cards

Post Office and AA Credit Cards provided by Bank of Ireland UK, and credit cards branded Bank of Ireland UK, have been sold to a new Credit Card issuer. Access to Accounts for these portfolios are the responsibility of the new card issuer.

Token implementation
  • Access token – 5 minutes
  • Refresh token – 90 days
  • TPPs will be provided with the pending duration of the refresh token through the id token.
ReleasesNov-2021Feb-2022Aug-2022
AISP 3.0 Consent revocation 1.Continue using the Internal APIs to change the consent status to 'revoked'

2. GET Consent Endpoint to return status as ‘revoked’

Access is removed, and TPP get expected response.		 1.Continue using the Internal APIs to change the consent status to 'revoked'

2. Get Consent Endpoint to return status as ‘revoked’

3. Technical Release of Event Notification APIs **

Access is removed, and TPP get expected response. Event notification would not return statuses.		 Uplift internal APIs :-
1. Disable changing the consent status to 'revoked'

2. Uplift the APIs to revoke access (disable Refresh token)

3. Integrate with Event notification to trigger revoke consent authorisation events

Access is removed, and TPP get expected response, and event notification would be active
AISP 3.1.8 Consent Revocation 1.Continue using the Internal APIs to change the consent status to 'revoked'

2. GET Consent Endpoint to return HTTP 400 code for ‘revoked’ status

Access is removed, but TPPs do not receive on-spec response. 		1.Continue using the Internal APIs to change the consent status to 'revoked'

2. Get Consent Endpoint to return HTTP 400 code for ‘revoked’ status

Access is removed, but TPPs do not receive on-spec response. Event notification would not return statuses.		 Uplift internal APIs :-
1. Disable changing the consent status to 'revoked'

2. Uplift the APIs to revoke access (disable Refresh token)

3. Integrate with Event notification to trigger revoke consent authorisation events

Access is removed, TPPs get expected response, and event notification would be active

** Technical Release - TPPs would be able to subscribe to the events but the event notification will be supported in the Aug’22 Dashboard APIs release.

APIs supported - Key Information
  • Bank of Ireland supports V3.0 & V3.1.8 of the AISP APIs
  • All APIs will only be returning one error message in the response in case of an error scenario. Please make sure that you have provided all information that is required for a successful API call.
  • Accounts-access-consent request will not be accepted if it contains the following permission – ReadParty, ReadOffers, ReadPartyPSU.
  • For account types which are not supported for a particular endpoint, BOI AISP APIs will always return an empty response if the account has a valid AIS consent e.g. Standing Orders or Direct Debit endpoints will return an empty response for a valid consented credit card.
  • If the consented account is not a valid online payment account, then Bank AISP APIs will not return any account information.

  • Transactions

    • API will return an empty response if there are no transactions associated with an account when enquired.
    • Bank will be providing only a proprietary transaction code for every transaction. The list of transaction codes is available here.
    • BOI are aware of a defect which is resulting in transactions in a foreign currency made with a Commercial Credit Card not matching the transaction amount shown in the BOI online channel. This is on our roadmap to fix but it is not yet possible to provide a resolution date. When a fix is scheduled and completed, updates will be published in the Transparency Calendar, here and in the News and Announcements section.
    • A unique identifier will be provided for every transaction for the account types supported, with the below exception
      • A transaction identifier will not be returned for consumer credit cards. This will be provided when 3.1.2 APIs are implemented
    • For the following account types – PCA, BCA, Demand Deposit Account
      • A maximum of one year of transaction data will be returned, from the current date
      • The balance will be returned on the last transaction date. The balance for every individual transaction will not be returned.
      • Transaction narrative will be masked if it contains any sensitive payment data identified by the Bank
      • Credit cards (consumer and commercial) – transaction data returned will only cover the account’s current statement cycle. This is in line with the transaction information available to the customer through BOI channels

  • Standing orders

    • An empty response will be returned if there are no standing orders associated with an account when enquired
    • An empty response will be returned if enquired for a valid consented credit card
    • Sensitive information like creditor information will be masked
    • Please note that there are a limited number of customers who have standing orders with payee account numbers less than 8 digits. In this scenario, we will return a 500 error to the SO API request. This is being fixed in a future release.

  • Beneficiaries

    • Bank will always return only active beneficiaries associated with a customer will be returned and not with a specific account
    • An empty response will be returned if there are no beneficiaries associated with the customer when enquired
    • Sensitive information like beneficiary account details will always be masked
    • An empty response will be returned if enquired for a valid consented credit card
    • A customised masking will be provided and customised scheme names for international beneficiaries

  • Products

    • An empty response will be returned if enquired for a valid consented credit card, Demand Deposit Account or any account accessed through the Business On Line (BOL) profile.

  • Scheduled Payment

    • An empty response will be returned if there are no scheduled payments associated with an account when enquired
    • An empty response will be returned if enquired for a valid consented credit card
    • Only one-off ‘pending’ future dated payments will be returned
  • Statements
    • The statements API will not work for customers using Business On Line (BOL) credentials as BOL doesn’t support statements. The statements API is for business customers using 365 credentials.
    • An empty response will be returned if there are no statements associated with an account when enquired
    • Statements can be retrieved in PDF formats only. Any other file formats requested during enquiry will result in an error being returned
    • The Statement From Date and the Statement To Date will be set to the current date for PCA, BCA, Demand deposit account
    • Statement From Date and Statement To Date will be provided based on the frequency of the statement (monthly, annual) for credit cards

Note:

BOI supports HTTP 'x-content-type-options' response header by setting the value to 'nosniff' which is returned to TPPs for all APIs.
The Content-Type representation header is used to indicate the original media type of the resource (prior to any content encoding applied for sending). In responses, a Content-Type header provides a TPP with the actual content type of the returned content. This header's value may be ignored, for example when browsers perform MIME sniffing as BOI has set the value to ‘nosniff’ to prevent this behaviour.

Reviews