Account Information Services APIs

(0 reviews)

Important Information & Bank of Ireland’s API Implementation

This page is a reflection of Bank of Ireland’s implementation of the Open Banking ‘Account and Transaction Service API’. Please use the below details for access to information on Bank of Ireland’s account(s).

Accounts supported
  • Personal Current Account (PCA)
  • Business Current Account (BCA)
  • Demand Deposit Account
  • Credit cards
Customer profiles supported

Customers registered on the following Bank of Ireland’s online channel

  • 365 online
  • Business Online (BOL)
APIs supported – What’s on?

Please refer to the BOI API list for full details of what APIs are available in the Sandbox or in production, and on which brand.

Bank of Ireland UK PLC
  • Accounts
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Balances
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
  • Transactions
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
    • Pagination, filtering supported
    • Pagination supported only for PCA, BCA and Demand Deposit accounts
  • Standing orders
    • Accounts supported – PCA, BCA, Demand Deposit
  • Beneficiaries
    • Accounts supported – PCA, BCA, Demand Deposit
  • Products
    • Accounts supported – PCA, BCA
  • Scheduled payments
    • Accounts supported – PCA, BCA, Demand Deposit
  • Statements
    • List of statements
    • Filtering for list of statements supported
    • Retrieve PDF version of a statement
    • Accounts supported – PCA, BCA, Demand Deposit, Credit cards
    • Pagination not supported for Statement List
Token implementation
  • Access token – 5 minutes
  • Refresh token – for ROI, 90 days re-authentication of Refresh token has been updated to 180 days and for UK, 90 days re-authentication of Refresh token has been removed.
  • TPPs will be provided with the pending duration of the refresh token through the id token.
ReleasesNov-2021Feb-2022Aug-2022
AISP 3.1.8 Consent Revocation 1. Continue using the Internal APIs to change the consent status to 'revoked'

2. GET Consent Endpoint to return HTTP 400 code for ‘revoked’ status

Access is removed, but TPPs do not receive on-spec response.
1. Continue using the Internal APIs to change the consent status to 'revoked'

2. Get Consent Endpoint to return HTTP 400 code for ‘revoked’ status

Access is removed, but TPPs do not receive on-spec response. Event notification would not return statuses.
Uplift internal APIs :-
1. Disable changing the consent status to 'revoked'

2. Uplift the APIs to revoke access (disable Refresh token)

3. Integrate with Event notification to trigger revoke consent authorisation events

Access is removed, TPPs get expected response, and event notification would be active
AISP 3.0 Consent revocation 1. Continue using the Internal APIs to change the consent status to 'revoked'

2. GET Consent Endpoint to return status as ‘revoked’

Access is removed, and TPP get expected response.
1. Continue using the Internal APIs to change the consent status to 'revoked'

2. Get Consent Endpoint to return status as ‘revoked’

3. Technical Release of Event Notification APIs **

Access is removed, and TPP get expected response. Event notification would not return statuses.
Uplift internal APIs :-
1. Disable changing the consent status to 'revoked'

2. Uplift the APIs to revoke access (disable Refresh token)

3. Integrate with Event notification to trigger revoke consent authorisation events

Access is removed, and TPP get expected response, and event notification would be active

** Technical Release - TPPs would be able to subscribe to the events but the event notification will be supported in the Aug’22 Dashboard APIs release.

APIs supported - Key Information
  • Bank of Ireland supports V3.0 & V3.1.8 AISP APIs
  • All APIs will only be returning one error message in the response in case of an error scenario. Please make sure that you have provided all information that is required for a successful API call.
  • Accounts-access-consent request will not be accepted if it contains the following permission – ReadParty, ReadOffers, ReadPartyPSU.
  • For account types not supported, Bank AISP APIs will always return an empty response if the account is still a valid consented online payment account e.g. Products endpoint will return an empty response for a valid consented credit card.
  • If the consented account is not a valid online payment account, then Bank AISP APIs will not return any account information.
  • Transactions
    • API will return an empty response if there are no transactions associated with an account when enquired.
    • Bank will be providing only a proprietary transaction code for every transaction. The list of transaction codes is available here.
    • BOI are aware of a defect which is resulting in transactions in a foreign currency made with a Commercial Credit Card not matching the transaction amount shown in the BOI online channel. This is on our roadmap to fix but it is not yet possible to provide a resolution date. When a fix is scheduled and completed, updates will be published in the Transparency Calendar, here and in the News and Announcements section.
    • A unique identifier will be provided for every transaction for the account types supported.
    • For the following account types supported – PCA, BCA, Demand Deposit Account
      • A maximum of one year of transaction data will be returned, from the current date
      • The balance will be returned on the last transaction date. The balance for every individual transaction will not be returned.
      • Transaction narrative will be masked if it contains any sensitive payment data identified by the Bank
    • Credit cards (consumer and commercial) – transaction data returned will only cover the account’s current statement cycle. This is in line with the transaction information available to the customer through BOI channels.
  • Standing orders
    • An empty response will be returned if there are no standing orders associated with an account when enquired
    • An empty response will be returned if enquired for a valid consented credit card
    • Sensitive information like creditor information will be masked
    • Please note that there are a limited number of customers who have standing orders with payee account numbers less than 8 digits. In this scenario, we will return a 500 error to the SO API request. This is being fixed in a future release
  • Beneficiaries
    • Bank will always return only active beneficiaries associated with a customer and not with a specific account
    • Bank will always return ordinary beneficiaries. There are no trusted beneficiaries on the bank’s online channels.
    • An empty response will be returned if there are no beneficiaries associated with the customer when enquired
    • Sensitive information like beneficiary account details will always be masked
    • An empty response will be returned if enquired for a valid consented credit card
    • A customised masking and customised scheme names will be provided for international beneficiaries
  • Products
    • An empty response will be returned if enquired for a valid consented credit card, Demand Deposit Account or any account accessed through the Business OnLine (BOL) profile.
  • Scheduled Payment
    • An empty response if there are no scheduled payments associated with an account when enquired
    • An empty response if enquired for a valid consented credit card
    • Only one-off ‘pending’ future dated payments will be returned
  • Statements
    • The statements API will not work for customers registered on Business Online(BOL) as BOL doesn’t support statements
    • An empty response will be returned if there are no statements associated with an account when enquired
    • BOI will be able to return only PDF file formats. Any other file formats requested during enquiry will result in an error
    • BOI doesn’t provide the statement from date and to date on its online channel.
      • BOI would default the dates to the current date for PCA, BCA, Demand deposit account
      • BOI will provide appropriate dates based on the frequency of the statement (monthly, annual) for credit cards
  • Credit Cards
    • Updated/New cards (403 Forbidden errors) - A Customer-facing issue has been reported whereby 403 Forbidden errors are generated. These errors occur in scenarios where a previous Credit Card has been replaced by a new Credit Card. In such a scenario, the old credit card number is no longer valid, and a new consent is required. Customers will have to add the new credit card number/account and provide a fresh consent.

Note:

BOI supports HTTP 'x-content-type-options' response header by setting the value to 'nosniff' which is returned to TPPs for all APIs.
The Content-Type representation header is used to indicate the original media type of the resource (prior to any content encoding applied for sending). In responses, a Content-Type header provides a TPP with the actual content type of the returned content. This header's value may be ignored, for example when browsers perform MIME sniffing as BOI has set the value to ‘nosniff’ to prevent this behaviour.


Reviews