Confirmation of Funds APIs
Important Information & Bank of Ireland’s API Implementation
This page is a reflection of Bank of Ireland’s implementation of the Open Banking ‘Confirmation of Funds API’. Please use the below details for confirmation of funds on Bank of Ireland’s account(s).
Accounts supported
- Personal Current Account (PCA)
- Business Current Account (BCA)
- Demand Deposit Account
Note: Currently Bank of Ireland does not support credit cards for confirmation of funds.
Customer profiles supported
Customers registered on the following Bank of Ireland’s online channel
- 365 online
- Business On Line (BOL)
APIs supported – What’s on?
Please refer to the BOI API list for full details of what APIs are available in the Sandbox or in production, and on which brand
Token implementation
- Access token – 5 minutes
- Refresh token – Long lived or time bound based on expiry date provided in consent journey.
- TPPs will be provided with the pending duration of the refresh token through the id token.
Consent Revocation
Releases | Nov-2021 | Feb-2022 | Aug-2022 |
---|---|---|---|
CBPII 3.1.8 Consent Revocation | 1. Continue using the Internal APIs to change the consent status to 'revoked' 2. GET Consent Endpoint to return status as ‘revoked’ Access is removed, but TPPs get expected response. |
1. Continue using the Internal APIs to change the consent status to 'revoked' 2. Technical Release of Event Notification APIs ** Access is removed, but TPPs get expected response. Event notification would not return statuses. |
Uplift internal APIs: 1. Continue to change consent status to 'revoked' 2. Integrate with Event notification to trigger revoke consent authorisation events Access is removed, TPPs get expected response, and event notification would be active |
** Technical Release - TPPs would be able to subscribe to the events but the event notification will be supported in the Aug’22 Dashboard APIs release.
APIs supported - What’s different?
- This API is available for Bank of Ireland UK PLC and for Bank of Ireland (ROI).
- CBPII APIs will only be supported on V3.1.8 of the API specification.
- All APIs will only be returning one error message in the response in case of an error scenario. Please make sure that you have provided all information that is required for a successful API call.
For the consent setup following scheme name will be supported.
In Ireland, valid scheme name is:
UK.OBIE.IBAN
In UK, valid scheme name is:
UK.OBIE.SortCodeAccountNumber
Requests with any other scheme names will be rejected.
For account types not supported, Bank CBPII APIs will reject the confirmation of funds setup request.
- Customers will not be allowed to provide consent if account provided as part of setup is not a valid online payment account for the customer.
- If there is a change to some account statuses, due to joint account access revocation, the account being closed, or the account being downgraded due to credit status, the Bank CBPII APIs will reject the confirmation of funds request.
- The confirmation of funds request will be rejected if the request is made for currency different from account currency.
Note:
BOI supports HTTP 'x-content-type-options' response header by setting the value to 'nosniff' which is returned to TPPs for all APIs.
The Content-Type representation header is used to indicate the original media type of the resource (prior to any content encoding applied for sending). In responses, a Content-Type header provides a TPP with the actual content type of the returned content. This header's value may be ignored, for example when browsers perform MIME sniffing as BOI has set the value to ‘nosniff’ to prevent this behaviour.