Getting Started new

Welcome to Bank of Ireland's developer portal.

The revised Payment Services Directive (PSD2)mandates banks to provide access to account (XS2A) facilities to licensed Third Party Provider s (TPPs). There are three types of third party providers (TPPs):

  • Account Information Service Providers (AISP): AISP APIs are for access to a customer's online payment account data via a TPP.
  • Payment Initiation Service Provider (PISP): PISP APIs are for the initiation of payments from an online payment account via a TPP.
  • Payment Service Providers that are card-based payment Instrument Issuers (CBPII): CBPII APIs are to confirm availability of funds of an online payment account.

PSD2 also states that communications between the ASPSPs and the TPPs have to be secure and compliant with the Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication.

Bank of Ireland has adopted the Open Banking Implementation Entity (OBIE) standard for compliance with PSD2/CMA regulation. The Bank of Ireland API Platform is designed to provide a ready to use, complete infrastructure for Open Banking APIs.

This portal provides you with a detailed documentation of Bank of Ireland's implementation of the OBIE standard. You can also test our APIs using widely used standard tools for API access. Refer to the section "Steps to follow to test APIs" on this page for details on testing our APIs. For full access to test accounts and to receive important information, help, support and notifications, you must register.

A list of APIs supported by BOI can be viewed here.

How to test Bank of Ireland APIs
A. If you want to test using test eIDAS certificates

cb30e98a-febd-4b1d-99ce-dd7ea30f8aaa-image.png

Prerequisites for testing
  1. Test eIDAS certificates (QWAC & QSealC) that complies with the PSD2 ETSI Profile

Note: If you are experiencing issues getting test eIDAS certificates, please contact us.

Steps to follow to test APIs
  1. Create SSA using widely used online tools. SSA "alg" must be set to "NONE". Details and sample SSA are provided with Dynamic Client Registration API.
  2. Use the additional API to upload root of the test eIDAS certificates.
  3. Register and log in to the Bank of Ireland Developer hub to download the customer profiles/test accounts for testing APIs.
  4. Onboard your application using the Dynamic Client Registration API as per the OBIE specifications with additional claim "x5c" included in the JWT header. x5c must be set to public key of QSealC.
  5. Call the sandbox POST APIs to set up an AISP/PISP/CBPII request with the bank
  6. Use the sandbox authorisation URL mentioned in the "Authorisation Flow & Redirection Services/URLs" section below to authorise the AISP/PISP/CBPII request. Refer to the test account sheet to choose the customer (PSU ID) profile for testing.
  7. You are now ready to test the Bank's API. Please refer to the section "Points to note when testing APIs" before commencing the testing.
B. If you are present on the Open Banking Directory Sandbox

3131c64d-51f4-4689-93cc-ac36b511d6b8-image.png

Prerequisites for testing
  1. You will need to have a software statement (SSA) from OBIE Directory Sandbox
  2. If you wish to use production/live certificates, we support the following certificates
    • eIDAS certificates that comply with the PSD2 ETSI Profile
    • OBIE issued certificates compliant with PSD2 ETSI Profile
    • OBIE legacy certificates
Steps to follow to test APIs
  1. Create a Software Statement in the Open Banking Directory Sandbox that corresponds to your application.
  2. Attach a set of certificates (transport and signing) for the Software Statement.
  3. Register and log in to the Bank of Ireland developer hub to download the customer profiles/test accounts for testing APIs.
  4. Onboard your application using the Dynamic Client Registration API as per the OBIE specifications.
  5. Call the sandbox POST APIs to set up an AISP/PISP/CBPII request with the bank.
  6. Use the sandbox authorisation URL mentioned in the "Authorisation Flow & Redirection Services/URLs" section below to authorise the AISP/PISP/CBPII request. Refer to the test account sheet to choose the customer (PSU ID) profile for testing.
  7. You are now ready to test the Bank's API. Please refer to the section "Points to note when testing APIs" before commencing the testing.
C. Points to note when testing APIs
  1. APIs can be tested by using tools like Postman, SOAP etc.
  2. Participants will need to present a full certificate chain to invoke APIs i.e. intermediate along with leaf.
  3. To invoke the APIs, you need to "Download test accounts" by registering and logging into the BOI Developer Hub.
  4. Please use the following ASPSP FAPI ID when invoking APIs "0015800000jfQ9aAAE" .
  5. Clients/applications have to be created through "Dynamic Client Registration (DCR) API". Existing clients/applications created through Bank of Ireland's previous version of sandbox UI interface will not work.
  6. Protocols supported by the APIs:
    • The OAuth2/ OIDC token endpoint authentication method to follow MTLS (Mutual Transport Layer Security).
    • API payload signing and encryption “ following JWS (JSON Web Signature) and JWE (JSON Web Encryption).
  7. The customer screens (login, account selection etc.) shown in the sandbox authorisation journey are not the actual screens visible to customers in production. Layout, text and supplementary information are indicative only.
Access our live UK APIs

d19c8c8c-d415-4bba-9b2e-8f947c94f5c0-image.png

Steps to follow to access our live APIs
  1. Enrol as a TPP on the Open Banking Directory.
  2. Create a Software Statement in the Open Banking Directory that corresponds to your application.
  3. We will only accept valid eIDAS certificates that comply with the PSD2 ETSI Profile for PSD2 APIs.
    • Bank of Ireland UK also accepts:
      • OBIE issued certificates compliant with PSD2 ETSI Profile (currently)
      • OBIE legacy certificates (currently)
    • Support for OBIE certificates is under review and this page will be updated accordingly.
  4. Onboard your application with us using the Dynamic Client Registration API.
  5. TPP will need to present a full certificate chain to invoke APIs i.e. intermediate along with leaf.
  6. Refer to the .well-known endpoints in the OIDC .well-known endpoint URL section in this page to get details of the URLs and the claims supported by Bank of Ireland.
  7. Protocols supported by the APIs:
    • The OAuth2/ OIDC token endpoint authentication method to follow MTLS (Mutual Transport Layer Security).
    • API payload signing and encryption following JWS (JSON Web Signature) and JWE (JSON Web Encryption).
OIDC .well-known endpoint URL

Bank of Ireland will now be allowing customers registered on the following bank channels to provide access to Third Parties:

  • 365 online
  • Business On Line (BOL)

Please refer to the URLs specific to the channels below:

Details required to access the respective environments are available with .well-known endpoints [RFC 8414] shared above.

Bank of Ireland (Republic of Ireland) is launching a new API service that has adopted the Open Banking standards, the same API standards used by Bank of Ireland UK, and complies with directive PSD2 and the EBA's Regulatory Technical Standards. The live environment will be available from September 2019. You can commence testing on the Sandbox on 14 March 2019 using the Sandbox URL.

Authorization Flow - Redirection Services/URLs

For the parameters supported by the Bank, please refer to the API specification guides.

Note:

  1. The customer screens (login, account selection etc.) shown in the Sandbox are not the actual screens visible to customers in production. Layout, text and supplementary information are indicative only.
  2. Bank of Ireland (Republic of Ireland) is launching a new API service that has adopted the Open Banking standards, the same API standards used by Bank of Ireland UK, and complies with directive PSD2 and the EBA's Regulatory Technical Standards. The live environment will be available from September 2019. You can commence testing on the Sandbox on 14 March 2019 using the Sandbox URL.
Open Data APIs

Open Data APIs are a category of APIs that offer bank-specific information, such as ATM locations, products, URLs and events. Open Data API support documentation can be found here.

Documentation on previous versions

Documentation on previous API versions can be found here.