Maintenance Sunday 6th October

On Sunday 6th October from 06:00-09:00 CET, Handelsbanken online services, including our PSD2 APIs, for Sweden and Finland, will experience issues with card information during that time period, purchases will still be able to be executed during the maintenance period.

Testing the Accounts & Card Accounts API

Now let's get started with some testing! But first you have to sign up and create your own Apps, if not already done.

You have to go through all steps, chronologically, in this guide to get successful results as each step is dependent on previous step.

Sandbox Gateway Host URL

When testing our APIs in our Sandbox environment, please ensure that the below base URL is used in all requests.

Important 1:
When using our APIs in the Live environment, the base URL changes to https://api.handelsbanken.com/openbanking

Important 2:
The client id:s you get when creating your apps, have a format that differs from the Live environment. The Live environment creates client id:s that have a UUID format while the sandbox creates client id:s that have a UUID format without dashes.

 

Step-by-step guide

 

Step 1: Request Client Credential Grant (CCG) token

The authorization process starts with requiring a Client Credentials Grant (CCG). The result of this call will be a CCG access token which is used to call the POST /consents endpoint of the Consents API (which is used to acquire AIS consents for the PSU).

The Client Credential Grant request is identfied using the scope object (e.g. AIS). The CCG request is identical for all countries and is PSU independent.

Replace the “client_id” object with the client id you got when you created your App.

Further on in this guide you have to replace all objects in green color, with your client id, objects received from a previous step and objects that you have to choose yourself. Objects in red color are examples and cannot be used in requests.

Request example

curl -X POST https://sandbox.handelsbanken.com/openbanking/oauth2/token/1.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=AIS&client_id=YOUR CLIENT ID'

See below for the type of information that needs to be in your request for Sandbox testing.

Parameter Description Example
grant_type Type of token request - CCG in this case. Allowed value: “client_credentials”.
Mandatory
client_credentials
scope A static scope with one or several values. For the Account & Card Account APIs, "AIS" must be the scope.
Mandatory
AIS

 
client_id The client_id (app-id) you got when you created your app.
Mandatory
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc

Response example

This is what the response looks like when the CCG token has been successfully created. 

HTTP/1.1 200 OK
{
"access_token": "QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz",
"expires_in": 86400,
"token_type": "Bearer"
}

Note that the access token is an example. The response you will receive is unique for your request. So be aware of that objects in red are examples and cannot be used by you.

Parameter Description Example
access_token The returned CCG token, associated with your registered application for the scope(s) you have requested. QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz
expires_in

Number of seconds the access_token is valid for.

86400
token_type Always the value ”Bearer”. Bearer
 

Step 2: Initiate consent (using CCG token)

The consent process starts with requesting a Consent ID and available SCA methods. These objects will later be used in Step 3.The CCG access token, received from previous step, is pasted into the Authorization header of the request.

Note that requests to the GB and the LU markets have the country defined in the URL while requests to the other markets defines the country with a header in the request.

For GB and LU the URL looks like this:
POST https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/consents
and
POST https://sandbox.handelsbanken.com/openbanking/psd2/lu/individual/v1/accounts/consents

Important: If the PSU is a Corporate customer, then the header parameters "PSU-Corporate-ID" and "PSU-Corporate-ID-Type" must be included in the request. The "PSU-Corpotate-ID-Type" header is alway equal to "BANK". The "PSU-Corporate-ID" is found in the test data document, except for GB. For GB you should set the "PSU-Corporate-ID" equal to "UNKNOWN".

Request example

curl -X POST https://sandbox.handelsbanken.com/openbanking/psd2/v1/consents \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer CCG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Country: SE/NL/FI' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID' \
-d '{"access":"ALL_ACCOUNTS"}'

See below for the type of information that needs to be in your request for Sandbox testing.

Parameter Description Example
X-IBM-Client-Id The client_id (app-id) for your test app which we said you should note down earlier.
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
Authorization

The CCG access token.

Use the CCG access token received in previous step.
Mandatory.

Bearer QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz

Country ISO 3166-1 country code. 
Mandatory.
SE, FI, NL (one country per request)
TPP-Request-ID Unique identifier for the request. For Sandbox testing, you can make this up.
Mandatory.
c8271b81-4229-5a1f-bf9c-758f11c1f5b1
TPP-Transaction-ID Unique identifier for the transaction. For Sandbox testing, you can make this up.
Mandatory.
6b24ce42-237f-4303-a917-cf778e5013d6
access Supported value is 'ALL_ACCOUNTS'.
Mandatory.
ALL_ACCOUNTS

Response example

This is what the response looks like when the consent initiation for Account / Card Account Information has been done. A successful response will include a consent ID as well as links to endpoints for continuing the authorization process with the signing of the consent by the end user (PSU).

HTTP/1.1 200 OK {
 "consentId": "d3f3dd9f-9d41-85b2-4866-789a23caccc6",
 "consentStatus": "RECEIVED",
 "scaMethods": [{
  "_links": {
   "authorization": [{
    "href": "https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0",
    "name": "authorize_1.0",
    "type": "application/x-www-form-urlencoded"
   }
  ]
 },
 "scaMethodType": "REDIRECT"
 },
 {
  "_links": {
   "authorization": [{
    "href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0",
    "name": "decpld_mbid_2.0",
    "type": "application/json"
   }]
  },
 "scaMethodType": "DECOUPLED"
 }
]
}

Important: In the Live environment, the link to the authorization endpoint is different than in Sandbox.

- For Redirect:
Sandbox = "https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0"
Live = "https://secure.handelsbanken.com/mlurc/oauth2/authorize/1.0"

- For Decoupled:
Sandbox = "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0"
Live= "https://api.handelsbanken.com/mlurd/decoupled/mbid/initAuthorization/2.0"

Parameter Description Example
consentId The consent ID that has been created to be used later on when the PSU signs it. d3f3dd9f-9d41-85b2-4866-789a23caccc6
scaMethods.[]._links.authorization.[].href Link to authorization endpoint for starting the PSU authorization process.

Decoupled:
https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0

Redirect:
https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0

scaMethods.[].scaMethodType The type of PSU authorization method. DECOUPLED
REDIRECT
 

Step 3: Consent Authorisation Grant

We support two different authorization flows, Redirect and Decoupled. Redirect is available for all countries, while Decoupled is only available in Sweden.

Redirect Authorization flow

Redirect Request

In this first phase of the authorization flow, Authorize Request, the PSU is signing the consent. However, the signing is not implemented in the sandbox, therefore the response comes immediately as if the PSU had signed the consent.

Request example

curl -v -X GET 'https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0?response_type=code&scope=AIS:CONSENT ID YOU GOT FROM PREVIOUS STEP&client_id=YOUR CLIENT ID&state=YOUR CHOICE&redirect_uri=CHOOSE AN ARBITARY URI'
-H 'Accept: application/json' \
-H 'X-Sandbox-User: CHOOSE A SANDBOX USER FROM THE TEST DATA DOCUMENT'

Parameter Description Example
response_type The type of response, should always be "code".
Mandatory.
code
scope "AIS" for Account / Card information plus consent-id
Mandatory.
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6
client_id Your application's client-id.
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
state An identifier chosen by you (the TPP), to be able to identify the current transaction. This will be provided in the call to your redirect URI.
Mandatory.
bc4b933c-bfc2-44c8-b858-eba90f559f91
redirect_uri This is the callback URI to your own service, that will be called after the PSU finishes authorizing themselves. In the sandbox it will be called immediately since we don't have to wait for a user.
Mandatory.
http://YourCallbackServer/redirect/result
X-Sandbox-User The sandbox user that is going to sign the consent. In production this is handled by the actual authentication user interface. In the sandbox we cheat and use a parameter.
Mandatory for individual users, as well as for corporate users in GB.
SANDBOX-INDIVIDUAL-SE-1

Response example

In the sandbox the response is returned with a HTTP code 302 with Location header set to the redirect URI with query parameters of state (from the request) and an authorization code to be used in the next step: Request Authorization Code Grant token.

If there is an error, a Location header will be returned with the query parameters "error" and "error_description".

http://YourCallbackServer/redirect/result?state=bc4b933c-bfc2-44c8-b858-eba90f559f91&code=617ee7d6-5c66-0423-ef83-583ac0da1f46

Parameter Description Example
state The identifier that you provided in the authorize request, to identify the current transaction.
Mandatory.
bc4b933c-bfc2-44c8-b858-eba90f559f91
code An authorization code to be used in the next step.
Mandatory.
617ee7d6-5c66-0423-ef83-583ac0da1f46

Request Authorization Code Grant token

The final step in the redirect authorization flow is to retrieve an access token, by calling the Authorization Code Grant API

Request example

curl -X POST https://sandbox.handelsbanken.com/openbanking/oauth2/token/1.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&scope=AIS:CONSENT ID YOU GOT FROM PREVIOUS STEP&client_id=YOUR CLIENT ID&code=AUTHORIZATION CODE FROM PREVIOUS STEP&redirect_uri=CHOOSE AN ARBITARY URI'

See below for the type of information that needs to be in your request.

Parameter Description Example
grant_type The type of token call. Should be "authorization_code".
Mandatory.
authorization_code
scope "AIS" for Account / Card information plus consent-id.
Mandatory.
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6
client_id Your application's client-id.
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
code The authorization code from last step.
Mandatory.
617ee7d6-5c66-0423-ef83-583ac0da1f46
redirect_uri This is the callback URI to your own service.
Mandatory.
http://YourCallbackServer/redirect/result

Response example

This is what the response looks like when an access token has been successfully retrieved from the authorization server.

HTTP/1.1 200 OK {
"access_token": "QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi",
"expires_in": 86400,
"token_type": "Bearer",
"refresh_token": "UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3"
}

Parameter Description Example
access_token The access token to be used in Authorization header in the coming requests against the endpoints of the accounts or card accounts APIs. QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi
expires_in Number of seconds the access_token is valid.
Note that the sandbox only has static data - the access_token will never expire.
86400
token_type Always the value ”Bearer”. Bearer
refresh_token A token that can be used when the access_token has expired, but the consent is still valid. UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3

Decoupled Authorization flow

The Decoupled Authorization flow is only available in Sweden. It uses the Mobile BankID for authentication. However the Sandbox is not connected to mobile bank id. Instead the authentication will always be successful.

Decouple Request

Request example

Note that the "psu_id" is mandatory for individual users, but not used for corporate users

curl -X POST https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "client_id": "YOUR CLIENT ID", "scope": "AIS:CONSENT ID RECEIVED FROM PREVIOUS STEP", "psu_client_ip": "YOUR CHOICE"", "psu_id": "SANDBOX-INDIVIDUAL-SE-1", "bisa_same_device": true }'

See below for the type of information that needs to be in your request. Please make sure you replace the example values with the correct ones in your request.

Parameter Description Example
client_id Your application's client-id.
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
scope "AIS" for Account / Card information plus consent-id
Mandatory.
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6
psu_client_ip IP address of the PSU's device. Both IPV4 and IPV6 address formats are allowed.
Mandatory.
127.0.0.1
psu_id PSU Personal Id which is the sandbox user to authenticate.
Mandatory for individual users, not used for corporate users.
SANDBOX-INDIVIDUAL-SE-1
bisa_same_device Data type : boolean. Set value to true when the customer BankID app (BISA) run on the same device as the TPP client. An autoStartToken will be returned
in the response. Set value to false when the BISA app run on a different device then the TPP client. A complete QR code will be returned in the response.
Note that the parameter is not used by the sandbox, since the sandbox is not connected to Mobile BankID.
Mandatory.
true

Response example when bisa_same_device=true

HTTP/1.1 200 OK
{
"auto_start_token": "Not a valid auto_start_token",
"sleep_time": 2000,
"_links": {
 "token": {
  "href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
  "hints": {
   "allow": ["POST"]
   }
  },
 "cancel": {
  "href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
  "hints": {
   "allow": ["POST"]
   }
  }
 }
}

Response when bisa_same_device=false

HTTP/1.1 200 OK
{
"qr_code": "Not a valid qr_code",
"sleep_time": 2000,
"_links": {
 "token": {
  "href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
  "hints": {
   "allow": ["POST"]
   }
  },
 "cancel": {
  "href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
  "hints": {
   "allow": ["POST"]
   }
  }
 }
}

Description of response parameters.

Parameter Description Example
auto_start_token Optional, will only be returned when bisa_same_device=true. Token will be invalid since the sandbox is not connected to BankID. Not a valid auto_start_token
qr_code Optional, will only be returned when bisa_same_device=false. The QR-code will be invalid since the sandbox is not connected to BankID. Not a valid qr_code
sleep_time The minimum number of milliseconds to wait before invoking the token endpoint and between each call to that endpoint. 2000
links.token.href Link to the token endpoint, with your unique session-id, to use in the next step. https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89
links.cancel.href Link to the cancel endpoint, to cancel the ongoing authorization process.
Note that the sandbox uses static data. It is therefore not possible to actually cancel the authorization process. Though it is possible to call the endpoint, but it will have no effect.
https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89

Request Decoupled Grant token

In production it is necessary to start the BankID app, or display a QR-code to the user. However the sandbox is not connected to BankID. Therefor we need to skip that step.

The final step in the decoupled authorization process is to retrieve an access token, by calling the Decoupled Grant API

The URL to this request was received in previous step. In production it is necessary to poll this URL repeatedly, but in the sandbox it will always send a response with the "COMPLETE" status.

Request example

curl -X POST 'https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=SESSION ID RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{}'

Response example

This is what the response looks like when the authorization has been successfully completed by the end user (PSU).

Note that the status will always be COMPLETE for the sandbox.

HTTP/1.1 200 OK
{
"result" : "COMPLETE”,
"access_token" : "QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi",
"token_type" : "Bearer",
"expires_in" : 86400,
"refresh_token" : "UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3"
}

Parameter Description Example
result Information about which "status" the token request is in:
COMPLETE - the PSU has verified and the response includes token info.
COMPLETE
access_token The access token to be used in Authorization header in the coming requests against the endpoints of theaccounts and cards APIs.
Note! This token can only be used for the particular scope+PSU consent, that was given at initiation of the authorization.
QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi
token_type Always the value "Bearer". Bearer
expires_in Number of seconds the access_token is valid.
Note that the sandbox only has static data - the access_token will never expire.
86400
refresh_token A token that can be used when the access_token has expired, but the consent is still valid. UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3

Step 4: Call the Account / Card Account Information APIs

The information you retrieve, from previous step, can vary due to the type of customer and which country the customer holds accounts in. Whilst we always try to keep our Sandbox test data up to date, the Account and Card Account attribute documents reflect exactly what is retrievable in our Live APIs. So before integrating with our Live APIs, please check our Country specific pages for the countries you want to integrate with, particularly the Attribute documents.

Remember that for GB and LU the URL looks as following:
GET https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/accounts
and
GET https://sandbox.handelsbanken.com/openbanking/psd2/lu/individual/v1/accounts

The request examples we have provided below, is for the Account Information API.

To test the Card Accounts Information API, use the following endpoints instead:  /card-accounts and /card-accounts/{accountId}/transactions

For FI and SE the URL looks as following:
https://sandbox.handelsbanken.com/openbanking/psd2/v1/card-accounts
and
for GB the URL looks as following:
https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/card-accounts



GET /accounts example

curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'

See below for the type of information that needs to be in your request.

Parameter Description Example
X-IBM-Client-Id The client_id (app-id)
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
Authorization

The ACG/DG access token.

Mandatory.

Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1
TPP-Request-ID Unique identifier for the request. For Sandbox testing, you can make this up.
Mandatory.
c8271b81-4229-5a1f-bf9c-758f11c1f5b1
TPP-Transaction-ID Unique identifier for the transaction. For Sandbox testing, you can make this up.
Mandatory.
6b24ce42-237f-4303-a917-cf778e5013d6

Response

You'll receive all the available accounts for the test customer.



GET /accounts/{accountId} example

An accountId is obtained from the GET/accounts step which you just did, so make sure you add this in to the URL

curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'

See below for the type of information that needs to be in your request.

Parameter Description Example
X-IBM-Client-Id The client_id (app-id)
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
Authorization

The ACG/DG access token.

Mandatory.

Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1
TPP-Request-ID Unique identifier for the request. For Sandbox testing, you can make this up.
Mandatory.
c8271b81-4229-5a1f-bf9c-758f11c1f5b1
TPP-Transaction-ID Unique identifier for the transaction. For Sandbox testing, you can make this up.
Mandatory.
6b24ce42-237f-4303-a917-cf778e5013d6

Response

You'll receive all information available, excluding the balance, for a particular account.

 

GET /accounts/{accountId} with balance example

If you would like to get a balance with the account too, please do the request with the accountId (that you previously received) and include the withBalance query parameter.

curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID?withBalance=true \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'

See below for the type of information that needs to be in your request.

Parameter Description Example
X-IBM-Client-Id The client_id (app-id)
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
Authorization

The ACG/DG access token.

Mandatory.

Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1
TPP-Request-ID Unique identifier for the request. For Sandbox testing, you can make this up.
Mandatory.
c8271b81-4229-5a1f-bf9c-758f11c1f5b1
TPP-Transaction-ID Unique identifier for the transaction. For Sandbox testing, you can make this up.
Mandatory.
6b24ce42-237f-4303-a917-cf778e5013d6

Response

You'll receive all information available, including the balance, for a particular account.

 

GET /accounts/{accountId}/transactions example

If you would like to get transactions for the account, please do the request with the accountId (that you previously received).

You also have the possibility to add the query parameters dateTo and dateFrom with this format "YYYYMMDD"

curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID/transactions \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'

See below for the type of information that needs to be in your request.

Parameter Description Example
X-IBM-Client-Id The client_id (app-id)
Mandatory.
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc
Authorization

The ACG/DG access token.

Mandatory.

Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1
TPP-Request-ID Unique identifier for the request. For Sandbox testing, you can make this up.
Mandatory.
c8271b81-4229-5a1f-bf9c-758f11c1f5b1
TPP-Transaction-ID Unique identifier for the transaction. For Sandbox testing, you can make this up.
Mandatory.
6b24ce42-237f-4303-a917-cf778e5013d6

Response

You'll receive all transactions available for a particular account.