Getting started

Introduction

Welcome to the PelicanPay API portal. Your starting point for making great apps! It allows you to consume Open Banking or PSD2 functionality from many banks in Europe via one unified API interface. Our API portal offers an easy and secure way to try out our platform and gives a preview of upcoming functionality. It allows developers to get familiar with our APIs, therefore we have put a lot of effort in our documentation and made all the endpoints available in a sandbox environment for easy testing.

In this portal we have published several Open Banking and PSD2 API standards that are available today. Select the standard you prefer, choose the destination bank and start testing.

Supported Countries

Country Connectivity Status
Austria Sandbox
Belgium Sandbox
Czech Republic Sandbox
Estonia Sandbox
Finland Sandbox
France Sandbox
Germany Sandbox
Italy Sandbox
Latvia Sandbox
Lithunia Sandbox
Luxembourg Sandbox
Netherlands Sandbox
Romania Sandbox
Slovakia Sandbox
Spain Sandbox
Sweden Sandbox
United Kingdom Sandbox and Production

We are constantly adding new banks as they are available. Please provide your interest in specific banks and countries and developer URLs provided by these banks here.

Remark: The PelicanPay API portal is in Beta mode. We are currently allowing access to only to the public sandbox and/or development environments provided by the banks.

Supported Destination API standard

Bank Format Version
ABN Amro 1.0
BBVA 1.0
The Berlin Group NextGenPSD2 1.1
The Berlin Group NextGenPSD2 1.2
The Berlin Group NextGenPSD2 1.3
Czech 1.1
Nordea 2.2
OBWG 3.1
Polish 2.1
Slovakia 1.1
Starling 2.0
STET 1.4

What are Open Banking API’s?

Mainly driven by the Payment Service Directive 2 (PSD2) many banks have published open API’s that enable third party developers to build applications and services around the financial institution. The majority of these API’s support Account Information Services (AIS) and Payment Initiation Services (PIS). This means that you can get the account balance or a list of transactions of a bank account, in the meantime it also allows you to create a payment that will be executed by the bank after authorization. In all cases user’s consent is required and the requests sent to the bank must be authorized by the user using the credentials issued by the bank.

For Account Information Services it is possible to get an authorization (i.e. token) that lasts up-to 90 days. This allows you to get balance and transaction information for the bank accounts that where part of this authorization, until the token expires.

PelicanPay API

In this API portal we have also published the PelicanPay API. We recommend this API as it will give you the best experience. The PelicanPay API implementation is a RESTful service and the requests and responses produced by the PelicanPay API are in JavaScript Object Notation, JSON format. The PelicanPay API come in two versions: basic and full. In the basic variant we have reduced the number of mandatory fields by enabling intelligent enrichments on our platform. You only need to provide the most relevant elements for making a payment or getting a list of transactions. We have tried to make it as easy as possible. For newcomers into Open Banking or PSD2 this will give the best experience.

The full variant of the PelicanPay API gives you maximum control. All the elements, whether mandatory or not, are available. As the basic variant is fully compatible with the full version you can always choose to switch to the full version later.

Sign-up

In order to start consuming our API’s you need to sign-up. This is very easy and only a few steps are required. Click on the sign up button that is available on top of every page. This will open the sign-up form where you are asked to provide some basic details like company name, e-mail address and username.

Select API and subscribe

When you have created an account, you are able to view the endpoints of the APIs that are published on the portal. Select the API you want to test or implement and subscribe to one of the available plans. We have a Beta plan available that allows you to make 100 Security API, 40 PIS API, 60 PIS API calls per hour in our sandbox environment. The Beta plan is free – there are no costs involved.

Go to the Plans section on this page for more details of all the subscriptions we offer.

Register Application

To invoke our APIs, you have to register an application in the portal. This application enables you to keep track of application-specific credentials that are issued in the Register Application step. Furthermore, it shows all API’s that are used by your application. The registration can be done separately or will automatically start when you subscribe to an API without having an application created yet. An overview of all your registered applications can be obtained anytime from the user account menu, which is available to users that have signed-up.

Authentication

To use any of the API’s that are published in this portal, you first need to authenticate your application and retrieve an access token. The type of access token dependents on the bank you connect to, however in most cases it will be handled via the OAuth2 authorization protocol.

Most of the PelicanPay product APIs requires client id, client secret, and OAuth2 access token to be sent in the API request header X-IBM-Client-Id, X-IBM-Client-Secret and Authorisation respectively. In some cases client id needs to be sent as query parameter client_id.

Only TPPs / Fintechs with valid client id & client secret will be able to consume the APIs. Client id & secret can be generated by creating an application on the API Portal.

PelicanPay currently has implemented the OAuth2 grant types:

  • Client credentials grant
  • Authorization code grant

Client Credentials

For accessing PelicanPay product APIs that don't need the authorization of a TPP/Fintech customer, OAuth2 client credentials grant flow needs to be used. This flow is sometimes called "two legged OAuth2" or "server-to-server".

Endpoints which needs to be used to generate the client credentials access token -

/token – Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Client credential access token

POST https://sb.tpp.api.pelicanpay.io/pelican/v1.0/token

Request:

POST /pelican/v1.0/token
content-type: application/x-www-form-urlencoded
x-ibm-client-id:
x-ibm-client-secret:
accept: */*
accept-encoding: gzip, deflate
grant_type=client_credentials&bank_name=MDLOGBXX&scope=accounts

Response:

HTTP/1.1 200
status: 200
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 86309829
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: POST
content-encoding: gzip
{
"access_token":"e3572a7a-2588-43fd-ac64-f07b6c55459b",
"token_type":"Bearer"
}

Authorization code

Some of the PelicanPay product APIs requires authorization from the customer. In this case you will use the OAuth2 Authorization code grant flow, which will provide your application with specific access for getting the customer data approved by the customer. This flow is sometimes called "three legged OAuth2".

Endpoints which needs to be used to generate the authorization code access token -

/authorize - Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Authorize

Request:

GET /pelican/v1.0/authorize
accept: */*
accept-encoding: gzip, deflate

Response:

HTTP/1.1 302
status: 302
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 103022193
cache-control: private
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
{
}

/token – Please refer the API documentation for more details on the request / response structure.

Example request / response:

# Authorize code access token

POST https://sb.tpp.api.pelicanpay.io/pelican/v1.0/token

Request:

POST /pelican/v1.0/token
content-type: application/x-www-form-urlencoded
x-ibm-client-id:
x-ibm-client-secret:
accept: */*
accept-encoding: gzip, deflate
grant_type=authorization_code&bank_name=MDLOGBXX&code=0e3f341a-7944-4c0d-8065-440fc830a256&redirect_uri=http://localhost:8080/callback

Response:

HTTP/1.1 200
status: 200
connection: Keep-Alive
content-type: application/json
x-global-transaction-id: 86352661
access-control-expose-headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
access-control-allow-origin: *
access-control-allow-methods: POST
content-encoding: gzip
{
"access_token":"29960742-b3e4-4c7c-9cab-477c45bff80a",
"token_type":"Bearer"
}

Support

Are you facing issues or challenges, please visit our support page where we have published some frequently asked questions that could be helpful. This FAQ will be regularly updated, based on your feedback.

If you have signed-up you can also create a support ticket on the same page. We aim to get back as soon as possible to your query or request.

Feedback

We really value your feedback. If you have suggestions or questions, please get in touch with us via this contact form.

Supported API standard

API Standard Version
PelicanPay 1.0