sbanken / api-examples Goto Github PK

Examples on how to use the Sbanken Open Banking API

C# 11.02% JavaScript 47.38% HTML 3.32% CSS 4.98% Python 8.14% Shell 2.89% PowerShell 3.91% Java 8.19% Vue 10.17%

dotnet-core swagger-documentation electron nodejs

api-examples's Introduction

API usage examples

Introduction

This repository provides a few examples on how to use Sbankens Open Banking APIs. These will enable you to quickly get started and get familiar with the basic concepts of authorization and API usage.

DotNetCoreSampleApplication

Simple .NET Core Console Application which retrieves accessToken, customer and account information.

NodeSampleApplication

Simple Node client which retrieves accessToken and account information.

JavaSampleApplication

Java client which retrieves accessToken and account information.

ElectronSampleApplication

Simple Electron App with an example GUI which retrieves accessToken and account information.

VueSampleApplication

Simple Vue.js App with an example GUI which retrieves account information and transactions.

PythonSampleApplication

Python script which retrieves accessToken, customer and account information.

ShellScripts

Shell script examples on how to retrieve accessToken and account information.

Documentation

Update June 2021

New version of APIs (v2) at https://publicapi.sbanken.no/openapi/apibeta/index.html
- Added new API for Sbanken Mailbox
Removed old scopes (These are replaced by a single scope)
Decomissioned the API endpoints at:
- api.sbanken.no/exec.bank
- api.sbanken.no/exec.customers

Update May 2021

New domain name and endpoint: https://publicapi.sbanken.no/apibeta/
New Open API / swagger endpoint: https://publicapi.sbanken.no/openapi/apibeta/index.html
New API: Archived Transactions with transactionId (see OpenAPI /swagger endpoint)
CustomerId as a HTTP request header is not required and used anymore
New Authorization scope available in https://utvikler.sbanken.no (logged in at /Personal/ApiBeta/Info/)
Old authorization scopes will be removed in one month
In the event of unexpected failures, a ProblemDetails (RFC7807) response will be returned

Update September 2018

Changed authentication endpoint from https://api.sbanken.no/identityserver to https://auth.sbanken.no/identityserver

Update May 2018

We have stopped using customerId as a part of the API URL. Instead we require all API requests to include the customerId as a http header. See swagger for more information.
We have rolled back all APIs to start on V1
We have stopped using AccountNumber as part of the URL. Instead we require all Account API requests to include the AccountId as retrieved from HTTP GET /exec.bank/api/v1/Accounts (see powershell script example)
Update of IdentityServer requires Clients to form-urlencode ClientId and Secret prior to Base64-encoding the Authorization header. This is according to specification in RFC6749. See DotNetCoreSampleApplication (updated to IdentityModel 3.6.1 which does this automatically) and ShellScripts example.

Swagger

The following links provides detailed description of the REST interfaces. This includes how to construct your requests and what response to expect.

https://publicapi.sbanken.no/openapi/apibeta/index.html

Authentication

How to get an Access Token

One must authenticate in order to get an access token. To authenticate the clientId and secret is sent to the sbanken authorization server. If valid, an access token is returned.

// client credentials

var clientId = "*****" // clientId obtained from Sbanken API Beta / utviklerportalen
var secret = "****" // password

// First, the application must authenticate itself with Sbanken's authorization server.
// The basic authentication scheme is used here (https://tools.ietf.org/html/rfc2617#section-2 ) 

// The clientId and secret must first be urlencoded and then base64 encoded, separated by a single colon ( : ).
// You might have to investigate which base64 encoding-library to use depending on your choice of programming language.

var basicAuthentationHeaderValue = btoa(encodeURIComponent(clientId) + ":" + encodeURIComponent(secret));

To obtain the access token, send a request to the token URI with the following http headers. Note: For the Authorization header, the value of the header must be prefixed with "Basic " as shown below.

// host
https://auth.sbanken.no

// uri
POST /identityserver/connect/token  

// headers
Authorization: Basic Y2xpZW50aWQ6c2VjcmV0
Accept: application/json  
Content-Type: application/x-www-form-urlencoded

// request body
grant_type=client_credentials

If the request was successful, one should get the following response:

{
    "access_token": "abcdefghijklmnopqrstuvwxyz..",
    "expires_in": 3600,
    "token_type": "Bearer"
}

Known bugs

Swagger documentation

The Try Me-button will not work. This is because it will send an unauthenticated request.
Transactions: TransactionId is returned in Transactions although not part of documentation.
Transactions: source will either be 0 or 1 although documentation states it should be an enum string (accountStatement or archive)

FAQ

How do I find the customerId / userId?

This is your social security number. The same Id which is used when you log in with BankID.

As of april 2021 you do not need to send this anymore.

Availability

In order to get access to these APIs certain requirements needs to be fullfilled:

You are a Sbanken customer
You have to sign up for access via https://utvikler.sbanken.no
You have to enable "Beta" in your personal settings
Finally, you need to complete the API Beta setup wizard.

(Detailed information will be provided after you sign up for access)

api-examples's People

Contributors

Stargazers

Watchers

Forkers

jakmanne larshn thorchr codeape2 oppsig timurgen pwntus steni yarwelp dagjomar anderaus arnemolland 9khil lulzzz danntapl vandofb h129411 zura-not-zura yhoiseth tobce monsendag eikaas tld fellmirr info134 larserikdahl gregoriodistefano elzapp tah cmtrc oivindkulsrud vegar sigurdrg hoihrig benjaminrhope davandre1978 p-rc-andrade hsnbilgen espenfjo itsnwa ricmik kbrabrand pnitram tstromdahl lillevik mrhaugen fe950 hpl002 hanton2222 stanlylife ploppz henriktorget sngynprk akshatjain04 karstenwalle runargun

api-examples's Issues

500 Internal Server Error when registering customer

I try to register an app to test your API, but I get a 500 back

503 when get accounts

URL: https://api.sbanken.no/bank/api/v1/accounts/
response body:

   body: %{
     "errorMessage" => "Could not complete the request due to an expected or unexpected error.",
     "errorType" => 0,
     "isError" => true,
     "traceId" => "28576c77-97aa-4d65-bf10-3bd320cc51cf"
   },

Separate Python packages from environment

Don't encourage developers to install packages globally. Instead, use Pipenv or requirements.txt + virtualenv.

I'm happy to create a PR that fixes this.

Saldo oppdaterer seg ikke innenfor en session

Når en kjører kall for å overføre penger så oppdaterer transaksjonslisten seg men ikke saldo.
Dette ser ut til å være pga. caching av saldo innenfor en session. Bør oppdatere dokumentasjonen tilsvarende (evt. fikse bug).

Error with status code 400 running NodeSampleApplication

Prøver å kjøre Node eksempelet. Har lagt inn fødselsnummer, clientid og secret fra utviklerportalen slik det står beskrevet i README, men får denne erroren når jeg prøver å gjøre et GET kall mot http://localhost:3001/api/data:

 yarn run start
yarn run v1.3.2
$ node ./bin/www
yay got {"access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjRFRjYwMjJFMUNFODJGQ0NEN0UxRjU2OUIzOEJENUU1OTE0OEI5MzAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJUdllDTGh6b0w4elg0ZlZwczR2VjVaRkl1VEEifQ.eyJuYmYiOjE1NDE4MTMyMDcsImV4cCI6MTU0MTgxNjgwNywiaXNzIjoiaHR0cHM6Ly9hdXRoLnNiYW5rZW4ubm8vaWRlbnRpdHlzZXJ2ZXIiLCJhdWQiOlsiaHR0cHM6Ly9hdXRoLnNiYW5rZW4ubm8vaWRlbnRpdHlzZXJ2ZXIvcmVzb3VyY2VzIiwiQmFua0FQSSIsIkN1c3RvbWVyc0FQSSJdLCJjbGllbnRfaWQiOiJlYWU4ZTBmMzA1YmY0MWUxYmQxNDkxMjQyMzkxZDI3MSIsImNsaWVudF9tZXJjaGFudF9pZCI6IkFwaUJldGE6ODA1MjQ2IiwiY2xpZW50X3NpZCI6ImIzNjg1ZTQ2MzI4NzQzMThiZGY0OTMzYmMwODEwZTQ2Iiwic2NvcGUiOlsiQmFuay5BY2NvdW50cy5yZWFkX2FjY2VzcyIsIkJhbmsuRUZha3R1cmFzLmZ1bGxfYWNjZXNzIiwiQmFuay5UcmFuc2FjdGlvbnMucmVhZF9hY2Nlc3MiLCJCYW5rLlRyYW5zZmVycy5mdWxsX2FjY2VzcyIsIkN1c3RvbWVycy5DdXN0b21lcnMucmVhZF9hY2Nlc3MiXX0.MnQWc9mcG7wZGQeFD70_pH6wd4wggaRKS0swF2-dXFaWus6A8Q1kaQlMbJSmQ4gl1B8tmqYwim3RiXPRyUUDt_oyIMdew-wWyvq0ttoAE9AONyVS8CpEJL8WMzX9U50EHcZSV9GxTJwflhTM85hYA01J-DaREgd7Cfmg2fEQibQcuQVYedtC0MqEJ67ddc1h7JTDHcKmWVaVQIMZpfoBtcAWLuYR4IktPkG7b77iAOtYVH90zg3R4LDeLfSaAUjIeZfEC36LRHPWKG2bASFMtQbCmUiEBYgporwzNUgJf_r2KvAfVDkq-meN8JDIdmMoEb_K2O2O5WaS9z6wGbXdJg","expires_in":3600,"token_type":"Bearer"}
Key:  { access_token: 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjRFRjYwMjJFMUNFODJGQ0NEN0UxRjU2OUIzOEJENUU1OTE0OEI5MzAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJUdllDTGh6b0w4elg0ZlZwczR2VjVaRkl1VEEifQ.eyJuYmYiOjE1NDE4MTMyMDcsImV4cCI6MTU0MTgxNjgwNywiaXNzIjoiaHR0cHM6Ly9hdXRoLnNiYW5rZW4ubm8vaWRlbnRpdHlzZXJ2ZXIiLCJhdWQiOlsiaHR0cHM6Ly9hdXRoLnNiYW5rZW4ubm8vaWRlbnRpdHlzZXJ2ZXIvcmVzb3VyY2VzIiwiQmFua0FQSSIsIkN1c3RvbWVyc0FQSSJdLCJjbGllbnRfaWQiOiJlYWU4ZTBmMzA1YmY0MWUxYmQxNDkxMjQyMzkxZDI3MSIsImNsaWVudF9tZXJjaGFudF9pZCI6IkFwaUJldGE6ODA1MjQ2IiwiY2xpZW50X3NpZCI6ImIzNjg1ZTQ2MzI4NzQzMThiZGY0OTMzYmMwODEwZTQ2Iiwic2NvcGUiOlsiQmFuay5BY2NvdW50cy5yZWFkX2FjY2VzcyIsIkJhbmsuRUZha3R1cmFzLmZ1bGxfYWNjZXNzIiwiQmFuay5UcmFuc2FjdGlvbnMucmVhZF9hY2Nlc3MiLCJCYW5rLlRyYW5zZmVycy5mdWxsX2FjY2VzcyIsIkN1c3RvbWVycy5DdXN0b21lcnMucmVhZF9hY2Nlc3MiXX0.MnQWc9mcG7wZGQeFD70_pH6wd4wggaRKS0swF2-dXFaWus6A8Q1kaQlMbJSmQ4gl1B8tmqYwim3RiXPRyUUDt_oyIMdew-wWyvq0ttoAE9AONyVS8CpEJL8WMzX9U50EHcZSV9GxTJwflhTM85hYA01J-DaREgd7Cfmg2fEQibQcuQVYedtC0MqEJ67ddc1h7JTDHcKmWVaVQIMZpfoBtcAWLuYR4IktPkG7b77iAOtYVH90zg3R4LDeLfSaAUjIeZfEC36LRHPWKG2bASFMtQbCmUiEBYgporwzNUgJf_r2KvAfVDkq-meN8JDIdmMoEb_K2O2O5WaS9z6wGbXdJg',
  expires_in: 3600,
  token_type: 'Bearer' }
{ Error: Bad Request
    at Request.callback (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\index.js:706:15)
    at parser (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\index.js:916:18)
    at IncomingMessage.res.on (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\parsers\json.js:19:7)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1055:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
  status: 400,
  response:
   Response {
     domain: null,
     _events: {},
     _eventsCount: 0,
     _maxListeners: undefined,
     res:
      IncomingMessage {
        _readableState: [Object],
        readable: false,
        domain: null,
        _events: [Object],
        _eventsCount: 4,
        _maxListeners: undefined,
        socket: [Object],
        connection: [Object],
        httpVersionMajor: 1,
        httpVersionMinor: 1,
        httpVersion: '1.1',
        complete: true,
        headers: [Object],
        rawHeaders: [Array],
        trailers: {},
        rawTrailers: [],
        upgrade: false,
        url: '',
        method: null,
        statusCode: 400,
        statusMessage: 'Bad Request',
        client: [Object],
        _consuming: true,
        _dumped: false,
        req: [Object],
        text: '{"errorType":1,"isError":true,"errorMessage":"Required parameter \'customerId\' not found.","traceId":"5cda9da3-2fc7-4c47-b464-3cf2a825b4c8"}',
        read: [Function] },
     request:
      Request {
        domain: null,
        _events: {},
        _eventsCount: 0,
        _maxListeners: undefined,
        _agent: false,
        _formData: null,
        method: 'GET',
        url: 'https://api.sbanken.no/bank/api/v1/accounts/',
        _header: [Object],
        header: [Object],
        writable: true,
        _redirects: 0,
        _maxRedirects: 5,
        cookies: '',
        qs: {},
        _query: [],
        qsRaw: [],
        _redirectList: [],
        _streamRequest: false,
        req: [Object],
        protocol: 'https:',
        host: 'api.sbanken.no',
        _endCalled: true,
        _callback: [Function],
        res: [Object],
        response: [Circular],
        called: true },
     req:
      ClientRequest {
        domain: null,
        _events: [Object],
        _eventsCount: 3,
        _maxListeners: undefined,
        output: [],
        outputEncodings: [],
        outputCallbacks: [],
        outputSize: 0,
        writable: true,
        _last: true,
        upgrading: false,
        chunkedEncoding: false,
        shouldKeepAlive: false,
        useChunkedEncodingByDefault: false,
        sendDate: false,
        _removedConnection: false,
        _removedContLen: false,
        _removedTE: false,
        _contentLength: 0,
        _hasBody: true,
        _trailer: '',
        finished: true,
        _headerSent: true,
        socket: [Object],
        connection: [Object],
        _header: 'GET /bank/api/v1/accounts/ HTTP/1.1\r\nHost: api.sbanken.no\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: node-superagent/3.8.3\r\nAuthorization: Bearer [<REDACTED_BY_PIRAVP>] Accept: application/json\r\nConnection: close\r\n\r\n',
        _onPendingData: [Function: noopPendingOutput],
        agent: [Object],
        socketPath: undefined,
        timeout: undefined,
        method: 'GET',
        path: '/bank/api/v1/accounts/',
        _ended: true,
        res: [Object],
        aborted: undefined,
        timeoutCb: null,
        upgradeOrConnect: false,
        parser: null,
        maxHeadersCount: null,
        [Symbol(outHeadersKey)]: [Object] },
     text: '{"errorType":1,"isError":true,"errorMessage":"Required parameter \'customerId\' not found.","traceId":"5cda9da3-2fc7-4c47-b464-3cf2a825b4c8"}',
     body:
      { errorType: 1,
        isError: true,
        errorMessage: 'Required parameter \'customerId\' not found.',
        traceId: '5cda9da3-2fc7-4c47-b464-3cf2a825b4c8' },
     files: undefined,
     buffered: true,
     headers:
      { 'transfer-encoding': 'chunked',
        'content-type': 'application/json; charset=utf-8',
        'access-control-allow-origin': '*',
        'x-rate-limit-limit': '1m',
        'x-rate-limit-remaining': '29',
        'x-rate-limit-reset': '2018-11-10T01:27:47.3400000Z',
        'strict-transport-security': 'max-age=31536000; includeSubDomains; preload',
        serv: '1',
        date: 'Sat, 10 Nov 2018 01:26:47 GMT',
        connection: 'close' },
     header:
      { 'transfer-encoding': 'chunked',
        'content-type': 'application/json; charset=utf-8',
        'access-control-allow-origin': '*',
        'x-rate-limit-limit': '1m',
        'x-rate-limit-remaining': '29',
        'x-rate-limit-reset': '2018-11-10T01:27:47.3400000Z',
        'strict-transport-security': 'max-age=31536000; includeSubDomains; preload',
        serv: '1',
        date: 'Sat, 10 Nov 2018 01:26:47 GMT',
        connection: 'close' },
     statusCode: 400,
     status: 400,
     statusType: 4,
     info: false,
     ok: false,
     redirect: false,
     clientError: true,
     serverError: false,
     error:
      { Error: cannot GET /bank/api/v1/accounts/ (400)
    at Response.toError (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\response.js:94:15)
    at ResponseBase._setStatusProperties (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\response-base.js:123:16)
    at new Response (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\response.js:41:8)
    at Request._emitResponse (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\index.js:752:20)
    at parser (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\index.js:916:38)
    at IncomingMessage.res.on (C:\Users\pirar\Downloads\api-examples\NodeSampleApplication\node_modules\superagent\lib\node\parsers\json.js:19:7)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1055:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
        status: 400,
        text: '{"errorType":1,"isError":true,"errorMessage":"Required parameter \'customerId\' not found.","traceId":"5cda9da3-2fc7-4c47-b464-3cf2a825b4c8"}',
        method: 'GET',
        path: '/bank/api/v1/accounts/' },
     created: false,
     accepted: false,
     noContent: false,
     badRequest: true,
     unauthorized: false,
     notAcceptable: false,
     forbidden: false,
     notFound: false,
     unprocessableEntity: false,
     type: 'application/json',
     charset: 'utf-8',
     links: {},
     setEncoding: [Function: bound ],
     redirects: [] } }
GET /api/data 200 414.788 ms - 2

Klarer ikke helt se hva jeg gjør feil, setter stor pris på tips som kan peke meg i riktig retning!

Investment accounts - virker ikke, får bare 403 forbidden

Selv om alle tilganger er aktivert inne på utviklerportalen så virker det umulig å få ut data om "investment accounts".

Jeg henter ut data om kontoer og transaksjoner fra api.sbanken.no/exec.bank/api/v1/... helt uten problemer. Virker som om det er noe spesielt med api.sbanken.no/exec.customers/api/v1/MyProfiles/... ??

Har også fått bekreftet dette problemet fra folk som har mer peiling enn meg :-)

Edit: Hvis noen får dette til å virke (dvs. at det bare er meg som roter), så si ifra! :-)

An error occurred while sending the request

I get an error when running the example code from:
https://github.com/Sbanken/api-examples/tree/master/DotNetCoreSampleApplication

I have checked the clientId, secret and customerId again and again, and have verified that there are no hidden characters inside any of these strings.
I have regenerated new secret and tried again.

One other person has tried running the same code with his own clientId and secret, and for him the code runs without any problem.

I do have a letter ø inside my name. I wonder if that might be the reason. Could it be that the API is generated based on the name, and that the norwegian letters are not valid?
Or are there any other solutions/ suggestions?

I use .Net Core 2.0 and the Sbanken.DotNet 0.2.0 (NuGet package; https://www.nuget.org/packages/Sbanken.DotNet/0.2.0/ )

This is the error I get in the RunAsync().Wait();

System.AggregateException
HResult=0x80131500
Message=One or more errors occurred. (Error connecting to https://apisbanken.no/identityserver/.well-known/openid-configuration: An error occurred while sending the request.)
Source=System.Private.CoreLib
StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at SampleApplication.Program.Main(String[] args) in Program.cs:line 17

Inner Exception 1:
Exception: Error connecting to https://apisbanken.no/identityserver/.well-known/openid-configuration: An error occurred while sending the request.

GET /api/v1/EFakturas returns times without timezone information

Date/time from other endpoints have timezone information (Z) at the end of the timestamp, but the fields originalDueDate and notificationDate of GET /api/v1/EFakturas do not. This requires them to be parsed differently

Example node application not working

I'm getting a 401 when using the example Node application without any error text in the response. I'm getting a token, but getAccountDetails is failing. In the credentials file, what is the userid supposed to be? Any suggestions?

May 2018 v1 API transactionID when parameters are not set

This seems to be going against the contract:

Internbank.Api.Contracts.Core.Bank.Transactions.v1.Transaction {
accountingDate (string, optional),
interestDate (string, optional),
otherAccountNumber (string, optional),
otherAccountNumberSpecified (boolean, optional),
amount (number, optional),
text (string, optional),
transactionType (string, optional),
transactionTypeCode (integer, optional),
transactionTypeText (string, optional),
isReservation (boolean, optional),
reservationType (string, optional) = ['notReservation', 'visaReservation', 'purchaseReservation', 'atmReservation'],
source (string, optional) = ['accountStatement', 'archive'],
cardDetails (Internbank.Api.Contracts.Core.Bank.Transactions.v1.CardDetails, optional),
cardDetailsSpecified (boolean, optional)
}

Missing documentation on authentication

Missing documentation on authentication - how to get a token

VIPPS transaction lacks "Beløpet gjelder"

Seems JSON from API have no property corresponding to the description field "Beløpet gjelder".

This limits automation possibilities when scanning for keywords, for example inbound automatically transfer to other account based on keyword.

No swagger documentation on how to get transactionDetails?

The swagger documentation says that the transactions reponse can contain this:

"hasTransactionDetail": true,
"transactionDetail": {
        "formattedAccountNumber": "string",
        "transactionId": 0,
        "cid": "string",
        "amountDescription": "string",
        "receiverName": "string",
        "numericReference": 0,
        "payerName": "string",
        "registrationDate": "2019-07-20T18:14:57.078Z"
}

But I have only been able to get reponses with "hasTransactionDetail": false and no transactionDetail. Am I missing something?

Investments missing from API

Any chance of adding balance of equity funds to the API?

Lifetime of access token missing in doc.

The lifetime of the requested access token is not mentioned in doc.

How long does the access token live ?

'otherAccountNumber': None,

Får ikke hentet ut informasjon fra otherAccountNumber for transaksjonsdata
'items': [{'accountNumber': 'XXXXXXXXXXX',
'accountingDate': '2018-02-05T00:00:00+01:00',
'amount': 100.0,
'customerId': '090294XXXXX',
'interestDate': '2018-02-05T00:00:00+01:00',
'otherAccountNumber': None,
'registrationDate': None,
'text': 'Nettgiro fra: Emil Barmen Betalt: 04.02.18',
'transactionId': '337164480501079672',
'transactionType': 'RKI'}],
'traceId': None}

Swagger - Transactions v2 is missing "transactionId" in API doc

According to https://api.sbanken.no/Bank/swagger/#!/GET/ApiV2TransactionsByCustomerIdByAccountNumberGet, transactionId is no longer available in API v2. It was available in v1 and the API response also contains the field.

Current API documentation:

Internbank.Api.Contracts.Core.Bank.Transactions.v2.Transaction {
	accountingDate (string, optional),
	interestDate (string, optional),
	otherAccountNumber (string, optional),
	otherAccountNumberSpecified (boolean, optional),
	amount (number, optional),
	text (string, optional),
	transactionType (string, optional),
	transactionTypeCode (integer, optional),
	transactionTypeText (string, optional),
	isReservation (boolean, optional),
	reservationType (string, optional) = ['notReservation', 'visaReservation', 'purchaseReservation', 'atmReservation'],
	source (string, optional) = ['accountStatement', 'archive'],
	cardDetails (Internbank.Api.Contracts.Core.Bank.Transactions.v2.CardDetails, optional),
	cardDetailsSpecified (boolean, optional)
}

Duplicate transactions without transactionid

I'm currently experiencing that the most recent transactions (Last 16 days) have duplicates without transactionId, even though the transactions have been cleared and are not reservations.

/api/v2/Transactions/{accountId} bug in length

Small issue with /api/v2/Transactions/{accountId}. Doc (https://publicapi.sbanken.no/openapi/apibeta/index.html?urls.primaryName=API%20Beta%20V2#/Transactions/Transactions_List) states max length is 1000, but API won't accept more than 100. Not a big issue, but confusing when doc doesn't match real life.

Transactions API leverer ikke ubekreftede transkasjoner siden 12.12.2020

Hei,

jeg bruker Transaction API for å synke data med YNAB. Jeg ser at Transactions API sluttet å levere nye objekter siden 12.12.2020. Er dette noe planlagt eller er det feil som bør rettes?

Her er repo som bruker Transactions API: https://github.com/stenjo/SbankenToYNAB
Her bygges opp kallet mot SBankens API: https://github.com/stenjo/SbankenToYNAB/blob/master/Helpers.py#L87

Med vennlig hilsen

What decides whether "Card details" are set for a transaction?

I see some of my transactions have Card Details set, but a lot of them don't.

What decides whether it's set? Can I get on more of my transactions?

Typo in swagger documentation

The description for the field transfer in the Swagger documentation for the transfer operation mentions FromAccount twice, and doesn't mention ToAccount.

https://api.sbanken.no/identityserver -> HTTP 404

:-/

Wrong purchase date on card transaction having interest date in next year.

Found something odd on several transactions on Credit card. The purchase date seems to have the wrong year when purchase is in a previous year to the interest date.
{'accountingDate': '2017-12-31T00:00:00+01:00',
'amount': -670.97,
'cardDetails': {'cardNumber': '*0455',
'currencyAmount': 79.0,
'currencyRate': 8.4933,
'merchantCategoryCode': '5734',
'merchantCategoryDescription': 'PC programvare',
'merchantCity': 'CIRCUITLAB, I',
'merchantName': 'CIRCUITLAB, INC.',
'originalCurrencyCode': 'USD',
'purchaseDate': '2018-12-27T00:00:00+01:00',
'transactionId': '38736*****308450'},
'cardDetailsSpecified': True,
'interestDate': '2018-01-22T00:00:00+01:00',
'isReservation': False,
'otherAccountNumberSpecified': False,
'reservationType': None,
'source': 'Archive',
'text': '*0455 27.12 USD 79.00 CIRCUITLAB, INC. Kurs: 8.4933',
'transactionType': 'VISA VARE',
'transactionTypeCode': 714,
'transactionTypeText': 'VISA VARE'}

Adhere to RFC6749 (support urlencoded basic auth tokens)

If using IdentityModel higher than 3.0.0 (in your .net core example you use 3.0.0), most of the Sbanken API client secrets will be denied as they contain special characters like ?, + and : that will be urlencoded (but don't seem to be properly decoded in your version of IdentityServer).

This is where the encoding happens:
https://github.com/IdentityModel/IdentityModel2/blob/release/src/IdentityModel/Client/BasicAuthenticationOAuthHeaderValue.cs#L30

Proper decoding seems to have been added in the latest IdentityServer update:
IdentityServer/IdentityServer4#2052

It would be great if you could stop using special characters in the secrets or start supporting urlencoded values.

Old api url in example code

I've only experienced this in the python example code. Easy to imagine that the same problem is occurring other places in the code as well.

Bug: Transaction.AvailableItems is not the same as the number of Items

Hi,
GET /bank/api/v1/transactions/{accountId}/?index=1&length=1000&startDate=2018-09-30&endDate=2018-10-13
returns
Transaction.AvailableItems = 1 but Transaction.Items is an empty list.

However the actually there is only 1 transaction for that account when going from the web interface.

request header customerId

customerId is actually my SSN, which is pretty sensitive info. I am wondering why customerId should be sent as request header for each service api? IMO, there is no problem for your backend to retrieve the customerId (SSN) from the incoming client_id in access_token because I had to login with BankID when I registered myself as a client at developerportal with sbanken and the connection between the registered client_id and my SSN can be persisted in your DB. Does it make sense for you?

Incorrect purchase date

Looks like the endpoint /transactions/archive/{account_id} returns an incorrect purchaseDate. Example transaction:

{
    transactionId: "",
    accountingDate: "2021-12-13T00:00:00",
    interestDate: "2022-01-20T00:00:00",
    amount: -386.3,
    text: "",
    transactionType: "VISA VARE",
    transactionTypeCode: ,
    transactionTypeText: "",
    source: 1,
    cardDetails: {
      cardNumber: "",
      currencyAmount: 386.3,
      currencyRate: 1,
      merchantCategoryCode: "",
      merchantCategoryDescription: "",
      merchantCity: "",
      merchantName: "",
      originalCurrencyCode: "NOK",
      purchaseDate: "2022-12-10T00:00:00",
      transactionId: ""
    },
    cardDetailsSpecified: true
  },

npm reports 18 vulnerabilities, 5 high

Running npm install gives a warning which should be fixed in the repo:

$ npm install
added 129 packages from 157 contributors and audited 198 packages in 2.362s
found 18 vulnerabilities (10 low, 3 moderate, 5 high)
  run `npm audit fix` to fix them, or `npm audit` for details

Fixed by running:

$ npm audit fix
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
added 16 packages from 8 contributors, removed 7 packages and updated 28 packages in 2.53s
fixed 14 of 18 vulnerabilities in 198 scanned packages
  3 vulnerabilities required manual review and could not be updated
  1 package update for 1 vuln involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)
$ npm install [email protected]

The last 3 are minor and are fixed upgrading jade, which is renamed to pug now.

Nagging about transactionid

Will transactionId be reintroduced in the api sometime? My application is currently useless without transactionids and I believe more people need this feature again.

Sorry for nagging!

Update Python example to reflect API changes

Using the Python example you get 401 unauthorized as response

Please update or remove the examples that don't work

Missing scope?

My scripts have started failing, with "{'error': 'invalid_scope'}" returned from the auth-call. Has there been a change to require login-scope?

API does not contain string enum values for source

Example transaction v2:

    {
        "transactionId": "X",
        "accountingDate": "2017-10-31T00:00:00+01:00",
        "interestDate": "2017-11-01T00:00:00+01:00",
        "otherAccountNumberSpecified": false,
        "amount": 123.45,
        "text": "KREDITRENTER",
        "transactionType": "KREDITRTE",
        "transactionTypeCode": 752,
        "transactionTypeText": "KREDITRTE",
        "isReservation": false,
        "reservationType": null,
        "source": 1,
        "cardDetailsSpecified": false
    }

Source is the number 1. According to API doc this should be a string with values 'accountStatement' or 'archive'.

500 error when requesting transactions up to today

I get a 500 error when I try to fetch transactions between 1st of June and 21st of June (today). If I change the endDate to yesterday, everything works fine:

Requested URL (with the right headers):
https://publicapi.sbanken.no/apibeta/api/v1/transactions/{accountId}?startDate=2021-06-01&endDate=2021-06-21

Response:
Exception: Request failed for https://publicapi.sbanken.no returned code 500. Truncated server response: {"Type":"","Title":"Could not complete the request.","Status":500,"Detail":"An error has occured.","Instance":null,"Extensions":{"traceId":"4120540... (use muteHttpExceptions option to examine full response)

I assume this is a server side error... sorry if I am reporting it on the wrong place.

Want: identifier to merge earlier collected unspecified VISA transactions later

Use case:
Pulling all transactions. Realize some of them are only reservations, but still want the data in my personal finance sheet.
At a later time I want to merge a fresh set of transactions onto the table, where the row text "VISA" and transactionType = "Bekreftet VISA" gets the correct values.

Can this be made possible?

Invalid_scope when getting token

Same as #54.

I have enabled the only permission which is possible at https://secure.sbanken.no/Personal/ApiBeta/Info/:

Tilganger
Her kan du velge hvilke tilganger (scopes) som er aktive for din applikasjon. Et tips er å ikke gi applikasjonen tilganger den ikke bruker.

Grants access to perform operations on APIBeta APIs (aka. developer portal) [ X ]

When requesting token from https://auth.sbanken.no/IdentityServer/connect/token, I get the following response:

HTTP/1.1 400 Bad Request
(..)

{"error":"invalid_scope"}

I'm using https://github.com/Sbanken/api-examples/blob/master/ShellScripts/bash_script.sh.

Transactions for October 2017 also returns transactions for November 2017

When requesting transactions for October 2017, also transactions for November 2017 are included in the response.
I have tried specifying startDate and endDate both with and without timezones.

When requesting txs between startDate:[2017-10-01T00:00:00+02:00] endDate:[2017-10-31T00:00:00+02:00] I lose transactions for october 31.

When requestion txs between startDate:[2017-10-01T00:00:00+02:00] endDate:[2017-10-31T00:00:00+01:00]] I get transactions for November 1 included.

When requestion txs between startDate:[2017-10-01T00:00:00+00:00] endDate:[2017-10-31T00:00:00+00:00] I get the transactions for November 1 included.

When requestion txs between startDate:[2017-10-01T00:00:00] endDate:[2017-10-31T00:00:00] (No timezone) I get the transactions for November 1 included.

It is an idea to remove the time part of the fields?

`source` field of type SourceType is an integer - OpenAPI spec is wrong

Using the endpoint /api/v2/Transactions/archive/{accountId}, I receive an entry that has a field "source":1.
Both the OpenAPI spec and the output example here indicate that the source field should be either AccountStatement or Archive.

Timestamp for transactions

Hi! As we won't be receiving any transactionID anytime soon, it would be great to have a good timestamp for transactions. As it is now, my timestamps comes out like this:
2019-11-08T00:00:00+01:00. If the "T00:00:00" part actually contained when the transactions was made, this would help a lot.
Is it possible to add this?

SBanken transaction feed stopped sending unconfirmed transactions.

bash_script.sh retrieval of credentials token fails

The bash_script.sh fails with error message {"error":"invalid_client"}

I have tested the Java version with the same clientId and secret, and everything works as expected, which leads me to claim that there might be a problem with the supplied bash_script.

I am running on Mac OS X version 10.14.5 (Mojave)

In Python example, configuration is not strictly separated from code

According to factor 3 in the The Twelve Factors, configuration and code should be strictly separated. Configuration should instead be stored in environment variables.

The Python Sample Application documentation says to put credentials in api_settings.py. This file is checked in to version control. That makes it easy for credentials to end up in code repositories, either because developers don't know about the risks or because they make a mistake.

In .gitignore, there is a personal_api_settings.py. Using such a file would be better, because it is not checked in to version control. However, neither the documentation nor sampleapp.py reference personal_api_settings.py.

If desired, I'd be happy to make a pull request to fix this issue.

https://api.sbanken.no/Bank/api/v1/EFakturas yields 403

According to the swagger file this endpoint should work:
https://api.sbanken.no/Bank/swagger/index.html?urls.primaryName=EFakturas%20v1

Transfer funker ikke med æøå (og muligens andre tegn)

Gravde frem et gammelt skript som flytter penger mellom to kontoer og klødde meg lenge i hodet over hvorfor det ikke funket. APIet svarer med kode 200 og ingen feilmelding.

Viser seg at overføringen ikke funker dersom meldingen/beskrivelsen inneholder æ, ø eller å, selv om beskrivelsen av endepunktet påstår at dette er lovlige tegn. Har ikke testet med andre tegn men det er vel rimelig å anta at det ikke går for flere tegn enn bare æøå.

Accounts from other banks not listed

Accounts from other banks are not listed in the api.
Ref https://sbanken.no/bruke/kontoer/se-kontoer-fra-andre-banker/

The API is supplying info about the internal accounts in sbanken only, but for me and for most customers it had been very good to se the information about all added bank accounts.

Example in red:

I hope tese also will get implemented.

Transaksjons-apiet takler ikke perioder på tvers av kalenderår

Ser ut som transaskjons-apiet kun vil gi trensasjoner fra 2020 dersom som spør for en periode som starter i 2019 og slutter i 2020:

Gir kun 1 transaksjon (fra 2. januar 2020):
https://api.sbanken.no/exec.bank/api/v1/Transactions/{accountId}?index=0&length=100&endDate=2020-01-02&startDate=2019-12-03

Gir mange transaksjoner for desember 2019:
https://api.sbanken.no/exec.bank/api/v1/Transactions/{accountId}?index=0&length=100&endDate=2019-12-31&startDate=2019-12-03

Har også forsøkt med default-verdier (altså ikke sende med fra clientsiden) for startDate og endDate, og får da samme resultat.