Close

Close

Incorrect username/password


Enter the correct login details.
Your profile will be blocked after three failed attempts.


If you have forgotten or would like to reset your username/password, select 'Forgot password'.



Username

Password

FORGOT PASSWORD

API DebiCheck

Back

API Overview

Overview

Description

API Scope

Overview

What is the API scope?

Getting Started

How to get and connect to the API

Security access and control

Available Transports

Rest API

API References

API Reference

API DebiCheck

API Overview

Overview

DebiCheck is a product designed to provide consent to perform collections on a creditors account through mandates. This is confirmed by the customer with the bank, electronically and once off, before the creditor can process monthly debit orders. The bank will therefore have a record of all DebiCheck mandates and will be able to verify the information before the debit order is processed to the debtor's account.

Description

This service allows you to:

  • Mandate initiation - Initiate a mandate request for the debtor to accept (authenticate) so that a collection to the debtor can be processed.
  • Amendment - Initiate an amendment to a registered mandate
  • Cancellation - Request the cancellation of an active mandate and/or a mandate awaiting activation and/or a mandate amendment that is in progress
  • Acceptance Report - Receive a mandate acceptance report that will inform you of the acceptance, rejection, or expiry of the mandate registration request
  • Status Report - Receive a mandate status report that will inform you of the outcome of the Bank validations
  • Collections - Process the collection of funds from the debtors to the creditor's Bank account

API Scope

Overview

OpenAPI Specification (OAS) is an industry standard programming language-agnostic specification standard for RESTful APIs. OAS allows easy access to discover and understand the API without having access to the source code, documentation or implementation logic. OAS is also widely known as Swagger specification.

What is the API scope?

This service allows you to:

  • The API is currently available to certain customer groups in South Africa and covers a specific list of product accounts.
  • In-scope customer groups: This API is available for business, commercial, corporate and investment customers in the below countries.
  • In-scope customer groups: This API is available for business, commercial, and corporate clients in South Africa.
  • Applicable product accounts: The API works for all demand deposit accounts (DDA) isa bank account that offers access to your money without requiring advance notice.

Getting Started

How to get and connect to the API

You need to be an Online Banking Enterpriseā„¢ user or complete the platform registration.

There are a few ways in which you can get and connect to the API.

  • Unassisted: With unassisted, you can subscribe to the transaction history: customer accounts API on Integration Channel, which is found under Business Solutions tab on Online Banking Enterprise™.
  • Assisted: You can contact your Digital Profile Manager, Transactional Portfolio Manager or Implementation Manager who can assist in connecting you to the API.

Security access and control

Our API is secured protected, and we require positive authentication, positive authorisation and/or access tokens to gain access to the API data.

Authentication

API client authentication use JWT signed tokens. Authentication will process using a client ID and client secret that will serve as credentials to positively identify the customer. The credentials are provided through the subscribe process on the integration channel.

Authorisation

Authorisation is achieved through the OAuth 2.0 standard using authorisation code flow. The authorisation code flow includes using an authorisation code to receive an access token to initiate the process to make calls. The authorisation code will be received using a redirect URL shared either by the client when connecting on their own or by the partner when connecting through a third-party.

Access Token

This is treated as a subset of Authorisation. Access tokens can be obtained through the OAuth 2.0 token endpoint by either presenting the authorisation code or a refresh token. An access token is used each time a call is made and has a set life span, once expired the refresh token can be used to request a new access token. In the instance where both the access and refresh tokens expire, the client will need to request for a new access and refresh token by initiating the connect process again.

Available Transports

Rest API

RESTful API represents API call received through a RESTful service using the HTTP as a transport layer. RESTful API's are useful when broken down into simple method calls as it enables the simplified interaction with the Bank and the future development of the FirstRand API Economy.

API References

API Reference

The API reference includes details on the structure of the API request and response formats. These are detailed on the Swagger document and message specification.

The message follows the ISO20022 message standard in JSON Format, using PAIN.008,PAIN.009,PAIN.010,PAIN.011,PAIN.012 for the response.