Close

Close

Incorrect username/password


Enter the correct login details.
Your profile will be blocked after three failed attempts.


If you have forgotten or would like to reset your username/password, select 'Forgot password'.



Username

Password

FORGOT PASSWORD

API EFT Domestic Payments

Back

API Overview

Overview

Description

Important Update

API Scope

Description

What can this API do?

Getting Started

How to get the API

How to connect to the API

Security access and control

Channel features

Available Transports

Rest API

API References

What format is the API in?

API Reference

API EFT Domestic Payments

API Overview

Overview

EFT Payments gives you the ability to make electronic payments and transfers to another account.

Description

This service allows you to:

  • Provide the bank with a payment instruction to make an electronic payment to a beneficiary.
  • Provide the bank with a payment instruction to make an electronic payment from one of your accounts to another of your accounts.

Important Update

Initial Status Report (ISR) Transaction Failure:

Certain transactions level failures can now be provided for upfront validations such as Check Digit Validation (CDV) in the Initial Responses Report (ISR). If you opt-in for this functionality, the failed transactions will be reported in the ISR. If you do not opt-in for this functionality, the ISR remains the same and the failures will be reported in the Sponsoring Bank Status Report (SBSR) and Paying Bank Status Report (PBSR).

View Transactions on OBE:

Transactions processed on our channel can now be seen on Online Banking Enterprise under Payments.

Submit and Release:

Transactions submitted on our channel can now be authorised on Online Banking Enterprise.

Hash Totals:

Hash Totals have been included to secure the integrity of EFT Collections on ISO messages.

Message Statuses:

All messages with mixed statuses will carry a "PART" status. This referes to a scenario where some of the transactions have been accepted, whereas others have not yet achieved "Accepted" status.

API Scope

Description

The API is currently available to certain customer groups, countries and covers a specific list of product accounts.

This API is available for business, commercial, corporate and investment customers in South Africa.

What can this API do?

This service allows you to:

  • Connect to the API on their own behalf
  • Connect to the API through a third-party
  • Provide the bank with a payment instruction to make an EFT payment to a beneficiary
  • Provide the bank with a payment instruction to make an EFT payment from one of their accounts to another account
  • Send a request to the bank to retrieve the status of their instruction

Getting Started

How to get the API

You need to be an Online Banking Enterprise ™ user or complete the platform registration.

There are a few ways in which you can get and connect to the API.

  • Unassisted: With unassisted, the client can subscribe for the EFT Payment API on Integration Channel, which is found under Business Solutions tab on Online Banking Enterprise ™.
  • Assisted: The client can contact their Digital Profile Manager, Transactional Portfolio Manager, or Implementation Manager for assistance.

How to connect to the API

The client can connect and consume the API in two ways:

1 On my own behalf

The client can connect to the API directly from their line of business system. This can be achieved without a technology intermediary or third-party (System Operator or technology partner).

In both unassisted and assisted journeys, you can maintain your connection details to your line of business system.

2 Through a Third-Party

The client can delegate the API processing and connection responsibility to an intermediary or Third-Party (System Operator or technology partner).

With this connection type, the client will be required to provide the bank with consent to share their product account information with the Third-Party as well as indicate which accounts the Third-Party can retrieve information on.

In both unassisted and assisted journeys, the client can maintain or revoke the consent for the Third-Party to act on your behalf as well as the selection of the accounts.

Security access and control

Our APIs are secured and protected. We require positive authentication, authorisation and access tokens to gain access to the API.

Authentication

API client authentication use JWT signed tokens. Authentication will be done through the use of a client ID and client secret that will serve as credentials to positively identify the client. The credentials are provided through the subscribe process on the Integration Channel.

Authorisation

Authorisation is achieved through the OAuth 2.0 standard using the authorisation code flow. The authorisation code flow includes using an Auth Code to receive an access token to initiate the process to make calls. When connecting through a Third-Party, the authorisation can be done in two ways:

  • Auth Code: The client receives the Auth Code when subscribing to the service on Integration Channel and share the Auth Code securely with the Third-Party to connect to the API.
  • Auth 2.0: The Third-Party provides their redirect URL when subscribing to the service and the client will be redirected to the Third-Party's website when they complete the subscription and choosing to connect through a Third-Party.

Access Token

This is treated as a subset of authorisation.

Access tokens can be obtained through the OAuth 2.0 token endpoint by either presenting the authorisation code or a refresh token. An access token is used each time a call is made and has a set life span, once expired the refresh token can be used to request a new access token. In the instance where the refresh token expires, the client will need to request for a new access and refresh token by initiating the subscribe process again.

Channel features

The following channel features are available to you:

  • Auto-bumping
  • Warehousing
  • Itemised or batch processing
  • Item limits
  • Authorise transactions for processing
  • Hash Totals on ISO Messages
  • Flexible naming convention of files
  • Handshake process for ACB files
  • Partial Processingonnect through a Third-Party.

Available Transports

Rest API

RESTful API represents API call received through a RESTful service using the HTTP as a transport layer. RESTful API's are useful when broken down into simple method calls as it enables the simplified interaction with the Bank and the future development of the FirstRand API Economy.

API References

What format is the API in?

EFT Payment API uses OpenAPI Specification (OAS) standard.

OpenAPI Specification (OAS) is an industry standard, programming language-agnostic specification standard for RESTful APIs. OAS allows easy access to discover and understand the API without having access to the source code, documentation or implementation logic. OAS is also widely known as the Swagger Document.

API Reference

The EFT Payments API follows the IS020022 message standard in JSON Format, using the Pain.001 for the Request and Pain.002 for the response.

The API is enabled through the below methods:

POST - paymentExecution

Create payments initiation instruction:

Allows the client to instruct the Bank to make EFT payments to another beneficiary or to move funds between their own accounts.

GET - retrievePaymentReport

Retrieve payment execution result:

Allows the client to retrieve the status reports of the payment instruction using a unique identifier Instruction ID.

POST - retrieveUnpaidsReport

Allows the client to retrieve a report of all transactions returned as unpaid.

Our APls use polling method, which allows the client to query the API at regular intervals to check for new data.