API Statements

Overview

You can receive official bank statements that summarise account activity over a certain period of time.

Description

This service allows you to:

• Connect to the API on their own behalf.
• Connect to the API through a Third-Party.
• Retrieve a list of statements including account balances for a defined date range related to the chosen account.

Where is the API available?

The API is currently available to certain customer groups, countries and covers a specific list of product accounts. This API is available for business, commercial, corporate and investment customers in South Africa, Lesotho,Botswana,Zambia and Eswathini

How to get the API

You need to be an Online Banking Enterprise™ user or complete the platform registration.

There are a few ways in which you can get and connect to the API.

Unassisted: With unassisted, the client can subscribe for the Statements API on Integration Channel, which is found under Business Solutions tab on Online Banking Enterprise™ .

Assisted: The client can contact their Digital Profile Manager, Transactional Portfolio Manager, or Implementation Manager for assistance.

How to connect to the API

The client can connect and consume the API in two ways:

1 On my own behalf

The client can connect to the API directly from their line of business system. This can be achieved without a technology intermediary or third-party (System Operator or technology partner).

In both unassisted and assisted journeys, you can maintain your connection details to your line of business system.

2 Through a Third-Party

The client can delegate the API processing and connection responsibility to an intermediary or Third-Party (System Operator or technology partner).

With this connection type, the client will be required to provide the bank with consent to share their product account information with the Third-Party as well as indicate which accounts the Third-Party can retrieve information on.

In both unassisted and assisted journeys, the client can maintain or revoke the consent for the Third-Party to act on your behalf as well as the selection of the accounts.

Security access and control

Our APIs are secured and protected. We require positive authentication, authorisation and access tokens to gain access to the API.

Authentication

API client authentication use JWT signed tokens. Authentication will be done through the use of a client ID and client secret that will serve as credentials to positively identify the client. The credentials are provided through the subscribe process on the Integration Channel.

Authorisation

Authorisation is achieved through the OAuth 2.0 standard using the authorisation code flow. The authorisation code flow includes using an Auth Code to receive an access token to initiate the process to make calls. When connecting through a Third-Party, the authorisation can be done in two ways:

Auth Code: The client receives the Auth Code when subscribing to the service on Integration Channel and share the Auth Code securely with the Third-Party to connect to the API.

OAuth 2.0: The Third-Party provides their redirect URL when subscribing to the service and the client will be redirected to the Third-Party's website when they complete the subscription and choosing to connect through a Third-Party.

Access Token

This is treated as a subset of authorisation.

Access tokens can be obtained through the OAuth 2.0 token endpoint by either presenting the authorisation code or a refresh token. An access token is used each time a call is made and has a set life span, once expired the refresh token can be used to request a new access token. In the instance where the refresh token expires, the client will need to request for a new access and refresh token by initiating the subscribe process again

Rest API

RESTful API represents API call received through a RESTful service using the HTTP as a transport layer. RESTful API's are useful when broken down into simple method calls as it enables the simplified interaction with the Bank and the future development of the FirstRand API Economy.

API Reference

The API Reference includes details on the structure of the API request and response formats. These are detailed with on the Swagger Document and Message specification.

The message follows the ISO20022 message standard in JSON Format, using the camt.053

The Statements API contains the below method(s):

POST - RetrieveRealtimeStatement

Retrieve Real-time Statement:
Allows the client to retrieve a list of statements including account balances for the defined date range related to the chosen account.

Our APIs use polling method, which allows the client to query the API at regular intervals to check for new data.