API Transaction History

Overview

The transaction History Flow gives you the ability to get transactions on account balances details for a specified account. This is further filtered using a specified date range.

Description

Statement service allows the user to:

• Retrieve a list of transactions and account balances for the defines range relates to the chosen account.
• The response details include the transaction ID, Value date , Booking date , transaction Details , reference, amount, currency, debit or credit indicator and Balances.

Description

The API is currently available to certain customer groups, countries and covers a specific list of product accounts.

This API is available for business, commercial, corporate and investment customers in South Africa.

What can this API do?

This service allows the client to:

• Connect to the API on their own behalf
• Connect to the API through a third-party
• Retrieve a list of transactions including account balances for a defined date range related to the chosen account.

How to get the API

You need to be an Online Banking Enterprise ™ user or complete the platform registration.

There are a few ways in which you can get and connect to the API.

• Unassisted: With unassisted, the client can subscribe for the EFT Payment API on Integration Channel, which is found under Business Solutions tab on Online Banking Enterprise ™.
• Assisted: The client can contact their Digital Profile Manager, Transactional Portfolio Manager, or Implementation Manager for assistance.

How to connect to the API

The client can connect and consume the API in two ways:

1 On my own behalf

The client can connect to the API directly from their line of business system. This can be achieved without a technology intermediary or third-party (System Operator or technology partner).

In both unassisted and assisted journeys, you can maintain your connection details to your line of business system.

2 Through a Third-Party

The client can delegate the API processing and connection responsibility to an intermediary or Third-Party (System Operator or technology partner).

With this connection type, the client will be required to provide the bank with consent to share their product account information with the Third-Party as well as indicate which accounts the Third-Party can retrieve information on.

In both unassisted and assisted journeys, the client can maintain or revoke the consent for the Third-Party to act on your behalf as well as the selection of the accounts.

Security access and control

Our APIs are secured and protected. We require positive authentication, authorisation and access tokens to gain access to the API.

Authentication

API client authentication use JWT signed tokens. Authentication will be done through the use of a client ID and client secret that will serve as credentials to positively identify the client. The credentials are provided through the subscribe process on the Integration Channel.

Authorisation

Authorisation is achieved through the OAuth 2.0 standard using the authorisation code flow. The authorisation code flow includes using an Auth Code to receive an access token to initiate the process to make calls. When connecting through a Third-Party, the authorisation can be done in two ways:

• Auth Code: The client receives the Auth Code when subscribing to the service on Integration Channel and share the Auth Code securely with the Third-Party to connect to the API.
• Auth 2.0: The Third-Party provides their redirect URL when subscribing to the service and the client will be redirected to the Third-Party's website when they complete the subscription and choosing to connect through a Third-Party.

Access Token

This is treated as a subset of authorisation.

Access tokens can be obtained through the OAuth 2.0 token endpoint by either presenting the authorisation code or a refresh token. An access token is used each time a call is made and has a set life span, once expired the refresh token can be used to request a new access token. In the instance where the refresh token expires, the client will need to request for a new access and refresh token by initiating the subscribe process again.

Channel features

The following channel features are available to you:

• Give/revoke consent to a Third-Party.
• Allow/revoke access for certain accounts.

Rest API

RESTful API represents API call received through a RESTful service using the HTTP as a transport layer. RESTful API's are useful when broken down into simple method calls as it enables the simplified interaction with the Bank and the future development of the FirstRand API Economy.

What format is the API in?

EFT Payment API uses OpenAPI Specification (OAS) standard.

OpenAPI Specification (OAS) is an industry standard, programming language-agnostic specification standard for RESTful APIs. OAS allows easy access to discover and understand the API without having access to the source code, documentation or implementation logic. OAS is also widely known as the Swagger Document.

API Reference

The Transaction API follows the JSON Format, the API uses a date range to be able to retrieve the transactions within the defined date range and chosen account.

The API is enabled through the below methods:

GET - retrieveTransactionHistory

Retrieve Transaction History:

Allows you to retrieve a list of transactions including account balances for the defined date range related to the chosen account.

Our APls use polling method, which allows you to query the API at regular intervals to check for new data.