Before You Start
Before you start you should do a few basic tasks in following steps:
- Register your organization
- Invite your developers
- Register your application
Step 1. Register your organization
To register your organization you should navigate to Sign-up. At first you register yourself as your organization administrator by filling your first name, last name, email address, username, password and accepting the End User License Agreement. Then you register your organization by filling its name and description. Your registration is sent to the bank by clicking Register Now button.
After receiving your registration the bank will send you the confirmation email to the email address which you provided. The email will include link to activate your account and log into the Developer portal. Your registration is completed after you click on the confirmation link and successfully login.
In case you login to the Developer portal without using the confirmation link the Developer Portal will show you the following error message 'Your account has been disabled'.
Accounts API, Payments API and Funds API require that your organization name matches the name in Financial Services Register provided by National Bank of Slovakia and the client certificate.
You need a password to login to the Developer Portal which is defined by the password policy settings. Your password should comply with the following rules:
Step 2. Invite your developers
As an organization administrator you can invite developers from your organization to join. To invite new developers navigate to Dashboard/Organization page and then to Invitations menu item on the left. By clicking the Invite New Users button you will start the invitation process. After filling the list of developer's emails click the Send Invitation(s) button. Each developer from your invitation list will receive confirmation email with registration link to the Developer portal. You can check the current status of your developers' onboarding on the Dashboard/Organization page in Developers menu item.
Step 3. Register your application
Before you are able to make your first API call you need register an application on the Developer Portal. Navigate to Dashboard/Applications page. To add new application click the Add Application button and fill the required information.
To register new application click the Save button. After receiving your request the Developer Portal generates API Key
(e.g. l7xx528bd862138c4e9bab60cfb5d4d85df8) and an application secret (e.g. Key Secret 3d5e2ac607ff4f5aa6c5132e1f0f0159). Please keep your application secret safe. However if your application secret is compromised you can request to generate new secret by clicking the Request a New Shared Secret button.
After creating the application you are able to access the testing (Sandbox) environment for the subscribed APIs.
Callback URL is used by the bank authorization server to return responses containing authorization credentials to the application via your customer user-agent. The bank authorization server requires all applications to register one or multiple callback URLs (redirect URIs) before utilizing the authorization endpoint. Redirection endpoint is described in OAuth 2.0 protocol in Section 3.1.2. Redirection Endpoint.
Callback URL for Sandbox environment: https://developer.tatrabanka.sk/resources/oauthCallback.html
For OAuth 2.0 Authorization Code Grant supported scopes are:
- AISP in the Accounts APIs and Premium APIs
- payments in the Payments APIs
For OAuth 2.0 Client Credentials Grant supported scopes are:
- PISP in the Payments APIs
OAuth 2.0 protocol defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to maintain the confidentiality of their client credentials) in Section 2.1. Client Types. Please choose option which best suites your application architecture.
Promote application to Live
To promote your application to Live environment navigate to the Dashboard/Applications page and start editing of your application. In API Management tab you can request to change Sandbox plan to Production (Live) plan.
In Live environment the Accounts API, Payments API and Funds API require Two-Way SSL communication. At first you should send an email with attached client certificate to firstname.lastname@example.org with following body: "As
- Extended Validation certificate
- eIDAS-based site authentication certificate
Extended Validation certificate
The Extended Validation certificate (EV SSL certificate) must contain required fields described on CA/Browser forum web site.
Certificate Authorities list
eIDAS-based site authentication certificate
eIDAS SSL certificate must comply with the requirements according to the Article 45 of Regulation (EU) No 910/2014. You can find the Certificate Authorities list on the Slovak National Security Authority web site and on the EU Trust Service web site.
Two-Way SSL (Mutual Authentication)
For secure communication between your application and the bank server TLS version 1.2+ is required in Sandbox and Live environment. For TLS 1.2 protocol details see RFC 5246. For more requirements to secure communication see Chapter 4.2 Securing communication in Slovak banking API standard ver. 2.0 document on Slovak Banking API Standard page.
The Accounts API, Payments API and Funds API require secure their communication with clients by Two-Way SSL method in Live environment. In this method, the client and server need to authenticate and validate each other's identities. The authentication message exchanged between the client and server is called an SSL handshake, and it includes the following steps:
- A client requests access to the protected resource.
- The server presents its certificate to the client.
- The client verifies the server's certificate.
- If successful, the client sends its certificate to the server.
- The server verifies the client’s credentials.
- If successful, the server grants access to the protected resource requested by the client.
To establish a Two-Way SSL connection, you have to possess:
- private key
- client certificate
- certificate authority root certificate
- certificate authority intermediate certificates