- What APIs are available?
- How do I register for access to use the APIs?
- Are the APIs secure?
- What can be done in the sandbox?
- How can I get access to the sandbox?
- How can I get an Open Banking SSA?
- Can I re-use the same application across AIB, Allied Irish Bank (GB), AIB (NI) and EBS?
- Where can I find information about the changes for customers due to the introduction of new SCA methods?
- What type of certificate do I need to access production APIs?
- Where can I find information about the Fallback Mechanism?
- How do I report a bug?
- Waiver007 implementation
- Want to learn more about Allied Irish Bank (GB)?
- Further questions?
- Learn more about our recent changes and enhancements
- Performance and Availability Statistics
- Changes to high cost of credit
- What is the structure of the Supplementary Data block in the Account Information endpoint?
- AISP 3.1.4 Uplift
The following APIs are available:
- Confirmation of Funds
If you are interested in the APIs currently available for, AIB (NI) please visit the website.
Further information regarding our APIs can be found on the ‘API Products and Benefits’ page.
Our sandbox provides an opportunity for developers to test their app before building in production. The sandbox is a safe, secure environment where you can test your apps functionality and test our API integrations with your apps.
To obtain an Open Banking SSA please visit the Open Banking website where you will find details of the Open Banking enrolment process and steps to get your software statement.
No, you cannot re-use the same application across AIB Group. You will need to log in separately and add a new application in each developer portal.
1. eIDAS QWAC. This is the certificate to use in the MATLS network level connection at runtime.
2. A recognised certificate capable of creating a digital signature. The digital signature is required during the OIDC client authentication using the private_key_jwt client authentication method. This certificate can be an eIDAS QSealC or a certificate signed by a recognised public Certificate Authority.
Please note that we are aligned to FCA guidance during the “Adjustment Period” up until March 2020 and as such if you have not yet obtained an eIDAS certificate we will accept the use of equivalent certificates (such as open banking certificates) as long as they enable secure identification.
The Fallback Mechanism can be used if the API Channel or certain API functionality is unavailable.
The Fallback provides TPPs with ability to identify themselves to the bank, an eIDAS certificate is required to access the Fallback Mechanism. The Fallback Mechanism effectively provides access to the PSU’s direct interface. Access to this mechanism is by way of unique URL.
As part of authentication journey where the TPP is using the Fallback, the customer will also need to complete the Multi Factor Authentication process as part of entering their banking credentials to complete the flow.
For information on how to access the Fallback Mechanism please contact us on firstname.lastname@example.org
What changes are AIB making?
The OBIE Read/Write API specification (in v3.0, 3.1, 3.1.1, 3.1.2 and 3.1.3) require both TPPs and ASPSPs to sign all payment messages. The OBIE Specification makes use of the "b64" header parameter and this controls whether the usage is Base64URL encoded before signing. This header is not widely supported in the majority of JWT libraries and therefore requires us to make a change.
When are we making this change?
The change will be implemented in AIB's Sandbox environment on June 1st 2020 with a view to implementing to live APIs on the 16th of June 2020.
What does this mean for you?
You as a TPP, under the specification mentioned above must not validate the message signature during the period of the waiver.
OBIE will update the conformance harness to not generate or validate the message signature during the period of the waiver. After expiration of this waiver, TPPs must support message signatures as defined in their Payment Initiation APIs implementation. We as an ASPSP will include details of which version we support in our API documentation which can be found on our Developer Portals.
For further information on Waiver007 please refer to the Open Banking documentation in the following link:
If you have any questions or concerns, please don’t hesitate in reaching out to our support mailbox email@example.com.
- Our supported version of payments endpoints is currently v3.1.1
- To validate signatures, AIB are expecting the following headers in x-jws-signature format:
- Validation will fail if x-jws-signature is NOT sent or signature is invalid
- A signature will be deemed invalid if the b64 header is true or missing, for example, if the payload was Base64URL encoded before signing.
- The JWS must contain the following headers
- Where required, AIB will send the signature for all existing API endpoints that require messages to be signed in request and or response
- Please note, this signature will NOT be Base64URL encoded.
- The JWS will contain these headers
- This will be applicable for all existing API endpoints that require messages to be signed in request and or response.
Improvements to the AIB redirection journey
As part of our ongoing commitment to deliver a seamless and secure redirection journey for our customers, AIB will be simplifying the direct access flows within our Internet and Business Banking Channels. This will mean more simplified flows and quicker navigation for customers. These updates will be made available in March.
On the 18th of November 2020 the response for the GET Balance request will change. For accounts that have an overdraft facility activated on them, the balance type “Interim Available” will no longer include the value of the overdraft in the Amount field. The value for ‘Included’ under the CreditLine will be changed from ‘true’ to ‘false’ and the value of the overdaft facility will continue to be returned in the CreditLine Amount field.
These changes are to ensure our API services will return the overdraft balance separately, alligning with regulatory obligations.
}If you have any questions on this change please e-mail us on firstname.lastname@example.org
The following details the structure of the Supplementary Data block returned by the /transactions endpoint as of 23rd June 2021.
We want to let you know of an upcoming change and how it impacts you as a TPP. The change is to uplift to 3.1.4 as prescribed by Open Banking. This will be completed the week of the 23rd November 2020.
Migration to the Open Banking 3.1.4 API Specification
As part of our migration to the Open Banking 3.1.4 API specification we will be making changes to our AIS, PIS and CBPII API’s. This will include mainly non-breaking changes.
We wanted to give early visibility of one breaking change to any TPP’s using our international endpoints.
What are we changing and why?
- As part of our alignment to the 3.1.4 PIS specifications we will be changing the behaviour and validation of one field in the international payment consent payload request.
- Today we require TPP’s to always provide the field - OBInternational3/CreditorAgent/PostalAddress/Country
- This field will no longer be mandatory and will be optional
- A specific field has been introduced for the purpose of identifying the credit account country called - OBInternational3/DestinationCountryCode
- This field will be mandatory for all international payments
- We will be updating our developer portal documentation and sandbox services to reflect this change.
If you have any questions or concerns, please don’t hesitate in reaching out to our support mailbox email@example.com
We appreciate your co-operation with this.