API Store Documentation V1.0
Introduction
BOC now offers the following families of APIs:

  • Subscription API
  • Accounts API
  • Payments API
  • Authorization API

In addition, a further API is offered through which you will be able to get information on BOC branches and ATMs.

Prerequisite
To use any API you must first make sure that you use the ‘Sign-On’ functionality of the portal to create a developer account. Once you receive the confirmation email with your logon credentials you may use them to logon onto the portal. Once logged on, you create your application and you may follow by then browsing and assigning APIs to the application. To assign an API to a registered application of yours you need to navigate to the APIs section and hit the ‘Subscribe Plan’ for the API family you are interested in.
Step 1: Get Access Token
Use this API to get an Access Token using your app Client ID and Client Secret. This token would be used in each subsequent call to authenticate your app to BOC resources. It is valid for a few minutes.
Step 2: Create Subscription
Before calling any of the APIs in the Accounts and Payments API families you must ensure that you follow the ‘Create Subscription’ process. The process is essentially the BOC implementation of an OAuth 2.0 Authorization workflow which will result in the acquisition of a Subscription ID. BOC follows OAuth 2.0 which is the industry standard for delegating authorization for accessing resources via HTTP. This enables giving access rights to services and accounts to an app without explicitly providing a password. Instead, a Subscription Id is handed to the app/service which represents the access rights for a particular resource for a prescribed amount of time. Within banking context, this means that users have the granularity of choice in granting access to specific accounts for specific functions.

APIs called: POST Subscriptions, PATCH Subscriptions Result: The Client acquires a Subscription ID

The client app should first call the create subscription API which will return the Subscription Id. Once we have the Subscription ID the client application would then re-direct the user to a simulated 1Bank login screen:
https://sandbox-apis.bankofcyprus.com/df-boc-org-sb/sb/psd2/oauth2/authorize?response_type=code&redirect_uri={{yourAppRedirectionURL}}&scope=UserOAuth2Security&client_id={{yourClientId}}&subscriptionid={{subscriptionId}}


Within this screen the user would then have to enter the following default credentials:

  • Use name=999999
  • Password=112233



Following they would then be requested to give authorization for what Accounts they would grant access and for the appropriate functionality. As part of this Authorization workflow the Client would be provided with a specific Temporary Authorization Code which is used to get an access token and then call PATCH subscription in order to activate the subscription.

The ‘Create Subscription’ process is described in the following sequence diagram:

Get Subscription Diagram


NOTE: Subscription ID is valid for 30 days For API calls you first need to get an Access Token (valid for 10mins), and along with each call you must pass the Token and SubscriptionId
Keep in mind that the Subscription ID provided is only valid for 30 days. In case the subscription expires then re-send the subscription request with the same details i.e. functions and accounts to again get the consent of the customer.
Step 3: Call an API
To call an API from the Payments/Accounts family we need to have in hand a particular Subscription Id and Access Token which are used as part of the API call. The SubscriptionID is obtained as outlined in Step 1, whilst the Access Token is obtained as indicated in Step 2.

An Access Token is valid for a few minutes and you can get it using your Client ID and Client Secret. For calling APIs within the Bank Services family only a valid Access Token is required (no need for a Subscription ID).
Payments API
The registration functionality outlined above is simulated within the Sandbox environment. In order to use it you will need to register as a developer. Similarly to the API-Store, you will need to log onto the portal and register your app. You may follow by subscribing to the required APIs you wish to use. Note that an additional API is provided for simulating the API-Store signing functionality required for payments.
Payment Flow Sequence Diagram

Account API
To get Account information you need to provide the Access Token and Subscription ID.
Bank Services API
To call Bank Services APIs you only need the Access Token.
Sandbox environment
In the Sandbox environment we have defined accounts which can be used during your test. You can test any API functionality on those test Bank Accounts (Account details, Account balance, Account Transactions). The statement of those test Bank accounts will provide dummy transactions instead of the actual transactions done in the sandbox. The purpose of these dummy transactions is to help you to test the statement functionality. In addition, in order to test, you must supply the following values:
  • tppId = "singpaymentdata"
  • For the payments the OTP = ‘123456’
View the detailed documentation:
Get Ready! Sign up, register, and you’ll be ready to go.