Description

Accounts is an API that allows you access Santander accounts list and details like balances and transactions.

This functionality is useful to confirm customer account information and to show realtime balances and account transactions.

Requirements

Before initiating this process, you need to fulfil the following requirements:

1. Your application must be registered in our Developer Hub. You will so obtain a Client ID and Client Secret.

2. A valid redirect URI previously registered in the application to receive the answer to the authorization calls.

3. The application must be subscribed to the API "Accounts".

Data

Available account data you can retrieve includes the following:

  • Accounts list
  • Account basic data with balances
  • Account transactions
  • Account transaction details

Access level can be adjusted to match each need.

How to

Our Accounts API is protected under the Oauth2 protocol and requires to obtain authorization from the customer.

The authorization occurs in two steps:

1) Retrieve an authorization code. Get an authorization code associated to customer's authentication and consent so you can get an access token to call the Accounts API.

2) Get access token. That access token authorizes the subsequent API calls to access account data.

Once you have obtained a valid access token, you can use it to call the API and retrieve account data. Below you can see an overview of the process.

Depending on the scopes included on the first step, accesible API endpoints and account data may vary. Please ensure only required scopes are included on the request.

1. Retrieve Authorization Code
To obtain the authorization code that allows you to request the access token, it is necessary to make a call to the OAuth authorization server.
Once customer authentication and consent process completes successfully, Santander will return the control of the flow to your application as a 302 redirection to the Redirect URI indicated by you in the configuration of the application associated with the Client ID used in the call.
Your application will receive the answer to the request at the indicated URL authorization, which includes the authorization code.
Parameters
End Point oauth/authorize Mandatory
Parameters

QueryString

client_id

Client identifier assigned in the API portal. yes

QueryString

scope

ACCLIST.READ
ACCDET.READ
ACCTRAN.READ
yes

QueryString

user (Combo box)

User of the test case no

QueryString

country

Identification code associated with the country to which the client belongs. yes

QueryString

redirect_uri

URL to redirect the response. yes

QueryString

response_type

Type of grant. It must be filled with code yes

QueryString

state(optional)

It is used to maintain correlation between this request and the authorization server's response recomended
Response
Response is a redirection with the following format:

https://partnerURL.com/?code=839a3d23-c3d5-4fc5-b6f9-3427b40ebc09&redirect_uri=https://www.partnerRedirectURI.es/

Error Handling
Errors can occur for several reasons.
Show Status Codes
Submit payment & check payment status

To successfully complete the payment submission process it is mandatory to check the payment status once.

Subsequent calls to check the payment status will return an up-to-date status.

2. Get access token
Once the request for access token is authorized, a call must be made to obtain it.
Parameters
End Point oauth/token Mandatory
Parameters

Header

Authorization

Basic Base64(ClientID:Secret) yes

Body

country

Country to use. yes

Body

scope

ACCLIST.READ

ACCDET.READ

ACCTRAN.READ
yes

Body

grant_type

authorization_code yes

Body

code

The code obtained in the authorization endpoint no

QueryString

redirect uri

URL to redirect the response yes
Response

{

'access_token': '9b678b10-cc8e-42ef-a479-1ceadbc2e176',

'token_type': 'bearer',

'expires_in': 43199,

'scope': 'acclist.read'

}

Error Handling
Errors can occur for several reasons.
3. Calling the API
From now on, calls to the API with access_token will be authorized during the effective time of the access token.

To see more details, go to API Explorer.