Guide to using Lloyds Banking Group APIs

INTRODUCTION

BACKGROUND

There is currently no standardised way for ASPSPs to communicate the differences in ASPSP implementations.

This covers both:

  • Differences in on-boarding and directory interactions
  • Differences in capability delivered for the Read/Write APIs

The above can generate challenges to TPPs as they will not know:

  • What processes to follow in order to onboard with each ASPSP
  • Which API endpoints they can call
  • What data elements they can receive from different ASPSPs, and for unstructured data - what format they receive it

Furthermore, TPPs have different sets of requirements for the Read/Write APIs. This is because of their business models, applications and service offerings. Therefore TPPs need the ability to identify which ASPSP implementations are suitable match to their offerings. This will ensure they can offer a good end user experience.

PURPOSE OF THIS DOCUMENT

This Implementation Variations Guide outlines the variations in Lloyds Banking Group’s Open Banking API endpoint and API response implementation. Information contained within this document aims to make the development of applications by TPPs using Read/Write APIs faster and easier.

END-TO-END API JOUNEY

This section explains how to on-board onto the Lloyds Banking Group Developer Portal and how to complete an end-to-end API journey. In this instance the example used is an Account Information API journey.

Logging on to the Develop Portal

Log into the Developer Portal by clicking the 'Log in with Open banking' button on the top right of the portal. You will need to have logon credentials for a company listed on the Open Banking Production Directory. When you log in, your user is placed into a new Developer Organization corresponding to your company (or it will add you to the organization if it already exists).

ON-BOARD MANUALLY

  1. To use our APIs, you must have an application, which is effectively a Client ID (This is used to identify who is calling our APIs). To create an application, log into the developer portal,v click on 'Apps' in the menu bar and then click 'Create new App'.

  2. When creating your new application, give it a name and a description. You must also provide a Software Statement Assertion (SSA), which can be obtained from the Open Banking Directory. Your SSA will expire 24 hours after it is issued to you, so make sure you create the application when the SSA is still valid. If you use an SSA after it has expired, you will be presented with an error message. Once the application is created, you will be issued a Client ID and in the next 5 minutes the list of products will be subscribed to the app. You will be subscribed to the required products based on the Software roles in the SSA and to view the list of products subscribed, please visit the Apps page and select the newly created app.

  3. Once the subscription is completed, you can now test the APIs.

ON-BOARD USING DYNAMIC CLIENT REGISTRATION

Follow the On-Board Using Dynamic Client Registration for onboarding instructions using DCR.

OTHER USEFUL INFORMATION

  1. Access our consent domains from browser :

    https://authorise.lloydsbank.co.uk/ib/pb/cwa/404
    https://authorise.halifax-online.co.uk/ib/pb/cwa/404
    https://authorise.bankofscotland.co.uk/ib/pb/cwa/404
    https://authorise.mbna.co.uk/ib/pb/cwa/404

  2. Our APIs themselves all sit behind the following domains – these are over MA-TLS – so we would like you to try presenting your OB-signed client cert against these to validate the SSL handshake is working as expected (e.g. by using an appropriate openSSL command, in chrome etc.).

    https://secure-api.lloydsbank.com
    https://secure-api.halifax.co.uk
    https://secure-api.bankofscotland.co.uk
    https://secure-api.mbna.co.uk

  3. Our APIs themselves all sit behind the following domains – these are over MA-TLS – so you will be required to present your eIDAS QWAC client cert against these to validate the SSL handshake is working as expected (e.g. by using an appropriate openSSL command, in chrome etc.).

    https://secure-api-eidas.lloydsbank.com/
    https://secure-api-eidas.halifax.co.uk/
    https://secure-api-eidas.bankofscotland.co.uk/
    https://secure-api-eidas.mbna.co.uk/

    The list of supported QTSPs is available in the OBIE Transparency Calendar –

    https://openbanking.atlassian.net/wiki/spaces/AD/pages/1130594843/Lloyds+Bank+PLC

  4. Discovery Endpoints (OBIE) – TLS Client Auth

     
  5. Discovery Endpoints (eIDAS) - TLS Client Auth

     

    "token_endpoint_auth_methods_supported":["tls_client_auth"]

  6. We support Refresh Tokens for fundsconfirmations, accounts, payments (only VRP) scopes.

  7. Lloyds Banking Group’s Public Keys are available at the Keystore set up by Open Banking Ltd.

  8. All APIs are secured with TLS Mutual Authentication where Certs are signed by Open Banking CA.We do not support JWS client assertion. (private_key_jwt), instead we support Mutual-TLS Client Authentication (tls_client_auth).

  9. Nonce String Limit: When submitting an AISP or PISP request, the maximum length a nonce string can be is 100 characters. Beyond this, the consent will not be activated.As part of our implementation we support registration of an application with multiple Oauth redirect URLs. TPPs can register multiple redirect URLs when creating an application on the Developer Portal.

  10. For digital signatures we will support PS256 from 13th March 2019, please see Discovery Endpoints for more information. The digital signatures generated by LBG will only use PS256.

TESTING THE ACCOUNT INFORMATION APIS

  1. Set up Client Credentials Token

    In this step you (the AISP) obtain an Access Token using a Client Credentials Grant Type. When an Access Token expires, you will need to re-request for another Access Token.

    For Authentication method - tls_client_auth:

    curl -k -X POST \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --cacert ./ca-cert.pem \

    --url {secure-domain}/ prod01/lbg/lyds/mtls-token-api/v1.1/token\

    --header 'accept: application/json' \

    --header 'cache-control: no-cache' \

    --header 'content-type: application/x-www-form-urlencoded' \

    --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da& scope=accounts'

    URL

    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the Other Useful Information section for all brand specific domains

     

    Certs

    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.

     

    Data

    Parameter
    Example Value
    Description
    grant_type

    client_credentials

    The grant type being requested

    client_id

    c1d81a9a-609a-47be-9363- 8fa038b987da

    The Client ID of your application registered in the developer portal

    scope

    accounts

    The scope being requested

     
  2. Invoke the Account Request API

    Using the Access Token obtained in the step 1, invoke the Accounts API.

    curl -k -v --request POST \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --cacert ./root-ca.pem \

    --compressed \

    --url {secure-domain}/prod01/lbg/lyds/open-banking/v3.1/aisp/account-access-consents \

    --header 'authorization: Bearer AAIkMDM5NDJmZTUtOGNiMi00NzVmLWIwMTItNDgyZjM0ZTExYzI5ujAPRjg9HCsXYdEx15e-1h8ZdUQvTtI2Q3lkxQl3tv3n1zVlTnK0jbC1xzhnx6XRH7KBbLCr8qzYUBN0pGDSjdKGgYfFw5om5YF zRrq7j4I8_b6KSlgZ1F4Cs7SvpLLJmHSKL0tGPIA0VSsaAyHilg' \

    --header 'content-type: application/json; charset=UTF-8' \

    --header 'x-fapi-customer-ip-address: REPLACE_THIS_VALUE' \

    --header 'x-fapi-customer-last-logged-time: REPLACE_THIS_VALUE' \

    --header 'x-fapi-financial-id: REPLACE_THIS_VALUE' \

    --header 'x-fapi-interaction-id: REPLACE_THIS_VALUE' \

    --header 'x-jws-signature: REPLACE_THIS_VALUE' \

    --data '{"Data":{"Permissions":["ReadBeneficiariesBasic"],"ExpirationDateTime":"2018-08-28T15:39:19.515Z","TransactionFromDateTime":"2016-04-02T11:59:32.044Z","TransactionToDateTime":"2017-07-16T17:59:09.521Z"},"Risk":{}}'

    URL

    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the Other Useful Information section for all brand specific domains

     

    Headers

    Parameter
    Example Value
    Description
    authorization

    Bearer
    AAIkMDM5NDJmZTUtOGNiMi00NzVmL WIwMTItNDgyZjM0ZTE........

    The access token obtained in step 1

     

    Certs

    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     

    Body

    Parameter
    Example Value
    Description
    Data

    {"Data":{"Permissions":["ReadBeneficiarie sBasic"],"ExpirationDateTime":"2010-08- 28T15:39:19.515Z","TransactionFromDat eTime":"2016-04- 02T11:59:32.044Z","TransactionToDateTi me":"2017-07- 16T17:59:09.521Z"},"Risk":{}}

    The permissions being requested

     

    Please refer here for a full list of the allowed permissions.

    Take note of the AccountRequestID in the response data. This is required in the next step.

  3. Authorize Consent

    In this step, you create the authorization request (using a signed JWT request containing the AccountRequestId as a claim) for the customer to consent to the account request directly with the ASPSP. Hybrid Flow support is optional in the OB Security Profile.

    Using a web browser, invoke the URL below to emulate the customer giving consent (changing the values as required).

    Please note for App to App the same consent authorisation endpoints are used. Please refer to section 7 for a full list of Consent Authorisation URLs and Section 9 for an overview of App to App.

    https://authorise-api.lloydsbank.co.uk/prod01/lbg/lyds/personal/oidc-api/v1.1/authorize?response_type=code%20id_token&client_id=c1d81a9a-609a-47be-9363- 8fa038b987da&state=123456&scope=openid%20accounts&redirect_uri=https://example.com/redir ect&nonce=4987594875485-j&request=eyJhbGciOiJSUzI1NiIsImtpZCI6Ikd4bElpd2lhblZxc0R1dXNoZ2pFME9UVXhPVGsifQ.ey Jpc3MiOiJodHRwczovL2FwaS5hbHBoYWJhbmsuY29tIiwiYXVkIjoiczZCaGRSa3F0MyIsInJlc3Bvb nNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwiY2xpZW50X2lkIjoiczZCaGRSa3F0MyIsInJlZGlyZWN0X3 VyaSI6Imh0dHBzOi8vYXBpLm15dHBwLmNvbS9jYiIsInNjb3BlIjoib3BlbmlkIHBheW1lbnRzIGFjY29 1bnRzIiwic3RhdGUiOiJhZjBpZmpzbGRraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwibWF4X2FnZSI6O DY0MDAsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsd WUiOiJ1cm46YWxwaGFiYW5rOmludGVudDo4ODM3OSIsImVzc2VudGlhbCI6dHJ1ZX19LCJpZF 90b2tlbiI6eyJvcGVuYmFua2luZ19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1cm46YWxwaGFiYW5rOmlu dGVudDo4ODM3OSIsImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhb HVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYS JdfX19fQ.ehVeTgyYW7w9Gbbwp53h5J-yghKc_KV3XU8vSkioJEiTRHj4dUmvjlleLb7GcohKBI7wHULjQjRTam1Zds_WAtiH2bk86YNQalzf9 mt3SVzpIdtCaJdGiMYkD7ePf2mKDDluSH_HWgiLzy-B5diH-5JKtwHVMmxoaLbG4lzoCdo

    URL

    Parameter
    Example Value
    Description
    response_type

    code id_token

    The OAuth flow type being used

    client_id

    c1d81a9a-609a-47be-9363-8fa038b987da

    The Client ID of your application registered in the developer portal

    State

    12345

    The state as specified by the TPP

    scope

    openid accounts

    The scope being requested

    redirect_uri

    The redirect URL of the application registered in the developer portal. This must match the redirect URL from your software statement on the Open Banking Directory.

    nonce

    4987594875485-j

    The nonce as specified by the TPP

    request

    eyJhbGciOiJSUzI1NiIsImtpZCI6Ikd4bElpd 2lhblZxc0R1dXNoZ2pFME9UVXhPVGsif Q.eyJpc3MiOiJodHRwczovL2FwaS5hbHB oYWJhbmsuY29tIiwiYXVkIjoiczZCaGRSa 3F0MyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlI GlkX3Rva2VuIiwiY2xpZW50X2lkIjoiczZCa GRSa3F0MyIsInJlZGlyZWN0X3VyaSI6Im h0dHBzOi8vYXBpLm15dHBwLmNvbS9jYi IsInNjb3BlIjoib3BlbmlkIHBheW1lbnRzIGFj Y291bnRzIiwic3RhdGUiOiJhZjBpZmpzbG RraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiw ibWF4X2FnZSI6ODY0MDAsImNsYWltcyI 6eyJ1c2VyaW5mbyI6eyJvcGVuYmFua2lu Z19pbnRlbnRfaWQiOnsidmFsdWUiOiJ1c m46YWxwaGFiYW5rOmludGVudDo4OD M3OSIsImVzc2VudGlhbCI6dHJ1ZX19LC JpZF90b2tlbiI6eyJvcGVuYmFua2luZ19pb nRlbnRfaWQiOnsidmFsdWUiOiJ1cm46Y WxwaGFiYW5rOmludGVudDo4ODM3OSI sImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6ey Jlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI 6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjp zY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHN kMjpjYSJdfX19fQ.ehVeTgyYW7w9Gbbwp 53h5JyghKc_KV3XU8vSkioJEiTRHj4dUmvjlleLb 7GcohKBI7wHULjQjRTam1Zds_WAtiH2b k86YNQalzf9mt3SVzpIdtCaJdGiMYkD7e Pf2mKDDluSH_HWgiLzy-B5diH5JKtwHVMmxoaLbG4lzoCdo

    This is an OIDC request object containing a claim identifying the accounts that needs to be authorized. To modify it to support your test scenario use the debugger at https://jwt.io

     

    Follow the UI flow and at the end of the flow take note of the authorization code and id token appended to the URL (e.g. https://example.com/redirect?code=xxxxxxxxxxxxx&id_token=xxxxxxxxxx).

  4. Validate the c_hash and the s_hash of the ID Token

    At this point, you will now introspect the ID Token and use it as a detached signature to check:

    • The hash of the Authorization Code to prove it hasn't been tampered with during redirect (comparing the hash value against the c_hash attribute in ID Token)

    • The hash of the state to prove it hasn't been tampered with during redirect (comparing the state hash value against the s_hash attribute in the ID Token)

    Also validate the signatures using the Lloyds Banking Group public key obtained from the OBIE.

  5. Get the Access Token required to access the Account

    Following the OAuth2.0 protocol, you now exchange the access code for the access token required for step 6.

    For Authentication methods – tls_client_auth:

    curl -k -v \

    --key ./22uobbpbcf1ztrsvxfoaj4.key \

    --cert ./22uobbpbcf1ztrsvxfoaj4_open_banking_test_issuing_ca_.pem \

    --compressed \

    -X POST \

    -d 'client_id=c1d81a9a-609a-47be-9363-

    8fa038b987da&grant_type=authorization_code&redirect_uri=https://example.com/redirect&cod e=gktvoeyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBMV81Iiwia2lkIjoicTQtMjAxNy1tMi 1ib3MifQ.cB1t7tqgnQ_5Mu0XH2yR3oPfF_8HgrHi7uVSZY67Z77Qu-8K9c_6FVASDyoa-9O0Yi5f XqKMua_FrGveJ1Jur715HNqVaVPrR9v1M3akH8J92Af7nxED1R3647jKeftBkvy89h58 98Aexa6q1nMAsFL9N0W-

    5239ztqzNY00Qys4EfqEdKyyUZYvTRcgg0Z8Snw9c4_J48twgHY4DLl5DvGjekPPlLCEe-YebWgIUcb21z8JCudJKFnvQoZNryiT0oYbBeuu_7IVAUzJPvG5KiicnczWssgGX2WRTAj2-i6OGVcOcRpjcdE0RNKLwbBC2q9-HiD9_plMr5VjrkFn9A.9JwONmpP8iZKJh4sXdOskw.3cr4SulCTjU0tSzMrvp3K4zfbJ6t4bXkaq6v 9V-qvnnkGg7Pm8Vwfi906kALBpL3m5FKh19XV1mL7miQonlgRXbeHehkmG7IU-dXmq-suJnb-y4WCSFkHhZDYh2wsxDVY_l9BRZOyknSPjqdorlnwOnZRU0PALwPWhBB3BQFrRxaNLIAETv qjMMmTZssadVt9lZ10DFbfIsGIE78B8pkg-hoHdmFpXVCadnq8JgKi8knwKmUJ6bZqyfZbyR2isXvlAc5Bx1C5VK7png2fw0nPTUBt7H9euU 2gy-UsKo6OInJeDwHpxkQDFM8GFZyMOXyjEae6Zozj4pXAyHAmdKfFwy1Kbv2jyUXq4FCeQHph I 4wKvhgSNOVvA_asOExj8DlGPaIgzphMKseXmKTzWMpv3gRsmIGdZvH7lMhGsq7EZnlheYW UK3f MymJCQXu7jzEBP7DsJfNsCG6S9yG8Aih72_mrAvXjXEU_pqqbL6d8gWJJ4mnwIln-VxBxyO0M759VNgTw4tP93rNAjiPmJGwHQrtBxmg5lR-ET2oxTF_LyZWYFyVmIOiEPwabfvTrZxpcdwTRJK_mXfYGeWABxEZZXlZE7pWHoxusxRdnyl en4s35MHcZjWjCa8DddglkngYAF8l6otGyeuRZqHN6cu32uH5zHx9Z7E_rZmXT3h_uu9QK-

    lfhIIaCr8OWMOrDOL.0HPU-Bu1wR8RYCq-5QV0tQ' \

    {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \

    URL

    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the Other Useful Information section for all brand specific domains

     

    Certs

    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.

     

    Body

    Parameter
    Example Value
    Description
    client_id

    c1d81a9a-609a-47be-9363-8fa038b987da

    Client ID of your application registered in the developer portal

    grant_type

    Example Value:

    authorisation_code

    Description:

    The grant type being requested

    redirect_uri

    The redirect URL which must match that of the application registered in the developer portal

    code

    gktvoeyJlbmMiOiJBMTI4Q0JDLUhTMjU2I iwiYWxnIjoiUlNBMV81Iiwia2lkIjoicTQtMjA xNy1tMi1ib3MifQ.cB1t7tqgnQ_5Mu0XH2y R3oPfF_8HgrHi7uVSZY67Z77Qu8K9c_6FVASDyoa9O0Yi5fXqKMua_FrGveJ1Jur715HNqVaV PrR9v1M3akH8J92Af7nxED1R3647jKeftB kvy89h5898Aexa6q1nMAsFL9N0W5239ztqzNY00Qys4EfqEdKyyUZYvTRcgg 0Z8Snw9c4_J48twgHY4DLl5DvGjekPPlL CEeYebWgIUcb21z8JCudJKFnvQoZNryiT0oY bBeuu_7IVAUzJPvG5KiicnczWssgGX2W RTAj2- i6OGVcOcRpjcdE0RNKLwbBC2q9- HiD9_plMr5VjrkFn9A.9JwONmpP8iZKJh4 sXdOskw.3cr4SulCTjU0tSzMrvp3K4zfbJ6t 4bXkaq6v9VqvnnkGg7Pm8Vwfi906kALBpL3m5FKh19 XV1mL7miQonlgRXbeHehkmG7IU-dXmqsuJnby4WCSFkHhZDYh2wsxDVY_l9BRZOykn SPjqdorlnwOnZRU0PALwPWhBB3BQFrR xaNLIAETvqjMMmTZssadVt9lZ10DFbfIsG IE78B8pkghoHdmFpXVCadnq8JgKi8knwKmUJ6bZq yfZbyR2isXvlAc5Bx1C5VK7png2fw0nPTU Bt7H9euU2gyUsKo6OInJeDwHpxkQDFM8GFZyMOXyj Eae6Zozj4pXAyHAmdKfFwy1Kbv2jyUXq4 FCeQHphII4wKvhgSNOVvA_asOExj8DlG PaIgzphMKseXmKTzWMpv3gRsmIGdZv H7lMhGsq7EZnlheYWUK3fMymJCQXu7j zEBP7DsJfNsCG6S9yG8Aih72_mrAvXjX EU_pqqbL6d8gWJJ4mnwIlnVxBxyO0M759VNgTw4tP93rNAjiPmJGw HQrtBxmg5lRET2oxTF_LyZWYFyVmIOiEPwabfvTrZxp cdwTRJK_mXfYGeWABxEZZXlZE7pWHo xusxRdnylen4s35MHcZjWjCa8DddglkngY AF8l6otGyeuRZqHN6cu32uH5zHx9Z7E_r ZmXT3h_uu9QKlfhIIaCr8OWMOrDOL.0HPUBu1wR8RYCq-5QV0tQ

    The authorisation code retrieved in step 3

     

    Take note of the access token and ID Token in the response data.

  6. Validate the at_hash of the ID Token

    At this point, you will now introspect the ID Token and use it as a detached signature to check:

    • The hash of the access token to prove it hasn't been tampered with during redirect (comparing the hash value against the at_hash attribute in ID Token)

    Also validate the signature of the ID Token using the Lloyds Banking Group public key obtained from the OBIE.

  7. Get Accounts

    You can use the Access Token to retrieve Accounts (bulk or specific). The following examples are from the Account and Transaction API Specification.

    Where the initial Access Token expires, you must obtain a new Access Token.

    curl --request GET \

    --key ./private-cert.key \

    --cert ./public-cert.pem \

    --carcert ./root-ca.pem \

    --compressed \

    --url {secure-domain}/prod01/lbg/lyds/open-banking/v3.1/aisp/accounts \

    --header 'accept: application/json; charset=UTF-8' \

    --header 'authorization: Bearer gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6InE0LTIwMTctbTEtYm9zIn0.eyJpc3MiOiJsbG95ZHMiLCJ wcml2YXRlIjoiQUFJa01ETTVOREptWlRVdE9HTmlNaTAwTnpWbUxXSXdNVEl0TkRneVpqTT BaVEV4WXpJNXFhRWU5Z0RCQnAwbjBRQU9xRXo4Ti16UTYwbUhPOFZHU1BQTGhkajdzY jFMYV9wX05mYmJkSnQySHRZc0QyakRXMHdYaS13ZVhZV2s5aHhPSWZrb0d3dE9OamZo SU56RFMtYWFxLVlhaW1OWmFQbDMtd1MzUFdva0I0OG5WZW4wMF81NGczeU1zMEhlMk VhdUVhcEZlX3hTeEFRVGt2Q2NHWnhyRmRaWDVHRm9FUEh3UEFjUnptSWhpZ3NZczNiRn RsWkVmR0V3dURTU1V0SWpRQVAzU1ZNNmJxd1ZJQThab3hwazVvRnptWEJLMUl1dHppS 0pMX0IwN0ZhYldHOE5qaWtUWHREcXFudDNLbVVhNjVac2dGT3BZT2VUQUFXTkdmdnBK MDhZRnV2MnhvOVRjcmRlejYxdjZCSFBaZkdpLW9tMF9BUjk5NnZRSDJqOTZONE5XM0lNM 0VIWGpVZG9lMWpoU0ZpcTc4eGhxWXU5MENicHhnSDJ4eng1Y2h6QlN1WHJNalY2VnVSZ2 ZMMUZoRXNZRjlTY1FKQlRuNmlIVjhLODZDQ0RtZGJuZjFGQjVybTNQWkZFdFZid0RCYmhB dmhQeXI4bkp6ei1lZkJnVzBrcWNnIn0.dmev3qQ4I14Vgps9Z7rjAJn31Zsepw8m15GWCqeSHL OvlGvbi2RS_uUdDpKAQg3aUpSvJUbffLP0RfG4RVLlYVI2vPlSKzO9L1eHZj7QM_S7p03g1cX CFowZye8IgWolBsVNd4MOIq9rQWHW3ywrS8Fx9S9tum7wIvn8tqIluQqLRa5c-oKthWW5uz66M8IHfrigeMCOYWsboG5uF0aKni20C1sLHGFWMDZU1M3n25bV0AZh7INvDoB 7EloIgr8IQiOZj0BSPKNtIDMGTXlixM8uVlW6eUJS3Z9dgvO7' \

    --header 'x-fapi-customer-ip-address: REPLACE_THIS_VALUE' \

    --header 'x-fapi-customer-last-logged-time: REPLACE_THIS_VALUE' \

    --header 'x-fapi-financial-id: REPLACE_THIS_VALUE' \

    --header 'x-fapi-interaction-id: REPLACE_THIS_VALUE'

    URL

    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the Other Useful Information section for all brand specific domains

     

    Certs

    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However, this is optional for the OBWAC, OB Transport.

     

    Headers

    Parameter
    Example Value
    Description
    authorization

    Bearer
    gktvoeyJhbGciOiJSUzI1NiIsImtpZCI6InE0 LTIwMTctbTEtYm9zIn0.eyJpc3MiOiJsbG9 5ZHMiLCJwcml2YXRlIjoiQUFJa01ETTVO REptWlRVdE9HTmlNaTAwTnpWbUxXSX dNVEl0TkRneVpqTTBaVEV4WXpJNXFh RWU5Z0RCQnAwbjBRQU9xRXo4Ti16UT YwbUhPOFZHU1BQTGhkajdzYjFMYV9w X05mYmJkSnQySHRZc0QyakRXMHdYa S13ZVhZV2s5aHhPSWZrb0d3dE9OamZ oSU56RFMtYWFxLVlhaW1OWmFQbDMt d1MzUFdva0I0OG5WZW4wMF81NGcze U1zMEhlMkVhdUVhcEZlX3hTeEFRVGt2 Q2NHWnhyRmRaWDVHRm9FUEh3UEFj UnptSWhpZ3NZczNiRnRsWkVmR0V3dU RTU1V0SWpRQVAzU1ZNNmJxd1ZJQTh ab3hwazVvRnptWEJLMUl1dHppS0pMX0I wN0ZhYldHOE5qaWtUWHREcXFudDNL bVVhNjVac2dGT3BZT2VUQUFXTkdmdn BKMDhZRnV2MnhvOVRjcmRlejYxdjZCS FBaZkdpLW9tMF9BUjk5NnZRSDJqOTZ ONE5XM0lNM0VIWGpVZG9lMWpoU0Zp cTc4eGhxWXU5MENicHhnSDJ4eng1Y2h 6QlN1WHJNalY2VnVSZ2ZMMUZoRXNZ RjlTY1FKQlRuNmlIVjhLODZDQ0RtZGJuZ jFGQjVybTNQWkZFdFZid0RCYmhBdmh QeXI4bkp6ei1lZkJnVzBrcWNnIn0.dmev3q Q4I14Vgps9Z7rjAJn31Zsepw8m15GWCq eSHLOvlGvbi2RS_uUdDpKAQg3aUpSvJ UbffLP0RfG4RVLlYVI2vPlSKzO9L1eHZj7 QM_S7p03g1cXCFowZye8IgWolBsVNd4 MOIq9rQWHW3ywrS8Fx9S9tum7wIvn8tq IluQqLRa5coKthWW5uz66M8IHfrigeMCOYWsboG5u F0aKni20C1sLHGFWMDZU1M3n25bV0A Zh7INvDoB7EloIgr8IQiOZj0BSPKNtIDMG TXlixM8uVlW6eUJS3Z9dgvO7- LxJrphDeg26ZrYQyMFDxVXjA8VmP2KB 0lnDggbvLwrHkw

    The token obtained in step 5

     

REFRESH TOKEN

When the TPP makes the token call to exchange the Access code for Access token using Authorization Code Grant Type, they get back a Refresh Token in addition to the Access Token. This Refresh Token is valid for 365 days and Access Token itself is valid for 90 days . TPPs will need to ensure that they make the token call with Refresh Token Grant Type to exchange the Refresh Token to get a new Access token and Refresh token before the existing Refresh Token expires to avoid customer having to complete a re-authentication journey. Refresh tokens are one time use tokens and each time the TPP uses it, they will receive a new set of Access and Refresh tokens.

Refresh Token is only available for consumers of Accounts and Transactions, Confirmation of Funds, and Variable Recurring Payment APIs.

curl -k -X POST \

--key ./private-cert.key \

--cert ./public-cert.pem \

--cacert ./ca-cert.pem \

--url {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \

--header 'accept: application/json' \

--header 'cache-control: no-cache' \

--header 'content-type: application/x-www-form-urlencoded' \

--data 'grant_type=refresh_token&client_id=c1d81a9a-609a-47be-9363-8fa038b987da&refresh_token=AAImRuf QlWgaSyEiT6aw-0MhiivaI5daPew3iL9ulWrYkcHVZ-ZutghJ86mRdxLL6NuKKswePJwGWYqXR21TtqETu-v0Xeov1iqJrHiqYFP65pwh6FUbIdTG3nLJ5MKAzmCda6ZfCBW6gYo0eGKBd-qBC9CU35WV8zLLWtSXk83IGuvYtJemxUyh1P_vpNGEQXzMfCr7K4jiJmqyuETT-FyLRPv495gvPAszcyDfHCciYvaQTgfiCcmvI_WOa6kImepD87Bcep1DHbV8dm6wcPSXxkbmT kw2UsNgpWhkNAGKjzvkgt7LW2akF0IizRLFtpyV-CbgiTw2yBeBR_kRMHTT6vR7yzZgLzWAgWHIqOSxPEbaAHW6uIeZgcfSb4CkURs251sxeQtn udJRFywd-0PQxNHweVBu9mDmlogGCF_PvmMb71OwyAGBBlm7oTGd4afIS_h0-i5_ByNtnBhu_d4sn0U2cN'

URL

Parameter
Example Value
Description
secure-domain

Example Value:

OB Transport, OBWAC:

https://secure-api.lloydsbank.com

OBWAC, QWAC:

https://secure-api-eidas.lloydsbank.com/

Please refer to the Other Useful Information section for all brand specific domains

 

Certs

Parameter
Example Value
Description
CACert

Combination of Root & Intermediate

Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

 

Data

Parameter
Example Value
Description
grant_type

refresh_token

The grant type being requested

client_id

c1d81a9a-609a-47be-9363- 8fa038b987da

The Client ID of your application registered in the developer portal

refresh_token

AAImRufQlWgaSyEiT6aw0MhiivaI5daPew3iL9ulWrYkcH VZZutghJ86mRdxLL6NuKKsweP JwGWYqXR21TtqETuv0Xeov1iqJrHiqYFP65pwh6FU bIdTG3nLJ5MKAzmCda6ZfCB W6gYo0eGKBdqBC9CU35WV8zLLWtSXk83I GuvYtJemxUyh1P_vpNGEQXz MfCr7K4jiJmqyuETTFyLRPv495gvPAszcyDfHCciY vaQTgfiCcmvI_WOa6kImepD8 7Bcep1DHbV8dm6wcPSXxkb mTkw2UsNgpWhkNAGKjzvkgt 7LW2akF0IizRLFtpyVCbgiTw2yBeBR_kRMHTT6vR 7yzZgLzWAgWHIqOSxPEbaA HW6uIeZgcfSb4CkURs251sxe QtnudJRFywd0PQxNHweVBu9mDmlogGCF _PvmMb71OwyAGBBlm7oTG d4afIS_h0- i5_ByNtnBhu_d4sn0U2cN'

Refresh token received with the previous Access token

 

APP TO APP

The following section contains useful information for TPPs who wish to initiate App to App re-direction for Lloyds Banking Group Mobile apps.

OVERVIEW

App to App enables TPPs to the initiate the Authorisation and Consent journey via the Lloyds Banking Group Personal and Business Banking mobile applications. This allows the TPP to redirect a user from the TPP application (in a mobile web browser or mobile app) to the Lloyds Banking Group mobile application installed on the user’s device and deep link the user into the Lloyds Banking Group mobile application login screen. The user is then authenticated on their Lloyds Banking Group mobile application using the same credentials/methods as normally used when the user logs into their account using the application (e.g. biometric). In the scenarios where the user does not have the Lloyds Banking Group mobile application installed, they will be redirected to the Lloyds Banking Group browser journey as normal. In the scenarios where the user does not have the Lloyds Banking Group mobile application installed, they will be redirected to the Lloyds Banking Group browser journey as normal.

APP TO APP IMPLEMENTATION

There is no additional changes required by the TPP to implement App to App. The consent authorisation endpoints listed in Section 7 will automatically re-direct customers to the relevant Lloyds Banking Group mobile app. If TPPs support a desktop journey only then the authorisation endpoints in Section 7 will continue to re-direct customers to the Lloyds Banking Group desktop consent authorisation journey.

App to App Variations

Notable implementation variations relating to App to App and Browser to App.

Commercial Journeys

App to App functionality is not supported for Lloyds Bank and Bank of Scotland Commercial customers.

Android Users

When non-Chrome browsers (like Samsung browser or Firefox browser) are used to perform the journey and/or are default browsers in the phone, they don’t let the universal link open the native application, even if the native application is already installed. They force the user to stay in the browser journey. To enable the journey to continue in the native app, “Open links in native app” setting must be enabled in these browsers or Chrome browser, which always works with universal links, should be used.

This is applicable for both App to App and Browser to App journeys

 

ACCOUNT AND TRANSACTION SERVICES

This section provides an overview of how to use our Account and transaction Services APIs. It is intended to help AISPs integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Account and Transaction API Specification can be found here
  • API Products can be found here

Account and Transaction Scope

The below table details the Account and Transaction Services that are supported by Lloyds Banking Group across our Channels and Products.

These are available to use to request Account and Transaction from Current and Savings accounts on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand for Retail Credit Cards.

Account and Transaction Endpoints
Retail
Current Account
Savings Account
Credit Cards
Business
Current Account
Savings Account
Credit card
Commercial
Current Account (Sterling)
Current Account (Non-Sterling)

Account Access Consent

Accounts

Balances

Transactions

Beneficiaries (Domestic)

 

 

Beneficiaries (International)

 
 

 
 

Direct Debit

 

 

 

Standing Order

 

 

 

Products

 

 
 

Offers

 
 

 
 

 

Parties

 

Schedule Payments

 

 

Statements

 
 

 

ACCOUNTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name
Current Accounts
Saving Accounts
Credit Cards

Data.Account

AccountId

Currency

AccountType

AccountSubType

Maturity Date

 

 

NickName

 

Opening Date

SwitchStatus

 
 

Data.Account.Account

SchemeName

Identification

Name

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

GET /accounts
GET /accounts/{AccountId}

Field name “SwitchStatus”

Field will be returned and populated with the value UK.CASS.SwitchCompleted only when an account has been switched out to a different bank. Applicable for retail and business current accounts.

GET /accounts
GET /accounts/{AccountId}

Field name “Name”

The account name displayed for different customer segments are given below

  • Retail: This will be the name of the person who owns the account.
  • Business (O4B): This field will be the legal entity name of the business that owns the account.
  • Commercial (CBO): This will be the name that the account holder gave the account when they opened the account.

BALANCES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name
Current Accounts
Saving Accounts
Credit Cards

Data.Balance

AccountId

CreditDebitIndicator

DateTime

Type

Data.Balance.Amount

Amount

Currency

Data.Balance.CreditLine

Included

Type

Data.Balance.CreditLine.Amount

Amount

Currency

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

GET /accounts/{AccountId}/balances

High Cost of Credit: Field name “Type”

Due to High Cost of Credit (HCC) regulatory requirements the ‘Available’ balance (balance including pending transactions) returned by the /balance endpoint will no longer include the pre-agreed credit (overdraft) the account may have. The ‘Available’ balance shown to the customer in the PISP consent journeys will also change in line with these requirements. In addition, to align with our online channels we will be removing the ‘Credit’ and ‘Available’ optional fields from the Credit line sub section of the /balance endpoint. These changes will only apply to PCAs and BCAs

GET /accounts/{AccountId}/balances

Field name “Amount”

The credit line amount returned for commercial customers who are registered for LBG CBO (Commercial Banking Online) channel are of advisory value only as it may not reflect the complex overdraft and credit facilities available to these customers.

TRANSACTIONS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fields have also been implemented.

Name
Current Accounts
Saving Accounts
Credit Cards

Data.Transaction

AccountId

TransactionReference

Amount

Currency

CreditDebitIndicator

Status

BookingDateTime

ValueDateTime

TransactionInformation

AddressLine

 

Data.Transaction.
BankTransactionCode

 

Code

 

SubCode

 

Data.Transaction.
ProprietaryBank
TransactionCode

Code

Issuer

Data.Transaction.
Balance

 

Amount

 

Currency

 

CreditDebitIndicator

 

Type

 

Data.Transaction.
MerchantDetails

 

MerchantName

 

MerchantCategoryCode

 

Data.Transaction.
CardInstruments

 
 

CardSchemeName

 
 

Authorisation Type

 
 

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

/account/{AccountID}/Transactions

Transactions exception

For the following transaction there will be two records provided to TPP:

  • Cheque transactions (identified by Transaction Code "CHQ") that are currently pending.
  • Combined Cash + Cheque transactions (identified by Transaction Code "DEP") where the cheque amount is currently pending

A "pending" record - for this record LBG will apply the "Value Date" to the "Booking Date" field.

A "booked" record - for this record LBG will apply the "Booking Date" to the "Value Date" field.

/account/{AccountID}/Transactions

Partial Transactions

No partial transaction data will be provided to TPPs. Instead, the TPP will be sent a 400 response.

/account/{AccountID}/Transactions

Transaction reference

"TransactionReference" will only be provided for posted transactions that have Transaction Code "FPO".

/account/{AccountID}/Transactions

Transaction date and Time

Though we comply to the full ISO date time formats, Transaction “from” and “To” booking dates with time segment set can be subject to date roll which could affect the set of transactions served

/account/{AccountID}/Transactions

Credit card Transactions

Credit cards only

Transactions are returned in a reversed chronological order. However, if the statement is created with payments pending, they will be posted in the following statement period and may appear out of sequence

Business Credit card

In addition to credit cards, for business credit card posted transaction, which are posted will be displayed starting with Primary card transactions followed by Subsidiary cards transactions and transactions within Primary card and subsidiary card will be displayed in reverse chronological order.

/accounts/{AccountId}/Transactions

Merchant category code

The merchant category code for balance transfer and money transfer will not be returned to the TPP as these are used only for internal processing.

BENEFICIARIES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.Beneficiary

AccountId

BeneficiaryId

Reference

Data.Beneficiary.SupplementaryData

Data.Beneficiary.CreditorAccount

SchemeName

Identification

Name

Data.Beneficiary.CreditorAgent

SchemeName

Identification

Name

Data.Beneficiary.CreditorAgent.PostalAddress

Country

AddressLine

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

/accounts/{AccountId}/beneficiaries

Display order for beneficiaries

Beneficiaries are returned in the following order

  • Domestic beneficiaries
  • International beneficiaries
  • BACS beneficiaries

Domestic beneficiaries will be displayed in one page. When the last domestic beneficiary is displayed or where no domestic beneficiaries are available, selection of the next link will display international beneficiaries where available. When the last international beneficiary is displayed or where no international beneficiaries are available, selection of the next link will display BACS beneficiaries where available. Once the last record is displayed or where no record is available, the next link will not be presented

The beneficiaries endpoint response may include the same beneficiary listed under both domestic and BACS beneficiaries for a given Account ID.

/accounts/{AccountId}/beneficiaries

Beneficiary postal address

This will contain the Beneficiary Address for the International Beneficiaries

/accounts/{AccountId}/beneficiaries

Field name “Name”

Name of the account, as assigned by the account servicing institution, in agreement with the account owner to provide an additional means of identification of the account.

Usage: The account name is different from the account owner name. The account name is used in certain user communities to provide a means of identifying the account, in addition to the account owner's identity and the account number.

/accounts/{AccountId}/beneficiaries

Field name "SchemeName”

Name of the identification scheme, in a coded form as published in an external list

/accounts/{AccountId}/beneficiaries

Beneficiary

This includes Domestic, BACS and International beneficiaries for Commercial accounts.

All beneficiaries returned in this endpoint are “trusted” beneficiaries.

DIRECT DEBITS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.DirectDebit

AccountId

MandateIdentification

DirectDebitStatusCode

Name

PreviousPaymentDateTime

Frequency

Data.DirectDebit.PreviousPaymentAmount

Amount

Currency

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

GET/accounts/{Accountid}/direct- debits

Commercial CBO

Maximum of 500 direct debit for commercial (CBO) customers per account are returned. For more information about Direct Debits not shown please visit our Support Centre.

STANDING ORDERS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.StandingOrder

AccountId

Frequency

Reference

FirstPaymentDateTime

FirstPaymentAmount

Currency

NextPaymentDateTime

NextPaymentAmount

Currency

FinalPaymentDateTime

FinalPaymentAmount

Currency

StandingOrderStatusCode

Data.StandingOrder.CreditorAccount

SchemeName

Identification

Name

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

GET /accounts/{AccountId}/standing-orders

Commercial CBO

Maximum of 500 standing orders for commercial (CBO) customers per account. For more information about Standing Orders not shown please visit our Support Centre.

PRODUCTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.Product

ProductId

ProductName

SecondaryProductId

Data.Product.PCA.ProductDetails

ProductDetails

CreditInterest

Overdraft

CreditInterest.TierBandSet

TierValueMax

OtherFeesCharges

Data.Product.BCA.ProductDetails

CreditInterest

Overdraft

OtherFeesCharges

Data.Product.OtherProducts Type

OtherProductType

Name

Description

MaturityDate

Data.Product.BCA.CreditInterest

Calculation Method

Destination

TierValueMaximum

DepositInterestAppliedCoverage

BankInterestRateType

BankInterestRate (O)

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Supplementary product information

Supplementary product information and links to Terms and Conditions are provided in ‘Notes’ field. This contains important details about conditions that apply to accounts, and about thresholds for credit interest

This data should be published alongside product details to ensure that products are presented clearly and do not mislead customers

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Segment field

Optional “Segment” field is provided for PCA only to help provide account comparison.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

Overdraft

Details of overdrafts will only be published if the customer currently uses the overdraft facility available on their account

Details about overdraft rates, fees & charges. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

CreditInterest

Details about the interest that may be payable to the PCA, BCA account holders. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

TierBandMethod

The methodology of how overdraft is charged. It can be

  • 'Whole’ Where the same charge/rate is applied to the entirety of the overdraft balance (where charges are applicable).
  • 'Tiered' Where different charges/rates are applied dependent on overdraft maximum and minimum balance amount tiers defined by the lending financial organisation.
  • 'Banded' Where different charges/rates are applied dependent on overdraft maximum and minimum balance amount bands defined by a government organisation.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “TierValueMin”

Minimum value of Overdraft Tier/Band

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “TierValueMax”

Maximum value of Overdraft Tier/Band

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA

Field name “EAR”

EAR means Effective Annual Rate and/or Equivalent Annual Rate (frequently used interchangeably), being the actual annual interest rate of an Overdraft.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/PCA
OBReadProduct2/Data/Product/BCA

OtherFeesCharges

Contains details of fees and charges which are not associated with either borrowing or features/benefits. Provided where applicable.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

OtherProductType

Other Product type will contain only Savings accounts. The values returned will be either Personal Savings Account or Business Savings Account.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

TierBandMethod

The methodology of how credit interest is paid/applied.

  • Whole (INWH) - The same interest rate is applied irrespective of the PSA/BSA balance.
  • Tiered (INTI) - Interest rates are tiered i.e., increasing rate for each tier as balance increases, but interest paid on tier is fixed for that tier and not on whole balance.
  • Banded (INBA) - Interest rates are banded i.e., increasing rate on whole balance as balance increases

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Name”

Long name associated with the product

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Description”

Description of the Product associated with the account

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “MaturityDate”

Maturity date for the account

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Calculation Method”

Methods of calculating interest.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Destination”

Describes whether accrued interest is payable only to the PSA/BSA or to another bank account.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “TierValueMinimum”

Minimum deposit value for which the credit interest tier applies.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “TierValueMaximum”

Maximum deposit value for which the credit interest tier applies.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Applicationfrequency”

How often interest is applied to the PSA/BSA for this tier/band i.e. how often the financial institution pays accumulated interest to the customer's PSA/BSA

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “DepositInterestAppliedCoverage”

Amount on which interest is applied

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “FixedVariableInterestRateType”

Type of interest rate i.e. variable

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “AER”

The annual equivalent rate (AER) is interest that is calculated under the assumption that any interest paid is combined with the original balance and the next interest payment will be based on the higher account balance. Overall, this means that interest can be compounded several times in a year depending on the number of times that interest payments are made.

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “BankInterestRateType”

Interest rate types, other than AER, which financial institutions may use to describe the annual interest rate payable to the PSA/BSA

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “BankInterestRate (O)”

Bank Interest for the PSA/BSA product

/account/{AccountID}/Product

OBReadProduct2/Data/Product/BCA

Field name “Overdraft arrangements”

Lloyds Banking Group have provided supplementary product information in the ‘Notes’ field. This contains important details about conditions that apply to accounts.

This data should be published alongside product details to ensure that products are presented clearly and do not mislead customers.

Please find below the breakdown of the information provided and the section to which it applies:

“Please be aware:

The information provided reflects a normal Credit Interest arrangement.”

- Applies to: ‘CreditInterest’ array.

“Overdraft arrangement fees may apply.”

- Applies to: ‘Overdraft’ array. Due to technical constraints, Lloyds Banking Group are unable to provide account-specific data in relation to Overdraft arrangement fees.

“The first time you go overdrawn, without an agreed overdraft facility, or exceed your agreed limit with us by £50 or more, you may be charged an Unauthorised Borrowing Fee (UBF) of £15. After that, the UBF is applied every time you increase your unauthorised borrowing by £50 or more from the previous day’s closing balance, unless a higher limit is agreed with us or until the account is within its existing limit or in credit.”

- Applies to: ‘Overdraft’ array. The above describes additional detail with regards to the application of the “UnauthorisedBorrowing” fee.

“The Account Monthly Fee provided is the standard value associated with this product.”

- Applies to: ‘OtherFeesCharges’ array.

- The above relates to the value provided as the “ServiceCAccountFeeMonthly” fee.

OFFERS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.Offers

 

OfferId

OfferType

Description

StartDateTime

EndDateTime

Rate

Term

PARTIES VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.Party

PartyType

Full Legal Name

Legal Structure

SCHEDULED PAYMENTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.ScheduledPayment

ScheduledPaymentId

Reference

DebtorReference

Data.ScheduledPayment.CreditorAccount

Name

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

/accounts/{AccountId}/scheduled payments

BACS schedule payments

BACS Scheduled Payments will be available for Lloyds Bank and Bank of Scotland business accounts only.

STATEMENTS VARIATIONS

In addition to all mandatory fields defined in Account and Transaction API specifications, the following optional fieldshave also been implemented.

Name
Current Available

Data.Statement

StatementId

StatementDescription

{StatementID}/File

There are several important implementation variations that AISPs should be aware of. These are detailed in the table below.

Endpoints
Description

/accounts/{AccountId}/statements

/accounts/{AccountId}/statements/{StatementId}/file

In scope statements Endpoints

Lloyds Banking Group has implemented these two endpoints for statements

/accounts/{AccountId}/statements

Business Credit Card

CSV file is available only for the Business Credit Cards and for last 6 months.

PROPRIETARY BANK TRANSACTION CODES

Lloyds Banking Group supports the following Proprietary Bank Transaction Codes:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Proprietary Bank Transaction Code
Text Description
A-AAC
ACCRUE ANCILLARY CHARGES
A-AALT
TRANSFER OF PRODUCT/TARIFF WITH CHARGING
A-AB
AMEND AVERAGE BALANCE
A-ABL
AMEND ACTION BALANCE
A-AC
MORTGAGE ARREARS/CREDIT AMENDMENT
A-ACB
AMEND CLEARED AVERAGE BALANCE
A-ACC
AMEND ACCRUED CHARGES
A-ACD
AMEND AUTOMATED CREDIT DECISIONS
A-ACN
AMEND AMOUNT OF COINS
A-ACO
AMD CHQ & CREDIT BOOK PERSONALISATN DETS
A-ALT
TRANSFER OF PRODUCT/TARIFF WITHOUT CHGS
A-ANA
AMEND NAME/ADDRESS FOR ACCOUNT
A-ANT
AMEND AMOUNT OF NOTES
A-AUD
AMEND ACCOUNT USAGE DETAILS
A-BID
AMEND BESPOKE INTEREST DETAILS
A-BRI
AMEND EOD BALANCE REPORT INDICATOR
A-BT
AMEND BUSINESS TYPE
A-CBL
AMEND CREDIT BALANCE LIMIT
A-CCD
AMEND A/C ANNIV/CUS SELECTED DATE DETAIL
A-CCT
AMEND COUNT OF CREDIT TRANSACTIONS
A-CDCP
COMPROMISED PIN
A-CDO
ATM DEPOSIT ACCOUNT NUMBER ENQUIRY
A-CDT
AMEND COUNT OF DEBIT TRANSACTIONS
A-CGS
AMEND DEFERRED CHARGES
A-CHGD
AMEND CHARGEABLE DAYS
A-CNA
AMEND CUSTOMER NAME/ADDRESS
A-COW
AMEND COUNT OF WITHDRAWALS
A-CSR
APPLICATION RESULT REVERSAL
A-CT
AMEND CREDIT TURNOVER
A-CUD
AMEND CUSTOMER DECISION TRAILER
A-CUS
AMEND BASIC CUSTOMER DETAILS
A-DBL
AMEND SPEEDBANK PREFERENCE
A-DCD
CARD DETAILS AMENDMENT
A-DCL
AMEND BANKCARD LIMITS
A-DCR
ISSUE DEBIT CARD RENEWAL
A-DCVS
CARD LOST/STOLEN
A-DDC
DECLINE CARD
A-DDM
AMEND DIRECT DEBIT MANDATE
A-DEC
ACKNOWLEDGE DECLINE
A-DLW
AMEND DATE OF LAST WITHDRAWAL
A-DT
AMEND DEBIT TURNOVER
A-FBI
AMEND FAMILY BONUS INTEREST
A-FES
AMEND STOCK LEVEL
A-FMP
INTER CENTRE AUTOMATED DIRECT DEBIT
A-FO
AMEND FORMAL OVERDRAFT LOAN DETAILS
A-FOA
FORMAL OVERDRAFT AMEND
A-FOU
FORMAL OVERDRAFT LIMIT UPDATE
A-FTB
MORTGAGE FTB ADJUSTMENT
A-IC
AMEND ITEM COUNT
A-IDCP
ISSUE PIN
A-IGI
AMEND EARNED INTEREST - CAIS
A-IGO
AMEND OVERDRAFT INTEREST/CHARGES - CAIS
A-INS
AMEND INSURANCE INDICATOR
A-INT
AMEND EARNED INTEREST
A-INT
AMEND EARNED INTEREST (GENERATED)
A-INV
AMEND COUNTRY OF TRADING
A-IRC
INTEREST RATE/TAX RATE ADJUSTMENT
A-IRN
INTEREST RATE CHANGE NOTIFICATION
A-ISA
AMEND ISA DETAILS
A-IST
AMEND ISA TAX DETAILS
A-ITC
ISSUE TAX CERTIFICATE
A-ITM
ISSUE TESSA MATURITY CERTIFICATE
A-LB
AMEND LOWEST BALANCE
A-LFF
LOAN FULFILMENT
A-LIM
AMEND DEPOSIT/WITHDRAWAL LIMIT DETAILS
A-LIM
AMEND DEPOSIT/WDL & FOLLOW UP LIMITS
A-LIN
AMEND LIFE INSURANCE TYPE
A-LPD
AMEND LAST PASSBOOK PRESENTATION DATE
A-LTD
AMEND DATE OF LAST TRANSACTION
A-MAC
AMEND PERIODIC PAYMENTS OUT
A-MB
AMEND MINIMUM BALANCE
A-MBL
AMEND MAINTAINED BALANCE
A-MC
AMEND SUNRISE STATUS
A-MI
AMEND PERIODIC PAYMENTS IN
A-MKT
AMEND MARKETING CUSTOMER DETAILS
A-MNM
AMEND MINIMUM VALUE IN MONTH
A-MNP
AMEND MINIMUM VALUE IN PERIOD
A-MOR
AMEND MORTGAGE DETAILS
A-MPA
AMEND PROPERTY ADDRESS
A-MPI
AMEND PROPERTY INSURANCE
A-MWB
AMEND ACCOUNT MINIMUM WITHDRAWAL BALANCE
A-MXM
AMEND MAXIMUM VALUE IN MONTH
A-MXP
AMEND MAXIMUM VALUE IN PERIOD
A-NBG
AMEND NUMBER OF BANK GIRO CREDITS
A-NCQ
AMEND NUMBER OF CHEQUES
A-NIN
AMEND NATIONAL INSURANCE NUMBER
A-NIR
AMEND NOTIONAL INTEREST RATE
A-NMB
ACTIVATE NEW MONEY BONUS (SYSTEM)
A-NNT
AMEND NUMBER OF NOTES
A-NR
MORTGAGE NORMALISED PAYMENT ADJUSTMENT
A-NRD
NON RESIDENT DETAILS
A-ODC
ORDER CARD
A-ODI
AMEND ACCRUED/PRE-NOTIFIED OD INT CHGS
A-ODI
AMEND ACCRUED/PRE-NOTIFIED OD INT CHGS
A-OIC
AMEND ECONOMIC SECTOR
A-PIN
PROPERTY INSURANCE NOTIFICATION
A-PLN
AMEND PASSBOOK LINE NUMBER
A-PNC
AMEND PRE-NOTIFIED CHARGES
A-PPR
AMEND PPR ACCOUNT DATA
A-PRA
AMEND PRINCIPAL RESIDENTIAL ADDRESS
A-PSC
PRINTED CORRESPONDENCE SUPPRESSION STATU
A-PSS
AMEND PRINTED STATEMENT SUPPRESSION
A-RAD
REPLICATE ADDRESS DETAILS
A-RCD
AMEND REGULAR CONTRIBUTIONS DETAILS
A-RD
AMEND SET OFF REVIEW DATE
A-RDC
RE-ISSUE CARD
A-RMT
AMEND ACCOUNT TAX STATUS
A-RPC
REPLICATE CUSTOMER DETAILS
A-RSN
AMEND REASON FOR OVERDRAFT
A-RTD
REPLICATE TELEPHONE DETAILS
A-RTX
REPLICATE TAX DETAILS
A-SAR
AMEND SUSPENSION OF AUTOMATIC REPAYMENTS
A-SC
AMEND SERVICE CHARGES
A-SCB
AMEND CLEARED SUM OF DAILY BALANCES
A-SCN
AMEND SCF CUSTOMER NUMBER
A-SDB
AMEND SUM OF DAILY BALANCES
A-SDI
AMEND ACCUMULATED SUSPENDED DEBIT INT
A-SSG
PIN FOR REPLACEMENT CARD
A-SSP
CUSTOMER SELF SELECT PIN
A-STD
AMEND STD INDIVIDUAL CUSTOMER DETAILS
A-SWS
AMEND SWITCHING STATUS
A-TCI
AMEND TRANSACTION CHARGE VARIANCE IND
A-TCO
AMEND TRANSMISSION CHARGE OPTION
A-TCV
AMEND TRANSACTION CHARGE VARIANCE VALUE
A-TRI
AMEND TURNOVER RATE VARIANCE INDICATOR
A-TRV
AMEND TURNOVER RATE VARIANCE VALUE
A-TXA
AMEND ACCOUNT/CUSTOMER TAX DETAILS
A-TXD
AMEND TAX DETAILS
A-TXS
AMEND CUSTOMER/ACCOUNT TAX STATUS
A-TXS
AMEND CUSTOMER TAX RETURNS STATUS
A-TYP
AMEND CUSTOMER TYPE
A-UNC
PAPER CLEARING AUTHORISATION CONFIRMATIO
A-XAC
AMEND CROSS INTEREST AND CHARGES A/C NUM
A-YE
MORTGAGE YEAR END UPDATE
ACEFD
DELETE EARMARK (CMAS)
ACEFE
ENTER EARMARK (CMAS)
ACT
AUTOTELLER ACTIVATE
AE CW
ENQUIRY ON PRODUCT FROM SUBTYPE
AE PA
DEBIT INTEREST SUMMARY REQUEST
AE SP
COR EFTPOS STANDARD PURCHASE AUTH ONLY
AEPAR
ENQUIRY ON SUBTYPE FROM PRODUCT
AEPCB
ENQUIRY ON PRODUCT
AMD
AMEND TERM DEPOSIT SERIES
AMD
AMEND TERM DEPOSIT
AMD
SET UP/AMEND SPECIFIC PROVISION
AMD
AMEND LIABILITY VALUES
AMD
AMEND FROZEN BUSINESS CHARGE
AMD
TERM DEPOSIT INTERNAL AMENDMENT
AR-CAN
CANCEL AUTOMATED REQUEST
AR-ENQ
AUTOMATED REQUEST ENQUIRY
AR-IND
AUTOMATED REQUEST - REMOVE CHARGE
AR-IND
AUTOMATED REQUEST - DELETE ACCOUNT
AR-NEW
NEW AUTOMATED REQUEST
AV AR
VISA AUTHORISATION REQUEST
AVAEA
VISA AUTH COMPLETION CONFIRMATION
AVARA
VISA AUTHORISATION ADVICE
AVEFD
EARMARKS FUNDS DELETION (VISA)
AVEFE
EARMARKS FUNDS ENTER (VISA)
AVGAA
GENERATE AUTHORISATION CODE (VISA)
B-CBO
ORDER BRANCH CHEQUE OR CREDIT BOOK
B-CLA
BULK CLOSE NPAS (BRANCHES AND ADMIN)
B-CLB
BULK CLOSE NPAS (BRANCHES ONLY)
B-NDC
BULK TRANSFERS - NEW DEBIT CARD
B-NWA
BULK NEW NPAS (BRANCHES & ADMIN)
B-NWB
BULK NEW NPAS (BRANCHES ONLY)
BD-INA
BULK DELETE INDS (BRANCHES & ADMIN)
BD-INB
BULK DELETE INDICATORS (BRANCHES ONLY)
BGC
BANK GIRO CREDIT
BI-INA
BULK INSERT INDS (BRANCHES & ADMIN)
BI-INB
BULK INSERT INDICATORS (BRANCHES ONLY)
BNS
BONUS
BP
BILL PAYMENTS
BP-AMD
BILL PAYMENT AMEND (A/T)
BP-AMD
BILL PAYMENT AMEND (TELLER)
C-BAC
CLOSE ACCOUNT BY BACS CREDIT
C-BAC
CLOSE ACCOUNT BY BACS CREDIT HISTORY TXN
C-CHQ
CLOSE ACCOUNT BY CHEQUE
C-CHQ
CLOSE ACCOUNT BY CHEQUE HISTORY TXN
C-CSH
CLOSE ACCOUNT BY CASH
C-CSH
CLOSE ACCOUNT BY CASH HISTORY TXN
C-IAA
CLOSE BY TRANSFER TO INACTIVE ACCOUNTS
C-LN
FIXED INTEREST LOAN CLOSURE
C-LN
CLOSE FIL (EARLY SETTLEMENT)
C-LN
CLOSED FIL (DEATH OF BORROWER)
C-LN
CLOSE FIXED INTEREST LOAN (BAD DEBT)
C-MTG
MORTGAGE DELETION
C-STM
TAX RETURNS INTERNAL MOVEMENTS
C-TFR
CLOSE BY BRANCH TRANSFER
C-VIL
CLOSE VARIABLE INTEREST LOAN
C-VIL
CLOSE VARIABLE INTEREST LOAN HISTORY TXN
C-YEL
CLOSE YEAR END LEDGER
CAN
CANCEL TERM DEPOSIT
CAV AR
COR VISA AUTHORISATION
CHG
CHARGE
CHQ
CHEQUE(S)
CLO
TERM DEPOSIT CLOSURE
COM
COMMISSION
COR
CORRECTION
CP-RCC
COR DEBIT OF REPLACEMENT CARD CHARGES
CPT
CASHPOINT
CSH
CASH
CSQ
CASH/CHEQUE(S)
D-ATI
ACCOUNT TRANSFER IN CREDIT
D-ATO
ACCOUNT TRANSFER OUT CREDIT
D-BDG
DELETE BADGE ISSUE
D-BE
DELETE BADGE ISSUE
D-BLK
SYSTEM ESSENTIAL BULK CREDIT
D-BP
BILL PAYMENT CREDIT
D-BTI
BULK TRANSFER IN CREDIT
D-BTO
BULK TRANSFER OUT CREDIT
D-CAP
GROSS CREDIT INT TRANSFER CREDIT
D-CAP
NET CREDIT INT TRANSFER CREDIT
D-CAP
CREDIT OF CAPITALISED INTEREST - GROSS
D-CAP
CREDIT OF CAPITALISED INTEREST - NET
D-CAP
CREDIT OF CAPITALISED INTEREST
D-CC
DEPOSIT OF CREDIT CLEARING
D-CC
BANK GIRO CREDIT
D-CC
INTERBANK AUTOMATED SETTLEMENT
D-CC
RETURNED UNAPPLIED AUTO CREDIT
D-CC
BANK GIRO CREDIT (MORTGAGES)
D-CC
EXCHANGE CONTROL CREDIT TYPE 2
D-CC
EXCHANGE CONTROL CREDIT TYPE 1
D-CC
DIVIDEND/INT CREDIT WITHOUT TAX VOUCHER
D-CC
BUILDING SOCIETY INTEREST CREDIT
D-CF
DELETE CREAMING/FUNDING TRAILER
D-CHQ
DEPOSIT OF GENERAL CHEQUE
D-CHQ
PARTIAL CHEQUE ENCASHMENT
D-CHQ
FULL/PARTIAL CHEQUE ENCASHMENT
D-CHQ
FULL CHEQUE ENCASHMENT
D-CHQ
IMMEDIATE CHEQUE DEPOSIT
D-CIT
DEPOSIT OF CLEARINGS ITEMS
D-CLR
DEPOSIT OF PAPER CLEARING
D-CPY
DEPOSIT OF CREDIT PAYMENT
D-CPY
CREDIT OF CLOSED ACCOUNT CREDIT PAY-NET
D-CPY
CREDIT OF CLOSED A/C CREDIT PYMNT-GROSS
D-CPY
CREDIT PAYMENT - NET
D-CPY
CREDIT PAYMENT - GROSS
D-CRM
INTER-CENTRE CREAMING CREDIT RECIPIENT
D-CRM
CREAMING CREDIT (RECIPIENT)
D-CSH
DEPOSIT OF CASH
D-CSH
AT CASH TRANSFER IN
D-CSH
IMMEDIATE CASH DEPOSIT
D-CSH
SYSTEM CREDIT TO AN NPA
D-CSQ
DEPOSIT OF CASH/CHQ
D-CSR
DELETE APPLICATION RECORD
D-CUR
FOREIGN EXCHANGE PURCHASE
D-CUR
FOREIGN EXCHANGE PURCHASE (CASH)
D-CUS
CUSTOMER DELETION
D-DAA
BULK CREDIT FROM DAA
D-DRO
BRANCH CREDIT OUT CONTRA
D-DS
DIRECT SETTLEMENT VIA COUNTER
D-DTS
DEPOSIT OF DTS BY CASH
D-DTS
DEPOSIT OF DTS BY CHEQUE
D-DTS
DEPOSIT OF DTS WITH INTEREST BENEFIT
D-DTS
INTER-CENTRE DTS CREDIT
D-DTS
DTS CREDIT
D-DTS
DTS PAY THE SCHEME SEQ PASS
D-DTS
DTS CREDIT
D-DTS
EQUALISATION CREDIT (DTS)
D-DTS
EQUALISATION DEBIT (DTS)
D-FE
DEPOSIT OF FOREIGN EXCHANGE
D-FIG
CREDIT OF FAMILY BONUS INTEREST GROSS
D-FIL
DEPOSIT OF CASH TO FIL
D-FIN
CREDIT OF FAMILY BONUS INTEREST NET
D-FIT
DEPOSIT OF FINANCIAL ITEMS
D-FMR
FULL MORTGAGE REDEMPTION
D-FND
FUNDING CREDIT (RECIPIENT)
D-FP
FASTER PAYMENTS RETURN
D-FP
FASTER PAYMENTS CREDIT (CBS BENEFICIARY)
D-FST
FIXED SERVICE CHARGE TRANSFER CREDIT
D-GIR
DEPOSIT OF GIRO CREDIT
D-HSE
DEPOSIT OF HOUSE CHEQUE
D-IAA
DEPOSIT TO INACTIVE ACCOUNTS ACCOUNT
D-IAA
BULK CREDIT FROM IAA
D-ICC
INTER-BANK DEPOSIT OF CASH & CHQ
D-ICH
INTER-BANK DEPOSIT OF CASH
D-ICQ
INTER-BANK DEPOSIT OF CHEQUE
D-INS
PROPERTY INSURANCE - BORROWER
D-INS
PROPERTY INSURANCE CREDIT
D-INT
CREDIT OF CLOSED A/C INTEREST - GROSS
D-INT
CREDIT OF CLOSED A/C INTEREST - NET
D-INT
CREDIT OF CLOSED ACCOUNT INTEREST
D-INT
INTEREST DETAILS DELETION
D-LN
FIXED INTEREST LOAN CREDIT
D-LN
PERSONAL LOAN INITIAL CREDIT
D-LN
HOME IMPROVEMENT LOAN INITIAL CREDIT
D-LN
NCB MORTGAGE INITIAL CREDIT
D-LN
BUSINESS LOAN INITIAL CREDIT
D-LNK
LINK DELETION
D-LST
NBE AMALGAMATION CREDIT
D-MIP
MIP SYSTEM CREDIT TO NPA
D-MKI
DELETE MARKETING INDICATOR
D-NOW
DELETE NOTICE OF WITHDRAWAL TRAILER
D-NS
DEPOSIT OF POST OFFICE DIVIDENDS
D-NS
NATIONAL SAVINGS DIVIDEND - INTERNAL
D-NS
NATIONAL SAVINGS DIVIDEND - EXTERNAL
D-OID
DELETE OFFICER IDENTITY
D-OID
BRANCH-TO-BRANCH BROADCAST
D-OTH
DEPOSIT OF MISCELLANEOUS ITEMS
D-PEN
DEPOSIT OF PENSIONS BY CASH
D-PEN
DEPOSIT OF PENSIONS BY CHEQUE
D-PMR
PARTIAL MORTGAGE REDEMPTION
D-POL
CREDIT OF POOLED INTEREST - GROSS
D-POL
CREDIT OF POOLED INTEREST - NET
D-PRA
DELETE PRINCIPAL RESIDENTIAL ADDRESS
D-REP
MORTGAGE REPAYMENT
D-REP
MORTGAGE REPAYMENT CREDIT
D-SAL
DEPOSIT OF SALARIES BY CASH
D-SAL
DEPOSIT OF SALARIES BY CHEQUE
D-SAL
SALARY CREDIT
D-SAL
SALARY CREDIT
D-SAL
EQUALISATION CREDIT (SALARY)
D-SAL
EQUALISATION DEBIT (SALARY)
D-SC
SEPA DD CREDIT
D-SDR
RETURN OF SEPA DD DEBIT
D-SDY
DEPOSIT OF SUNDRY ITEMS
D-SET
SETTLEMENT CREDIT
D-SO
DEPOSIT OF STANDING ORDERS
D-SO
STANDING ORDER CREDIT
D-SPB
AT DEPOSIT
D-STK
DEPOSIT BY SALE OF STOCKS/SHARES
D-SWP
SWEEPING CREDIT
D-TAX
CREDIT TAX REFUND
D-TBI
CREDIT OF TERM SAVINGS BONUS INTEREST
D-TC
COR CREDIT TRUSTCARD NPA
D-TC
CREDIT TRUSTCARD NPA
D-TD
CREDIT OF TERM DEPOSIT CAPITAL
D-TDI
CREDIT OF TERM DEPOSIT INTEREST (GROSS)
D-TDI
CREDIT OF TERM DEPOSIT INTEREST (NET)
D-TFR
INTER ACCOUNT TRANSFER CR TELEFINANCE
D-TFR
INTER ACCOUNT TRANSFER CREDIT
D-TFR
INTER ACCOUNT TRANSFER CREDIT (A/T)
D-TFR
LOAN CHARGES TRANSFER CREDIT
D-TFR
OVERDRAFT INTEREST TRANSFER CREDIT
D-TFR
CHARGES TRANSFER CREDIT
D-TFR
TRANSFER CREDIT PAYMENT - NET CREDIT
D-TFR
TRANSFER CREDIT PAYMENT - GROSS CREDIT
D-TFR
TRANSFER OF PLANNED O/F FEES - CREDIT
D-TFR
TRANSFER OF USAGE FEES CREDIT
D-TIB
TRANSFER IN CREDIT - BUSINESS A/C
D-TOP
TRANSFER OUT CREDIT - PERSONAL A/C
D-TSB
TRANSFER OF AN AMOUNT FROM ANOTHER TSB
D-UAC
DEPOSIT OF UNAPPLIED CREDIT
D-UCQ
CLAIM FOR UNPAID CHEQUE
D-UDD
CLAIM FOR UNPAID DIRECT DEBIT
D-ZER
CREDIT TO ZEROISE BALANCES
DD
DIRECT DEBIT
DE PA
COR EFTPOS PURCHASE ADJUSTMENT CR ADVICE
DE PA
EFTPOS REFUND ADJUSTMENT CREDIT ADVICE
DEB
DEBIT CARD
DEL
DELETE AUTOMATED CREDIT DECISIONS
DEL
DELETE TERM DEPOSIT SERIES
DEL
TERM DEPOSIT SERIES CLOSURE
DEL
FIL APPLICATION DELETION
DEP
DEPOSIT
DERFD
EFTPOS REFUND ADVICE
DIV
DIVIDEND
DR
OVERDRAWN BALANCE
DT-ACB
AMEND CONTROLLING BRANCH
DT-CCR
CANCEL CREDITS
DT-CS
CANCEL SCHEME
DT-DAC
DECREASE ACCUMULATION
DT-DTP
DECREASE THIS PERIOD
DT-IAC
INCREASE ACCUMULATION
DT-ITP
INCREASE THIS PERIOD
DT-NSH
NEW SCHEME HEADER
DT-NSV
NEW SAVER
DT-NTP
NEW THIS PERIOD
DT-PAS
PERMANENT AMENDMENT TO SCHEME HEADER
DT-PAY
PAY THE SCHEME
DT-PD
PERMANENT DECREASE
DT-PI
PERMANENT INCREASE
DT-PSC
PRIMARY SCHEME CANCELLATION
DT-SCE
SCHEME ENQUIRY
DT-SHE
SCHEME HEADER ENQUIRY
DT-SL
SCHEME LEAVER
DT-SLI
SET LIST INDICATOR
DT-SVE
SAVER ENQUIRY
DT-TAS
TEMPORARY AMENDMENT TO SCHEME HEADER
DT-TD
TEMPORARY DECREASE
DT-TI
TEMPORARY INCREASE
DVRFD
VISA CREDIT VOUCHER
E-ADV
ADVANCES ENQUIRY
E-BRP
ENQUIRY FOR BRANCH OLIF REPORTS
E-CYS
COPY STATEMENT ENQUIRY
E-FCI
FIL CUSTOMER INFORMATION ENQUIRY
E-FHD
FIL REPAYMENT HISTORY DETAILS ENQUIRY
E-FIL
FIL FULL ENQUIRY
E-FLB
FIL BASIC ENQUIRY
E-FLL
FULL ENQUIRY
E-FP
FASTER PAYMENTS CHARGE ENQUIRY
E-IND
INDICATOR ENQUIRY
E-IRP
ENQUIRY ON INSPECTION OLIF REPORTS
E-LTC
LOAN TAX CERTIFICATE DETAILS ENQUIRY
E-NSL
NBE/STATEMENT LINES ENQUIRY
EE EQ
ENQUIRE ON NOTICE OF WITHDRAWALS
EF-ENQ
ENQUIRE EARMARK (CMAS)
EFT
ELECTRONIC FUNDS TRANSFER
EUR
EURO CHEQUE
FE
FOREIGN EXCHANGE
FEE
SERVICE FEE
FPI
FASTER PAYMENTS INBOUND
FPO
FASTER PAYMENTS OUTBOUND
G-CBO
GENERATED CHEQUE/CREDIT BOOK ORDER
I-ACO
INSERT CHQ & CREDIT BOOK PERSONALTN DETS
I-AT
INSERT ACCOUNT TITLE
I-BCD
INSERT BUSINESS CUSTOMER DETAILS
I-BDG
INSERT ADDITIONAL BADGE ISSUE
I-CF
INSERT CREAMING/FUNDING TRAILER
I-CSA
CREDIT SCORING APPLICATION AMEND
I-CSR
INPUT CREDIT REFERENCE
I-CUD
INSERT CUSTOMER DECISION TRAILER
I-DDM
INSERT DIRECT DEBIT MANDATE
I-FO
INSERT FORMAL OVERDRAFT
I-FOA
INSERT FUTURE OVERDRAFT ARRANGEMENT FEE
I-GCR
ADD ACCOUNTS TO GROUP CREAMING
I-IND
INSERT INDICATOR
I-IND
INSERT CUSTOMER INDICATOR
I-LCB
INSERT LOST CHEQUE BOOK TRAILER
I-MKI
INSERT MARKETING INDICATOR
I-MPA
NEW PROPERTY ADDRESS
I-NCC
CREDIT CARD APPLICATION
I-NDC
NEW CARD
I-NOW
INSERT NOTICE OF WITHDRAWAL TRAILER
I-OID
INSERT OFFICER IDENTITY
I-OID
INSERT OFFICER ID - BADGE DETS (HISTORY)
I-PCS
PRIMARY CREDIT SCORING APPLICATION
I-PRA
INSERT PRINCIPAL RESIDENTIAL ADDRESS
I-RSF
INSERT REGULAR SERVICE FEE TRAILER
I-SA
INSERT SET OFF ACCOUNT DETAILS
I-SCQ
INSERT STOPPED CHEQUE TRAILER
I-SCS
SECONDARY CREDIT SCORING APPLICATION
I-SDD
INSERT STOP DIRECT DEBIT TRAILER
I-UNC
INSERT UNCLEARED CHEQUE TRAILER
I-XRF
INSERT CROSS REFERENCE
IB
INTERNET BANKING
INT
INTREST
L-CUS
LINK CUSTOMER TO ACCOUNT
LN-AMD
AMEND FIXED INTEREST LOAN
LN-CAN
FIXED INTEREST LOAN CANCEL
LTB
BANK TRANSFER
M-CBO
MANUAL CHEQUE/CREDIT BOOK ORDER
M-TFO
MORTGAGE TRANSFER
MPI
MOBILE PAYMENT IN
MPO
MOBILE PAYMENT OUT
MTG
MORTGAGE PAYMENT
N-DFC
PRE-NOTIFICATION OF DEFERRED CHARGES
N-FSC
PRE-NOTIFICATION OF FIXED SERVICE CHARGE
N-MGC
PRE-NOTIFICATION OF MANAGEMENT CHARGE
N-OIC
PRE-NOTIFICATION OF OVERDRAFT INT CHGS
N-PNC
PRE-NOTIFICATION OF CHARGES
NEW
NEW ACCOUNT BY DEPOSIT OF CASH
NEW
NEW ACCOUNT BY DEPOSIT OF CHEQUE
NEW
NEW ACCOUNT
NEW
NEW PENDING BRANCH TRANSFER-IN
NEW
NEW CUSTOMER
NEW
NEW WITH CASH/CHQ
NEW
NEW MORTGAGE ACCOUNT
NEW
NEW FIXED INTEREST LOAN
NEW
NEW VARIABLE INTEREST LOAN
NEW
NEW TERM DEPOSIT SERIES
NEW
NEW TERM DEPOSIT (CSH)
NEW
NEW TERM DEPOSIT (CHQ)
NEW
NEW SPECIAL TERM DEPOSIT - CASH
NEW
NEW SPECIAL TERM DEPOSIT - CHEQUE
NEW
COR NEW TERM DEPOSIT
NEW
COR NEW FIXED INTEREST LOAN
NEW
BULK TFRS REQUEST NEW SPEEDBANK CARD
NS
NATIONAL SAVINGS DIVIDEND
NSC
NATIONAL SAVINGS CERTIFICATE
O-CUS
REORDER CUSTOMERS FOR ACCOUNT
OTH
OTHER
P-ACQ
WITHDRAWAL OF CAD GENERAL CLEARING
P-ACQ
CHEQUE DEBIT
P-ADV
MORTGAGE ADVANCE
P-AOF
DEBIT OF PLANNED OVERDRAFT FEES
P-AOF
DEBIT OF CLOSED ACCOUNT PLANNED O/F FEES
P-AOF
DEBIT OF USAGE FEES
P-AOF
DEBIT OF CLOSED ACCOUNT USAGE FEES
P-ATD
COR DEBIT/ACCRUE ANCILLARY CHARGE
P-ATF
COR ATM WITHDRAWAL FEE
P-ATF
ATM WITHDRAWAL FEE
P-ATI
ACCOUNT TRANSFER IN DEBIT
P-ATO
WITHDRAWAL BY AUTOTELLER (ON LINE)
P-ATO
ACCOUNT TRANSFER OUT DEBIT
P-BAC
BACS PAYMENT-TELEFINANCE
P-BIL
BILL PAYMENT DEBIT
P-BKC
PAY CASH WITH CARD
P-BLK
SYSTEM ESSENTIAL BULK DEBIT
P-BP
BANKERS PAYMENT
P-BTI
BULK TRANSFER IN DEBIT
P-BTO
BULK TRANSFER OUT DEBIT
P-CAP
GROSS CREDIT INT TRANSFER DEBIT
P-CAP
NET CREDIT INT TRANSFER DEBIT
P-CGS
DEBIT OF CLOSED ACCOUNT DEFERRED CHARGES
P-CGS
DEBIT OF DEFERRED CHARGES
P-CHG
WITHDRAWAL OF ACCOUNT CHARGES
P-CHG
RETURNED CHEQUE CHARGE
P-CHG
RETURNED DIRECT DEBIT CHARGE
P-CHG
RECALLED STANDING ORDER CHARGE
P-CHG
FIL DEBIT OF INITIAL CHARGES
P-CHG
COR RECALLED STANDING ORDER CHARGE
P-CHG
COR RETURNED CHEQUE CHARGE
P-CHG
COR RETURNED DIRECT DEBIT CHARGE
P-CHP
CHAPS OUTWARD PAYMENT-TELEFINANCE
P-CHQ
WITHDRAWAL OF CHEQUE
P-CIT
WITHDRAWAL OF CLEARINGS ITEMS
P-CLR
WITHDRAWAL OF PAPER CLEARING
P-CRM
CREAMING DEBIT (ORIGINATOR)
P-CRO
BRANCH DEBIT OUT CONTRA
P-CSH
WITHDRAWAL OF CASH
P-CSH
AT CASH TRANSFER OUT
P-CSH
SYSTEM DEBIT TO AN NPA
P-CUR
FOREIGN EXCHANGE SALE
P-CUR
FOREIGN EXCHANGE SALE (CASH)
P-DAC
DEBIT OF ANCILLARY CHARGES
P-DAC
DEBIT ANCILLARY CHARGES (ONLINE)
P-DCA
DEBIT OF CLOSED A/C ANCILLARY CHARGES
P-DD
WITHDRAWAL OF DIRECT DEBITS
P-DD
DIRECT DEBIT
P-DD
FINAL DIRECT DEBIT
P-DD
REPRESENTATION OF DIRECT DEBIT
P-DD
INITIAL DIRECT DEBIT
P-DD
PAY DIRECT DEBIT
P-DS
DIRECT SETTLEMENT VIA LTSB ACCOUNT
P-DTS
DTS DEBIT
P-EUR
UNIFORM EUROCHEQUE DEBIT
P-FE
WITHDRAWAL FOR FOREIGN EXCHANGE
P-FEE
REGULAR SERVICE FEE DEBIT
P-FIT
WITHDRAWAL OF FINANCIAL ITEMS
P-FND
INTER-CENTRE FUNDING DEBIT ORIGINATOR
P-FND
FUNDING DEBIT (ORIGINATOR)
P-FP
FASTER PAYMENTS DEBIT
P-FPC
DEBIT OF FASTER PAYMENT CHARGE
P-FSC
DEBIT OF FIXED SERVICE CHARGE
P-FSC
DEBIT OF CLOSED A/C FIXED SERVICE CHARGE
P-FST
FIXED SERVICE CHARGE TRANSFER DEBIT
P-GIR
WITHDRAWAL FOR GIRO
P-HPA
MORTGAGE HPA ADVANCE
P-ICH
INTER-BANK WITHDRAWAL OF CASH
P-ICQ
INTER-BANK WITHDRAWAL OF CHEQUE
P-INS
PROPERTY INSURANCE - BANK
P-LIC
DEBIT OF CLOSED ACCOUNT LOAN INTEREST
P-LIC
DEBIT OF LOAN INTEREST CHARGES
P-LN
BUSINESS LOAN REPAYMENT
P-LN
PERSONAL LOAN REPAYMENT
P-LN
HOME IMPROVEMENT LOAN REPAYMENT
P-LN
NCB MORTGAGE REPAYMENT
P-LN
FIXED INTEREST LOAN - INITIAL PAYMENT
P-LST
NBE AMALGAMATION DEBIT
P-MIP
MIP SYSTEM DEBIT TO NPA
P-MPI
PROPERTY INSURANCE DEBIT
P-MTG
MORTGAGE REPAYMENT DEBIT
P-NSC
WITHDRAWAL FOR NATIONAL SAVINGS CERTS
P-OIC
DEBIT OF CLOSED A/C OVERDRAFT INT CHGS
P-OIC
DEBIT OF OVERDRAFT INTEREST CHARGES
P-OTH
WITHDRAWAL OF MISCELLANEOUS ITEMS
P-OUF
DEBIT OF MANAGEMENT CHARGE
P-OUF
DEBIT OF CLOSED ACC MANAGEMENT CHARGE
P-PEN
EARLY SETTLEMENT CHARGE
P-PI
PROPERTY INSURANCE BANK (SYSTEM)
P-PIT
DEBIT OF POOLED INTEREST
P-PSB
WITHDRAWAL FOR PREMIUM SAVINGS BONDS
P-QCL
WITHDRAWAL OF TELLER CHEQUES
P-RAC
RETURNED AUTOMATED CREDIT
P-RCC
DEBIT OF REPLACEMENT CARD CHARGES
P-SAL
SALARY DEBIT
P-SCR
RETURN OF SEPA DD CREDIT
P-SD
MORTGAGE SUNDRY DEBIT
P-SD
SEPA DD DEBIT
P-SDY
WITHDRAWAL OF SUNDRY ITEMS
P-SET
SETTLEMENT DEBIT
P-SO
WITHDRAWAL OF STANDING ORDER
P-SO
STANDING ORDER DEBIT
P-SPB
FORCED CLYDESDALE POSTING
P-SPB
CLYDESDALE WITHDRAWAL
P-SPB
BILL PAYMENT BY SPEEDBANK AUTHORISATION
P-STK
WITHDRAWAL FOR STOCKS/SHARES PURCHASE
P-SWP
SWEEPING DEBIT
P-TAX
DEBIT OF TAX
P-TD
PAYMENT OF TD CAPITAL
P-TFR
INTER ACCOUNT TRANSFER DEBIT
P-TFR
INTER ACCOUNT TRANSFER DEBIT (AT)
P-TFR
INTER ACCOUNT FUNDS TRANSFER-TELEFINANCE
P-TFR
CHARGES TRANSFER DEBIT
P-TFR
BULK DEBIT FROM DAA
P-TFR
LOAN CHARGES TRANSFER DEBIT
P-TFR
OVERDRAFT INTEREST TRANSFER DEBIT
P-TFR
BULK DEBIT FROM IAA
P-TFR
TRANSFER CREDIT PAYMENT - NET DEBIT
P-TFR
TRANSFER CREDIT PAYMENT - GROSS DEBIT
P-TFR
TRANSFER OF PLANNED OVERDRAFT FEES - DEB
P-TFR
TRANSFER OF USAGE FEES DEBIT
P-TOP
TRANSFER OUT DEBIT - PERSONAL A/C
P-TSB
TRANSFER OF AN AMOUNT TO ANOTHER TSB
P-UDD
CLAIM FOR UNPAID INIT DIRECT DEBIT - IN
P-UDD
CLAIM FOR UNPAID DIRECT DEBIT
P-UDD
CLAIM FOR UNPAID REP - DIRECT DEBIT - IN
P-UDD
CLAIM FOR UNPAID FINAL DIRECT DEBIT - IN
P-UFC
DEBIT OF UNPAID FIL CHARGE
P-UFC
DEBIT OF UNPAID STANDING ORDER CHARGE
P-UT
WITHDRAWAL FOR UNIT TRUST
P-VSA
VISA CASH AUTHORISATION/PAYMENT
P-VSC
VISA CASH PAYMENT
P-WCG
WITHDRAWAL CHARGE
P-WCG
CLOSED ACCOUNT WITHDRAWAL CHARGE
P-ZER
DEBIT TO ZEROISE BALANCES
PAY
COUNTER WITHDRAWAL
PE CW
EFTPOS CASH WITHDRAWAL
PE PA
EFTPOS PURCHASE ADJUSTMENT DEBIT ADVICE
PE RA
EFTPOS REFUND ADJUSTMENT DEBIT ADVICE
PE SP
EFTPOS STANDARD PURCHASE ADVICE
PECCW
AMEND DEBIT INTEREST SUMMARY
PECPA
EFTPOS PURCHASE ADJUST AUTH & CAPTURE
PECPC
EFTPOS PURCHASE/CASH BACK AUTH CAPTURE
PECRA
EFTPOS REFUND ADJUSTMENT AUTH & CAPTURE
PECSP
ENQUIRE ON DEBIT INTEREST SUMMARY
PEPAC
EFTPOS PRE-AUTHORISATION COMPLETION
PEPCB
EFTPOS PURCHASE WITH CASH BACK ADVICE
PSB
PREMIUM SAVINGS BOND
PSV
PAYSAVE
PT-FIN
INTER CENTRE POLL
PT-HDR
ENQUIRY FOR VOICE REFERRAL
PT-RST
CHARGES ENQUIRY
PT-STA
ENQUIRY FOR CARD ORDER
PT-TLR
INTER CENTRE RECOVERY TRANSACTION
PV CW
VISA CASH DISBURSEMENT
PV SP
VISA SALES DRAFT
R-AT
DELETE ACCOUNT TITLE
R-BCD
DELETE BUSINESS CUSTOMER DETAILS
R-CCC
TRANSFER OF PRODUCT WITHOUT EARLY CLOSUR
R-CCI
TRANSFER OF PRODUCT WITH EARLY CLOSURE C
R-CUS
REMOVE CUSTOMER FROM ACCOUNT
R-DCO
ENQUIRE ON CUSTOMER BONUS DETAILS
R-FO
DELETE FORMAL OVERDRAFT
R-GCR
REMOVE ACCOUNTS FROM GROUP CREAMING
R-IND
DELETE INDICATOR
R-IND
DELETE CUSTOMER INDICATOR
R-LCB
DELETE LOST CHEQUE BOOK TRAILER
R-MFC
DELETE MORTGAGE FURTHER CHARGE
R-MPA
DELETE PROPERTY ADDRESS
R-RSF
DELETE REGULAR SERVICE FEE TRAILER
R-SA
DELETE SET OFF ACCOUNT DETAILS
R-SCQ
DELETE STOPPED CHEQUE TRAILER
R-SDD
DELETE STOP DIRECT DEBIT TRAILER
R-SDD
DELETE STOP DIRECT DEBIT TRAILER
R-SO
RECALL STANDING ORDER
R-SPB
REVERSAL OF AUTOTELLER WITHDRAWAL
R-SSP
REVERSAL OF CUSTOMER SELF SELECT PIN
R-TAX
TAX REFUND
R-UNC
DELETE UNCLEARED CHEQUE TRAILER
R-WPN
REVERSAL OF WITHDRAWAL PENALTY
R-XRF
DELETE CROSS REFERENCE
RE-INV
TERM DEPOSIT RE-INVESTMENT
RQ-BIR
BRANCH INSPECTION REPORTS REQUEST
RQ-BSL
REQUEST FOR BUSINESS STEM LIST
RQ-CLU
TEST TERMINAL
RQ-CRP
CONFIDENTIAL REPORTS REQUEST
RQ-CS
COUNTER STATEMENT REQUEST
RQ-DAG
DD AMEND/CANCEL ADVICE (GENERATED)
RQ-DAR
DIRECT DEBIT AMEND/CANCEL ADVICE REQUEST
RQ-FIC
FIL INTEREST CERTIFICATE REQUEST
RQ-FSQ
FIL EARLY SETTLEMENT QUOTATION
RQ-FSR
FIL STATEMENT REQUEST
RQ-NBR
REQUEST FOR NPA BALANCES REPORT
RQ-PU
PASSBOOK UPDATE
RQ-RBS
REQUEST FOR BALANCE SHEET PART 2 REPORT
RQ-SL
REQUEST FOR STEM LIST
RQ-SS
REQUEST FOR SINGLE STEM
RQ-UI
UNIQUE ID INFORMATION REQUEST
S-DI
SUSPEND DEBIT INTEREST
SAL
SALARY
SCR
REFUND DEBIT
SDC
COLLECTION CREDIT
SDD
COLLECTION DEBIT
SDR
REVERSAL CREDIT
SO
STANDING ORDER
SO-AMD
STANDING ORDER AMENDMENT
SO-BAM
STANDING ORDER BENEFICIARY AMENDMENT
SO-CAN
STANDING ORDER CANCELLATION
SO-DEL
STANDING ORDER DELETION
SO-ENQ
STANDING ORDER ENQUIRY
SO-LEV
STANDING ORDER LEVEL CHANGE
SO-NEW
NEW STANDING ORDER
SO-REL
RELEASE STANDING ORDER SUSPENSION
SO-SUM
STANDING ORDER SUMMARY
SO-SUS
STANDING ORDER SUSPENSION
SO-TFI
STANDING ORDER TRANSFER IN
SO-TFR
STANDING ORDER TRANSFER
SPB
CASHPOINT
SUR
EXCESS MANAGEMENT REVERSAL
T-ATD
AMEND TRANSACTION DATE
T-CBL
CASHBOX BALANCE
T-CHQ
CHQ TRANSFER
T-CO
CASHBOX OPEN
T-CSI
CUSTOMER TRANSFER IN
T-CTC
CASHBOX TEMPORARY CLOSE
T-CTD
CANCEL AMEND TRANSACTION DATE
T-DRM
TRANSFER TO DORMANT
T-ENQ
CASHBOX TOTALS ENQUIRY
T-FIL
FIL TRANSFER
T-FOT
FINISH OFF LINE TRANSACTION TRANSMISSION
T-INV
INV TRANSFER
T-RPR
REPAIRED TERMINAL
T-SAV
SAV TRANSFER
T-SOF
SIGN OFF
T-SON
SIGN ON
T-SOT
START OFF LINE TRANSACTION TRANSMISSION
T-TDA
TDA TRANSFER
T-VIL
VIL TRANSFER
TC
TRUSTCARD PAYMENT
TD
TRANSFERRED
TD-CNV
TERM DEPOSIT CONVERSION
TDG
TRANSFERRED INTEREST GROSS
TDI
TRANSFERRED INTEREST
TDN
TRANSFERRED INTEREST NET
TER
HISTORY - DELETE ACCOUNT INDICATOR
TER
HISTORY - REMOVE CHARGE EXEMPTION
TER
FIL TERMINATION - HISTORY
TER
STANDING ORDER TERMINATION - HISTORY
TER
AUTOMATED REQUEST - ISSUE STATEMENT
TER
AUTOMATED REQUEST - INTERNAL MOVEMENT
TER
AUTOMATED REQUEST - ISSUE DIARY NOTE
TFI
FIL TRANSFER IN - HISTORY
TFI
AUTOMATED REQUEST - TRANSFER IN
TFR
FUNDS TRANSFER
TFR
FIL TRANSFER - HISTORY
TFR
AUTOMATED REQUEST - TRANSFER
TOTCAP
TERM SAVINGS TOTAL CAPITAL
TOTINT
TERM SAVINGS TOTAL INTEREST
UT
UNIT TRUST
V-BDG
VALIDATE BADGE
 

ERROR SCENARIOS

Scenario
Expected ASPSP Response
Expected TPP Action

Scenarios applicable to all AIS endpoints

TPP attempts to access a resource for which the access has been revoked at the ASPSP.

(Sub-scenario: Access token not revoked; consent has been changed to Rejected/Expired by ASPSP.)

Http Status: 403

Error
Code: UK.OBIE.Resource.InvalidConsentStatus

Error
Type: AuthoriseConsent

Create a new consent using a POST operation.

Take the PSU through an authentication journey

TPP attempts to access a resource using an access token that has expired.

(Sub-scenario: The underlying consent has expired.)

Http Status: 403

Error
Code: UK.OBIE.Resource.InvalidConsentStatus

Error
Type: AuthoriseConsent

Create a new consent using a POST operation.

Take the PSU through an authentication journey

TPP attempts to access a resource using an access token outside of the SCA period. The underlying consent has not expired

Typically this applies to AIS resources that do not benefit from RTS Article 10.

Http Status: 403

Error
Code: UK.OBIE.Reauthenticate

Error
Type: Reauthenticate

Take the user through a re-authentication journey using the existing consent.

TPP attempts to access a resource related to an account that is closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Http Status: 403

Error
Code: UK.OBIE.Resource.NotFound

Error
Type: AccountPermanentlyUnavailable

Do not attempt to request information for this account again.

Take the user through a re-consent journey to remove this account from the consent.

TPP attempts to re-auth a consent where one or more account has got closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Error message returned in redirect URL:

One or more accounts are closed or suspended. Please re-consent for eligible accounts

Error Type: AuthoriseConsent

Do not attempt to re-auth this consent again.

Take the user through a re-consent journey to remove the closed account(s) from the consent.

TPP attempts to access an endpoint for which permission had not been provided when the consent was created.

Http Status: 403

Error Code:
UK.OBIE.Resource.ConsentMismatch

Error
Type: AuthoriseConsent

Do not attempt to request information for this endpoint again.

Take the user through a re-consent journey to add the permission if required.

TPP attempts to access an endpoint with an incorrect AccountID.

Http Status: 400

Error Code:
UK.OBIE.Field.Invalid

ErrorType:
RequestWithValidDetails

Do not attempt to request information for this accountID again.

Try again with a valid AccountID.

Endpoint specific scenarios

/account-access-consents

TPP attempts to pass invalid or no permissions in request body.

Http Status: 400

Error Code:
UK.OBIE.Field.Invalid

Error
Type: AuthoriseConsent

Refer to OBIE specs.

Take the PSU through the consent journey with valid permissions.

/account-access-consents

TPP sends the request with one of the following date related issues:

  • past date in ExpirationDateTime field
  • TransactionFromDateTime greater than the TransactionToDateTime
  • Invalid date formats for ExpirationDateTime, TransactionFromDateTime and/or TransactionToDateTime

Http Status: 400

Error Code:
UK.OBIE.Field.InvalidDate

ErrorType:
AuthoriseConsent

Take the PSU through the consent journey with a valid dates.

/transactions

TPP requests for transactions with one of the following date related issues:

  • FromBookingDateTime greater than ToBookingDateTime
  • Invalid date formats
  • Invalid date range (for example future dates)

Http Status: 400

Error Code:
UK.OBIE.Field.InvalidDate

ErrorType:
RequestWithValidDetails

Send the request with valid dates.

/transactions

TPP requests for transactions outside the consented date range.

Http Status: 403

Error Code:
UK.OBIE.Field.InvalidDate

ErrorType:
RequestWithValidDetails

Do not attempt to request information for this date range again.

Request for transactions within the consented date range

Take the user through a re-auth journey to extend or modify the date range.

/balances

Commercial scenario: TPP attempts to access balances for a commercial PSU who has created the consent but does not have sufficient entitlement (as a part of his/her role) to access the information.

Http Status: 403

Error Code:
UK.OBIE.Field.Unexpected

Error Type:
AuthoriseConsent

Inform the PSU that they don’t have sufficient entitlement to access the information.

Take the PSU through a re-consent journey after the PSU confirms that sufficient entitlements have been given to them.

Generic service unavailable error scenario

ASPSP downstream services or server is down.

Http Status: 500

Error Code:
UK.OBIE.UnexpectedError

ErrorType: RetryLater

Try again after some time.

CONFIRMATION OF FUNDS SERVICES

This section provides an overview of how to use our Confirmation of Funds APIs. It is intended to help CBPII integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Confirmation of funds API Specification can be found here.
  • API Products can be found here.

Confirmation of Funds Scope

The below table details the confirmation of funds Services that are supported by Lloyds Banking Group across our Channels and Products.

These are available to use to request Confirmation of funds on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand for Retail Credit Cards.

CoF
Retail
Current Account
Savings Account
Credit Cards
Business
Current Account
Savings Account
Credit card
Commercial
Sterling
Non-Sterling

Funds confirmation consent

Funds confirmation

ERROR SCENARIOS

Scenario
Expected ASPSP Response
Expected TPP Action

Scenarios applicable to CoF endpoints

TPP attempts to access a resource using an access token that has expired.

(Sub-scenario: The underlying consent has not expired.)

Http Status: 401

Error Code: Token expired

Error Type: Reauthenticate

If the TPP has a valid refresh token, use the refresh token to get a new access token.

If the refresh token has expired as well, take the user through a re-auth

TPP attempts to access a resource using an access token that has expired.

(Sub-scenario: The underlying consent has expired.)

Http Status: 403

Error
Code: UK.OBIE.Resource.InvalidConsentStatus

Error Type: AuthoriseConsent

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to access a resource related to an account that is closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Http Status: 403

Error
Code: UK.OBIE.Resource.NotFound

Error
Type: AccountPermanentlyUnavailable

Do not attempt to request information for this account again.

Take the user through a re-consent journey to remove this account from the consent.

TPP attempts to re-auth a consent where one or more account has got closed.

This also applies in situations where the account holder that has wound up, is under receivership, is deceased or if the account has been switched over to another bank.

Error message returned in redirect URL:

One or more accounts are closed or s uspended. Please re-consent for eligible accounts

Error Type: AuthoriseConsent

Do not attempt to re-auth this consent again

Take the user through a re-consent journey to remove the closed account(s) from the consent.

/funds-confirmation-consents

TPP sends a past date in ExpirationDateTime field or the date format is incorrect.

Http Status: 400

Error Code:
UK.OBIE.Field.InvalidDate

Error Type: AuthoriseConsent

Take the PSU through the consent journey with a valid future ExpirationDateTime.

/funds-confirmation-consents

TPP sends an invalid value in the consents creation request in one of the following fields (i.e. validation fails):

  • SchemeName
  • Name
  • Identification
  • SecondaryIdentification

Http Status: 400

Error Code: UK.OBIE.Field.Invalid

Error Type: AuthoriseConsent

Try again with a valid value as per OBIE specs

/funds-confirmation

TPP attempts to access the endpoint with an incorrect ConsentId

Http Status: 403

Error Code:
UK.OBIE.Resource.ConsentMismatch

ErrorType: RequestWithValidDetails

Do not attempt to request information for this ConsentID again.

Try again with a valid ConsentId.

/funds-confirmation

TPP attempts to access the endpoint with an invalid value in one of the following fields (i.e. validation fails):

  • ConsentId
  • Amount
  • Currency

Http Status: 400

Error Code: UK.OBIE.Field.Invalid

ErrorType: RequestWithValidDetails

Try again with a valid value in the request payload.

Generic service unavailable error scenario

ASPSP downstream services or server is down.

Http Status: 500

Error Code:
UK.OBIE.UnexpectedError

ErrorType: RetryLater

Try again after some time.

PAYMENT INITIATION SERVICES

This section provides an overview of how to use our Payment Initiation Services APIs. It is intended to help PISPs integrate applications and services with our APIs and details scope and any variations from Open Banking API specifications.

This detail should be read in conjunction with Open Banking Specifications and our API Products:

  • Payment Initiation API Specification can be found here.

     

  • Variable Recurring Payments API Specification can be found here.

     

  • API Products can be found here.

     

Payments Scope

The below table details the Payment Initiation Services that are supported by Lloyds Banking Group for each Payment Type across our Channels and Products.

These are available to use to make payments from Current and Savings accounts on our core brands Lloyds Bank, Bank of Scotland, Halifax (Retail only). In addition, we also support our core brands and MBNA brand to make payments from Retail Credit Cards.

Payment Type
Retail
Current Account
Savings Account
Credit Cards
Business
Current Account
Savings Account
Commercial
Current Account

Domestic Payment (FPS)

 

Domestic Payment (BACS)

 
 

Domestic Payment (CHAPS)

 
 

Domestic Payment (Balance Transfer / Money Transfer)

 
 

 
 

Domestic Scheduled Payments

 

Domestic Standing Orders

 

 

International Payments

 

 
 

File Payments

 

 
 

Variable Recurring Payments

 
 

 
 

DOMESTIC PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our Domestic Payment endpoints – Immediate, Scheduled and Standing Orders. These are detailed in the table below.

Endpoints
Description

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment Schemes supported for Domestic journeys.

Schemes supported across all domestic journeys are:

  • UK.OBIE.SortCodeAccountNumber
  • UK.OBIE.BBAN
  • UK.OBIE.IBAN

For Domestic Payment – Balance Transfer and Money Transfer must use UK.OBIE.PAN.

UK.OBIE.Paym is not supported, in line with Pay.UK removing the service in March 2023.

Note: APIs will support UK IBANs or UK BBANs only.

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment/Instructed Amount Field Validations.

Negative payment amounts are not allowed in any of the Lloyds Banking Group payment requests.

Amounts are restricted to 2 decimal places. Requests sent where the amount exceeds 2 decimal places will result in error response

For Balance Transfers and Money Transfers the minimum payment amount is £100

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised. Payment Context Code field in OBRisk is mandatory.

There are some payment categories that will not be supported for Payment Type, Channel or Products.

  1. Domestic Payment – Balance Transfer / Money Transfer

    Acceptable values are ‘Party to Party’ or ‘Transfer to Self’. All other Payment Context Codes will not be accepted.

  2. Savings Accounts are not supported for

    • Ecommercegoods
    • Ecommerceservices
    • EcommerceMerchantInitiatedPayment
    • FaceToFacePointOfSale

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/domestic-payment-consents

/domestic-scheduled-payment-consents

/domestic-standing-order-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/domestic-payment-consents

Balance Transfers – Mandatory Requirements

Local Instrument: Is a mandatory field and must be provided as UK.OBIE.BALANCETRANSFER

Creditor Account:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

Debtor Account: must be pre-populated in the consent request with details as:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

RemittanceInformation: must be sent with Offer code/ID in the Reference field

/domestic-payment-consents

Money Transfers – Mandatory Requirements

Local Instrument: Is a mandatory field and must be provided as UK.OBIE.MONEYTRANSFER

Creditor Account:

  • SchemeName must be UK.OBIE.SortCodeAccountNumber
  • Identification must be Sort Code and Account Number
  • Name

Debtor Account: must be pre-populated in the consent request with details as:

  • SchemeName must be UK.OBIE.PAN
  • Identification must be Credit Card PAN
  • Name

RemittanceInformation: must be sent with Offer code/ID in the Reference field

/domestic-payment-consents

Commercial Customers – Local Instrument Types supported

The following local instrument types are acceptable for Commercial Customers:

  • UK.OBIE.BACS
  • UK.OBIE.CHAPS
  • UK.OBIE.FPS
  • UK.LBG.IAT

If the local instrument does not contain one of these values the consent request will be rejected

/domestic-payment-consents

/domestic-scheduled-payment-consents

Commercial Customers - Debit Account Reference

Commercial channel (CBO) customers can specify a debit account reference utilising Supplementary Data. The reference can be a maximum of 18 characters in length.

/funds-confirmation

Commercial Customer – Funds Confirmation Response

Due to the use of complex credit facilities and the manual payment referrals process, the confirmation of funds service will provide an explanatory message for Commercial (CBO) customers. This will be provided in Supplementary data.

/domestic-scheduled-payment-consents

Scheduled Payment Execution Date Rules.

Earliest “Payment Instructed” day is next working day for Scheduled Payments.

Requested Execution Date cannot be the same date as consent request. The payment can be requested to be executed from the next working day and up to 31 days in the future.

Any Execution Date provided outside of this time frame would result in an error response.

/domestic-standing-order-consents

Variable Amounts not supported for Standing Orders

Variable amount values are not supported for first and subsequent payments and will result in an error response if received in the request.

/domestic-standing-order-consents

Timezone in FirstPaymentDateTime field

Time zone for FirstPaymentDateTime field would be defaulted to system timezone in case it is not sent in the request.

/domestic-standing-order-consents

Standing Order Execution Date Rules.

Earliest First Payment Date is next working day for Standing Orders. It cannot be the same date as consent request.

/domestic-standing-order-consents

“Number of Payments” recurrence is not supported.

"Number of Payments" feature is not supported.

"Final Payment Date" can be set, otherwise the standing order will be open ended until customer takes action to cancel.

/domestic-standing-order-consents

Supported Standing Order Frequencies

Only the following frequencies are supported by Lloyds Banking Group Domestic Standing orders:

  • Weekly
  • Four Weekly
  • Monthly
  • Quarterly
  • Half Yearly
  • Yearly
  • Two Monthly

Note: First Payment date and Final Payment date must have the same day value excluding Weekly and Four Weekly.

Example: Frequency: Monthly

First Payment date: (26/02/2019)

Final Payment date: (26/03/2019)

Exception is in place for month end i.e. 31/01/2019 with the next payment date 28/02/2019. This would be an acceptable date.

/domestic-payments

/domestic-scheduled-payments

/domestic-standing-orders

Time between Consent Authorisation and Payment Submission

There is a maximum time limit of 45 minutes for PISPs to complete payment submission following a successful authorisation of consent request.

Note: Where a first-time submission is recorded within the time limit mentioned above, any subsequent (idempotent) requests will return the status of the payment.

/domestic-payments

/domestic-scheduled-payments

/domestic-standing-orders

Payment Message Details.

Data will get truncated where API fields contain more characters than supported by the FPS scheme (ISO8583) format.

This would result in the beneficiary bank receiving truncated information. PISPs should be aware and may wish to cater for this in their front-end validation.

/domestic-payments

Payment Status – Enquiry Window.

PISPs can make enquiry call to find out the final outcome of payment. If the payment status has not reached a terminal payment status within 3 days (72 hours) then PISPs will need to raise a query with the Lloyds Banking Group.

Do not continue to poll the endpoint to query the payment status as this will result in error responses.

/domestic-payments

Commercial Customers - Domestic Payment Cut-Off times

BACS – Payments received after 17:00 will be rejected.

CHAPS – Payments received after 17:25 will be rejected.

FPS – Payments received after 23:55 will be processed the next day.

IAT – Transfers received after 23:45 will be rejected.

/payment-details

Endpoints not supported.

The implementation for File Payments does not support following optional/conditional endpoints in the API specification:

  • GET /domestic-payments/{DomesticPaymentId}/payment-details
  • GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}/payment-details
  • GET /domestic-standing-orders/{DomesticStandingOrderId}/payment-details

All Endpoints

Characters Sets for Domestic Journeys

Characters in String fields are restricted to a specific char sets and special characters are not allowed - if received, those chars will not be propagated to onward payment records or may result in an error response.

All Endpoints

JWS Base64 Encoding

JWS must be created with Base64 encoding. Failure to use the correct encoding in the creation of the JWS would result in an error response.

INTERNATIONAL PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our International Payment endpoints. These are detailed in the table below.

Note: These relate to Immediate International Payments only. International Scheduled Payments and International Standing Orders endpoints are not supported by Lloyds Banking Group.

Endpoints
Description

/international-payment-consents

Creditor Postal Address is mandatory.

The Creditor Postal Address is mandatory and must be provided in the consent request. Maximum three lines of unstructured address. Must include at least one Address Line and Country.

/international-payment-consents

Creditor Agent Address Requirements.

Creditor Agent must have at least either of the pairs provided:

Scheme Name and Identification or Name and Postal Address

Option 1: Scheme Name and Identification

Scheme Name accepted as UK.OBIE.BICFI, and BIC must be sent in Identification.

Creditor Agent Name and Address block are optional.

Option 2: Name and Postal Address

Creditor Agent Name is mandatory. Creditor Agent Postal Address block is mandatory and must be populated in the following format:

  • Two Address Lines
  • Town Name
  • Country

/international-payment-consents

Country Requirements - Sending money to the EEA and UK.

BIC/SWIFT and IBAN are mandatory requirements when sending money to the EEA and UK. PISPs will need to provide this information when sending International Payments to the following countries:

Albania, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Guernsey, Hungary, Iceland, Republic of Ireland, Italy, Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and UK.

Creditor Account Scheme Name must be set to UK.OBIE.IBAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI and BIC/SWIFT must be sent in Identification.

/international-payment-consents

Country Requirements - Sending money to the rest of the world.

Option 1: BIC/SWIFT and IBAN mandatory countries

BIC/SWIFT and IBAN are mandatory requirements when sending money to some non-EEA countries. PISPs will need to provide this information when sending International Payments to the following countries:

Andorra, Bahrain, Faroe Islands, Georgia, Gibraltar, Greenland, Isle of Man, Israel, Jordan, Kuwait, Lebanon, Macedonia, Montenegro, Moldova, Monaco, Pakistan, Palestine, Qatar, San Marino, Saudi Arabia, Switzerland, Tunisia, Turkey, and United Arab Emirates.

Creditor Account Scheme Name must be set to UK.OBIE.IBAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI and BIC/SWIFT must be sent in Identification.

Option 2: National Clearing Code mandatory countries

National Clearing Codes are mandatory for the following countries and are expected to be sent as detailed below for each respective country:

Australia: Bank-State-Branch (BSB) Code
Canada: Canadian Transit Number
Hong Kong: Bank Code of Hong Kong
India: IFSC - Indian Financial Sys Code
New Zealand: New Zealand National Clearing Code
South Africa: South Africa National Clearing
United States: Fedwire code

Creditor Account Scheme Name can be sent as BBAN or SCAN

Creditor Agent Scheme Name must be UK.LBG.Clearingcode

Option 3: All other countries

Creditor Account Scheme Name can be IBAN, BBAN or SCAN.

Creditor Agent Scheme Name must be set to UK.OBIE.BICFI when IBAN is provided for Creditor Account, and BIC/SWIFT must be sent in Identification.

Creditor Agent Address must be sent when BBAN or SCAN are provided for Creditor Account, with the additional details being mandatory:

  • Creditor Agent Name must be provided
  • Postal Address block must be provided as Two Address Lines, Town Name and Country

/international-payment-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised

Payment Context Code field in OBRisk is mandatory

/international-payment-consents

Initiation Parent Block – Request Field Validations.

Charge Bearer: Borne by Creditor is not supported. Consent requests with this value will result in an error response.

Currency Of Transfer:

  • Must be sent as either GBP or the same as Instructed Amount Currency.
  • When Currency Of Transfer has been provided as GBP, the Instructed Amount Currency must also be GBP.

Instruction Priority: Lloyds Banking Group do not offer Instruction priority for International Payment requests. All requests will be treated as ‘Normal’.

Local Instrument: No value is expected to be received in this field

/international-payment-consents

Exchange Rate Information – Request Field Validations

Contract Identification and Exchange Rate: This functionality for ‘Agreed’ rates is not supported and therefore these fields must not be sent in the request.

Rate Type: Only "Actual" is supported. All other Rate Types provided in the request will result in an error response

Note: Where payment requires multiple party authorisations the Exchange Rate Information displayed to user and sent in the response will be ‘Indicative’.

Unit Currency: is a mandatory field within the exchange rate block. If this block is provided in the request, then this must be sent as GBP

/international-payment-consents

Instructed Amount & Currency – Request Field Validations.

Most currencies support two decimal places for Instructed Amount e.g. GBP

Certain currencies support up to a maximum of three decimal places i.e. Kuwaiti Dinar.

Japanese Yen must be sent as a whole integer value. Zero decimal points are supported for this currency

Note: When Currency Of Transfer has been provided as GBP, the Instructed Amount Currency must also be GBP.

/international-payment-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/international-payment-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments.

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported.

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/international-payment-consents

Payment Reason Code – Country Requirements

Some Countries mandate the need for the purpose or reason for payment. PISPs are expected to provide this information in Extended Purpose field in the consent request for it to be processed

Note: Data.Initiation.Purpose as defined in the API specifications will not be used and may lead to error responses.

United Arab Emirates and Jordan: These countries require reason codes specific to their own country requirements. Please refer to detailed section on acceptable values.

All Other Countries: A generic set of reasons are used. These are also detailed separately and should be referred to for acceptable values.

Note: In all cases, only the reason code should be sent, without the additional text description.

e.g. R24 should be sent. R24 School Fees would result in error response.

/payment-details

Endpoints not supported.

The implementation for File Payments does not support following optional/conditional endpoints in the API specification:

  • GET /international-payments/{InternationalPaymentId}/payment-details

/international-payments

Time between Consent Authorisation and Payment Submission.

There is a maximum time limit of 90 seconds for PISPs to complete payment submission following a successful authorisation of consent request. This is due to live exchange rates being quoted for the transaction.

If the first payment submission request is received after 90 seconds this will result in the payment request being rejected.

/international-payment-consents
/international-payments

JWS Base64 Encoding

JWS must be created with Base64 encoding. Failure to use the correct encoding in the creation of the JWS would result in an error response.

Generic Countries – Payment Reason Code

Code

Reason Description

Code

Reason Description

R01
Charitable Donation
R15
Rent
R02
Expenses
R16
Salary
R03
Family Maintenance
R17
Tax
R04
Fx Currency Non-Resident Deposit
R18
Wages
R05
Fees
R20
Commission
R06
Gift
R21
Purchase of Shares
R07
Holiday
R22
Grant
R08
Hotel
R23
House Purchase Resident
R09
Invoice
R24
School Fees
R10
Loan
R25
Other
R11
Medical
R26
House Purchase Non-Resident
R12
Own Account Transfer
R27
Inheritance
R13
Pension
R28
Relocation
R14
Personal Transfer
R29
Mortgage Payment

United Arab Emirates– Payment Reason Code

Code

Reason Description

ACM
Agency Commissions
AES
Advance payment against EOS
AFA
Receipts or payments from personal resident bank account or deposits abroad
AFL
Receipts or payments from personal non-resident bank account in the UAE
ALW
Allowance
ATS
Air transport
BON
Bonus
CCP
Corporate Card Payments
CEA
Equity and investment fund shares for the establishment of new company from residents abroad, equity of merger or acquisition of companies abroad from residents and participation to capital increase of related companies abroad
CEL
Equity and investment fund shares for the establishment of new company in the UAE from non-residents, equity of merger or acquisition of companies in the UAE from non-residents and participation to capital increase of related companies from non-residents in the UAE
CHC
Charitable Contributions (Charity and Aid)
CIN
Commercial Investments
COM
Commission
COP
Compensation
CRP
Credit Card Payment
DCP
Debit Card Payments
DIV
Dividend Payouts From FI
DLA
Purchases and sales of foreign debt securities in not related companies - More than a year
DLF
Debt instruments intragroup loans, deposits foreign (above 10% share)
DLL
Purchases and sales of securities issued by residents in not related companies - More than a year
DOE
Dividends on equity not intragroup
DSA
Purchases and sales of foreign debt securities in not related companies - Less than a year
DSF
Debt instruments intragroup foreign securities
DSL
Purchases and sales of securities issued by residents in not related companies - Less than a year
EDU
Educational Support
EMI
Equated Monthly Instalments
EOS
End of Service / Final Settlement
FAM
Family Support (Workers' remittances)
FDA
Financial derivatives foreign
FDL
Financial derivatives in the UAE
FIA
Investment fund shares foreign
FIL
Investment fund shares in the UAE
FIS
Financial services
FSA
Equity other than investment fund shares in not related companies abroad
FSL
Equity other than investment fund shares in not related companies in the UAE
GDE
Goods sold (Exports in fob value)
GDI
Goods bought (Imports in cif value)
GMS
Processing repair and maintenance services on goods
GOS
Government goods and services embassies etc.
GRI
Government related income taxes, tariffs, capital transfers, etc.
IFS
Information services
IGD
Dividends intragroup
IGT
INTER GROUP TRANSFER
IID
Interest on debt intragroup
INS
Insurance services
IOD
Income on deposits
IOL
Income on loans
IPC
Charges for the use of intellectual property royalties
IPO
IPO Subscriptions
IRP
INTEREST RATE SWAP PAYMENTS
IRW
INTEREST RATE UNWIND PAYMENTS
ISH
Income on investment funds shares
ISL
Interest on securities more than a year
ISS
Interest on securities less than a year
ITS
Computer services
LAS
Leave Salary
LDL
Debt instruments intragroup loans, deposits in the UAE (above 10% share)
LDS
Debt instruments intragroup securities in the UAE
LEA
Leasing abroad
LEL
Leasing in the UAE
LIP
Loan Interest Payments
LLA
Loans - Drawings or Repayments on loans extended to non-residents - Long-term
LLL
Loans - Drawings or Repayments on foreign loans extended to residents - Long-term
LNC
Loan Charges
LND
Loan Disbursements From FI
MCR
Monetary Claim Reimbursements
MWI
MOBILE WALLET CARD CASH-IN
MWO
MOBILE WALLET CARD CASH-OUT
MWP
MOBILE WALLET CARD PAYMENTS
OAT
OWN ACCOUNT TRANSFER
OTS
Other modes of transport (including Postal and courier services)
OVT
Overtime
PEN
Pension
PIN
Personal Investments
PIP
Profits on Islamic products
PMS
Professional and management consulting services
POR
Refunds/Reversals on IPO subscriptions
POS
POS Merchant Settlement
PPA
Purchase of real estate abroad from residents
PPL
Purchase of real estate in the UAE from non-residents
PRP
PROFIT RATE SWAP PAYMENTS
PRR
Profits or rents on real estate
PRS
Personal, cultural, audio visual and recreational services
PRW
PROFIT RATE UNWIND PAYMENTS
RDA
Reverse debt instruments abroad
RDL
Reverse debt instruments in the UAE
RDS
Research and development services
REA
Reverse equity shares abroad
REL
Reverse equity shares in the UAE
RFS
Repos on foreign securities
RLS
Repos on securities issued by residents
RNT
Rent Payments
SAA
Salary Advance
SAL
Salary (Compensation of employees)
SCO
Construction
SLA
Loans - Drawings or Repayments on loans extended to non-residents - Short-term
SLL
Loans - Drawings or Repayments on foreign loans extended to residents - Short-term
STR
Travel
STS
Sea transport
SVI
STORED VALUE CARD CASH-IN
SVO
STORED VALUE CARD CASH-OUT
SVP
STORED VALUE CARD PAYMENTS
TCP
Trade credits and advances payable
TCR
Trade credits and advances receivable
TCS
Telecommunication services
TKT
Tickets
TOF
Transfer of funds between persons Normal and Juridical
TTS
Technical, trade-related and other business services
UTL
Utility Bill Payments
TAX
TAX Payment

Jordan – Payment Reason Code

Code

Reason Description

Code

Reason Description

0101
Invoice Payment & Purchase
0704
UN Aid
0102
Utility Bill Payment
0705
Charity Communities Aid
0103
Prepaid Card Recharging
0801
Telecommunication Services
0104
Standing Orders
0802
Financial Services
0105
Personal Donations
0803
Information Technology Services
0106
Family Assistance and Expenses
0804
Consulting Services
0107
Individual Social Security Subscriptions
0805
Construction Services
0108
Associations Subscriptions
0806
Maintenance & Assembling Services
0109
Saving and Funding Account
0807
Marketing and Media Services
0110
Heritance
0808
Mining Services
0111
End of Service indemnity
0809
Medical & Health Services
0201
Public Sector Employee Salaries
0810
Cultural, Educational & Entertainment Services
0202
Labourers Salaries
0811
Rental Expenses
0203
Private Sector Staff Salaries
0812
Real Estate
0204
Jordanian Diplomatic Staff Salaries
0813
Taxes
0205
Foreign Diplomatic Salaries
0814
Fees
0206
Overseas Incoming Salaries
0815
Commissions
0207
Civil / Military Retirement Salaries
0816
Franchise and License Fees
0208
Social Security Retirement Salaries
0817
Cheque Collection
0209
Establishment Social Security Subscription
0818
Membership Fees
0301
Investment Revenues
0901
Municipality Funds
0302
Brokerage Investment
0902
Government Funds
0303
Insurance
0903
Private Sector Funds
0304
Subscriptions to international nonmonetary organisations
0904
External Incoming Funds
0305
Local Investment
1001
International Communities and Embassies Remittances
0306
External Investment
1002
Permanent Diplomatic Missions
0307
Tender bond Guarantee
1003
Temporary Diplomatic Missions
0401
Air Freight
1004
Jordanian Embassies Income
0402
Land Freight
1101
Long-Term Loans Instalments / Public Sector
0403
Sea Freight
1102
Long-Term Loans interest Instalments / Public Sector
0404
Travel and Tourism
1103
Short-Term Loans Instalments / Public Sector
0501
Governmental Delegation Transfers
1104
Short-Term Loans interest Instalments / Public Sector
0502
Private Sector Delegation Transfers
1105
Long-Term Loans Instalments / Private Sector
0503
Governmental Education
1106
Long-Term Loans interest Instalments / Public Sector
0504
Private Sector Education
1107
Short-Term Loans Instalments /Private Sector
0601
Public Sector Exportation
1108
Short-Term Loans interest Instalments / Private Sector
0602
Private Sector Exportation
1109
Loans Instalments Against Governmental Guarantee
0603
Public Sector Importation
1110
Loans Interest Instalments Against Governmental Guarantee
0604
Private Sector Importation
1111
Credit Card Payment
0701
Religious Communities Aid
1112
Personal Loan Payment
0702
International Communities Aid
1201
Rerouting
0703
Arab Communities Aid
1202
Scientific Research Support

FILE PAYMENTS VARIATIONS

There are several important variations relating to Payment Initiation APIs that PISPs should be aware of for our File Payment endpoints. These are detailed in the table below.

Endpoints
Description

/file-payment-consents
/file-payments

Functionality available for Business Customers only.

Currently only Business customers using Business Banking (O4B/BIB), or Mobile App can access file payment endpoints functionality.

Commercial Customers using Commercial Banking Online (CBO) will not be able initiate payments using File Payment endpoints.

/file-payment-consents

Multi Party Authorisation - Support for > ‘1 to sign’ payments.

Some Business customers have set up Multi Party authorisation for > ‘1 to sign’ payments using Online Payment Control (OPC).

PISPs should include OBAuthorisation1 data block in consent requests for these customers. Completion Date Time functionality is not supported.

For payments that require Multi Party authorisation, additional approvals occur in our direct channel before the payments are processed, due to which the terminal payment status may not be available.

/file-payment-consents

File Type Enumerations.

The File Type in consents request must contain one of the following values for the payment file type:

  • UK.LBG.O4B.BULK.BACS
  • UK.LBG.O4B.BATCH.FPS

If any other value is sent in the request, then this will be rejected.

/file-payment-consents

Execution date will be determined from the file and not the consent request.

The ‘Requested Execution date’ will be ignored if it comes in the consent request payload.

The date of execution will be determined based on the payment date details provided within the file.

/file-payment-consents

SCA Exemption requests from PISPs is not supported.

PISPs cannot use SCA Support Data block to request SCA Exemption as this is not supported. If consent request is received, this will not be processed and will result in an error response.

/file-payment-consents
/file

Bulk Payment File Cut-Off Times.

Business customers processing a Bulk payment file will see a warning message displayed on the Lloyds Banking Group Secure Payments Gateway screens from 17:45. This warns of the impending cut off time.

This will be displayed until 18:00 which is the hard cut-off time.

/file

Payment File must be sent in csv. format.

Lloyds Banking Group will accept only two file specifications in a csv. file format:

  • Bulk File for Bacs scheme
  • Batch File for FPS scheme

The specification for these files including details of format, structure, field length and character sets are detailed in File Layout sections.

Any files received not in the given format for the File Type provided in the consent will be rejected.

/file-payments

Field Length, Truncations and Character Sets

Data will get truncated where csv. file fields contain more characters than supported by the schemes. Characters are restricted to specific sets; special characters are not allowed. If received, they will not be propagated to onward payment records.

Scheme standards are:

  • Faster Payment Service (ISO8583)
  • Bacs (STD18)

/file-payments
/payment-details

Endpoints not supported.

The implementation for File Payments does not support following optional/conditional endpoints in the API specification:

  • GET /file-payments/{FilePaymentId}/report-file
  • GET /file-payments/{FilePaymentId}/payment-details

File Layout – Bulk Payments (BACS)

File Template
Header Indicator

(Single character always H)

Date of file creation

(Format yyyymmdd)

Unique file ID

(10 character field)

Number of Credits

(Count of credits within the file - max of 25)

Value

(Total value of credits in the file)

H
20220301
9876543210
5
10.20
Debit Indicator

(Single character always D)

Payment Date

(Format yyyymmdd)

Batch Reference

(18 character field)

Debit Account Details

(15 character field with sort code-Account Number detailed)

D
20220302
Test payments
309664-12345679
Credit Indicator

(Single character of C must be present for each credit)

Recipient

(Alpha numeric field containing beneficiaries name, maximum length 18 characters)

Recipient Sort Code

(numeric field must be 6 characters in length)

Recipient Account Number

(numeric field must be 8 characters in length)

Reference

(18 character field)

Amount

(18 character decimal field)

c
Freds No1 account
100000
12345678
Test 1
0.04
c
Freds No1 account
100000
12345678
Test 2
1.04
c
Freds No1 account
100000
12345678
Test 3
2.04
c
Freds No1 account
100000
12345678
Test 4
3.04
c
Freds No1 account
100000
12345678
Test 5
4.04
 
Actual File
H
20220301
9876543210
5
10.20
D
20220302
Test payments
309664-12345679
c
Freds No1 account
100000
12345678
Test 1
0.04
c
Freds No1 account
100000
12345678
Test 2
1.04
c
Freds No1 account
100000
12345678
Test 3
2.04
c
Freds No1 account
100000
12345678
Test 4
3.04
c
Freds No1 account
100000
12345678
Test 5
4.04
 

File Layout – Batch Payments (FPS)

File Template
Header Indicator

(Single character always H)

Date of file creation

(Format yyyymmdd)

Unique file ID

(10 character field)

Number of Credits

(Count of credits within the file - max of 25)

Value

(Total value of credits in the file)

H
20220301
9876543210
3
0.6
Debit Indicator

(Single character always D)

Batch Reference

(18 character field)

Debit Account Details

(15 character field with sort code-Account Number detailed)

D
Test payments
309664-12345679
Credit Indicator

(Single character of C must be present for each credit)

Recipient Name

(Alpha numeric field containing beneficiaries name, maximum length 18 characters)

Recipient Account Number

(numeric field must be 8 characters in length)

Recipient Sort Code

(numeric field must be 6 characters in length)

Reference

(18 character field)

Debit Amount

(18 character decimal field)

Payment ASAP

(For value today payments set to Y otherwise set to N)

Payment Date

(Format yyyymmdd, must be left blank if Payment ASAP is set to Y)

E to E Reference

(256 character field)

c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.1
N
20180121
END TO END REFERENCE
c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.2
Y
 
END TO END REFERENCE
c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.3
N
20180121
END TO END REFERENCE
 
Actual File
H
20220301
9876543210
3
0.6
D
Test payments
309664-12345679
c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.1
N
20180121
END TO END REFERENCE
c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.2
Y
 
END TO END REFERENCE
c
BENEFICIARY NAME
12345678
301763
BENEFICIARY REFERE
0.3
N
20180121
END TO END REFERENCE
 

VARIABLE RECURRING PAYMENTS VARIATIONS

There are several important variations relating to Variable Recurring Payment APIs that PISPs should be aware when using this service. These are detailed in the table below.

Endpoints
Description
/domestic-vrp-consents
/domestic-vrps

APIs support use cases that meet the definition of sweeping only.

Variable Recurring Payment under Sweeping Access will be allowed using VRP APIs. This restricts what values would be accepted in a consent request:

  • VRP Type must be ‘UK.OBIE.VRPType.Sweeping’
  • customer Authentication Methods must be ‘UK.OBIE.SCANotRequired’

All other enumeration values provided in the specification are not accepted and would result in error response.

/domestic-vrp-consents
/domestic-vrps

APIs are not supported for Commercial Customers.

Commercial Customers using Commercial Banking Online (CBO) will not be able to set up Variable Recurring Payments.

Retail Customer using Internet Banking (IB) or Mobile App and Business Customers using Business Banking (O4B/BIB), or Mobile App will be able to set up Variable Recurring Payments.

/domestic-vrp-consents

Payment Risk Categorisation must be provided in OBRisk.

For PISP initiated payments to be processed the payment must be categorised. Payment Context Code field in OBRisk is mandatory.

Acceptable values are ‘Party to Party’ or ‘Transfer to Self’.

All other Payment Context Codes will not be accepted for Variable Recurring Payments under Sweeping Access.

/domestic-vrp-consents

Creditor Account details must be sent in consent request.

Initiation.CreditorAccount details must be populated in the consent request. Any requests not providing Creditor Account details will be rejected.

Schemes supported are:

  • UK.OBIE.SortCodeAccountNumber
  • UK.OBIE.BBAN
  • UK.OBIE.IBAN

/domestic-vrp-consents

Consents can be set up no more than 31 days in the future.

ValidFromDateTime cannot occur more than 31 days in the future.

Where no date is provided, then creation date will be used to determine consent is active.

ValidToDateTime cannot be the same date as consent request and must fall after ValidFromDateTime.

Where no date is provided, then consent will remain active until a point customer takes an action to revoke or delete consent.

/domestic-vrp-consents

Risk – Contract Present Indicator

OBRisk block will only accept the correct spelling for Contract Present Indicator field. Any requests received with the incorrect spelling will result in an error response.

/domestic-vrp-consents
/funds-confirmation
/domestic-vrps

Amount fields support up to 2 decimal places only.

Requests sent where the amount field exceeds 2 decimal places will result in error response.

Consents:

  • MaximumIndividualAmount.Amount
  • PeriodLimits.Amount

Consent funds-confirmation:

  • InstructedAmount.Amount

Payments:

  • Instruction.InstructedAmount.Amount

/domestic-vrp-consents

Control Parameter Exceptions.

Consent request can support up to six instances of Period Limits within one request, however the period type cannot be duplicated within that same consent request.

The combination of Period Type of Fortnight and Period Alignment of Calendar cannot be supported. Requests with this combination will result in an error response.

Consent requests that contain Period Alignment of Calendar will have the amount pro-rated for the first and last period.

Do not accept Maximum Individual Amount value as less than £1.00.

/funds-confirmation

Reference details must match.

A funds confirmation request must include the same reference as provided in the original consent request. The request will be rejected if this is not provided or does not match.

/payment-details

Endpoints not supported.

The implementation for Variable Recurring Payments does not support optional endpoint in the API specification:

GET /domestic-vrps/{DomesticVRPId}/payment-details

PAYMENT INITIATION ERROR SCENARIOS

Header Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to use POST operation with invalid details in the header

Http Status: 400

Error Code:
UK.OBIE.Header.Invalid

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message. For example:

Message: x-fapi-customer-last-logged-time is invalid

TPP attempts to use POST operation with header details missing

Http Status: 400

Error Code:
UK.OBIE.Header.Missing

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message. For example:

Message: x-idempotency-key is missing in the request

TPP attempts to use POST operation with the same idempotency key after 24 hours

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Rules.
ResourceAlreadyExists

Error Type:
ResourceAlreadyExists

Idempotency supported for 24-hour period.

After 24 hours a new request should be created.

Signature Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to use POST operation with signature details missing

Http Status: 400

Error Code:
UK.OBIE.Signature.Missing

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature included.

Corrective action required is provided in Error message. For example:

Message: x-jws-signature is missing in the header

TPP attempts to use POST operation with invalid details in the signature

Http Status: 400

Error Code:
UK.OBIE.Signature.Invalid

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

TPP attempts to use POST operation with a malformed signature

Http Status: 400

Error Code:
UK.OBIE.Signature.Malformed

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

Payload Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to set up a payment consent with mandatory field(s) missing from the request payload.

Http Status: 400

Error Code:
UK.OBIE.Field.Missing

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.
For example:

Message: Amount is missing in the request payload

Path: Data.Initiation.InstructedAmount.Amount

TPP attempts to set up a payment consent with invalid details provided in the request payload.

Http Status: 400

Error Code:
UK.OBIE.Field.Invalid

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message. For example:

Message: PaymentContextCode is invalid format. Please refer to the OBIE specs.

Path: Risk.PaymentContextCode

TPP attempts to access a payment consent resource with an invalid consent id.

Http Status: 400

Error Code:
UK.OBIE.Resource.NotFound

Error Type:
InvalidRequestPayload

Reattempt with a valid Consent ID.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to set up a payment consent for a date in the past.

Http Status: 400

Error Code:
UK.OBIE.Field.InvalidDate

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to set up a payment consent with a future date that is not supported.

Http Status: 400

Error Code:
UK.OBIE.Field.InvalidDate

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

Valid future dates expected are documented in Implementation Guide.

TPP attempts to set up a payment consent with a scheme that is not supported.

Http Status: 400

Error Code:
UK.OBIE.Unsupported.Scheme

Error Type:
InvalidRequestPayload

Create a consent using a POST operation with a payment scheme that is supported.

Take the PSU through an authentication journey.

Payment journeys supported are documented in Implementation Guide.

TPP attempts to set up a payment consent with a Local Instrument that is not supported.

Http Status: 400

Error Code:
UK.OBIE.Unsupported.LocalInstrument

Error Type:
InvalidRequestPayload

Create a consent using a POST operation with a Local Instrument that is supported.

Take the PSU through an authentication journey.

Payment journeys supported are documented in Implementation Guide.

TPP attempts to set up a payment consent with a currency that is not supported.

Http Status: 400

Error Code:
UK.OBIE.Unsupported.Currency

Error Type:
InvalidRequestPayload

Create a new payment order consent using a POST operation with a currency that is supported.

Take the PSU through an authentication journey.

Currencies supported are documented in Implementation Guide.

TPP attempts to set up a payment consent with an Account Identifier that is not supported for the payment journey.

Http Status: 400

Error Code:
UK.OBIE. Unsupported.
AccountIdentifier

Error Type:
InvalidRequestPayload

Create a new payment consent using a POST operation with an Account Identifier that is supported by the payment journey.

Take the PSU through an authentication journey.

Supported Account Identifiers for payment journeys are documented in Implementation Guide.

TPP attempts to submit payment order using a Consent ID that has an invalid consent status.

Sub-scenario: The underlying consent status is not set to ‘AwaitingAuthorisation’

Http Status: 403

Error Code:
UK.OBIE.Resource.
InvalidConsentStatus

Error Type:
AuthoriseConsent

Take the PSU through an authentication journey.

TPP attempts to submit payment order using a Consent ID that has an invalid consent status.

Sub-scenario: The underlying consent status is set to ‘Rejected’ or ‘Consumed’

Http Status: 403

Error Code:
UK.OBIE.Resource.InvalidConsentStatus

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to submit payment order using details that do not match the Consent resource.

Http Status: 403

Error Code:
UK.OBIE.Resource.ConsentMismatch

Error Type:
InvalidRequestPayload

Re-attempt POST operation with details that match consent resource.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to submit payment order using a Consent ID that has expired.

Http Status: 403

Error Code:
UK.OBIE.Rules.
AfterCutOffDateTime

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to submit payment order with a missing or invalid Consent ID

Http Status: 400

Error Code:
UK.OBIE.Field.Invalid

Error Type:
InvalidRequestPayload

Re-attempt POST operation with a valid Consent ID.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.

ASPSP downstream services or server is down.

Http Status: 500

Error Code:
UK.OBIE.UnexpectedError

ErrorType:
ServerError

Retry Later.

VARIABLE RECURRING PAYMENTS ERROR SCENARIOS

Header Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to use POST operation with invalid details in the header

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Header.Invalid

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message.
For example:

Message: x-fapi-customer-last-logged-time is invalid

TPP attempts to use POST operation with header details missing

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Header.Missing

Error Type:
InvalidRequestHeader

Re-attempt POST operation with a valid header

Corrective action required is provided in Error message. For example:

Message: x-idempotency-key is missing in the request

TPP attempts to use POST operation with the same idempotency key after 24 hours

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Rules.
ResourceAlreadyExists

Error Type:
ResourceAlreadyExists

Idempotency supported for 24-hour period.

After 24 hours a new request should be created.

Signature Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to use POST operation with signature details missing

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Missing

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature included

Corrective action required is provided in Error message. For example:

Message: x-jws-signature is missing in the header

TPP attempts to use POST operation with invalid details in the signature

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Invalid

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

TPP attempts to use POST operation with a malformed signature

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Signature.Malformed

Error Type:
InvalidRequestSignature

Re-attempt POST operation with a valid signature

Payload Error Responses

Scenario
Expected ASPSP Response
Expected TPP Action

TPP attempts to set up a vrp consent with mandatory field(s) missing from the request payload.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.Missing

Error Type:
Invalid request parameters

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message. For example:

Message: Amount is missing in the request

Path: Data.ControlParameters.MaximumIndividualAmount.Amount

TPP attempts to set up a vrp consent with invalid details provided in the request payload.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.Invalid

Error Type:
Invalid request parameters

Create a new consent using a POST operation with a valid payload.

Take the PSU through an authentication journey.

Corrective action required is provided in Error message.
For example:

Message: PaymentContextCode is not in a valid format.

Path: Risk.PaymentContextCode

TPP attempts to set up a vrp consent with dates that are not supported.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Field.InvalidDate

Error Type:
Invalid request parameters

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

Exception rules for accepted dates are documented in Implementation Guide.

TPP attempts to set up a vrp consent with a currency that is not supported.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Unsupported.Currency

Error Type:
InvalidRequestPayload

Create a new consent using a POST operation with a currency that is supported.

Take the PSU through an authentication journey.

TPP attempts to access a vrp consent resource that has been deleted or unknown.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.NotFound

Error Type:
Resource not found

Reattempt with a valid Consent ID.

Else, create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to access a vrp consent resource that is expired.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.
InvalidConsentStatus

Error Type:
Invalid consent status

Create a new consent using a POST operation.

Take the PSU through an authentication journey.

TPP attempts to use a vrp consent resource where the access has been revoked.

Http Status: 401 Unauthorized

Error Code:
UK.OBIE.Resource.
InvalidConsentStatus

Error Type:
Unauthorized

Take the PSU through the re-authentication journey.

TPP attempts to access a vrp payment resource that is unknown.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.NotFound

Error Type:
Resource not found

Reattempt with a valid DomesticVRPID.

TPP attempts to access a vrp consent resource to make a payment that breaches control parameters set in the consent.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Rules.
FailsControlParameters

Error Type:
Invalid request parameters

Create a new request using a POST operation within the control parameters.

TPP attempts to access a vrp consent resource to do a funds-confirmation check or make a payment and the details do not match the consent.

Http Status: 400 BadRequest

Error Code:
UK.OBIE.Resource.
ConsentMismatch

Error Type:
Invalid request parameters

Create a new request using a POST operation with a valid payload that matches the consent.

ASPSP downstream services or server is down.

Http Status: 500 UnexpectedError

Error Code:
UK.OBIE.UnexpectedError

ErrorType:
UnexpectedError

Retry Later.

AGGREGATED POLLING

The OBIE have defined an Aggregated Polling API (POST /events) which allows an ASPSP to aggregate and deliver multiple signed event notifications to TPPs through the use of polling. The POST /events endpoint allows a TPP to poll and acknowledge and receive event notifications.

  • The POST method allows the TPP to transmit their polling parameters and event notification acknowledgements.

  • The ASPSP responds accordingly, sending event notifications as indicated by the TPPs polling parameters.

  • The Supported scope of Aggregated Polling is accounts, fundsconfirmations, payments.

This detail should be read in conjunction with Open Banking Specifications and our API Products

  • Aggregated Polling API Specification can be found here

  • API Products can be found here

AGGREGATED POLLING VARIATIONS

The Table lists down the Exceptions implemented for Aggregated Polling API :

SNo
Endpoints
Description
1
/events
Revoked consent

The LBG Aggregated Polling API returns event notifications for revoked consents only

2
/events
Long Polling

Long polling is not supported as described within the OBIE specification – see ‘Polling Parameters’.

3
/events
API Sign Response

The response from the LBG Aggregated Polling API signs the whole response and not individual event notifications

4
/events
Event Recycling Frequency

Lloyds Banking Group used JTIs to send event notifications. A unique JTI is generated each time the TPP calls the Aggregated Polling API. JTIs do not expire

5
/events
Polling Frequency

Lloyds Banking Group will restrict each TPP App to calling the Aggregated Polling API 10 times within 24 hours for each brand, e.g. a TPP may call the Lloyds Aggregated Polling API 10 times, and the Halifax endpoint 10 times within the same 24 hours

6
/events
Polling parameters

Lloyds Banking Group will return up to 150 event notifications for every Aggregated Polling call made by the TPP.

7
/events
TPP Registration of the Lloyds Banking GroupAggregated Polling API

If you are a new TPP currently on-boarding then you will be automatically registered to the Aggregated Polling API. If you are an existing TPP then you will be required to follow the instructions in section 2 of this document to use the Aggregated Polling API.

8
/events
Operating without acknowledgements

The LBG Aggregated Polling API returns event notifications for revoked consents only

How to register using DCR

ON-BOARD USING DYNAMIC CLIENT REGISTRATION

TPPs using OBIE issued certificates

This section applies to TPPs who are already registered with the OBIE and have a login for the OBIE directory

  1. Certificate Signing Request (CSR) is needed to generate an SSA. Please refer to the Open Banking documentation on how to create CSRs.

  2. After creating the CSR, retain the private keys and upload only the CSR to the Open Banking portal to generate the certificates.

  3. Follow the OBIE Confluence page to generate the SSA

TPPs using eIDAS certificates

This applies to all TPPs who are not yet registered with OBIE, but are in possession of eIDAS certificates.

  1. For those TPPs who are not registered with Open Banking, OBIE has provided APIs to do a soft onboarding, which can be used to generate an SSA which must be used during LBG dynamic client registration.

  2. The SSA is a JSON Web Token (JWT) containing client metadata about an instance of TPP client software. The JWT is issued and signed by the Open Banking Directory.

  3. The SSA's Lifetime / Validity period is not defined by Open Banking. ASPSPs in the Open Banking ecosystem are required to implement pragmatic time ranges in which to accept an SSA.

  4. LBG has set the SSA validity to 24 hours for use in dynamic registration.

The APIs exposed by OBIE to register and generate an SSA are documented here

Please find the below typical steps to register with OBIE through directory services

  1. Enroll your organization onto the Open Banking Directory through Directory Services 2.0.

  2. Only TPPs can use this enrolment endpoint, so please set OrganizationType to tpp POST /organization/{OrganizationType}

  3. Update the business or the technical contacts for the given organization. This is required for the LBG to create an user while creating an application. PUT /organization/{OrganizationType}/{OrganizationId} /contact/{ContactType}

  4. Create a software statement on the directory POST /organization/{OrganizationType}/{OrganizationId} /software-statement

  5. Update a software statement (if needed) PUT /organization/{OrganizationType}/{OrganizationId} /software-statement

  6. Upload your eIDAS QSEAL against your organization. If OrganizationCertificateType is set to QWAC or QSEAL then the PEM file should contain a QWAC or a QSEAL certificate respectively. POST/organization/ {OrganizationType}/{OrganizationId}/certificate/ {OrganizationCertificateType}

  7. Associate/de-associate a QSEAL certificate with the given software statement PUT/organization/ {OrganizationType}/{OrganizationId}/software-statement/ {SoftwareStatementId}/certificate/{OrganizationAssociativeCertificateType} /{CertificateOrKeyId}

  8. Generate a Software Statement Assertion for the given SoftwareStatementID (LBG will accept SSAs generated within last 24 hours). GET/organization/{OrganizationType}/{OrganizationId} /software-statement/{SoftwareStatementId}/software- statement-assertion If you have any further questions about your enrolment request please contact Open Banking: by emailing servicedesk@openbanking.org.uk

Register Dynamically (/REGISTER API)

The /register endpoint should be called with the appropriate request body and appropriate transport certificate.

  1. The register endpoint accepts a single jws string as its payload body.
  2. The claims that should form part of the jws body are described by the OBIE dynamic registration data model
  3. Include the SSA that was acquired from OBIE in the claims of the request object.
  4. The main validation checks that will be performed on the request object are detailed below
  5. SSA contained in the request object should be used within 24 hrs of its issue time, when the dynamic registration request is made.
  6. The scope in the request object should conform to the roles available in the SSA or a subset of them.
  7. The request object and the SSAs signature will be validated using the appropriate public certificates.
  8. Distinguished name (certificate subject) of the transport certificate will be validated against the information contained in the SSA.
  9. The response structure will conform to the OBIE specification as specified in their swagger contract
  10. The important information from the response that should be retained for future use is the client_id and client_secret.
  11. All request object validation failures will result in HTTP 400 error with a short description in the body.

Sample Client Registration request and data dictionary are mentioned below -

Open Banking Client Registration Request Payload

                                              
                                                    
                                                        {
                                                        "iss": "0BiJUzrOPVHz7zDbKLu6mP",
                                                        "aud": "0015800000jf9GgAAI",
                                                        "jti": "d2040fa9-e0d6-5289-9a94-b05e84859e7e",
                                                        "response_types": [
                                                        "code id_token"
                                                        ],
                                                        "redirect_uris": [
                                                        "https://developer.lloydsbanking.com"
                                                        ],
                                                        "token_endpoint_auth_method": "client_secret_basic",
                                                        "grant_types": [
                                                        "authorization_code"
                                                        ],
                                                        "scope": "openid accounts payments",
                                                        "software_statement": "eyJhbGciOiJQUzI1NiIsImtpZCI6I...",
                                                        "application_type": "web",
                                                        "id_token_signed_response_alg": "PS256",
                                                        "request_object_signing_alg": "PS256",
                                                        "token_endpoint_auth_signing_alg": "PS256",
                                                        "iat": 1595435113,
                                                        "exp": 1595438713
                                                        }
                                                                                 
                                                  

Introduction

Data Dictionary

application_type
 
This is for the application type
Web Mobile
Only one of the values out of web or mobile is supported.
aud
^[0-9a-zA-Z]{1,18}$

The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement. An ASPSP processing the software statement may validate the value of the claim and reject software statements for which the ASPSP is not the audience.

The value must be a Base62 encoded GUID.

 
 
exp
Unix timestamp

The time at which the request expires expressed as seconds since the epoch.

An ASPSP processing the request must reject requests where the current time is greater than the time specified in the claim.

 
 
grant_types
 

A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token

client_credentials authorization_code refresh_token
[ " client_credentials", "authorization_code"],
iat
Unix-timestamp

The time at which the request was issued by the TPP expressed as "seconds since the epoch

 
 
id_token_signed_response_alg
 

Algorithm which the TPP expects to sign the id_token, if an id_token is returned.

Supported values as constrained by FAPI-RW
PS256
iss
^[0-9a-zA-Z]{1,22}$

Identifier for the TPP.

This value must be unique for each TPP registered by the issuer of the SSA.

The value must be a Base62 encoded GUID.

 
 
 

For SSAs issued by the OB Directory, this must be the software_id

 
 
jti
`^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$`
A unique identifier for the JWT. The value must be a UUIDv4 GUID.
 
 
redirect_uris
URL

Registered URIs the TPP will use to interact with the ASPSP AS.

If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.

Each of the URIs must adhere to the following rules:

The URI MUST use the https scheme

The URI MUST NOT contain a host with a value of localhost

If the request_uris metadata element is omitted from the request, the entire contents of the software_redirect_uris element in the SSA are considered to be requested by the TPP.

 
 
request_object_signing_alg
 
Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP.
Supported values as constrained by FAPI-RW
PS256
response_types
 

A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint.

ASPSPs MAY reject the request if any of the requested response_types are not supported by it (as advertised at its .well-known end-points)

Defaults to code id_token if not specified.

code id_token
[ "code id_token" ]
scope
 

Scopes the client is asking for (if not specified, default scopes are assigned by the AS).

This consists of a list scopes separated by spaces.

 
openid accounts payments fundsconfirmations
software_statement
 

Software statement assertion issued by the issuer.

The data model for the software statements issued by the Open Banking directory are documented as part of the Directory Specification.

 
 
token_endpoint_auth_signing_alg
 

Algorithm which the TPP uses to authenticate with the token endpoint if using private_key_jwt or client_secret_jwt.

Must be specified if token_endpoint_auth_method is private_key_jwt or client_secret_jwt

Supported values as constrained by FAPI-RW
PS256
token_endpoint_auth_method
 

Specifies which Token endpoint authentication method the TPP wants to use.

private_key_jwt : if requested the OP should extract the TPPs JWKS location from the software statement assertion included.

It should be noted that only tls_client_auth and private_key_jwt are FAPI compliant.

client_secret_basic

client_secret_post

tls_client_auth

client_secret_basic OR client_secret_post OR tls_client_auth

 

Create an application

Follow the below steps to create an application –

  • curl --request POST \
  • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register \
  • --header 'accept: application/json' \
  • --header 'content-type: application/jose' \
  • --data 'request object in jws format’ \
  • --key ./private-cert.key \
  • --cert ./public-cert.pem \
  • --cacert ./root-ca.pem

URL

Parameter
Example Value
Description
secure-domain

Please refer to the Other Useful Information  section for all brand specific domains

 

Certs

Parameter
Example Value
Description
CACert

Combination of Root & Intermediate (Full chain)

Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

 

Data

Parameter
Example Value
Description
Nested JWS with SSA

Valid JWS token

Construct the request payload as the OBIE Dynamic Client Registration V3.2

 

Product Auto subscription and auto approval based on TPP role

If dynamic registration response completed successfully, based on the scopes sent in the request object, the appropriate API Products will be auto subscribed and auto approved and will become available for immediate consumption.

Update an application

Follow the below steps to update an application if needed –

  1. Set up Client Credentials Token

    In this step you obtain an Access Token using a Client Credentials Grant Type. The access expires within 10 minutes after the generation. When an Access Token expires, you will need to re-request for another Access Token.

    For Authentication methods - client_secret_basic and client_secret_post:

    curl -k -X POST \

    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • url{secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
    • {secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da&client_secret=qJ4dE5yO6xK2oM0fQ5wR0tF4kV0uL4xR5kO6dB7dJ4iU7qI0yB&s cope=openId accounts'

    For Authentication method - tls_client_auth:

    curl -k -X POST \

    • --key ./private-cert.key \
    • --cert ./public-cert.pem \
    • --cacert ./ca-cert.pem \
    • url{secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \
    • --header 'accept: application/json' \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da& scope=accounts'
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Data
    Parameter
    Example Value
    Description
    grant_type

    client_credentials

    The grant type being requested

    client_id

    c1d81a9a-609a-47be-9363-8fa038b987da

    Your LBG application Client ID

    client_secret

    qJ4dE5yO6xK2oM0fQ5wR0tF4kV0uL4xR5kO6dB7dJ4iU7qI0yB

    Your LBG application client_secret, its not required for tls_client_auth method

    scope

    openid accounts

    The scope being requested.

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Description:

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     
  2. Invoke the Update Client Application API

    Using the Access Token obtained in the previous step, invoke Update Client Application API.

    curl –request PUT \

    • url{secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • --header 'content-type: application/jose' \
    • --header 'accept: application/json' \
    • --header 'authorization: Bearer AAIkMDM5NDJmZTUtOGNiMi00NzVmLWIwMTItNDgyZjM0ZTExYzI5ujAPRjg9HCsXYdEx15e-1h8ZdUQvTtI2Q3lkxQl3tv3n1zVlTnK0jbC1xzhnx6XRH7KBbLCr8qzYUBN0pGDSjdKGgYfFw5om5YFzRrq7j4I8_b6KSlgZ1F4Cs7SvpLLJmHSKL0tGPIA0VSsaAyHilg' \
    • --data 'request object in jws format’
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     
    Data
    Parameter
    Example Value
    Description
    Nested JWS with SSA

    Valid JWS token

    Construct the request payload as the OBIE Dynamic Client Registration V3.2

     

View application details

Follow the below steps to update an application if needed –

  1. Set up Client Credentials Token

    In this step you obtain an Access Token using a Client Credentials Grant Type. The access expires within 10 minutes after the generation. When an Access Token expires, you will need to re-request for another Access Token.

    For Authentication methods - client_secret_basic and client_secret_post:

    curl -k -X POST \

    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • --url {secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
    • --header 'accept: application/json' \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da&client_secret=qJ4dE5yO6xK2oM0fQ5wR0tF4kV0uL4xR5kO6dB7dJ4iU7qI0yB&scope=openId accounts'

    For Authentication method - tls_client_auth:

    curl -k -X POST \

    • --key ./private-cert.key \
    • --cert ./public-cert.pem \
    • --cacert ./ca-cert.pem \
    • --url {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \
    • --header 'accept: application/json' \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da& scope=accounts
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Data
    Parameter
    Example Value
    Description
    grant_type

    client_credentials

    The grant type being requested

    client_id

    c1d81a9a-609a-47be-9363- 8fa038b987da

    Your LBG application Client ID

    client_secret

    qJ4dE5yO6xK2oM0fQ5wR0tF 4kV0uL4xR5kO6dB7dJ4iU7qI0 yB

    Your LBG application client_secret, its not required for tls_client_auth method

    scope

    openid accounts

    The scope being requested

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     
  2. Invoke the View Client Application API

    Using the Access Token obtained in the previous step, invoke View Client Application API.

    curl -k -X GET\

    • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • --header 'accept: application/json' \
    • --header 'content-type: application/jose' \
    • --header 'authorization: Bearer AAIkMDM5NDJmZTUtOGNiMi00NzVmLWIwMTItNDgyZjM0ZTExYzI5ujAPRjg9HCsXYdEx15e1h8ZdUQvTtI2Q3lkxQl3tv3n1zVlTnK0jbC1xzhnx6XRH7KBbLCr8qzYUBN0pGDSjdKGgYfFw5om 5YFzRrq7j4I8_b6KSlgZ1F4Cs7SvpLLJmHSKL0tGPIA0VSsaAyHilg'
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     

Delete application

Follow the below steps to update an application if needed –

  1. Set up Client Credentials Token

    In this step you obtain an Access Token using a Client Credentials Grant Type. The access expires within 10 minutes after the generation. When an Access Token expires, you will need to re-request for another Access Token.

    For Authentication methods - client_secret_basic and client_secret_post:

    curl -k -X POST \

    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • --url {secure-domain}/prod01/lbg/lyds/oidc-api/v1.1/token \
    • --header 'accept: application/json' \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da&client_secret=qJ4dE5yO6xK2oM0fQ5wR0tF4kV0uL4xR5kO6dB7dJ4iU7qI0yB&scope=openId accounts'

    For Authentication method - tls_client_auth:

    curl -k -X POST \

    • --key ./private-cert.key \
    • --cert ./public-cert.pem \
    • --cacert ./ca-cert.pem \
    • --url {secure-domain}/prod01/lbg/lyds/mtls-token-api/v1.1/token \
    • --header 'accept: application/json' \
    • --header 'cache-control: no-cache' \
    • --header 'content-type: application/x-www-form-urlencoded' \
    • --data 'grant_type=client_credentials&client_id=c1d81a9a-609a-47be-9363-8fa038b987da& scope=accounts
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Data
    Parameter
    Example Value
    Description
    grant_type

    client_credentials

    The grant type being requested

    client_id

    c1d81a9a-609a-47be-9363- 8fa038b987da

    Your LBG application Client ID

    client_secret

    qJ4dE5yO6xK2oM0fQ5wR0tF 4kV0uL4xR5kO6dB7dJ4iU7qI0 yB

    Your LBG application client_secret, its not required for tls_client_auth method

    scope

    openid accounts

    The scope being requested

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     
  2. Invoke the Delete Client Application API

    Using the Access Token obtained in the previous step, invoke Delete Client Application API.

    curl –request DELETE \

    • --url {secure-domain}/prod01/lbg/dcr-api/v1.0/register/REPLACE_CLIENTID \
    • --key private-cert.key \
    • --cert public-cert.pem \
    • --cacert QTSP-root-ca.pem \
    • --header 'accept: application/json' \
    • --header 'content-type: application/jose' \
    • --header 'authorization: Bearer AAIkMDM5NDJmZTUtOGNiMi00NzVmLWIwMTItNDgyZjM0ZTExYzI5ujAPRjg9HCsXYdEx15e1h8ZdUQvTtI2Q3lkxQl3tv3n1zVlTnK0jbC1xzhnx6XRH7KBbLCr8qzYUBN0pGDSjdKGgYfFw5om 5YFzRrq7j4I8_b6KSlgZ1F4Cs7SvpLLJmHSKL0tGPIA0VSsaAyHilg'
    URL
    Parameter
    Example Value
    Description
    secure-domain

    Please refer to the  Other Useful Information   section for all brand specific domains

     
    Certs
    Parameter
    Example Value
    Description
    CACert

    Combination of Root & Intermediate

    Must provide in the request if the QWAC transport certs are being used. However this is optional for the OBWAC, OB Transport.

     

Developer portal login for OBIE registered TPPs

TPPs who already have anOBIE directory login will be able to use it to login to the LBG developer portal and view/amend the newly created app using dynamic registration,using the email ID of the first contact inside the SSA, which was used during dynamic registration.

Open Data APIs

OPEN DATA APIs

The following section contains useful information for TPPs who wish to consume Lloyds Banking Group’s Open Data APIs, broken down by each group of APIs.

DATA LATENCY IN LLOYDS BANKING GROUP OPEN DATA API

TPPs should be aware that on the initial release of Open Data v2.1.1, in some circumstances (for example Bank of England rate changes), the Open Data API may be up to 18 hrs out of sync with equivalent data presented via the bank’s public website. TPPs can expect full synchronicity at the latest by 18:00 each day.

TPPs are advised to consider the possibility of this latency in the design of their services, communications with PSUs and, in the case of price comparison uses, take steps to advise the customer that in exceptional circumstances the product available at the point of application may differ from that at the point of comparison.

ATM / BRANCH

Exception
Description
Branch Identification

For ATMs that are linked to a physical branch, ATM API Branch Identification = Branch API Branch Identification.

 

For ATMs that are not linked to a physical branch, the ATM API Branch Identification’s final 2 digits are ‘99’.

 

PCA

Exception
Description
Account Behaviour Conditions

The data standard does not currently allow for conditions to be associated with certain fees and benefits. Lloyds Banking Group has addressed this by including notes with the related items. TPPs should be aware of this when consuming the data in the API. For example, as at launch of the API, the following notes were included in the data for certain products:

 

Notes from OtherFeesCharges for Club Lloyds:

 

The Club Lloyds monthly account fee comprises of:

 

Club Lloyds monthly account fee is Free or £3 per month.

 

The £3 fee is waived for each month you pay in at least £1,500 into your account. If in any month you don't pay in this amount, you will need to pay the £3 monthly account fee.

 

Notes from OtherFeesCharges for Club Lloyds Platinum:

 

The Club Lloyds Platinum monthly account fee comprises of:

 

  • Platinum Account monthly account fee of £17 per month
  • Club Lloyds monthly account fee is Free or £3 per month

 

The £3 fee is waived for each month you pay in at least £1,500 into your account. If in any month you don't pay in this amount, you will need to pay the £3 monthly account fee.

 

Maximum combined monthly account fee of £20 per month.

 

Notes from FeaturesBenefits for Halifax Reward:

 

£3 reward each month you pay in £750 or more, pay out at least 2 different direct debits and stay in credit. If in any month you miss out on the £3 reward, you can still get it in future months too (when you meet the qualifying requirements.

 

Notes from FeaturesBenefits for Halifax Ultimate Reward Account:

 

A lower monthly fee of £12 applies if in the previous calendar month you pay in £750 or more and pay out at least 2 different direct debits and remain in credit.

 

You also need to keep your account open/not change it to a different current account until the fee is due to be debited (by the 2nd working day of the following calendar month).

Packaged Accts
“Packaged” is shown as Segment under PCA; there is no FeatureBenefitGroup - Type option specifically for “Packaged” Bank Accounts so Lloyds Banking Group are recording as ‘Other’.
Vantage Product
Lloyds Banking Group maintains separate API data records for Bank of Scotland Classic Vantage Account and Bank of Scotland Platinum Vantage Account as these are distinct products with their own product identifiers.
Club Products
Lloyds Banking Group maintains separate API data records for Club Lloyds and Club Lloyds Platinum as these are distinct products with their own product identifiers.
PCAs not eligible for Overdrafts

Lloyds Banking Group has the following products that do not provide an overdraft facility, and has referenced this as a product Note on the PCAMarketingState tab

 

  • Lloyds Basic Account
  • Lloyds Under 19’s Account
  • Bank of Scotland Basic Account
  • Bank of Scotland Under 19’s Account
  • Halifax Basic Account
  • Halifax ExpressCash Account
Unplanned Overdrafts
Lloyds Banking Group no longer charges for Unplanned Overdrafts so this is not referenced anywhere in API data records.
Card withdrawal limits
No specific field for ATM daily withdrawal limits so Lloyds Banking Group uses the Notes fields in the Features and Benefits.
Linking Account Information API to Open Data PCA products

Account Information API can only be linked to the Open Data for front book (on sale) products. Where Product Identifier is returned for a particular customer account (following a call to Account Information /accounts/{AccountId}/product) it means that the customer is on a product for which the terms, features and benefits can be found in the Open Data. This Product Identifier can be used to locate that product in the Open Data PCA API

 

This linking mechanism is only available at a product level so if multiple marketing state variations exist in Open Data for that product then the TPP should engage in further dialogue with the account holder to determine which applies to their present situation.

 

For example, for the Lloyds Bank Student product terms vary depending on the academic year the student is in. These are represented as marketing states in the Open Data API, so while the linkage will allow a TPP to identify if the customer has a student product it will not facilitate the identification of the year of study, therefore the TPP will have to gather further information from the customer to identify the relevant PCA information.

Promotional vs. Destination products

Distinction between promotion ending and destination products:

 

  1. Promotions are detailed on the MarketingState within each applicable product. For example, in URCA, the Marketing State section indicates that there is a promotional offer available on the product, the duration and what this relates to, e.g. overdraft switcher offer for 6 months. There is then a promotional section with details of the overdraft offer and a regular section with the standard overdraft details. The promotional section includes notes on the promotion and the fee is showing as zero, whereas in the regular tab it has 1p per £7 borrowed.
  2. Destination products – on a student account, the customer will eventually graduate and not be eligible. The next account is not detailed.
Credit Interest

Lloyds Banking Group has the following products that offer Credit Interest on account balances within a defined tier and this will be reflected on the CreditInterest tab. Any account balance outside of the defined tier values will not receive credit interest.

 

  • Lloyds Under 19’s Account
  • Lloyds Club Lloyds Account
  • Lloyds Club Platinum Account
  • Halifax ExpressCash Account
  • Bank of Scotland Under 19’s Account
  • Bank of Scotland Classic Vantage Account
  • Bank of Scotland Platinum Vantage Account
 

BUSINESS CURRENT ACCOUNTS (BCAS) - £0 - £1M TURNOVER

API Section
Field(s)
Usage Notes
Overdraft

Overdraft/Notes

 

OverdraftFeeCharge Cap/Notes

Notes fields within the Overdraft section have been set as String (len 2000) rather than Array of strings (len 2000).
Overdraft
OverdraftFeeCharge Detail/Notes
Conditions which are applied to when certain fee/charges may be applied to an account are shown within the corresponding Notes field, linked via the corresponding OverdraftFeeChargeDetail (ID) value.
Eligibility
ResidencyIncluded
Regex pattern for this field insists on four characters, although it ought to be defined as up to four characters.
Other Fees Charges

FeeChargeDetail(ID)/ FeeType

 

FeeChargeDetail(ID)/ OtherFeeType

 

FeeChargeDetail(ID)/ FeeCategory

FeeCategory to FeeType mapping from CodeList references different enumerations compared to DD and Swagger specifications; the reason for this because the stated enumerations do not accurately reflect the categorisation of Fees and Charges by Lloyds Banking Group.

 

This will not impact consumption of the data because the enumeration mappings are not forced within the Swagger.

Other Fees Charges

FeeChargeDetail(ID)/ FeeAmount

 

FeeChargeDetail(ID)/ Notes

For some FeeTypes, the corresponding FeeAmount fields may be blank because:

 

Conditions may apply which determine what price is charged for a particular transaction.

 

The price of a particular transaction may vary depending on Customer and/or Account behaviour.

 

The price of a particular transaction may be controlled/determined by a third party (i.e. not Lloyds Banking Group).

 

Prices for a particular non-standard transaction are available via a discussion with the Customer.

 

Anywhere where the FeeAmount field is blank will be explained/supported within the corresponding Notes field, linked via the corresponding FeeChargeDetail (ID) value.

Mapping of Account Information API (Transactional Data) to the Open Data API (Product Information)
BCA(ID)/Identification

Transactional data made available via the Account Information API can only be linked/mapped to the Open Data API for front book (on sale) products only; these include products which may have elements within them which are no longer offered (e.g. discontinued overdraft offerings no longer available for new lending).

 

Where a Product Identifier is returned for a particular customer account (following a call to Account Information /accounts/{AccountId}/product) it means that the account is on a product for which the terms and conditions, features and benefits, and pricing information can be found in the Open Data API content. This Product Identifier can be used to locate that product within the Open Data BCA API content.

 

Exceptions to the above will be where an underlying product may be shared by different customer segments (e.g. which have distinct Terms and Conditions which will apply) each of which is published via the Open Data API, but where customer and/or segment level (in addition to Account-level) information would be required to determine the correct mapping; this complexity for specialist BCA products is not supported at this time. Examples of these products would be the Schools Account, Treasurers’ Account and Credit Union Account.

 

SME BUSINESS CURRENT ACCOUNTS (BCAS) - TURNOVER £1M-25M

Exception
Description
Mandatory / optional fields
Most optional fields have been left unpopulated due to either (a) being not applicable for the product (b) having variations depending on the customer type.
Products
All Lloyds Bank products currently are identical to those for Bank of Scotland with the exception of brand, product identifiers, product naming and the Unauthorised Borrowing Rate for overdrafts which is different for each brand.
Marketing State
No products have promotional marketing states – only one single regular state per product.
Credit interest
Only one product (School Banking Account) currently pays credit interest as standard. It has no tiers or banding just a single gross rate applicable for balances of £1 and above.
Overdrafts
Only customers with Business Extra or Electronic Business Tariff products can currently have an overdraft facility. Identical overdrafts rates (with the exception mentioned above) and fees are applicable for all tiers/bands. Unauthorised Borrowing and Unpaid Item fees are represented in the Overdraft section not under Other Fees and Charges section.
Eligibility
Only the entity yearly turnover (£1m-25m) is specified as a requirement for opening or managing accounts. Other eligibility requirements are handled at account opening and may vary depending on the customer – they are optional fields and are left blank.
Fees and Charges

Several fees have been bundled under the ‘Other’ FeeCategory as the codelist supplied did not sufficiently represent the type of fee (description).

 

Fees and charges are generally unsorted. It was unknown whether they should be sorted according to FeeCategory, how we as a bank should wish to sort them or how a TPP would approach sorting and display to the customer. In addition, if sorted by FeeCategory the fees under the ‘Other’ FeeCategory may be badly ‘positioned’ in a list. Criteria for sorting or presentation of data may also apply equally to features and benefits.

 

Where fees have been represented under the ‘Other’ FeeCategory the description of the fee will reside under the ‘OtherFeetype’ construct.

 

Where fee amounts (FeeAmounts) could not be represented by a single value then they are defined under the FeeChargeDetail construct.

 

SME LOANS (SMELS) - £0 - £1M TURNOVER

API Section
Field(s)
Usage Notes
Eligibility
ResidencyIncluded
Regex pattern for this field insists on four characters, although it ought to be defined as up to four characters. Values provided state “UK” which would be highlighted as a fail.
 

SME LOANS (SMELS) - £1M - £25M TURNOVER

Exception
Description
Product Maximum Loan Amount
The largest standard loan amount is £25,000 however in exceptional circumstances if the client’s situation and financial stability is sufficient a loan of up to £50,000 may be considered. This is covered in the notes section.
Eligibility Financial Holdings
It is necessary for a customer to hold a current account with Lloyds Banking Group in order to facilitate the business loan. Customers reviewing data may also therefore be interested in viewing Lloyds Banking Group business current accounts on offer.
SIC Codes
Lloyds Banking Group has opted to leave the SIC code section blank as there are no industries which would be considered automatically ineligible for a business loan. Customers should be encouraged to contact the bank if they would like additional details.
Fixed Rate APR
Our fixed rate business loan product only utilises a single rate and as the current product is set up this would not change. A new product would be created if we ever chose to change this aspect of our business loans.
SME Loan Segment
Our Base Rate Business Loans provide additional flexibility to our business customers however our Fixed Rate Business Loans will be restricted to clients with sufficient collateral to cover the loan.
 

BUSINESS CREDIT CARDS

Exception
Description
Eligibility Financial Holdings
It is necessary for a customer to hold a current account with Lloyds Banking Group before we will issue a business credit card. Customers reviewing data may also therefore be interested in viewing Lloyds Banking Group business current accounts on offer.
Eligibility MinMax
Business Credit Cards are split by turnover however there are no functional differences to these products by design. Similarities are not an error and should be presented as directed.
 

Contact and support

For general queries, please email :- obresponseteam@lloydsbanking.com
We will be able to respond from 9am to 5pm Monday to Friday, except public holidays.

For technical Issues please log a ticket via the OBSD:- Sign in - Open Banking

FAQs

How should I use the Open Banking Model Bank

The OBIE has set up a ‘Developer Zone’ for TPP developers. This contains the Open Banking API specifications and Data Standards required to build your own applications. You should use these as the standards against which you should develop your applications.

The OBIE Developer Zone can found here.

Do you have a Sandbox environment for me to do my development against?

We do not currently support a Sandbox environment. The OBIE has built a Sandbox environment (Model Bank) to enable developers to prototype solutions against its specifications.

We strongly recommend that you develop and test your application using this environment as you are likely to be asked to show successful requests/responses as part of troubleshooting any issues you are facing. You can find the link to the OBIE’s Sandbox page here.

How do I register an application?

Log in with your Open Banking credentials and click on ‘Applications’ in the main menu. Then click on 'Register an application'. Once you have provided an application name, redirect url and SSA from the App that you have registered in Open Banking Directory, you will be shown your application client ID and client secret. You must supply these when you call an API that requires you to identify your application.

Make a note of your client secret because it is only displayed once.

Which OIDC flows are you supporting?

We are supporting OIDC hybrid flow with the response type code ID token and code. We have also exposed our discovery endpoint with Open Banking, which has all the necessary information for our OIDC. This information can be found on the Open Banking Directory here.

When should I come to LBG to deal with development issues and when should I go to Open Banking Ltd?

As a first port of call, you should refer to the OBIE’s Developer Zone. If you have fulfilled all of the requirements documented there, and you would like to raise an issue with us directly, please use the Issue form in the Support section of our Developer Portal.

You may well be asked for successful request / response calls that have been made against Open Banking Model Bank to assist in troubleshooting.

Do you have a set of known issues that you can share with us?

We will communicate known issues to you via email.

Lloyds Banking Group Sandbox

The Sandbox is designed to replicate the LBG production environment. It provides a safe, controlled environment for registered TPPs to develop and test APIs.

Before you start we recommend users view and familiarise themselves with the Sandbox Developer Guide on this page.

First time users

Register with Open Banking Sandbox Directory.

 

App set up

Register your Applications using Dynamic Client Registration (DCR) the details of which can be found in the below documents.

Lloyds Banking Group Sandbox Developers Guide
How to Register using DCR

View API Endpoints

Understand our API specification.

 

Lloyds Banking Group Sandbox Developers Guide

This guide provides a technical overview of how to use the LBG Sandbox.

 

Screen Scraping Plus

This guide provides an overview of how to use our Screen Scraping Plus interface. It is intended to help TPPs carry out connectivity testing of the interface.

High level information is included about:

  • What is Screen Scraping Plus?
  • Websites on which Screen Scraping is enabled
  • How to enrol with Open Banking OBIE Directory
Lloyds Banking Group Screen Scraping Plus Developers Guide

This guide provides a technical overview of how to use the LBG Screen Scraping Plus.