Banking Service
The banking service connects to the Icelandic banks via the IOBS services to get information about bank accounts and credit cards
Information
To call each method, you need to have an Api Key
Each method requires an UserName, Password and SelectedBank*
The UserName and Password are needed to call the IOBS service and SelectedBank is the IOBS service that you are calling.
SelectedBank can be one of possible options
- ISB Íslandsbanki
- LI Landsbanki Íslands
- Arion Arion banki
Required for each method except Credit Card methods for ISB, explained in later section
Supported methods
| Method | Description | ISB | LI | Arion |
|---|---|---|---|---|
| api/account/exists | Check if Account exists | Yes | Yes | Yes |
| api/account | Get a list of accounts | Yes | No | Yes |
| api/account/transaction | Get a list of transactions for given account | Yes | Yes | Yes |
| api/creditcard | Get a list of credit cards | Yes | Yes | Yes |
| api/creditcard/transaction | Get a list of transactions for given card | Yes | Yes | Yes |
| api/auth/isb | Start an OpenID Oauth2 authentication flow | Yes | No | No |
| api/auth/isb/refreshtoken | Gets an new Access token for given Refresh token | Yes | No | No |
To get a detailed information about each method click here
OpenID authorization flow for Íslandsbanki
Íslandsbanki has a service to get credit cards and transactions for a given card, but that service only supports OpenID Code authorization flow
To start the Authorization flow
- Visit https://proxy.blackdune-bd8e0593.northeurope.azurecontainerapps.io/api/auth/isb
- Log in with Mobile phone or Auðkenni app
- Select the user you want to log in as
- Accept the consent page
When the authorization flow has completed, Íslandsbanki performs a callback which returns an Access token and Refresh token
When calling the Credit card methods for ISB, instead of sending userName and password, the Access token should be sent as token
The Access Token has a lifetime of 10 minutes, to get a new Access token, call to api/auth/isb/refreshtoken is required to get a new access token
Because the Refresh token has a fixed lifetime of 6 months, the Authorization flow needs to be performed every 6 months