HGS Transactions
Authorization
Dynamic Registration
Dynamic registration needs be performed only once before start using Garanti BBVA API Store, in order to get Client ID and Client Secret. Once these credentials are obtained, they should be declared in every API request.
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
Dynamic Registration |
|
Version |
V0 |
|
Description |
Registration for Client Credentials |
| Pre-Conditions | HTTP POST method is allowed. |
Endpoint Definition
|
Endpoint |
|
|---|---|
|
URI |
/cards/service/registiration/v0 |
|
Base URL |
https://apis.garantibbva.com.tr:443 |
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Content-Type |
String |
Mandatory |
application/json |
|
Accept |
String |
Mandatory |
application/json |
|
Request Body |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
redirect_uris |
Array of Strings |
Mandatory |
URIs TPPs will be redirected after access token generation and customer login |
|
company_name |
String |
Mandatory |
TPP Name |
|
Response Body |
||
|---|---|---|
|
Attribute |
Type |
Condition |
|
client_id |
String |
Mandatory |
|
client_secret |
String |
Mandatory |
Getting Access Token
Access Token is required to call APIs which requires “Authorization” attribute in request header and can be obtained from token endpoint by making a POST request with the Authorization Code grant type, Authorization Code, Client ID, Client Secret and Redirect URI.
In order to get access token, developer has to create Rest Web Service that is going to get the access token from Token API provided by Garanti BBVA API Store with POST request.
Garanti BBVA API Store Token Endpoint :
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
Access Token Generation |
|
Version |
V0 |
|
Description |
Generation of Access Token in return of Authorization Code |
|
Pre-Conditions |
HTTP POST method is allowed. |
|
Endpoint |
|
|---|---|
|
URI |
/cards/service/gettoken/v0 |
|
Base URL |
https://apis.garantibbva.com.tr:443 |
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Content-Type |
String |
Mandatory |
application/json |
|
Accept |
String |
Mandatory |
application/json |
|
Access Token Request Parameters |
|
|---|---|
|
Client-ID |
Client ID assigned to the user via Dynamic Registration. |
|
Client-Secret |
Client Secret assigned to the user via Dynamic Registration |
|
Code |
Authorization Code that generated after customer login. |
|
Grant-Type |
The OAuth 2.0 method defines four base grant types. The Garanti BBVA API Store expects Authorization Code grant type. |
|
Redirect-URI |
The access token is redirected to this URI. Has to be one of the URLs declared in Dynamic Registration request. |
|
Response Access Token |
|
|---|---|
|
access_token |
This field shows Access Token |
|
refresh_token |
This field shows Refresh Token |
Sample Request
grant_type=authorization_code&code=MqeB904a50WU3KiihFJE&client_id=rsVRcZkO1pHC6xMpxfpu&client_secret=MudauvmcWwJg2UFn7gGG&redirect_uri=https://www.TPPurl.com
Sample Response
{
"access_token": "FbXPYR3PgkBK4UzpzwmJ",
"refresh_token": "GqzeyuTgXqxWba5BJcQBArf47xYhyrkEJmp4YrQR"
}
Refresh Token
A refresh token is a special kind of token used to obtain a renewed access token. You can request new access tokens until the refresh token is expired.
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
Refresh Token Generation |
|
Version |
V0 |
|
Description |
Generation of Refresh Token in return of Valdation Access token is denied |
|
Pre-Conditions |
HTTP POST method is allowed. |
|
Endpoint |
|
|---|---|
|
URI |
/cards/service/refreshtoken/v0 |
|
Base URL |
https://apis.garantibbva.com.tr:443 |
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
content-Type |
String |
Mandatory |
application/json |
|
accept |
String |
Mandatory |
application/json |
|
Refresh Token Request Parameters |
|
|---|---|
|
Client-ID |
Client ID assigned to the user via Dynamic Registration. |
|
Client-Secret |
Client Secret assigned to the user via Dynamic Registration |
|
Token |
Refresh token that generated after Access token. |
|
Grant-Type |
The OAuth 2.0 method defines four base grant types. The Garanti BBVA API Store expects Refresh Token grant type. |
|
Response Refresh Token |
|
|---|---|
|
access_token |
This field shows Access Token |
|
refresh_token |
This field shows Refresh Token |
Sample Request
grant_type=refresh_token&code=MqeB904a50WU3KiihFJE&client_id=rsVRcZkO1pHC6xMpxfpu&client_secret=MudauvmcWwJg2UFn7gGG&redirect_uri=https://www.TPPurl.com
Sample Response
{
"access_token": "FbXPYR3PgkBK4UzpzwmJ",
"refresh_token": "GqzeyuTgXqxWba5BJcQBArf47xYhyrkEJmp4YrQR"
}
Consents
Authorization (Client Credentials)
Creates a consent request at the ASPSP and gets information about consents
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
Authorization Code Generation |
|
Version |
V2 |
|
Description |
Generation of Authorization code in return of client id(api key ıd) and client secret(apı key secret) |
|
Pre-Conditions |
HTTP POST method is allowed. |
Endpoint Definition
HGS API’s development live and mock environments routing data
|
Endpoint |
|
|---|---|
|
URI |
/auth/oauth/v2/token |
|
Base URL |
|
|
Authorization Code Request Parameters |
|
|---|---|
|
Client-ID |
Enter the ID assigned to the user from the Garanti BBVA API Store. This is the same as the API key generated on the Portal via “Adding New Applications”. |
|
Client-Secret |
Enter the client secret assigned to the user from the Garanti BBVA API Store. This field is the same as the Key Secret. |
|
Redirect-Uri |
The access token is redirected to this URI. This field must be same as Callback URL on the Portal via “Adding New Applications”. |
|
Grant-Type |
The OAuth 2.0 method defines four base grant types. The Garanti BBVA API Store expects Client Credentials grant type |
|
Authorization Code Response |
|
|---|---|
|
access_token |
This field shows Access Token |
|
refresh_token |
This field shows Refresh Token |
|
expires_in |
This field shows expire time |
|
scope |
This field shows scobe |
Sample Request
grant_type=client_credentials&client_id=rsVRcZkO1pHC6xMpxfpu&client_secret=MudauvmcWwJg2UFn7gGG&redirect_uri=https://www.TPPurl.com
Sample Response
{
"access_token": "5c210aa0-47d3-4d8d-9f54-2238445304da",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "oob"
}
Consents Service Description
Creates a consent request at the ASPSP and gets information about consents
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
OSHY Consents |
|
Version |
V0 |
|
Synopsis |
OSHY Consents |
|
Description |
Creates a consent request at the ASPSP and gets information about consents. |
|
Pre-Conditions |
HTTP GET, POST method is allowed. |
|
Authentication |
OAuth 2.0 with Authorization Code, Client Credentials |
Endpoint Definition
HGS API’s development live and mock environments routing data
|
Endpoint |
|
|---|---|
|
URI |
/cc/service/consents/v0/ |
|
Base URL |
|
Technology
|
Technology Stack / DESIGN TIME |
|
|---|---|
|
Property |
Value |
|
HTTP Call Method |
GET,POST |
|
Response Content Type |
application/json; charset=utf-8 |
APIS
Create Consent
Creates a consent request at the Bank. Method is POST.
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
TPP-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
TPP-Name |
String |
Mandatory |
Name of the TPP |
|
TPP-Redirect-URI |
String |
Mandatory |
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandatory for response link scaOAuth field. |
|
Authorization |
String |
Mandatory |
OAuth 2.0 with Client Credentials |
|
Request Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
recurringIndicator |
Boolean |
Mandatory |
true, if the consent is for recurring access to the product data false, if the consent is for one access to the product data |
||
|
validationDate |
ISODate |
Mandatory |
This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. |
||
|
frequencyPerDay |
Integer |
Mandatory |
This field indicates the requested maximum frequency for an access per day |
||
|
tranBeginDate |
ISODate |
Mandatory |
This parameter is requesting a begin date for the requested consent. If a data less than begindate is requested, it is rejected. |
||
|
tranEndDate |
ISODate |
Mandatory |
This parameter is requesting a end date for the requested consent. If a data more than enddate is requested, it is rejected. |
||
|
authorityConsentList |
AuthorityID |
List |
String |
Mandatory |
This field indicates customer authority |
|
authorityAttributeName |
List |
String |
Conditional |
If the authority has a attribute, this field must be full with attribute name |
|
|
AuthorityAttribute |
List |
String |
Conditional |
If authorityAttributeName is full,authorityAttribute must be full |
|
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Location |
String |
Mandatory |
Location of the created resource (if created) |
|
X-Request-ID |
UUID |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
ASPSP-SCA-Approach |
String |
Mandatory |
REDIRECT |
|
Content-Type |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
consentStatus |
String |
Mandatory |
Authentication status of the consent |
|
consentId |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
|
creationEndTime |
String |
Mandatory |
Creation time of consentId. |
|
strongIdType |
String |
Mandatory |
Deadline when consent can be withdrawn into active status. |
|
consentId |
String |
Mandatory |
The field indicating the strong authentication method. |
|
_links |
Links |
Mandatory |
A list of hyperlinks to be recognised by the TPP. Type of links admitted in this response; "scaOAuth": The link which must be used for PSU login. After login is completed, PSU will be redirected to next stage, consent approval Product list. |
Sample Request
{
"recurringIndicator": false,
"validationDate": "2020-12-31",
"frequencyPerDay": 1,
"authorityConsentList": [
{
"authorityID": "HGSBALANCE"
},
{
"authorityID": "HGSTRANSACTIONINFO"
},
{
"authorityID": "HGSPRODUCTINFO"
}
]
}
Sample Response
{
"consentStatus": "WAITING",
"consentId": "ea975520-049d-4db7-b7e4-6ca5f467f222",
"consentCreateTime": "2021-06-17 15:56:00.631",
"creationEndTime": "2021-06-18 00:00:00.0",
"strongIdType": "Y",
"links": {
"scaOAuth": {
"href": "https://gboshymusteririzasi-d.fw.garantibbva.com.tr/psd2/login/landing?response_type=code&client_id=0N9t6vLtjI6YihLI95kS&scope=hgs&consent_id=ea975520-049d-4db7-b7e4-6ca5f467f222&redirect_uri=https://www.trendyol.com.tr"
},
"self": {
"href": "/consents/ea975520-049d-4db7-b7e4-6ca5f467f222"
},
"status": {
"href": "/consents/status"
}
}
}
Consent Product List
After the Access token, Returns the content of a consent object. With this API, the consent status becomes A. Method is POST
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Consent-ID |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure. |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
Authorization |
String |
Mandatory |
OAuth 2.0 with Authorization Code. |
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Content-Type |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
consentId |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
||
|
recurringIndicator |
Boolean |
Mandatory |
true, if the consent is for recurring access to the product data false, if the consent is for one access to the product data |
||
|
validationDate |
ISODate |
Mandatory |
This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. |
||
|
frequencyPerDay |
Integer |
Mandatory |
This field indicates the requested maximum frequency for an access per day |
||
|
authorityConsentList |
ProductId |
List |
String |
Mandatory |
This field indicates customer product |
|
AuthorityID |
List |
String |
Mandatory |
This field indicates customer authority |
|
|
authorityFLAG |
List |
Boolean |
Mandatory |
This field indicates customer authority flag |
|
Sample Response
{
"consentId": "888888888888888888888888888888888888",
"recurringIndicator": true,
"validationDate": "2020-12-15",
"frequencyPerDay": 15,
"authorityConsentList": [
{
"productId": "9",
"authorityID": "HGSBALANCE",
"authorityFLAG": true
},
{
"productId": "8",
"authorityID": "HGSTRANSACTIONINFO",
"authorityFLAG": true
},
{
"productId": "9",
"authorityID": "HGSTRANSACTIONINFO",
"authorityFLAG": true
}
]
}
Consent Get Status
Check the status of an account information consent. Method is GET.
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
| Consent-ID | String | Mandatory | Identification of the consent resource as it is used in the API structure |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Content-Type |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
consentStatusList |
ConsentId |
List |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
|
authorityID |
List |
String |
Mandatory |
This field indicates customer authority |
|
|
consentStatus |
List |
String |
Mandatory |
Authentication status of the consent |
|
Sample Response
{
"consentStatusList": [
{
"consentID": "888888888888888888888888888888888888",
"authorityID": "HGSPRODUCTINFO",
"consentStatus": "WAITING"
},
{
"consentID": "888888888888888888888888888888888888",
"authorityID": "HGSBALANCE",
"consentStatus": "ACTIVE"
},
{
"consentID": "888888888888888888888888888888888888",
"authorityID": "HGSTRANSACTIONINFO",
"consentStatus": "ACTIVE"
}
]
}
Consent Read
Returns the content of a consent object. Method is GET.
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
| Consent-ID | String | Mandatory | Identification of the consent resource as it is used in the API structure |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
Authorization |
String |
Mandatory |
OAuth 2.0 with Authorization Code. |
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Content-Type |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
||||||
|---|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|||
|
consentId |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
|||
|
recurringIndicator |
Boolean |
Mandatory |
true, if the consent is for recurring access to the product data false, if the consent is for one access to the product data |
|||
|
validationDate |
ISODate |
Mandatory |
This parameter is requesting a valid until date for the requested consent. The content is the local Bank date in ISODate Format, e.g. 2017-10-30. |
|||
|
frequencyPerDay |
Integer |
Mandatory |
This field indicates the requested maximum frequency for an access per day |
|||
|
authorityConsentList |
ProductId |
List |
String |
Mandatory |
This field indicates customer product |
|
|
AuthorityID |
List |
String |
Mandatory |
This field indicates customer authority |
||
|
authorityFLAG |
List |
Boolean |
Mandatory |
This field indicates customer authority flag |
||
Sample Response
{
"consentId": "888888888888888888888888888888888888",
"recurringIndicator": true,
"validationDate": "2020-12-15",
"frequencyPerDay": 15,
"authorityConsentList": [
{
"productId": "9",
"authorityID": "HGSBALANCE",
"authorityFLAG": true
},
{
"productId": "8",
"authorityID": "HGSTRANSACTIONINFO",
"authorityFLAG": true
},
{
"productId": "9",
"authorityID": "HGSTRANSACTIONINFO",
"authorityFLAG": true
}
]
}
Consent Delete
Delete can be done in 4 different ways. Method is POST
- If you send only the consent ID without filling the body field, that consent ID will only be completely disabled.
- If you fill in consent id and authority id and send it, the authority you sent under that consent will only be inactive.
- If you fill in consent id and product id and submit, the authorization of the product you sent under that consent will be revoked.
- If you fill in the consentID, authorityID and productID and send them, the authority of the products under that consent will be revoked.
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Consent-ID |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure. |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
Authorization |
String |
Mandatory |
OAuth 2.0 with Authorization Code. |
|
Request Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
authorityConsentList |
AuthorityID |
List |
String |
Optional |
The authority ID information to be deleted can be written.. |
|
ProductId |
List |
String |
Optional |
The Product ID information to be deleted can be written.. |
|
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
UUID |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Content-Type |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Consentstatus |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
Sample Request
{
"authorityConsentList": [
{
"authorityID": "HGSTRANSACTIONINFO"
}
]
}
Sample Response
{
"consentStatus": "Delete Success"
}
Transaction
List of Transactions
Transaction List works for only one product at a time. It is listed if there is any transaction in the relevant date range.
|
API Profile |
|
|---|---|
|
Attribute |
Value |
|
Name |
Transaction List |
|
Version |
V0 |
|
Description |
List of transactions for a particular product |
|
Pre-Conditions |
HTTP POST method is allowed. |
Endpoint Definition
|
Endpoint |
|
|---|---|
|
URI |
/cards/hgs/service/v0/txnlist |
|
Base URL |
|
|
Request Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Consent-ID |
String |
Mandatory |
Identification of the consent resource as it is used in the API structure |
|
Client-ID |
String |
Mandatory |
TPP's Client ID, generated in Dynamic Registration. |
|
Client-Secret |
String |
Mandatory |
TPP's Client Secret, generated in Dynamic Registration. |
|
Client-ID-Portal |
String |
Mandatory |
TPP's Client ID Portal, value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan. |
|
Authorization |
String |
Mandatory |
OAuth 2.0 with Authorization Code. |
|
Request Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
productId |
String |
Mandatory |
HGS product number |
||
|
debitCreditInd |
String |
Optional |
Credit debt indicator (A or B) |
||
|
sortOption |
String |
Optional |
The order in which transactions are listed (If this area remains empty, then transactions come in ascending order) |
||
|
scrollAmount |
Int |
Optional |
Determining the number of transactions to be listed |
||
|
orderByFieldNum |
Int |
Conditional |
Content of transactions to be listed (1: Transitional movements, 2: Balance uploads, 3: Both Transitional movements and Balance uploads) |
||
|
startInstanceId |
String |
Mandatory |
Transaction start date to return to |
||
|
stopInstanceId |
String |
Mandatory |
Transaction end date to return to |
||
|
authorityList |
authorityID |
List |
String |
Mandatory |
Authorization permission indicator |
|
Response Header |
|||
|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
|
Content-Type |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
X-Request-ID |
String |
Mandatory |
ID of the request, unique to the call, as determined by the initiating party. |
|
Consent-ID |
String |
Mandatory |
application/json;charset=UTF-8 |
|
Response Body |
|||||
|---|---|---|---|---|---|
|
Attribute |
Type |
Condition |
Description |
||
|
productId |
List |
String |
Mandatory |
HGS product number |
|
|
vehicleClassId |
List |
String |
Mandatory |
Vehicle class id of the product |
|
|
|
plateTextValue |
List |
String |
Mandatory |
Plate text value of the product |
|
accountUnitNum |
List |
Int |
Mandatory |
Unit num of the product |
|
|
hgsProductInfo List |
accountNum |
List |
Int |
Conditional |
Account num of the product (if not connected to credit card) |
|
cardNumber |
List |
String |
Conditional |
Card number of the product (if connected to credit card) |
|
|
|
emailAddressTextValue |
List |
String |
Mandatory |
Email address text of the product |
|
autoPymntAmnt |
List |
Double |
Mandatory |
Auto payment amount of the product |
|
|
|
minPaymentAmnt |
List |
Double |
Mandatory |
Minimum payment amount of the product |
|
mobilePhoneNum |
List |
Long |
Mandatory |
Mobile phone number of the product |
|
|
|
balanceAmount |
List |
Double |
Mandatory |
Balance amount of the product |
|
statuText20 |
List |
String |
Mandatory |
Statu value of the product |
|
|
productId |
List |
String |
Mandatory |
HGS product number |
|
|
transactionAmount |
List |
Double |
Mandatory |
Vehicle class id of the product |
|
|
|
debitCreditInd |
List |
String |
Mandatory |
Plate text value of the product |
|
entranceTs |
List |
String |
Mandatory |
Unit num of the product |
|
|
txnList |
departureTs |
List |
String |
Conditional |
Account num of the product (if not connected to credit card) |
|
entrancMtrwyTextLength |
List |
Int |
Conditional |
Entrance motorway text length of the transaction (if it is a transaction, this field will not be empty) |
|
|
|
entrancMtrwyTextValue |
List |
String |
Mandatory |
Entrance motorway text value of the transaction (if it is a transaction, this field will not be empty) |
|
departrMtrwyTextLength |
List |
Int |
Mandatory |
Departure motorway text length of the transaction (if it is a transaction, this field will not be empty) |
|
|
|
departrMtrwyTextValue |
List |
String |
Mandatory |
Departure motorway text value of the transaction (if it is a transaction, this field will not be empty) |
|
explanationText35 |
List |
String |
Mandatory |
Explanation text of the transaction |
Sample Request
{
"productId": "1106507250",
"debitCreditInd": "",
"sortOption": "ASC",
"scrollAmount": 0,
"orderByFieldNum": 1,
"startInstanceId": "2015-04-24 18:55:31.025370",
"stopInstanceId": "2016-04-24 18:55:31.025370",
"authorityList": [
{
"authorityID": "HGSTRANSACTIONINFO"
},
{
"authorityID": "HGSPRODUCTINFO"
}
]
}
Sample Response
{
"hgsProductInfo": {
"productId": "1106507250",
"vehicleClassId": "05",
"plateTextValue": "77RGN77",
"accountUnitNum": 295,
"accountNum": 5881663,
"cardNumber": "",
"emailAddressTextValue": "UTKUERKAL@GMAIL.COM",
"autoPymntAmnt": 100,
"minPaymentAmnt": 100,
"mobilePhoneNum": 905355633965,
"balanceAmount": 480.15,
"statuText20": "Ürün Verildi"
},
"txnList": [
{
"productId": "1106507250",
"transactionAmount": 50,
"debitCreditInd": "B",
"entranceTs": "2015-04-22-14.46.27.000001",
"departureTs": "0001-01-01-01.01.01.000001",
"entrancMtrwyTextLength": 50,
"entrancMtrwyTextValue": "",
"departrMtrwyTextLength": 50,
"departrMtrwyTextValue": "HAREM",
"explanationText35": "Geçiş(İDO)"
}
]
}
Return Codes & Error Handling
|
Code |
Description |
Type |
|---|---|---|
| 200 | OK | SUCCESS |
| 400 | Invalid Request | MISSING PARAMETERS |
| 401 | Invalid Credentials | UNAUTHORIZED |
| 405 | {http.method} Method Not Allowed | CALL METHOD ERROR |
| 429 | API plan limit exceeded | RATE LIMITING |
| 500 | Internal Server Error | SYSTEM ERROR |
Return Messages
|
CODE |
RETURN RESPONSE |
|---|---|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E001",
"apiResponseInfo": " ConsentID field length must be 36 characters!"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E003",
"apiResponseInfo": "Error Max Character. Server was unable to process request : CustomerNum"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E004",
"apiResponseInfo": "This field can not be empty : ProductID"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E005",
"apiResponseInfo": "Error Max Character. Server was unable to process request : ProductID"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E006",
"apiResponseInfo": "Missing request body AuthorityID for method parameter of type String"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E007",
"apiResponseInfo": "Error Max Character. Server was unable to process request : AuthorityID"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E008",
"apiResponseInfo": "Missing request body authorityFLAG for method parameter of type String"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E009",
"apiResponseInfo": "Error authorityFLAG. authorityFLAG must be true"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E010",
"apiResponseInfo": "Error authorityAttribute. If authorityAttributeName is null, authorityAttribute must be null"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E011",
"apiResponseInfo": "Error authorityAttributeName. If authorityAttribute is null, authorityAttributeName must be null"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E012",
"apiResponseInfo": "Error Max Character. Server was unable to process request : AuthorityAttributeName"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E013",
"apiResponseInfo": "Error Max Character. Server was unable to process request : AuthorityAttribute"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E014",
"apiResponseInfo": "Error Max Character. Server was unable to process request : ClientID"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E015",
"apiResponseInfo": "Error Max Character. Server was unable to process request : ClientIDPortal"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E016",
"apiResponseInfo": "Error Max Character. Server was unable to process request : TPPID"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E017",
"apiResponseInfo": "Error Max Character. Server was unable to process request : TPPName"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E020",
"apiResponseInfo": "Error Max Character. Server was unable to process request : FrequencyPerDay"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E022",
"apiResponseInfo": "Error frequencyPerDay.If recurringIndicator is false, frequencyPerDay must be 1"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E023",
"apiResponseInfo": "Error Valid Date. Server was unable to process request : validationDate"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E024",
"apiResponseInfo": "Unrecognised Field : AuthorityFlag"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E025",
"apiResponseInfo": "The same authorityId must only be sent once "
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E026",
"apiResponseInfo": "Unrecognised Field : authorityFLAG"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E027",
"apiResponseInfo": "Unrecognised Field : authorityAttributeName"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E028",
"apiResponseInfo": "Unrecognised Field : authorityAttribute"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E029",
"apiResponseInfo": "This AuthorityID not found : ZZZZZ"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E031",
"apiResponseInfo": "Error ConsentID OR consentStatus OR authorityID OR authorityName! ConsentID :XXXXXXX..XXX Authority ID:YYYYYYY AuthorityName:ZZZZ"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E032",
"apiResponseInfo": "Error ConsentID OR ClientID! ConsentID :XXXXXXXXX..XX ClientID: YYYYYYYY…..Y"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E033",
"apiResponseInfo": "Consent Status is not Waiting For Consent ID :XXXXXXX ClientID: YYYYYYYYYYY…Y"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E040",
"apiResponseInfo": "Error Valid Date. Server was unable to process request : tranEndDate"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E041",
"apiResponseInfo": "Error valid date. Server was unable to process request (mount) : tranBeginDate"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E042",
"apiResponseInfo": "tranEndDate can not be smaller than tranBeginDate!"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E043",
"apiResponseInfo": "Validation Parameter is not found for AuthorityID : "+authorityConsent.getAuthorityID”
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E044",
"apiResponseInfo": "Validation date cannot be greater than "X" days from today's date"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E045",
"apiResponseInfo": "Customer number cannot be empty"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E046",
"apiResponseInfo": "Product id cannot be empty"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E047",
"apiResponseInfo": "Only one product must be selected"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E048",
"apiResponseInfo": "Start date cannot be greater than end date"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E049",
"apiResponseInfo": "Date format is incorrect"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E050",
"apiResponseInfo": "Date range cannot be longer than 1 year"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E051",
"apiResponseInfo": "Date information entered incorrectly"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E052",
"apiResponseInfo": "Customer has no consent for this product"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E053",
"apiResponseInfo": "Authority request cannot be empty"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E054",
"apiResponseInfo": "Invalid authority id"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E055",
"apiResponseInfo": "Product has no authority"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E056",
"apiResponseInfo": "Product has no authority for HgsTransactionInfo"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E057",
"apiResponseInfo": "Product has no authority for HgsProductInfo"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E058",
"apiResponseInfo": "HGS product list service call error"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E059",
"apiResponseInfo": "HGS transaction list service call error"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E060",
"apiResponseInfo": "HGS product list main service error"
}
}
}
|
| 400 |
{
"apiError": {
"code": 400,
"info": "Bad Request",
"apiResponse": {
"apiResponseCode": "E061",
"apiResponseInfo": "HGS transaction list main service error"
}
}
}
|
-
API URL : https://gbcadt02.fw.garanti.com.tr:8443
-
-
-
-
-