News & Announcements

November 2020

App to App Redirection

Following the launch of the new Bank of Ireland mobile banking app, customers can now authenticate for Open Banking using new App to App and Browser to App Redirection.

Further details as well as FAQs can be found in the Open Banking Enhancements PDF download here.

eIDAS and OB certs, and the impact of Brexit

Following announcements from the EBA and FCA, Bank of Ireland is providing the following guidance to TPPs in the event of a hard Brexit.

• BOI (Republic of Ireland) will continue to only accept eIDAS certificates for the purposes of identification. As per the current EBA guidance (subject to the ongoing political process), only TPPs authorised in the EU will be permitted access
• BOI (United Kingdom) will follow the FCA guidance (upon its completion) and will continue to accept both Open Banking and eIDAS certificates. We note that eIDAS certificates issued to UK-authorised TPPs are due to be revoked in the event of a hard Brexit
• TPPs who subsequently need to change certificates are advised that if this results in a change to the Distinguished Name (DN), they will have to re-register with a new client ID. This will invalidate all pre-existing long-lived consents. Further details on changing certificates is in the table below, and details on how to register through DCR are available on the BOI Developer Portal. NB. There is no need to re-register for certificate rotation when the DN does not change (e.g. certificate renewal)

We advise any TPPs thinking of onboarding with BOI to only use certificates which will be valid after 31 December, i.e. eIDAS with an EU authorisation for BOI ROI, and OB ETSI or Legacy for BOI UK.

Source Cert	Target Cert	Rules	TPP re-registration & PSU re-auth required
eIDAS	eIDAS	DN will be the same upon renewal. There will be no need to re-register. The TPP simply uses their new cert as normal.	No
eIDAS	eIDAS (DN Change)	If DN has changed since the last cert was issued, either by the same QTSP or by the TPP moving to a new QTSP. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
eIDAS	OB Legacy	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
eIDAS	OB ETSI	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
OB Legacy	eIDAS	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
OB Legacy	OB ETSI	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
OB Legacy	OB Legacy	DN will be the same upon renewal. There will be no need to re-register. The TPP simply uses their new cert as normal.	No
OB ETSI	OB Legacy	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
OB ETSI	eIDAS	DN will be different. TPPs will need to re-register a new client id with Bank of Ireland. This will also invalidate all pre-existing long lived consents.	Yes
OB ETSI	OB ETSI	DN will be the same upon renewal. There will be no need to re-register. The TPP simply uses their new cert as normal.	No

Support for consumer credit cards (UK only)

Following the sale of the Bank of Ireland UK consumer credit card portfolio, these accounts will no longer be available for access through Open Banking through Bank of Ireland. Jaja Finance are now fully responsible for all regulatory commitments, including access to accounts for PSD2.

• April 2020

  Manual on-boarding and the TPP Portal

  Bank of Ireland would like to provide notification to TPPs that we will be retiring manual on-boarding and our TPP Portal on 6 July 2020. This is in line with current OBIE standards regarding on-boarding via RS256. TPPs will still be able to register via our Dynamic Client Registration endpoint which supports PS256 only.

• March 2020

  Statements AIS live for UK

  This endpoint is available for customers using their 365 online credentials. NB. Statements are not available on Business On Line, and are therefore not supported through the API endpoint.

  Future-dated (scheduled) payments live for ROI

  This endpoint is available for customers using their 365 online credentials. This functionality is already available for UK customers.

  User credentials and eIDAS support after the FCA Adjustment Period (UK only)

  • User credentials will not change and SCA was not implemented on 365 online on 14 March 2020. As a result, access will remain available via screen-scraping. TPPs will be able to identify themselves through a Fallback Solution. Please see the FAQs for details on how to use the Fallback Solution
  • The date for user credential change on 365 online will be published here in advance of the change
  • The Bank will continue to support OBIE certificates after the Adjustment Period in line with FCA guidance. An eIDAS certificate must be uploaded to the OB Directory
• December 2019
   
  BOL payments live for UK

  PIS (single immediate domestic) is also now available for customers using the Business On Line (BOL) channel.

  Summary of functionality

  API functionality support is described below. All PSD2 in-scope products are supported.

  Republic of Ireland:

  • AIS through 365 and Business On Line
  • PIS single immediate domestic, through 365 and Business On Line

  UK:

  • AIS through 365 and Business On Line
  • PIS single immediate and future-dated domestic, through 365. Single immediate domestic through Business On Line

  Discovery Endpoint change (UK only)

  The BOI Developer Portal has included updated Discovery Endpoint URIs for several months, but we are aware that they were incorrect on some locations in the OB Directory and Confluence. The correct URIs can be found here. See the section titled ‘OIDC .well-known endpoint URL’.

  365 online user credentials (UK only)

  Throughout the FCA’s Adjustment Period, 365 online credentials will not change. It will still be possible to use screen-scraping to access data without the customer being present. Full details and timeframes on credential changes will be published here, and on the OBIE transparency calendar.

• November 2019
   
  API support for Bank of Ireland (Republic of Ireland)

  PIS is also now available for ROI customers using the Business On Line (BOL) channel.
  AIS and PIS services are now available for all ROI customers using our 365 and BOL channels.
  BOI ROI is a separate legal entity on the OBIE Directory, and TPPs will need to on-board separately, even if they have already onboarded for BOI UK. In order to onboard with BOI ROI, an eIDAS certificate is required.

• August 2019
   
  API support for Bank of Ireland (Republic of Ireland)

  AIS and PIS is now available for ROI customers using the 365 online channel. AIS is also now available for ROI customers using the Business On Line (BOL) channel. BOI ROI is a separate legal entity on the OBIE Directory, and TPPs will need to on-board separately, even if they have already onboarded for BOI UK. In order to onboard with BOI ROI, an eIDAS certificate is required.

  Business banking access through the dedicated business channel (UK only)

  TPPs can now use a new authorisation URL for customers to authenticate using their Business On Line (the dedicated business website / channel) user ID and credentials. This channel provides enhanced business banking support.

  New authentication URL for the 365 channel (UK only)

  TPPs should use the new authentication URL to access the 365 channel (https://auth.obapi.bankofireland.com/oauth/as/b365/authorization.oauth2). Onboarded TPPs are advised to change by the end of August at the latest. This change is to support the additional business channel.

  Addition of credit cards to AISP (UK and ROI)

  Consumer (365) and Commercial (365 & Business On Line) credit cards are now available for AISP.

  Transaction ID available for AIS (UK and ROI)

  Transaction ID for AISP for current accounts, as detailed in the OBIE API specifications, is now supported. Transaction ID for credit cards will be added at a later date.

  Further details as well as FAQs can be found in the Open Banking Enhancements PDF (download here) and in our Developer Portal.

• May 2019

  New Authentication URL

  Bank of Ireland would like to notify TPPs of a forthcoming change to the authentication URL. New TPPs should use the new authentication URL. Onboarded TPPs are advised to change immediately, and to do so by the end of August at the latest.

  • New authentication URL https://auth.obapi.bankofireland.com/oauth/as/b365/authorization.oauth2 is now available.
  • Current authentication URL https://auth.obapi.bankofireland.com/oauth/as/authorization.oauth2 will re-direct to the new URL for now, but is expected to be deprecated in September 2019.

  Support is available via the Contact Us form in the Developer Portal.

• April 2019

  API Releases

  Bank of Ireland has now upgraded production APIs to version 3.0 of the OBIE specifications.

  • AIS v3.0, PIS v3.0 and Dynamic Client Registration (DCR) v1.2 are supported in the production environment and in the Sandbox.
  • CBPII v3.0 and Credit Cards in AIS v3.0 are not yet available.
  • Please see the BOI OBIE Calendar for an up-to-date schedule of forthcoming releases.

  All TPPs can now onboard to both our Sandbox and API Platform using the Dynamic Client Registration API. Full details are in the Developer Hub.

  Please visit our Contact Us page if you have any questions or require support.

  API Deprecation

  AIS v1.1. have been deprecated

• March 2019

  Upgrade to Version 3.0 APIs

  Bank of Ireland’s schedule for upgrading APIs to version 3 of the OBIE specification, and decommissioning older versions, is as follows:

  • Deprecation of AIS v1.1 – 13 April
  • Support for AIS v3, PIS v3 and Dynamic Client Registration (DCR) v1.2 in live environment – 18 April
  • Please note, on 18 April, AIS v3 will not yet support Credit Cards
  • To access production APIs prior to 18 April, you can manually on-board through the Third Party Hub. After 18 April, you may use Dynamic Client Registration (full details in the Developer Hub)

  TPPs are advised to use AIS v2 and PIS v1.1 APIs for new registrations, and if already live, to upgrade to AIS v2 before 13 April. Documentation for AIS v2 and PIS v1.1 APIs is available here. Further details on AIS, PIS and CBPII v3.1 APIs, and support for Credit Cards AIS will be published at a later date on our calendar on Confluence and through the OB Service Desk.

  Access to Production APIs

  Before Dynamic Client Registration is available in production from 18 April, please use the Third Party Hub to manually on-board applications to access production APIs. Details on how access the Bank of Ireland Sandbox, including how to invoke the test DCR API, can be found in the Developer Hub.

  Sandbox launch

  The PSD2 Sandbox test facility and developer portal has been available since 14 March 2019. The Sandbox allows testing of AIS v3, PIS v3 and DCR v1.2 APIs, error events, messages and secure communication for Bank of Ireland UK and Republic of Ireland. The Sandbox also allows testing using test eIDAS certificates as well as OB legacy and OB-issued ETSI-profile certificates.

  For more information, please visit https://developer.bankofireland.com