Bank of Ireland API Support FAQs

The Bank of Ireland Developer Hub provides technical specifications and API documentation to support you in using our APIs and sample API data so you can test your application during development. We currently provide the Open Banking Read/Write APIs that were developed by Open Banking Limited.

Register on the Bank of Ireland Developer Hub today to access the test facility and receive notification of any key changes.

Registration and Activation

• Who can access the Bank of Ireland Developer Hub?

  Everyone is welcome to access the Bank of Ireland Developer Hub. To use the test facility and access test data, you will need to register.

  We provide an API sandbox that can be used to test and mimic the characteristics of our production environment for all APIs our interface relies on – you will need to provide Open Banking and/or eIDAS Certificates to access this site.

  Access to the production environment will be for Third Party Providers (TPPs) who are authorised to operate as an AISP, PISP or CBPII by their National Competent Authority – you will need to provide Open Banking and/or eIDAS certificates to access this site.

• How do I start testing APIs in the Developer Hub?

  Read the Getting Started page on the Developer Hub which explains how you enrol to the Open Banking Directory and how you onboard to Bank of Ireland to start using our APIs.

• I did not receive my activation email from Bank of Ireland.

  There are two things you can check before contacting us:

  • Check your spam folder for the email.
  • Check that you typed the correct email address by filling out the registration form again. If the email address was correct a message will display notifying you that your email is already registered.

  If you still have not received your activation email please contact us by completing the Contact Us form.

• My activation link has expired.

  By clicking on the activation link in the email you received during the registration process, you will be re-directed to the Bank of Ireland Developer Hub where you can request a new activation link.

• I did not receive a password reset email for the Bank of Ireland Developer Hub.

  If you did not receive a reset password email please check the following:

  • The email address matches the email used when registering.
  • Your spam folder, if you don’t see the email in your inbox.
• I forgot my password.

  You can reset your password by clicking the ‘Forgot password’ link on the Developer Hub login page.

• Where can I find details of how BOI’s API implementation may differ from the OB standards, or other information on BOI’s online capabilities which may be important to third parties?

  Details on how BOI’s API implementation may differ from the OB standards can be found in our API Documentation.

• What is a Software Statement Assertion (SSA)?

  Software Statement Assertion (SSA) contains client metadata. SSA is of two types OB-SSA and Non-OB SSA. The JWT must be issued and signed by Open Banking for Production. For our Sandbox a TPP can use an unsigned SSA (Non-OB SSA).

• What should be checked initially if issue is faced with certificates?

  The Key IDs used in certificates should be valid and associated to the application being on boarded on OB portal. Also TPP must check for the certificates validity, expiry dates and the active certificates and the ones those are revoked.

• Which algorithm should be used in Software Statement Assertion?

  It must be PS256. For Sandbox, non-OB SSA this field should be set to “NONE”.

• What type of SSA are supported in Sandbox and CMA?

  Sandbox supports both OB SSA and Non-OB SSA, while CMA Production supports only OB SSA.

• What is the difference between an OB-SSA and Non-OB SSA?

  OB-SSA is the one that is issued and signed by OB and Non-OB SSA is an unsigned SSA. Also, the formats for payload data and headers are different for both.

• Which algorithm should be used for signing the request?

  The request must be signed by only PS256.

• What value should be kept for the kid (Key ID passed in header) used?

  The kid should be kept as the thumbprint of the signing certificate used.

• When should the x5c parameter should be used in the request?

  The x5c parameter is the public certificate of the QSEAL (signing certificate). Only to be populated when non-OB SSA is used in the request claims.

• Is the “application_type” field used in request body case sensitive?

  Yes, it is a case sensitive field and should be populated as “application_type”: “WEB”.

• What should be the value for “iss” field in the request body?

  It should be same as the client id being used and must be equal to the “software_id” field.

• What are the ideal values for field “tls_client_auth_dn” ?

  This field should be populated with the values present in the Subject DN field of the transport certificate (QWAC/OBWAC) used.

• What are the grant types to be passed in DCR request body?

  Field grant_types is a JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. The various grant types are "authorization_code", "refresh_token", "client_credentials“.

• What is the DCR registration endpoint for Sandbox?

  The registration endpoint for sandbox is https://api-sandbox.bankofireland.com/1/api/open-banking/v1.2/register

Test – Sandbox APIs

• How do I access the Bank of Ireland Sandbox?

  Full details of how to access the Bank of Ireland Sandbox and the API specifications, including how to invoke the Dynamic Client Registration API, can be found in the Developer Hub.

• What are the benefits of using the Bank of Ireland Sandbox?

  Some benefits to using the Bank of Ireland Sandbox include:

  1. Access to both ROI and UK APIs as both APIs use the same technical specifications & standards.
  2. By using the Bank of Ireland Sandbox you are using the same Open Banking Read/Write API specifications as the other CMA9 / UK ASPSPs (straight forward integration).
• What APIs are currently available to test in the Bank of Ireland Sandbox?

  We currently provide technical specifications and API documentation for the Open Banking Read/Write APIs as specified by Open Banking Limited. This covers three categories of API:

  1. Account Information Services APIs

  Provide access to the account information of bank customers, subject to customer authorisation.

  2. Payment Initiation Service APIs

  Provide the ability to initiate payments directly from the accounts of bank customers, subject to customer authorisation.

  3. Confirmation of Funds APIs

  Provide the ability to perform fund check requests for customer bank accounts, subject to customer consent.

• Where can I find more information on the APIs provided by Bank of Ireland?

  You can find out more information on Open Banking read / write APIs through our technical specifications and API documentation on the Bank of Ireland Developer Hub. Developers can access this by selecting the ‘Access API Documentation’ option on the Bank of Ireland Developer Hub overview page.

• Can I test my applications with Bank of Ireland APIs?

  The Bank of Ireland Sandbox provides API documentation to support you in using our sample API data so you can test your applications during development.

• How often can I test in the Bank of Ireland Sandbox?

  The restriction in place for testing each application is 500 requests per hour, per API.

• What sort of testing can I do in the Bank of Ireland Sandbox?

  You can test all APIs offered by Bank of Ireland, error events and messages, connecting with the bank, and the ability to exchange eIDAS and equivalent certificates.

  We have closely aligned our Sandbox test environment to our API Platform. Static or dynamic responses will be returned for each API. This capability will allow testing of API requests in order to validate how your application will handle the API responses.

• How can I access Open Banking’s Open Data APIs?

  You can access Open Banking’s Open Data APIs via the Open Banking website.

• I am unable to upload my Software Statement Assertion to Bank of Ireland.
  • Check that your Software Statement Assertion (SSA) conforms to the Open Banking Dynamic Client Registration specification.
  • Check that you are using the correct redirect URL that is registered with Open Banking in the SSA for that client id.
• Do I have to test my application in the Sandbox or can I go straight to the production environment?

  It is not mandatory that you test your application with our test APIs in the Sandbox. We strongly recommend that you do complete at least one test cycle with us.

Production APIs

• Where can I find a table of common error scenarios and actions to prevent errors?

  Refer to the attached file for a list of common error scenarios and actions.

  Error Types TableViewPrint
• Does my organisation have to be licensed to access the Open Banking Directory and production API environment?

  In order to use the production environment your entity needs to be regulated by your National Competent Authority (e.g. the Central Bank of Ireland in the Republic of Ireland or the FCA in the UK). You do not need to be regulated to access the Sandbox test environment.

• How do I access Bank of Ireland's Production APIs?

  In order to access Bank of Ireland’s production APIs, you must first register with Open Banking. You may then upload the Open Banking-generated software statement assertions and eIDAS certificates to Bank of Ireland, via the Dynamic Client Registration API to receive your client secret. Now you can start offering API services to customers.

• What Production APIs can I access as a registered Third Party Provider?

  We provide access to the Open Banking Read/Write APIs as specified by Open Banking Limited. This covers three categories of API:

  1. Account Information Services APIs

  Provide access to the account information of bank customers, subject to customer authorisation.

  2. Payment Initiation Service APIs

  Provide the ability to initiate payments directly from the accounts of bank customers, subject to customer authorisation.

  3. Confirmation of Funds APIs

  Provide the ability to perform fund check requests for customer bank accounts, subject to customer consent.

• Can I move my applications into production via my Bank of Ireland Developer Hub account?

  No, your applications cannot be moved. In both Sandbox & Production you need to use the Dynamic Client Registration API (DCR). Therefore the production version of DCR API must be used to onboard an application into production.

• Why was I rejected during Bank of Ireland Onboarding?

  There are a number of possible reasons why you may be rejected during Bank of Ireland onboarding. For example, incorrect SSA, wrong claims within an SSA, certificates invalid, certificates expired etc.

  As a result we would ask that you:

  • Please verify the SSA used for onboarding. Ensure that all appropriate details are provided.
  • Please ensure that your certificates are active, valid and signed by a competent authority.
  • Please verify that the implementation against the DCR API aligns with the Open Banking specifications.
• How long can Third Party Providers access data for once customer consent is in place?

  When accessing customer account information via Accounts APIs, the length of time you can access a customer’s data must be agreed between the Third Party Provider (TPP) and the customer. Consent can be long lived – however Bank of Ireland will need to re-authenticate customers at least every 90 days in order for us to continue providing access.

• Do I have to go through the enrolment to Open Banking process and the onboarding to Bank of Ireland process again if I have multiple applications?

  You need to update your profile on the Open Banking Directory and go through the dynamic onboarding to Bank of Ireland process again, upload the new certificates and SSA for the new application.

• How much does it cost to use the Bank of Ireland API service?

  There is no charge for using either the Sandbox or the production environment.

Accessibility

• Operating system and browser compatibility with the Developer Hub and the Sandbox.

  MS Windows

  • Version: Windows 8.1 (Windows 8.1 Update +) and Windows 10 (version 1607 anniversary update +)
  • Screen resolutions: 1024x768, 1366x768, 1600x900, 1920x1080
  • Browsers:
  • Google Chrome v45+
  • Microsoft Internet Explorer v11+

  Apple Mac

  • Version: OS 10.8+
  • Screen resolutions: iMac-1920x1080 and MacBook 1440x900
  • Browsers:
  • Google Chrome v45+
  • Safari v6.0+
• Do you recommend any particular browser and screen reader combination for using the Bank of Ireland Developer Hub?

  We recommend using the following combination:

  • Jaws v17+ with Internet Explorer 11+
• I am unable to upload my eIDAS certificate.

  Check that your NCA identifier and PSP authorisation number in the eIDAS certificate matches that of the NCA register. If the issue persists please contact the QTSP you procured it through.

I am having issues accessing the Bank of Ireland API Channel

• My customer is being told they have ‘no eligible accounts’ when selecting an account for account information or payment initiation, and they believe they should be able to select an account.

  Accounts will only be available to select if they are also visible and available in the bank’s online channels; 365 or Business On Line. Please ask your customer to check this first. Personal customers using their 365 user ID may receive this message if they have a joint account, but have not selected joint holder access for open banking services. If this is the case, please ask your customer to contact Bank of Ireland customer services. Business customers using their Business On Line ID may receive this message if the account administrator has not selected ‘Access to Third Party’, and/or allowed the individual user to ‘View Accounts’ (for AIS) or ‘Make Payments’ (for PIS). These options can be found in the Business On Line administrator area.

• API usability - Can’t access our APIs?

  There could be a number of reasons as to why you may not be able to access our APIs, please use the ‘Contact us Form’ if the issue persists.

• What is the Fallback solution?

  If our API Channel (or certain API functionality) is unavailable (for example, due to a systems breakdown), we will make available, a contingency mechanism (also known as a Fallback solution).

  This Fallback solution is available in the UK from 14 March 2020.

  In order to use the Fallback solution, you must fill out the following 'Notification for use of Fallback' form, and attach your eIDAS certificate.

  You must notify us of your intention to use the Fallback facility in line with regulatory obligations as follows:

  If you are a PISP you must notify us every time you are initiating a payment.

  If you are an AISP you must notify us every time you are logging in to access balance and transaction details on a payment account.

• How do I upload my eIDAS certificate?

  You must upload your QWAC certificate in a human readable format. To do that, you will have to:

  1. Convert the relevant base64 .pem file for the public certificate to text format such as in the example below:
     openssl x509 -in <<QWAC-cert-name.pem>> -– out<<QWAC-cert-name.txt>> - text-noout
  2. Save the resulting output to a .txt file.
  3. Upload the relevant file to Bank of Ireland when prompted.

  If you have completed the above steps and you are unable to upload your eIDAS certificate - please contact us by following this link.

• Once I have submitted the Notification for usage of Fallback form what do I do?

  Once you have informed us that you are using our contingency mechanism, you will need to ask the customer for their security credentials for their online channel (365, or BOL). Examples of security credentials include the customer’s username/ID, their password or answers to security questions.

Contact Us

• Who can I contact if I have further questions about the Developer Hub?

  You can submit a query via our contact us form.