Administrator's Guide Document : 1.1 2018-03-13 CUSTOMER
Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. EXAM PLE Keys on the keyboard, for example, F2 or EN TER. 2
Document History Date Change 1.1 March 13, 2018 Test data and examples added in chapter 4.1 3
Table of Contents 1 Use... 5 1.1 Functionality... 5 1.2 Note on Beta Shipment... 5 1.3 System Landscape... 5 2 Authentication and Authorization... 6 3 Accessing the APIs... 7 4 Consuming APIs... 8 4.1 SAP API Business Hub... 8 4.2 Used SAP Enterprise Services... 9 5 Code Samples... 11 6 Useful Links... 12 4
1 Use 1.1 Functionality enable banks to collaborate with external partners. The APIs enable customers to use Payment Service Providers (PSP) to execute transactions on their behalf enable Trusted Third Party Account Access under the Access to Accounts rule (XS2A) and initiate payments are delivered via a beta shipment with the aim of obtaining early feedback from customers. 1.2 Note on Beta Shipment Beta shipments are provided under a Test and Evaluation Agreement (TEA) and can be used for testing purposes only. Productive usage is not allowed and is not supported under the maintenance and support agreement. For any questions or feedback contact us directly at beta@sap.com. 1.3 System Landscape The APIs use: for deposits: banking services from SAP 9.0 for payments: SAP Payment Engine 8.0 5
2 Authentication and Authorization APIs are secured via SAP API Management with security features, such as API Key, OAuth and basic authentication. Additional interfaces are secured by SAP Cloud Platform means. Calls to back-end are secured by SAP Cloud Platform Destination and Cloud Connector capabilities. 6
3 Accessing the APIs For information on how to access and test APIs go to Getting started with the SAP API Business Hub. On the SAP API Business Hub, go to API package. 7
4 Consuming APIs You can consume the APIs by using the environment provided by SAP API Business Hub. To access the required data from the on-premise systems, the API implementation consumes the SAP Enterprise Services as listed in section 4.2. 4.1 SAP API Business Hub The APIs that are exposed via SAP API Business Hub run out of the box. The APIs are deployed as a SAP Cloud Platform application on a SAP Cloud Platform account. This account is connected to a SAP on-premise backend which provides some test data. For testing you may use the following data: The Payment Service User (PSU) with the user ID OID10051 that has the following bank accounts which Third Party Provides (TPPs) can access with the different roles AIS (Account Information Service), PIS (Payment Initiation Service) and PIIS (Payment Instrument Issuer Service): Current Account Current Account Savings Account IBAN DE4912345678000000000 DE87123456780000000002 DE06123456780000000005 7 Account Number 0000000002 0000000005 0000000007 Bank Routing Number 12345678 12345678 12345678 Bank Country DE DE DE UUID 17821816-8b13-1ee6-b1c0-00505682f1ce 54794730-8b50-1ee6-b1c0-00505682f1ce f8083a32-8b50-1ee6-b1c0-00505682f1ce Entitlement TPP0001 AIS, PIS and PIIS access AIS, PIS and PIIS access AIS and PIS access Entitlement TPP0002 no access rights AIS and PIS access AIS and PIS access Table 1: User ID OID10051 - Bank Accounts and Access Roles for TPPs TPP0001 and TPP0002 The Payment Service User (PSU) with user ID OID10071 that has the following bank accounts which Third Party Provides (TPPs) can access with the different roles AIS (Account Information Service), PIS (Payment Initiation Service) and PIIS (Payment Instrument Issuer Service): Time Deposits Current Account Current Account IBAN DE50123456780000000086 DE82123456780000002129 DE34123456780000004254 Account Number 0000000086 0000002129 0000004254 Bank Routing 12345678 12345678 12345678 Number Bank Country DE DE DE UUID 4cbcb0c6-d258-1ee6-b1f0-00505682f1ce 47f775ec-a132-1ee7-9fd8-005056a09f3a 84e4aa89-a5d0-1ee7-a5e4-005056a09f3a Entitlement TPP0001 AIS and PIS access AIS, PIS and PIIS access AIS, PIS and PIIS access Entitlement TPP0002 AIS and PIS access AIS and PIS access no access rights Table 2: User ID OID10071 - Bank Accounts and Access Roles for TPPs TPP0001 and TPP0002 The Payment Service User (PSU) with user ID OID1000012 that has no bank accounts. 8
Examples: For the header parameter TppName you can use the values TPP0001 and TPP0002 for TPPs which do have dedicated roles to access the bank accounts of the user IDs OID10051 and OID10071 as depicted in Table 1 and Table 2. The header parameter TppRoles specifies the roles of the TPP (as included in parameter TPPName). You need to provide the roles in a specific format: o ['AIS', 'PIS', 'PIIS'] means that the TPP acts in the roles AIS, PIS and PIIS o ['AIS', 'PIS'] means that the TPP acts in the roles AIS and PIS etc. To retrieve transactions via operation GET /account/{uuid}/transactions for API artifact Payment Services Directive 2 you can use 2017-01-01 as fromdate. To retrieve transactions via operation GET /accounts/{id}/transactions for API artifact Payment Services Directive 2 according to STET Definition you can use 2017-01-01T12:00:00.000Z as fromimputationdate. Please note: Any other TPP than TPP0001 or TPP0002 has unrestricted access to the given users and their bank accounts. The header parameters TppName, TppRoles and UserId do require input in the test environment. In a productive environment, this information will be taken from verified TPP certificates. 4.2 Used SAP Enterprise Services The application uses the following service operations from banking services from SAP 9.0: SAP_BS_FOUNDATION 748 http://sap.com/xi/sap_bs_fnd/fs-bp/global2 BusinessPartnerDataManagementManageBusinessPartnerIn RetrieveBusinessPartner Software Component Software Component FSAPPL 500 http://sap.com/xi/fs-trbk/global BankAccountContractProcessingQueryBankAccountContractOverviewRetrievaIIn FindOverviewRetrievalByElements_V1 FSAPPL 500 http://sap.com/xi/fs-trbk/global BankAccountContractProcessingManageBankAccountIn RetrieveActivityReport_V2 9
FSAPPL 500 http://sap.com/xi/fs-trbk/global BankAccountContractProcessingManageDepositAccountContractIn_V1 RetrieveDepositAccountContractByIdentifyingElements FSAPPL 500 http://sap.com/xi/fs-trbk/global BankAccountContractProcessingBankAccountPaymentEntryCalculationActionIn CalculatePaymentEntry FSAPPL 500 http://sap.com/xi/fs-trbk/global BankAccountContractProcessingManageCurrentAccountContractIn RetrieveCurrentAccountContractByIdentifyingElements_V1 The application uses the following service operations from SAP Payment Engine 8.0: PAY-ENGINE 400 http://sap.com/xi/fs-pe/global PaymentTransactionProcessingManagePaymentTransactionOrderIn CreateOrder PAY-ENGINE 400 http://sap.com/xi/fs-pe/global PaymentTransactionProcessingQueryPaymentTransactionOrderIn FindOrderByElements_V1 10
5 Code Samples Try out the API in the SAP API Business Hub. 11
6 Useful Links Content Documentation for the SAP Cloud Platform SAP API Business Hub: Getting Started URL https://help.sap.com/viewer/p/cp https://help.sap.com/viewer/p/sap_api_business_hub 12
www.sap.com/contactsap No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.