API Overview - kinnay/ABN-Amro GitHub Wiki
Home > API Overview
This page explains general concepts about the API. For more specific information, visit the page that contains the list of services.
The API is provided at https://www.abnamro.nl, and is used by both the website and mobile apps. The request and response body are JSON-encoded.
Table of contents:
- Service versions
- Mobile app user agent
- API errors (general)
- API errors (session validation)
Service Versions
Some methods require an x-aab-serviceversion header that is set to the latest version of the method. This is indicated in this wiki where necessary.
Mobile App User Agent
The user agent of mobile applications is formatted as follows (including the brackets):
[App name]/[App version] [Brand name]/[Model name] [Platform name]/[Release name] [Installation id] [Account number] [Card number]
| Field | Description |
|---|---|
| App name | Bankieren |
| App version | App version (e.g. 12.44) |
| Brand name | Apple / Samsung / etc. |
| Model name | E.g. iPhone15,4 |
| Platform name | iOS / Android |
| Release name | OS version (e.g. 17.1.1) |
| Installation id | UUID that is generated once per app installation |
| Account number | Part of IBAN behind bank code (empty until the session is authorized) |
| Card number | Bank card number (empty until the session is authorized) |
Example:
[Bankieren]/[12.44] [Apple]/[iPhone15,4] [iOS/17.1.1] [487128F4-ABDE-4667-8103-E4D2C8AF415E] [562813888] [231]
API Errors (general)
In most cases, when an error occurs, the API returns the following payload:
| Field | Description |
|---|---|
| messages | List of error messages |
Each message has the following fields:
| Field | Description |
|---|---|
| messageKey | Error code |
| params | Unknown (null) |
| messageType | Severity (ERROR) |
| messageText | Error message |
A list of message codes can be obtained here:
- https://www.abnamro.nl/mobileremoteconfigurations/mobielbankieren/nl/remotemessages.json
- https://www.abnamro.nl/mobileremoteconfigurations/mobielbankieren/en/remotemessages.json
Error codes that are not in this list use a predefined message format instead, such as:
nl,ERROR message 'MESSAGE_RST506_6001'Er is een technische fout opgetreden. Als u contact met ons opneemt, meld dan de volgende code: MESSAGE_SEC02L_0090
Example error response:
[
{
"messageKey": "MESSAGE_BAI001_6020",
"params": null,
"messageType": "ERROR",
"messageText": "Kunt u een responsecode invullen?"
}
]
API Errors (session validation)
When an API method requires authorization, but the session is not authorized, the server usually returns an empty 401 response. Sometimes, it includes the following payload:
| Field | Description |
|---|---|
| errors | List of errors |
Each error has the following fields:
| Field | Description |
|---|---|
| status | UNAUTHORIZED |
| traceId | 32 hex digits |
| code | Error code (RB_CSM_001) |
| params | Unknown (null) |
Because this error looks different from the regular error response, it is probably returned by a proxy in front of the real API backend.