Most services require the user to be authorized. This can be done with the authorization service. The /session/loginchallenge method provides a challenge and a session cookie. If the client solves the challenge successfully, with /session/loginresponse, the session becomes authorized and the user can call other services.
The challenge calculation is explained here.
Methods
GET /session
Returns minimal information about the active session.
Response on success:
| Field |
Description |
| session |
Session (see below) |
The session contains the following fields:
| Field |
Description |
| lastLogonDate |
Last logon date (timestamp in milliseconds, rounded to minutes) |
Example
{
"session": {
"lastLogonDate": 1700503560000
}
}
DELETE /session
Deletes the currently active session. On success, this method returns an empty response with status 204.
GET /session/loginchallenge
| :information_source: Service version: v2 |
Requests a new login challenge.
| Param |
Description |
| accountNumber |
Part of IBAN after bank code (e.g. NL04ABNA0562813888 becomes 562813888) |
| cardNumber |
Card number (e.g. 231) |
| accessToolUsage |
Access tool usage |
| boundDeviceIndexNumber |
Bound device index number (only present on BOUNDDEVICE_*) |
Response on success:
Login Challenge
| Field |
Description |
| userId |
User id |
| attemptsLeft |
Number of attempts left |
| challenge |
Challenge (hex) |
| challengeHandle |
Challenge handle |
| challengeDeviceDetails |
Details (e.g. /schemes/ATT_5_55/CH_1) |
| eigChallenge |
Unknown (null) |
| eigChallengeHandle |
Unknown (null) |
| eigChallengeDeviceDetails |
Unknown (null) |
| eigType |
Unknown (null) |
Example
{
"loginChallenge": {
"challenge": "02000889e720b93a634fbb03000406e9fb69040100c50e0f7ed8b1d0f1434fbed7ac74ba9ce4ecd0c60dd03a6a7f12d19496ed0ac587feedd4f38581494cb2d18acc8e4f4b2f55c0054cc5fb491960bcd20f73a8df38a1b1e50628b29756abb58f894574bb463f6f4b753ddae27840dcebc197cf908c705946484e5cd6994f004fa4555d0e80011912dc9e52e5c8f46aec19cdeab39d5eda08502eaf680dd7db40e72ebc02efd2b1f9949fe482f7500c93baf2db40ca8c16342824ec340cfd34fa4f1faa45cf2cafad77e3b1b8472c1a5e6a2f1aad37d17e3553d1c76b71806a41dcd0f6316acf27fef734767931e1bf74fd107f09f990e6b1a929cd9379dc8993b9a07f91bcacd700c94712780ea98294c96b9729050003010001000000",
"challengeHandle": "593782797",
"attemptsLeft": 3,
"challengeDeviceDetails": "/schemes/ATT_5_55/CH_1",
"userId": "0562813888_23",
"eigChallenge": null,
"eigChallengeHandle": null,
"eigChallengeDeviceDetails": null,
"eigType": null
}
}
PUT /session/loginresponse
| :information_source: Service version: v4 |
Answers a challenge that was obtained with /session/loginchallenge.
| Field |
Description |
| accountNumber |
Part of IBAN after bank code (e.g. NL04ABNA0562813888 becomes 562813888) |
| cardNumber |
Card number (e.g. 231) |
| challengeHandle |
Challenge handle |
| response |
Challenge response (hex) |
| accessToolUsage |
Access tool usage |
| challengeDeviceDetails |
Challenge device details |
| appId |
IPHONE_APP / ANDROID_APP / SIMPLE_BANKING (web) |
| boundDeviceIndexNumber |
Bound device index number (optional) |
| isJailbrokenRooted |
Boolean whether the device is jailbroken or rooted (optional) |
| isBound |
Boolean whether the device is bound (optional) |
| imei |
IMEI (optional) |
| telephoneNo |
Phone number (optional) |
Response on success:
Session
| Field |
Description |
| connectionType |
Connection type |
| deviceType |
Device type |
| lastLogonDate |
Last logon date (long) |
| representative |
Representative |
| representedCustomer |
Represented customer |
| selectedCustomer |
Selected customer |
Representative
| Field |
Description |
| class |
Representative class |
| reference |
Reference |
Example
{
"session": {
"lastLogonDate": 1700503560000,
"deviceType": "SOFTTOKEN",
"connectionType": "ENDTOEND",
"selectedCustomer": null,
"representative": {
"class": "BUSINESS_CONTACT",
"reference": "125882893"
},
"representedCustomer": "125882893"
}
}
GET /session/sessionhandoverchallenge
On success, this method returns the same response as /session/loginchallenge.