New API methods and changes to existing API methods

    To support the SDK additional API methods have been created and existing methods for customer actions that require SCA (exemptions may apply - see appendix) have been amended.

    What is the 900 Response?

    Whenever an action originating in the app and qualifying for SCA is requested, a 900 Response is sent from the Contis API see DoSCA for client next steps.

    Table of updated existing API methods

    The table below details the existing API methods that now have the 900 response:

    Dev Portal Controller Web Method Name API description SCA Customer Event SDK Screen Title - See Appendix SCA Description - see Appendix for detail on exemptions

    Account

    ListTransactions_Account

    Returns a list of cleared transactions.

    Historical Transactions (> 90 days)

    Login (ID 1)

    SCA required if more than 90 days transactions are requested and customer has not performed 2FA login in last 90 days

    Account

    UnloadConsumerAccount

    Debits the specified amount from the customer's account and credits it to the programme holding or funding account.

    Transfer

    Transfer (ID 14)

    SCA required if customers transfer money from customer account to another Contis account - programme holding or funding account (exemptions may apply)

    Consumer

    UpdateConsumerContactDetails_Consumer

    Updates the customer’s mobile number, email address and address.

    Update Contact Details (Mobile or Address)

    Change Details (ID 12 OR 13)

    SCA required when a customer changes their mobile phone number or address

    P2P

    PayRequestedMoney

    Enables the payment request recipient to pay the requested money to the beneficiary.

    Pay Request Money

    Payment (ID 6)

    SCA required when a customer as the payment request recipient if paying the requested money to the beneficiary (exemptions may apply)

    P2P

    SendMoney

    Sends money from the customer’s account to the recipient account.

    Send Money

    Payment (ID 3)

    SCA required when a customer sends money from their account to a recipient account (exemptions may apply)

    P2P

    SendMoneyByEmailAddress

    Transfer money from the customer to the payee account using the recipient's email address.

    Send Money

    Payment (ID 3)

    SCA required when a customer sends money to the payee using the recipient’s email address (exemptions may apply)

    P2P

    SendMoneyByMobileNumber

    Transfer money from the customer to the payee account using the recipient's mobile phone number.

    Send Money

    Payment (ID 3)

    SCA required when a customer sends money to the payee using the recipient’s mobile phone number (exemptions may apply)

    P2P

    SendMoneyByUserName

    Transfer money from the customer to the payee account using the recipient's username.

    Send Money

    Payment (ID 3)

    SCA required when a customer sends money to the payee using the recipient’s username (exemptions may apply)

    P2P

    SendMoneyByIBAN

    Transfer money from the customer to the payee account. The money is immediately credited in the beneficiary account using the IBAN (International Bank Account Number ).

    Send Money

    Payment (ID 3)

    SCA required when a customer sends money to the payee account (immediate credit) (exemptions may apply)

    P2P

    Transfer

    Transfers funds from the customer's account to the recipient account if the amount is available in the customer's account.

    Third-Party Transfer

    Payment (ID 5)

    SCA required when a customer sends money to the payee account (exemptions may apply)

    StandingOrder

    SetupSOReceipent

    Create an internal or third party standing order by specifying the recipient.

    Add Standing Order

    Standing Order (ID 9)

    SCA required when a customer creates a standing order

    StandingOrder

    SetupSORecipientBank

    Create an internal or third party standing order by specifying the recipient’s bank account.

    Add Standing Order

    Standing Order (ID 9)

    SCA required when a customer creates a standing order

    StandingOrder

    UpdateSODetails

    Updates the details of an existing standing order.

    Edit Standing Order

    Standing Order (ID 10)

    SCA required when a customer amends a standing order

    Transfer

    BankTransfer

    Transfer funds from a Contis customer to an external bank account if the amount is available in the customer's account.

    Bank Transfer

    Payment (ID 4)

    SCA required when a customer transfers funds from their account to an external bank account (exemptions may apply)

    Account

    Account_GetBalance

    Returns the latest balance of the given account. Displays balance of secondary account(s) linked to the primary account. If a subaccount parameter is passed, then it returns the balance of the specified account number.

    Balance

    Login (ID 1)

    SCA required if balance is requested and customer has not performed 2FA login in last 90 days

    Table of new API methods

    The table below details the new API methods that support the SDK solution.

    Dev Portal Controller

    Web Method Name

    API description

    SCA Customer Event

    SDK Screen Title - See Appendix

    SCA Description - see Appendix for detail on exemptions

    P2P

    UpdateBeneficiaryStatus

    Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must have made at least one successful payment to the payee before this action can be performed.

    Edit Beneficiary Status

    Trusted (11)

    SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of the exemptions detailed against existing APIs. Customer must have made a least one successful payment to a beneficiary before they can be made trusted.

    Transfer

    UpdateBeneficiaryStatus

    Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must have made at least one successful payment to the payee before this action can be performed.

    Edit Beneficiary Status

    Trusted (11)

    SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of the exemptions detailed against existing APIs. Customer must have made a least one successful payment to a beneficiary before they can be made trusted.

    Consumer

    UnblockConsumerLogin

    Unblocks the customer's account access

    n/a

    n/a

    Customer account access must be blocked if the customer exceeds the maximum number of failed authentication attempts to complete SCA. This API enables a client to unblock a customer account if they pass the necessary security via clients own rules to unblock the account.

    Security

    PostLoginDetails

    This method is used to trigger the SDK for 2nd FA of customer login to client app, advising Contis of what SCA compliant factors have been used for customer login (where client managed) and inactivity timer management.

    Login

    optional - Login (ID 1)

    This method can do 3 things:
    1) Trigger the SDK for 2nd FA of SCA for customer login to client app (optional – clients can manage their own 2FA SCA compliant login journey)
    2) Advising Contis of what 1st FA has been used for customer login to client app (mandatory) and what 2nd FA for customer login to client app (optional)
    3) Inactivity Timer – lets Contis know that a customer has successfully logged in and remains active with the client portal/app which is required to meet inactivity criteria. See appendix for more details

    Security

    ListSDKDevices

    Provides a list of all customer mobile devices that are registered with Contis and able to use the SDK

    n/a

    n/a

    To get list of all customer mobile devices registered for SDK.

    Security

    DeRegisterSDKDevice

    Method to de-register a customer mobile device from Contis platform - will remove the SDK (de-registration will happen automatically if a customer changes device)

    n/a

    n/a

    Method to de-register a customer mobile device from Contis platform - will remove the SDK (de-registration will happen automatically if a customer changes device)

    Security

    GetSCAPendingRequest

    Get SCA Pending Request for SCA type by customer

    n/a

    n/a

    When an SCA qualifying event originates out of app e.g. online card transactions and push notifications are turned off this method will enable the client to present the SDK UI to the customer for authentication to be performed the next time the customer opens their app (oldest presented first)

    Consumer Security

    GetSCAStatus

    Returns the status of the requested SCA - processed/not processed.

    n/a

    n/a

    For clients to obtain the status of request SCA - whether processed or not. Optional. Likely to be used when customer initiates action in a portal and is authenticating via SDK in app