New API methods and changes to existing API methods

To support the SDK additional API methods have been created and existing methods for customer actions that require SCA
(exemptions may apply – see appendix) have been amended.

What is the 900 Response?

Whenever an action originating in the app and qualifying for SCA is requested, a 900 Response is sent from the Contis
API see DoSCA for client next steps.

Table of updated existing API methods

The table below details the existing API methods that now have the 900 response:

DEV PORTAL CONTROLLER WEB METHOD NAME API DESCRIPTION SCA CUSTOMER EVENT SDK SCREEN TITLE – SEE APPENDIX SCA DESCRIPTION – SEE APPENDIX FOR DETAIL ON
EXEMPTIONS
Account ListTransactions_Account Returns a list of cleared transactions. Historical Transactions (> 90 days) Login (ID 1) SCA required if more than 90 days transactions are requested and customer has not performed 2FA login in
last 90 days
Account UnloadConsumerAccount Debits the specified amount from the customer’s account and credits it to the programme holding or
funding account.
Transfer Transfer (ID 14) SCA required if customers transfer money from customer account to another Contis account – programme
holding or funding account (exemptions may apply)
Consumer UpdateConsumerContactDetails_Consumer Updates the customer’s mobile number, email address and address. Update Contact Details (Mobile or Address) Change Details (ID 12 OR 13) SCA required when a customer changes their mobile phone number or address
P2P PayRequestedMoney Enables the payment request recipient to pay the requested money to the beneficiary. Pay Request Money Payment (ID 6) SCA required when a customer as the payment request recipient if paying the requested money to the
beneficiary (exemptions may apply)
P2P SendMoney Sends money from the customer’s account to the recipient account. Send Money Payment (ID 3) SCA required when a customer sends money from their account to a recipient account (exemptions may
apply)
P2P SendMoneyByEmailAddress Transfer money from the customer to the payee account using the recipient’s email address. Send Money Payment (ID 3) SCA required when a customer sends money to the payee using the recipient’s email address (exemptions
may apply)
P2P SendMoneyByMobileNumber Transfer money from the customer to the payee account using the recipient’s mobile phone number. Send Money Payment (ID 3) SCA required when a customer sends money to the payee using the recipient’s mobile phone number
(exemptions may apply)
P2P SendMoneyByUserName Transfer money from the customer to the payee account using the recipient’s username. Send Money Payment (ID 3) SCA required when a customer sends money to the payee using the recipient’s username (exemptions may
apply)
P2P SendMoneyByIBAN Transfer money from the customer to the payee account. The money is immediately credited in the
beneficiary account using the IBAN (International Bank Account Number ).
Send Money Payment (ID 3) SCA required when a customer sends money to the payee account (immediate credit) (exemptions may apply)
P2P Transfer Transfers funds from the customer’s account to the recipient account if the amount is available in the
customer’s account.
Third-Party Transfer Payment (ID 5) SCA required when a customer sends money to the payee account (exemptions may apply)
StandingOrder SetupSOReceipent Create an internal or third party standing order by specifying the recipient. Add Standing Order Standing Order (ID 9) SCA required when a customer creates a standing order
StandingOrder SetupSORecipientBank Create an internal or third party standing order by specifying the recipient’s bank account. Add Standing Order Standing Order (ID 9) SCA required when a customer creates a standing order
StandingOrder UpdateSODetails Updates the details of an existing standing order. Edit Standing Order Standing Order (ID 10) SCA required when a customer amends a standing order
Transfer BankTransfer Transfer funds from a Contis customer to an external bank account if the amount is available in the
customer’s account.
Bank Transfer Payment (ID 4) SCA required when a customer transfers funds from their account to an external bank account (exemptions
may apply)
Account Account_GetBalance Returns the latest balance of the given account. Displays balance of secondary account(s) linked to the
primary account. If a subaccount parameter is passed, then it returns the balance of the specified
account number.
Balance Login (ID 1) SCA required if balance is requested and customer has not performed 2FA login in last 90 days

Table of new API methods

The table below details the new API methods that support the SDK solution.

DEV PORTAL CONTROLLER WEB METHOD NAME API DESCRIPTION SCA CUSTOMER EVENT SDK SCREEN TITLE – SEE APPENDIX SCA DESCRIPTION – SEE APPENDIX
FOR DETAIL ON EXEMPTIONS
P2P UpdateBeneficiaryStatus Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must
have made at least one successful payment to the payee before this action can be performed.
Edit Beneficiary Status Trusted (11) SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary
trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of
the exemptions detailed against existing APIs. Customer must have made a least one successful payment to
a beneficiary before they can be made trusted.
Transfer UpdateBeneficiaryStatus Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must
have made at least one successful payment to the payee before this action can be performed.
Edit Beneficiary Status Trusted (11) SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary
trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of
the exemptions detailed against existing APIs. Customer must have made a least one successful payment to
a beneficiary before they can be made trusted.
Consumer UnblockConsumerLogin Unblocks the customer’s account access n/a n/a Customer account access must be blocked if the customer exceeds the maximum number of failed
authentication attempts to complete SCA. This API enables a client to unblock a customer account if they
pass the necessary security via clients own rules to unblock the account.
Security PostLoginDetails This method is used to trigger the SDK for 2nd FA of customer login to client app, advising Contis of
what SCA compliant factors have been used for customer login (where client managed) and inactivity timer
management.
Login optional – Login (ID 1) This method can do 3 things:
1) Trigger the SDK for 2nd FA of SCA for customer login to client app (optional – clients can manage
their own 2FA SCA compliant login journey)
2) Advising Contis of what 1st FA has been used for customer login to client app (mandatory) and what
2nd FA for customer login to client app (optional)
3) Inactivity Timer – lets Contis know that a customer has successfully logged in and remains active
with the client portal/app which is required to meet inactivity criteria. See appendix for more details
Security ListSDKDevices Provides a list of all customer mobile devices that are registered with Contis and able to use the SDK n/a n/a To get list of all customer mobile devices registered for SDK.
Security DeRegisterSDKDevice Method to de-register a customer mobile device from Contis platform – will remove the SDK
(de-registration will happen automatically if a customer changes device)
n/a n/a Method to de-register a customer mobile device from Contis platform – will remove the SDK
(de-registration will happen automatically if a customer changes device)
Security GetSCAPendingRequest Get SCA Pending Request for SCA type by customer n/a n/a When an SCA qualifying event originates out of app e.g. online card transactions and push notifications
are turned off this method will enable the client to present the SDK UI to the customer for
authentication to be performed the next time the customer opens their app (oldest presented first)
Consumer Security GetSCAStatus Returns the status of the requested SCA – processed/not processed. n/a n/a For clients to obtain the status of request SCA – whether processed or not. Optional. Likely to be used
when customer initiates action in a portal and is authenticating via SDK in app