Getting started

Before you access production APIs you should do a few basic tasks in the following steps:

  1. Browse the available APIs and find if any is useful for one of your applications
  2. Sign Up on this Developer Portal (Sandbox)
  3. Register your application
  4. Invite your developers
  5. Select a plan and test your application
  6. Sign Up on Developer Portal (Production)
  7. Register your application for production access
  8. Select a plan for your production application
  9. Access production APIs
  1. Browse the available APIs

    Take a look at our APIs to see what choices are available. Is there an API you can exploit in one of your applications? Use the supplied APIs to quickly construct a fully-featured application.

    Explore our APIs

  2. Sign Up on this Developer Portal (Sandbox)

    Found a useful API? Sign up on this Developer Portal (Sandbox) to create an account and get started. It is free to join.

    Create an account

  3. Register an application

    Before you can use an API you have to register your application. When you register an application, the application is assigned a unique client ID and client secret. You must use the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client secret. Check the API description for the details.

    The use of the Raiffeisenbank Austria APIs (hereinafter the “API”) and test Developer Portal (hereinafter the „Sandbox“) requires Qualified Website Authentication Certificates (QWACs) as a method to authenticate the ‘Internet Entity Identity’ and encrypt communications in order to provide confidentiality.

    Under eIDAS, a QWAC is a legal term for the existing certificates that are issued under the Certification Authority & Browser Forum’s standards for Extended Validation Secure Socket Layer (EV SSL) Certificates.  

    The primary objectives of an EV SSL Certificate are to: 
    1. Identify the legal entity that controls a web site by providing reasonable assurance to the user of an Internet browser that the web site the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information;
    2. Enable encrypted communications with a web site by facilitating the exchange of encryption keys in order to enable the encrypted communication of information over the Internet between the user of an Internet browser and a web site.

    If you are experiencing issues with your eIDAS certificate, accessing our Developer Portal, during the enrollment process/ consumption of our APIs please make sure on the following:
    - CA signing your certificate is part of the official list of Qualified Trust Service Providers (QTSPs) available in the European Union, 
    - the certificate is not expired,
    - the certificate is valid for the role you are authorized (i.e. AISP, PISP), 
    - the certificate is not revoked by the National Authority

    If you are in possession of a valid test certificate but aren’t able to consume our APIs please contact us.

    Register app

  4. Invite your developers

    Invite other developers from your organization to develop and maintain your application.

    Invite developers

  5. Select a plan and test your application

    Finally, now that your application is registered, you need to subscribe to a plan. The plan determines the number of API calls that your application can make. Some plans are free and no approval is required, some require approval, and some require approval and a monthly subscription. Think about what you need and choose the most suitable plan.

    Once your application is subscribed, you can use received credentials to test all APIs included in the subscribed products.

    API products

  6. Sign Up on Developer Portal (Production)

    Production registration will be available from Q2/2019

    Once you are ready with your testing and want to access production APIs, you need to register on Developer Portal (Production).

    Please note that your Organization name has to match your name used in the PSD2 certificate issued by QTSP (Qualified Trust Certificate Provider), which you will use to access production APIs.

  7. Register an application for production access

    Before you can use an API you have to register your application similarly to Sandbox. When you register an application, the application is assigned a unique client ID and client secret. You must use the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client secret. Check the API description for the details.

  8. Select a plan for your production application

    Finally, now that your application is registered in the production environment, you need to subscribe to a plan. The plan determines the number of API calls that your application can make. Some plans are free and no approval is required, some require approval, and some require approval and a monthly subscription. Think about what you need and choose the most suitable plan.

  9. Access production APIs

    All done! Now, if you have a valid license from the competent authority and received a certificate for PSD2 services, you can access our production resources. Please note that your certificate will be validated during any access to production APIs and requests can be rejected if the certificate is not used or is not valid or the organization name doesn’t match the name on the certificate.