Home
The Account Direct Access API (ADAA) service provides secure access to information about:
- Client’s transaction history
- Bank account balance
- Information about transaction history is provided in connection with current accounts of a client of Komerční banka.
You can find more details on the Direct Account Access API
For testing and debugging your requests we recommend to use the Postman app. We have prepared collections of example requests to use in Postman, download them from the links below.
- Postman Sandbox collection
- Postman Production collection
- User - Client KB - User who give access to his account via API in Komercni banka
- Developer - Developer who create app
- KB - Komercni banka
To use any of our API's you (the Developer) will need to be registred on our API portal. Though the API portal you will be able to subscribe to the API's you want to use and generate API keys.
- Register on the API Portal
- Subcribe to an API (Client Registration, OAuth2, Account direct access API)
- create an API key for it (apiKey) - How create API key (apiKey)
Each API needs its own API key. You can create multiple API keys for each API. You can also create multiple API keys for the same API.
Create a Software statement for your application and register it via the Client Registration API. You will need to use the API key you created in the previous step.
- Software Statement with qualified certificate issued by a trusted certification authority (I.CA, PostSignum). For more information about certificate see How to get a I.CA qualified certificate.
- Contruct a URL
- Visit the constructed URL in the Client's browser.
- Browser redirects to KB for an authorization of a Client of KB. (example page)
- Client of KB continues to login to KB. (example page)
- Client of KB confirms authorization via an authorization app (KB Klíč). (example page)
- Client of KB chooses accounts to be authorized with the API. (example page)
- KB redirects back to a callback url provided in the software statement and that way transfers control back to the app.
You, the Developer, needs to process the information included in the callback URL.
- Decrypt the parameters on the redirect_uri
- obtain the
client_id,client_secret, and other application registration information from the decrypted data.
You will need the client_id, client_secret in the next steps.
7. Construct a URL to get the Authorization code Token and visit it in the Client's browser
Using the client_id obtained in the previous step, construct a URL to get the authorization code token.
- Construct a URL as described in the Tokens - Authorization code wiki page.
- Visit the constructed URL in the Client's browser.
- Browser redirects to KB for an authorization of a Client of KB.
- Client of KB continues to login to KB. (example page)
- Client of KB confirms scopes (example page)
- KB redirects back to a callback url provided in the request URL parameter and that way transfers control back to the app.
- Get the Authorization code from the callback URL's parameters
- Use the Authorization code ,
client_idandclient_secretto get the Refresh token and Access Token
- First, you will probably want to get the Client's Accounts available. The
accountIdis needed for other endpoints.
Account Balances
Transactions
Notification of changes to your account (webhook)
Account Statements - PDF
- Make a flow to create an Application Registration by the user (step 4) - each user needs only 1 application
- Make a flow for Refresh token acquisition and renewal (step 7) - once every 12 months or sooner. Refresh token is valid for 12 months.
- Check out our demo app