FAQ

FAQ

Overview

What is Alior Bank Developer Portal?

Our Developer Portal is a central source of information and tools for our open banking APIs, giving you access to Alior Bank services.

What is a sandbox?

You should view our sandbox as a safe testing environment. Although it is separated from our production environment, it gives you a very accurate simulation of how the APIs will work on live data.

What data will I have access to?

We have prepared a set of representative test data sets which will give you a good understanding of how things will work when in production.

What functionality will I have access to?

Our current API catalogue consists of PSD2 related services - Account Information Services and Payment Initation Services, but we will be adding other services to the pack soon.

Is this really free?

Yes, using the sandbox is free of charge and everyone can register and use the APIs in our test environment.

How can I get access to production data?

If you are a licensed TPP (as per PSD2 regulations) you will have access to production data for Accounts (AIS) and Payments (PIS) as soon as they become available. A license will not be required for other services, but we reserve the right to select our partners. In such cases, a bilateral agreement will need to be signed. APIs with public data will be accessible without any formal requirements.

Registration

Who can register and access the APIs?

Our portal is available to everyone who registers and accepts its terms and conditions. All registered users will get access to our API catalogue and test data. Some new APIs may be available by invitation only, before they become part of our official catalogue.

I have not received an activation email. What should I do?

Please check your mailbox to see if the email has not ended up in a spam folder. If it is not there, please use the contact form to get in touch with us.

What is an organization?

A developer organization owns the developer applications and consumes the APIs and applications published on the Developer Portal.

Can I add more users to my organization?

Yes, as the first user registered under your organization you have the possibility to add more users and assign them to one of the available profiles (admin, developer, viewer)

How can I reset my password?

You can always change your password in My account/Password

I have forgotten my user ID and/or my password. How can I restore them?

If you've forgotten your password, you can use the 'Request new password' form, and enter the e-mail address used during registration. A link to reset the password will be sent to you by e-mail.

Applications

What is an application and why do I need to create one?

An application (or app) is a way to manage your API credentials.

Can I have more than one application?

Yes, you can set up as many apps as you want

Does the app name have to be unique for all my apps?

No, you can use the same name for more than one app

Will the application give me access to production data?

No, this is a test environment with no access to production data.

APIs

Who can use the APIs?

Anyone registered on our portal can use the published APIs. There are no formal requirements, as long as you follow the rules accepted during the registration process.

What does PSD2 have in common with your APIs?

Among the most interesting changes resulting from the PSD2 directive is the requirement for ASPSP (Account Servicing Payment Service Providers) to publish "access interfaces" allowing TPPs (Third Party Providers), with customer consent, to initate payments and/or have access to account details and transaction history. In order to comply with this requirement, we have built a set of APIs that allow for such access.

How do I become a PSD2 licensed TPP?

Please refer to the local regulations in your country.

What is a PISP and AISP? Can I still use your APIs to access production data if I am not one?

A PISP is a Payment Initiation Service Provider, an AISP is an Account Information Service Provider. To use PSD2 related APIs you will need to have a formal license to provide PIS and/or AIS services.

Do you offer any Premium APIs?

Yes, we are currently offering FX Trade APIs for corporate customers. We will be expanding our API catalogue to include other services.

Are the APIs only for consumer products or also for corporate ones?

The PSD2 related APIs are for both consumer and corporate payment accounts. For other APIs, please check the documentation for details.

I keep getting an error code. Where can I check the meaning of this code?

You can find all the error codes described in the Documentation for each API.

Can a TPP register using the same set of certificates for two different applications with two different URLs?

Yes.

How can I exchange certificates?

Please provide us with new certificates in advance to ensure swift transition. Please also indicate the KID of the new QSeal certificate and the clientID of the application for which it is to be configured.

How can I avoid unavailability when exchanging certificates?

You can have two sets of certificates in parallel. If you provide us with new certificates with new KID value, you’ll be able to switch at any time.

Security

Is this secure?

Yes. Transmision is secured by TLS protocol with certificate validation. Message payload is signed (JWS) with another certificate that was exchanged earlier between TPP and ASPSP (Bank). Additionally, every request includes Client ID and Secret ID.

What is an access token and how long is it valid?

An access token is a kind of key that the application must include with its requests to the identity provider (ASPSP), which prove that it has permission from the user to access those APIs. By default, the access token is valid for 90 days.

Why do I need a Client ID and Secret ID?

The Client ID is a unique identifier of your application in our system. All your APP configurations, subscriptions, plans, monitoring, and security will be based on this ID. The Secret ID acts like a password for your application and is an additional level of security.

API FX Trade

Who can use the API FX Trade?

Who can use the API FX Trade?

What operations can I perform using API FX Trade?

What operations can I perform using API FX Trade?

Who is the API FX Trade addressed to/useful for?

The API FX Trade is addressed to/useful for corporate clients who want to automate FX processes, easily convert a high numer of transactions, eliminate manual execution of currency conversion and reduce operational costs. Our API FX is addressed to companies operating as payment service providers, travel agencies, tour operators.

How can I use the API FX Trade in a production environment?

You must have an Alior Bank corporate account. For more details contact us at developer@alior.pl.

What currencies can I exchange?

We offer the following currency pairs: EURPLN, USDPLN, GBPPLN, CHFPLN, SEKPLN, NOKPLN, CZKPLN, EURUSD, EURGBP, EURCHF, GBPUSD, GBDCHF, USDCHF.

Operational merger

When will the operational merger of T-Mobile Banking Services with Alior Bank take place?

The operational merger of T-Mobile Banking Services branch with Alior Bank will take place on November 29th, 2020.

Will the operational merger of T-Mobile Banking Services with Alior Bank be associated with the unavailability of API?

Yes, the operational merger of T-Mobile Banking Services with Alior Bank will be associated with planned unavailability of API on November 29th, 2020. We will inform TPP as well as developers about its details in a separate correspondence and through a message published in the News section of the Developer Portal.

Will T-Mobile Banking Services internet banking be available for customers after November 29th, 2020?

No, customers of T-Mobile Banking Services after operational merger with Alior bank will use banking and mobile application of Alior Bank.

Will T-Mobile Banking Services logo still be available after November 29th, 2020?

No, both the brand and logo of T-Mobile Banking Services will disappear from the market. As of November 29th, 2020 customers of T-Mobile Banking Services will use internet banking of Alior Bank.

Will a new PSU consent be required after the operational merger of T-Mobile Banking Services with Alior Bank?

Yes, a new PSU consent will be required.

Will a new token be required after the operational merger of T-Mobile Banking Services with Alior Bank?

Yes, a new token will be required.

How will the AIS service be initiated after the operational merger of T-Mobile Banking Services with Alior Bank?

In order to initiate the AIS service a new PSU consent and a new token will be required.

How will the PIS service be initiated after the operational merger of T-Mobile Banking Services with Alior Bank?

In order to initiate the PIS service a new PSU consent and a new token will be required.

How will the CAF service be initiated after the operational merger of T-Mobile Banking Services with Alior Bank?

In order to initiate the CAF service a new PSU consent and a token will be required.

Will the documentation available on the Developer's Portal change after the operational merger of T-Mobile Banking Services with Alior Bank?

No, the documentation will remain unchanged.

Will the integration (Onboarding) with Alior Bank's API be required after the opeartional merger of T-Mobile Banking Services with Alior Bank?

No, integration (Onboarding) with the Bank's API will not be required.

Will the services defined within PSD2 be available under the same address after the operational merger of T-Mobile Banking Services with Alior Bank?

Yes, the method of connection with the API will remain unchanged.

What should be selected by the PSU after the redirection to ASPSP screen after the operational merger of T-Mobile Banking Services with Alior Bank?

The logo of T-Mobile Banking Services will not be displayed after the operational merger of T-Mobile Banking Services with Alior Bank. Therefore after the redirection to the ASPSP’s screen, the PSU should select the logo of Alior Bank.

Will the retrival of account information be possible with pre-merger consent?

In order to access account history a new PSU consent and a token will be required. Both pre- and post-merger transaction will be available.

Alior Bank uses its own cookies as well as cookies from third parties. Cookies are used to remember your settings, for traffic measurement and to show you targeted ads. By clicking I understand, you consent to this use of cookies. Read more about our use of cookies.

I understand