KB API

Banking without borders. Obtain current data and information
and control your accounts in your own application with KB API.

Partner
Service

ELECTRONIC STATEMENTS DISTRIBUTION SERVICE SANDBOX

Download PDF statements to your accounts for archiving on your systems

What it does?

The service provides secure access to information about:

  • You will have access to statements from direct banking channels
  • You can download the statements in PDF format
  • Here you will find statements for the last 90 days
  • Possibility to download archive statements
Prerequisites

A prerequisite for using the product is to have a certificate issued that is trustworthy for Komerční banka. You can apply for a certificate from:

We support any of the following certificate types:

  • Employee qualified certificate
  • Company qualified certificate
  • Company commercial technology certificate (server)

Service requires a certificate that must contain Organisation name and identification number (IČO). When applying for a certificate, the client must explicitly specify this.

During the work, we recommend you follow the rules of prudent access to the security of data and systems. You can find our recommendations on the Prudent Access Rules page.

Examples
  • Archiving bank statements for accounting
  • Download statements to your system

 

Cost / Fees

The Electronic Statements Distribution Service is provided free of charge.

 

How it works

1. The client logs in to the application with implemented service support. In this application, the client will work with the data afterwards.

2. The client in the application must give consent to download the data. You can give your consent using one of the available bank authentication methods:
         a. Security password
         b. File-based personal certificate
         c. Smartcard-based personal certificate
         d. KB Klíč

3. The consent is given for a specific period of time of no more than 12 months.

4. Once the consent is given, the relevant third-party application is ready to download data and process transaction history.

Test environment (Sandbox)
Production
Example of API calls
API Call Diagram

Issuance of a software statement signed by the bank

  • Signing of the statement is based on the OAUTH2 standard in line with RFC 7591 for dynamic registration of oauth2 clients.
  • The statement is necessary for automatic registration if client’s application to ensure the application credibility and security.|
  • Once API is successfully called, you will receive a statement – signed by the bank – in the form of a JWT token, by which a client’s application will register in the bank.
  • JWT token must be securely implemented / saved in your application or its installations to ensure they can be registered with the bank. For detailed API description, see the swagger documentation.

Registration of OAUTH2 agent – client application

  • The process of registering client’s application with the bank is subject to client’s consent to the operation.
  • Registration URI must be opened upon client’s initiative, through which the client logs in with the bank, assigns a name to the application instance registration and signs the operation.

Client’s consent to data downloads via client’s application and obtaining an authorization code (5.)

  • The approval process of client’s transaction history downloads is subject to client’s consent to the operation.
  • Bank web service calls are used for this purpose, through which the client gives its consent to access to his accounts.
  • URI (parameters) must be opened upon client’s initiative, through which the client logs in with the bank and signs the operation.
  • Following the operation completion, an authorization code is dispatched to the specified redirectUri for the purpose of obtaining refresh and access tokens that are used to download client data.

Receive tokens

  • Once you receive an authentication code issued on the basis of client’s consent to transaction history downloads, it must be exchanged for a refresh and access token. 
  • Endpoint is also used to obtain an access token with a refresh token. Using an access taken (access_token), it is possible to call upon all ADAA endpoints. For detailed API description, see the swagger documentation.

Replace IBAN with an account ID

  • For the purpose of enhanced security, it is necessary to apply for information for the relevant IBAN, using its ID number that can be obtained through this endpoint.
  • Transaction history or account information downloads are called using IBAN identification number - accountId. For detailed API description, see the swagger documentation.

Transaction history downloads

  • Endpoint is used to download transaction history for the given account. For detailed API description, see the swagger documentation.

Account balance downloads

Endpoint is used to download account information. For detailed API description, see the swagger documentation.

Would this API be useful for you?

5 people 
voted