We will allow you to transmit payment orders to the bank in the form of batches via the banking API. This service is primarily intended for legal entities and sole proprietors. Batch payments via API may be submitted by both account holders and persons authorised in connection with individual accounts.
In order to use this service, it is necessary to activate an online banking application (MojeBanka Business, Profibanka or Mobilní banka Business), in which you are to authorise the use of the Batch Payments via API service every 12 months.
If you use a third-party app to connect to the API, you cannot provide such third party with any access to your data or allow it to transmit Batches to us instead of the User. You shall be responsible for ensuring the protection and confidentiality of your strong authentication method as well as the accuracy and completeness of any information transmitted within the Batch Payments via API.
You may import batch payments to an online banking application in the JSON format; these payments will be ready for authorisation in the online banking app as a single batch. For 2022, the bank also plans the support of the KM (ABO), BEST, and SEPA XML formats.
The following preconditions apply to the use of API for the batch transfer of payments:
- Developer of the relevant application that is to be used for transfer of batch payments via API registers the app in KB using a public commercial certificate from a Certification Authority (employee/corporate qualified certificate;
- KB client registers an application to use the Batch Payments via API service with KB;
- KB client activates the Batch Payments via API service in KB.
The batch payments via KB API are executed as follows:
- Client initiates a request by calling an API endpoint with a JSON file containing a batch payment. Each API request requires a valid access token in the http heading. Access token refers to a security key generated by the user – or it is created automatically via the OAuth 2.0 standard protocol within CAAS;
- Incoming request is validated (user rights, account status and categorisation, payment format, transaction parameters, etc.) – consequently, payments may only be executed by authorised persons or account holders;
- Verified transactions are saved in an online banking database;
- Details of any saved batch payments are returned to the sender – the batch payment initialisation process is completed at this moment. The sender may also check the payment status or upload the details thereof by calling the relevant API endpoint using a valid access token;
- In order to ensure the processing and completion of batch payments initiated via API, the Client must access the relevant online banking channel and authorise the batch using standard security/authorisation methods (KB Klíč, smartcard-based certificate, etc.). The batch processing is only completed and sent to the central banking system for accounting and settlement after the batch is successfully authorised.