AVIS Bank API Reference

 

 

Sandbox Information

API endpoint:
  • https://connect.avisbank.com:8080
POST content-type:
  • application/x-www-form-urlencoded
API Secret:
  • Given by administrator
Input Variations:
  • Mandatory Fields are marked with the letter ‘m’
  • Conditionally Mandatory Fields are marked with the letter ‘c’

 

 

 

 

 

Initiate Nexor Session

Similar to Initiate Session, this API generates a JWT Token, but authenticates a pre-existing and pre-verified user through the Nexor system. Like Initiate Session, a JWT is provided for use in future APIs. There is a 90 day timeout for the JWT.

Bearer token JWT authentication is a specific implementation of JWT authentication that relies on the use of a "bearer" token. In this scheme, when a user logs in, the server generates a JWT token and sends it back to the client. The client then includes this token in the "Authorization" header of each subsequent request, preceded by the word "Bearer" (e.g. "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."). When the server receives the request, it extracts the token from the header and verifies its signature and expiration. If the token is valid, the server uses the information contained in the token to authorize the request.

  • Endpoint

    • POST /api/middleware/session/nexor_start

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
api_key string *admin provided api_key* m
username string *admin provided username* m
  • Notes

    • All sessions are valid for 90 days

  • Successful response: HTTP 200; content-type: application/json

    • {
      "firstName": "AvisTest",
      "lastName": "TestAccount",
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ4aWQiOjgxNjMsImVtYWlsX2FkZHJlc3MiOiI3NWM4Y zc0Yi1kYjE0LTRkMDYtODQ0Yy1hOTI4NzgwYzQ4ZmJAdGVzdC5jb20iLCJpYXQiOjE2ODI3NDE4O DUsImV4cCI6MTY4Mjc0NTQ4NX0.eF-e_VwtqIF9yiZzkdrifhP6yWUV8T27YMdWgB9wA58"
      }

  • Error Responses; content-type: application/json

HTTP Code Response
400 {
"message": "API Key Required"
}
400 {
"message": "Username required."
}
404 {
"message": "Not found username 75c8c74b-db14-4d06-844ca928780c48fb@test.com."
}
401 {
"message": “Incorrect api_key”
}
500 {
"message": “Payload Parse Error: a09cee3c-00b1-11ee-be56-0242ac12000”
}

 

 

 

 

POST /api/middleware/session/nexor_start
api_key:
username:

RESULT /api/middleware/session/nexor_start
Response Here

 

 

 

pain.001: MT101 & MT103

The pain.001 message is used for initiating credit transfers and direct debits between financial institutions. The pain.001 message includes information about the sender and receiver of the payment, as well as details about the transaction, such as the amount, currency, and date.
  • Customer Credit Transfer Initiation (pain.001): This message replaces the MT101, which is used for initiating credit transfers between financial institutions. The pain.001 message provides detailed information about the initiating party, the beneficiary, the payment amount and currency, and any additional information relevant to the payment transaction.
  • Single Customer Credit Transfer (pain.001): This message replaces the MT103, which is used for credit transfers between financial institutions. The pain.001 message is also used for credit transfers between non-financial institutions and financial institutions. The message provides information on the initiating party, the beneficiary, the payment amount and currency, and any additional information relevant to the payment transaction.
  • Endpoint

    • POST /api/middleware/composer/pain.001

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
transfer_method string OUTBOUND | INBOUND | EXTERNAL
transfer_currency string(3) ISO 4217 code m
transfer_amount int Hundreths. Example 12.34 should be input as 1234 m
transfer_reference string m
sender_bank string m
sender_branch string m
sender_country string(2) ISO 3166-2 code m
sender_number int
sender_name string m
sender_SWIFT string m
sender_SORT int
sender_IBAN string m
receiver_bank string m
receiver_branch string m
receiver_country string(2) ISO 3166-2 code m
receiver_number int
receiver_name string m
receiver_SWIFT string m
receiver_SORT int
receiver_IBAN string m
invoice_number string m
invoice_description string c
instructions string m
workflow string GENERATE | GENERATE_SEND m
  • Notes

    • Requires JWT Bearer Token

    • Specify GENERATE to only create the payload. The created payload can be downloaded from the API endpoint '/api/middleware/composer/payload'

    • Specify GENERATE_SEND to send the payload to the intermediary bank from the Middleware. The responses from the intermediary bank can be retrieved from the API endpoint 'api/middleware/composer/pacs.002'

  • Successful response: HTTP 200; content-type: application/json

    • {
      "message":
         {
         "message_id": "7e2925ff-c217-4683-a48d-95dbb761",
         "status": "ACCP",
         "transfer_reference": "371e5b25"
         }
      }

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "transfer_currency required"
}
400 {
"message": "transfer_currency must be valid ISO 4217 code"
}
400 {
"message": "transfer_amount required"
}
400 {
"message": "transfer_amount must be numerical between 1 and 12 digits represented as hundredths. Example 12.34 should be input as 1234"
}
400 {
"message": "transfer_reference required"
}
400 {
"message": "transfer_reference must between 6 and 32 characters long"
}
400 {
"message": "sender_bank required"
}
400 {
"message": "sender_bank must between 3 and 64 characters long"
}
400 {
"message": "sender_branch required"
}
400 {
"message": "sender_branch must between 3 and 128 characters long"
}
400 {
"message": "sender_country required"
}
400 {
"message": "sender_country must ISO 3166 code"
}
400 {
"message": "sender_number must be between 6 and 24 characters long"
}
400 {
"message": "sender_name required"
}
400 {
"message": "sender_name must be between 3 and 64 characters long"
}
400 {
"message": "sender_SWIFT required"
}
400 {
"message": "sender_SWIFT must be between 6 and 12 characters long"
}
400 {
"message": "sender_SORT must be between 6 and 18 characters long"
}
400 {
"message": "sender_IBAN required"
}
400 {
"message": "sender_IBAN must be between 16 and 32 characters long"
}
400 {
"message": "sender_IBAN is not valid"
}
400 {
"message": "receiver_bank required"
}
400 {
"message": "receiver_bank must between 3 and 64 characters long"
}
400 {
"message": "receiver_branch required"
}
400 {
"message": "receiver_branch must between 3 and 128 characters long"
}
400 {
"message": "receiver_country required"
}
400 {
"message": "receiver_country must ISO 3166 code"
}
400 {
"message": "receiver_number must be between 6 and 24 characters long"
}
400 {
"message": "receiver_name required"
}
400 {
"message": "receiver_name must be between 3 and 64 characters long"
}
400 {
"message": "receiver_SWIFT required"
}
400 {
"message": "receiver_SWIFT must be between 6 and 12 characters long"
}
400 {
"message": "receiver_SORT must be between 6 and 18 characters long"
}
400 {
"message": "receiver_IBAN required"
}
400 {
"message": "receiver_IBAN must be between 16 and 32 characters long"
}
400 {
"message": "receiver_IBAN is not valid"
}
400 {
"message": "invoice_number must be between 8 and 16 characters long"
}
400 {
"message": "invoice_description is required when invoice_number is specified"
}
400 {
"message": "invoice_description must be between 3 and 64 characters long"
}
400 {
"message": "instructions required"
}
400 {
"message": "instructions must be between 3 and 256 characters long"
}
400 {
"message": "workflow required"
}
400 {
"message": "workflow valid values 'GENERATE' | 'GENERATE_SEND'"
}
400 {
"message": "Only customer role can use function"
}
500 {
"message": "Error occurred while processing”
}
500 {
"message": "File not found”
}

 

 

 

 

POST /api/middleware/composer/pain.001
transfer_method:
transfer_currency:
transfer_amount:
transfer_reference:
sender_bank:
sender_branch:
sender_country:
sender_number:
sender_name:
sender_SWIFT:
sender_SORT:
sender_IBAN:
receiver_bank:
receiver_branch:
receiver_country:
receiver_number:
receiver_name:
receiver_SWIFT:
receiver_SORT:
receiver_IBAN:
invoice_number:
invoice_description:
instructions:
workflow:

RESULT /api/middleware/composer/pain.001
Response Here

 

 

 

Get Payload

Get the raw pain.001 payload of the ISO 20022 Protocol for an already submitted request
  • Endpoint

    • POST /api/middleware/composer/payload

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
message_id string   m
  • Notes

    • Requires JWT Bearer Token

    • Returns the raw XML in the HTTP body of the response

  • Successful response: HTTP 200; content-type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<Document
    xmlns="urn:iso:std:iso:20022:tech:xsd:pain.001.001.09"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:pain.001.001.09 pain.001.001.09.ch.03.xsd">
    <CstmrCdtTrfInitn>
        <GrpHdr>
            <MsgId>948decc4-282c-44f3-aec9-99de7786</MsgId>
            <CreDtTm>2023-04-29T05:19:05.611Z</CreDtTm>
            <NbOfTxs>1</NbOfTxs>
            <CtrlSum>12.34</CtrlSum>
            <InitgPty>
                <Nm>Lucas Müller</Nm>
                <CtctDtls>
                    <Othr>
                        <ChanlTp>NAME</ChanlTp>
                        <Id>AVIS ISO 20022 Middleware</Id>
                    </Othr>
                    <Othr>
                        <ChanlTp>PRVD</ChanlTp>
                        <Id>AVIS BANK</Id>
                    </Othr>
                    <Othr>
                        <ChanlTp>VRSN</ChanlTp>
                        <Id>0.9</Id>
                    </Othr>
                    <Othr>
                        <ChanlTp>SPSV</ChanlTp>
                        <Id>0201</Id>
                    </Othr>
                </CtctDtls>
            </InitgPty>
        </GrpHdr>
        <PmtInf>
            <PmtInfId>948decc4-282c-44f3-aec9-99de7786</PmtInfId>
            <PmtMtd>TRF</PmtMtd>
            <BtchBookg>true</BtchBookg>
            <PmtTpInf>
                <SvcLvl>
                    <Cd>SEPA</Cd>
                </SvcLvl>
            </PmtTpInf>
            <ReqdExctnDt>
                <Dt>2023-04-29</Dt>
            </ReqdExctnDt>
            <Dbtr>
                <Nm>Lucas Müller</Nm>
            </Dbtr>
            <DbtrAcct>
                <Id>
                    <IBAN>DE89370400440532013000</IBAN>
                </Id>
                <Tp>
                    <Prtry>CWD</Prtry>
                </Tp>
            </DbtrAcct>
            <DbtrAgt>
                <FinInstnId>
                    <BICFI>TUBDDEDD502</BICFI>
                </FinInstnId>
            </DbtrAgt>
            <CdtTrfTxInf>
                <PmtId>
                    <InstrId>948decc4-282c-44f3-aec9-99de7786</InstrId>
                    <EndToEndId>371e5b25</EndToEndId>
                </PmtId>
                <Amt>
                    <InstdAmt Ccy="EUR">12.34</InstdAmt>
                </Amt>
                <Cdtr>
                    <Nm>Philippe Alain LAURENT</Nm>
                    <PstlAdr>
                        <Ctry>FR</Ctry>
                    </PstlAdr>
                </Cdtr>
                <CdtrAcct>
                    <Id>
                        <IBAN>FR1420041010050500013M02606</IBAN>
                    </Id>
                </CdtrAcct>
                <RmtInf>
                    <Ustrd>AGXF987932SD</Ustrd>
                </RmtInf>
            </CdtTrfTxInf>
        </PmtInf>
    </CstmrCdtTrfInitn>
</Document>

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "message_id required."
}
404 {
"message": ""message": "Payload not found. message_id = 948decc4-282c-44f3-aec9-99de7786"
}

 

 

 

 

POST /api/middleware/composer/payload
message_id:

RESULT /api/middleware/composer/payload
Response Here

 

 

 

pacs.002: MT107

For the pain.001 sent directly to the intermediary bank, the Middleware polls, stores and parses the pacs.002 response(s). All the responses are compressed into an archive and streamed via the API.
  • Endpoint

    • POST /api/middleware/composer/pacs.002

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
message_id string   m
  • Notes

    • Requires JWT Bearer Token

  • Successful response: HTTP 200; content-type: application/xml

    • Zip archive with pacs.002 response(s) is streamed to the API


Sample pacs.002 content 
<?xml version="1.0" encoding="UTF-8"?>
<Document
    xmlns="urn:iso:std:iso:20022:tech:xsd:pacs.002.001.10"
    xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:pain.002.001.10
pain.002.001.10.xsd">
    <CstmrPmtStsRpt>
        <GrpHdr>
            <MsgId>81510dc-730</MsgId>
            <CreDtTm>2023-04-29T05:30:32.051Z</CreDtTm>
            <InitgPty>
                <Id>
                    <OrgId>
                        <AnyBIC>CRESCHZZ</AnyBIC>
                    </OrgId>
                </Id>
            </InitgPty>
        </GrpHdr>
        <OrgnlGrpInfAndSts>
            <OrgnlMsgId>c0e48574-8da2-49f8-a144-0bc98da0</OrgnlMsgId>
            <OrgnlMsgNmId>pain.001.001.09.ch.02</OrgnlMsgNmId>
            <GrpSts>ACCP</GrpSts>
        </OrgnlGrpInfAndSts>
    </CstmrPmtStsRpt>
</Document>

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "message_id required."
}
404 {
"message": "Payload not found. message_id = 948decc4-282c-44f3-aec9-99de7786"
}

 

 

 

 

POST /api/middleware/composer/pacs.002
message_id:

RESULT /api/middleware/composer/pacs.002
Response Here

 

 

 

caaa.001.001.12: Acceptor to Acquirer Card Transactions MTID 0100, MTID 0120 & MTID0200

This API endpoint will accept Visa and Mastercard MTID 0100, MTID0120 and MTID0200 requests and convert those to Acceptor to Acquirer Card Transactions caaa.001.001.12 payloads. The corresponding MTID 0110, MTID 0130 and MTID0210 can be retrieved from API endpoint {{url}}/api/middleware/composer/caaa.002.001.12.mtid0110_mtid0130_mtid0210

The Acceptor to Acquirer Card Transactions are received by the Intermediary Bank (simulator). The intermediary then generates Acquirer to Issuer Card Transactions Payload (cain.001.001.03) and sends this to the Issuer for final authorization and settlement.

This endpoint will accept MTID 0100, MTID 0120, and MTID0200

  • Endpoint

    • POST /api/middleware/composer/caaa.001.001.12.mtid

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
mtid string MTID0100, MTID0120, or MTID0200 Payload (see below) m
  • Example Payloads (without linebreaks):

      • MTID0100 Sample:
    • 03530100723c668128c2980019564445000150000010700
00000000000010000619231056000004061054062028051
799531021000000856444500375644450001500000107=2
80510110000000003170230000040001000211083182600
00560795508ECOCZWHX61112200 0000206223385644451
70020000310568641600000000000872186701084010010
11110100101111011111101000011101110101100010011
0000111101112001010100000000

      MTID0120 Sample:
    • 02790120723C66812CC2800019564445000150000010700
00000000000010000619231056000004061054062028051
799531021000000856444500375644450001500000107=2
8051011000000000317023000004ABC1230001000211083
18260000560795508ECOCZWHX61112200 0000206223385
644451700200003105686416000000000008721867010840

      MTID0200 Sample:
    • 02300200723C248120C2881019564445000410000001400
00000000001000000502082642000259082642050227049
32021020856444500564445000410000000000000000000
001122551002000211087547000000000061112200 0000
2064160000000000051815670108402001010100000000

  • Notes

    • Requires JWT Bearer Token

  • Successful response: HTTP 200; content-type: application/xml


<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
  xmlns="urn:iso:std:iso:20022:tech:xsd:caaa.001.001.12"
  xmlns:xs="http://
www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
targetNamespace="urn:iso:std:iso:20022:tech:xsd:caaa.001.001.12">
  <AcceptorAuthorisationRequest12>
    <Hdr>
      <XchgId>7a2dbd45-adfd-40a2-9aa0-b550a29f</XchgId>
      <CreDtTm>2023-06-19T09:55:59.742Z</CreDtTm>
      <InitgPty>
        <Id>AVIS Bank</Id>
        <AcqrrCtrCode>932</AcqrrCtrCode>
        <AcqrrInstCode>56444500</AcqrrInstCode>
        <FwrdInstCode></FwrdInstCode>
      </InitgPty>
    </Hdr>
    <Card>
      <PlainCardData>
        <PAN>5644450004100000014</PAN>
        <CardSeqNb></CardSeqNb>
        <Track2Dt></Track2Dt>
        <XpryDt>2704</XpryDt>
      </PlainCardData>
    </Card>
    <Tx>
      <Initn>
        <Amt>1000</Amt>
        <Ccy></Ccy>
        <RcptTxId>7a2dbd45-adfd-40a2-9aa0-b550a29f</RcptTxId>
      </Initn>
      <AddtlTxData>
        <ProcessingCode>000000</ProcessingCode>
        <TrxDateTime>082642 0502</TrxDateTime>
        <STAN>000259</STAN>
      </AddtlTxData>
    </Tx>
    <ProprietaryBankTransactionCode>
      <PrtryEntryMode>021</PrtryEntryMode>
      <PrtryCondMode>02</PrtryCondMode>
    </ProprietaryBankTransactionCode>
    <NtryDtls>
      <TxDtls>
        <Refs>
          <EndToEndId>7a2dbd45-adfd-40a2-9aa0-b550a29f</EndToEndId>
        </Refs>
      </TxDtls>
    </NtryDtls>
    <POI>
      <Id>
        <PrtryId>00000061</PrtryId>
      </Id>
      <Cmpnt>
        <Id>112200 00002064</Id>
      </Cmpnt>
    </POI>
    <AddtlTxData>
      <Field47></Field47>
      <Field55></Field55>
    </AddtlTxData>
  </AcceptorAuthorisationRequest12>
</xs:schema>

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "mtid is required."
}

 

 

 

 

POST /api/.../caaa.002.001.12.mtid0110_mtid0130_mtid0210
mtid:

RESULT /api/middleware/composer/camt.024.001.05.mtid0120
Response Here

 

 

 

caaa.002.001.12: Responses to caaa.001.001.12 | MTI0110, MTI0130 and MTID0210

This API endpoint provides ISO8583 responses equivalent to ISO20022 caaa.002.001.12 responses. The responses from this API are conducted using the API endpoint {{url}}/api/middleware/composer/caaa.001.001.12.mtid
  • Endpoint

    • POST /api/middleware/composer/caaa.002.001.12.mtid0110_mtid0130_mtid0210

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
message_id string This is the Parameter from the API endpoint {{url}}/api/middleware/composer/caaa.001.001.12.mtid m
  • Notes

    • Requires JWT Bearer Token

  • Successful response: HTTP 200; content-type: application/zip

    • File Download

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "message_id required."
}
404 {
"message": "Payload not found. message_id = 948decc4-282c-44f3-aec9-99de7786"
}

 

 

 

 

POST /api/.../caaa.002.001.12.mtid0110_mtid0130_mtid0210
message_id:

RESULT /api/.../caaa.002.001.12.mtid0110_mtid0130
Response Here

 

 

 

iso8583Responses: MTID 0110, MTID 0210, MTID 130

This endpoint will send the ISO8583Responses to MTID 0100, MTID 0200, MTID 0120.
  • Endpoint

    • POST /api/middleware/composer/iso8583Responses

  • POST content-type:

    • application/x-www-form-urlencoded

  • Data Parameters

Name Type Notes Mandatory
message_id string messsage_id is equivalent to <XchgId> in the response payload as highlighted below. m
  • Notes

    • Requires JWT Bearer Token

  • Successful Response: HTTP 200; content-type: application/text

02320110722220010E828000195644450001500000107
000000000000001000061923105600000406305310856
444500708381089031LAYNLV000001000210650120000
000000005508ECOCZWHX61112200 0000206223385644
451700200003105686312547016270254641600000000
00087218840

  • Error Responses; content-type: application/json

HTTP Code Response
401 Unauthorized
400 {
"message": "message_id is required."
}

 

 

 

 

POST /api/middleware/composer/iso8583Responses
message_id:

RESULT /api/middleware/composer/iso8583Responses
Response Here