Skip to main content

API essentials

API routes

The connectivity to the debiX API can be established via multiple network channels. The bank can choose which one to rely on for the test and production environments.

Here is a list of the available connectivity channels and related paths:

SSFN

EnvironmentURL
PRODhttps://api.six.ssfn.ch/api/debix/bank/v2
TESThttps://api-preprod.np.six.ssfn.ch/api/debix/bank/v2

P2P

EnvironmentURL
PRODhttps://api.p2p.six-group.com/api/debix/bank/v2
TESThttps://api-preprod.np.p2p.six-group.com/api/debix/bank/v2

Internet

EnvironmentURL
PRODhttps://api.six-group.com/api/debix/bank/v2
TESThttps://api-preprod.np.six-group.com/api/debix/bank/v2

Example

Each path must be combined with the API platform URL. Therefore, all endpoints are defined with a related path.

Here is an example for the /healthcheck endpoint:

endpoint-example.png

Encoding

As defined in RFC4627, the encoding for JSON content is UTF-8.

HTTP verbs

The endpoints use the appropriate HTTP verb for the operations.

VerbDescription
GETRetrieve resources
POSTCreate resources
PUTUpdate resources with full data
DELETEDelete resources

Some resources offer a search method via a POST request, e.g. POST /digitalcards/search. The search parameters must be provided in the body of the POST request.

HTTP headers

HTTP headers let the client and the server forward additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value.

Request headers

The following headers must be used for every request:

  • accept: application/json
  • x-request-id A unique identifier for a request and response pair.
  • content-length: <length> Must be specified for requests with a payload.

Response headers

The API always indicates the return type with a content-type header.

Response codes

The result of the endpoint's operation is reflected in the HTTP status code. The standard HTTP status codes are used:

HTTP status codeSummaryDescription
200OKThe request was handled successfully
201CreatedA new resource was created
304Not modifiedThe resource has not been changed
400Bad requestThe request parameters are invalid
401UnauthorizedThe authentication information is missing
403ForbiddenNo access to the resource
404Not foundThe resource could not be found
500Internal server errorAn unexpected condition was encountered
503Service unavailableThe server cannot handle the request

Error responses

Error responses include an HTTP status code and a JSON response body that contains details about the error: bankapierror-example.png

Error codes

The application error codes are used in the body of an error response.

Application errorError codeDescription
MISSING_MANDATORY_PARAMETER4100A mandatory parameter is missing.
PARAMETER_VALIDATION_FAILED4102The validation of the provided request parameters failed.
AUTHORIZATION_FAILED4401The authorization failed.
ENDPOINT_NOT_ENTITLED4402The entitlement is missing for the requested endpoint.
OPTIMISTIC_LOCK_ERROR4409The operation failed due to optimistic locking.
UNKNOWN_CARD4430The card for the provided attributes could not be found.
DIGITAL_CARD_STATUS_UPDATE_NOT_ALLOWED4431Updating the digital card status from the current status to the requested status is not allowed.
BANK_CLEARING_NUMBER_NOT_CONFIGURED4432The bank clearing number is not configured on the issuer.
UNKNOWN_WALLET_PROVIDER4433The wallet provider is unknown.
THREE_DS_NOT_ENABLED_FOR_ISSUER44343DS registration is not enabled for the given issuer.
CARD_ALREADY_REGISTERED_FOR_THREE_DS4435The card is already registered for 3DS.
CARD_INACTIVE4436The card is not active.
DIGITAL_CARD_HAS_PENDING_STATUS4437The digital card has currently a pending status which prevents further status updates.
CARD_STATUS_UPDATE_NOT_ALLOWED4438Updating the card status from the current status to the requested status is not allowed.
CARD_HAS_PENDING_STATUS4439The card has currently a pending status which prevents further status updates.
SET_PIN_NOT_ALLOWED_FOR_BLOCKED_OR_DELETED_CARD4440The pin cannot be set for a blocked or deleted card.
PIN_PREVIOUSLY_PASSED_TO_NEWER_CARD4442The pin was previously passed to a newer card.
UNKNOWN_PARENT_CARD4443The parent card could not be found.
VIRTUAL_CARD_EQUALS_PARENT_CARD4444The virtual card equals the parent card.
CARD_ALREADY_EXISTING4445The card already exists.
DELIVERY_INFORMATION_FOR_OTRC_MISSING4446The delivery information for otrc is missing.
NO_CARD_DETAILS_AVAILABLE4447No card details are available for this card.
AUTHENTICATION_METHOD_CHANGE_NOT_ALLOWED4448Updating the authentication method from the current to the requested method is not allowed.
TOKENIZATION_NOT_SUPPORTED4449Issuer does not support tokenization.
NO_CERTIFICATE_FOUND4450No certificate is registered for this issuer.
INVALID_JWS_SIGNATURE4451The signature of the JWS is invalid.
START_SET_PIN_NOT_CALLED4452The Start Set Pin was not called to initiate the Set Pin.
THREE_DS_OOB_NOT_ENABLED_FOR_ISSUER44533DS OOB is not enabled for the given issuer.
EXCLUDED_WALLET_PROVIDER4454Wallet provider is excluded for issuer.
UNKNOWN_MERCHANT4455Merchant id unknown.
UNKNOWN_WALLET_TYPE4456The wallet type is unknown.
CARD_NOT_REGISTERED_FOR_THREE_DS4457The card is not registered for 3DS.
RETRIEVE_PIN_NOT_ALLOWED_FOR_DELETED_CARD4458The pin cannot be retrieved for a deleted card.
ECOMMERCE_FEATURE_TOGGLE_NOT_ACTIVATED4460The card is not allowed to perform e-commerce transactions.
INCOMPLETE_OR_MISSING_ADDRESS_DATA4461The card's address data is missing or incomplete.
DELIVERY_INFORMATION_FOR_CARD_OR_PIN_MISSING4462The delivery information for the PIN or physical card is missing.
CARD_EXPRESS_CODE_MISSING4463The card express code is missing.
PIN_EXPRESS_CODE_MISSING4464The PIN express code is missing.
PRODUCER_CODE_MISSING4465The producer code is missing.
CARDLINE1_MISSING4466The first line to be printed on the card is missing.
OPERATION_FAILED5001The requested operation failed.
TECHNICAL_ERROR5002A technical error occurred.

Standard error codes

Some application error codes may be returned from any endpoint and are excluded from the detailed endpoint descriptions:

  • 4401
  • 4409
  • 5001
  • 5002

Request validation error codes may be returned from any POST and PUT endpoint with request arguments and are excluded from the detailed endpoint descriptions:

  • 4100
  • 4102

Authentication and Authorization

Authentication and authorization are described in the section Security