You can sign up and start using the Sandbox environment, whether you are a customer of cdbbank or not.

You may use the "Contact us" form through the Developers portal. We will be more than happy to assist you. We always value your feedback and welcome any comments you may have to improve our programs and services.

Yes, you may delete your profile account by clicking on the "Forget me" button under profile details.

Unfortunately you cannot upload your own test data, however our sandbox test database holds sufficient test data to accommodate your needs.

Our APIs are not registered with a specific Open Banking standard. However, during the creation of our APIs, the UK Open Banking (https://www.openbanking.org.uk/) standard has been followed. Our flows follow version 1.1 of UK Open Banking Standard with minimum changes in payment APIs to accommodate international payments.

You may refer to the reset client secret instructions. It is extremely important to remember to update your application with the new client secret, once it is reset.

The application's Client Secret is generated once and you are advised to keep the value since it is stored in encrypted format and we cannot retrieve it on your behalf. However, in case you forget its value you may navigate to the "Apps" menu and click on the "Reset" button under the "Client secret" section.

You are advised to try again after some time. If the problem persists, please contact us since there is a possibility that the service is down.

Detailed logs are available for both Sandbox and Live Applications, that allow developers to see which APIs were called, when they were called and all relevant request and response data that was sent.

You can create as many apps as you wish and there is no limit to the number of registered apps. However, you are advised to consciously create your apps with clear title and description for better management.

Signing up to the developers' portal, creating applications and testing is totally free of charge.

A TPP can access customer account data for 90 days. After this period has elapsed, customer consent should be requested again. Regarding information requested for transactions outside the period that the customer has given consent, a new consent request must be made to the customer.

Data can be retrieved up to a maximum period which cannot exceed the respective data retrieval period of the Bank’s internet banking channel.

Yes, you can start fresh at any point, by clicking “Clear Transactions” from the Sandbox Accounts Dashboard in the portal (you need to be logged in to view this).

Yes, all bank customers have the option to cancel their consent through our internet banking channel.

Our APIs have been implemented based on the OAuth 2.0 industry-standard protocol to guarantee secure and authenticated transmission of data. Moreover, we perform API penetration tests regularly to ensure APIs security. Finally, only data that is approved by customer is accessible from the APIs.

Once you register your application on our API banking platform, the Client ID as well as the Client Secret are generated. Your Client ID is available under "My apps" section however, the Client Secret is stored encrypted, therefore we cannot retrieve it for you. In case you forget the Client Secret you may regenerate it.

Yes, access tokens have an expiration. If the token is expired, a relevant error message will be returned through a 400 error response. You will then need to request a new access token.

The financial limits applied to the payments initiated from APIs are inline with the Bank's eBanking rules.

Yes, an OTP is required for the execution of payments. For Sandbox purposes however, the OTP is always the same and can be viewed from the Sandbox Accounts Dashboard in the portal (you need to be logged in to view this).

The Sandbox environment allows developers to test payments by providing a number of “test customers”, i.e. virtual customers with their own test accounts, balances and transaction history. The accounts of these test customers can be used in API payment calls, to simulate payments in the real world. The relevant changes are recorded in account balances and transaction history.

The system will automatically populate the appropriate type of Payment, based on the details of the payment (IBAN, currency etc) consequently, you don’t have to choose the payment type.

The “Client Credential” and “Authorization Code” grant types are supported.

Yes, Sandbox data is private. However, you should always be cautious and not disclose your profile username, password or Client Secret to others.

Deleting your profile account will result to the deletion of the applications created under your profile as well.

Even though a community forum is not available at the moment, you may contact us through the Developers’ portal to address any inquiries and we will be more than happy to assist you.

The submission of future dated payments is allowed through the “Create Payment Request” API using future value and/or execution date. Any of the two fields may be completed while submitting the payment and the other will be automatically completed by the Bank, if left empty. The selected combination of dates will determine if the payment will be submitted with Same Day, Next Day or SPOT value date.

Both “ValueDate” and “ExecutionDate” fields may be left empty and the Bank will populate the values for each transaction. In general, the combination of “ValueDate” and “ExecutionDate” allows the submission of payments with Same Day, Next Day or SPOT value date. If the cut-off time for the payment has been exceeded, a warning will be raised on Payment Authorisation Screen and if the payment service user (PSU) chooses to proceed with the selected execution date, the payment will be processed by the Bank on a best-effort basis.

In general, the “Create Payment Request” API may be used to initiate any kind of payment. The below fields are mandatory for all transaction types however, additional fields may be mandatory for specific payment types (please refer to the question that relates to the particular payment type for more details).

The mandatory fields to be submitted for all transaction types are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount{Currency, Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}

The mandatory fields for the execution of internal transfers to other accounts the client maintains with cdbbank are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount{Currency, Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}
  • RemittanceInformation {RemittanceInfo1}
  • ChargesBy (allowed values: BEN or OUR)

 

The mandatory fields for internal transfers to other cdbbank accounts are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount {Currency, Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}
  • RemittanceInformation {RemittanceInfo1}

Generally, the same API (Create Payment Request) may be used for the execution of single payments for all transaction types. However, submitting a SEPA payment requires specific criteria to be met. SEPA payments should always be in Euro currency, the creditor account has to be  SEPA reachable (within Eurozone), the amount has to be less than 50,000 and Charges have to be Shared between the creditor and debtor accounts. SEPA payments are always submitted as SPOT payments (i.e. with Normal Value Date).

The mandatory fields for SEPA payments are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount {Currency (allowed value: EUR), Amount (allowed value: <= 50,000)}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}
  • RemittanceInformation {RemittanceInfo1}
  • ChargesBy (allowed value: SHA)

Generally, the same API (Create Payment Request) may be used for the execution of single payments for all transaction types. In case any of the SEPA criteria are not met, the payment will be submitted automatically as SWIFT e.g. currency other than Euro, same day payment, creditor account used is not SEPA reachable etc.

The mandatory fields for SWIFT payments are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount {Currency, Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name, BenAddress1 (mandatory if currency is USD)}
  • RemittanceInformation {RemittanceInfo1}
  • ChargesBy (allowed values: BEN, OUR, SHA)

In order to be able to submit a payment in Roubles, the field “inOutRussiaFlag” has to be completed.

The mandatory information for payments in Roubles, inside Russia are:

  • Creditor Agent {SchemeName, Identification}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount {Currency (RUB), Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}
  • RemittanceInformation {RemittanceInfo1}
  • RublesPaymentInfo {Bik, CorrespondentBankAccount, InOutRussiaFlag (allowed value: true), VoCode}
  • ChargesBy (allowed values: BEN, OUR, SHA)

In order to be able to submit a payment in Roubles, outside Russia, the field “inOutRussiaFlag” has to be completed.

The mandatory fields for payments in Roubles outside Russia are:

  • Creditor Agent {SchemeName, Identification, InterBankName, InterBankAddress}
  • Debtor Agent {SchemeName, Identification}
  • InstructedAmount {Currency (RUB), Amount}
  • DebtorAccount {Identification, SchemeName}
  • CreditorAccount {Identification, SchemeName, Name}
  • RemittanceInformation {RemittanceInfo1}
  • RublesPaymentInfo {Bik, CorrespondentBankAccount, InOutRussiaFlag (allowed value: false), VoCode}
  • ChargesBy (allowed values: BEN, OUR, SHA)

LOAD MORE QUESTIONS

Need to get in touch?

CONTACT US