Getting started

Ready to build your apps? Get started by following a few simple steps.

A “how-to” guide to use our banking APIs

As a third party app provider, go through the following steps in order to use our APIs :

  1. Explore 
    Navigate through our API products catalogue and leverage the wide range of opportunities given 
    Group API Products catalog
  2. Sign-up 
    Create your account Sign up
  3. Try the APIs 
    Try the APIs using the built-in testing functionality to get an understanding of how it works.
  4. Create and register your Sandbox Application 
    Register an Application in your Account Profile to get your Client ID and Secret. Subscribe to one or more of our sandbox products that fit your needs in order to receive your subscription keys.
  5. Test 
    Use the sandbox environment to get familiar with the Alpha Bank products, explore their features and test your applications with the provided sample data. The sandbox features the same functionality as the production APIs, so you can be sure that your applications will integrate smoothly with the production APIs.
  6. Create and register your Production Application
    When you’re finished testing, submit your application for the production data, upload any certificate required (e.g. eIDAS for PSD2 API Products), subscribe to our Production APIs, get authorized and go live!

Download Open API Specification Documentation

Download Open API Specification (YAML)

Authentication and Authorisation

The use of the offered APIs is protected by an authentication/authorisation server (Auth server). The server is compliant with the OAuth2 standard and accessible at the following endpoints.

Production environment Auth server endpoints
Token endpoint: https://gw.api.alphabank.eu/auth/token
Authorisation endpoint: https://gw.api.alphabank.eu/auth/authorize

 

Sandbox environment Auth server endpoints
Token endpoint: https://gw.api.alphabank.eu/sandbox/auth/token
Authorisation endpoint: https://gw.api.alphabank.eu/sandbox/auth/authorize

The use of specific grant types and/or scopes is required at specific cases during the flow of using the offered functionality.

The basic concept behind the main usage scenarios is based on a two-phase execution. The first phase is related to the creation of an intent object by the client application. The second phase is about the authorisation of this intent object by the end user and the use of the required API operations.

Creation of an intent object

The creation of the intent object is performed by the client application alone without an intervention by the end user. This phase includes two steps. The first step is the acquisition of an access token from the authorization server token endpoint using client credentials. The credentials are provided to the requests using HTTP basic authentication.

grant_type client_credentials
Scope account-info-setup or transfer-setup depending on the intended processes

Supplying this access token to the appropriate intent object generation API operation (using the Authorisation header), the client application asks for the generation of an intent object (account information or payment intent object). The API operation responds with an intent identifier.

Authorisation of the intent object

This second phase is about authorising the intent object created during the first phase described above. This authorisation is performed as an authorisation code three-legged OAuth2 flow.

The end-user is redirected by the client application to the authorisation endpoint of the Auth server and the UI is presented to the end-user using the default operating system web browser. The parameters to the authorisation request are:

client_id The client_id is assigned by Alpha Bank as an identifier to the client application
response_type Code
scope account-info
redirect_uri The location (URL) the end user will be redirected after completion of the authorisation process. This URL must be known and associated with the client application.
request The identifier of the intent object created at the end of the previous phase (see description above)

A successful request to the authorisation endpoint with the parameters above results in the rendering of an authentication interface. The end user is asked for his username, password in the Alpha Bank e-Banking. The authentication is performed at the Alpha Bank e-Banking backend systems.

After authenticated (logging-in) the end-user is presented with a consent screen, which reflects a representation of the intent object created during the first phase. In case of account-information request intent object the end user is asked for giving authorisation to the client application to make calls to the account information and transactions only API operations on behalf of the end user for a given duration.

In the case of a Payment intent, the end user is presented with the details of the intended payment, such as creditor information, amount, expenses, etc. The user is asked for selecting his account to be used for the payment (if not preselected) and a second-factor authentication if necessary.

Upon acknowledging the authorisation of the client application, the authorisation server responds with and authorisation code. This authorisation code is subsequently used by the client application in order to acquire an intent object bound access token. The access token is acquired with a request to the token endpoint using the following parameters.

client_id The client_id is assigned by Alpha Bank as an identifier to the client application
client_secret The «password» of the client application
grant_type authorization_code
redirect_uri The location (URL) the end user will be redirected after completion of the authorisation process. This URL must be known and associated with the client application. Must be the same used during auth code request.

The result of the call to the token endpoint is a new access-token which is bound to the specific intent object. This access token is then used (as value to the Authorisation header) by the client application with any request related to the execution of the intent object.

Sandbox

Use the sandbox environment to get familiar with the Alpha Bank products, explore their features and test your applications with the provided sample data. For the scope of the sandbox we have created a set of non-real accounts that you can use to develop your applications. To get access to these sample accounts, use one of the following test users when you get redirected to the Alpha bank login screen.

Username Password
gpapadopoulos GPapadopoulos01
6ae
AEtaireia02
pgeorgiou PGeorgiou03
giwannou GIwannou04
aathanasiou AAthanasiou05
mmariou MMAriou06
aanastasiou AAnastasiou07
eeuaggelou EEuaggelou08
sstaurou SStaurou09
anastasis AAnastasiou10
kkwnstantinou KKwnstantinou11
ddimitriou DDimitriou12
mmatthaiou
MMatthaiou13

Remember to review the documentation of each API and test them before you start using them.

The sandbox features the same functionality as the production APIs, so you can be sure that your applications will integrate smoothly with the production APIs.