Transfer API v1.0.0

Brankas Direct provides Fintechs and SMEs with an API-driven payment solution that allows them to digitally transact with their end users and customers. By debiting their online bank accounts and transferring directly to their accounts payable accounts, Brankas Direct leverages on enterprises that are able to execute fund transfer-based transactions over a growing basket of banks via a single set of APIs.

Host https://docs.brank.as
Base Path v1

API Access

This section details the first steps you need to take to successfully launch Brankas Direct.

API Environment
API Authorisation
Encryption
Application design
Registering your Destination Accounts
Registering your Callback URLs

API Environment

Brankas provides a sandbox and live environment for Direct. Both sandbox and live environments require separate OAuth client credentials specific to each environment that will be used to acquire an API token.

For sandbox environment

Authorisation Host URL	API Service Host URL
auth.sandbox.<YOUR_SUBDOMAIN>.bnk.to	direct.sandbox.<YOUR_SUBDOMAIN>.bnk.to

API Authorization

All requests to the Direct API must be authorized using token-based authentication. This means, your client application needs to obtain an access token from the authorization service using your application credentials– your Client ID and Client Secret. Access tokens are environment-specific. To obtain access tokens for a particular environment, make a request to token endpoints using basic authentication to the relevant environment-specific authorization service using the proper application credentials. API authorization involves sending an authorization header value that is a base 64-encoded concatenation of your client application’s credentials. To access user data, user credentials are required in your requests to the endpoint. To maintain security, the data shared to the endpoints should be transferred with HTTPS. Data shared are included in Credential object in the API call. When the endpoint requires a user authorisation, a return call to your application, including an object that contains Status value will be used to determine the next steps.

Encryption

Brankas APIs require HTTPS with TLS >= 1.2. Non-encrypted HTTP connections are not accepted, as they will transmit your access token in plaintext over the network.

Always validate certificates. You should not proceed with a connection if you receive a certificate validation error from Brankas. Make sure all parts of your application are using encryption and HTTPS and failing when certificate validation fails.

Two Factor Authentication

Two-factor authentication is a security feature that allows users to verify themselves through 2 different authorisation factors. The first factor to authorise is to successfully log in to user’s account and then a one-time password (OTP) is sent to their registered mobile number. Users are to enter the OTP as the second factor of authorisation.

When calling for Brankas API, submitting a request with user credential will return a call for ‘status’ value of ‘AWAITING_TFA’. The return call allows the users to verify the two-factor authentication either 2FA or TFA with the banks.

When your application receives such a response, it should make use of the OTP that will be sent by SMS to the user’s device. A typical way to handle this would be to prompt the user to submit the OTP value in a form. Once you receive this information in your backend server, it should be sent to the SendTFA endpoint along with the relevant id (transfer_id in the above example).

When the response is successfully received, the OTP will be send to the user’s registered mobile number. To complete the authorisation, encourage users to submit the OTP value in a form _______. Upon submission, the information will be captured in your backed server and send to SendTFA endpoint along with relevant id.

For transfer id, refer to the example above(hyperlink to that section)

The purpose value is a service-specific enum value. For the example, request to the accounts endpoint above, this value would be BankCredentialLogin:

This token can be used for future requests by reusing the user sessions. This avoids the need for the users to authorise again.

Bank TFA Requirement

Direct are to comply with every banks’ two-factor authentication security policy. Two-factor authentication are deployed when

logging in Banks sets up two-factor authentication after users log in with their username and password as an additional security measures. Logging in with the TFA token completes the login process. Additionally, banks enforce 1 active user session per unique user.
transaction confirmation Two-factor authentication are also used to confirm a fund transfer. This step notifies the bank, confirms and authenticate the fund transfer.

Submitting a valid TFA token is essential for execution and fund transfer requests. The SendTFA endpoint submits TFA to the bank on behalf of users. Below is a list of the various TFA requirements for each bank:

Philippine Banks - TFA Requirement

Bank Name	End User Login	TFA Type	Transformation Confirmation	TFA Type
Brankas Bank (Sandbox)	Yes	String	Yes	String
Banco De Oro Unibank, Inc. (BDO)	Yes	SMS OTP	Yes	SMS OTP
Bank of the Philippine Islands (BPI)	No		Yes	SMS OTP
Philippine National Bank (PNB)	No		Yes	SMS OTP
The Metropolitan Bank and Trust Company (Metrobank)	Yes	SMS OTP	No
The Rizal Commercial Banking Corporation (RCBC)	Yes	SMS OTP	Yes	SMS OTP

Indonesia Banks - TFA Requirement

Bank Name	End User Login	TFA Type	Transformation Confirmation	TFA Type
Brankas Bank (Sandbox)	Yes	String	Yes	String
PT. Bank Central Asia, TBK	No		Yes	SMS OTP & Hardtoken
PT. Bank Rakyat Indonesia (Persero), TBK	No		Yes	SMS OTP
PT. Bank Mandiri (Persero), TBK	No		Yes	In-App Confirmation
PT. Bank Negara Indonesia (Persero), TBK	No		Yes	Hardtoken Exchange

Application Design

Secure your application against common security flaws (check out the OWASP Top 10). Consider how an attacker could leverage Unrestricted File Upload or Insecure Direct Object Reference to read the contents of your server’s environment or config files. If your application is larger, consider extracting Brankas-specific functionality into a separate middleware or service layer. This would enable you to move API tokens there, separate from the main application. Do not store the token in user-accessible code such as browser-side JavaScript or Android apps that can be decompiled. The token should always live server-side, exposing domain-logic via APIs. If you need to pass the token around via HTTP requests, use HTTP headers or POST body - do not store the token in URI or query parameters. Web servers usually log the URL and browsers pass it between websites via the Referer header.

Registering Your Destination Account

For SME, Fintech, merchant, and other corporate clients that intend to receive end user payment via one or several corporate accounts receivable bank accounts, you will need to enroll these bank accounts as part of the requirements for accessing and using the live environment of your Direct instance. Enrolling these bank accounts will allow them to be targeted by Direct as a valid beneficiary account in a fund transfer. Registering these beneficiary accounts are part of Brankas’s pre-launch requirements prior to granting your Direct instance access to our live bank integrations. This is a critical piece of security due diligence that must be performed in order to ensure compliance with any AML and Anti-Fraud regulations.

Brankas product and sales teams will assist you in ensuring that your accounts are enrolled prior to going live.

Registering Your Callback URLs

In order to support real-time reporting of new end user initiated fund transfers to your application, Brankas Direct supports the registration of Callback URLs. Upon the completion of a fund transfer, Brankas Direct will immediately POST to the Callback URL registered by the client, alerting them that a new transaction has been completed and logged in the transaction database. These transactions can be directly queried via the RetrieveTransfer endpoint using their Brankas assigned transaction_id.

Brankas product and sales teams will assist you in ensuring that your Callback URL is registered and configured prior to going live.

End User Transaction Authorisation

Brankas Direct requires end users to provide access to their internet banking accounts in order for it to perform the fund transfer. This entails submitting their internet banking access credentials and TFA tokens and codes to Brankas Direct so that it may likewise submit them to the end user’s online banking portal.

In order to secure this exchange of sensitive internet banking information, Brankas Direct leverages a web application called the Brankas Identity Provider service (IdP). The Brankas IdP provides end users with a secure environment through which they can submit their internet banking access credentials and authorize the fund transfer.

Upon initiating a fund transfer request with Brankas Direct, the service returns a pre-formatted URL to the Brankas IdP that end users can be redirected to. These URLs are unique and specific to the current requested fund transfer.

Brankas Identity Provider (idP) Provider

The Brankas IdP supports various the end user authentication and authorization mechanisms used by their bank’s internet banking platform to protect end user accounts from unauthorized access. These include:

Internet banking login credentials
TFA challenges of various types to authenticate the end user as part of login
TFA challenges of various types to authorize a fund transfer

The Brankas IdP automatically w ill adjust its flow to enforce the authentication and authorization requirements of any bank that has been integrated into Brankas Direct.

End User Security

As a matter of end user security, Brankas Direct uses Redirect URIs to a unique Brankas IdP user sessions to ensure that there are no touch points wherein 3rd Party Applications can gain access to sensitive internet banking access credentials or TFA codes.

Additionally, we enforce secure HTTPS connections to the Brankas IdP and all internal microservice communications are encrypted using mTLS >= 1.2. It also uses Cross-Site Request Forgery (CSRF) tokens and secure cookies to ensure the uniqueness of access to Brankas IdP sessions, preventing any potential session hijacking by malicious actors.

End user credentials and TFA challenges are never stored, ensuring that access credentials for their internet banking accounts cannot be stolen or abused.

Using Sandbox Environment

We have set up a Sandbox environment to simulate Brankas API calls. In this environment, you may perform test API requests to Brankas Bank, a dummy bank.

Below are the details required to perform API test calls in the Sandbox environment.

End User Credential TFA

In order to initiate a new user session with Brankas Bank, you may use the following credentials below:

Type	Value	Notes
Identifier	transfer*	The identifier transfer* is a wildcard email account that can be used to simulate multiple accounts, such as transfer1@domain.com, transfer2@domain.com, etc…
TFA Token	transfer	All wildcard transfer* accounts also use the secret value as the token value for all sandbox TFA challenges for both Login Authentication and Transaction Confirmation.
Brankas Bank enforces both TFAs for both Login Authentication and Transaction Confirmation.

End User Bank Account

All wildcard transfer* accounts possess the exact same bank accounts. These bank accounts can be used as the source account used for the fund transfer.

Type	Account #1	Account #2
Account Type	Savings	Savings
Account Number	0000-000-000	0000-000-001
Account Currency	IDR USD
Account Balance	125,000	125,000

Performing Fund Transfer

When initiating a test fund transfer against the Brankas Bank, please note the following values and validation conditions for different fields across the different endpoints.

Field Parameter	Value/Notes
Source Account Bank Code	DUMMY_BANK_PERSONAL
Destination Account Bank Code	DUMMY_BANK_DESTINATION
Recipient Account Number	Accepts any arbitrary string of 9 characters in length
Recipient Account Name	Accepts any arbitrary string
Remarks	An arbitrary user attached memo line (description) attached to the transfer.
Amount	The amount to be transfered. The amount entered must be less than the selected source account’s Available Balance.

Brankas Bank enforces both TFAs for both Login Authentication and Transaction Confirmation and will require the separate invocation of the TFA endpoint for each purpose. Additionally, note that fund transfers do not actually debit the account balances of these wildcard accounts. Subsequent requests to the Accounts endpoints will not reflect updated balances on accounts that were used in a previous fund transfer.

Status and Errors

HTTP Status Codes

Codes	Describtion
400	Request body is malformatted or does not match the expected request.
401	Request does not contain the correct user credentials.
403	User does not have permission to access the requested resource.
404	Resource could not be found.
500	An unexpected error occurred on the server side.

Direct Services Errors

Codes	Describtion
Unable to perform action	The Unable to perform action error will be return when a request is made during a session that is no longer available. This could be due to another session created.
Missing Required Field	The Missing Request Field error is caused by missing parameters from the transfer request.
Missing Credentials	The Missing Credentials error is caused by missing username or password in the request.
Invalid Source Account	The Invalid Source Account error is caused by an incorrectly parsed source account number.
Invalid Destination Account	The Invalid Destination Account error is caused by an incorrectly parsed destination account number.
Credential Type not Supported	The Credential Type not Supported error is caused by unsupported credential type.
Invalid Transfer Amount	The Invalid Transfer Amount error is caused by the transfer amount being incorrectly parsed or the transfer amount failing to meet some required condition, like an invalid amount.
Unsupported Bank Code	The Unsupported Bank Code error is caused by the bank not being supported for fund transfer initiation requests.
Unsupported Currency	The Unsupported Currency error is caused by banks not having support for the currency included in the request.
Invalid TFA Token	“Invalid TFA Token The Invalid TFA Token error is caused by a missing token value in the TFA request.”
Invalid Purpose	“Invalid Purpose The Invalid Purpose error is caused by mismatched purpose value in the TFA request. This would be the case if the request has a `purpose` of instead of when attempting to authorize a transfer request.”
Deadline Exceeded Due to Timeout	The Deadline Exceeded Due to Timeout error is caused by the request timing out before completion of the transfer.
Unavailable	The Unavailable error is caused by the Brankas service being currently unavailable.

Bank Errors

Codes	Describtion
Invalid Credential	This error is caused by the bank website declining the supplied user credentials.
Account in Use	This error is caused by the site declining the login request because a user session is still active.
Invalid Source Account	This error is caused by the site declining the transfer initiation due to an invalid source account number.
Invalid Recipient Account	This error is caused by the site declining the transfer initiation due to an invalid recipient account number.
Invalid Amount	This error is caused by the site declining the transfer initiation due to the transfer amount not meeting the bank’s transfer conditions.
Invalid Currency	This error is caused by the bank’s site declining the transfer initiation due to an unsupported currency.
TFA Expired	This error is caused by the bank’s site declining the transfer initiation due to a TFA/OTP timeout.
TFA Invalid	This error is caused by the bank’s site declining the transfer initiation due to an invalid TFA/OTP value.
TFA Maximum Trial Limit	This error is caused by the bank’s site declining the transfer
TFA Invalid Format	This error is caused by the bank’s site declining the transfer initiation due to an invalid TFA/OTP format.

gRPC Error Codes

Internally, our systems communicate with gRPC that comes with a standard set of status codes. These codes are mapped to the status and error responses of the TransferService endpoints. Below are the list of codes:

Codes	Number	Describtion
OK	0	Not an error; returned on success.
CANCELLED	1	The operation was cancelled, typically by the caller.
UNKNOWN	2	Unknown error. For example, this error may be returned when a Status value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error.
INVALID_ARGUMENT	3	“The client specified an invalid argument. Note that this differs from . indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). FAILED_PRECONDITION INVALID_ARGUMENT”
DEADLINE_EXCEEDED	4	The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long.
NOT_FOUND	5	Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented whitelist, NOT_FOUND may be used. If a request is denied for some users within a class of users, such as user-based access control, PERMISSION_DENIED must be used.
ALREADY_EXISTS	6	The entity that a client attempted to create (e.g., file or directory) already exists.
PERMISSION_DENIED	7	"The caller does not have permission to execute the specified operation. PERMISSION_DENIED must not be used for rejections caused by exhausting some resource (use instead for those errors). must not be used if the caller can not be identified (use UNAUTHENTICATED instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. RESOURCE_EXHAUSTED PERMISSION_DENIED”
UNAUTHENTICATED	16	The request does not have valid authentication credentials for the operation.
RESOURCE_EXHAUSTED	8	Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space.
FAILED_PRECONDITION	9	“The operation was rejected because the system is not in a state required for the operation’s execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between : (a) Use if the client can retry just the failing call. (b) Use ABORTED if the client should retry at a higher level (e.g., when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence). (c) Use FAILED_PRECONDITION if the client should not retry until the system state has been explicitly fixed. E.g., if an ““rmdir”” fails because the directory is non-empty, FAILED_PRECONDITION should be returned since the client should not retry unless the files are deleted from the directory. FAILED_PRECONDITION ABORTED UNAVAILABLE UNAVAILABLE”
ABORTED	10	“The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION , ABORTED, and UNAVAILABLE.”
OUT_OF_RANGE	11	“The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike INVALID_ARGUMENT, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate INVALID_ARGUMENT if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE if asked to read from an offset past the current file size. There is a fair bit of overlap between FAILED_PRECONDITION and We recommend using (the more specific error) when OUT_OF_RANGE. OUT_OF_RANGE” it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE error to detect when they are done.
UNIMPLEMENTED	12	The operation is not implemented or is not supported/enabled in this service.
INTERNAL	13	Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors.
UNAVAILABLE	14	The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations.
DATA_LOSS	15	Unrecoverable data loss or corruption.

Checkout

The Checkout endpoint creates a fund transfer initiation request that the end user can complete via the Brankas Identity Provider service (IdP). The Checkout endpoint is a fund transfer initiation request specific to the use case where the transaction amount is a predetermined value not defined by the end user, usually determined by an invoice or cart. Direct will create a unique user session on the Brankas IDP keyed to the fund transfer request’s internal transfer_id. The Checkout endpoint will respond with a preformatted URL that the end user must be redirected to in order to authorize the current fund transfer request. The Brankas Client needs to append the returned preformatted URL with their own redirect_uri query parameter where the end user will be sent after they have completed their session on the IDP.

curl -X POST \
	https://docs.brank.as/v1/checkout \
	-H 'Authorization: Bearer USE_YOUR_TOKEN' \
	-d '{
		"customer": {
			"fname": "string",
			"lname": "string",
			"mname": "string",
			"email": "string",
			"mobile": "string",
			"phone": "string",
			"customer_id": "string"
		},
		"reference_id": "string",
		"amount": {
			"cur": "CurrencyISO4217",
			"num": "string"
		},
		"from": {
			"type": "AccountInfoType",
			"bank_code": "BankCode",
			"account_number": "string",
			"identifier": "string",
			"holder_name": "string",
			"country": "CountryISO3166"
		},
		"to": {
			"type": "AccountInfoType",
			"bank_code": "DestinationBankCode",
			"account_number": "string",
			"identifier": "string",
			"holder_name": "string",
			"holder_first_name": "string",
			"holder_middle_name": "string",
			"holder_last_name": "string",
			"email_address": "string",
			"mobile_country_code": "string",
			"mobile_number": "string",
			"address_line1": "string",
			"address_line2": "string",
			"city": "string",
			"state": "string",
			"country": "string"
		},
		"payment_channel": "PaymentChannelType",
		"memo": "string",
		"destination_account_id": "string",
		"client": {
			"display_name": "string",
			"logo_url": "string",
			"return_url": "string"
		}
	}'

HTTP Request

POST https://docs.brank.as/v1/checkout

Body Parameters

Name	Type	Description
customer	Customer	The end user’s identifying and contact information that allows transactions to be attributed to a specific end user. This can be used by both banks and settlement channels to assist in the resolution of transaction disputes.
reference_id	string	An additional identifier, such as a UUID, that corresponds to an invoice, cart, or transaction object. The Brankas Client can use this field to associate the fund transfer request to a corresponding transaction object in its transaction database.
amount	Amount	The amount to be transferred from the source account to the destination account. If minor currency units are supported by a currency, then they are stored as minor units. For example, PHP 100.00 would be represented as "amount.num”: “10000". Note that amounts are stored as string instead of integers in order to prevent any errors caused by floating point numbers.
from	AccountInfo	The source account information. Make sure the bank code on this field is set, this bank will be used to initiate the transfer. Bank Codes used in this field follow a different convention from the bank codes used for the destination account in the to object. For the full list of supported bank codes, see Source Account Bank Codes in the Bank Codes section.
to	DestinationAccountInfo	The destination account information. Make sure the bank code on this field is set, this bank will be used to initiate the transfer. Bank Codes used in this field follow a different convention from the bank codes used for the source account in the from object. For the full list of supported bank codes, see Source Account Bank Codes in the Bank Codes section.
payment_channel	PaymentChannelType	The payment channel to be used for inter-bank fund transfers. Allows for the selection of established payment networks, clearing houses, or settlement partners to be used in order to facilitate an inter-bank fund transfer. This field is only required if the fund transfer is an inter-bank fund transfer. Otherwise, if the fund transfer is an intra-bank transfer, this field should be completely omitted.
memo	string	User defined remarks attached to the transfer in the memo line (e.g. RRN).
destination_account_id	string	The DestinationAccountID is the string ID corresponding to the bank information of the recipient
client	Client	Client contains the relevant information about the client who uses the checkout flow.

Objects

Customer

Name	Type	Description
fname	string	The end user’s first name.
lname	string	The end user’s last name.
mname	string	The end user’s middle name.
email	string	The customer’s contact email.
mobile	string	The end user’s mobile phone number.
phone	string	Phone is the customer’s Landline number.
customer_id	string	An additional user identifier, such as a UUID, that the Brankas client can optionally add to the customer object.

InvoiceDetails

Name	Type	Description
line_items	[]LineItem	LineItems is the list of ordered item details
charges	[]Charge	Charges is the list of cost/charge corresponding to each item in LineItems
discount	[]Discount	Discounts is the list of discounts corresponding to each item in LineItems
amount	Amount	Amount is the overall cost of all orders

Amount

Name	Type	Description
cur	CurrencyISO4217	Cur is the currency.
num	string	Num is the numeric value.

AccountInfo

Name	Type	Description
type	AccountInfoType	The type of info relating to a bank transfer account.
bank_code	BankCode	Brankas bank code. Only present when type is BANK. Bank Codes differ depending on whether they are used as the source or the destination of a funds transfer. For the full list and details on bank codes, please see the Bank Codes section.
account_number	string	AccountNumber is a bank account number.
identifier	string	A unique account Id, profile Id or the bank account number depending on the type.
holder_name	string	The name of the account holder.
country	CountryISO3166	The country where the end user’s bank is based using ISO 3166 Alpha-2 country codes. Currently supports: Indonesia: ID and Philippines: PH.

DestinationAccountInfo

Name	Type	Description
type	AccountInfoType	Type is the account info type.
bank_code	DestinationBankCode	BankCode is a bank code. Only present when type is BANK.
account_number	string	AccountNumber is a bank account number.
identifier	string	Identifier is a unique account ID, profile ID, or the bank account number and is interpreted based on the account info type.
holder_name	string	HolderName is the name of the account holder.
holder_first_name	string	HolderFirstName is the first name of the account holder.
holder_middle_name	string	HolderMiddleName is the middle name of the account holder.
holder_last_name	string	HolderLastName is the last name of the account holder.
email_address	string	EmailAddress is the destination user email address.
mobile_country_code	string	MobileCountryCode is the mobile country dial code.
mobile_number	string	MobileNumber is the destination user mobile number.
address_line1	string	AddressLine1 is the user destination address information.
address_line2	string	AddressLine1 is the user destination address additional information.
city	string	City is the user destination residential city.
state	string	State is the user destination residential state.
country	string	Country is the user destination residential country.

Client

Name	Type	Description
display_name	string	DisplayName of the client
logo_url	string	LogoURL is the link to the client’s logo
return_url	string	ReturnURL is the return path via a redirect after a checkout transaction has been accomplished

LineItem

Name	Type	Description
item_name	string	ItemName is name of the item
item_id	string	ItemID is any internal ID the Brankas Client/merchant might have to represent this item
unit_price	string	UnitPrice is the price of a single unit of the item
price_cur	CurrencyISO4217	PriceCur is the currency for the lineitem price following ISO_4217
quantity	int32	Quantity is the number of items

Charge

Name	Type	Description
charge_type	string	ChargeType is the type of charge for the corresponding lineitem
charge_amount	string	ChargeAmount is the amount cost for the corresponding lineitem
charge_cur	CurrencyISO4217	DiscountCur is the currency for the charge following ISO_4217

Discount

Name	Type	Description
discount_type	string	DiscountType is the type of discount for the correspondign lineitem
discount_amount	string	DiscountAmount is the amount discounted for the corresponding lineitem
discount_cur	CurrencyISO4217	DiscountCur is the currency for the discount following ISO_4217

Enums

PaymentChannelType

PaymentChannelType is the payment rail that will be used to facilitate the inter-bank fund transfer. Allows for the selection of established payment networks, switching service, clearing houses, or settlement partners to be used in order to move fund transfer to the beneficiary bank and bank account.

Value	Description
ID_LLG
ID_RTGS
PH_PESONET	Process inter-bank fund transfer via the PESONet electronic fund transfer (EFT) Automated Clearing House.
PH_INSTAPAY	Process inter-bank fund transfer via the InstaPay electronic fund transfer (EFT) Automated Clearing House.
PH_PAYNAMICS	Process inter-bank fund transfer via Paynamics settlements service, a Brankas Partner.
ID_BANK_MEGA_IPG	Process inter-bank fund transfer via Bank Mega - IPG settlements service.

CurrencyISO4217

CurrencyISO4217 iso is the 3 digit currency that will be used as standard currency type on fast checkout. see: https://en.wikipedia.org/wiki/ISO_4217

Value	Description
UNKNOWN_CURRENCY
AFN
EUR
ALL
DZD
USD
AOA
XCD
ARS
AMD
AWG
AUD
AZN
BSD
BHD
BDT
BYR
BZD
XOF
BMD
BTN
BOV
BAM
BWP
NOK
BRL
SGD
BGN
BIF
KHR
XAF
CAD
CVE
KYD
CLP
CNY
COP
KMF
CDF
NZD
CRC
HRK
CUC
CZK
DKK
DJF
DOP
EGP
ERN
ETB
FKP
FJD
XPF
GMD
GEL
GHS
GIP
GTQ
GBP
GNF
GYD
HNL
HKD
HUF
ISK
INR
IDR
IRR
IQD
IMP
ILS
JMD
JPY
JEP
JOD
KZT
KES
KPW
KRW
KWD
KGS
LAK
LBP
LSL
LRD
LYD
CHF
MKD
MGA
MWK
MYR
MVR
MRO
MUR
MXN
MDL
MNT
MAD
MZN
MMK
NAD
NPR
ANG
NIO
NGN
OMR
PKR
PGK
PYG
PEN
PHP
PLN
QAR
RON
RUB
RWF
WST
STD
SAR
RSD
SCR
SLL
SBD
SOS
ZAR
SSP
LKR
SHP
SDG
SRD
SZL
SEK
SYP
TWD
TJS
TZS
THB
TOP
TTD
TND
TRY
TMT
UGX
UAH
ARE
UYU
UZS
VUV
VEF
VND
YER
ZRN
ZMW

AccountInfoType

AccountInfoType is the type of info relating to a bank transfer account.

Value	Description
AccountInfoTypeUNKNOWN	Unrecognised info type.
ACCOUNT	Account type.
PROFILE	Profile type.
BANK	Bank type.
MSISDN	Phone number type.

BankCode

Value	Description
UNKNOWN_BANK
MANDIRI_PERSONAL	PT. Bank Mandiri (Persero), TBK.
BCA_PERSONAL	PT. Bank Central Asia, TBK.
BNI_PERSONAL	PT. Bank Negara Indonesia (Persero), TBK.
BRI_PERSONAL	PT. Bank Rakyat Indonesia (Persero), TBK.
BCA_CORPORATE
DUMMY_BANK_PERSONAL	Brankas Bank. A test bank that you can make sandboxed calls to as part of integration testing.
BDO_PERSONAL	Banco De Oro Unibank, Inc. (BDO).
BPI_PERSONAL	Bank of the Philippine Islands (BPI).
METROBANK_NEW_PERSONAL	The Metropolitan Bank and Trust company new portal (Metrobank)
KASIKORNBANK_PERSONAL
PNB_PERSONAL	Philippine National Bank (PNB).
UNIONBANK_PERSONAL
UNIONBANK_CORPORATE
METROBANK_PERSONAL	The Metropolitan Bank and Trust Company (Metrobank).
RCBC_PERSONAL	The Rizal Commercial Banking Corporation (RCBC).
CLRB_PERSONAL	Cebuana Lhuillier Rural Bank (CLRB).
DUMMY_BANK_BCA_PERSONAL	BCA dummy bank that can make sandboxed calls as part of integration testing.

CountryISO3166

Value	Description
Unknown
ID
PH

DestinationBankCode

Value	Description
UNKNOWN_DESTINATION_BANK
DUMMY_BANK_DESTINATION
ID_BCA
ID_BCA_SYR
ID_BNI
ID_BNI_SYR
ID_BRI
ID_BRI_SYR
ID_MANDIRI
ID_MANDIRI_SYR
ID_BTN
ID_BTN_SYR
ID_PERMATA
ID_PERMATA_SYR
ID_DNMN
ID_DNMN_SYR
ID_BTPN
ID_BTPN_SYR
ID_OCBC
ID_OCBC_SYR
ID_MAYBANK
ID_MAYBANK_SYR
ID_CIMB
ID_CIMB_SYR
ID_PAN
ID_PAN_SYR
ID_MEGA
ID_MEGA_SYR
ID_BKP
ID_BKP_SYR
ID_DKI
ID_DKI_SYR
ID_BJB
ID_BJB_SYR
ID_JATIM
ID_JATIM_SYR
ID_HSBC
ID_DBS
ID_STAN
ID_UOB
ID_CITI
PH_BDO
PH_BPI
PH_BPIF
PH_METRO
PH_PNB
PH_PNBS
PH_RCBC
PH_RCBCS
PH_SB
PH_SBS
PH_UB
PH_CLRB
PH_GXI
PH_GBY
PH_LBP
PH_PMP
PH_PSB
PH_RSB
PH_CB
PH_CBS
TH_KBANK
DUMMY_INTERBANK_DESTINATION

Responses

Response body

Name	Type	Description
transaction_id	string	The unique ID assigned to the fund transfer request.
redirect_uri	string	The URL that end users need to be redirected to in order to authorize the fund transfer and complete the transaction.

Example:

{
  "transaction_id": "string",
  "redirect_uri": "string"
}

Response codes

Status	Description
200	Request executed successfully.
404	Returned when the resource is not found.
400	Returned when the request body is malformatted or does not match the expected request.
401	Returned when the request does not contains the user’s credentials.
403	Returned when the user does not have permission to access the resource.
500	Returned when an unexpected error occured on the server side.

Retrieve the transfers

RetrieveTransfer returns the details of a fund transfer request. By specifying the transfer_id of the relevant transaction as a query parameter, only the record specific to that transfer will be retrieved. If no transfer_id is specified in the query parameter, the response will return all transaction records and list them from most recent to latest. Retrieved transaction records are paginated.

curl -X GET \
	https://docs.brank.as/v1/transfer \
	-H 'Authorization: Bearer USE_YOUR_TOKEN'