Brankas menu
×

Transfer API v1.0.0

Brankas Direct provides Fintechs and SMEs with an API-driven payment solution that allows them to digitally transact with their end users and customers. By debiting their online bank accounts and transferring directly to their accounts payable accounts, Brankas Direct leverages on enterprises that are able to execute fund transfer-based transactions over a growing basket of banks via a single set of APIs.

  • Host https://docs.brank.as

  • Base Path v1

API Access

This section details the first steps you need to take to successfully launch Brankas Direct.

  • API Environment
  • API Authorisation
  • Encryption
  • Application design
  • Registering your Destination Accounts
  • Registering your Callback URLs

API Environment

Brankas provides a sandbox and live environment for Direct. Both sandbox and live environments require separate OAuth client credentials specific to each environment that will be used to acquire an API token.

For sandbox environment

Authorisation Host URLAPI Service Host URL
auth.sandbox.<YOUR_SUBDOMAIN>.bnk.todirect.sandbox.<YOUR_SUBDOMAIN>.bnk.to

API Authorization

All requests to the Direct API must be authorized using token-based authentication. This means, your client application needs to obtain an access token from the authorization service using your application credentials– your Client ID and Client Secret. Access tokens are environment-specific. To obtain access tokens for a particular environment, make a request to token endpoints using basic authentication to the relevant environment-specific authorization service using the proper application credentials. API authorization involves sending an authorization header value that is a base 64-encoded concatenation of your client application’s credentials. To access user data, user credentials are required in your requests to the endpoint. To maintain security, the data shared to the endpoints should be transferred with HTTPS. Data shared are included in Credential object in the API call. When the endpoint requires a user authorisation, a return call to your application, including an object that contains Status value will be used to determine the next steps.

Encryption

Brankas APIs require HTTPS with TLS >= 1.2. Non-encrypted HTTP connections are not accepted, as they will transmit your access token in plaintext over the network.

Always validate certificates. You should not proceed with a connection if you receive a certificate validation error from Brankas. Make sure all parts of your application are using encryption and HTTPS and failing when certificate validation fails.

Two Factor Authentication

Two-factor authentication is a security feature that allows users to verify themselves through 2 different authorisation factors. The first factor to authorise is to successfully log in to user’s account and then a one-time password (OTP) is sent to their registered mobile number. Users are to enter the OTP as the second factor of authorisation.

When calling for Brankas API, submitting a request with user credential will return a call for ‘status’ value of ‘AWAITING_TFA’. The return call allows the users to verify the two-factor authentication either 2FA or TFA with the banks.

When your application receives such a response, it should make use of the OTP that will be sent by SMS to the user’s device. A typical way to handle this would be to prompt the user to submit the OTP value in a form. Once you receive this information in your backend server, it should be sent to the SendTFA endpoint along with the relevant id (transfer_id​ in the above example).

When the response is successfully received, the OTP will be send to the user’s registered mobile number. To complete the authorisation, encourage users to submit the OTP value in a form _______. Upon submission, the information will be captured in your backed server and send to SendTFA endpoint along with relevant id.

For transfer id, refer to the example above(hyperlink to that section)

The ​purpose​ value is a service-specific enum value. For the example, request to the accounts endpoint above, this value would be ​BankCredentialLogin​:

This token can be used for future requests by reusing the user sessions. This avoids the need for the users to authorise again.

Bank TFA Requirement

Direct are to comply with every banks’ two-factor authentication security policy. Two-factor authentication are deployed when

  1. logging in Banks sets up two-factor authentication after users log in with their username and password as an additional security measures. Logging in with the TFA token completes the login process. Additionally, banks enforce 1 active user session per unique user.

  2. transaction confirmation Two-factor authentication are also used to confirm a fund transfer. This step notifies the bank, confirms and authenticate the fund transfer.

Submitting a valid TFA token is essential for execution and fund transfer requests. The SendTFA endpoint submits TFA to the bank on behalf of users. Below is a list of the various TFA requirements for each bank:

Philippine Banks - TFA Requirement

Bank NameEnd User LoginTFA TypeTransformation ConfirmationTFA Type
Brankas Bank (Sandbox)YesStringYesString
Banco De Oro Unibank, Inc. (BDO)YesSMS OTPYesSMS OTP
Bank of the Philippine Islands (BPI)NoYesSMS OTP
Philippine National Bank (PNB)NoYesSMS OTP
The Metropolitan Bank and Trust Company (Metrobank)YesSMS OTPNo
The Rizal Commercial Banking Corporation (RCBC)YesSMS OTPYesSMS OTP

Indonesia Banks - TFA Requirement

Bank NameEnd User LoginTFA TypeTransformation ConfirmationTFA Type
Brankas Bank (Sandbox)YesStringYesString
PT. Bank Central Asia, TBKNoYesSMS OTP & Hardtoken
PT. Bank Rakyat Indonesia (Persero), TBKNoYesSMS OTP
PT. Bank Mandiri (Persero), TBKNoYesIn-App Confirmation
PT. Bank Negara Indonesia (Persero), TBKNoYesHardtoken Exchange

Application Design

Secure your application against common security flaws (check out the OWASP Top 10). Consider how an attacker could leverage Unrestricted File Upload or Insecure Direct Object Reference to read the contents of your server’s environment or config files. If your application is larger, consider extracting Brankas-specific functionality into a separate middleware or service layer. This would enable you to move API tokens there, separate from the main application. Do not store the token in user-accessible code such as browser-side JavaScript or Android apps that can be decompiled. The token should always live server-side, exposing domain-logic via APIs. If you need to pass the token around via HTTP requests, use HTTP headers or POST body - do not store the token in URI or query parameters. Web servers usually log the URL and browsers pass it between websites via the Referer header.

Registering Your Destination Account

For SME, Fintech, merchant, and other corporate clients that intend to receive end user payment via one or several corporate accounts receivable bank accounts, you will need to enroll these bank accounts as part of the requirements for accessing and using the live environment of your Direct instance. Enrolling these bank accounts will allow them to be targeted by Direct as a valid beneficiary account in a fund transfer. Registering these beneficiary accounts are part of Brankas’s pre-launch requirements prior to granting your Direct instance access to our live bank integrations. This is a critical piece of security due diligence that must be performed in order to ensure compliance with any AML and Anti-Fraud regulations.

Brankas product and sales teams will assist you in ensuring that your accounts are enrolled prior to going live.

Registering Your Callback URLs

In order to support real-time reporting of new end user initiated fund transfers to your application, Brankas Direct supports the registration of Callback URLs. Upon the completion of a fund transfer, Brankas Direct will immediately ​POST​ to the Callback URL registered by the client, alerting them that a new transaction has been completed and logged in the transaction database. These transactions can be directly queried via the RetrieveTransfer endpoint using their Brankas assigned ​transaction_id​.

Brankas product and sales teams will assist you in ensuring that your Callback URL is registered and configured prior to going live.

End User Transaction Authorisation

Brankas Direct requires end users to provide access to their internet banking accounts in order for it to perform the fund transfer. This entails submitting their internet banking access credentials and TFA tokens and codes to Brankas Direct so that it may likewise submit them to the end user’s online banking portal.

In order to secure this exchange of sensitive internet banking information, Brankas Direct leverages a web application called the Brankas Identity Provider service (IdP). The Brankas IdP provides end users with a secure environment through which they can submit their internet banking access credentials and authorize the fund transfer.

Upon initiating a fund transfer request with Brankas Direct, the service returns a pre-formatted URL to the Brankas IdP that end users can be redirected to. These URLs are unique and specific to the current requested fund transfer.

Brankas Identity Provider (idP) Provider

The Brankas IdP supports various the end user authentication and authorization mechanisms used by their bank’s internet banking platform to protect end user accounts from unauthorized access. These include:

  1. Internet banking login credentials
  2. TFA challenges of various types to authenticate the end user as part of login
  3. TFA challenges of various types to authorize a fund transfer

The Brankas IdP ​automatically​ w​ ill adjust its flow to enforce the authentication and authorization requirements of any bank that has been integrated into Brankas Direct.

End User Security

As a matter of end user security, Brankas Direct uses Redirect URIs to a unique Brankas IdP user sessions to ensure that there are no touch points wherein 3rd Party Applications can gain access to sensitive internet banking access credentials or TFA codes.

Additionally, we enforce secure HTTPS connections to the Brankas IdP and all internal microservice communications are encrypted using mTLS >= 1.2. It also uses Cross-Site Request Forgery (CSRF) tokens and secure cookies to ensure the uniqueness of access to Brankas IdP sessions, preventing any potential session hijacking by malicious actors.

End user credentials and TFA challenges are never stored, ensuring that access credentials for their internet banking accounts cannot be stolen or abused.

Using Sandbox Environment

We have set up a Sandbox environment to simulate Brankas API calls. In this environment, you may perform test API requests to Brankas Bank, a dummy bank.

Below are the details required to perform API test calls in the Sandbox environment.

End User Credential TFA

In order to initiate a new user session with Brankas Bank, you may use the following credentials below:

TypeValueNotes
Identifiertransfer*The identifier ​transfer*​ is a wildcard email account that can be used to simulate multiple accounts, such as transfer1@domain.com​, ​transfer2@domain.com​, etc…
TFA TokentransferAll wildcard ​transfer*​ accounts also use the secret value as the token value for all sandbox TFA challenges for both Login Authentication and Transaction Confirmation.
Brankas Bank enforces both TFAs for both Login Authentication and Transaction Confirmation.

End User Bank Account

All ​wildcard ​transfer*​ accounts possess the exact same bank accounts. These bank accounts can be used as the source account used for the fund transfer.

TypeAccount #1Account #2
Account TypeSavingsSavings
Account Number0000-000-0000000-000-001
Account CurrencyIDR USD
Account Balance125,000125,000

Performing Fund Transfer

When initiating a test fund transfer against the Brankas Bank, please note the following values and validation conditions for different fields across the different endpoints.

Field ParameterValue/Notes
Source Account Bank CodeDUMMY_BANK_PERSONAL
Destination Account Bank CodeDUMMY_BANK_DESTINATION
Recipient Account NumberAccepts any arbitrary string of 9 characters in length
Recipient Account NameAccepts any arbitrary string
RemarksAn arbitrary user attached memo line (description) attached to the transfer.
AmountThe amount to be transfered. The amount entered must be less than the selected source account’s Available Balance.

Brankas Bank enforces both TFAs for both Login Authentication and Transaction Confirmation and will require the separate invocation of the TFA endpoint for each purpose. Additionally, note that fund transfers do not actually debit the account balances of these wildcard accounts. Subsequent requests to the Accounts endpoints will not reflect updated balances on accounts that were used in a previous fund transfer.

Status and Errors

HTTP Status Codes

CodesDescribtion
400Request body is malformatted or does not match the expected request.
401Request does not contain the correct user credentials.
403User does not have permission to access the requested resource.
404Resource could not be found.
500An unexpected error occurred on the server side.

Direct Services Errors

CodesDescribtion
Unable to perform actionThe Unable to perform action error will be return when a request is made during a session that is no longer available. This could be due to another session created.
Missing Required FieldThe Missing Request Field error is caused by missing parameters from the transfer request.
Missing CredentialsThe Missing Credentials error is caused by missing username or password in the request.
Invalid Source AccountThe Invalid Source Account error is caused by an incorrectly parsed source account number.
Invalid Destination AccountThe Invalid Destination Account error is caused by an incorrectly parsed destination account number.
Credential Type not SupportedThe Credential Type not Supported error is caused by unsupported credential type.
Invalid Transfer AmountThe Invalid Transfer Amount error is caused by the transfer amount being incorrectly parsed or the transfer amount failing to meet some required condition, like an invalid amount.
Unsupported Bank CodeThe Unsupported Bank Code error is caused by the bank not being supported for fund transfer initiation requests.
Unsupported CurrencyThe Unsupported Currency error is caused by banks not having support for the currency included in the request.
Invalid TFA Token“Invalid TFA Token The Invalid TFA Token error is caused by a missing ​token​ value in the TFA request.”
Invalid Purpose“Invalid Purpose The Invalid Purpose error is caused by mismatched purpose value in the TFA request. This would be the case if the request has a purpose of instead of when attempting to authorize a transfer request.”
Deadline Exceeded Due to TimeoutThe Deadline Exceeded Due to Timeout error is caused by the request timing out before completion of the transfer.
UnavailableThe Unavailable error is caused by the Brankas service being currently unavailable.

Bank Errors

CodesDescribtion
Invalid CredentialThis error is caused by the bank website declining the supplied user credentials.
Account in UseThis error is caused by the site declining the login request because a user session is still active.
Invalid Source AccountThis error is caused by the site declining the transfer initiation due to an invalid source account number.
Invalid Recipient AccountThis error is caused by the site declining the transfer initiation due to an invalid recipient account number.
Invalid AmountThis error is caused by the site declining the transfer initiation due to the transfer amount not meeting the bank’s transfer conditions.
Invalid CurrencyThis error is caused by the bank’s site declining the transfer initiation due to an unsupported currency.
TFA ExpiredThis error is caused by the bank’s site declining the transfer initiation due to a TFA/OTP timeout.
TFA InvalidThis error is caused by the bank’s site declining the transfer initiation due to an invalid TFA/OTP value.
TFA Maximum Trial LimitThis error is caused by the bank’s site declining the transfer
TFA Invalid FormatThis error is caused by the bank’s site declining the transfer initiation due to an invalid TFA/OTP format.

gRPC Error Codes

Internally, our systems communicate with gRPC that comes with a standard set of status codes. These codes are mapped to the status and error responses of the TransferService endpoints. Below are the list of codes:

CodesNumberDescribtion
OK0Not an error; returned on success.
CANCELLED1The operation was cancelled, typically by the caller.
UNKNOWN2Unknown error. For example, this error may be returned when a ​Status​ value received from another address space belongs to an error space that is not known in this address space. Also errors raised by APIs that do not return enough error information may be converted to this error.
INVALID_ARGUMENT3“The client specified an invalid argument. Note that this differs from . indicates arguments that are problematic regardless of the state of the system (e.g., a malformed file name). ​FAILED_PRECONDITION​ INVALID_ARGUMENT​”
DEADLINE_EXCEEDED4The deadline expired before the operation could complete. For operations that change the state of the system, this error may be returned even if the operation has completed successfully. For example, a successful response from a server could have been delayed long.
NOT_FOUND5Some requested entity (e.g., file or directory) was not found. Note to server developers: if a request is denied for an entire class of users, such as gradual feature rollout or undocumented whitelist, ​NOT_FOUND​ may be used. If a request is denied for some users within a class of users, such as user-based access control, ​PERMISSION_DENIED​ must be used.
ALREADY_EXISTS6The entity that a client attempted to create (e.g., file or directory) already exists.
PERMISSION_DENIED7"The caller does not have permission to execute the specified operation. ​PERMISSION_DENIED must not be used for rejections caused by exhausting some resource (use instead for those errors). must not be used if the caller can not be identified (use UNAUTHENTICATED​ instead for those errors). This error code does not imply the request is valid or the requested entity exists or satisfies other pre-conditions. RESOURCE_EXHAUSTED​ ​PERMISSION_DENIED​”
UNAUTHENTICATED16The request does not have valid authentication credentials for the operation.
RESOURCE_EXHAUSTED8Some resource has been exhausted, perhaps a per-user quota, or perhaps the entire file system is out of space.
FAILED_PRECONDITION9“The operation was rejected because the system is not in a state required for the operation’s execution. For example, the directory to be deleted is non-empty, an rmdir operation is applied to a non-directory, etc. Service implementors can use the following guidelines to decide between : (a) Use if the client can retry just the failing call. (b) Use ​ABORTED​ if the client should retry at a higher level (e.g., when a client-specified test-and-set fails, indicating the client should restart a read-modify-write sequence). (c) Use ​FAILED_PRECONDITION​ if the client should not retry until the system state has been explicitly fixed. E.g., if an ““rmdir”” fails because the directory is non-empty, FAILED_PRECONDITION​ should be returned since the client should not retry unless the files are deleted from the directory. ​FAILED_PRECONDITION​ ABORTED​ ​UNAVAILABLE​ UNAVAILABLE​”
ABORTED10“The operation was aborted, typically due to a concurrency issue such as a sequencer check failure or transaction abort. See the guidelines above for deciding between FAILED_PRECONDITION​ , ​ABORTED​, and UNAVAILABLE​.”
OUT_OF_RANGE11“The operation was attempted past the valid range. E.g., seeking or reading past end-of-file. Unlike ​INVALID_ARGUMENT​, this error indicates a problem that may be fixed if the system state changes. For example, a 32-bit file system will generate ​INVALID_ARGUMENT​ if asked to read at an offset that is not in the range [0,2^32-1], but it will generate OUT_OF_RANGE​ if asked to read from an offset past the current file size. There is a fair bit of overlap between ​FAILED_PRECONDITION​ and We recommend using (the more specific error) when OUT_OF_RANGE​. OUT_OF_RANGE​” it applies so that callers who are iterating through a space can easily look for an OUT_OF_RANGE​ error to detect when they are done.
UNIMPLEMENTED12The operation is not implemented or is not supported/enabled in this service.
INTERNAL13Internal errors. This means that some invariants expected by the underlying system have been broken. This error code is reserved for serious errors.
UNAVAILABLE14The service is currently unavailable. This is most likely a transient condition, which can be corrected by retrying with a backoff. Note that it is not always safe to retry non-idempotent operations.
DATA_LOSS15Unrecoverable data loss or corruption.

Checkout

The Checkout endpoint creates a fund transfer initiation request that the end user can complete via the Brankas Identity Provider service (IdP). The Checkout endpoint is a fund transfer initiation request specific to the use case where the transaction amount is a predetermined value not defined by the end user, usually determined by an invoice or cart. Direct will create a unique user session on the Brankas IDP keyed to the fund transfer request’s internal ​transfer_id​. The Checkout endpoint will respond with a preformatted URL that the end user must be redirected to in order to authorize the current fund transfer request. The Brankas Client needs to append the returned preformatted URL with their own ​redirect_uri ​ query parameter where the end user will be sent after they have completed their session on the IDP.

curl -X POST \
	https://docs.brank.as/v1/checkout \
	-H 'Authorization: Bearer USE_YOUR_TOKEN' \
	-d '{
		"customer": {
			"fname": "string",
			"lname": "string",
			"mname": "string",
			"email": "string",
			"mobile": "string",
			"phone": "string",
			"customer_id": "string"
		},
		"reference_id": "string",
		"amount": {
			"cur": "CurrencyISO4217",
			"num": "string"
		},
		"from": {
			"type": "AccountInfoType",
			"bank_code": "BankCode",
			"account_number": "string",
			"identifier": "string",
			"holder_name": "string",
			"country": "CountryISO3166"
		},
		"to": {
			"type": "AccountInfoType",
			"bank_code": "DestinationBankCode",
			"account_number": "string",
			"identifier": "string",
			"holder_name": "string",
			"holder_first_name": "string",
			"holder_middle_name": "string",
			"holder_last_name": "string",
			"email_address": "string",
			"mobile_country_code": "string",
			"mobile_number": "string",
			"address_line1": "string",
			"address_line2": "string",
			"city": "string",
			"state": "string",
			"country": "string"
		},
		"payment_channel": "PaymentChannelType",
		"memo": "string",
		"destination_account_id": "string",
		"client": {
			"display_name": "string",
			"logo_url": "string",
			"return_url": "string",
			"statement_retrieval": "bool"
		}
	}'

HTTP Request

POST https://docs.brank.as/v1/checkout

Body Parameters

NameTypeDescription
customerCustomercustomer is the end user’s identifying and contact information that allows transactions to be attributed to a specific end user. This can be used by both banks and settlement channels to assist in the resolution of transaction disputes.
reference_idstringreference_id is an additional identifier, such as a UUID, that corresponds to an invoice, cart, or transaction object. The Brankas Client can use this field to associate the fund transfer request to a corresponding transaction object in its transaction database.
amountAmountamount is the transaction amount to be transferred from the source account to the destination account. If minor currency units are supported by a currency, then they are stored as minor units. For example, PHP 100.00 would be represented as ​"amount.num”: “10000"​. Note that amounts are stored as string instead of integers in order to prevent any errors caused by floating point numbers.
fromAccountInfofrom is the source account information. Make sure the bank code on this field is set, this bank will be used to initiate the transfer. Bank Codes used in this field follow a different convention from the bank codes used for the destination account in the ​to​ object. For the full list of supported bank codes, see ​Source Account Bank Codes​ in the ​Bank Codes​ section.
toDestinationAccountInfoto is the destination account information. Make sure the bank code on this field is set, this bank will be used to initiate the transfer. Bank Codes used in this field follow a different convention from the bank codes used for the source account in the from​ object. For the full list of supported bank codes, see ​Source Account Bank Codes​ in the ​Bank Codes​ section.
payment_channelPaymentChannelTypepayment channel is to be used for inter-bank fund transfers. Allows for the selection of established payment networks, clearing houses, or settlement partners to be used in order to facilitate an inter-bank fund transfer. This field is only required if the fund transfer is an inter-bank fund transfer. Otherwise, if the fund transfer is an intra-bank transfer, this field should be completely omitted.
memostringmemo is a user defined remarks attached to the transfer in the memo line (e.g. RRN).
destination_account_idstringdestination_account_id is the string ID corresponding to the bank information of the recipient.
clientClientclient contains the relevant information about the client who uses the checkout flow.
Objects
Customer
NameTypeDescription
fnamestringThe end user’s first name.
lnamestringThe end user’s last name.
mnamestringThe end user’s middle name.
emailstringThe customer’s contact email.
mobilestringThe end user’s mobile phone number.
phonestringPhone is the customer’s Landline number.
customer_idstringAn additional user identifier, such as a UUID, that the Brankas client can optionally add to the customer object.
InvoiceDetails
NameTypeDescription
line_items[]LineItemLineItems is the list of ordered item details
charges[]ChargeCharges is the list of cost/charge corresponding to each item in LineItems
discount[]DiscountDiscounts is the list of discounts corresponding to each item in LineItems
amountAmountAmount is the overall cost of all orders
Amount
NameTypeDescription
curCurrencyISO4217Cur is the currency.
numstringNum is the numeric value.
AccountInfo
NameTypeDescription
typeAccountInfoTypeThe type of info relating to a bank transfer account.
bank_codeBankCodeBrankas bank code. Only present when type is ​BANK​. Bank Codes differ depending on whether they are used as the ​source​ or the destination​ of a funds transfer. For the full list and details on bank codes, please see the Bank Codes​ section.
account_numberstringAccountNumber is a bank account number.
identifierstringA unique account Id, profile Id or the bank account number depending on the type.
holder_namestringThe name of the account holder.
countryCountryISO3166The country where the end user’s bank is based using ISO 3166 Alpha-2 country codes. Currently supports: Indonesia: ​ID and Philippines: ​PH.
DestinationAccountInfo
NameTypeDescription
typeAccountInfoTypeType is the account info type.
bank_codeDestinationBankCodeBankCode is a bank code. Only present when type is BANK.
account_numberstringAccountNumber is a bank account number.
identifierstringIdentifier is a unique account ID, profile ID, or the bank account number and is interpreted based on the account info type.
holder_namestringHolderName is the name of the account holder. This field is DEPRECATED in favor of the HolderFirstName, HolderMiddleName and HolderLastName which we join to come up with a full name.
holder_first_namestringHolderFirstName is the first name of the account holder.
holder_middle_namestringHolderMiddleName is the middle name of the account holder.
holder_last_namestringHolderLastName is the last name of the account holder.
email_addressstringEmailAddress is the destination user email address.
mobile_country_codestringMobileCountryCode is the mobile country dial code.
mobile_numberstringMobileNumber is the destination user mobile number.
address_line1stringAddressLine1 is the user destination address information.
address_line2stringAddressLine1 is the user destination address additional information.
citystringCity is the user destination residential city.
statestringState is the user destination residential state.
countrystringCountry is the user destination residential country.
Client
NameTypeDescription
display_namestringDisplayName of the client
logo_urlstringLogoURL is the link to the client’s logo
return_urlstringReturnURL is the return path via a redirect after a checkout transaction has been accomplished
statement_retrievalboolStatementRetrieval indicates that the client wanted to perform statement retrieval task too
LineItem
NameTypeDescription
item_namestringItemName is name of the item
item_idstringItemID is any internal ID the Brankas Client/merchant might have to represent this item
unit_pricestringUnitPrice is the price of a single unit of the item
price_curCurrencyISO4217PriceCur is the currency for the lineitem price following ISO_4217
quantityint32Quantity is the number of items
Charge
NameTypeDescription
charge_typestringChargeType is the type of charge for the corresponding lineitem
charge_amountstringChargeAmount is the amount cost for the corresponding lineitem
charge_curCurrencyISO4217DiscountCur is the currency for the charge following ISO_4217
Discount
NameTypeDescription
discount_typestringDiscountType is the type of discount for the correspondign lineitem
discount_amountstringDiscountAmount is the amount discounted for the corresponding lineitem
discount_curCurrencyISO4217DiscountCur is the currency for the discount following ISO_4217
Enums
PaymentChannelType

PaymentChannelType ​is the payment rail that will be used to facilitate the inter-bank fund transfer. Allows for the selection of established payment networks, switching service, clearing houses, or settlement partners to be used in order to move fund transfer to the beneficiary bank and bank account.

ValueDescription
ID_LLG
ID_RTGS
PH_PESONETProcess inter-bank fund transfer via the PESONet electronic fund transfer (EFT) Automated Clearing House.
PH_INSTAPAYProcess inter-bank fund transfer via the InstaPay electronic fund transfer (EFT) Automated Clearing House.
PH_PAYNAMICSProcess inter-bank fund transfer via Paynamics settlements service, a Brankas Partner.
ID_BANK_MEGA_IPGProcess inter-bank fund transfer via Bank Mega - IPG settlements service.
CurrencyISO4217

CurrencyISO4217 iso is the 3 digit currency that will be used as standard currency type on fast checkout. see: https://en.wikipedia.org/wiki/ISO_4217

ValueDescription
UNKNOWN_CURRENCY
AFN
EUR
ALL
DZD
USD
AOA
XCD
ARS
AMD
AWG
AUD
AZN
BSD
BHD
BDT
BYR
BZD
XOF
BMD
BTN
BOV
BAM
BWP
NOK
BRL
SGD
BGN
BIF
KHR
XAF
CAD
CVE
KYD
CLP
CNY
COP
KMF
CDF
NZD
CRC
HRK
CUC
CZK
DKK
DJF
DOP
EGP
ERN
ETB
FKP
FJD
XPF
GMD
GEL
GHS
GIP
GTQ
GBP
GNF
GYD
HNL
HKD
HUF
ISK
INR
IDR
IRR
IQD
IMP
ILS
JMD
JPY
JEP
JOD
KZT
KES
KPW
KRW
KWD
KGS
LAK
LBP
LSL
LRD
LYD
CHF
MKD
MGA
MWK
MYR
MVR
MRO
MUR
MXN
MDL
MNT
MAD
MZN
MMK
NAD
NPR
ANG
NIO
NGN
OMR
PKR
PGK
PYG
PEN
PHP
PLN
QAR
RON
RUB
RWF
WST
STD
SAR
RSD
SCR
SLL
SBD
SOS
ZAR
SSP
LKR
SHP
SDG
SRD
SZL
SEK
SYP
TWD
TJS
TZS
THB
TOP
TTD
TND
TRY
TMT
UGX
UAH
ARE
UYU
UZS
VUV
VEF
VND
YER
ZRN
ZMW
AccountInfoType

AccountInfoType is the type of info relating to a bank transfer account.

ValueDescription
AccountInfoTypeUNKNOWNUnrecognised info type.
ACCOUNTAccount type.
PROFILEProfile type.
BANKBank type.
MSISDNPhone number type.
BankCode
ValueDescription
UNKNOWN_BANK
MANDIRI_PERSONALPT. Bank Mandiri (Persero), TBK.
BCA_PERSONALPT. Bank Central Asia, TBK.
BNI_PERSONALPT. Bank Negara Indonesia (Persero), TBK.
BRI_PERSONALPT. Bank Rakyat Indonesia (Persero), TBK.
BCA_CORPORATE
DUMMY_BANK_PERSONALBrankas Bank. A test bank that you can make sandboxed calls to as part of integration testing.
BDO_PERSONALBanco De Oro Unibank, Inc. (BDO).
BPI_PERSONALBank of the Philippine Islands (BPI).
KASIKORNBANK_PERSONAL
PNB_PERSONALPhilippine National Bank (PNB).
UNIONBANK_PERSONAL
UNIONBANK_CORPORATE
METROBANK_PERSONALThe Metropolitan Bank and Trust Company (Metrobank).
RCBC_PERSONALThe Rizal Commercial Banking Corporation (RCBC).
CLRB_PERSONALCebuana Lhuillier Rural Bank (CLRB).
DUMMY_BANK_BCA_PERSONALBCA dummy bank that can make sandboxed calls as part of integration testing. (DEPRECATED)
CountryISO3166
ValueDescription
Unknown
ID
PH
DestinationBankCode
ValueDescription
UNKNOWN_DESTINATION_BANK
DUMMY_BANK_DESTINATION
ID_BCA
ID_BCA_SYR
ID_BNI
ID_BNI_SYR
ID_BRI
ID_BRI_SYR
ID_MANDIRI
ID_MANDIRI_SYR
ID_BTN
ID_BTN_SYR
ID_PERMATA
ID_PERMATA_SYR
ID_DNMN
ID_DNMN_SYR
ID_BTPN
ID_BTPN_SYR
ID_OCBC
ID_OCBC_SYR
ID_MAYBANK
ID_MAYBANK_SYR
ID_CIMB
ID_CIMB_SYR
ID_PAN
ID_PAN_SYR
ID_MEGA
ID_MEGA_SYR
ID_BKP
ID_BKP_SYR
ID_DKI
ID_DKI_SYR
ID_BJB
ID_BJB_SYR
ID_JATIM
ID_JATIM_SYR
ID_HSBC
ID_DBS
ID_STAN
ID_UOB
ID_CITI
PH_BDO
PH_BPI
PH_BPIF
PH_METRO
PH_PNB
PH_PNBS
PH_RCBC
PH_RCBCS
PH_SB
PH_SBS
PH_UB
PH_CLRB
PH_GXI
PH_GBY
PH_LBP
PH_PMP
PH_PSB
PH_RSB
PH_CB
PH_CBS
TH_KBANK
DUMMY_INTERBANK_DESTINATION
PH_ALLBANK
PH_SUNSB
PH_STERLING
PH_MBSMB
PH_AUB
PH_BOC
PH_MAYBANK
PH_PBCOM
PH_CTBC
PH_EWB
PH_EQB
PH_OMNIPAY
PH_UCPB
PH_PHILTRUST
PH_WDB
PH_DUNGGANUN
PH_UCPBSB
PH_ISLA
PH_PRBC
PH_PBB
PH_PVB
PH_YSBP
PH_MABUHAY
PH_CTBCPH
PH_ING
PH_QCRB
PH_BDONB
PH_EWBRB

Responses

Response body

NameTypeDescription
transaction_idstringtransaction_id is the unique identifier assigned to the fund transfer request.
redirect_uristringredirect_uri is the URL that end users need to be redirected to in order to authorize the fund transfer and complete the transaction.

Example:

{
  "transaction_id": "string",
  "redirect_uri": "string"
}

Response codes

StatusDescription
200Request executed successfully.
404Returned when the resource is not found.
400Returned when the request body is malformatted or does not match the expected request.
401Returned when the request does not contains the user’s credentials.
403Returned when the user does not have permission to access the resource.
500Returned when an unexpected error occured on the server side.

Retrieve the transfers

RetrieveTransfer returns the details of a fund transfer request. By specifying the ​transfer_id of the relevant transaction as a query parameter, only the record specific to that transfer will be retrieved. If no ​transfer_id​ is specified in the query parameter, the response will return ​all transaction records and list them from most recent to latest. Retrieved transaction records are paginated.

curl -X GET \
	https://docs.brank.as/v1/transfer \
	-H 'Authorization: Bearer USE_YOUR_TOKEN'

HTTP Request

GET https://docs.brank.as/v1/transfer

Responses

Response body

NameTypeDescription
transfers[]Transfertransfers are the transfers that match the filters of a request.
next_pageint32next_page is the number of the next page that can be returned. if it is 0, there are no more pages available.
Objects
Transfer
NameTypeDescription
statusStatusstatus indicates the current status of the transfer.
fromAccountInfofrom is the source account information. Make sure the bank code on this field is set, this bank will be used to initiate the transfer.
toDestinationAccountInfoto is the destination account information.
amountAmountamount is the transaction amount to be transferred from the source account to the destination account.
user_memostringuser_memo is a user defined remarks attached to the transfer in the memo line (e.g. RRN).
bank_memostringbank_memo is a bank-supplied memo line (e.g. confirmation number, payment reference code, or transaction ID of the fund transfer).
createdTimestampcreated is a timestamp when the transfer transaction was initiated.
completedTimestampcompleted is a timestamp when the transfer transaction was fully processed.
payment_channelstringpayment channel is the desired payment channel to be used for inter-bank fund transfers. Allows for the selection of established payment networks, clearing houses, or settlement partners to be used in order to facilitate an inter-bank fund transfer.
settlementSettlementsettlement displays initial confirmation details for inter-bank fund transfer transactions from settlement partners and clearing services, indicating that the fund transfer has been received by the service and that the settlement will be carried out.
customerCustomercustomer is the end user’s identifying and contact information that allows transactions to be attributed to a specific end user.
transfer_idstringtransfer_id is the internal transfer transaction identifier.
updatedTimestampupdated is the timestamp when the transfer was modified.
reference_idstringreference_id is the client identifier for an invoice object.
bank_ref_codestringbank_ref_code is the code assigned by bank to track the transaction.
org_idstringOrgID is the unique organization identifier.
AccountInfo
NameTypeDescription
typeAccountInfoTypeThe type of info relating to a bank transfer account.
bank_codeBankCodeBrankas bank code. Only present when type is ​BANK​. Bank Codes differ depending on whether they are used as the ​source​ or the destination​ of a funds transfer. For the full list and details on bank codes, please see the Bank Codes​ section.
account_numberstringAccountNumber is a bank account number.
identifierstringA unique account Id, profile Id or the bank account number depending on the type.
holder_namestringThe name of the account holder.
countryCountryISO3166The country where the end user’s bank is based using ISO 3166 Alpha-2 country codes. Currently supports: Indonesia: ​ID and Philippines: ​PH.
DestinationAccountInfo
NameTypeDescription
typeAccountInfoTypeType is the account info type.
bank_codeDestinationBankCodeBankCode is a bank code. Only present when type is BANK.
account_numberstringAccountNumber is a bank account number.
identifierstringIdentifier is a unique account ID, profile ID, or the bank account number and is interpreted based on the account info type.
holder_namestringHolderName is the name of the account holder. This field is DEPRECATED in favor of the HolderFirstName, HolderMiddleName and HolderLastName which we join to come up with a full name.
holder_first_namestringHolderFirstName is the first name of the account holder.
holder_middle_namestringHolderMiddleName is the middle name of the account holder.
holder_last_namestringHolderLastName is the last name of the account holder.
email_addressstringEmailAddress is the destination user email address.
mobile_country_codestringMobileCountryCode is the mobile country dial code.
mobile_numberstringMobileNumber is the destination user mobile number.
address_line1stringAddressLine1 is the user destination address information.
address_line2stringAddressLine1 is the user destination address additional information.
citystringCity is the user destination residential city.
statestringState is the user destination residential state.
countrystringCountry is the user destination residential country.
Amount
NameTypeDescription
curCurrencyISO4217Cur is the currency.
numstringNum is the numeric value.
Timestamp
NameTypeDescription
secondsint64
nanosint32
Settlement
NameTypeDescription
settlement_idstringID represents the settlement ticket/request on the settlement partner’s system.
settlement_response_idstringResponseID is the ID that a settlements partner attaches to each settlement status update POST from their systems
settlement_response_codeSettlementResponseCodeSettlementResponseCode is the response code sent by a settlements partner indicating the status of the settlement item.
settlement_response_statusstringStatus the human-readable status of the response code.
settlement_timestampTimestampTimestamp is the ID that a settlement partner attaches to each settlement status update POST from their systems
Customer
NameTypeDescription
fnamestringThe end user’s first name.
lnamestringThe end user’s last name.
mnamestringThe end user’s middle name.
emailstringThe customer’s contact email.
mobilestringThe end user’s mobile phone number.
phonestringPhone is the customer’s Landline number.
customer_idstringAn additional user identifier, such as a UUID, that the Brankas client can optionally add to the customer object.
Enums
Status

Status​ is the possible statuses of a transfer or account listing operation.

ValueDescription
PENDINGPending operation.
AWAITING_TFAAwaiting TFA authentication.
SUCCESSSuccessful operation.
ERRORError during operation.
LOGIN_ERRORLogin Error.
INVOICE_CREATEDCheckout invoice created.
AWAITING_LOGINLogin in progress.
AWAITING_LOGIN_TFAAwaiting login TFA Authentication.
AWAITING_ACCOUNT_SELECTAwaiting account selection.
AWAITING_TRANSFER_TFAAwaiting transfer TFA Authentication.
IN_PROGRESSTransfer is in progress.
AccountInfoType

AccountInfoType is the type of info relating to a bank transfer account.

ValueDescription
AccountInfoTypeUNKNOWNUnrecognised info type.
ACCOUNTAccount type.
PROFILEProfile type.
BANKBank type.
MSISDNPhone number type.
BankCode
ValueDescription
UNKNOWN_BANK
MANDIRI_PERSONALPT. Bank Mandiri (Persero), TBK.
BCA_PERSONALPT. Bank Central Asia, TBK.
BNI_PERSONALPT. Bank Negara Indonesia (Persero), TBK.
BRI_PERSONALPT. Bank Rakyat Indonesia (Persero), TBK.
BCA_CORPORATE
DUMMY_BANK_PERSONALBrankas Bank. A test bank that you can make sandboxed calls to as part of integration testing.
BDO_PERSONALBanco De Oro Unibank, Inc. (BDO).
BPI_PERSONALBank of the Philippine Islands (BPI).
KASIKORNBANK_PERSONAL
PNB_PERSONALPhilippine National Bank (PNB).
UNIONBANK_PERSONAL
UNIONBANK_CORPORATE
METROBANK_PERSONALThe Metropolitan Bank and Trust Company (Metrobank).
RCBC_PERSONALThe Rizal Commercial Banking Corporation (RCBC).
CLRB_PERSONALCebuana Lhuillier Rural Bank (CLRB).
DUMMY_BANK_BCA_PERSONALBCA dummy bank that can make sandboxed calls as part of integration testing. (DEPRECATED)
CountryISO3166
ValueDescription
Unknown
ID
PH
DestinationBankCode
ValueDescription
UNKNOWN_DESTINATION_BANK
DUMMY_BANK_DESTINATION
ID_BCA
ID_BCA_SYR
ID_BNI
ID_BNI_SYR
ID_BRI
ID_BRI_SYR
ID_MANDIRI
ID_MANDIRI_SYR
ID_BTN
ID_BTN_SYR
ID_PERMATA
ID_PERMATA_SYR
ID_DNMN
ID_DNMN_SYR
ID_BTPN
ID_BTPN_SYR
ID_OCBC
ID_OCBC_SYR
ID_MAYBANK
ID_MAYBANK_SYR
ID_CIMB
ID_CIMB_SYR
ID_PAN
ID_PAN_SYR
ID_MEGA
ID_MEGA_SYR
ID_BKP
ID_BKP_SYR
ID_DKI
ID_DKI_SYR
ID_BJB
ID_BJB_SYR
ID_JATIM
ID_JATIM_SYR
ID_HSBC
ID_DBS
ID_STAN
ID_UOB
ID_CITI
PH_BDO
PH_BPI
PH_BPIF
PH_METRO
PH_PNB
PH_PNBS
PH_RCBC
PH_RCBCS
PH_SB
PH_SBS
PH_UB
PH_CLRB
PH_GXI
PH_GBY
PH_LBP
PH_PMP
PH_PSB
PH_RSB
PH_CB
PH_CBS
TH_KBANK
DUMMY_INTERBANK_DESTINATION
PH_ALLBANK
PH_SUNSB
PH_STERLING
PH_MBSMB
PH_AUB
PH_BOC
PH_MAYBANK
PH_PBCOM
PH_CTBC
PH_EWB
PH_EQB
PH_OMNIPAY
PH_UCPB
PH_PHILTRUST
PH_WDB
PH_DUNGGANUN
PH_UCPBSB
PH_ISLA
PH_PRBC
PH_PBB
PH_PVB
PH_YSBP
PH_MABUHAY
PH_CTBCPH
PH_ING
PH_QCRB
PH_BDONB
PH_EWBRB
CurrencyISO4217

CurrencyISO4217 iso is the 3 digit currency that will be used as standard currency type on fast checkout. see: https://en.wikipedia.org/wiki/ISO_4217

ValueDescription
UNKNOWN_CURRENCY
AFN
EUR
ALL
DZD
USD
AOA
XCD
ARS
AMD
AWG
AUD
AZN
BSD
BHD
BDT
BYR
BZD
XOF
BMD
BTN
BOV
BAM
BWP
NOK
BRL
SGD
BGN
BIF
KHR
XAF
CAD
CVE
KYD
CLP
CNY
COP
KMF
CDF
NZD
CRC
HRK
CUC
CZK
DKK
DJF
DOP
EGP
ERN
ETB
FKP
FJD
XPF
GMD
GEL
GHS
GIP
GTQ
GBP
GNF
GYD
HNL
HKD
HUF
ISK
INR
IDR
IRR
IQD
IMP
ILS
JMD
JPY
JEP
JOD
KZT
KES
KPW
KRW
KWD
KGS
LAK
LBP
LSL
LRD
LYD
CHF
MKD
MGA
MWK
MYR
MVR
MRO
MUR
MXN
MDL
MNT
MAD
MZN
MMK
NAD
NPR
ANG
NIO
NGN
OMR
PKR
PGK
PYG
PEN
PHP
PLN
QAR
RON
RUB
RWF
WST
STD
SAR
RSD
SCR
SLL
SBD
SOS
ZAR
SSP
LKR
SHP
SDG
SRD
SZL
SEK
SYP
TWD
TJS
TZS
THB
TOP
TTD
TND
TRY
TMT
UGX
UAH
ARE
UYU
UZS
VUV
VEF
VND
YER
ZRN
ZMW
SettlementResponseCode
ValueDescription
UNKNOWN_CODE
GR001
GR011
GR032
GR036
GR092
RM021
RM022
RM036

Example:

{
  "transfers": [
    {
      "status": "Status",
      "from": {
        "type": "AccountInfoType",
        "bank_code": "BankCode",
        "account_number": "string",
        "identifier": "string",
        "holder_name": "string",
        "country": "CountryISO3166"
      },
      "to": {
        "type": "AccountInfoType",
        "bank_code": "DestinationBankCode",
        "account_number": "string",
        "identifier": "string",
        "holder_name": "string",
        "holder_first_name": "string",
        "holder_middle_name": "string",
        "holder_last_name": "string",
        "email_address": "string",
        "mobile_country_code": "string",
        "mobile_number": "string",
        "address_line1": "string",
        "address_line2": "string",
        "city": "string",
        "state": "string",
        "country": "string"
      },
      "amount": {
        "cur": "CurrencyISO4217",
        "num": "string"
      },
      "user_memo": "string",
      "bank_memo": "string",
      "created": {
        "seconds": "int64",
        "nanos": "int32"
      },
      "completed": {
        "seconds": "int64",
        "nanos": "int32"
      },
      "payment_channel": "string",
      "settlement": {
        "settlement_id": "string",
        "settlement_response_id": "string",
        "settlement_response_code": "SettlementResponseCode",
        "settlement_response_status": "string",
        "settlement_timestamp": {
          "seconds": "int64",
          "nanos": "int32"
        }
      },
      "customer": {
        "fname": "string",
        "lname": "string",
        "mname": "string",
        "email": "string",
        "mobile": "string",
        "phone": "string",
        "customer_id": "string"
      },
      "transfer_id": "string",
      "updated": {
        "seconds": "int64",
        "nanos": "int32"
      },
      "reference_id": "string",
      "bank_ref_code": "string",
      "org_id": "string"
    }
  ],
  "next_page": "int32"
}

Response codes

StatusDescription
200Request executed successfully.
404Returned when the resource is not found.
400Returned when the request body is malformatted or does not match the expected request.
401Returned when the request does not contains the user’s credentials.
403Returned when the user does not have permission to access the resource.
500Returned when an unexpected error occured on the server side.