enable-banking-api
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseEnable Banking API
Enable Banking API
Overview
概述
Use this skill to implement Enable Banking API integrations without rediscovering the auth model, redirect flows, endpoint shapes, or common PSD2/PSU header requirements.
使用本技能可实现Enable Banking API集成,无需重新研究认证模型、重定向流程、端点结构或PSD2/PSU通用头要求。
Workflow
工作流程
- Identify the requested service:
- AIS: ASPSP discovery, , redirect callback,
POST /auth, account details, balances, and transactions.POST /sessions - PIS: ASPSP discovery, , redirect callback, payment status, payment transaction details, optional webhooks.
POST /payments - Misc: ,
GET /aspsps, JWT generation, app registration, or error handling.GET /application
- AIS: ASPSP discovery,
- Keep private keys and generated JWTs server-side only. Never expose them in React clients, mobile apps, logs, or bundled code.
- Read references/api-reference.md for endpoint paths, request/response shapes, status codes, and schema notes.
- Read references/typescript-node.md when implementing a TypeScript/Node client, route handler, RPC procedure, or service-layer integration.
- Use scripts/create-jwt.mjs when a deterministic local JWT is needed for manual testing or curl examples.
- 确定请求的服务:
- AIS: ASPSP发现、、重定向回调、
POST /auth、账户详情、余额及交易。POST /sessions - PIS: ASPSP发现、、重定向回调、支付状态、支付交易详情、可选Webhooks。
POST /payments - 其他: 、
GET /aspsps、JWT生成、应用注册或错误处理。GET /application
- AIS: ASPSP发现、
- 私钥和生成的JWT仅保留在服务器端。切勿在React客户端、移动应用、日志或打包代码中暴露它们。
- 阅读references/api-reference.md获取端点路径、请求/响应结构、状态码及模型说明。
- 当实现TypeScript/Node客户端、路由处理器、RPC过程或服务层集成时,阅读references/typescript-node.md。
- 当需要确定性本地JWT用于手动测试或curl示例时,使用scripts/create-jwt.mjs。
Core Rules
核心规则
- Base URL: use . Treat
https://api.enablebanking.comas deprecated.https://api.tilisy.com - Auth: every API request uses .
Authorization: Bearer <JWT> - JWT: sign with RS256 using the application private RSA key. Header must include ,
typ: "JWT", andalg: "RS256". Payload must includekid: <application_id>,iss: "enablebanking.com",aud: "api.enablebanking.com", andiat.exp - Token TTL: never exceed 86400 seconds.
- Application registration: sandbox and production applications are separate. Sandbox applications are activated automatically; production requires activation/formalities and PIS requires a PISP license.
- Redirect callbacks: verify before exchanging codes or trusting a payment return.
state - AIS callback success returns a query parameter; exchange it with
code.POST /sessions - PIS callback success is indicated by absence of ; fetch payment status before treating payment as final.
error - PSU headers: when an ASPSP requires PSU headers, provide all required headers or none. Partial PSU header sets can cause .
PSU_HEADER_NOT_PROVIDED
- 基础URL: 使用。将
https://api.enablebanking.com视为已废弃。https://api.tilisy.com - 认证: 每个API请求均使用。
Authorization: Bearer <JWT> - JWT: 使用应用私钥通过RS256签名。头部必须包含、
typ: "JWT"和alg: "RS256"。负载必须包含kid: <application_id>、iss: "enablebanking.com"、aud: "api.enablebanking.com"和iat。exp - 令牌有效期: 切勿超过86400秒。
- 应用注册: 沙箱和生产应用相互独立。沙箱应用自动激活;生产应用需要激活/正式手续,且PIS需要PISP许可证。
- 重定向回调: 在交换代码或信任支付返回前,验证参数。
state - AIS回调成功会返回查询参数;通过
code交换该参数。POST /sessions - PIS回调成功以无参数为标志;在确认支付完成前需获取支付状态。
error - PSU头: 当ASPSP要求PSU头时,需提供所有必填头或不提供任何头。部分PSU头集合可能导致错误。
PSU_HEADER_NOT_PROVIDED
Project Placement
项目部署
When adding Enable Banking to an application:
- Keep transport routes thin; place Enable Banking domain behavior in server-side service modules.
- Keep secrets and server-only environment access in backend configuration. Do not put private keys or app IDs in web-visible env vars.
- Keep direct database access behind repositories or data-access modules; store sessions, account mappings, and payment status through those boundaries.
- Add reusable client/types near API service code unless multiple apps need direct reuse.
当在应用中添加Enable Banking集成时:
- 保持传输路由精简;将Enable Banking领域逻辑置于服务器端服务模块中。
- 将密钥和仅服务器端环境访问权限放在后端配置中。请勿将私钥或应用ID置于Web可见的环境变量中。
- 将直接数据库访问置于仓储或数据访问模块之后;通过这些边界存储会话、账户映射及支付状态。
- 除非多个应用需要直接复用,否则将可复用的客户端/类型放在API服务代码附近。
Local JWT Helper
本地JWT工具
Generate a bearer token for manual testing:
bash
node .agents/skills/enable-banking-api/scripts/create-jwt.mjs \
--app-id "$ENABLE_BANKING_APP_ID" \
--private-key ./private.keyUse to shorten the default 3600-second TTL.
--ttl-seconds生成用于手动测试的Bearer令牌:
bash
node .agents/skills/enable-banking-api/scripts/create-jwt.mjs \
--app-id "$ENABLE_BANKING_APP_ID" \
--private-key ./private.key使用参数缩短默认的3600秒有效期。
--ttl-seconds