enable-banking-faq-best-practices
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseEnable Banking FAQ Best Practices
Enable Banking FAQ最佳实践
Overview
概述
Use this skill for FAQ-driven implementation guidance and recurring Enable Banking edge cases. For endpoint shapes use ; for Control Panel setup use ; for sandbox behavior use ; for widgets use .
enable-banking-apienable-banking-control-panelenable-banking-sandboxenable-banking-ui-widgets本技能用于提供FAQ驱动的实施指导,解决Enable Banking常见的边缘情况问题。如需了解端点结构,请使用;如需了解控制面板设置,请使用;如需了解沙盒行为,请使用;如需了解组件,请使用。
enable-banking-apienable-banking-control-panelenable-banking-sandboxenable-banking-ui-widgetsWorkflow
工作流程
- Identify the topic: onboarding/compliance, ASPSP identity, account/balance data, transactions, PSU headers/rate limits, auth/session, language/UX, payments, TPP infrastructure, or sandbox.
- Read references/faq-best-practices.md for the relevant topic.
- Translate the FAQ into concrete product behavior, error handling, data modeling, or user messaging.
- Preserve Enable Banking error bodies and operational identifiers so issues can be correlated with Control Panel request logs.
- 确定主题:入职/合规、ASPSP身份、账户/余额数据、交易、PSU请求头/速率限制、认证/会话、语言/UX、支付、TPP基础设施或沙盒。
- 阅读相关主题的references/faq-best-practices.md文档。
- 将FAQ转化为具体的产品行为、错误处理、数据建模或用户提示信息。
- 保留Enable Banking错误体和运营标识符,以便与控制面板请求日志关联问题。
Core Rules
核心规则
- Do not share Enable Banking JWTs or private keys with end users. JWTs identify the application and can access all sessions/payments belonging to that app.
- Base business logic on API codes, not only HTTP status codes.
error - Treat ASPSP name + country as the ASPSP identity; dynamically refresh ASPSPs before reconnect flows.
- Use for transaction matching when available; do not use
entry_referenceas a stable transaction identifier.transaction_id - Handle continuation keys until absent, even if a page contains an empty transaction list.
- For online user-triggered data fetches, provide all required PSU headers; for background fetches, provide none.
- Handle even when
EXPIRED_SESSIONis in the future by prompting reauthorization.valid_until - Do not run Enable Banking authorization in iframes. Avoid mobile WebViews unless they are explicitly configured for external redirects/deep links; prefer the system browser.
- Treat account currency, multiple balances, missing fields, beta ASPSPs, and variable transaction history as normal integration realities.
XXX
- 不要与最终用户共享Enable Banking JWT或私钥。JWT用于标识应用程序,可访问该应用所属的所有会话/支付。
- 基于API的代码构建业务逻辑,而非仅依赖HTTP状态码。
error - 将ASPSP名称+国家作为ASPSP身份标识;在重新连接流程前动态刷新ASPSPs信息。
- 若可用,使用进行交易匹配;不要将
entry_reference作为稳定的交易标识符。transaction_id - 持续处理续键直到其不存在,即使某一页的交易列表为空。
- 对于用户触发的在线数据获取,提供所有必需的PSU请求头;对于后台数据获取,不提供任何PSU请求头。
- 即使在未来,也要处理
valid_until,提示用户重新授权。EXPIRED_SESSION - 不要在iframe中运行Enable Banking授权流程。除非已明确配置外部重定向/深度链接,否则避免使用移动WebView;优先使用系统浏览器。
- 将账户币种、多余额、缺失字段、beta版ASPSPs以及可变交易历史视为正常的集成现实。
XXX
Project Placement
项目部署建议
When applying this in an application:
- Put robust API semantics and retry/session logic in backend services.
- Put persisted session/account/transaction/payment state behind a database/data-access boundary.
- Keep UI messaging in frontend code, but avoid leaking low-level banking internals unless useful for user recovery.
- Use Control Panel request IDs and Enable Banking IDs in logs for support correlation, while redacting credentials, JWTs, private keys, authorization codes, and PSU headers.
在应用中实施本最佳实践时:
- 将稳健的API语义及重试/会话逻辑置于后端服务中。
- 将持久化的会话/账户/交易/支付状态存储在数据库/数据访问边界之后。
- 将UI提示信息放在前端代码中,但除非对用户恢复操作有用,否则避免暴露底层银行内部细节。
- 在日志中使用控制面板请求ID和Enable Banking ID以关联支持问题,同时对凭证、JWT、私钥、授权码和PSU请求头进行脱敏处理。