GetALoan 1.0.1

Description

Functionality

This API will allow third party applications to obtain information, in the customer's name, about the pre-approved loans that Santander could offer to a customer and that customer could contract.

To get this information, previously the client have to give his consent to the third party application to obtain his information in his name. So the client have to complete the consent process and obtain an OAuth Access Token which allows the application to use the API. The security requirements are detailed in the next section.

Security

The security of the API is based on the use of the OAuth protocol. Specifically, the Authorization Code flow is used for requesting the Access Token . To obtain this token, the steps to be follown are:

1. Request Authorization: Call the Authorize API and follow the consent flow to obtain the CODE (See Authorize API documentation)

2. Get Access Token: Call the OAuth Server for exchanging the CODE for an Access Token and a Refresh Token:

  Sandbox: POST https://auth-sandbox.bancosantander.es/oauth/token
  Live: POST https://auth.bancosantander.es/oauth/token

Type	Name	Value	Observations
Header	Authorization	Basic TOKEN	ClientID:ClientSecret in BASE64
Parameter	grant_type	authorization_code	Fixed value
Parameter	redirect_uri	REDIRECT_URI	Indicated when the application is registered
Parameter	code	CODE	Obtained in the consent process

3. Renew Access Token: Access Tokens expires in 10 minutes so for getting a new one the OAuth Server have to be called again for exchanging the Refresh Token for an Access Token:

  Sandbox: POST https://auth-sandbox.bancosantander.es/oauth/token
  Live: POST https://auth.bancosantander.es/oauth/token

Type	Name	Value	Observations
Header	Authorization	Basic TOKEN	ClientID:ClientSecret in BASE64
Parameter	grant_type	refresh_token	Fixed value
Parameter	refresh_token	REFRESH_TOKEN	Obtained at step 2

Scopes

The scopes are the permission which a third party application could request to the client and are used when the Authorize API is called. Then the scopes available for this API are shown:

- loancheck.read: Allows to get the pre-approved loans information for a specific client.

Sandbox Response

Because this is a test environment, the API's behaviour is the following:

- The security flow have to be fully completed. This means that an existing Sandbox user is necessary to log into the Santander application and finish the consent process. This Sandbox user is not a real one and it could be only used in this environment.

- The response is as close as possible to the real response, but the urls to contract the loans and the values aren't necessarily real. The API get the possible loans that could be contracted for the user who logged into the Santander application.

Live Response

In a live environment the API's behaviour is the following:

- The security flow have to be fully completed. This means that a valid Live user is necessary to log into the Santander application and finish the consent process.

- The response is the one expected in a Live environment. The API get the possible loans that could be contracted for the user who logged into the Santander application. The user have to be a real one that is registered in Santander website.

Endpoints

production

https://apis-sandbox.bancosantander.es/canales-digitales/sb

Paths

/pre-approved_loan_check

Summary

Endpoint to get available loans

Description

Endpoint that retrieves the pre-approved loans that a client could contract. The result of this endpoint is a list of each type of loan that a customer is allowed to contract and the maximum amount that the customer could take.

Security

clientIdHeader

X-IBM-Client-Id

(apiKey located in header)

Parameters

Authorization

Required in header

string

Security header that contains the Oauth Access Token

Optional in header

string

application/json

Responses

200

200 OK

preApprovedLoans

401

401 Unauthorized

errorOutput

404

404 Not Found

{
    "schema": {
        "type": "object"
    }
}

429

429 Too Many Requests

{
    "schema": {
        "type": "object"
    }
}

500

500 Internal Server Error

errorOutput

503

Service Unavailable

errorOutput

Example Request

Example Response

Definition

GET https://apis-sandbox.bancosantander.es/canales-digitales/sb/me/pre-approved_loan_check

Response

Try this operation

https://apis-sandbox.bancosantander.es/canales-digitales/sb/me/pre-approved_loan_check

Headers

Authorization

Request

Response

Definitions

preApprovedLoans

The API response format

{
    "properties": {
        "HaveLoan": {
            "type": "string",
            "description": "Value that indicates if a client has or not any loan to contract. The allowed values are Y (Yes) and N (No)",
            "example": "Y"
        },
        "PreApprovedLoansList": {
            "$ref": "#/definitions/preApprovedLoansList",
            "description": "List of loans for a specified user"
        }
    },
    "additionalProperties": false
}

preApprovedLoansList

Loans list that the user is allowed to contract

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/preApprovedLoanDetails"
    }
}

preApprovedLoanDetails

The information of a single loan

{
    "properties": {
        "PreApprovedLoanTypeID": {
            "type": "string",
            "description": "Loan type ID. There are four type ID's (1001 , 1002, 2001 and 3001)",
            "example": "2001"
        },
        "PreApprovedLoanTypeDescription": {
            "type": "string",
            "description": "Type of loan. There are four types of loan to offer (Loans, Small Loans, Credit Cards and Credit Accounts)",
            "example": "Credit Cards"
        },
        "PreApprovedLoanAmountMax": {
            "type": "number",
            "format": "double",
            "description": "Maximum pre-approved loan amount for a given loan type",
            "example": 1000
        },
        "PreApprovedLoanAmountCurrency": {
            "type": "string",
            "description": "Currency of the amount values",
            "example": "EUR"
        },
        "LoanRequestURL": {
            "type": "string",
            "description": "Url that redirects the customer to a personalized page of his Santander bank and where he will be able to start the process to hire a loan",
            "example": "https://apiws.santander.pre.corp/credito.html"
        }
    },
    "additionalProperties": false
}

errorOutput

The errors occured

{
    "properties": {
        "errors": {
            "$ref": "#/definitions/errorList",
            "description": "List of errors to be shown"
        }
    },
    "additionalProperties": false,
    "required": [
        "errors"
    ]
}

error

Single error information

{
    "properties": {
        "code": {
            "type": "string",
            "description": "Alphanumeric error code"
        },
        "message": {
            "type": "string",
            "description": "Biref summary of the issue"
        },
        "level": {
            "type": "string",
            "description": "Level of the issue (info, warning, error)"
        },
        "description": {
            "type": "string",
            "description": "Details of the issue"
        }
    },
    "additionalProperties": false
}

errorList

List of errors

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/error"
    }
}