Getting Started

API Products Catalog

In our catalog you will find the API Products available, with their description and an explanation of their functionality, as well as technical documentation for each API. To see the technical documentation, you have to be logged in.

Sign up

The API Products that you will find in our catalog are available for you to test in a Sandbox environment.

To do this, you just have to sign up. From the "Sign Up" button on our home page, complete the form. From there, you can access your account and manage your applications.

Register your application

In order to use our API Products in a Sandbox environment, you must follow the next steps:

  1. Log in.
  2. Create an app.
 

Application Name

You must indicate the name your application has or will have that will use our APIs. This name will be shown to the BCI client when they give consent.

Callback URL

Here you must inform the URL of your site to which the Oauth process ( BCI Access ) must return at the end.

Description

What is your application about?

PublicKey

Generate a pair of public and private keys, if you don't know how at the end of this guide there is a tutorial on how to do it. You must paste the public key in this form. Save the private one because you will use it when you consume the APIs from your application.

TppId

Complete with a 5-digit numeric value that will later be used to inform requests where required by the published APIs.

Associate the API Products that you are interested in consuming.

Test the integration of your application with the API Products in sandbox mode using the technical guides for each API Product.

Dashboard

By following these steps, you will successfully register your application. Then, you can go to your personal menu and select "My Applications". In this control panel you will see all the applications you have registered, the consults you have made, etc.

The most important thing about this section is that you will find here the App ID and App Secret ID, which are your credentials to use the BCI APIs.

API call guide

APIs with Bci Access Not Required

If the API Product you want to connect does not require authorization through Bci Access, such as Economic Indicators, the calling procedure would be as follows:

curl --location --request GET '

https://apiprogram.bci.cl/{environment}/v1/api-economic-indicators/list?query-date=2019-11-26' \

--header 'Content-Type: application/json' \

--header 'x-apikey: {{Your_API_KEY}}'

Where:

  • {{Your_API_KEY}} :  It is the App ID or also called Consumer Key that the API Market gives you when registering your application.
  • {{environment}} : [sandbox | prod]

APIs with Bci Access Required

To consume an API with Bci Access, called Private APIs, you must first obtain a code that is used to get an access token and then make the call to the API with it. Is critical that you remember that this code is valid for a specific user and for a limited time.


 

Step 1: Token request to access AccessRequest

    curl --location --request POST 'https://apiprogram.bci.cl/{{environment}}/v1/
    api-oauth/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'redirect_uri ={{CallbackUrl}}' \
    --data-urlencode 'client_assertion={{JWT_Oauth}}' \
    --data-urlencode 'grant_type=client_credentials' \
    --data-urlencode 'scope=access-requests'
    

Where the required parameters should be set:

Value

  • application/x-www-form-urlencoded

Required

  • Yes

Value

  • client_credentials

Required

  • Yes

Value

  • {{CallbackUrl}} Url specified as callback Url in the API Market for your application

Required

  • Yes

Value

  • {{scope}} scope for which an access is required. The values of "scopes" are detailed in the documentation particular of each product. In this case it is access-request

Required

  • Yes

Value

  • urn:ietf:params:oauth:client-assertion-type:jwt-beare

Required

  • Yes

Value

  • {{JWT_Oauth}} JWT signed with the corresponding private key to the public key loaded in the developer app. Fields: { "iss": "{{Your_API_KEY}}", "credentials": "{{Your_API_KEY_secret}}" } See how to generate a jwt token.

Required

  • Yes

Response:

    {
        "access_token": "{{access_token}}",
        "token_type": "Bearer",
        "expires_in": 3599
    }
    

Step 2: Call to AccessRequest

Use the access token obtained in the previous step to request start an Access Request process for the product (Scope) you want to consume. Example: customers.

    curl --location --request POST 'https://apiprogram.bci.cl/{{environment}}/v1/
    api-access-requests/requests' \
    --header 'Authorization: Bearer {{access_token}} \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "Data": {
            "TppId": "{{Your_TppId}}",
            "Scope": "{{scope}}"
        }
    }'
    

Where the required parameters should be set:

Value

  • Bearer {{access_token}}, {{access_token}} is the token received in the previous step

Required

  • Yes

Value

  • application/x-www-form-urlencoded

Required

  • Yes

Value

  • application/json

Required

  • Yes

Value

  • TppId: corresponds to the 5-digit identifier that you assigned to your application in the API Market.
    Scope: scope for which an access is required. The values of "scopes" are detailed in the specific documentation of each product. Example: "customers".

Required

  • Yes

Response (example):

    {
        "Request": {
            "RequestId": "5f6a1aa4a485c100076610cf",
            "CreationDateTime": "2020-09-22T12:27:23-03:00",
            "Data": {
                "TransactionFromDateTime": "2020-09-22T12:27:23-03:00",
                "TransactionToDateTime": "2021-03-21T12:27:23-03:00",
                "ExpirationDateTime": "2020-10-22T12:27:23-03:00"
            },
            "Status": "AwaitingAuthorization",
            "TppId": "{{Your_TppId}}",
            "Scope": "customers"
        }
    }
    

Step 3: Call to oAuth Authorize

Execute call to:

                                                        curl --location --request POST ‘https://apiprogram.bci.cl/{{environment}}/v1/
                                                        api-oauth/authorize?response_type=code&client_id={{Your_API_KEY}}&redirect_uri=
                                                        {{CallbackUrl}}&state={{uudiv1}}&nonce={{uuidv4}}&scope={{Scope}}&request=
                                                        {{JWT_Auth}}’
                                                        --header 'Content-Type: application/json' \
                                                        --header 'x-apikey:  {{Your_API_KEY}}'
                                                    

Where {{ environment }} : [sandbox | prod]

Value

  • code

Required

  • Yes

Value

  • {{your_API_Key}}: It is the API Key or also called Consumer Key that the API Market gives you when registering your application.

Required

  • Yes

Value

  • {{CallbackUrl}}: parameter that you specified as the callback url in the API Market for your application.

Required

  • Yes

Value

  • {{state}}: uuid v.1 generated for this transaction

Required

  • Yes

Value

  • {{nonce}}: uuid v.4 generated for this transaction

Required

  • Yes

Value

  • {{scope}} scope for which access is required. The values of "scopes" are detailed in the specific documentation of each product.

Required

  • Yes

Value

  • {{JWT_Auth}}: JWT signed with the private key corresponding to the public key loaded in
    the developer app.

    {
       "https://api.openbank.com",
       "code",
       "client_id":{{Your_API_KEY}},
       "redirect_uri": {{CallbackUrl}},
       "scope": {{scope}},
       "state": {{state}},
       "nonce": {{nonce}},
       "claims": {
          "id_token": {
             "openbanking_intent_id": {
             "value": "urn:openbank:intent:" + {{scope}} + {{requestId}},
             "essential": true
             },
          "acr": {
             "essential": true
             }
          }
       }
    }

    The values of the JWT fields Your_API_KEY, CallbackUrl, scope, state and nonce must
    be the same as ls sent in the url of the API call.

    See how to generate a JWT token.

Required

  • Yes

Value

  • application/json

Required

  • Yes

Value

  • {{tu_API_Key}}

Required

  • Yes

The response to this call is a 302 code that will redirect your site or app to the Bci ACCESS site of Bci. The client must complete the steps indicated and at the end of the process the same Bci Access will return to the redirection url that you indicated when registering your application (CallbackUrl) together with the client code required for the execution of the last step. This customer code lasts 30 days and will allow you to consume the product associated with the customer for which you made the process. We suggest you store it so you don't have to go through the Oauth process again.

Response:

                                                    {{CallbackUrl}}?code={{clientCode}}
                                                    

Sandbox Data:

To run the Bci Access app, enter a RUT (valid) and password (with value: 111222) in any of the three available banks.

 

Exception flows:

Two exception flows are presented so that you can visualize the error structure returned in these situations:

 

Step 4: Obtain the Authorization Token in OAuth

To finish, you must invoke the token method to generate the Authorization Token that will allow you to access the desired API.

                                                        curl --location --request POST 'https://apiprogram.bci.cl/{{environment}}/v1/
                                                        api-oauth/token' \
                                                        --header 'Content-Type: application/x-www-form-urlencoded' \
                                                        --data-urlencode 'grant_type=authorization_code' \
                                                        --data-urlencode 'redirect_uri={{CallbackUrl}}' \
                                                        --data-urlencode 'client_id={{Your_API_KEY}}’ \
                                                        --data-urlencode 'code={{codigoCliente}}' \
                                                        --data-urlencode 'scope={{scope}} \
                                                        --data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type
                                                        :jwt-bearer' \
                                                        --data-urlencode 'client_assertion={{JWT_Oauth}}'
                                                    

Where the required parameters should be set:

Value

  • application/x-www-form-urlencoded

Required

  • Yes

Value

  • authorization_code

Required

  • Yes

Value

  • {{CallbackUrl}}: Url that you specified as the callback url in the API Market for your application.

Required

  • Yes

Value

  • {{your_API_Key}}: It is the API Key or also called Consumer Key that the API Market gives you when registering your application.

Required

  • Yes

Value

  • {{clientCode}} Code obtained in the answer of Step 3.

Required

  • Yes

Value

  • {{scope}}: Scope for which an access is required. The values of "scopes" are detailed in the specific documentation of each product. Example: "customers"

Required

  • Yes

Value

  • urn:ietf:params:oauth:client-assertion-type:jwt-beare

Required

  • Yes

Value

  • {{JWT_Oauth}} JWT signed with corresponding private key
    to the public key loaded in the developer app.
    Fields:
    {
    "iss": "{{Your_API_KEY}}",
    "credentials": "Your_API_KEY_secret"
    }

    See how to generate a JWT token.

Required

  • Yes

Response (example):

    {
        "access_token": "PPTHdpasasfaguyrrWDH0RC56RBv",
        "token_type": "Bearer",
        "refresh_token": "GzXLmCagsmaiiaytinj0LzNp0IGy",
        "expires_in": 3599
    }
    

Optional Step: Obtain the Refresh Access Token to oAuth Authorize

In case of expiration of the Access Token obtained, it is possible to generate a new token from the refresh token (previously received)

POST /{{api_env}}/v1/api-oauth/token

Donde {{api_env}}: [sandbox | prod]

                                                        curl --location --request POST '{{host-endpoint}}/{api_env}/v1/api-oauth/token' \
                                                        --header 'Content-Type: application/x-www-form-urlencoded' \
                                                        --data-urlencode 'grant_type= refresh_token' \
                                                        --data-urlencode 'client_id={{LOrx7gHAMo4irOqWTSzrB5zNMRxgePJ}}' \
                                                        --data-urlencode 'client_secret={{cdysiRU6}}' \
                                                        --data-urlencode ' refresh_token={{ refresh_token }}'
                                                    

Where the required parameters should be set:

Value

  • code

Required

  • Yes

Value

  • {{your_API_Key}}: It is the API Key or also called Consumer Key that the API Market gives you when registering your application.

Required

  • Yes

Value

  • {{CallbackUrl}}: parameter that you specified as the callback url in the API Market for your application.

Required

  • Yes

Value

  • {{state}}: uuid v.1 generated for this transaction

Required

  • Yes

Value

  • {{nonce}}: uuid v.4 generated for this transaction

Required

  • Yes

Value

  • {{scope}} scope for which access is required. The values of "scopes" are detailed in the specific documentation of each product.

Required

  • Yes

Value

  • {{JWT_Auth}}: JWT signed with the private key corresponding to the public key loaded in
    the developer app.

    {
       "https://api.openbank.com",
       "code",
       "client_id":{{Your_API_KEY}},
       "redirect_uri": {{CallbackUrl}},
       "scope": {{scope}},
       "state": {{state}},
       "nonce": {{nonce}},
       "claims": {
          "id_token": {
             "openbanking_intent_id": {
             "value": "urn:openbank:intent:" + {{scope}} + {{requestId}},
             "essential": true
             },
          "acr": {
             "essential": true
             }
          }
       }
    }

    The values of the JWT fields Your_API_KEY, CallbackUrl, scope, state and nonce must
    be the same as those sent in the url of the API call.

    See how to generate a JWT token.

Required

  • Yes

Value

  • application/json

Required

  • Yes

Value

  • {{your_API_Key}}

Required

  • Yes

Response:

                                                    {
                                                        "access_token": "string",
                                                        "token_type": "string",
                                                        "refresh_token": "string",
                                                        "expires_in": 0,
                                                        "id_token": "string"
                                                    }
                                                    

All errors of our APIs will respond with the following return codes:

Value

  • application/x-www-form-urlencoded

Required

  • Yes

Value

  • authorization_code

Required

  • Yes

Value

  • {{CallbackUrl}}: Url that you specified as the callback url in the API Market for your application.

Required

  • Yes

Value

  • {{your_API_Key}}: It is the API Key or also called Consumer Key that the API Market gives you when you register your application.

Required

  • Yes

Value

  • {{clientCode}} Codigo obtenido en la respuesta del Paso 3.

Required

  • Yes

Value

  • {{scope}}: Scope for which an access is required. The values of "scopes" are detailed in the specific documentation of each product. Example: "customers"

Required

  • Yes

Value

  • urn:ietf:params:oauth:client-assertion-type:jwt-beare

Required

  • Yes

Value

  • {{JWT_Oauth}} JWT signed with corresponding private key
    to the public key loaded in the developer app.
    Fields:
    {
    "iss": "{{Your_API_KEY}}",
    "credentials": "Your_API_KEY_secret"
    }

    See how to generate a JWT token.

Required

  • Yes

Error Response Format:

    {
        "Error": {
        "Status": "string",
        "Code": "string",
        "Title": "string",
        "DeveloperMessage": "string",
        "Sources": {
            "Parameter": "string"
        }
        }
    }
    

How to generate JWT Token for call to oauth / token

The JWT Token required to invoke the api-oauth and obtain a token, must contain the following information:

This Access Request token must be signed by your RSA private key.

How to generate JWT Token for call to oauth / authorize

The JWT Token required to invoke the api-oauth authorize and obtain the client code, must contain the following information:

Where your payload must contain the API Key and Secret API Key credentials, delivered when registering an app in our portal.

This Access Request token must be signed by your RSA private key.

How to generate a public key and private key pair

The JTW mentioned in the previous step requires a private key. This can be generalized as follows.

Private key

Execute the following command in a console to generate your private key
openssl genrsa -out private.pem 2048

This will leave a file called private.pem in the path where you ran the command. The file will contain the string that corresponds to your key / private key. You will use this string to generate the JTW with which you will consume the APIs.

Public key

Execute the command in the console within the same path above: openssl rsa -in private.pem -outform PEM -pubout -out public.pem

This will leave a file called public.pem in the path where you ran the command. The file will contain the string that corresponds to your public key. You will use it to register your application here in the API Market.

GLOSSARY OF TERMS

SANDBOX ENVIRONMENT:Also called a test environment, it is an environment with the same characteristics as the production environment where APIs can be executed with dummy test data.

BCI ACCESS

Application that guarantees the authentication of Bci clients for the granting of consents to third parties on the use of personal information; as well as identity verification with a second security factor.