TPP API documentation

Fire ASPSP information

We recommend the use of the Forgerock test facility.

Open banking API version  
v3.1

Auto-registration supported  
Yes – https://dia-api.fire.com/tpp/register

Base API DNS URL 
https://dia-api.fire.com

x-fapi-financial-id
CPAY

Logo URL 

https://siteapi.fire.com/wp-content/uploads/2024/07/Fire-logo-white-with-TM_large.png

https://siteapi.fire.com/wp-content/uploads/2024/07/Fire-logo-dark-violet-with-TM_large.png

OpenID config endpoint 
Generic – https://dia.fire.com/.well-known/openid-configuration
Personal accounts – https://dia.fire.com/personal/.well-known/openid-configuration
Business accounts – https://dia.fire.com/business/.well-known/openid-configuration

Payload signing cert location 
https://dia.fire.com/.well-known/jwks.json

The open banking specification for registering with Account Servicing Payment Service Providers (ASPSPs) is available on the open banking confluence.

Fire supports dynamic client registration (DCR), and uses tls_client_auth for registration endpoint authentication. The certificate used must match the certificate specified in your registration request (specified in the tls_client_auth_dn field), and must be present in your JWKS file.

Please use RFC1779 format when specifying Distinguished Names (DNs) of your certificates. e.g. CN=dia-api.fire.com, O=Fire Financial Services Limited, OID.2.5.4.97=PSDIE-CBI-C58301, L=Dublin, ST=Dublin, C=IE, OID.2.5.4.5=464819, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IE. This is generally available as an option in most programming languages – e.g. for Java:

transportCert.getSubjectX500Principal().getName(X500Principal.RFC1779);

The OpenID configuration at https://dia.fire.com/.well-known/openid-configuration specifies the various endpoints and algorithms supported by Fire.

Fire accepts SSAs signed by open banking or self-signed. If you are providing a self-signed SSA, create it as follows and sign it using your eIDAS QSealC key. All fields are required.

{
"iss": "Must match the organizationIdentifier (OID.2.5.4.97) from your eIDAS QSealC - e.g. PSDIE-CBI-C58301",
"org_jwks_endpoint": "A HTTPS URI pointing to your eIDAS QSealC public key in JWKS format",
"software_client_name": "Provide a name for the client. Will be visible to PSUs.",
"software_logo_uri": "A HTTPS URI to a PNG/JPG formatted logo for this client/company",
"org_id": "Must match the iss field above - e.g. PSDIE-CBI-C58301",
"org_name": "Must match the Organization Name (O) field in the eIDAS QSealC - e.g. Fire Financial Services Limited",
"jti": "Unique JWT ID"
}

Fire uses tls_client_auth for token endpoint authentication. The certificate used must match the certificate specified in your Application registration request (specified in the tls_client_auth_dn field), and must be present in your JWKS file.

The token endpoint at https://dia.fire.com/oauth/token is used to retrieve access tokens.

Access token for consent request.

Use a client_credentials grant with tls_client_auth to retrieve the access token.

Fire access tokens are in JWT format, and expire in 600 seconds.

Fire’s account information APIs enable you to access accountholder details, account information, balances and transaction history for Fire business and personal PSUs.

The list of the PSU’s payees/beneficiaries and direct debit mandates is also available.

See the Open Banking Confluence page for Account Information API specifications.

The /accounts endpoint is paginated and will return a max of 25 accounts per page.

The /balances endpoint is paginated and will return a max of 25 accounts per page.

The /transactions and /accounts/{accountId}/transactions endpoints are paginated and will return a max of 25 transactions per page.

The /beneficiaries endpoints are paginated and will return a max of 25 beneficiaries per page.

The /accounts/{accountId}/beneficiaries endpoint will return only beneficiaries of the same currency as the account specified. For example, if {accountId} is a sterling account, only sterling beneficiaries will be returned.

Fire beneficiaries are not tied to an account, so every account of the same currency will return the same list of beneficiaries.

The /direct-debits and /accounts/{accountId}/direct-debits endpoints are paginated and will return a max of 25 mandates per page.

The /party endpoint will return the details of the user who has signed into Fire and provided the consent.

The /accounts/{accountId}/party endpoint provides the details of the account name for the specified Fire account.

Fire does not provide these endpoints.

Fire’s payment initiation APIs enable you to initiate payments from a business or personal PSU account.

See the open banking confluence page for payment initiation API specifications.

All Fire payments – either in euro or sterling – are domestic payments. It is only possible to initiate euro payments from Fire euro accounts and sterling payments from Fire sterling accounts.

Fire does not currently support standing orders or scheduled payments.

Fire treats the references and identifiers in the payment request as follows:

Initiation/EndToEndIdentification – at present it is not possible for the EndToEndIdentification to be passed in the payment. We are working on a fix for this.
Initiation/InstructionIdentification – ignored.
Initiation/RemittanceInformation/Unstructured – ignored.
Initiation/RemittanceInformation/Reference – this will appear on the payer and payee’s statement.
Initiation/CreditorAccount/Name – will be displayed on the Fire PSU’s statement as the payee name.

Fire’s confirmation of funds API enables you to obtain a Yes/No response indicating whether or not funds are available for a particular payment.

See the open banking confluence page for confirmation of funds API specifications.

Fire currently does not provide the event notification API.

Dedicated API for TPP developers

Fire ASPSP information

Discovery and application registration

Token exchange

Access token for consent request.

Account information

Payment initiation

Confirmation of funds

Event notification