AlfabankAPI to work with Alpha Client On-line
Like many, one fine day there was an idea to automate business processes in their organization. Anyway, you can automate everything indefinitely, but the task of working with the bank seemed the most important and interesting. Before starting the study, it is worthwhile to present the requirements for the required API with which we go to communicate with the bank. At the first stage, it would be nice to establish a connection with the bank, get the current balance and a list of account transactions for a specified period.
Search for ready-made solutions from the banks gave little. Many banks have no such API in principle.
If everything is so bad, we will create our own APIwith blackjack and to achieve the goal. Since the author works with Alfa-Bank, the API will be based on the example of this bank, but I really hope that after reading, open development will begin for the rest.
Obviously, not having special tools for working with banks, you will have to communicate with them using the https protocol, which means we will receive and process the result in the form of html. To do this, stock the appropriate libraries.
The solution to our problem comes down to two main tasks. The first is to study how our browser communicates with the bank, and the second is to repeat what they see in our API. For most programmers, this will not be a big deal.
')
In order not to bore the boring code, we will only focus on building requests to the server for authorization. The example does not provide a way to get the necessary data from the html server responses. It is worth noting that the authorization does not use cookies.
It is time to check the results of our small API:
I hope this article will inspire you to create a better and more open API for various banks.
Github: AlfabankAPI
Friday everyone.
Search for ready-made solutions from the banks gave little. Many banks have no such API in principle.
If everything is so bad, we will create our own API
Obviously, not having special tools for working with banks, you will have to communicate with them using the https protocol, which means we will receive and process the result in the form of html. To do this, stock the appropriate libraries.
The solution to our problem comes down to two main tasks. The first is to study how our browser communicates with the bank, and the second is to repeat what they see in our API. For most programmers, this will not be a big deal.
')
Query analysis
- When loading the ibank.alfabank.ru/ALFAIBS32 page, we see that the response contains jsessionid, which is used in the next post-request.
- The second request uses jsessionid, and passes the command to load the authorization form.
Request:https: //ibank.alfabank.ru/ALFAIBS32/ControllerServlet; jsessionid = ...
Command: command & auth_loginByPasswordPage - With the return of the authorization form, we already receive OTOKey and a new session id, which is different from the first one, after which the system waits for the login and password.
- The last step is to send the authorization data, taking into account the new jsessionid and check the result. It looks something like this:
If everything went well, then we will find the next jsessionid in the server response, but this time it will be the last one and will be used in all subsequent requests. - You can check the success of authorization by trying to find the tag in the response:
<INPUT type='hidden' name='command' value='dashboard_preparePage'>
According to which is already loaded the main page of the office.
Development
In order not to bore the boring code, we will only focus on building requests to the server for authorization. The example does not provide a way to get the necessary data from the html server responses. It is worth noting that the authorization does not use cookies.
Query construction example
private void SetRequestData(HttpWebRequest request, string data) { var encoding = new ASCIIEncoding(); byte[] byte1 = encoding.GetBytes(data); request.ContentLength = data.Length; var stream = request.GetRequestStream(); stream.Write(byte1, 0, byte1.Length); stream.Close(); } public void Connect(string login, string password) { // 1. Get- sessionId1 var url = "https://ibank.alfabank.ru/ALFAIBS32/"; var request = (HttpWebRequest)HttpWebRequest.Create(url); var response = (HttpWebResponse)request.GetResponse(); // jsessionid // sessionId1 = … // 2. Post- jsessionid var controller = url +"ControllerServlet;jsessionid={0}"; url =string.Format(controller, sessionId1); request = (HttpWebRequest)HttpWebRequest.Create, url); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; SetRequestData(request, "command=auth_loginByPasswordPage"); response = (HttpWebResponse)request.GetResponse(); // otokey jsessionid // var otokey = … // sessionId2 = … // 3. url =string.Format(controller, sessionId2); request = (HttpWebRequest)HttpWebRequest.Create, url); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; var postData = string.Format( "command=auth_loginByPassword&username={0}&password{1} " + "&null_div_expanded=false&OTOKey={2}", login, password, otokey); SetRequestData(request, postData); response = (HttpWebResponse)request.GetResponse(); // Profit! } Result
It is time to check the results of our small API:
AlfabankAPI: Hello world!
class Program { static void Main(string[] args) { var api = new AlfabankAPI.AlfabankAPI(); api.Connect("k000000", "qwerty"); Console.WriteLine("Balance: {0}", api.GetBalance()); var date1 = new DateTime(2013, 9, 1); var date2 = DateTime.Now; var account = "40700000000000000000"; var operations = api.GetMovementOnAccount(account , date1, date2); foreach (var o in operations) Console.WriteLine("{0} {1} {2}", o.Number, o.DateSend, o.Amount); Console.ReadKey(); } } Conclusion
I hope this article will inspire you to create a better and more open API for various banks.
Github: AlfabankAPI
Friday everyone.
Source: https://habr.com/ru/post/196362/
All Articles