EPICS is a ruby implementation of the EBICS (Electronic Banking Internet Communication Standard).
It supports EBICS 2.5.
The client supports the complete initialization process comprising INI, HIA and HPB including the INI letter generation. It offers support for the most common download and upload order types (STA HAA HTD HPD PTK HAC HKD BKA C52 C53 C54 CD1 CDB CDD CCT VMK FDL FUL).
Add this line to your application's Gemfile:
gem 'epics'Or install it yourself as:
$ gem install epics
In case you are new to EBICS, you'll have to complete an initialization process with your bank. Epics can help you generate all necessary keys and directly store them for later use. But first you'll have to lift some contractually work with your bank.
Once the paperwork is done, your bank should provide you with:
- a URL to their EBICS Server
- a HOST ID
- a PARTNER ID
- n User IDs (depends on your bank and needs)
Take these parameters and start setting up an UserID (repeat this for every user you want to initialize):
e = Epics::Client.setup("my-super-secret", "https://ebics.sandbox", "EBICS_HOST_ID", "EBICS_USER_ID", "EBICS_PARTNER_ID", 4096)To use the keys later, just store them in a file
e.save_keys("/home/epics/my.key")
# or store the json elsewhere, but store it! for gods sake :DIt is really important to keep your keys around, once your user has been initialized you'll have to start over when you loose the keys!
Submit the keys to your bank:
e.INI # sends the signature key
e.HIA # sends the encryption and authentication keysThe next step is to print the INI letter and post it to your bank:
e.save_ini_letter( 'My Banks Name', "/home/epics/ini.html" )Open the generated HTML file in your favorite browser and print it (skipping header and footer sounds like a solid setting here ;). In case you're having difficulties with the encoding, try forcing your browser to use UTF-8.
Put the INI letter in an envelope and mail it to your bank!
Done! ... Well not completely :)
Once the bank confirms that your user is completely initialized, you'll have to download the public keys of your bank:
### see below for client creation
e.HPBThen again, save the keys or store the json somewhere safe.
You're now ready to go. Maybe try:
e.HAATo get a list of all supported order types.
We have many years of experience in developing innovative applications for the finance sector and integrating applications with financial institutions. - you might want to have a look at our portfolio If you need help we are happy to provide consulting or development services. Contact us: [email protected]
# read the keys from a file
e = Epics::Client.new(File.open('/tmp/my.key'), 'passphrase', 'url', 'host', 'user', 'partner')
# or provide a string hoding the key data
keys = File.read('/tmp/my.key')
e = Epics::Client.new(keys, 'passphrase', 'url', 'host', 'user', 'partner')You can choose to configure some default values like this
# For default values see `lib/epics.rb`
e = Epics::Client.new(keys, 'passphrase', 'url', 'host', 'user', 'partner', locale: :fr, product_name: 'Mon Epic Client EBICS')- INI (Sends the public key of the electronic signature.)
- HIA (Sends the public authentication (X002) and encryption (E002) keys.)
Currently this EPICS implementation supports the following order types:
- HPB (fetch your bank's public keys)
- STA (statements in MT940 format)
- HAA (available order types)
- HTD (user properties and settings)
- HPD (the available bank parameters)
- PTK (customer usage report in text format)
- HAC (customer usage report in xml format)
- VMK (customer usage report in xml format)
- ... more coming soon
Example:
puts e.STA('2014-09-01', '2014-09-11')
# result is a MT940 feed
:20:1
:25:/PL12124012551111000015237873
:28C:00152
:60F:C081130PLN000000002535,03
:61:0810021002DN000000001273,23N641NONREF
:86:641^00PRZELEW MI¨DZYBANKOWY BETA/^34000
^3019401076^38PL54194010765205871800000000
^20wynagrodzenie z tytulu umow^21y o prac e
^32BANKA MONIKA
^62PODCHORAZYCH 16/1580-298 GD^63ANSK
:61:0810021002DN000000001287,40N641NONREF
:86:641^00PRZELEW MI¨DZYBANKOWY BETA/^34000
^3010201909^38PL74102019090000310200475772
^20wynagrodzenie z tytulu umow^21y o prac e
^32SZCZACHOR DOROTA
^62RATAJA 13B/1083-032 PSZCZOL^63KI- CD1 (Uploads a SEPA Direct Debit document of type COR1)
- CDB (Uploads a SEPA Direct Debit document of type B2B)
- CDD (Uploads a SEPA Direct Debit document of type CORE)
- CCT (Uploads a SEPA Credit document)
- ... more coming soon
Example:
puts e.CD1("i-am-PAIN-xml")
# res is a the transaction id and id of the order
# if the XML is a file in your FS, read it first and give if epics to consume
puts e.CD1(File.read("/where/the/xml/is/stored.xml"))Once you have a client, go ahead and start playing! There are 3 convenience methods that are hiding some strange names from you:
- debit( xml ) (submits a PAIN.008.003.02 document via CDD)
- credit( xml ) (submits a pain.001.003.03 document)
- statements( from, to ) (fetches an account statement via STA)
If you need more sophisticated EBICS order types, please read the next section about the supported functionalities.
Epics supports using X.509 self-signed certificates for INI and HIA requests, as required by some banks. This is in addition to the classic key-based workflow.
Some banks require X.509 certificates for EBICS initialization (INI/HIA).
You can generate your own X.509 certificate using Ruby’s OpenSSL library:
This examples showcases the generation of the X.509 certificate A file and can be applied the same way for the others.
key = client.a.key # or e key, or x key
name = OpenSSL::X509::Name.parse('/CN=Test Certificate/O=MyOrg/C=DE')
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = SecureRandom.random_number(2**64)
cert.subject = name
cert.issuer = name
cert.public_key = key.public_key
cert.not_before = Time.current
cert.not_after = cert.not_before + 1.year
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.add_extension(ef.create_extension('basicConstraints', 'CA:FALSE', true))
cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature,nonRepudiation,keyEncipherment', true))
cert.sign(key, OpenSSL::Digest.new('SHA256'))
cert
# Save to file
File.write("cert_a.pem", cert.to_pem)You can now use the contents of the generated certificate file in PEM format as your
x_509_certificate_a_content, x_509_certificate_x_content, or x_509_certificate_e_content
in the client initialization.
Note: For production environments, your bank may require certificates issued by a trusted authority. Be sure to confirm your bank’s requirements before proceeding.
# Load your certificate data (PEM or DER encoded)
certificate_a = File.read("cert_a.pem")
certificate_x = File.read("cert_x.pem")
certificate_e = File.read("cert_e.pem")
client = Epics::Client.new(
  keys,                # your key data as before
  'passphrase',
  'url',
  'host',
  'user',
  'partner',
  x_509_certificate_a_content: certificate_a,
  x_509_certificate_x_content: certificate_x,
  x_509_certificate_e_content: certificate_e,
  debug_mode: true # Optional: enables verbose logging of EBICS requests/responses
)renderer = Epics::LetterRenderer.new(client)
letter = renderer.render("Your Bank Name")
File.write("initialization_letter.txt", letter)If all three certificates are present, the INI letter will use certificate hashes as required for certificate-based registration.
Railslove is commited to provide the best developer tools for integrating with financial institutions. Epics is one of our many tools and services. If you are missing some features or something is not working as expected please create an issue.
This gem provides a full implementation of the Electronic Banking Internet Communication Standard and works with any bank that supports this standard. Please ask your bank if they support EBICS and what order types are available.
Besides EBCIS being a standard, some server implementations are slighty different. But most banks use the same EBICS server implementations. Commonly used and supported by Epics are:
- Business-Logics EBICS, Banking-Server
- Travic Corporate
Used for example by the following tested institutions:
- Handelsbank
- Deutsche Bank
- Commerzbank
- Kreissparkasse Mayen
- Postbank
- Sozialbank
- Sparkassen
- Volksbanken Raiffeisenbanken
- Hypo Vereinsbank
- BAWAG P.S.K. (AT)
- Bank Frick (LI)
- BNP Paribas (FR)
Is Epics working with your institution? Please help us to grow this list of supported banks:
For development purposes, you may want to use a proxy server in order to have a convenient look into request and response data.
To do so, it's sufficient to define http_proxy in your environment.
Also you may want to disable SSL verification - simply set EPICS_VERIFY_SSL to "false".
For example:
http_proxy=localhost:8080
EPICS_VERIFY_SSL=false
- ebics.de
- EBICS specification
- Common Integrative Implementation Guide to Supplement the EBICS Specification (pdf)
- Die Deutsche Kreditwirtschaft
Railslove has a Contributor License Agreement (CLA) which clarifies the intellectual property rights for contributions from individuals or entities. To ensure every developer has signed the CLA, we use CLA Assistant.
After checking out the repo, run bin/setup to install dependencies.
Then, run rspec to run the tests.
You can also run bin/console for an interactive prompt that will allow you to experiment.
- Contact [email protected] for information about the CLA
- Fork it ( https://github.com/[my-github-username]/epics/fork )
- Run bin/setup
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create a new Pull Request
- @punkle64 
 for adding XCT order type
- @romanlehnert 
 for adding CDB order type
- @gadimbaylisahil 
 for fixing CCS order type and attribute
- you, for contributing too!
2014-2022 - built with love by Railslove and released under the GNU LESSER GENERAL PUBLIC LICENSE. We have built quite a number of FinTech products. If you need support we are happy to help. Please contact us at [email protected].