Tbc Bank Api

v0.1.0

Use when the user mentions TBC Bank, tbcbank.ge, Georgian bank APIs, PSD2 integration with TBC, account information services (AIS), payment initiation (PIS)...

⭐ 0· 185·0 current·0 all-time

by@erekle1

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for erekle1/tbc-bank-api.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Tbc Bank Api" (erekle1/tbc-bank-api) from ClawHub.
Skill page: https://clawhub.ai/erekle1/tbc-bank-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tbc-bank-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install tbc-bank-api

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included documentation (OAuth2, AIS, PIS, TPay, installments). The skill does not request unrelated environment variables, binaries, or config paths — everything present is appropriate for an API integration guide.

✓

Instruction Scope

SKILL.md and the reference files contain only API endpoints, headers, example requests/responses, and code snippets for legitimate integration tasks (token exchange, consent flows, webhooks, mTLS). They do not instruct the agent to read local files, exfiltrate data, or contact unexpected endpoints. The guidance to include PSU-IP-Address and X-Request-ID is standard for PSD2 and is documented consistently.

✓

Install Mechanism

No install spec and no code files to execute — the skill is instruction-only, which minimizes filesystem and supply-chain risk.

✓

Credentials

The repository does not declare or require environment variables or credentials. Code examples reference expected integration secrets (client_id, client_secret, merchantKey, client certificates) which are normal for this kind of integration and proportional to the documented functionality.

✓

Persistence & Privilege

Skill is not always-enabled and is user-invocable; it does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other concerning factors here.

Assessment

This skill is an API reference and appears internally consistent. Before using it: (1) Treat any client_id/client_secret/merchantKey/certificates as highly sensitive — never paste real secrets into public chats or examples. (2) Use sandbox endpoints for development and validate redirect/callback URLs in the bank's developer portal. (3) Verify webhook signatures (examples are provided) and implement HMAC/mTLS as recommended. (4) Confirm endpoints/paths against TBC Bank's official developer documentation (this appears accurate but mirrors typical examples). (5) Note the skill is configured to trigger when 'TBC' is mentioned in a banking context — if you don't want automatic invocation, control the skill's invocation settings in your agent. Overall the package is a documentation-only helper and does not itself execute code or request unrelated permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97er8t4aqxjqffvhdwzqs8g5x8324ja

185downloads

0stars

1versions

Updated 1mo ago

v0.1.0

MIT-0

TBC Bank API Integration Guide

Full reference for building integrations with TBC Bank's Open Banking, PSD2, and payment APIs.

Quick Reference

Topic	Reference File
OAuth2 & Authentication	`references/auth.md`
Account Information Services (AIS)	`references/ais.md`
Payment Initiation Services (PIS)	`references/pis.md`
Consents & SCA	`references/consent.md`
Online Installments	`references/installments.md`
TPay Gateway	`references/tpay.md`

Base URLs

Environment	Base URL
Sandbox	`https://test-api.tbcbank.ge`
Dev OpenBanking	`https://dev-openbanking.tbcbank.ge`
Production	`https://api.tbcbank.ge`
OpenBanking	`https://openbanking.tbcbank.ge`

API path prefix: /0.8/v1/ (PSD2) or /v1/, /v2/ for non-PSD2

Universal Headers

Every request must include:

Authorization: Bearer {access_token}
Content-Type: application/json
X-Request-ID: {uuid4}          # Unique per request
PSU-IP-Address: {user_ip}      # End-user's IP address

For signed requests (TPP operations) also include:

Digest: SHA-256={base64_body_hash}
Signature: keyId="{cert_serial}",algorithm="rsa-sha256",headers="...",signature="..."

Common Error Response

{
  "code": "string",
  "type": "https://...",
  "title": "Error summary",
  "status": 400,
  "detail": "Detailed description",
  "traceId": "abc123"
}

Key Workflows

1. Account Data Access (AIS)

Create consent → get consentId
Redirect user for SCA authorization
Exchange auth code for token with consent scope
Call account/balance/transaction endpoints

→ Read references/consent.md then references/ais.md

2. Payment Initiation (PIS)

Initiate payment → get paymentId + _links
Start authorization via redirect or OAuth SCA
Poll or use webhook for payment status

→ Read references/pis.md

3. OAuth2 Setup

→ Read references/auth.md first — needed by all other flows

4. Installment Loans

→ Read references/installments.md

5. TPay Gateway

→ Read references/tpay.md

Response Conventions

All monetary amounts are strings (e.g., "amount": "30.00")
Dates use ISO 8601 (2023-07-01, 2025-03-26T00:00:00)
HATEOAS _links pattern — always follow links from responses, don't hardcode paths
transactionStatus codes: RCVD (received), ACTC (accepted technical), ACSP (accepted settlement in progress), ACCC (accepted credit complete), RJCT (rejected)
scaStatus codes: received, psuIdentified, psuAuthenticated, scaMethodSelected, finalised, failed

Comments

Loading comments...