1 (edited by Dave 2010-03-14 19:34:17)

Topic: Trying to connect to SunTrust

UPDATE 2: OK, now I am simply being blocked by a 2000 error (product requested is not interoperable). Does this mean I'm at the point where I have to call my bank to get permission to use OFX? I tried using every APPID/APPVER I could google for; even tried incrementing to versions I couldn't find with no results. Does anyone know of an appid/appver I can use to get around this? Here's my latest attempt:

Request:

POST https://www.oasis.cfree.com/2801.ofxgp HTTP/1.1
User-Agent: Fiddler
Content-Type: application/x-ofx
Host: www.oasis.cfree.com
Content-Length: 387

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20100314224000.000[-5:EST]
<USERID>***-**-****
<USERPASS>************
<LANGUAGE>ENG
<FI>
<ORG>SunTrust PC Banking
<FID>2801
</FI>
<APPID>Money
<APPVER>1700
</SONRQ>
</SIGNONMSGSRQV1>
</OFX>

Response:

HTTP/1.1 200 OK
Date: Mon, 15 Mar 2010 02:51:58 GMT
Server: Apache
Content-Length: 436
Content-Type: application/x-ofx

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS>
<CODE>2000
<SEVERITY>ERROR
<MESSAGE>RSAO056E Product requested is not interoperable
</STATUS>
<DTSERVER>20100315024214
<LANGUAGE>ENG
<DTPROFUP>19700101000000
<DTACCTUP>19700101000000
<FI>
<ORG>SunTrust PC Banking
<FID>2801
</FI>
</SONRS>
</SIGNONMSGSRSV1>
</OFX>

UPDATE: I seem to have gotten a 200 response; I'm working out the kinks to get a valid SONRQ now (getting error 15500). I'll let you know of my progress!

Whew, I finally found a website that seems to have people who will be able to give me some insight!

So, I've been researching the use of OFX for my own little budgeting program (written in C#, available at http://www.geekscrapbook.com/cash-tracker). I bank with SunTrust, so naturally that's where I wanted to start trying out the protocol to download account info.

I found the OFX spec website, which gave me an idea of the request/response pattern (it looks like simple http traffic to me). Then, I found http://ofxblog.wordpress.com, which gave me the URL for SunTrust as well as their ORG and FI ID. That's all well and good, I thought.

However, sending a simple test request using fiddler gave me a 400 Bad Request response. The message claimed my syntax was bad, even though I copied the OFX V. 102 example straight from ofx.net and simply substituted the field values corresponding to my personal login info and suntrust's FI info and transit #.

I've tried a variety things, from using the latest spec regardless of the fact that my research suggested SunTrust uses version 102 of the spec to trying to *spoof* my appid and appversion as Quicken. Once I found this site I tried using ofxget, and, while it found my FI, it couldn't seem to bring back any information for my account (nice api, though. If my program ends up taking off I might request using it to fill my own database with).

I know it's possible to get the data from SunTrust, because mint.com had no problem downloading my transactions. I feel like I'm just missing some very basic knowledge at this point. So, without further adieu, here is the request I sent. Thanks in advance for any help you can offer!

POST https://www.oasis.cfree.com/2801.ofxgp HTTP/1.1
User-Agent: Fiddler
Content-Type: application/x-ofx
Host: www.oasis.cfree.com
Content-Length: 718

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII

<OFX>
  <SIGNONMSGSRQV1>
    <SONRQ>
      <DTCLIENT>201003142020
      <USERID>(removed)
      <USERPASS>(removed)
      <LANGUAGE>ENG
      <FI>
        <ORG>SunTrust PC Banking
        <FID>2801
      </FI>
      <APPID>CASHTRACKER
      <APPVER>0700
    </SONRQ>
  </SIGNONMSGSRQV1>
  <BANKMSGSRQV1>
    <STMTTRNRQ>
      <TRNUID>23382938
      <STMTRQ>
        <BANKACCTFROM>
          <BANKID>063102152
          <ACCTID>*************
          <ACCTTYPE>CHECKING
        </BANKACCTFROM>
        <INCTRAN>
          <INCLUDE>Y
        </INCTRAN>
      </STMTRQ>
    </STMTTRNRQ>
  </BANKMSGSRQV1>
</OFX>

The response I received:

HTTP/1.1 400 Bad Request
Date: Mon, 15 Mar 2010 00:22:15 GMT
Server: Apache
Content-Length: 897
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 400--Bad Request</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=Helvetica><BR CLEAR=all>
<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 400--Bad Request</H2>
</FONT></TD></TR>
</TABLE>
<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
</FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.1 400 Bad Request</H4>
</FONT><P><FONT FACE="Courier New">The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.</FONT></P>
</FONT></TD></TR>
</TABLE>

</BODY>
</HTML>