Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- openapi: 3.0.1
- info:
- title: BACAR Open API
- version: "1.3 Dec 20th 2018"
- description: |
- # Summary
- This document provides the specification of Banco Carregosa's Open API.
- The PSD2 section follows the 1.3 release of the Berlin Group XS2A specifications, containing the REST-API definitions for requests from PISP's.
- Banco Carregosa only supports the Redirect SCA Approach.
- If there is a name field "Accept", "Content-Type" or "Authorization" in the "header", the parameter definition SHALL be ignored.
- The element "Accept" will not be defined in this file at any place.
- The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
- ## General Remarks on Data Types
- The PSD2 API supports at least the following characters
- a b c d e f g h i j k l m n o p q r s t u v w x y z
- A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
- 0 1 2 3 4 5 6 7 8 9
- / - ? : ( ) . , ' +
- Space
- ## Important Notes
- Banco Carregosa has a multi-currency and sub-account structure.
- Information consents are granted for an account identified by an IBAN.
- This API extends the Berlin Group XS2A in regards to internal transfers according.
- Fund-Confirmations should be accessed through the Account Information Service with a valid consent and accountId.
- license:
- name: Creative Commons Attribution 4.0 International Public License
- url: https://creativecommons.org/licenses/by/4.0/
- #termsOfService: URL for Terms of Service of the API
- contact:
- name: Banco Carregosa SA
- url: https://www.bancocarregosa.com
- email: geral@bancocarregosa.com
- externalDocs:
- description: |
- Full Documentation of NextGenPSD2 Access to Account Interoperability Framework
- (General Introduction Paper, Operational Rules, Implementation Guidelines)
- url: https://www.berlin-group.org/nextgenpsd2-downloads
- servers:
- - url: https://api.testbank.com/psd2
- description: PSD2 server
- - url: https://test-api.testbank.com/psd2
- description: Optional PSD2 test server
- paths:
- #####################################################
- # Account Information Service
- #####################################################
- #####################################################
- # Accounts
- #####################################################
- /v1/accounts:
- get:
- summary: Read Account List
- description: |
- Read the identifiers of the available payment accounts.
- Balances and transactions require an explicit request to these account references.
- It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system.
- The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId.
- Returns all identifiers of the accounts, to which an account access has been granted to through
- the /consents endpoint by the PSU.
- In addition, relevant information about the accounts and hyperlinks to corresponding account
- information resources are provided if a related consent has been already granted.
- operationId: getAccountList
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path # NO PATH PARAMETER
- #query
- - $ref: "#/components/parameters/withBalanceQuery"
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_AccountList"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/accounts/{accountId}:
- get:
- summary: Read Account Details
- description: |
- Reads details about an account, with balances where required.
- It is assumed that a consent of the PSU to
- this access is already given and stored on the ASPSP system.
- The addressed details of this account depends then on the stored consent addressed by consentId,
- respectively the OAuth2 access token.
- **NOTE:** The accountId can represent a multicurrency account.
- In this case the currency code is set to "XXX".
- Give detailed information about the addressed account.
- Give detailed information about the addressed account together with balance information
- operationId: readAccountDetails
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/accountId"
- #query
- - $ref: "#/components/parameters/withBalanceQuery"
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_AccountList"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/accounts/{accountId}/balances:
- get:
- summary: Read Balance
- description: |
- Reads account data from a given account addressed by "accountId".
- information might be logged on intermediary servers within the ASPSP sphere.
- This accountId then can be retrieved by the "GET Account List" call.
- The accountId is constant at least throughout the lifecycle of a given consent.
- Balances have been extended by including a subaccount reference.
- operationId: getBalances
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/accountId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_Balances"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/accounts/{accountId}/transactions/:
- get:
- summary: Read transaction list of an account
- description: |
- Read transaction reports or transaction lists of a given account ddressed by "accountId", depending on the steering parameter
- "bookingStatus" together with balances.
- For a given account, additional parameters are e.g. the attributes "dateFrom" and "dateTo".
- Transactions have been extended by including a subaccount reference.
- operationId: getTransactionList
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/accountId"
- #query
- - $ref: "#/components/parameters/dateFrom"
- - $ref: "#/components/parameters/dateTo"
- - $ref: "#/components/parameters/entryReferenceFrom"
- - $ref: "#/components/parameters/bookingStatus"
- - $ref: "#/components/parameters/deltaList"
- - $ref: "#/components/parameters/withBalanceQuery"
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #- $ref: "#/components/parameters/Accept" #Can not defined in Open API. See general comments in the description attached to the top level of the file.
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_AccountsTransactions"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/accounts/{accountId}/transactions/{resourceId}:
- get:
- summary: Read Transaction Details
- description: |
- Reads transaction details from a given transaction addressed by "resourceId" on a given account addressed by "accountId".
- This call is only available on transactions as reported in a JSON format.
- **Remark:** Please note that the PATH might be already given in detail by the corresponding entry of the response of the
- "Read Transaction List" call within the _links subfield.
- operationId: getTransactionDetails
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/accountId"
- - $ref: "#/components/parameters/resourceId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_TransactionDetails"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/accounts/{accountId}/funds-confirmations:
- post:
- summary: Confirmation of Funds Request
- description:
- This request was placed under the account information service. It requires a valid consent for balance or transaction information on the selected account.
- operationId: checkAvailabilityOfFunds
- tags:
- - Account Information Service (AIS)
- parameters:
- #path
- - $ref: "#/components/parameters/accountId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #method specific header elements
- - $ref: "#/components/parameters/consentId_HEADER_mandatory"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- requestBody:
- $ref: "#/components/requestBodies/confirmationOfFunds"
- responses:
- '200':
- $ref: "#/components/responses/OK_200_ConfirmationOfFunds"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- #####################################################
- # Consents
- #####################################################
- /v1/consents:
- post:
- summary: Create consent
- description: |
- This method creates a consent resource, defining access rights to dedicated accounts of
- a given PSU-ID.
- **Side Effects**
- When this Consent Request is a request where the "recurringIndicator" equals "true",
- and if it exists already a former consent for recurring access on account information
- for the addressed PSU, then the former consent automatically expires as soon as the new
- consent request is authorised by the PSU.
- Accepts a specific access on all psd2 related services for all psd2 accounts.
- operationId: createConsent
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path # NO PATH PARAMETER
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/PSU-ID"
- - $ref: "#/components/parameters/PSU-ID-Type"
- - $ref: "#/components/parameters/PSU-Corporate-ID"
- - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
- - $ref: "#/components/parameters/TPP-Redirect-Preferred"
- - $ref: "#/components/parameters/TPP-Redirect-URI"
- - $ref: "#/components/parameters/TPP-Nok-Redirect-URI"
- - $ref: "#/components/parameters/TPP-Explicit-Authorisation-Preferred"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- requestBody:
- $ref: "#/components/requestBodies/consents"
- responses:
- '201':
- $ref: "#/components/responses/CREATED_201_Consents"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/consents/{consentId}:
- get:
- summary: Get Consent Request
- description: |
- Returns the content of an account information consent object.
- This is returning the data for the TPP especially in cases,
- where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.
- operationId: getConsentInformation
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_ConsentInformation"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- delete:
- summary: Delete Consent
- description: The TPP can delete an account information consent object if needed.
- operationId: deleteConsent
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '204':
- $ref: "#/components/responses/NO_CONTENT_204_Consents"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/consents/{consentId}/status:
- get:
- summary: Consent status request
- description: Read the status of an account information consent resource.
- operationId: getConsentStatus
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_ConsentStatus"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/consents/{consentId}/authorisations:
- post:
- summary: Start the authorisation process for a consent
- description: |
- Create an authorisation sub-resource and start the authorisation process of a consent.
- The message might in addition transmit authentication and authorisation related data.
- his method is iterated n times for a n times SCA authorisation in a
- corporate context, each creating an own authorisation sub-endpoint for
- the corresponding PSU authorising the consent.
- The ASPSP might make the usage of this access method unnecessary,
- since the related authorisation resource will be automatically created by
- the ASPSP after the submission of the consent data with the first POST consents call.
- The start authorisation process is a process which is needed for creating a new authorisation
- or cancellation sub-resource.
- This applies in the following scenarios:
- * The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceeding Payment
- Initiation Response that an explicit start of the authorisation process is needed by the TPP.
- The 'startAuthorisation' hyperlink can transport more information about data which needs to be
- uploaded by using the extended forms.
- * 'startAuthorisationWithPsuIdentfication',
- * 'startAuthorisationWithPsuAuthentication' #TODO
- * 'startAuthorisationWithAuthentciationMethodSelection'
- * The related payment initiation cannot yet be executed since a multilevel SCA is mandated.
- * The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceeding
- Payment Cancellation Response that an explicit start of the authorisation process is needed by the TPP.
- The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded
- by using the extended forms as indicated above.
- * The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for
- executing the cancellation.
- * The signing basket needs to be authorised yet.
- operationId: startConsentAuthorisation
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/PSU-ID"
- - $ref: "#/components/parameters/PSU-ID-Type"
- - $ref: "#/components/parameters/PSU-Corporate-ID"
- - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '201':
- $ref: "#/components/responses/CREATED_201_StartScaProcess"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '429':
- $ref: "#/components/responses/TOO_MANY_REQUESTS_429_AIS"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- get:
- summary: Get Consent Authorisation Sub-Resources Request
- description: |
- Return a list of all authorisation subresources IDs which have been created.
- This function returns an array of hyperlinks to all generated authorisation sub-resources.
- operationId: getConsentAuthorisation
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_Authorisations"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/consents/{consentId}/authorisations/{authorisationId}:
- get:
- summary: Read the SCA status of the consent authorisation.
- description: |
- This method returns the SCA status of a consent initiation's authorisation sub-resource.
- operationId: getConsentScaStatus
- tags:
- - Account Information Service (AIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/consentId_PATH"
- - $ref: "#/components/parameters/authorisationId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #conditional elemention for AIS
- - $ref: "#/components/parameters/PSU-IP-Address_conditionalForAis"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_ScaStatus"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_AIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- #####################################################
- # Payment Information Service
- #####################################################
- /v1/{payment-service}/{payment-product}:
- post:
- summary: Payment initiation request
- description: |
- This method is used to initiate a payment at the ASPSP.
- ## Adaptation of Payment Initiation Requests
- Payment initiations should be sent following the JSON body implementation.
- This service was extended to accept internal transfers.
- Only Single SCA Processes are accepted, limiting payment initiation services to accounts that may be authenticated in such a way.
- There are the following **payment products** in *JSON* format:
- - ***sepa-credit-transfers***
- - ***internal-transfers***
- The request body depends on the **payment-service** which accepts:
- * ***payments***: A single payment initiation request.
- operationId: initiatePayment
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #method specific header elements
- - $ref: "#/components/parameters/PSU-ID"
- - $ref: "#/components/parameters/PSU-ID-Type"
- - $ref: "#/components/parameters/PSU-Corporate-ID"
- - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
- - $ref: "#/components/parameters/consentId_HEADER_optional"
- - $ref: "#/components/parameters/PSU-IP-Address_mandatory"
- - $ref: "#/components/parameters/TPP-Redirect-Preferred"
- - $ref: "#/components/parameters/TPP-Redirect-URI"
- - $ref: "#/components/parameters/TPP-Nok-Redirect-URI"
- - $ref: "#/components/parameters/TPP-Explicit-Authorisation-Preferred"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- requestBody:
- $ref: "#/components/requestBodies/paymentInitiation"
- responses:
- '201':
- $ref: "#/components/responses/CREATED_201_PaymentInitiation"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/{payment-service}/{payment-product}/{paymentId}:
- get:
- summary: Get Payment Information
- description: Returns the content of a payment object
- operationId: getPaymentInformation
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_PaymentInitiationInformation"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- delete:
- summary: Payment Cancellation Request
- description: |
- This method initiates the cancellation of a payment pending authorisation.
- An authorisation process is created by this request.
- operationId: cancelPayment
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '204':
- $ref: "#/components/responses/NO_CONTENT_204_PaymentInitiationCancel"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/{payment-service}/{payment-product}/{paymentId}/status:
- get:
- summary: Payment initiation status request
- description: Check the transaction status of a payment initiation.
- operationId: getPaymentInitiationStatus
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_PaymentInitiationStatus"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/{payment-service}/{payment-product}/{paymentId}/authorisations:
- post:
- summary: Start the authorisation process for a payment initiation
- description: |
- Create an authorisation sub-resource and start the authorisation process.
- The message might in addition transmit authentication and authorisation related data.
- This method is iterated n times for a n times SCA authorisation in a
- corporate context, each creating an own authorisation sub-endpoint for
- the corresponding PSU authorising the transaction.
- The ASPSP might make the usage of this access method unnecessary in case
- of only one SCA process needed, since the related authorisation resource
- might be automatically created by the ASPSP after the submission of the
- payment data with the first POST payments/{payment-product} call.
- The start authorisation process is a process which is needed for creating a new authorisation
- or cancellation sub-resource.
- This applies in the following scenarios:
- * The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceeding Payment
- Initiation Response that an explicit start of the authorisation process is needed by the TPP.
- The 'startAuthorisation' hyperlink can transport more information about data which needs to be
- uploaded by using the extended forms.
- * 'startAuthorisationWithPsuIdentfication',
- * 'startAuthorisationWithPsuAuthentication' #TODO
- * 'startAuthorisationWithAuthentciationMethodSelection'
- * The related payment initiation cannot yet be executed since a multilevel SCA is mandated.
- * The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceeding
- Payment Cancellation Response that an explicit start of the authorisation process is needed by the TPP.
- The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded
- by using the extended forms as indicated above.
- * The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for
- executing the cancellation.
- * The signing basket needs to be authorised yet.
- operationId: startPaymentAuthorisation
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #method specific header elements
- - $ref: "#/components/parameters/PSU-ID"
- - $ref: "#/components/parameters/PSU-ID-Type"
- - $ref: "#/components/parameters/PSU-Corporate-ID"
- - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '201':
- $ref: "#/components/responses/CREATED_201_StartScaProcess"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- get:
- summary: Get Payment Initiation Authorisation Sub-Resources Request
- description: |
- Read a list of all authorisation subresources IDs which have been created.
- This function returns an array of hyperlinks to all generated authorisation sub-resources.
- operationId: getPaymentInitiationAuthorisation
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_Authorisations"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}:
- get:
- summary: Read the SCA Status of the payment authorisation
- description: |
- This method returns the SCA status of a payment initiation's authorisation sub-resource, including payment cancels.
- operationId: getPaymentInitiationScaStatus
- tags:
- - Payment Initiation Service (PIS)
- security:
- #####################################################
- # REMARKS ON SECURITY IN THIS OPENAPI FILE
- #In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- - {}
- - BearerAuthOAuth: []
- parameters:
- #path
- - $ref: "#/components/parameters/paymentService"
- - $ref: "#/components/parameters/paymentProduct"
- - $ref: "#/components/parameters/paymentId"
- - $ref: "#/components/parameters/authorisationId"
- #query # NO QUERY PARAMETER
- #header
- #common header parameter
- - $ref: "#/components/parameters/X-Request-ID"
- #header to support the signature function
- - $ref: "#/components/parameters/Digest"
- - $ref: "#/components/parameters/Signature"
- - $ref: "#/components/parameters/TPP-Signature-Certificate"
- #optional additional PSU Information in header
- - $ref: "#/components/parameters/PSU-IP-Address_optional"
- - $ref: "#/components/parameters/PSU-IP-Port"
- - $ref: "#/components/parameters/PSU-Accept"
- - $ref: "#/components/parameters/PSU-Accept-Charset"
- - $ref: "#/components/parameters/PSU-Accept-Encoding"
- - $ref: "#/components/parameters/PSU-Accept-Language"
- - $ref: "#/components/parameters/PSU-User-Agent"
- - $ref: "#/components/parameters/PSU-Http-Method"
- - $ref: "#/components/parameters/PSU-Device-ID"
- - $ref: "#/components/parameters/PSU-Geo-Location"
- #NO REQUEST BODY
- responses:
- '200':
- $ref: "#/components/responses/OK_200_ScaStatus"
- '400':
- $ref: "#/components/responses/BAD_REQUEST_400"
- '401':
- $ref: "#/components/responses/UNAUTHORIZED_401"
- '403':
- $ref: "#/components/responses/FORBIDDEN_403"
- '404':
- $ref: "#/components/responses/NOT_FOUND_404_PIS"
- '405':
- $ref: "#/components/responses/METHOD_NOT_ALLOWED_405"
- '408':
- $ref: "#/components/responses/REQUEST_TIMEOUT_408"
- '500':
- $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500"
- '503':
- $ref: "#/components/responses/SERVICE_UNAVAILABLE_503"
- #####################################################
- # Funds Confirmation Service
- #####################################################
- components:
- #####################################################
- # Predefined Components
- #####################################################
- securitySchemes:
- #####################################################
- # Predefined Security Schemes:
- #
- # In this file only the basic security element to transport
- # the bearer token of an an OAuth2 process, which has to
- # be included inthe HTTP header ist described.
- #
- # WARNING:
- # If you want to use this file for a productive implementation,
- # it is recommandes to adjust the security schemes according to
- # your system enviroments and security policies.
- #####################################################
- BearerAuthOAuth:
- description: |
- Bearer Token.
- Is contained only, if an OAuth2 based authentication was performed in a pre-step or
- an OAuth2 based SCA was performed in an preceding AIS service in the same session.
- type: http
- scheme: bearer
- schemas:
- #####################################################
- # Predefined Schemas
- #####################################################
- paymentId:
- description:
- Resource identification of the generated payment initiation resource.
- type: string
- example: "1234-wertiq-983"
- authorisationId:
- description: Resource identification of the related SCA
- type: string
- example: "123auth456"
- authenticationMethodId:
- description: |
- An identification provided by the ASPSP for the later identification of the authentication method selection.
- type: string
- maxLength: 35
- example: "myAuthenticationID"
- accountId:
- description: This identification is denoting the addressed account, where the transaction has been performed.
- type: string
- example: "qwer3456tzui7890"
- consentId:
- description: |
- ID of the corresponding consent object as returned by an Account Information Consent Request.
- type: string
- resourceId:
- description: |
- This identification is given by the attribute resourceId of the corresponding entry of a transaction list.
- type: string
- example: "3dc3d5b3-7023-4848-9853-f5400a64e80f"
- cancellationId:
- description: Identification for cancellation resource
- type: string
- example: "123auth456"
- entryReference:
- description: |
- Is the identification of the transaction as used e.g. for reference for deltafunction on application level.
- type: string
- maxLength: 35
- transactionStatus:
- description: |
- The transaction status is filled with codes of the ISO 20022 data table:
- - 'ACCC': 'AcceptedSettlementCompleted' -
- Settlement on the creditor's account has been completed.
- - 'ACCP': 'AcceptedCustomerProfile' -
- Preceding check of technical validation was successful.
- Customer profile check was also successful.
- - 'ACSC': 'AcceptedSettlementCompleted' -
- Settlement on the debtor�s account has been completed.
- **Usage:** this can be used by the first agent to report to the debtor that the transaction has been completed.
- **Warning:** this status is provided for transaction status reasons, not for financial information.
- It can only be used after bilateral agreement.
- - 'ACSP': 'AcceptedSettlementInProcess' -
- All preceding checks such as technical validation and customer profile were successful and therefore the payment initiation has been accepted for execution.
- - 'ACTC': 'AcceptedTechnicalValidation' -
- Authentication and syntactical and semantical validation are successful.
- - 'ACWC': 'AcceptedWithChange' -
- Instruction is accepted but a change will be made, such as date or remittance not sent.
- - 'ACWP': 'AcceptedWithoutPosting' -
- Payment instruction included in the credit transfer is accepted without being posted to the creditor customer�s account.
- - 'RCVD': 'Received' -
- Payment initiation has been received by the receiving agent.
- - 'PDNG': 'Pending' -
- Payment initiation or individual transaction included in the payment initiation is pending.
- Further checks and status update will be performed.
- - 'RJCT': 'Rejected' -
- Payment initiation or individual transaction included in the payment initiation has been rejected.
- - 'CANC': 'Cancelled'
- Payment initiation has been cancelled before execution
- Remark: This code is still requested from ISO20022.
- - 'ACFC': 'AcceptedFundsChecked' -
- Preceeding check of technical validation and customer profile was successful and an automatic funds check was positive .
- Remark: This code is still requested from ISO20022.
- - 'PATC': 'PartiallyAcceptedTechnical'
- Correct The payment initiation needs multiple authentications, where some but not yet all have been performed. Syntactical and semantical validations are successful.
- Remark: This code is still requested from ISO20022.
- type: string
- enum:
- - "ACCC"
- - "ACCP"
- - "ACSC"
- - "ACSP"
- - "ACTC"
- - "ACWC"
- - "ACWP"
- - "RCVD"
- - "PDNG"
- - "RJCT"
- - "CANC"
- - "ACFC"
- - "PATC"
- example: "ACCP"
- scaStatus:
- description: |
- This data element is containing information about the status of the SCA method applied.
- The following codes are defined for this data type.
- * 'psuAuthenticated':
- The PSU related to the authorisation resource has been identified and authenticated e.g. by a password.
- * 'scaMethodSelected':
- First status to be reported instead since method is predetermined.
- * 'finalised':
- The SCA routine has been finalised successfully.
- * 'failed':
- The SCA routine failed
- * 'exempted':
- SCA was exempted for the related transaction, the related authorisation is successful.
- type: string
- enum:
- - "psuAuthenticated"
- - "scaMethodSelected"
- - "finalised"
- - "failed"
- - "exempted"
- example: "psuAuthenticated"
- scaAuthenticationData:
- description: |
- SCA authentication data, depending on the chosen authentication method.
- If the data is binary, then it is base64 encoded.
- type: string
- consentStatus:
- description: |
- This is the overall lifecycle status of the consent.
- Valid values are:
- - 'received': The consent data have been received and are technically correct.
- The data is not authorised yet.
- - 'rejected': The consent data have been rejected e.g. since no successful authorisation has taken place.
- - 'valid': The consent is accepted and valid for GET account data calls and others as specified in the consent object.
- - 'revokedByPsu': The consent has been revoked by the PSU towards the ASPSP.
- - 'expired': The consent expired.
- - 'terminatedByTpp': The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.
- The ASPSP might add further codes. These codes then shall be contained in the ASPSP's documentation of the XS2A interface
- and has to be added to this API definition as well.
- type: string
- enum:
- - "received"
- - "rejected"
- - "valid"
- - "revokedByPsu"
- - "expired"
- - "terminatedByTpp"
- transactionFeeIndicator:
- description: |
- If equals 'true', the transaction will involve specific transaction cost as shown by the ASPSP in
- their public price list or as agreed between ASPSP and PSU.
- If equals 'false', the transaction will not involve additional specific transaction costs to the PSU.
- type: boolean
- recurringIndicator:
- description: |
- "true", if the consent is for recurring access to the account data.
- "false", if the consent is for one access to the account data.
- type: boolean
- example: false
- authenticationType:
- description: |
- Type of the authentication method.
- More authentication types might be added during implementation projects and documented in the ASPSP documentation.
- - 'SMS_OTP': An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel.
- - 'CHIP_OTP': An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram.
- To contact the card, the PSU normally needs a (handheld) device.
- With this device, the PSU either reads the challenging data through a visual interface like flickering or
- the PSU types in the challenge through the device key pad.
- The device then derives an OTP from the challenge data and displays the OTP to the PSU.
- - 'PHOTO_OTP': An SCA method, where the challenge is a QR code or similar encoded visual data
- which can be read in by a consumer device or specific mobile app.
- The device resp. the specific app than derives an OTP from the visual challenge data and displays
- the OTP to the PSU.
- - 'PUSH_OTP': An OTP is pushed to a dedicated authentication APP and displayed to the PSU.
- type: string
- enum:
- - "SMS_OTP"
- - "CHIP_OTP"
- - "PHOTO_OTP"
- - "PUSH_OTP"
- hrefType:
- description: Link to a resource
- type: string
- example: "/v1/payments/sepa-credit-transfers/1234-wertiq-983"
- hrefTypeAccount:
- description: Link to an account detail
- type: string
- example: "/v1/accounts/1234-wertiq-983"
- hrefTypeAccountList:
- description: Link to the account list
- type: string
- example: "/v1/accounts"
- hrefTypeSCT:
- description: Link to an SCT
- type: string
- example: "/v1/payments/sepa-credit-transfers/1234-wertiq-983"
- hrefTypeIT:
- description: Link to an IT
- type: string
- example: "/v1/payments/internal-transfers/1234-wertiq-983"
- hrefTypeBalances:
- description: Link to balances
- type: string
- example: "/v1/accounts/1234-wertiq-983/balances"
- hrefTypeTransactions:
- description: Link to transactions
- type: string
- example: "/v1/accounts/1234-wertiq-983/transactions"
- hrefTypeTransactionDetails:
- description: Link to a transaction detail
- type: string
- example: "/v1/accounts/1234-wertiq-983/transactions/1234-wertiq-983"
- hrefTypeSCARedirect:
- description: Link to a resource
- type: string
- example: "/v1/payments/sepa-credit-transfers/1234-wertiq-983/authorisations/1234-wertiq-983/redirect"
- hrefTypeSCAStatus:
- description: Link to a resource
- type: string
- example: "/v1/payments/sepa-credit-transfers/1234-wertiq-983/authorisations/1234-wertiq-983/status"
- hrefTypeStatus:
- description: Link to a resource
- type: string
- example: "/v1/payments/sepa-credit-transfers/1234-wertiq-983/authorisations/1234-wertiq-983/status"
- authorisationsList:
- description: An array of all authorisationIds
- type: array
- items:
- $ref: "#/components/schemas/authorisationId"
- authorisations:
- description: An array of all authorisationIds
- type: object
- required:
- - authorisationIds
- properties:
- authorisationIds:
- $ref: "#/components/schemas/authorisationsList"
- accountReference:
- description: |
- Reference to an account by either
- * IBAN, of a payment accounts
- type: object
- properties:
- iban:
- $ref: "#/components/schemas/iban"
- subAccountReference:
- description: |
- Reference to a subaccount by an ASPSP reference
- type: object
- properties:
- subAccountId:
- $ref: "#/components/schemas/subAccountId"
- subAccountName:
- $ref: "#/components/schemas/subAccountName"
- subAccountId:
- description: |
- Reference to a subaccount by an ASPSP reference
- type: string
- example: "0"
- subAccountName:
- description: |
- Name of the subaccount
- type: string
- example: "DO"
- balanceType:
- description: |
- The following balance types are defined:
- - "closingBooked":
- Balance of the account at the end of the pre-agreed account reporting period.
- It is the sum of the opening booked balance at the beginning of the period and all entries booked
- to the account during the pre-agreed account reporting period.
- - "valueDate":
- Value date balance composed of booked entries and pending items known at the time of calculation ,
- which projects the end of day balance for interest calculation if everything is booked on the account and no other entry is posted.
- - "expected":
- Balance composed of booked entries and pending items known at the time of calculation,
- which projects the end of day balance if everything is booked on the account and no other entry is posted.
- - "available":
- The Value Date balance deducted of credits awayting good collection, capital market buys and other debits pending settlement.
- - "authorised":
- The available balance together with the value of a pre-approved credit line the ASPSP makes permanently available to the user.
- type: string
- enum:
- - "closingBooked"
- - "expected"
- - "authorised"
- - "available"
- - "valueDate"
- accountAccess:
- description: |
- Requested access services for a consent.
- type: object
- properties:
- accounts:
- description: |
- Is asking for detailed account information.
- type: array
- items:
- $ref: "#/components/schemas/accountReference"
- balances:
- description: |
- Is asking for balances of the addressed accounts.
- type: array
- items:
- $ref: "#/components/schemas/accountReference"
- transactions:
- description: |
- Is asking for transactions of the addressed accounts.
- type: array
- items:
- $ref: "#/components/schemas/accountReference"
- availableAccounts:
- description: |
- Not supported by API provider.
- type: string
- enum:
- - "allAccounts"
- - "allAccountsWithBalances"
- allPsd2:
- description: |
- Supported by API provider.
- Only the value "allAccounts" is admitted.
- type: string
- enum:
- - "allAccounts"
- cashAccountType:
- description: |
- ExternalCashAccountType1Code from ISO 20022.
- type: string
- accountStatus:
- description: |
- Account status. The value is one of the following:
- - "enabled": account is available
- - "deleted": account is terminated
- - "blocked": account is blocked e.g. for legal reasons
- If this field is not used, than the account is available in the sense of this specification.
- type: string
- enum:
- - "enabled"
- - "deleted"
- - "blocked"
- accountDetails:
- description: |
- The ASPSP shall give the following account reference identifiers:
- - iban
- type: object
- required:
- - currency
- properties:
- resourceId:
- description: This shall be filled, if addressable resource are created by the ASPSP on the /accounts endpoint.
- type: string
- iban:
- $ref: "#/components/schemas/iban"
- name:
- description: Name of the account given by the bank or the PSU in online-banking.
- type: string
- maxLength: 35
- product:
- description: Product name of the bank for this account, proprietary definition.
- type: string
- maxLength: 35
- cashAccountType:
- $ref: "#/components/schemas/cashAccountType"
- status:
- $ref: "#/components/schemas/accountStatus"
- bic:
- $ref: "#/components/schemas/bicfi"
- linkedAccounts:
- description: Case of a set of pending card transactions, the APSP will provide the relevant cash account the card is set up on.
- type: string
- maxLength: 70
- usage:
- description: |
- Specifies the usage of the account
- * PRIV: private personal account
- * ORGA: professional account
- type: string
- maxLength: 4
- enum:
- - "PRIV"
- - "ORGA"
- details:
- description: |
- Specifications that might be provided by the ASPSP
- - characteristics of the account
- - characteristics of the relevant card
- type: string
- maxLength: 140
- _links:
- $ref: "#/components/schemas/_linksAccountDetails"
- accountList:
- description: |
- List of accounts with details.
- type: object
- properties:
- accounts:
- type: array
- items:
- $ref: "#/components/schemas/accountDetails"
- accountReport:
- description: |
- JSON based account report.
- This account report contains transactions resulting from the query parameters.
- 'booked' shall be contained if bookingStatus parameter is set to "booked" or "both".
- 'pending' is not contained if the bookingStatus parameter is set to "booked".
- type: object
- required:
- - _links
- properties:
- booked:
- $ref: "#/components/schemas/transactionList"
- pending:
- $ref: "#/components/schemas/transactionList"
- _links:
- $ref: "#/components/schemas/_linksAccountReport"
- transactionList:
- description: Array of transaction details
- type: array
- items:
- $ref: "#/components/schemas/transactionDetails"
- transactionDetails:
- description: Transaction details
- type: object
- required:
- - transactionAmount
- properties:
- transactionId:
- description: |
- the Transaction Id can be used as access-ID in the API, where more details on an transaction is offered.
- If this data attribute is provided this shows that the AIS can get access on more details about this
- transaction using the GET Transaction Details Request
- type: string
- entryReference:
- description: |
- Is the identification of the transaction as used e.g. for reference for deltafunction on application level.
- type: string
- maxLength: 35
- endToEndId:
- description: Unique end to end identity.
- type: string
- maxLength: 35
- mandateId:
- description: Identification of Mandates, e.g. a SEPA Mandate ID.
- type: string
- maxLength: 35
- checkId:
- description: Identification of a Cheque.
- type: string
- maxLength: 35
- creditorId:
- description: Identification of Creditors, e.g. a SEPA Creditor ID.
- type: string
- maxLength: 35
- bookingDate:
- $ref: "#/components/schemas/bookingDate"
- valueDate:
- description: The Date at which assets become available to the account owner in case of a credit.
- type: string
- format: date
- transactionAmount:
- $ref: "#/components/schemas/amount"
- exchangeRate:
- $ref: "#/components/schemas/exchangeRateList"
- creditorName:
- $ref: "#/components/schemas/creditorName"
- creditorAccount:
- $ref: "#/components/schemas/accountReference"
- ultimateCreditor:
- $ref: "#/components/schemas/ultimateCreditor"
- debtorName:
- $ref: "#/components/schemas/debtorName"
- debtorAccount:
- $ref: "#/components/schemas/accountReference"
- ultimateDebtor:
- $ref: "#/components/schemas/ultimateDebtor"
- remittanceInformationUnstructured:
- type: string
- maxLength: 140
- purposeCode:
- $ref: "#/components/schemas/purposeCode"
- bankTransactionCode:
- $ref: "#/components/schemas/bankTransactionCode"
- proprietaryBankTransactionCode:
- $ref: "#/components/schemas/proprietaryBankTransactionCode"
- _links:
- $ref: "#/components/schemas/_linksTransactionDetails"
- exchangeRateList:
- description: Array of exchange rates
- type: array
- items:
- $ref: "#/components/schemas/exchangeRate"
- exchangeRate:
- description: Exchange Rate
- type: object
- required:
- - sourceCurrency
- - rate
- - unitCurrency
- - targetCurrency
- - rateDate
- properties:
- sourceCurrency:
- $ref: "#/components/schemas/currencyCode"
- rate:
- type: string
- unitCurrency:
- type: string
- targetCurrency:
- $ref: "#/components/schemas/currencyCode"
- rateDate:
- type: string
- format: date
- rateContract:
- type: string
- balance:
- description: |
- A single balance element
- type:
- object
- required:
- - balanceAmount
- - balanceType
- - balanceSubAccount
- properties:
- balanceAmount:
- $ref: "#/components/schemas/amount"
- balanceType:
- $ref: "#/components/schemas/balanceType"
- balanceSubAccount:
- $ref: "#/components/schemas/subAccountReference"
- lastChangeDateTime:
- description: |
- This data element might be used to indicate e.g. with the expected or booked balance that no action is known
- on the account, which is not yet booked.
- type: string
- format: date-time
- referenceDate:
- description: Reference date of the balance
- type: string
- format: date
- lastCommittedTransaction:
- description: |
- "entryReference" of the last commited transaction to support the TPP in identifying whether all
- PSU transactions are already known.
- type: string
- maxLength: 35
- balanceList:
- description: |
- A list of balances regarding this account, e.g. the current balance, the last booked balance.
- The list migght be restricted to the current ballance.
- type: array
- items:
- $ref: "#/components/schemas/balance"
- cancellationList:
- description: An array of all cancellationIds connected to this resource.
- type: array
- items:
- $ref: "#/components/schemas/cancellationId"
- bicfi:
- description: |
- BICFI
- type: string
- pattern: "[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}"
- example: "AAAADEBBXXX"
- iban:
- type: string
- description: IBAN of an account
- pattern: "[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}"
- example: "FR7612345987650123456789014"
- address:
- type: object
- required:
- - country
- properties:
- street:
- type: string
- maxLength: 70
- buildingNumber:
- type: string
- city:
- type: string
- postalCode:
- type: string
- country:
- $ref: "#/components/schemas/countryCode"
- example:
- {
- street: "rue blue",
- buildingnNumber: "89",
- city: "Paris",
- postalCode: "75000",
- country: "FR"
- }
- countryCode:
- description: ISO 3166 ALPHA2 country code
- type: string
- pattern: "[A-Z]{2}"
- example: "SE"
- amount:
- type: object
- required:
- - currency
- - amount
- properties:
- currency:
- $ref: "#/components/schemas/currencyCode"
- amount:
- $ref: "#/components/schemas/amountValue"
- example:
- {
- "currency": "EUR",
- "amount": "123"
- }
- currencyCode:
- description: |
- ISO 4217 Alpha 3 currency code
- type: string
- pattern: "[A-Z]{3}"
- example: "EUR"
- amountValue:
- description: |
- The amount given with fractional digits, where fractions must be compliant to the currency definition.
- Up to 14 significant figures. Negative amounts are signed by minus.
- The decimal separator is a dot.
- **Example:**
- Valid representations for EUR with up to two decimals are:
- * 1056
- * 5768.2
- * -1.50
- * 5877.78
- type: string
- pattern: "-?[0-9]{1,14}(\\.[0-9]{1,3})?"
- example: "5877.78"
- remittanceInformationUnstructured:
- description: |
- Unstructured remittance information
- type: string
- maxLength: 140
- example: "Ref Number Merchant"
- #####################################################
- # Predefined Text Formats
- #####################################################
- purposeCode:
- description: |
- ExternalPurpose1Code from ISO 20022.
- Values from ISO 20022 External Code List ExternalCodeSets_1Q2018 June 2018.
- type: string
- enum:
- - "BKDF"
- - "BKFE"
- - "BKFM"
- - "BKIP"
- - "BKPP"
- - "CBLK"
- - "CDCB"
- - "CDCD"
- - "CDCS"
- - "CDDP"
- - "CDOC"
- - "CDQC"
- - "ETUP"
- - "FCOL"
- - "MTUP"
- - "ACCT"
- - "CASH"
- - "COLL"
- - "CSDB"
- - "DEPT"
- - "INTC"
- - "LIMA"
- - "NETT"
- - "BFWD"
- - "CCIR"
- - "CCPC"
- - "CCPM"
- - "CCSM"
- - "CRDS"
- - "CRPR"
- - "CRSP"
- - "CRTL"
- - "EQPT"
- - "EQUS"
- - "EXPT"
- - "EXTD"
- - "FIXI"
- - "FWBC"
- - "FWCC"
- - "FWSB"
- - "FWSC"
- - "MARG"
- - "MBSB"
- - "MBSC"
- - "MGCC"
- - "MGSC"
- - "OCCC"
- - "OPBC"
- - "OPCC"
- - "OPSB"
- - "OPSC"
- - "OPTN"
- - "OTCD"
- - "REPO"
- - "RPBC"
- - "RPCC"
- - "RPSB"
- - "RPSC"
- - "RVPO"
- - "SBSC"
- - "SCIE"
- - "SCIR"
- - "SCRP"
- - "SHBC"
- - "SHCC"
- - "SHSL"
- - "SLEB"
- - "SLOA"
- - "SWBC"
- - "SWCC"
- - "SWPT"
- - "SWSB"
- - "SWSC"
- - "TBAS"
- - "TBBC"
- - "TBCC"
- - "TRCP"
- - "AGRT"
- - "AREN"
- - "BEXP"
- - "BOCE"
- - "COMC"
- - "CPYR"
- - "GDDS"
- - "GDSV"
- - "GSCB"
- - "LICF"
- - "MP2B"
- - "POPE"
- - "ROYA"
- - "SCVE"
- - "SERV"
- - "SUBS"
- - "SUPP"
- - "TRAD"
- - "CHAR"
- - "COMT"
- - "MP2P"
- - "ECPG"
- - "ECPR"
- - "ECPU"
- - "EPAY"
- - "CLPR"
- - "COMP"
- - "DBTC"
- - "GOVI"
- - "HLRP"
- - "HLST"
- - "INPC"
- - "INPR"
- - "INSC"
- - "INSU"
- - "INTE"
- - "LBRI"
- - "LIFI"
- - "LOAN"
- - "LOAR"
- - "PENO"
- - "PPTI"
- - "RELG"
- - "RINP"
- - "TRFD"
- - "FORW"
- - "FXNT"
- - "ADMG"
- - "ADVA"
- - "BCDM"
- - "BCFG"
- - "BLDM"
- - "BNET"
- - "CBFF"
- - "CBFR"
- - "CCRD"
- - "CDBL"
- - "CFEE"
- - "CGDD"
- - "CORT"
- - "COST"
- - "CPKC"
- - "DCRD"
- - "DSMT"
- - "DVPM"
- - "EDUC"
- - "FACT"
- - "FAND"
- - "FCPM"
- - "FEES"
- - "GOVT"
- - "ICCP"
- - "IDCP"
- - "IHRP"
- - "INSM"
- - "IVPT"
- - "MCDM"
- - "MCFG"
- - "MSVC"
- - "NOWS"
- - "OCDM"
- - "OCFG"
- - "OFEE"
- - "OTHR"
- - "PADD"
- - "PTSP"
- - "RCKE"
- - "RCPT"
- - "REBT"
- - "REFU"
- - "RENT"
- - "REOD"
- - "RIMB"
- - "RPNT"
- - "RRBN"
- - "RVPM"
- - "SLPI"
- - "SPLT"
- - "STDY"
- - "TBAN"
- - "TBIL"
- - "TCSC"
- - "TELI"
- - "TMPG"
- - "TPRI"
- - "TPRP"
- - "TRNC"
- - "TRVC"
- - "WEBI"
- - "ANNI"
- - "CAFI"
- - "CFDI"
- - "CMDT"
- - "DERI"
- - "DIVD"
- - "FREX"
- - "HEDG"
- - "INVS"
- - "PRME"
- - "SAVG"
- - "SECU"
- - "SEPI"
- - "TREA"
- - "UNIT"
- - "FNET"
- - "FUTR"
- - "ANTS"
- - "CVCF"
- - "DMEQ"
- - "DNTS"
- - "HLTC"
- - "HLTI"
- - "HSPC"
- - "ICRF"
- - "LTCF"
- - "MAFC"
- - "MARF"
- - "MDCS"
- - "VIEW"
- - "CDEP"
- - "SWFP"
- - "SWPP"
- - "SWRS"
- - "SWUF"
- - "ADCS"
- - "AEMP"
- - "ALLW"
- - "ALMY"
- - "BBSC"
- - "BECH"
- - "BENE"
- - "BONU"
- - "CCHD"
- - "COMM"
- - "CSLP"
- - "GFRP"
- - "GVEA"
- - "GVEB"
- - "GVEC"
- - "GVED"
- - "GWLT"
- - "HREC"
- - "PAYR"
- - "PEFC"
- - "PENS"
- - "PRCP"
- - "RHBS"
- - "SALA"
- - "SSBE"
- - "LBIN"
- - "LCOL"
- - "LFEE"
- - "LMEQ"
- - "LMFI"
- - "LMRK"
- - "LREB"
- - "LREV"
- - "LSFL"
- - "ESTX"
- - "FWLV"
- - "GSTX"
- - "HSTX"
- - "INTX"
- - "NITX"
- - "PTXP"
- - "RDTX"
- - "TAXS"
- - "VATX"
- - "WHLD"
- - "TAXR"
- - "B112"
- - "BR12"
- - "TLRF"
- - "TLRR"
- - "AIRB"
- - "BUSB"
- - "FERB"
- - "RLWY"
- - "TRPT"
- - "CBTV"
- - "ELEC"
- - "ENRG"
- - "GASB"
- - "NWCH"
- - "NWCM"
- - "OTLC"
- - "PHON"
- - "UBIL"
- - "WTER"
- cardAcceptorCategoryCode:
- description: |
- Card Acceptor Category Code of the Card Acceptor as given in the related card transaction.
- type: string #TODO Type in IG not defined probably identical to merchant category code.
- bankTransactionCode:
- description: |
- Bank transaction code as used by the ASPSP and using the sub elements of this structured code defined by ISO 20022.
- This code type is concatenating the three ISO20022 Codes
- * Domain Code,
- * Family Code, and
- * SubFamiliy Code
- by hyphens, resulting in �DomainCode�-�FamilyCode�-�SubFamilyCode�.
- type: string
- example: "PMNT-RCDT-ESCT"
- proprietaryBankTransactionCode:
- description: |
- Proprietary bank transaction code as used within a community or within an ASPSP e.g.
- for MT94x based transaction reports.
- type: string
- maxLength: 35
- frequencyCode:
- description: |
- The following codes from the "EventFrequency7Code" of ISO 20022 are supported.
- - "Daily"
- - "Weekly"
- - "EveryTwoWeeks"
- - "Monthly"
- - "EveryTwoMonths"
- - "Quarterly"
- - "SemiAnnual"
- - "Annual"
- type: string
- enum:
- - "Daily"
- - "Weekly"
- - "EveryTwoWeeks"
- - "Monthly"
- - "EveryTwoMonths"
- - "Quarterly"
- - "SemiAnnual"
- - "Annual"
- frequencyPerDay:
- description: |
- This field indicates the requested maximum frequency for an access without PSU involvement per day.
- For a one-off access, this attribute is set to "1".
- type: integer
- example: 4
- dayOfExecution:
- description: |
- Day of execution as string.
- This string consists of up two characters.
- Leading zeroes are not allowed.
- 31 is ultimo of the month.
- type: string
- maxLength: 2
- enum:
- - "1"
- - "2"
- - "3"
- - "4"
- - "5"
- - "6"
- - "7"
- - "8"
- - "9"
- - "10"
- - "11"
- - "12"
- - "13"
- - "14"
- - "15"
- - "16"
- - "17"
- - "18"
- - "19"
- - "20"
- - "21"
- - "22"
- - "23"
- - "24"
- - "25"
- - "26"
- - "27"
- - "28"
- - "29"
- - "30"
- - "31"
- executionRule:
- description: |
- "following" or "preceeding" supported as values.
- This data attribute defines the behavior when recurring payment dates falls on a weekend or bank holiday.
- The payment is then executed either the "preceeding" or "following" working day.
- ASPSP might reject the request due to the communicated value, if rules in Online-Banking are not supporting
- this execution rule.
- type: string
- enum:
- - "following"
- - "preceeding"
- psuData:
- description: PSU Data for Update PSU Authentication.
- type: object
- required:
- - password
- properties:
- password:
- description: Password
- type: string
- psuMessageText:
- description: Text to be displayed to the PSU
- type: string
- maxLength: 512
- creditorName:
- description: Creditor Name
- type: string
- maxLength: 70
- example: "Creditor Name"
- debtorName:
- description: Debtor Name
- type: string
- maxLength: 70
- example: "Debtor Name"
- ultimateDebtor:
- description: Ultimate Debtor
- type: string
- maxLength: 70
- example: "Ultimate Debtor"
- ultimateCreditor:
- description: Ultimate Creditor
- type: string
- maxLength: 70
- example: "Ultimate Creditor"
- #####################################################
- # Predefined Date and Time Related Formats
- #####################################################
- transactionDate:
- description: Date of the actual card transaction
- type: string
- format: date
- startDate:
- description: |
- The first applicable day of execution starting from this date is the first payment.
- type: string
- format: date
- endDate:
- description: |
- The last applicable day of execution
- If not given, it is an infinite standing order.
- type: string
- format: date
- bookingDate:
- description: |
- The Date when an entry is posted to an account on the ASPSPs books.
- type: string
- format: date
- validUntil:
- description: |
- This parameter is requesting a valid until date for the requested consent.
- The content is the local ASPSP date in ISO-Date Format, e.g. 2017-10-30.
- Future dates might get adjusted by ASPSP.
- If a maximal available date is requested, a date in far future is to be used: "9999-12-31".
- In both cases the consent object to be retrieved by the GET Consent Request will contain the adjusted date.
- type: string
- format: date
- example: "2020-12-31"
- lastActionDate:
- description: |
- This date is containing the date of the last action on the consent object either through
- the XS2A interface or the PSU/ASPSP interface having an impact on the status.
- type: string
- format: date
- example: "2018-07-01"
- #####################################################
- # Content of Request Bodies
- #####################################################
- #####################################################
- # Content of Request Bodies - JSON
- #####################################################
- paymentInitiationSct_json:
- description: |
- Body for a SCT payment initation.
- type: object
- required:
- - debtorAccount
- - instructedAmount
- - creditorAccount
- - creditorName
- properties:
- endToEndIdentification:
- type: string
- maxLength: 35
- debtorAccount:
- $ref: "#/components/schemas/accountReference"
- instructedAmount:
- $ref: "#/components/schemas/amount"
- creditorAccount:
- $ref: "#/components/schemas/accountReference"
- creditorAgent:
- $ref: "#/components/schemas/bicfi"
- creditorName:
- $ref: "#/components/schemas/creditorName"
- creditorAddress:
- $ref: "#/components/schemas/address"
- remittanceInformationUnstructured:
- $ref: "#/components/schemas/remittanceInformationUnstructured"
- paymentInitiationIt_json:
- description: |
- Body for a Internal Transfer payment initation.
- type: object
- required:
- - account
- - fromSubAccount
- - toSubAccount
- - instructedAmount
- - currency
- properties:
- endToEndIdentification:
- type: string
- maxLength: 35
- account:
- $ref: "#/components/schemas/accountReference"
- instructedAmount:
- $ref: "#/components/schemas/amount"
- fromSubAccount:
- $ref: "#/components/schemas/subAccountReference"
- toSubAccount:
- $ref: "#/components/schemas/subAccountReference"
- confirmationOfFunds:
- description: |
- JSON Request body for the "Confirmation of Funds Service"
- type: object
- required:
- - account
- - instructedAmount
- properties:
- subAccount:
- $ref: "#/components/schemas/subAccountId"
- payee:
- description: Name payee
- type: string
- maxLength: 70
- instructedAmount:
- $ref: "#/components/schemas/amount"
- consents:
- description: |
- Content of the body of a consent request.
- type: object
- required:
- - access
- - recurringIndicator
- - validUntil
- - frequencyPerDay
- - combinedServiceIndicator
- properties:
- access:
- $ref: "#/components/schemas/accountAccess"
- recurringIndicator:
- $ref: "#/components/schemas/recurringIndicator"
- validUntil:
- $ref: "#/components/schemas/validUntil"
- frequencyPerDay:
- $ref: "#/components/schemas/frequencyPerDay"
- combinedServiceIndicator:
- description: |
- If "true" indicates that a payment initiation service will be addressed in the same "session".
- type: boolean
- example: false
- transactionAuthorisation:
- description: |
- Content of the body of a Transaction Authorisation Request
- type: object
- required:
- - scaAuthenticationData
- properties:
- scaAuthenticationData:
- $ref: "#/components/schemas/scaAuthenticationData"
- #####################################################
- # Content of Response Bodies
- #####################################################
- paymentInitiationStatusResponse-200_json:
- description: Body of the response for a successful payment initiation status request in case of an JSON based endpoint.
- type: object
- required:
- - transactionStatus
- properties:
- transactionStatus:
- $ref: "#/components/schemas/transactionStatus"
- paymentInitiationStatusResponse-200_xml:
- description: |
- Body of the response for a successful payment initiation status request in case of an XML based endpoint.
- The status is returned as a pain.002 structure.
- urn:iso:std:iso:20022:tech:xsd:pain.002.001.03
- The chosen XML schema of the Status Request is following the XML schema definitions of the original pain.001 schema.
- type: string
- paymentInitationRequestResponse-201:
- description: Body of the response for a successful payment initiation request.
- type: object
- required:
- - transactionStatus
- - paymentId
- - _links
- properties:
- transactionStatus:
- $ref: "#/components/schemas/transactionStatus"
- paymentId:
- $ref: "#/components/schemas/paymentId"
- transactionFees:
- # description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments.
- $ref: "#/components/schemas/amount"
- transactionFeeIndicator:
- $ref: "#/components/schemas/transactionFeeIndicator"
- _links:
- $ref: "#/components/schemas/_linksPaymentInitiation"
- psuMessage:
- $ref: "#/components/schemas/psuMessageText"
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage2XX"
- paymentInitiationCancelResponse-204_202:
- description: Body of the response for a successful cancel payment request.
- type: object
- required:
- - transactionStatus
- properties:
- transactionStatus:
- $ref: "#/components/schemas/transactionStatus"
- _links:
- $ref: "#/components/schemas/_linksPaymentInitiationCancel"
- paymentInitiationSctWithStatusResponse:
- description: |
- JSON response body consistion of the corresponding SCT payment initation JSON body together with an optional transaction status field.
- type: object
- required:
- - debtorAccount
- - instructedAmount
- - creditorAccount
- - creditorName
- properties:
- endToEndIdentification:
- type: string
- maxLength: 35
- debtorAccount:
- $ref: "#/components/schemas/accountReference"
- instructedAmount:
- $ref: "#/components/schemas/amount"
- creditorAccount:
- $ref: "#/components/schemas/accountReference"
- creditorAgent:
- $ref: "#/components/schemas/bicfi"
- creditorName:
- $ref: "#/components/schemas/creditorName"
- creditorAddress:
- $ref: "#/components/schemas/address"
- remittanceInformationUnstructured:
- $ref: "#/components/schemas/remittanceInformationUnstructured"
- transactionStatus:
- $ref: "#/components/schemas/transactionStatus"
- paymentInitiationItWithStatusResponse:
- description: |
- JSON response body consistion of the corresponding Internal Transfer payment initation JSON body together with an optional transaction status field.
- type: object
- required:
- - account
- - instructedAmount
- - currency
- - fromSubAccount
- - toSubAccount
- properties:
- endToEndIdentification:
- type: string
- maxLength: 35
- account:
- $ref: "#/components/schemas/accountReference"
- instructedAmount:
- $ref: "#/components/schemas/amount"
- currency:
- $ref: "#/components/schemas/currencyCode"
- fromSubAccount:
- $ref: "#/components/schemas/subAccountReference"
- toSubAccount:
- $ref: "#/components/schemas/subAccountReference"
- remittanceInformationUnstructured:
- type: string
- maxLength: 140
- transactionStatus:
- $ref: "#/components/schemas/transactionStatus"
- scaStatusResponse:
- description: Body of the JSON response with SCA Status
- type: object
- properties:
- scaStatus:
- $ref: "#/components/schemas/scaStatus"
- startScaprocessResponse:
- description: Body of the JSON response for a Start SCA authorisation request.
- type: object
- required:
- - scaStatus
- - _links
- properties:
- scaStatus:
- $ref: "#/components/schemas/scaStatus"
- _links:
- $ref: "#/components/schemas/_linksStartScaProcess"
- psuMessage:
- $ref: "#/components/schemas/psuMessageText"
- consentsResponse-201:
- description: Body of the JSON response for a successful conset request.
- type: object
- required:
- - consentStatus
- - consentId
- - _links
- properties:
- consentStatus:
- $ref: "#/components/schemas/consentStatus"
- consentId:
- $ref: "#/components/schemas/consentId"
- _links:
- $ref: "#/components/schemas/_linksConsents"
- message:
- description: Text to be displayed to the PSU, e.g. in a Decoupled SCA Approach.
- type: string
- maxLength: 512
- consentStatusResponse-200:
- description: Body of the JSON response for a successful get status request for a consent.
- type: object
- required:
- - consentStatus
- properties:
- consentStatus:
- $ref: "#/components/schemas/consentStatus"
- consentInformationResponse-200_json:
- description: Body of the JSON response for a successfull get consent request.
- type: object
- required:
- - access
- - recurringIndicator
- - validUntil
- - frequencyPerDay
- - lastActionDate
- - consentStatus
- properties:
- access:
- $ref: "#/components/schemas/accountAccess"
- recurringIndicator:
- $ref: "#/components/schemas/recurringIndicator"
- validUntil:
- $ref: "#/components/schemas/validUntil"
- frequencyPerDay:
- $ref: "#/components/schemas/frequencyPerDay"
- lastActionDate:
- $ref: "#/components/schemas/lastActionDate"
- consentStatus:
- $ref: "#/components/schemas/consentStatus"
- readAccountBalanceResponse-200:
- description: Body of the response for a successful read balance for an account request.
- type: object
- required:
- - balances
- properties:
- account:
- $ref: "#/components/schemas/accountReference"
- balances:
- $ref: "#/components/schemas/balanceList"
- transactionsResponse-200_json:
- description: |
- Body of the JSON response for a successful read transaction list request.
- This account report contains transactions resulting from the query parameters.
- type: object
- properties:
- account:
- $ref: "#/components/schemas/accountReference"
- transactions:
- $ref: "#/components/schemas/accountReport"
- balances:
- $ref: "#/components/schemas/balanceList"
- _links:
- $ref: "#/components/schemas/_linksDownload"
- #####################################################
- # _links
- #####################################################
- _linksAll:
- description: |
- A _link object with all availabel link types
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefType"
- authoriseTransaction:
- $ref: "#/components/schemas/hrefType"
- self:
- $ref: "#/components/schemas/hrefType"
- status:
- $ref: "#/components/schemas/hrefTypeStatus"
- scaStatus:
- $ref: "#/components/schemas/hrefTypeSCAStatus"
- account:
- $ref: "#/components/schemas/hrefTypeAccount"
- balances:
- $ref: "#/components/schemas/hrefTypeBalances"
- transactions:
- $ref: "#/components/schemas/hrefTypeTransactions"
- transactionDetails:
- $ref: "#/components/schemas/hrefTypeTransactionDetails"
- first:
- $ref: "#/components/schemas/hrefType"
- next:
- $ref: "#/components/schemas/hrefType"
- previous:
- $ref: "#/components/schemas/hrefType"
- last:
- $ref: "#/components/schemas/hrefType"
- download:
- $ref: "#/components/schemas/hrefType"
- _linksPaymentInitiation:
- description: |
- A list of hyperlinks to be recognised by the TPP.
- Banco Carregosa only accepts scaRedirect.
- Type of links admitted in this response:
- * 'scaRedirect':
- The ASPSP transmits the link to which to redirect the PSU browser.
- * 'self':
- The link to the payment initiation resource created by this request.
- This link can be used to retrieve the resource data.
- * 'status':
- The link to retrieve the transaction status of the payment initiation.
- * 'scaStatus':
- The link to retrieve the scaStatus of the corresponding authorisation sub-resource.
- This link is only contained, if an authorisation sub-resource has been already created.
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefTypeSCARedirect"
- self:
- $ref: "#/components/schemas/hrefType"
- status:
- $ref: "#/components/schemas/hrefTypeStatus"
- scaStatus:
- $ref: "#/components/schemas/hrefTypeSCAStatus"
- example:
- {
- "scaRedirect": {"href": "https://www.testbank.com/asdfasdfasdf"},
- "self": {"href": "/v1/payments/sepa-credit-transfers/1234-wertiq-983"}
- }
- _linksStartScaProcess:
- description: |
- A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the
- response depend on the dynamical decisions of the ASPSP when processing the request.
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefType"
- scaStatus:
- $ref: "#/components/schemas/hrefType"
- _linksPaymentInitiation_IT:
- description: |
- A list of hyperlinks to be recognised by the TPP.
- Banco Carregosa only accepts scaRedirect.
- Type of links admitted in this response:
- * 'scaRedirect':
- The ASPSP transmits the link to which to redirect the PSU browser.
- * 'self':
- The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data.
- * 'status':
- The link to retrieve the transaction status of the payment initiation.
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefTypeSCARedirect"
- self:
- $ref: "#/components/schemas/hrefType"
- status:
- $ref: "#/components/schemas/hrefTypeStatus"
- scaStatus:
- $ref: "#/components/schemas/hrefTypeSCAStatus"
- _linksPaymentInitiationCancel:
- description: |
- A list of hyperlinks to be recognised by the TPP.
- Banco Carregosa only accepts scaRedirect.
- Type of links admitted in this response:
- * 'scaRedirect':
- The ASPSP transmits the link to which to redirect the PSU browser.
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefTypeSCARedirect"
- _linksDownload:
- description: |
- A list of hyperlinks to be recognised by the TPP.
- Type of links admitted in this response:
- - "download": a link to a resource, where the transaction report might be downloaded from in
- case where transaction reports have a huge size.
- type: object
- required:
- - download
- properties:
- download:
- $ref: "#/components/schemas/hrefType"
- _linksConsents:
- description: |
- A list of hyperlinks to be recognised by the TPP.
- Banco Carregosa only accepts scaRedirect.
- Type of links admitted in this response:
- - 'scaRedirect':
- The ASPSP transmits the link to which to redirect the PSU browser.
- - 'self':
- The link to the Establish Account Information Consent resource created by this request.
- This link can be used to retrieve the resource data.
- - 'status':
- The link to retrieve the status of the account information consent.
- - 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource.
- This link is only contained, if an authorisation sub-resource has been already created.
- type: object
- properties:
- scaRedirect:
- $ref: "#/components/schemas/hrefTypeSCARedirect"
- self:
- $ref: "#/components/schemas/hrefType"
- status:
- $ref: "#/components/schemas/hrefType"
- scaStatus:
- $ref: "#/components/schemas/hrefType"
- _linksAccountReport:
- type: object
- required:
- - account
- properties:
- account:
- $ref: "#/components/schemas/hrefType"
- first:
- $ref: "#/components/schemas/hrefType"
- next:
- $ref: "#/components/schemas/hrefType"
- previous:
- $ref: "#/components/schemas/hrefType"
- last:
- $ref: "#/components/schemas/hrefType"
- _linksTransactionDetails:
- type: object
- required:
- - transactionDetails
- properties:
- transactionDetails:
- $ref: "#/components/schemas/hrefType"
- _linksAccountDetails:
- description: |
- Links to the account, which can be directly used for retrieving account information from this dedicated account.
- Links to "balances" and/or "transactions"
- These links are only supported, when the corresponding consent has been already granted.
- type: object
- properties:
- account:
- $ref: "#/components/schemas/hrefTypeAccount"
- accountList:
- $ref: "#/components/schemas/hrefTypeAccountList"
- balances:
- $ref: "#/components/schemas/hrefTypeBalances"
- transactions:
- $ref: "#/components/schemas/hrefTypeTransactions"
- _linksAccountList:
- description: |
- Links to the account, which can be directly used for retrieving account information from this dedicated account.
- Links to "balances" and/or "transactions"
- These links are only supported, when the corresponding consent has been already granted.
- type: object
- properties:
- self:
- $ref: "#/components/schemas/hrefTypeAccountList"
- balances:
- $ref: "#/components/schemas/hrefTypeBalances"
- transactions:
- $ref: "#/components/schemas/hrefTypeTransactions"
- #####################################################
- # Tpp-Messages to Communicate Error Information
- #####################################################
- #####################################################
- # Generic Elements
- #####################################################
- tppMessageCategory:
- description: Category of the TPP message category
- type: string
- enum:
- - "ERROR"
- - "WARNING"
- MessageCode2XX: #TODO: Ask os wether it should be included or not
- description: Message codes for HTTP Error codes 2XX.
- type: string
- enum:
- - "WARNING"
- MessageCode400:
- description: Message codes defined for HTTP Error code 400 (BAD_REQUEST).
- type: string
- enum:
- - "FORMAT_ERROR" #gen
- MessageCode401:
- description: Message codes defined for HTTP Error code 401 (UNAUTHORIZED).
- type: string
- enum:
- - "CERTIFICATE_INVALID" #gen
- - "CERTIFICATE_EXPIRED" #gen
- - "CERTIFICATE_BLOCKED" #gen
- - "CERTIFICATE_REVOKE" #gen
- - "CERTIFICATE_MISSING" #gen
- - "SIGNATURE_INVALID" #gen
- - "SIGNATURE_MISSING" #gen
- - "CORPORATE_ID_INVALID" #gen
- - "PSU_CREDENTIALS_INVALID" #gen
- - "CONSENT_INVALID" #gen, AIS
- - "CONSENT_EXPIRED" #gen
- - "TOKEN_UNKNOWN" #gen
- - "TOKEN_INVALID" #gen
- - "TOKEN_EXPIRED" #gen
- MessageCode403:
- description: Message codes defined defined for HTTP Error code 403 (FORBIDDEN).
- type: string
- enum:
- - "CONSENT_UNKNOWN" #gen
- - "SERVICE_BLOCKED" #gen
- - "RESOURCE_UNKNOWN" #gen
- - "RESOURCE_EXPIRED" #gen
- - "PRODUCT_INVALID" #PIS
- MessageCode404_AIS:
- description: Message codes defined for AIS for HTTP Error code 404 (NOT FOUND).
- type: string
- enum:
- - "RESOURCE_UNKNOWN" #gens
- MessageCode404_PIS:
- description: Message codes defined for PIS for HTTP Error code 404 (NOT FOUND).
- type: string
- enum:
- - "RESOURCE_UNKNOWN" #gens
- - "PRODUCT_UNKNOWN" #PIS
- MessageCode404_PIIS:
- description: Message codes defined for PIIS for HTTP Error code 404 (NOT FOUND).
- type: string
- enum:
- - "RESOURCE_UNKNOWN" #gens
- MessageCode405:
- description: Message codes defined for payment cancelations PIS for HTTP Error code 405 (METHOD NOT ALLOWED).
- type: string
- enum:
- - "SERVICE_INVALID" #gens
- MessageCode429_AIS:
- description: Message codes for HTTP Error code 429 (TOO MANY REQUESTS).
- type: string
- enum:
- - "ACCESS_EXCEEDED" #AIS
- #####################################################
- # Next Gen propriatary Tpp-Messages
- #####################################################
- tppMessageText:
- description: Additional explaining text to the TPP.
- type: string
- maxLength: 512
- tppMessage2XX: #TODO Ask Ortwin whether do it or not
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode2XX"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage400:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode400"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage401:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode401"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage403:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode403"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage404_PIS:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode404_PIS"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage404_AIS:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode404_AIS"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage404_PIIS:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode404_PIIS"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage405:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode405"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- tppMessage429_AIS:
- type: object
- required:
- - category
- - code
- properties:
- category:
- $ref: "#/components/schemas/tppMessageCategory"
- code:
- $ref: "#/components/schemas/MessageCode429_AIS"
- path:
- type: string
- text:
- $ref: "#/components/schemas/tppMessageText"
- #####################################################
- # RFC7807 Messages
- #####################################################
- tppErrorTitle:
- description: |
- Short human readable description of error type.
- Could be in local language.
- To be provided by ASPSPs.
- type: string
- maxLength: 70
- tppErrorDetail:
- description: |
- Detailed human readable text specific to this instance of the error.
- XPath might be used to point to the issue generating the error in addition.
- Remark for Future: In future, a dedicated field might be introduced for the XPath.
- type: string
- maxLength: 512
- #####################################################
- # RFC7807 Messages
- #####################################################
- Error400:
- description: |
- Specific definition of reporting error information in case of a HTTP error code 400.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage400"
- Error401:
- description: |
- Specific definition of reporting error information in case of a HTTP error code 401.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage401"
- Error403:
- description: |
- Specific definition of reporting error information in case of a HTTP error code 403.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage403"
- Error404_NG_PIS:
- description: |
- NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage404_PIS"
- _links:
- $ref: "#/components/schemas/_linksAll"
- Error404_NG_AIS:
- description: |
- NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage404_AIS"
- _links:
- $ref: "#/components/schemas/_linksAccountDetails"
- Error404_NG_PIIS:
- description: |
- NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage404_PIIS"
- _links:
- $ref: "#/components/schemas/_linksAll"
- Error405:
- description: |
- Specific definition of reporting error information in case of a HTTP error code 401.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage405"
- Error429_NG_AIS:
- description: |
- Specific definition of reporting error information in case of a HTTP error code 429.
- type: object
- properties:
- tppMessages:
- type: array
- items:
- $ref: "#/components/schemas/tppMessage429_AIS"
- _links:
- $ref: "#/components/schemas/_linksAll"
- example:
- [{
- "category": "ERROR",
- "code": "ACCESS_EXCEEDED",
- "text": "additional text information of the ASPSP up to 512 characters"
- }]
- parameters:
- #####################################################
- # Predefined Parameters
- #####################################################
- paymentService:
- name: payment-service
- in: path
- description: |
- Payment service:
- Possible values are:
- * payments
- required: true
- schema:
- type: string
- enum:
- - "payments"
- paymentProduct:
- name: payment-product
- in: path
- description: |
- The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT).
- The following payment products are supported:
- - sepa-credit-transfers
- - internal-transfers
- required: true
- schema:
- type: string
- enum:
- - "sepa-credit-transfers"
- - "internal-transfers"
- paymentId:
- name: paymentId
- in: path
- description: Resource identification of the generated payment initiation resource.
- required: true
- schema:
- $ref: "#/components/schemas/paymentId"
- cancellationId:
- name: cancellationId
- in: path
- description: Identification for cancellation resource.
- required: true
- schema:
- $ref: "#/components/schemas/cancellationId"
- authorisationId:
- name: authorisationId
- in: path
- description: Resource identification of the related SCA.
- required: true
- schema:
- $ref: "#/components/schemas/authorisationId"
- accountId:
- name: accountId
- in: path
- description: |
- This identification is denoting the addressed account.
- The accountId is retrieved by using a "Read Account List" call.
- The accountId is the "id" attribute of the account structure.
- Its value is constant at least throughout the lifecycle of a given consent.
- required: true
- schema:
- $ref: "#/components/schemas/accountId"
- resourceId:
- name: resourceId
- in: path
- description: |
- This identification is given by the attribute resourceId of the corresponding entry of a transaction list.
- required: true
- schema:
- $ref: "#/components/schemas/resourceId"
- consentId_PATH:
- name: consentId
- in: path
- description: >
- ID of the corresponding consent object as returned by an Account
- Information Consent Request.
- required: true
- schema:
- $ref: '#/components/schemas/consentId'
- consentId_HEADER_optional:
- name: ConsentId
- in: header
- description: |
- This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS/PIIS service.
- This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.
- required: false
- schema:
- $ref: "#/components/schemas/consentId"
- consentId_HEADER_mandatory:
- name: ConsentId
- in: header
- description: |
- This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation.
- required: true
- schema:
- $ref: "#/components/schemas/consentId"
- withBalanceQuery:
- name: withBalance
- in: query
- description: |
- Ignored by the ASPSP.
- required: false
- schema:
- type: boolean
- dateFrom:
- name: dateFrom
- in: query
- description: |
- Conditional: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required.
- For booked transactions, the relevant date is the booking date.
- For pending transactions, the relevant date is the entry date, which may not be transparent
- neither in this API nor other channels of the ASPSP.
- required: false
- schema:
- type: string
- format: date
- dateTo:
- name: dateTo
- in: query
- description: |
- End date (inclusive the data dateTo) of the transaction list, default is "now" if not given.
- Might be ignored if a delta function is used.
- For booked transactions, the relevant date is the booking date.
- For pending transactions, the relevant date is the entry date, which may not be transparent
- neither in this API nor other channels of the ASPSP.
- required: false
- schema:
- type: string
- format: date
- entryReferenceFrom:
- name: entryReferenceFrom
- in: query
- description: |
- This data attribute is indicating that the AISP is in favour to get all transactions after
- the transaction with identification entryReferenceFrom alternatively to the above defined period.
- This is a implementation of a delta access.
- If this data element is contained, the entries "dateFrom" and "dateTo" might be ignored by the ASPSP
- if a delta report is supported.
- Optional if supported by API provider.
- required: false
- schema:
- type: string
- bookingStatus:
- name: bookingStatus
- in: query
- description: |
- Permitted codes are
- * "booked",
- * "pending" and
- * "both"
- "booked" shall be supported by the ASPSP.
- To support the "pending" and "both" feature is optional for the ASPSP,
- Error code if not supported in the online banking frontend
- required: true
- schema:
- type: string
- enum:
- - "booked"
- - "pending"
- - "both"
- deltaList:
- name: deltaList
- in: query
- description:
- This data attribute is indicating that the AISP is in favour to get all transactions after the last report access
- for this PSU on the addressed account.
- This is another implementation of a delta access-report.
- This delta indicator might be rejected by the ASPSP if this function is not supported.
- Optional if supported by API provider
- schema:
- type: boolean
- X-Request-ID:
- name: X-Request-ID
- in: header
- description: ID of the request, unique to the call, as determined by the initiating party.
- required: true
- example: "99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
- schema:
- type: string
- format: uuid
- Digest:
- name: Digest
- in: header
- description: Is contained if and only if the "Signature" element is contained in the header of the request.
- schema:
- type: string
- required: false # conditional
- example: "SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A="
- Signature:
- name: Signature
- in: header
- description: |
- A signature of the request by the TPP on application level. This might be mandated by ASPSP.
- schema:
- type: string
- required: false # conditional
- example: >
- keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256",
- headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",
- signature="Base64(RSA-SHA256(signing string))"
- TPP-Signature-Certificate:
- name: TPP-Signature-Certificate
- in: header
- description: |
- The certificate used for signing the request, in base64 encoding.
- Must be contained if a signature is contained.
- schema:
- type: string
- format: byte
- required: false # conditional
- TPP-Redirect-Preferred:
- name: TPP-Redirect-Preferred
- in: header
- description: |
- Ignored by ASPSP
- schema:
- type: string
- enum:
- - "true"
- - "false"
- #type: boolean
- required: false
- TPP-Redirect-URI:
- name: TPP-Redirect-URI
- in: header
- description: |
- URI of the TPP, where the transaction flow shall be redirected to after a Redirect.
- It is recommended to always use this header field.
- **Remark for Future:**
- This field might be changed to mandatory in the next version of the specification.
- schema:
- type: string
- format: uri
- required: false # conditional
- TPP-Nok-Redirect-URI:
- name: TPP-Nok-Redirect-URI
- in: header
- description: |
- Ignored by the ASPSP.
- schema:
- type: string
- format: uri
- required: false
- TPP-Explicit-Authorisation-Preferred:
- name: TPP-Explicit-Authorisation-Preferred
- in: header
- description: |
- Ignored by the ASPSP. TPP should assume a direct authorisation of the transaction in the next step.
- schema:
- type: string
- enum:
- - "true"
- - "false"
- #type: boolean
- required: false
- PSU-ID:
- name: PSU-ID
- in: header
- description: |
- Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation.
- Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceeding
- AIS service in the same session.
- schema:
- type: string
- required: false
- example: "PSU-1234"
- PSU-ID-Type:
- name: PSU-ID-Type
- in: header
- description: |
- Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
- schema:
- type: string
- required: false
- PSU-Corporate-ID:
- name: PSU-Corporate-ID
- in: header
- description: |
- Might be mandated in the ASPSP's documentation. Only used in a corporate context.
- schema:
- type: string
- required: false
- PSU-Corporate-ID-Type:
- name: PSU-Corporate-ID-Type
- in: header
- description: |
- Might be mandated in the ASPSP's documentation. Only used in a corporate context.
- schema:
- type: string
- required: false
- PSU-IP-Address_mandatory:
- name: PSU-IP-Address
- in: header
- description: |
- The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP.
- schema:
- type: string
- format: ipv4
- required: true
- example: 192.168.8.78
- PSU-IP-Address_optional:
- name: PSU-IP-Address
- in: header
- description: |
- The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP.
- schema:
- type: string
- format: ipv4
- required: false
- example: 192.168.8.78
- PSU-IP-Address_conditionalForAis:
- name: PSU-IP-Address
- in: header
- description: |
- The forwarded IP Address header field consists of the corresponding HTTP request
- IP Address field between PSU and TPP.
- It shall be contained if and only if this request was actively initiated by the PSU.
- schema:
- type: string
- format: ipv4
- required: false
- example: 192.168.8.78
- PSU-IP-Port:
- name: PSU-IP-Port
- in: header
- description: |
- The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
- schema:
- type: string
- required: false
- example: "1234"
- PSU-Accept:
- name: PSU-Accept
- in: header
- description: |
- The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
- schema:
- type: string
- required: false
- PSU-Accept-Charset:
- name: PSU-Accept-Charset
- in: header
- description: |
- The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
- schema:
- type: string
- required: false
- PSU-Accept-Encoding:
- name: PSU-Accept-Encoding
- in: header
- description: |
- The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
- schema:
- type: string
- required: false
- PSU-Accept-Language:
- name: PSU-Accept-Language
- in: header
- description: |
- The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
- schema:
- type: string
- required: false
- PSU-User-Agent:
- name: PSU-User-Agent
- in: header
- description: |
- The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
- schema:
- type: string
- required: false
- PSU-Http-Method:
- name: PSU-Http-Method
- in: header
- description: |
- HTTP method used at the PSU ? TPP interface, if available.
- Valid values are:
- * GET
- * POST
- * PUT
- * PATCH
- * DELETE
- schema:
- type: string
- enum:
- - "GET"
- - "POST"
- - "PUT"
- - "PATCH"
- - "DELETE"
- required: false
- PSU-Device-ID:
- name: PSU-Device-ID
- in: header
- description: |
- UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available.
- UUID identifies either a device or a device dependant application installation.
- In case of an installation identification this ID need to be unaltered until removal from device.
- schema:
- type: string
- format: uuid
- required: false
- example: "99435c7e-ad88-49ec-a2ad-99ddcb1f5555"
- PSU-Geo-Location:
- name: PSU-Geo-Location
- in: header
- description: |
- The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
- schema:
- type: string
- pattern: '(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}'
- required: false
- example: GEO:52.506931,13.144558
- requestBodies:
- #####################################################
- # Reusable Request Bodies
- #####################################################
- paymentInitiation:
- description: |
- required: true
- content:
- application/json:
- schema:
- oneOf:
- - $ref: "#/components/schemas/paymentInitiationSct_json"
- - $ref: "#/components/schemas/paymentInitiationIt_json"
- examples:
- "Example 1: 'payments' - 'sepa-credit-transfers'":
- $ref: "#/components/examples/paymentInitiationSctBody_payments_json"
- "Example 2: 'payments' - 'internal-transfers'":
- $ref: "#/components/examples/paymentInitiationItBody_payments_json"
- confirmationOfFunds:
- description: |
- When subaccount reference is missing funds availability is checked against main subaccount.
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/confirmationOfFunds"
- examples:
- "Example":
- $ref: "#/components/examples/confirmationOfFundsExample"
- required: true
- consents:
- description: |
- Requestbody for a consents request
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/consents"
- examples:
- "Consent Request on Dedicated Accounts":
- $ref: "#/components/examples/consentsExample_DedicatedAccounts"
- "Consent on Account List of Available Accounts":
- $ref: "#/components/examples/consentsExample_AccountList"
- "Consent Request on Account List or without Indication of dedicated Accounts":
- $ref: "#/components/examples/consentsExample_without_Accounts"
- headers:
- #####################################################
- # Reusable Response Header Elements
- #####################################################
- X-Request-ID:
- description: ID of the request, unique to the call, as determined by the initiating party.
- required: true
- example: "99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
- schema:
- type: string
- format: uuid
- ASPSP-SCA-Approach:
- description: |
- This data element must be contained, if the SCA Approach is already fixed.
- Possible values are
- * EMBEDDED
- * DECOUPLED
- * REDIRECT
- The OAuth SCA approach will be subsumed by REDIRECT.
- schema:
- type: string
- enum:
- - "EMBEDDED"
- - "DECOUPLED"
- - "REDIRECT"
- example: "EMBEDDED"
- required: false
- Location:
- description: |
- Location of the created resource.
- schema:
- type: string
- format: url
- required: false
- responses:
- #####################################################
- # Reusabale Responses
- #####################################################
- #####################################################
- # Positive Responses
- #####################################################
- OK_200_PaymentInitiationInformation:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- oneOf:
- - $ref: "#/components/schemas/paymentInitiationSctWithStatusResponse"
- - $ref: "#/components/schemas/paymentInitiationItWithStatusResponse"
- OK_200_PaymentInitiationStatus:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/paymentInitiationStatusResponse-200_json"
- examples:
- simple:
- $ref: "#/components/examples/paymentInitiationStatusResponse_json_Simple"
- extended:
- $ref: "#/components/examples/paymentInitiationStatusResponse_json_Extended"
- OK_200_Authorisations:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/authorisations"
- examples:
- Example:
- $ref: "#/components/examples/authorisationListExample"
- OK_200_ScaStatus:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/scaStatusResponse"
- OK_200_AccountList:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/accountList"
- examples:
- "Example 1":
- $ref: "#/components/examples/accountListExample1"
- "Example 2":
- $ref: "#/components/examples/accountListExample2"
- "Example 3":
- $ref: "#/components/examples/accountListExample3"
- OK_200_CancellationList:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/cancellationList"
- examples:
- "Example 1":
- $ref: "#/components/examples/cancellationListExample"
- OK_200_TransactionDetails:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/transactionDetails"
- examples:
- Example:
- $ref: "#/components/examples/transactionDetailsExample"
- OK_200_Balances:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/readAccountBalanceResponse-200"
- examples:
- "Example 1: Multicurrency Account":
- $ref: "#/components/examples/balancesExample2_MulticurrencyAcount"
- OK_200_AccountsTransactions:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/transactionsResponse-200_json"
- examples:
- "Example 1":
- $ref: "#/components/examples/transactionsExample1_RegularAccount_json"
- OK_200_ConsentInformation:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/consentInformationResponse-200_json"
- examples:
- Example:
- $ref: "#/components/examples/consentsInformationResponseExample"
- OK_200_ConsentStatus:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/consentStatusResponse-200"
- examples:
- Example:
- $ref: "#/components/examples/consentStatusResponseExample1"
- OK_200_ConfirmationOfFunds:
- description: OK
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- description: |
- Equals "true" if sufficient funds are available at the time of the request,
- "false" otherwise.
- type: object
- required:
- - fundsAvailable
- properties:
- fundsAvailable:
- type: boolean
- examples:
- "Example":
- $ref: "#/components/examples/confirmationOfFundsResponseExample"
- CREATED_201_PaymentInitiation:
- description: CREATED
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- Location:
- $ref: "#/components/headers/Location"
- ASPSP-SCA-Approach:
- $ref: "#/components/headers/ASPSP-SCA-Approach"
- content:
- application/json:
- schema:
- oneOf:
- - $ref: "#/components/schemas/paymentInitationRequestResponse-201"
- examples:
- "Response with redirect":
- $ref: "#/components/examples/paymentInitiationExample_json_Redirect"
- CREATED_201_StartScaProcess:
- description: Created
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- ASPSP-SCA-Approach:
- $ref: "#/components/headers/ASPSP-SCA-Approach"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/startScaprocessResponse"
- examples:
- "Example 1: payments - Decoupled Approach":
- $ref: "#/components/examples/startScaProcessResponseExample1"
- CREATED_201_Consents:
- description: Created
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- ASPSP-SCA-Approach:
- $ref: "#/components/headers/ASPSP-SCA-Approach"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/consentsResponse-201"
- examples:
- "Response with redirect":
- $ref: "#/components/examples/consentResponseExample1a_Redirect"
- NO_CONTENT_204_PaymentInitiationCancel:
- description: OK
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/paymentInitiationCancelResponse-204_202"
- examples:
- Example:
- $ref: "#/components/examples/paymentInitiationCancelResponse-204_202"
- NO_CONTENT_204_Consents:
- description: No Content
- headers:
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- #NO RESPONSE BODY
- #####################################################
- # Negative Responses
- #####################################################
- BAD_REQUEST_400:
- description: Bad Request
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error400"
- UNAUTHORIZED_401:
- description: Unauthorized
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error401"
- FORBIDDEN_403:
- description: Forbidden
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error403"
- NOT_FOUND_404_PIS:
- description: Not found
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error404_NG_PIS"
- NOT_FOUND_404_AIS:
- description: Not found
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error404_NG_AIS"
- NOT_FOUND_404_PIIS:
- description: Not found
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error404_NG_PIIS"
- METHOD_NOT_ALLOWED_405:
- description: Method Not Allowed
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error405"
- REQUEST_TIMEOUT_408:
- description: Request Timeout
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- #No Response body because there are no valid message codes for PIS in case of HTTP code 408
- TOO_MANY_REQUESTS_429_AIS:
- description: Too Many Requests
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- content:
- application/json:
- schema:
- $ref: "#/components/schemas/Error429_NG_AIS"
- INTERNAL_SERVER_ERROR_500:
- description: Internal Server Error
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- #No Response body because there are no valid message codes for PIS in case of HTTP code 500
- SERVICE_UNAVAILABLE_503:
- description: Service Unavailable
- headers:
- Location:
- $ref: "#/components/headers/Location"
- X-Request-ID:
- $ref: "#/components/headers/X-Request-ID"
- #No Response body because there are no valid message codes for PIS in case of HTTP code 503
- examples:
- #####################################################
- # Predefined Examples
- #####################################################
- ibanExampleDe_01:
- value: "DE02100100109307118603"
- ibanExampleDe_02:
- value: "DE23100120020123456789"
- ibanExampleDe_03:
- value: "DE40100100103307118608"
- ibanExampleDe_04:
- value: "DE67100100101306118605"
- ibanExampleDe_05:
- value: "DE87200500001234567890"
- ibanExampleFr_01:
- value: "FR7612345987650123456789014"
- ibanExampleNl_01:
- value: "NL76RABO0359400371"
- ibanExampleSe_01:
- value: "SE9412309876543211234567"
- uuidExample:
- value: "99391c7e-ad88-49ec-a2ad-99ddcb1f7721"
- paymentInitiationSctBody_payments_json:
- value:
- {
- "instructedAmount": {"currency": "EUR", "amount": "123.50"},
- "debtorAccount": {"iban": "DE40100100103307118608"},
- "creditorName": "Merchant123",
- "creditorAccount": {"iban": "DE02100100109307118603"},
- "remittanceInformationUnstructured": "Ref Number Merchant"
- }
- paymentInitiationItBody_payments_json:
- value:
- {
- "instructedAmount": {"currency": "EUR", "amount": "123.50"},
- "fromSubAccount": "1",
- "toSubAccount": "2",
- "remittanceInformationUnstructured": "Ref Number Merchant"
- }
- accountListExample1:
- summary: Account list Example 1
- description: Response in case of an example, where the consent has been given on two different IBANs
- value:
- {"accounts":
- [
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e80f",
- "iban": "DE2310010010123456789",
- "currency": "EUR",
- "product": "Girokonto",
- "cashAccountType": "CurrentAccount",
- "name": "Main Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions"}}
- },
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e81g",
- "iban": "DE2310010010123456788",
- "currency": "USD",
- "product": "Fremdw?hrungskonto",
- "cashAccountType": "CurrentAccount",
- "name": "US Dollar Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/balances" }}
- }
- ]}
- accountListExample2:
- summary: Account list Example 2
- description: |
- Response in case of an example where consent on transactions and balances has been given to a multicurrency account which has two sub-accounts with currencies EUR and USD, and where the ASPSP is giving the data access only on sub-account level
- value:
- {"accounts":
- [
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e80f",
- "iban": "DE2310010010123456788",
- "currency": "EUR",
- "product": "Girokonto",
- "cashAccountType": "CurrentAccount",
- "name": "Main Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions"}}
- },
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e81g",
- "iban": "DE2310010010123456788",
- "currency": "USD",
- "product": "Fremdw?hrungskonto",
- "cashAccountType": "CurrentAccount",
- "name": "US Dollar Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/transactions"} }
- }
- ]}
- accountListExample3:
- summary: Account list Example 3
- description: |
- Account list response in case of an example where consent on balances and transactions has been given to
- a multicurrency account which has two sub-accounts with currencies EUR and USD and where the ASPSP is giving
- the data access on aggregation level and on sub-account level
- value:
- {"accounts":
- [
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e80f",
- "iban": "DE2310010010123456788",
- "currency": "XXX",
- "product": "Multi currency account",
- "cashAccountType": "CurrentAccount",
- "name": "Aggregation Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e333/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e333/transactions"}}
- },
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e80f",
- "iban": "DE2310010010123456788",
- "currency": "EUR",
- "product": "Girokonto",
- "cashAccountType": "CurrentAccount",
- "name": "Main Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions"}}
- },
- {"resourceId": "3dc3d5b3-7023-4848-9853-f5400a64e81g",
- "iban": "DE2310010010123456788",
- "currency": "USD",
- "product": "Fremdw?hrungskonto",
- "cashAccountType": "CurrentAccount",
- "name": "US Dollar Account",
- "_links": {
- "balances": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/balances"},
- "transactions": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/transactions"} }
- }
- ]}
- startScaProcessResponseExample1:
- value:
- {
- "scaStatus": "received",
- "psuMessage": "Please use your BankApp for transaction Authorisation.",
- "_links":
- {
- "scaStatus": {"href":"/v1/payments/qwer3456tzui7890/authorisations/123auth456"}
- }
- }
- consentsExample_DedicatedAccounts:
- description: Consent request on dedicated accounts
- value:
- {
- "access":
- {
- "balances": [
- { "iban": "DE40100100103307118608" },
- { "iban": "DE02100100109307118603",
- "currency": "USD"
- },
- { "iban": "DE67100100101306118605" }
- ],
- "transactions": [
- { "iban": "DE40100100103307118608" },
- { "maskedPan": "123456xxxxxx1234" }
- ]
- },
- "recurringIndicator": "true",
- "validUntil": "2017-11-01",
- "frequencyPerDay": "4"
- }
- consentsExample_AccountList:
- description: Consent on Account List of Available Accounts
- value:
- {"access":
- {"availableAccounts": "allAccounts"},
- "recurringIndicator": "false",
- "validUntil": "2017-08-06",
- "frequencyPerDay": "1"
- }
- consentsExample_without_Accounts:
- description: Consent request on account list or without indication of accounts
- value:
- {"access":
- {
- "balances": [],
- "transactions": []
- },
- "recurringIndicator": "true",
- "validUntil": "2017-11-01",
- "frequencyPerDay": "4"
- }
- consentsInformationResponseExample:
- description: Consent request on account list or without indication of accounts
- value:
- {
- "access": {
- "balances": [
- {"iban": "DE2310010010123456789"}
- ],
- "transactions":
- [
- {"iban": "DE2310010010123456789"},
- {"pan": "123456xxxxxx3457"}
- ]
- },
- "recurringIndicator": "true",
- "validUntil": "2017-11-01",
- "frequencyPerDay": "4",
- "consentStatus": "valid",
- "_links": {"account": {"href": "/v1/accounts"}}
- }
- consentResponseExample1a_Redirect:
- description: Consent request Response in case of a redirect
- value:
- {
- "consentStatus": "received",
- "consentId": "1234-wertiq-983",
- "_links":
- {
- "scaRedirect": {"href": "https://www.testbank.com/authentication/1234-wertiq-983"},
- "status": {"href": "/v1/consents/1234-wertiq-983/status"},
- "scaStatus": {"href": "v1/consents/1234-wertiq-983/authorisations/123auth567"}
- }
- }
- consentResponseExample1b_Redirect:
- description: Consent request Response in case of a redirect with a dedicated start of the authorisation process
- value:
- {
- "consentStatus": "received",
- "consentId": "1234-wertiq-983",
- "_links":
- {
- "startAuthorisation": {"href": "v1/consents/1234-wertiq-983/authorisations"}
- }
- }
- consentStatusResponseExample1:
- description: Response for a consent status request.
- value:
- {
- "consentStatus": "valid",
- }
- paymentInitiationExample_json_Redirect:
- description: "Response in case of a redirect with an implicitly created authorisation sub-resource"
- value:
- {
- "transactionStatus": "RCVD",
- "paymentId": "1234-wertiq-983",
- "_links":
- {
- "scaRedirect": {"href": "https://www.testbank.com/asdfasdfasdf"},
- "self": {"href": "/v1/payments/sepa-credit-transfers/1234-wertiq-983"},
- "status": {"href": "/v1/payments/1234-wertiq-983/status"},
- "scaStatus": {"href": "/v1/payments/1234-wertiq-983/authorisations/123auth456"}
- }
- }
- paymentInitiationExample_json__RedirectExplicitAuthorisation:
- description: "Response in case of a redirect with an explicit authorisation start"
- value:
- {
- "transactionStatus": "RCVD",
- "paymentId": "1234-wertiq-983",
- "_links":
- {
- "self": {"href": "/v1/payments/1234-wertiq-983"},
- "status": {"href": "/v1/payments/1234-wertiq-983/status"},
- "startAuthorisation": {"href": "/v1/payments1234-wertiq-983/authorisations"}
- }
- }
- paymentInitiationStatusResponse_json_Simple:
- value:
- {
- "transactionStatus": "ACCP"
- }
- paymentInitiationCancelResponse-204_202:
- value:
- {
- "transactionStatus": "CANC"
- }
- paymentInitiationStatusResponse_json_Extended:
- value: |
- {
- "transactionStatus": "ACCP",
- "scaStatus": "Some SCA Status"
- }
- transactionAuthorisationResponseExample:
- description: Response of a Transaction Authorisation request for the embedded approach.
- value:
- {
- "scaStatus": "finalised"
- }
- confirmationOfFundsExample:
- description: Request body for a confirmation of funds.
- value:
- {
- "cardNumber": "12345678901234",
- "account": {"iban": "DE23100120020123456789"},
- "instructedAmount": {"currency": "EUR", "amount": "123"}
- }
- confirmationOfFundsResponseExample:
- description: Response for a confirmation of funds request.
- value:
- {
- "fundsAvailable": "true"
- }
- balancesExample2_MulticurrencyAcount:
- description: |
- Response in case of a multicurrency account with one account in EUR,
- one in USD, where the ASPSP has delivered a link to the balance endpoint relative to the aggregated
- multicurrency account (aggregation level).
- value:
- {
- "balances":
- [{"balanceType": "closingBooked",
- "balanceAmount": {"currency": "EUR", "amount": "500.00"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "referenceDate": "2017-10-25"
- },
- {"balanceType": "expected",
- "balanceAmount": {"currency": "EUR", "amount": "900.00"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "lastChangeDateTime": "2017-10-25T15:30:35.035Z"
- },
- {"balanceType": "closingBooked",
- "balanceAmount": {"currency": "USD", "amount": "350.00"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "referenceDate": "2017-10-25"
- },
- {"balanceType": "expected",
- "balanceAmount": {"currency": "USD", "amount": "350.00"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "lastChangeDateTime": "2017-10-24T14:30:21Z"
- }]
- }
- transactionsExample1_RegularAccount_json:
- description: Response in JSON format for an access on a regular account
- value:
- {
- "account": {"iban": "DE2310010010123456788" },
- "transactions":
- {
- "booked":
- [{
- "transactionId": "1234567",
- "creditorName": "John Miles",
- "creditorAccount": {"iban": "DE67100100101306118605"},
- "transactionAmount": {"currency": "EUR", "amount": "256.67"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "bookingDate": "2017-10-25",
- "valueDate": "2017-10-26",
- "remittanceInformationUnstructured": "Example 1"
- },{
- "transactionId": "1234568",
- "debtorName": "Paul Simpson",
- "debtorAccount": {"iban": "NL76RABO0359400371"},
- "transactionAmount": {"currency": "EUR", "amount": "343.01"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "bookingDate": "2017-10-25",
- "valueDate": "2017-10-26",
- "remittanceInformationUnstructured": "Example 2"
- }],
- "pending":
- [{
- "transactionId": "1234569",
- "creditorName": "Claude Renault",
- "creditorAccount": {"iban": "FR7612345987650123456789014"},
- "subAccount": {"subAccountID": 0 , "subAccountName": "DO"},
- "transactionAmount": {"currency": "EUR", "amount": "-100.03"},
- "valueDate": "2017-10-26",
- "remittanceInformationUnstructured": "Example 3"
- }],
- "_links": {"account": {"href": "/v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f"}}
- }
- }
- transactionDetailsExample:
- description: Example for transaction details
- value:
- {
- "transactionsDetails":
- {
- "transactionId": "1234567",
- "creditorName": "John Miles",
- "creditorAccount": {"iban": "DE67100100101306118605"},
- "mandateId": "Mandate-2018-04-20-1234",
- "transactionAmount": {"currency": "EUR", "amount": "-256.67"},
- "bookingDate": "2017-10-25",
- "valueDate": "2017-10-26",
- "remittanceInformationUnstructured": "Example 1",
- "bankTransactionCode": "PMNT-RCVD-ESDD",
- }
- }
- authorisationListExample:
- value:
- {
- "authorisationIds": ["123auth456"]
- }
- cancellationListExample:
- value:
- {
- "cancellationIds": ["123auth456"]
- }
- security:
- #####################################################
- # Global security options
- #####################################################
- - {}
- tags:
- #####################################################
- # Predefined Tags to Group Methods
- #####################################################
- - name: Account Information Service (AIS)
- description: |
- The Account Information Service (AIS) offers the following services
- * Transaction reports for a given account including balances if applicable.
- * Balances of a given account ,
- * A list of available accounts ,
- * Account details of a given account or of the list of all accessible accounts relative to a granted consent
- - name: Payment Initiation Service (PIS)
- description: |
- The Decription for Payment Initiation Service (PIS) offers the following services:
- * Initiation and update of a payment request
- * Status information of a payment
Add Comment
Please, Sign In to add comment