@mojaloop/api-snippets 18.3.1 → 18.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/audit-ci.jsonc +7 -1
  3. package/docs/fspiop-rest-v2.0-ISO20022-openapi3-snippets.yaml +0 -2
  4. package/docs/sdk-scheme-adapter-outbound-v2_1_0-openapi3-snippets.yaml +1 -1
  5. package/docs/thirdparty-admin-v2.0-openapi3-snippets.yaml +3705 -0
  6. package/docs/thirdparty-openapi3-snippets.yaml +5 -5
  7. package/docs/thirdparty-v1.0-openapi3-snippets.yaml +3802 -0
  8. package/docs/thirdparty-v2.0-openapi3-snippets.yaml +1825 -0
  9. package/eslint.config.mjs +70 -0
  10. package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification18.yaml +0 -1
  11. package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification23.yaml +0 -1
  12. package/lib/fspiop/v2_0/index.js +0 -1
  13. package/lib/fspiop/v2_0/index.js.map +1 -1
  14. package/lib/fspiop/v2_0_ISO20022/index.js +0 -1
  15. package/lib/fspiop/v2_0_ISO20022/index.js.map +1 -1
  16. package/lib/fspiop/v2_0_ISO20022/json-schemas.json +0 -71
  17. package/lib/fspiop/v2_0_ISO20022/schemas.d.ts +0 -140
  18. package/lib/index.js +0 -1
  19. package/lib/index.js.map +1 -1
  20. package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js +0 -1
  21. package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js.map +1 -1
  22. package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js +0 -1
  23. package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js.map +1 -1
  24. package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js +0 -1
  25. package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js.map +1 -1
  26. package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js +0 -1
  27. package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js.map +1 -1
  28. package/lib/sdk-scheme-adapter/v2_1_0/outbound/json-schemas.json +1 -1
  29. package/lib/sdk-scheme-adapter/v2_1_0/outbound/schemas.d.ts +1 -1
  30. package/lib/thirdparty/v2_0/openapi.d.ts +1726 -0
  31. package/lib/thirdparty/v2_0/openapi.js +7 -0
  32. package/lib/thirdparty/v2_0/openapi.js.map +1 -0
  33. package/package.json +48 -45
  34. package/sdk-scheme-adapter/v2_1_0/components/schemas/transferRequest.yaml +1 -1
  35. package/test/dto/{thirdparty.test.ts → thirdparty_v1_0.test.ts} +1 -1
  36. package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +2 -2
  37. package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +3 -3
  38. package/thirdparty/v1_0/openapi3/thirdparty-dfsp-api.yaml +68 -61
  39. package/thirdparty/v1_0/openapi3/thirdparty-pisp-api.yaml +82 -75
  40. package/thirdparty/v2_0/openapi3/components/headers/Content-Length.yaml +1 -0
  41. package/thirdparty/v2_0/openapi3/components/headers/Content-Type.yaml +1 -0
  42. package/thirdparty/v2_0/openapi3/components/parameters/Accept.yaml +1 -0
  43. package/thirdparty/v2_0/openapi3/components/parameters/Content-Length.yaml +1 -0
  44. package/thirdparty/v2_0/openapi3/components/parameters/Content-Type.yaml +1 -0
  45. package/thirdparty/v2_0/openapi3/components/parameters/Date.yaml +1 -0
  46. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Destination.yaml +1 -0
  47. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Encryption.yaml +1 -0
  48. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-HTTP-Method.yaml +1 -0
  49. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Signature.yaml +1 -0
  50. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Source.yaml +1 -0
  51. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-URI.yaml +1 -0
  52. package/thirdparty/v2_0/openapi3/components/parameters/ID.yaml +1 -0
  53. package/thirdparty/v2_0/openapi3/components/parameters/ServiceType.yaml +6 -0
  54. package/thirdparty/v2_0/openapi3/components/parameters/SubId.yaml +1 -0
  55. package/thirdparty/v2_0/openapi3/components/parameters/Type.yaml +1 -0
  56. package/thirdparty/v2_0/openapi3/components/parameters/X-Forwarded-For.yaml +1 -0
  57. package/thirdparty/v2_0/openapi3/components/responses/200.yaml +1 -0
  58. package/thirdparty/v2_0/openapi3/components/responses/202.yaml +1 -0
  59. package/thirdparty/v2_0/openapi3/components/responses/400.yaml +1 -0
  60. package/thirdparty/v2_0/openapi3/components/responses/401.yaml +1 -0
  61. package/thirdparty/v2_0/openapi3/components/responses/403.yaml +1 -0
  62. package/thirdparty/v2_0/openapi3/components/responses/404.yaml +1 -0
  63. package/thirdparty/v2_0/openapi3/components/responses/405.yaml +1 -0
  64. package/thirdparty/v2_0/openapi3/components/responses/406.yaml +1 -0
  65. package/thirdparty/v2_0/openapi3/components/responses/501.yaml +1 -0
  66. package/thirdparty/v2_0/openapi3/components/responses/503.yaml +1 -0
  67. package/thirdparty/v2_0/openapi3/components/schemas/Account.yaml +17 -0
  68. package/thirdparty/v2_0/openapi3/components/schemas/AccountAddress.yaml +25 -0
  69. package/thirdparty/v2_0/openapi3/components/schemas/AccountList.yaml +11 -0
  70. package/thirdparty/v2_0/openapi3/components/schemas/Amount.yaml +1 -0
  71. package/thirdparty/v2_0/openapi3/components/schemas/AmountType.yaml +1 -0
  72. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticationResponse.yaml +10 -0
  73. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAssertionResponse.yaml +32 -0
  74. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAttestationResponse.yaml +23 -0
  75. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseType.yaml +8 -0
  76. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeAccepted.yaml +6 -0
  77. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeRejected.yaml +6 -0
  78. package/thirdparty/v2_0/openapi3/components/schemas/BinaryString.yaml +1 -0
  79. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelType.yaml +9 -0
  80. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeOTP.yaml +6 -0
  81. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeWeb.yaml +6 -0
  82. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPatchRequest.yaml +16 -0
  83. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseOTP.yaml +30 -0
  84. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseWeb.yaml +39 -0
  85. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsPostRequest.yaml +44 -0
  86. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatus.yaml +9 -0
  87. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusIssued.yaml +7 -0
  88. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusRevoked.yaml +7 -0
  89. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseRevoked.yaml +17 -0
  90. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseVerified.yaml +19 -0
  91. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseSigned.yaml +23 -0
  92. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseVerified.yaml +23 -0
  93. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestAUTH.yaml +33 -0
  94. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestPISP.yaml +32 -0
  95. package/thirdparty/v2_0/openapi3/components/schemas/CorrelationId.yaml +1 -0
  96. package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusPending.yaml +7 -0
  97. package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusVerified.yaml +7 -0
  98. package/thirdparty/v2_0/openapi3/components/schemas/CredentialType.yaml +11 -0
  99. package/thirdparty/v2_0/openapi3/components/schemas/Currency.yaml +1 -0
  100. package/thirdparty/v2_0/openapi3/components/schemas/DateOfBirth.yaml +1 -0
  101. package/thirdparty/v2_0/openapi3/components/schemas/DateTime.yaml +1 -0
  102. package/thirdparty/v2_0/openapi3/components/schemas/ErrorCode.yaml +1 -0
  103. package/thirdparty/v2_0/openapi3/components/schemas/ErrorDescription.yaml +1 -0
  104. package/thirdparty/v2_0/openapi3/components/schemas/ErrorInformation.yaml +1 -0
  105. package/thirdparty/v2_0/openapi3/components/schemas/Extension.yaml +1 -0
  106. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionKey.yaml +1 -0
  107. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionList.yaml +1 -0
  108. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionValue.yaml +1 -0
  109. package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +71 -0
  110. package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +54 -0
  111. package/thirdparty/v2_0/openapi3/components/schemas/FirstName.yaml +1 -0
  112. package/thirdparty/v2_0/openapi3/components/schemas/FspId.yaml +1 -0
  113. package/thirdparty/v2_0/openapi3/components/schemas/GenericCredential.yaml +13 -0
  114. package/thirdparty/v2_0/openapi3/components/schemas/GeoCode.yaml +1 -0
  115. package/thirdparty/v2_0/openapi3/components/schemas/IlpCondition.yaml +1 -0
  116. package/thirdparty/v2_0/openapi3/components/schemas/IlpFulfilment.yaml +1 -0
  117. package/thirdparty/v2_0/openapi3/components/schemas/IlpPacket.yaml +1 -0
  118. package/thirdparty/v2_0/openapi3/components/schemas/Integer.yaml +1 -0
  119. package/thirdparty/v2_0/openapi3/components/schemas/LastName.yaml +1 -0
  120. package/thirdparty/v2_0/openapi3/components/schemas/Latitude.yaml +1 -0
  121. package/thirdparty/v2_0/openapi3/components/schemas/Longitude.yaml +1 -0
  122. package/thirdparty/v2_0/openapi3/components/schemas/MerchantClassificationCode.yaml +1 -0
  123. package/thirdparty/v2_0/openapi3/components/schemas/MiddleName.yaml +1 -0
  124. package/thirdparty/v2_0/openapi3/components/schemas/Money.yaml +1 -0
  125. package/thirdparty/v2_0/openapi3/components/schemas/Name.yaml +2 -0
  126. package/thirdparty/v2_0/openapi3/components/schemas/Note.yaml +1 -0
  127. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsIDPutResponse.yaml +17 -0
  128. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsPostRequest.yaml +20 -0
  129. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDPutResponse.yaml +8 -0
  130. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDSubIDPostRequest.yaml +15 -0
  131. package/thirdparty/v2_0/openapi3/components/schemas/PartiesTypeIDPutResponse.yaml +13 -0
  132. package/thirdparty/v2_0/openapi3/components/schemas/Party.yaml +15 -0
  133. package/thirdparty/v2_0/openapi3/components/schemas/PartyComplexName.yaml +1 -0
  134. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfo.yaml +17 -0
  135. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfoTPLink.yaml +17 -0
  136. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdType.yaml +58 -0
  137. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdTypeTPLink.yaml +7 -0
  138. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdentifier.yaml +1 -0
  139. package/thirdparty/v2_0/openapi3/components/schemas/PartyName.yaml +1 -0
  140. package/thirdparty/v2_0/openapi3/components/schemas/PartyPersonalInfo.yaml +1 -0
  141. package/thirdparty/v2_0/openapi3/components/schemas/PartyResult.yaml +10 -0
  142. package/thirdparty/v2_0/openapi3/components/schemas/PartySubIdOrType.yaml +1 -0
  143. package/thirdparty/v2_0/openapi3/components/schemas/PartyTPLink.yaml +14 -0
  144. package/thirdparty/v2_0/openapi3/components/schemas/QuotesIDPutResponse.yaml +1 -0
  145. package/thirdparty/v2_0/openapi3/components/schemas/QuotesPostRequest.yaml +79 -0
  146. package/thirdparty/v2_0/openapi3/components/schemas/Scope.yaml +20 -0
  147. package/thirdparty/v2_0/openapi3/components/schemas/ScopeAction.yaml +14 -0
  148. package/thirdparty/v2_0/openapi3/components/schemas/ServiceType.yaml +15 -0
  149. package/thirdparty/v2_0/openapi3/components/schemas/ServicesServiceTypePutResponse.yaml +26 -0
  150. package/thirdparty/v2_0/openapi3/components/schemas/SignedCredential.yaml +23 -0
  151. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadFIDO.yaml +11 -0
  152. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadGeneric.yaml +11 -0
  153. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadType.yaml +9 -0
  154. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeFIDO.yaml +5 -0
  155. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeGeneric.yaml +5 -0
  156. package/thirdparty/v2_0/openapi3/components/schemas/Transaction.yaml +43 -0
  157. package/thirdparty/v2_0/openapi3/components/schemas/TransactionRequestState.yaml +1 -0
  158. package/thirdparty/v2_0/openapi3/components/schemas/TransactionState.yaml +1 -0
  159. package/thirdparty/v2_0/openapi3/components/schemas/TransactionType.yaml +1 -0
  160. package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestFIDO.yaml +15 -0
  161. package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestGeneric.yaml +15 -0
  162. package/thirdparty/v2_0/openapi3/components/schemas/Uri.yaml +8 -0
  163. package/thirdparty/v2_0/openapi3/components/schemas/VerifiedCredential.yaml +23 -0
  164. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPostRequest.yaml +35 -0
  165. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPutResponse.yaml +30 -0
  166. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountsIDPutResponse.yaml +21 -0
  167. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseFIDO.yaml +15 -0
  168. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseGeneric.yaml +15 -0
  169. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseRejected.yaml +10 -0
  170. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsPostRequest.yaml +67 -0
  171. package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPostRequest.yaml +60 -0
  172. package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPutResponse.yaml +67 -0
  173. package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPostRequest.yaml +19 -0
  174. package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPutResponse.yaml +25 -0
  175. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsIDPutResponse.yaml +19 -0
  176. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestFIDO.yaml +28 -0
  177. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestGeneric.yaml +28 -0
  178. package/thirdparty/v2_0/openapi3/openapi-admin.yaml +99 -0
  179. package/thirdparty/v2_0/openapi3/openapi.yaml +64 -0
  180. package/thirdparty/v2_0/openapi3/paths/health.yaml +25 -0
  181. package/thirdparty/v2_0/openapi3/paths/metrics.yaml +25 -0
  182. package/thirdparty/v2_0/openapi3/paths/participants.yaml +50 -0
  183. package/thirdparty/v2_0/openapi3/paths/participants_ID.yaml +49 -0
  184. package/thirdparty/v2_0/openapi3/paths/participants_ID_error.yaml +51 -0
  185. package/thirdparty/v2_0/openapi3/paths/participants_Type_ID.yaml +169 -0
  186. package/thirdparty/v2_0/openapi3/paths/participants_Type_ID_error.yaml +52 -0
  187. package/thirdparty/v2_0/openapi3/paths/services_ServiceType.yaml +77 -0
  188. package/thirdparty/v2_0/openapi3/paths/services_ServiceType_error.yaml +49 -0
  189. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest.yaml +49 -0
  190. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID.yaml +86 -0
  191. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID_error.yaml +48 -0
  192. package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID.yaml +88 -0
  193. package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID_error.yaml +48 -0
  194. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations.yaml +51 -0
  195. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID.yaml +86 -0
  196. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID_error.yaml +55 -0
  197. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests.yaml +48 -0
  198. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID.yaml +123 -0
  199. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID_error.yaml +48 -0
  200. package/thirdparty/v2_0/openapi3/paths/tppConsents.yaml +49 -0
  201. package/thirdparty/v2_0/openapi3/paths/tppConsents_ID.yaml +165 -0
  202. package/thirdparty/v2_0/openapi3/paths/tppConsents_ID_error.yaml +48 -0
  203. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests.yaml +48 -0
  204. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID.yaml +83 -0
  205. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID_error.yaml +52 -0
  206. package/thirdparty/v2_0/openapi3/paths/tppTransfers.yaml +47 -0
  207. package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID.yaml +86 -0
  208. package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID_error.yaml +52 -0
  209. package/thirdparty/v2_0/openapi3/paths/tppVerifications.yaml +49 -0
  210. package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID.yaml +87 -0
  211. package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID_error.yaml +49 -0
  212. package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.template.yaml +53 -0
  213. package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.yaml +2633 -0
  214. package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.template.yaml +57 -0
  215. package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.yaml +3103 -0
  216. package/tsconfig.build.json +4 -3
@@ -0,0 +1,2633 @@
1
+ openapi: 3.0.2
2
+ info:
3
+ title: Mojaloop Third Party Admin API for DFSPs
4
+ version: '2.0'
5
+ description: |
6
+ A Mojaloop API for DFSPs supporting Third Party functions.
7
+ DFSPs who want to enable Payment Initiation Service Providers (PISPs) to perform actions on behalf of a DFSP's user should implement this API.
8
+ PISPs should implement the accompanying API - Mojaloop Third Party API (PISP) instead.
9
+ license:
10
+ name: Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)
11
+ url: https://github.com/mojaloop/mojaloop-specification/blob/main/LICENSE.md
12
+ servers:
13
+ - url: /
14
+ paths:
15
+ /tppAccountRequest:
16
+ parameters:
17
+ - $ref: '#/paths/~1tppConsents/parameters/0'
18
+ - $ref: '#/paths/~1tppConsents/parameters/1'
19
+ - $ref: '#/paths/~1tppConsents/parameters/2'
20
+ - $ref: '#/paths/~1tppConsents/parameters/3'
21
+ - $ref: '#/paths/~1tppConsents/parameters/4'
22
+ - $ref: '#/paths/~1tppConsents/parameters/5'
23
+ - $ref: '#/paths/~1tppConsents/parameters/6'
24
+ - $ref: '#/paths/~1tppConsents/parameters/7'
25
+ - $ref: '#/paths/~1tppConsents/parameters/8'
26
+ post:
27
+ tags:
28
+ - accountRequest
29
+ operationId: AuthorisingAccountRequest
30
+ summary: AuthorisingAccountRequest
31
+ description: |
32
+ The `/tppAccountsRequest` resource is used to request consent from a user
33
+ for access to their accounts information. This resource must be called before
34
+ the /tppAccounts resource can be queried which provides the account information.
35
+ parameters:
36
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
37
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
38
+ requestBody:
39
+ description: The consentRequest to create
40
+ required: true
41
+ content:
42
+ application/json:
43
+ schema:
44
+ title: AccountRequestPostRequest
45
+ type: object
46
+ description: |-
47
+ Used by: PISP
48
+ The /tppAccountsRequest resource is used to request consent from a user for access to their accounts information. This resource must be called before the /tppAccounts resource can be queried which provides the account information.
49
+ Callback and data model for POST /tppAccountRequest:
50
+ Callback: PUT /tppAccountRequests/{ID} Error callback: PUT /tppAccountRequests/{ID}/error Data model - see below url
51
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31212-post-accountrequest
52
+ properties:
53
+ accountRequestId:
54
+ title: CorrelationId
55
+ type: string
56
+ pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[1-7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$|^[0-9A-HJKMNP-TV-Z]{26}$
57
+ description: Identifier that correlates all messages of the same sequence. The supported identifiers formats are for lowercase [UUID](https://datatracker.ietf.org/doc/html/rfc9562) and uppercase [ULID](https://github.com/ulid/spec)
58
+ example: b51ec534-ee48-4575-b6a9-ead2955b8069
59
+ partyItentifier:
60
+ title: PartyIdentifier
61
+ type: string
62
+ minLength: 1
63
+ maxLength: 128
64
+ description: Identifier of the Party.
65
+ example: '16135551212'
66
+ authChannels:
67
+ type: array
68
+ minLength: 1
69
+ maxLength: 256
70
+ items:
71
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
72
+ callbackUri:
73
+ title: Uri
74
+ type: string
75
+ pattern: ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?
76
+ minLength: 1
77
+ maxLength: 512
78
+ description: |
79
+ The API data type Uri is a JSON string in a canonical format that is restricted by a regular expression for interoperability reasons.
80
+ required:
81
+ - accountRequestId
82
+ - partyIdInfo
83
+ - authChannels
84
+ - callbackUri
85
+ responses:
86
+ '202':
87
+ $ref: '#/paths/~1tppConsents/post/responses/202'
88
+ '400':
89
+ $ref: '#/paths/~1tppConsents/post/responses/400'
90
+ '401':
91
+ $ref: '#/paths/~1tppConsents/post/responses/401'
92
+ '403':
93
+ $ref: '#/paths/~1tppConsents/post/responses/403'
94
+ '404':
95
+ $ref: '#/paths/~1tppConsents/post/responses/404'
96
+ '405':
97
+ $ref: '#/paths/~1tppConsents/post/responses/405'
98
+ '406':
99
+ $ref: '#/paths/~1tppConsents/post/responses/406'
100
+ '501':
101
+ $ref: '#/paths/~1tppConsents/post/responses/501'
102
+ '503':
103
+ $ref: '#/paths/~1tppConsents/post/responses/503'
104
+ /tppAccountRequest/{ID}:
105
+ parameters:
106
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
107
+ - $ref: '#/paths/~1tppConsents/parameters/0'
108
+ - $ref: '#/paths/~1tppConsents/parameters/1'
109
+ - $ref: '#/paths/~1tppConsents/parameters/2'
110
+ - $ref: '#/paths/~1tppConsents/parameters/3'
111
+ - $ref: '#/paths/~1tppConsents/parameters/4'
112
+ - $ref: '#/paths/~1tppConsents/parameters/5'
113
+ - $ref: '#/paths/~1tppConsents/parameters/6'
114
+ - $ref: '#/paths/~1tppConsents/parameters/7'
115
+ - $ref: '#/paths/~1tppConsents/parameters/8'
116
+ get:
117
+ operationId: GetAccountRequest
118
+ summary: GetAccountRequest
119
+ description: |
120
+ The `GET /tppAccountsRequest/{ID}` is used to request status of POST /tppAccountRequest/ call.
121
+ The *{ID}* in the URI should contain the accountRequestId that was assigned to the
122
+ request by the PISP when the PISP originated the request. The result is return via the PUT callback.
123
+ tags:
124
+ - accountRequest
125
+ parameters:
126
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
127
+ responses:
128
+ '202':
129
+ $ref: '#/paths/~1tppConsents/post/responses/202'
130
+ '400':
131
+ $ref: '#/paths/~1tppConsents/post/responses/400'
132
+ '401':
133
+ $ref: '#/paths/~1tppConsents/post/responses/401'
134
+ '403':
135
+ $ref: '#/paths/~1tppConsents/post/responses/403'
136
+ '404':
137
+ $ref: '#/paths/~1tppConsents/post/responses/404'
138
+ '405':
139
+ $ref: '#/paths/~1tppConsents/post/responses/405'
140
+ '406':
141
+ $ref: '#/paths/~1tppConsents/post/responses/406'
142
+ '501':
143
+ $ref: '#/paths/~1tppConsents/post/responses/501'
144
+ '503':
145
+ $ref: '#/paths/~1tppConsents/post/responses/503'
146
+ put:
147
+ tags:
148
+ - accountRequest
149
+ operationId: UpdateAccountRequest
150
+ summary: UpdateAccountRequest
151
+ description: |
152
+ A DFSP uses this callback to (1) inform the PISP that the accountRequest has been accepted,
153
+ and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
154
+ with.
155
+
156
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer,
157
+ not all the permissions requested may be granted by the DFSP.
158
+ Conversely, the out-of-loop authorization process may result in additional privileges
159
+ being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>`
160
+ resource returns the current state of the permissions relating to a particular
161
+ authorization request.
162
+ parameters:
163
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
164
+ requestBody:
165
+ required: true
166
+ content:
167
+ application/json:
168
+ schema:
169
+ title: AccountRequestPutResponse
170
+ type: object
171
+ description: |-
172
+ Used by: PISP
173
+ This is the message that the DFSP sends to the PISP to inform the PISP that the accountRequest has been accepted, and to communicate to the PISP which `authChannel` it should use to authenticate their user with. I.e. it is a response to a POST /tppAccountsRequest request, or a GET /tppAccountsRequest/{ID} request.
174
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer, not all the permissions requested may be granted by the DFSP. Conversely, the out-of-loop authorization process may result in additional privileges being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>` resource returns the current state of the permissions relating to a particular authorization request.
175
+
176
+ properties:
177
+ authChannel:
178
+ title: ConsentRequestChannelType
179
+ type: string
180
+ enum:
181
+ - WEB
182
+ - OTP
183
+ description: |
184
+ The auth channel being used for the consent request.
185
+ - WEB - DFSP can support authorization via a web-based login.
186
+ - OTP - DFSP can support authorization via a One Time PIN.
187
+ callbackUri:
188
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
189
+ authUri:
190
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
191
+ authToken:
192
+ type: string
193
+ pattern: ^[A-Za-z0-9-_]+[=]{0,2}$
194
+ description: The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.
195
+ required:
196
+ - authChannels
197
+ responses:
198
+ '202':
199
+ $ref: '#/paths/~1tppConsents/post/responses/202'
200
+ '400':
201
+ $ref: '#/paths/~1tppConsents/post/responses/400'
202
+ '401':
203
+ $ref: '#/paths/~1tppConsents/post/responses/401'
204
+ '403':
205
+ $ref: '#/paths/~1tppConsents/post/responses/403'
206
+ '404':
207
+ $ref: '#/paths/~1tppConsents/post/responses/404'
208
+ '405':
209
+ $ref: '#/paths/~1tppConsents/post/responses/405'
210
+ '406':
211
+ $ref: '#/paths/~1tppConsents/post/responses/406'
212
+ '501':
213
+ $ref: '#/paths/~1tppConsents/post/responses/501'
214
+ '503':
215
+ $ref: '#/paths/~1tppConsents/post/responses/503'
216
+ /tppAccountRequest/{ID}/error:
217
+ parameters:
218
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
219
+ - $ref: '#/paths/~1tppConsents/parameters/0'
220
+ - $ref: '#/paths/~1tppConsents/parameters/1'
221
+ - $ref: '#/paths/~1tppConsents/parameters/2'
222
+ - $ref: '#/paths/~1tppConsents/parameters/3'
223
+ - $ref: '#/paths/~1tppConsents/parameters/4'
224
+ - $ref: '#/paths/~1tppConsents/parameters/5'
225
+ - $ref: '#/paths/~1tppConsents/parameters/6'
226
+ - $ref: '#/paths/~1tppConsents/parameters/7'
227
+ - $ref: '#/paths/~1tppConsents/parameters/8'
228
+ put:
229
+ tags:
230
+ - accountRequest
231
+ operationId: NotifyErrorAccountRequest
232
+ summary: NotifyErrorAccountRequest
233
+ description: |
234
+ DFSP responds to the PISP if something went wrong with validating an OTP or secret.
235
+ parameters:
236
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
237
+ requestBody:
238
+ description: Error information returned.
239
+ required: true
240
+ content:
241
+ application/json:
242
+ schema:
243
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
244
+ responses:
245
+ '200':
246
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
247
+ '400':
248
+ $ref: '#/paths/~1tppConsents/post/responses/400'
249
+ '401':
250
+ $ref: '#/paths/~1tppConsents/post/responses/401'
251
+ '403':
252
+ $ref: '#/paths/~1tppConsents/post/responses/403'
253
+ '404':
254
+ $ref: '#/paths/~1tppConsents/post/responses/404'
255
+ '405':
256
+ $ref: '#/paths/~1tppConsents/post/responses/405'
257
+ '406':
258
+ $ref: '#/paths/~1tppConsents/post/responses/406'
259
+ '501':
260
+ $ref: '#/paths/~1tppConsents/post/responses/501'
261
+ '503':
262
+ $ref: '#/paths/~1tppConsents/post/responses/503'
263
+ /tppAccounts/{ID}:
264
+ parameters:
265
+ - name: ID
266
+ in: path
267
+ required: true
268
+ schema:
269
+ type: string
270
+ description: The identifier value.
271
+ - $ref: '#/paths/~1tppConsents/parameters/0'
272
+ - $ref: '#/paths/~1tppConsents/parameters/1'
273
+ - $ref: '#/paths/~1tppConsents/parameters/2'
274
+ - $ref: '#/paths/~1tppConsents/parameters/3'
275
+ - $ref: '#/paths/~1tppConsents/parameters/4'
276
+ - $ref: '#/paths/~1tppConsents/parameters/5'
277
+ - $ref: '#/paths/~1tppConsents/parameters/6'
278
+ - $ref: '#/paths/~1tppConsents/parameters/7'
279
+ - $ref: '#/paths/~1tppConsents/parameters/8'
280
+ get:
281
+ operationId: GetAccountsByUserId
282
+ summary: GetAccountsByUserId
283
+ description: |
284
+ The HTTP request `GET /tppAccounts/{ID}/{SignedChallenge}` is used to retrieve the list of potential accounts available for linking.
285
+ The request `{ID}` is the accountRequestID and the `{SignedChallenge}` is the signed challenge that resulted from the `POST /tppAccountRequest/` callback.
286
+
287
+ The signed challenge must match the authentication channel that was selected by the DFSP. For example, if the WEB authentication channel was selected by the DFSP, then signed challenge needs to be authToken, otherwise if the OTP channel was selected, then it needs to be the OTP that was entered by the party.
288
+ (For example, GET /tppAccounts/12345/56789).
289
+ tags:
290
+ - accounts
291
+ parameters:
292
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
293
+ responses:
294
+ '202':
295
+ $ref: '#/paths/~1tppConsents/post/responses/202'
296
+ '400':
297
+ $ref: '#/paths/~1tppConsents/post/responses/400'
298
+ '401':
299
+ $ref: '#/paths/~1tppConsents/post/responses/401'
300
+ '403':
301
+ $ref: '#/paths/~1tppConsents/post/responses/403'
302
+ '404':
303
+ $ref: '#/paths/~1tppConsents/post/responses/404'
304
+ '405':
305
+ $ref: '#/paths/~1tppConsents/post/responses/405'
306
+ '406':
307
+ $ref: '#/paths/~1tppConsents/post/responses/406'
308
+ '501':
309
+ $ref: '#/paths/~1tppConsents/post/responses/501'
310
+ '503':
311
+ $ref: '#/paths/~1tppConsents/post/responses/503'
312
+ put:
313
+ description: |
314
+ The HTTP request `PUT /tppAccounts/{ID}` is used to return the list of potential accounts available for linking
315
+ operationId: UpdateAccountsByUserId
316
+ summary: UpdateAccountsByUserId
317
+ tags:
318
+ - accounts
319
+ parameters:
320
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
321
+ requestBody:
322
+ required: true
323
+ content:
324
+ application/json:
325
+ schema:
326
+ title: AccountsIDPutResponse
327
+ type: object
328
+ description: |-
329
+ Callback and data model information for GET /accounts/{ID}:
330
+ Callback - PUT /tppAccounts/{ID} Error Callback - PUT /tppAccounts/{ID}/error Data Model - Empty body
331
+ The PUT /accounts/{ID} response is used to inform the requester of the result of a request for accounts information. The identifier ID given in the call are the values given in the original request.
332
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31121--put-accountsid
333
+ properties:
334
+ accounts:
335
+ title: AccountList
336
+ type: array
337
+ description: |-
338
+ The AccountList data model is used to hold information about the accounts that a party controls.
339
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3213-accountlist
340
+ items:
341
+ title: Account
342
+ type: object
343
+ description: |-
344
+ Data model for the complex type Account.
345
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3211-account
346
+ properties:
347
+ accountNickname:
348
+ title: Name
349
+ type: string
350
+ pattern: ^(?!\s*$)[\w .,'-]{1,128}$
351
+ description: |-
352
+ The API data type Name is a JSON String, restricted by a regular expression to avoid characters which are generally not used in a name.
353
+
354
+ Regular Expression - The regular expression for restricting the Name type is "^(?!\s*$)[\w .,'-]{1,128}$". The restriction does not allow a string consisting of whitespace only, all Unicode characters are allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) and space characters ( ).
355
+
356
+ **Note:** In some programming languages, Unicode support must be specifically enabled. For example, if Java is used, the flag UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters.
357
+ address:
358
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items/properties/address'
359
+ currency:
360
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0/properties/currency'
361
+ required:
362
+ - accountNickname
363
+ - address
364
+ - currency
365
+ minItems: 1
366
+ maxItems: 256
367
+ extensionList:
368
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
369
+ required:
370
+ - accounts
371
+ example:
372
+ - accountNickname: dfspa.user.nickname1
373
+ id: dfspa.username.1234
374
+ currency: ZAR
375
+ - accountNickname: dfspa.user.nickname2
376
+ id: dfspa.username.5678
377
+ currency: USD
378
+ responses:
379
+ '200':
380
+ description: OK
381
+ '400':
382
+ $ref: '#/paths/~1tppConsents/post/responses/400'
383
+ '401':
384
+ $ref: '#/paths/~1tppConsents/post/responses/401'
385
+ '403':
386
+ $ref: '#/paths/~1tppConsents/post/responses/403'
387
+ '404':
388
+ $ref: '#/paths/~1tppConsents/post/responses/404'
389
+ '405':
390
+ $ref: '#/paths/~1tppConsents/post/responses/405'
391
+ '406':
392
+ $ref: '#/paths/~1tppConsents/post/responses/406'
393
+ '501':
394
+ $ref: '#/paths/~1tppConsents/post/responses/501'
395
+ '503':
396
+ $ref: '#/paths/~1tppConsents/post/responses/503'
397
+ /tppAccounts/{ID}/error:
398
+ parameters:
399
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
400
+ - $ref: '#/paths/~1tppConsents/parameters/0'
401
+ - $ref: '#/paths/~1tppConsents/parameters/1'
402
+ - $ref: '#/paths/~1tppConsents/parameters/2'
403
+ - $ref: '#/paths/~1tppConsents/parameters/3'
404
+ - $ref: '#/paths/~1tppConsents/parameters/4'
405
+ - $ref: '#/paths/~1tppConsents/parameters/5'
406
+ - $ref: '#/paths/~1tppConsents/parameters/6'
407
+ - $ref: '#/paths/~1tppConsents/parameters/7'
408
+ - $ref: '#/paths/~1tppConsents/parameters/8'
409
+ put:
410
+ description: |
411
+ The HTTP request `PUT /ttpAccounts/{ID}/error` is used to return error information
412
+ operationId: UpdateAccountsByUserIdError
413
+ summary: UpdateAccountsByUserIdError
414
+ tags:
415
+ - accounts
416
+ parameters:
417
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
418
+ requestBody:
419
+ description: Details of the error returned.
420
+ required: true
421
+ content:
422
+ application/json:
423
+ schema:
424
+ title: ErrorInformationObject
425
+ type: object
426
+ additionalProperties: false
427
+ description: Data model for the complex type object that contains ErrorInformation.
428
+ properties:
429
+ errorInformation:
430
+ title: ErrorInformation
431
+ type: object
432
+ additionalProperties: false
433
+ description: Data model for the complex type ErrorInformation.
434
+ properties:
435
+ errorCode:
436
+ title: ErrorCode
437
+ type: string
438
+ pattern: ^[1-9]\d{3}$
439
+ description: The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represent the specific error.
440
+ example: '5100'
441
+ errorDescription:
442
+ title: ErrorDescription
443
+ type: string
444
+ minLength: 1
445
+ maxLength: 128
446
+ description: Error description string.
447
+ extensionList:
448
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
449
+ required:
450
+ - errorCode
451
+ - errorDescription
452
+ required:
453
+ - errorInformation
454
+ responses:
455
+ '200':
456
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
457
+ '400':
458
+ $ref: '#/paths/~1tppConsents/post/responses/400'
459
+ '401':
460
+ $ref: '#/paths/~1tppConsents/post/responses/401'
461
+ '403':
462
+ $ref: '#/paths/~1tppConsents/post/responses/403'
463
+ '404':
464
+ $ref: '#/paths/~1tppConsents/post/responses/404'
465
+ '405':
466
+ $ref: '#/paths/~1tppConsents/post/responses/405'
467
+ '406':
468
+ $ref: '#/paths/~1tppConsents/post/responses/406'
469
+ '501':
470
+ $ref: '#/paths/~1tppConsents/post/responses/501'
471
+ '503':
472
+ $ref: '#/paths/~1tppConsents/post/responses/503'
473
+ /tppConsentRequests:
474
+ parameters:
475
+ - $ref: '#/paths/~1tppConsents/parameters/0'
476
+ - $ref: '#/paths/~1tppConsents/parameters/1'
477
+ - $ref: '#/paths/~1tppConsents/parameters/2'
478
+ - $ref: '#/paths/~1tppConsents/parameters/3'
479
+ - $ref: '#/paths/~1tppConsents/parameters/4'
480
+ - $ref: '#/paths/~1tppConsents/parameters/5'
481
+ - $ref: '#/paths/~1tppConsents/parameters/6'
482
+ - $ref: '#/paths/~1tppConsents/parameters/7'
483
+ - $ref: '#/paths/~1tppConsents/parameters/8'
484
+ post:
485
+ tags:
486
+ - consentRequests
487
+ operationId: CreateConsentRequest
488
+ summary: CreateConsentRequest
489
+ description: |
490
+ The HTTP request **POST /tppConsentRequests** is used to request a DFSP to grant access to one or more
491
+ accounts owned by a customer of the DFSP for the PISP who sends the request.
492
+ parameters:
493
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
494
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
495
+ requestBody:
496
+ description: The consentRequest to create
497
+ required: true
498
+ content:
499
+ application/json:
500
+ schema:
501
+ title: ConsentRequestsPostRequest
502
+ type: object
503
+ description: |-
504
+ Used by: PISP
505
+ The HTTP request POST /tppConsentRequests is used to request a DFSP to grant access to one or more accounts owned by a customer of the DFSP for the PISP who sends the request.
506
+ Callback and data model for POST /tppConsentRequests:
507
+ Callback: PUT /tppConsentRequests/{ID} Error callback: PUT /tppConsentRequests/{ID}/error
508
+ properties:
509
+ consentRequestId:
510
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
511
+ partyIdInfo:
512
+ title: PartyIdInfo
513
+ type: object
514
+ description: Data model for the complex type PartyIdInfo.
515
+ properties:
516
+ partyIdType:
517
+ title: PartyIdType
518
+ type: string
519
+ enum:
520
+ - MSISDN
521
+ - EMAIL
522
+ - PERSONAL_ID
523
+ - BUSINESS
524
+ - DEVICE
525
+ - ACCOUNT_ID
526
+ - IBAN
527
+ - ALIAS
528
+ - CONSENT
529
+ - THIRD_PARTY_LINK
530
+ description: |
531
+ Below are the allowed values for the enumeration.
532
+ - MSISDN - An MSISDN (Mobile Station International Subscriber Directory
533
+ Number, that is, the phone number) is used as reference to a participant.
534
+ The MSISDN identifier should be in international format according to the
535
+ [ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en).
536
+ Optionally, the MSISDN may be prefixed by a single plus sign, indicating the
537
+ international prefix.
538
+ - EMAIL - An email is used as reference to a
539
+ participant. The format of the email should be according to the informational
540
+ [RFC 3696](https://tools.ietf.org/html/rfc3696).
541
+ - PERSONAL_ID - A personal identifier is used as reference to a participant.
542
+ Examples of personal identification are passport number, birth certificate
543
+ number, and national registration number. The identifier number is added in
544
+ the PartyIdentifier element. The personal identifier type is added in the
545
+ PartySubIdOrType element.
546
+ - BUSINESS - A specific Business (for example, an organization or a company)
547
+ is used as reference to a participant. The BUSINESS identifier can be in any
548
+ format. To make a transaction connected to a specific username or bill number
549
+ in a Business, the PartySubIdOrType element should be used.
550
+ - DEVICE - A specific device (for example, a POS or ATM) ID connected to a
551
+ specific business or organization is used as reference to a Party.
552
+ For referencing a specific device under a specific business or organization,
553
+ use the PartySubIdOrType element.
554
+ - ACCOUNT_ID - A bank account number or FSP account ID should be used as
555
+ reference to a participant. The ACCOUNT_ID identifier can be in any format,
556
+ as formats can greatly differ depending on country and FSP.
557
+ - IBAN - A bank account number or FSP account ID is used as reference to a
558
+ participant. The IBAN identifier can consist of up to 34 alphanumeric
559
+ characters and should be entered without whitespace.
560
+ - ALIAS An alias is used as reference to a participant. The alias should be
561
+ created in the FSP as an alternative reference to an account owner.
562
+ Another example of an alias is a username in the FSP system.
563
+ The ALIAS identifier can be in any format. It is also possible to use the
564
+ PartySubIdOrType element for identifying an account under an Alias defined
565
+ by the PartyIdentifier.
566
+ - CONSENT - A Consent represents an agreement between a PISP, a Customer and
567
+ a DFSP which allows the PISP permission to perform actions on behalf of the
568
+ customer. A Consent has an authoritative source: either the DFSP who issued
569
+ the Consent, or an Auth Service which administers the Consent.
570
+ - THIRD_PARTY_LINK - A Third Party Link represents an agreement between a PISP,
571
+ a DFSP, and a specific Customer's account at the DFSP. The content of the link
572
+ is created by the DFSP at the time when it gives permission to the PISP for
573
+ specific access to a given account.
574
+ example: PERSONAL_ID
575
+ partyIdentifier:
576
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/partyItentifier'
577
+ partySubIdOrType:
578
+ title: PartySubIdOrType
579
+ type: string
580
+ minLength: 1
581
+ maxLength: 128
582
+ description: Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType.
583
+ fspId:
584
+ title: FspId
585
+ type: string
586
+ minLength: 1
587
+ maxLength: 32
588
+ description: FSP identifier.
589
+ extensionList:
590
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
591
+ required:
592
+ - partyIdType
593
+ - partyIdentifier
594
+ scopes:
595
+ type: array
596
+ minLength: 1
597
+ maxLength: 256
598
+ items:
599
+ title: Scope
600
+ type: object
601
+ description: |-
602
+ The Scope element contains an identifier defining, in the terms of a DFSP, an account on which access types can be requested or granted. It also defines the access types which are requested or granted.
603
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32121-scope
604
+ properties:
605
+ address:
606
+ title: AccountAddress
607
+ type: string
608
+ description: |-
609
+ The AccountAddress data type is a variable length string with a maximum size of 1023 characters and consists of:
610
+ Alphanumeric characters, upper or lower case. (Addresses are case-sensitive so that they can contain data encoded in formats such as base64url.)
611
+ - Underscore (_) - Tilde (~) - Hyphen (-) - Period (.) Addresses MUST NOT end in a period (.) character
612
+ An entity providing accounts to parties (i.e. a participant) can provide any value for an AccountAddress that is meaningful to that entity. It does not need to provide an address that makes the account identifiable outside the entity's domain.
613
+ IMPORTANT: The policy for defining addresses and the life-cycle of these is at the discretion of the address space owner (the payer DFSP in this case).
614
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3212-accountaddress
615
+ pattern: ^([0-9A-Za-z_~\-\.]+[0-9A-Za-z_~\-])$
616
+ minLength: 1
617
+ maxLength: 1023
618
+ actions:
619
+ type: array
620
+ minItems: 1
621
+ maxItems: 32
622
+ items:
623
+ title: ScopeAction
624
+ type: string
625
+ description: |
626
+ The ScopeAction element contains an access type which a PISP can request
627
+ from a DFSP, or which a DFSP can grant to a PISP.
628
+ It must be a member of the appropriate enumeration.
629
+
630
+ - ACCOUNTS_GET_BALANCE: PISP can request a balance for the linked account
631
+ - ACCOUNTS_TRANSFER: PISP can request a transfer of funds from the linked account in the DFSP
632
+ - ACCOUNTS_STATEMENT: PISP can request a statement of individual transactions on a user's account
633
+ enum:
634
+ - ACCOUNTS_GET_BALANCE
635
+ - ACCOUNTS_TRANSFER
636
+ - ACCOUNTS_STATEMENT
637
+ required:
638
+ - address
639
+ - actions
640
+ authChannels:
641
+ type: array
642
+ minLength: 1
643
+ maxLength: 256
644
+ items:
645
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
646
+ callbackUri:
647
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
648
+ extensionList:
649
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
650
+ required:
651
+ - consentRequestId
652
+ - partyIdInfo
653
+ - scopes
654
+ - authChannels
655
+ - callbackUri
656
+ responses:
657
+ '202':
658
+ $ref: '#/paths/~1tppConsents/post/responses/202'
659
+ '400':
660
+ $ref: '#/paths/~1tppConsents/post/responses/400'
661
+ '401':
662
+ $ref: '#/paths/~1tppConsents/post/responses/401'
663
+ '403':
664
+ $ref: '#/paths/~1tppConsents/post/responses/403'
665
+ '404':
666
+ $ref: '#/paths/~1tppConsents/post/responses/404'
667
+ '405':
668
+ $ref: '#/paths/~1tppConsents/post/responses/405'
669
+ '406':
670
+ $ref: '#/paths/~1tppConsents/post/responses/406'
671
+ '501':
672
+ $ref: '#/paths/~1tppConsents/post/responses/501'
673
+ '503':
674
+ $ref: '#/paths/~1tppConsents/post/responses/503'
675
+ /tppConsentRequests/{ID}:
676
+ parameters:
677
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
678
+ - $ref: '#/paths/~1tppConsents/parameters/0'
679
+ - $ref: '#/paths/~1tppConsents/parameters/1'
680
+ - $ref: '#/paths/~1tppConsents/parameters/2'
681
+ - $ref: '#/paths/~1tppConsents/parameters/3'
682
+ - $ref: '#/paths/~1tppConsents/parameters/4'
683
+ - $ref: '#/paths/~1tppConsents/parameters/5'
684
+ - $ref: '#/paths/~1tppConsents/parameters/6'
685
+ - $ref: '#/paths/~1tppConsents/parameters/7'
686
+ - $ref: '#/paths/~1tppConsents/parameters/8'
687
+ get:
688
+ operationId: GetConsentRequestsById
689
+ summary: GetConsentRequestsById
690
+ description: |
691
+ The HTTP request `GET /tppConsentRequests/{ID}` is used to get information about a previously
692
+ requested consent. The *{ID}* in the URI should contain the consentRequestId that was assigned to the
693
+ request by the PISP when the PISP originated the request.
694
+ tags:
695
+ - consentRequests
696
+ parameters:
697
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
698
+ responses:
699
+ '202':
700
+ $ref: '#/paths/~1tppConsents/post/responses/202'
701
+ '400':
702
+ $ref: '#/paths/~1tppConsents/post/responses/400'
703
+ '401':
704
+ $ref: '#/paths/~1tppConsents/post/responses/401'
705
+ '403':
706
+ $ref: '#/paths/~1tppConsents/post/responses/403'
707
+ '404':
708
+ $ref: '#/paths/~1tppConsents/post/responses/404'
709
+ '405':
710
+ $ref: '#/paths/~1tppConsents/post/responses/405'
711
+ '406':
712
+ $ref: '#/paths/~1tppConsents/post/responses/406'
713
+ '501':
714
+ $ref: '#/paths/~1tppConsents/post/responses/501'
715
+ '503':
716
+ $ref: '#/paths/~1tppConsents/post/responses/503'
717
+ put:
718
+ tags:
719
+ - consentRequests
720
+ operationId: UpdateConsentRequest
721
+ summary: UpdateConsentRequest
722
+ description: |
723
+ A DFSP uses this callback to (1) inform the PISP that the consentRequest has been accepted,
724
+ and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
725
+ with.
726
+
727
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP’s customer, not all
728
+ the permissions requested may be granted by the DFSP. Conversely, the out-of-band authorization
729
+ process may result in additional privileges being granted by the account holder to the PISP. The
730
+ **PUT /consentRequests/**_{ID}_ resource returns the current state of the permissions relating to a
731
+ particular authorization request.
732
+ parameters:
733
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
734
+ requestBody:
735
+ required: true
736
+ content:
737
+ application/json:
738
+ schema:
739
+ oneOf:
740
+ - title: ConsentRequestsIDPutResponseWeb
741
+ type: object
742
+ description: |
743
+ The object sent in a `PUT /tppConsentRequests/{ID}` request.
744
+
745
+ Schema used in the request consent phase of the account linking web flow,
746
+ the result is the PISP being instructed on a specific URL where this
747
+ supposed user should be redirected. This URL should be a place where
748
+ the user can prove their identity (e.g., by logging in).
749
+ properties:
750
+ scopes:
751
+ type: array
752
+ minLength: 1
753
+ maxLength: 256
754
+ items:
755
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
756
+ authChannels:
757
+ type: array
758
+ minLength: 1
759
+ maxLength: 1
760
+ items:
761
+ title: ConsentRequestChannelTypeWeb
762
+ type: string
763
+ enum:
764
+ - WEB
765
+ description: |
766
+ The web auth channel being used for `PUT /tppConsentRequest/{ID}` request.
767
+ callbackUri:
768
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
769
+ authUri:
770
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
771
+ extensionList:
772
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
773
+ required:
774
+ - scopes
775
+ - authChannels
776
+ - callbackUri
777
+ - authUri
778
+ additionalProperties: false
779
+ - title: ConsentRequestsIDPutResponseOTP
780
+ type: object
781
+ description: |
782
+ The object sent in a `PUT /tppConsentRequests/{ID}` request.
783
+
784
+ Schema used in the request consent phase of the account linking OTP/SMS flow.
785
+ properties:
786
+ scopes:
787
+ type: array
788
+ minLength: 1
789
+ maxLength: 256
790
+ items:
791
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
792
+ authChannels:
793
+ type: array
794
+ minLength: 1
795
+ maxLength: 1
796
+ items:
797
+ title: ConsentRequestChannelTypeOTP
798
+ type: string
799
+ enum:
800
+ - OTP
801
+ description: |
802
+ The OTP auth channel being used for `PUT /tppConsentRequests/{ID}` request.
803
+ callbackUri:
804
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
805
+ extensionList:
806
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
807
+ required:
808
+ - scopes
809
+ - authChannels
810
+ additionalProperties: false
811
+ responses:
812
+ '202':
813
+ $ref: '#/paths/~1tppConsents/post/responses/202'
814
+ '400':
815
+ $ref: '#/paths/~1tppConsents/post/responses/400'
816
+ '401':
817
+ $ref: '#/paths/~1tppConsents/post/responses/401'
818
+ '403':
819
+ $ref: '#/paths/~1tppConsents/post/responses/403'
820
+ '404':
821
+ $ref: '#/paths/~1tppConsents/post/responses/404'
822
+ '405':
823
+ $ref: '#/paths/~1tppConsents/post/responses/405'
824
+ '406':
825
+ $ref: '#/paths/~1tppConsents/post/responses/406'
826
+ '501':
827
+ $ref: '#/paths/~1tppConsents/post/responses/501'
828
+ '503':
829
+ $ref: '#/paths/~1tppConsents/post/responses/503'
830
+ patch:
831
+ tags:
832
+ - consentRequests
833
+ operationId: PatchConsentRequest
834
+ summary: PatchConsentRequest
835
+ description: |
836
+ After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
837
+ parameters:
838
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
839
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
840
+ requestBody:
841
+ required: true
842
+ content:
843
+ application/json:
844
+ schema:
845
+ title: ConsentRequestsIDPatchRequest
846
+ type: object
847
+ description: |-
848
+ Used by: PISP
849
+ After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
850
+ properties:
851
+ authToken:
852
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
853
+ extensionList:
854
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
855
+ required:
856
+ - authToken
857
+ responses:
858
+ '202':
859
+ $ref: '#/paths/~1tppConsents/post/responses/202'
860
+ '400':
861
+ $ref: '#/paths/~1tppConsents/post/responses/400'
862
+ '401':
863
+ $ref: '#/paths/~1tppConsents/post/responses/401'
864
+ '403':
865
+ $ref: '#/paths/~1tppConsents/post/responses/403'
866
+ '404':
867
+ $ref: '#/paths/~1tppConsents/post/responses/404'
868
+ '405':
869
+ $ref: '#/paths/~1tppConsents/post/responses/405'
870
+ '406':
871
+ $ref: '#/paths/~1tppConsents/post/responses/406'
872
+ '501':
873
+ $ref: '#/paths/~1tppConsents/post/responses/501'
874
+ '503':
875
+ $ref: '#/paths/~1tppConsents/post/responses/503'
876
+ /tppConsentRequests/{ID}/error:
877
+ parameters:
878
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
879
+ - $ref: '#/paths/~1tppConsents/parameters/0'
880
+ - $ref: '#/paths/~1tppConsents/parameters/1'
881
+ - $ref: '#/paths/~1tppConsents/parameters/2'
882
+ - $ref: '#/paths/~1tppConsents/parameters/3'
883
+ - $ref: '#/paths/~1tppConsents/parameters/4'
884
+ - $ref: '#/paths/~1tppConsents/parameters/5'
885
+ - $ref: '#/paths/~1tppConsents/parameters/6'
886
+ - $ref: '#/paths/~1tppConsents/parameters/7'
887
+ - $ref: '#/paths/~1tppConsents/parameters/8'
888
+ put:
889
+ tags:
890
+ - consentRequests
891
+ operationId: NotifyErrorConsentRequests
892
+ summary: NotifyErrorConsentRequests
893
+ description: |
894
+ DFSP responds to the PISP if something went wrong with validating an OTP or secret.
895
+ parameters:
896
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
897
+ requestBody:
898
+ description: Error information returned.
899
+ required: true
900
+ content:
901
+ application/json:
902
+ schema:
903
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
904
+ responses:
905
+ '200':
906
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
907
+ '400':
908
+ $ref: '#/paths/~1tppConsents/post/responses/400'
909
+ '401':
910
+ $ref: '#/paths/~1tppConsents/post/responses/401'
911
+ '403':
912
+ $ref: '#/paths/~1tppConsents/post/responses/403'
913
+ '404':
914
+ $ref: '#/paths/~1tppConsents/post/responses/404'
915
+ '405':
916
+ $ref: '#/paths/~1tppConsents/post/responses/405'
917
+ '406':
918
+ $ref: '#/paths/~1tppConsents/post/responses/406'
919
+ '501':
920
+ $ref: '#/paths/~1tppConsents/post/responses/501'
921
+ '503':
922
+ $ref: '#/paths/~1tppConsents/post/responses/503'
923
+ /tppConsents:
924
+ parameters:
925
+ - name: Content-Type
926
+ in: header
927
+ schema:
928
+ type: string
929
+ required: true
930
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
931
+ - name: Date
932
+ in: header
933
+ schema:
934
+ type: string
935
+ required: true
936
+ description: The `Date` header field indicates the date when the request was sent.
937
+ - name: X-Forwarded-For
938
+ in: header
939
+ schema:
940
+ type: string
941
+ required: false
942
+ description: |-
943
+ The `X-Forwarded-For` header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple `X-Forwarded-For` values should be expected and supported by implementers of the API.
944
+
945
+ **Note:** An alternative to `X-Forwarded-For` is defined in [RFC 7239](https://tools.ietf.org/html/rfc7239). However, to this point RFC 7239 is less-used and supported than `X-Forwarded-For`.
946
+ - name: FSPIOP-Source
947
+ in: header
948
+ schema:
949
+ type: string
950
+ required: true
951
+ description: The `FSPIOP-Source` header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field `FSPIOP-Signature`).
952
+ - name: FSPIOP-Destination
953
+ in: header
954
+ schema:
955
+ type: string
956
+ required: false
957
+ description: The `FSPIOP-Destination` header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field must be set by the original sender of the request if the destination is known (valid for all services except GET /parties) so that any entities between the client and the server do not need to parse the payload for routing purposes. If the destination is not known (valid for service GET /parties), the field should be left empty.
958
+ - name: FSPIOP-Encryption
959
+ in: header
960
+ schema:
961
+ type: string
962
+ required: false
963
+ description: The `FSPIOP-Encryption` header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.
964
+ - name: FSPIOP-Signature
965
+ in: header
966
+ schema:
967
+ type: string
968
+ required: false
969
+ description: The `FSPIOP-Signature` header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.
970
+ - name: FSPIOP-URI
971
+ in: header
972
+ schema:
973
+ type: string
974
+ required: false
975
+ description: The `FSPIOP-URI` header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
976
+ - name: FSPIOP-HTTP-Method
977
+ in: header
978
+ schema:
979
+ type: string
980
+ required: false
981
+ description: The `FSPIOP-HTTP-Method` header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
982
+ post:
983
+ tags:
984
+ - consents
985
+ operationId: PostConsents
986
+ summary: PostConsents
987
+ description: |
988
+ The **POST /tppConsents** request is used to request the creation of a consent for interactions between a PISP and the DFSP who owns the account which a PISP’s customer wants to allow the PISP access to.
989
+ parameters:
990
+ - name: Accept
991
+ in: header
992
+ required: true
993
+ schema:
994
+ type: string
995
+ description: The `Accept` header field indicates the version of the API the client would like the server to use.
996
+ - name: Content-Length
997
+ in: header
998
+ required: false
999
+ schema:
1000
+ type: integer
1001
+ description: |-
1002
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
1003
+
1004
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
1005
+ requestBody:
1006
+ required: true
1007
+ content:
1008
+ application/json:
1009
+ schema:
1010
+ oneOf:
1011
+ - title: ConsentPostRequestAUTH
1012
+ type: object
1013
+ description: |
1014
+ The object sent in a `POST /tppConsents` request to the Auth-Service
1015
+ by a DFSP to store registered Consent and credential
1016
+ properties:
1017
+ consentId:
1018
+ allOf:
1019
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1020
+ description: |
1021
+ Common ID between the PISP and FSP for the Consent object
1022
+ determined by the DFSP who creates the Consent.
1023
+ consentRequestId:
1024
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1025
+ scopes:
1026
+ minLength: 1
1027
+ maxLength: 256
1028
+ type: array
1029
+ items:
1030
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1031
+ credential:
1032
+ allOf:
1033
+ - $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential'
1034
+ status:
1035
+ title: ConsentStatus
1036
+ type: string
1037
+ enum:
1038
+ - ISSUED
1039
+ - REVOKED
1040
+ description: |-
1041
+ Allowed values for the enumeration ConsentStatus
1042
+ - ISSUED - The consent has been issued by the DFSP
1043
+ - REVOKED - The consent has been revoked
1044
+ extensionList:
1045
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1046
+ required:
1047
+ - consentId
1048
+ - scopes
1049
+ - credential
1050
+ - status
1051
+ additionalProperties: false
1052
+ - title: ConsentPostRequestPISP
1053
+ type: object
1054
+ description: |
1055
+ The provisional Consent object sent by the DFSP in `POST /tppConsents`.
1056
+ properties:
1057
+ consentId:
1058
+ allOf:
1059
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1060
+ description: |
1061
+ Common ID between the PISP and the Payer DFSP for the consent object. The ID
1062
+ should be reused for re-sends of the same consent. A new ID should be generated
1063
+ for each new consent.
1064
+ consentRequestId:
1065
+ allOf:
1066
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1067
+ description: |
1068
+ The ID given to the original consent request on which this consent is based.
1069
+ scopes:
1070
+ type: array
1071
+ minLength: 1
1072
+ maxLength: 256
1073
+ items:
1074
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1075
+ status:
1076
+ $ref: '#/paths/~1tppConsents/post/requestBody/content/application~1json/schema/oneOf/0/properties/status'
1077
+ extensionList:
1078
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1079
+ required:
1080
+ - consentId
1081
+ - consentRequestId
1082
+ - scopes
1083
+ - status
1084
+ responses:
1085
+ '202':
1086
+ description: Accepted
1087
+ '400':
1088
+ description: Bad Request
1089
+ content:
1090
+ application/json:
1091
+ schema:
1092
+ title: ErrorInformationResponse
1093
+ type: object
1094
+ additionalProperties: false
1095
+ description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.
1096
+ properties:
1097
+ errorInformation:
1098
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema/properties/errorInformation'
1099
+ headers:
1100
+ Content-Length:
1101
+ required: false
1102
+ schema:
1103
+ type: integer
1104
+ description: |-
1105
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
1106
+
1107
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
1108
+ Content-Type:
1109
+ schema:
1110
+ type: string
1111
+ required: true
1112
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
1113
+ '401':
1114
+ description: Unauthorized
1115
+ content:
1116
+ application/json:
1117
+ schema:
1118
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1119
+ headers:
1120
+ Content-Length:
1121
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1122
+ Content-Type:
1123
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1124
+ '403':
1125
+ description: Forbidden
1126
+ content:
1127
+ application/json:
1128
+ schema:
1129
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1130
+ headers:
1131
+ Content-Length:
1132
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1133
+ Content-Type:
1134
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1135
+ '404':
1136
+ description: Not Found
1137
+ content:
1138
+ application/json:
1139
+ schema:
1140
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1141
+ headers:
1142
+ Content-Length:
1143
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1144
+ Content-Type:
1145
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1146
+ '405':
1147
+ description: Method Not Allowed
1148
+ content:
1149
+ application/json:
1150
+ schema:
1151
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1152
+ headers:
1153
+ Content-Length:
1154
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1155
+ Content-Type:
1156
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1157
+ '406':
1158
+ description: Not Acceptable
1159
+ content:
1160
+ application/json:
1161
+ schema:
1162
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1163
+ headers:
1164
+ Content-Length:
1165
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1166
+ Content-Type:
1167
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1168
+ '501':
1169
+ description: Not Implemented
1170
+ content:
1171
+ application/json:
1172
+ schema:
1173
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1174
+ headers:
1175
+ Content-Length:
1176
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1177
+ Content-Type:
1178
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1179
+ '503':
1180
+ description: Service Unavailable
1181
+ content:
1182
+ application/json:
1183
+ schema:
1184
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1185
+ headers:
1186
+ Content-Length:
1187
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1188
+ Content-Type:
1189
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1190
+ /tppConsents/{ID}:
1191
+ parameters:
1192
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1193
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1194
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1195
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1196
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1197
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1198
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1199
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1200
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1201
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1202
+ get:
1203
+ description: |
1204
+ The **GET /tppConsents/**_{ID}_ resource allows a party to enquire after the status of a consent. The *{ID}* used in the URI of the request should be the consent request ID which was used to identify the consent when it was created.
1205
+ tags:
1206
+ - consents
1207
+ operationId: GetConsent
1208
+ summary: GetConsent
1209
+ parameters:
1210
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1211
+ responses:
1212
+ '202':
1213
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1214
+ '400':
1215
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1216
+ '401':
1217
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1218
+ '403':
1219
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1220
+ '404':
1221
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1222
+ '405':
1223
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1224
+ '406':
1225
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1226
+ '501':
1227
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1228
+ '503':
1229
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1230
+ patch:
1231
+ description: |
1232
+ The HTTP request `PATCH /consents/{ID}` is used
1233
+
1234
+ - In account linking in the Credential Registration phase. Used by a DFSP
1235
+ to notify a PISP a credential has been verified and registered with an
1236
+ Auth service.
1237
+
1238
+ - In account unlinking by a hub hosted auth service and by DFSPs
1239
+ in non-hub hosted scenarios to notify participants of a consent being revoked.
1240
+
1241
+ Called by a `auth-service` to notify a PISP and DFSP of consent status in hub hosted scenario.
1242
+ Called by a `DFSP` to notify a PISP of consent status in non-hub hosted scenario.
1243
+ tags:
1244
+ - consents
1245
+ operationId: PatchConsentByID
1246
+ summary: PatchConsentByID
1247
+ requestBody:
1248
+ required: true
1249
+ content:
1250
+ application/json:
1251
+ schema:
1252
+ oneOf:
1253
+ - title: ConsentsIDPatchResponseVerified
1254
+ description: |
1255
+ PATCH /tppConsents/{ID} request object.
1256
+
1257
+ Sent by the DFSP to the PISP when a consent is issued and verified.
1258
+ Used in the "Register Credential" part of the Account linking flow.
1259
+ type: object
1260
+ properties:
1261
+ credential:
1262
+ type: object
1263
+ properties:
1264
+ status:
1265
+ title: CredentialStatusVerified
1266
+ type: string
1267
+ enum:
1268
+ - VERIFIED
1269
+ description: |
1270
+ The status of the Credential.
1271
+ - "VERIFIED" - The Credential is valid and verified.
1272
+ required:
1273
+ - status
1274
+ extensionList:
1275
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1276
+ required:
1277
+ - credential
1278
+ - title: ConsentsIDPatchResponseRevoked
1279
+ description: |
1280
+ PATCH /tppConsents/{ID} request object.
1281
+
1282
+ Sent to both the PISP and DFSP when a consent is revoked.
1283
+ Used in the "Unlinking" part of the Account Unlinking flow.
1284
+ type: object
1285
+ properties:
1286
+ status:
1287
+ title: ConsentStatusRevoked
1288
+ type: string
1289
+ enum:
1290
+ - REVOKED
1291
+ description: |-
1292
+ Allowed values for the enumeration ConsentStatus
1293
+ - REVOKED - The consent has been revoked
1294
+ revokedAt:
1295
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/expiration/allOf/0'
1296
+ extensionList:
1297
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1298
+ required:
1299
+ - status
1300
+ - revokedAt
1301
+ parameters:
1302
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1303
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1304
+ responses:
1305
+ '200':
1306
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1307
+ '400':
1308
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1309
+ '401':
1310
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1311
+ '403':
1312
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1313
+ '404':
1314
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1315
+ '405':
1316
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1317
+ '406':
1318
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1319
+ '501':
1320
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1321
+ '503':
1322
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1323
+ put:
1324
+ description: |
1325
+ The HTTP request `PUT /consents/{ID}` is used by the PISP and Auth Service.
1326
+
1327
+ - Called by a `PISP` to after signing a challenge. Sent to an DFSP for verification.
1328
+ - Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
1329
+ tags:
1330
+ - consents
1331
+ operationId: PutConsentByID
1332
+ summary: PutConsentByID
1333
+ requestBody:
1334
+ required: true
1335
+ content:
1336
+ application/json:
1337
+ schema:
1338
+ oneOf:
1339
+ - title: ConsentsIDPutResponseSigned
1340
+ type: object
1341
+ description: |
1342
+ The HTTP request `PUT /tppConsents/{ID}` is used by the PISP to update a Consent with a signed challenge and register a credential.
1343
+ Called by a `PISP` to after signing a challenge. Sent to a DFSP for verification.
1344
+ properties:
1345
+ status:
1346
+ title: ConsentStatusIssued
1347
+ type: string
1348
+ enum:
1349
+ - ISSUED
1350
+ description: |-
1351
+ Allowed values for the enumeration ConsentStatus
1352
+ - ISSUED - The consent has been issued by the DFSP
1353
+ scopes:
1354
+ type: array
1355
+ items:
1356
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1357
+ credential:
1358
+ title: SignedCredential
1359
+ type: object
1360
+ description: |
1361
+ A credential used to allow a user to prove their identity and access
1362
+ to an account with a DFSP.
1363
+
1364
+ SignedCredential is a special formatting of the credential to allow us to be
1365
+ more explicit about the `status` field - it should only ever be PENDING when
1366
+ updating a credential.
1367
+ properties:
1368
+ credentialType:
1369
+ title: CredentialType
1370
+ type: string
1371
+ enum:
1372
+ - FIDO
1373
+ - GENERIC
1374
+ description: |-
1375
+ The type of the Credential. - "FIDO" - The credential is based on a FIDO challenge. Its payload is a FIDOPublicKeyCredentialAttestation object. - "GENERIC" - The credential is based on a simple public key validation. Its payload is a GenericCredential object.
1376
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3226-credentialtype
1377
+ status:
1378
+ title: CredentialStatusPending
1379
+ type: string
1380
+ enum:
1381
+ - PENDING
1382
+ description: |
1383
+ The status of the Credential.
1384
+ - "PENDING" - The credential has been created, but has not been verified
1385
+ genericPayload:
1386
+ title: GenericCredential
1387
+ type: object
1388
+ description: |
1389
+ A publicKey + signature of a challenge for a generic public/private keypair.
1390
+ properties:
1391
+ publicKey:
1392
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
1393
+ signature:
1394
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
1395
+ required:
1396
+ - publicKey
1397
+ - signature
1398
+ additionalProperties: false
1399
+ fidoPayload:
1400
+ title: FIDOPublicKeyCredentialAttestation
1401
+ type: object
1402
+ description: |
1403
+ A data model representing a FIDO Attestation result. Derived from
1404
+ [`PublicKeyCredential` Interface](https://w3c.github.io/webauthn/#iface-pkcredential).
1405
+
1406
+ The `PublicKeyCredential` interface represents the below fields with
1407
+ a Type of Javascript [ArrayBuffer](https://heycam.github.io/webidl/#idl-ArrayBuffer).
1408
+ For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
1409
+ properties:
1410
+ id:
1411
+ type: string
1412
+ description: |
1413
+ credential id: identifier of pair of keys, base64 encoded
1414
+ https://w3c.github.io/webauthn/#ref-for-dom-credential-id
1415
+ minLength: 20
1416
+ maxLength: 118
1417
+ rawId:
1418
+ type: string
1419
+ description: |
1420
+ raw credential id: identifier of pair of keys, base64 encoded
1421
+ minLength: 20
1422
+ maxLength: 118
1423
+ response:
1424
+ type: object
1425
+ description: |
1426
+ AuthenticatorAttestationResponse
1427
+ properties:
1428
+ clientDataJSON:
1429
+ type: string
1430
+ description: |
1431
+ JSON string with client data
1432
+ minLength: 121
1433
+ maxLength: 512
1434
+ attestationObject:
1435
+ type: string
1436
+ description: |
1437
+ CBOR.encoded attestation object
1438
+ minLength: 306
1439
+ maxLength: 2048
1440
+ required:
1441
+ - clientDataJSON
1442
+ - attestationObject
1443
+ additionalProperties: false
1444
+ type:
1445
+ type: string
1446
+ description: response type, we need only the type of public-key
1447
+ enum:
1448
+ - public-key
1449
+ required:
1450
+ - id
1451
+ - response
1452
+ - type
1453
+ additionalProperties: false
1454
+ required:
1455
+ - credentialType
1456
+ - status
1457
+ additionalProperties: false
1458
+ extensionList:
1459
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1460
+ required:
1461
+ - scopes
1462
+ - credential
1463
+ additionalProperties: false
1464
+ - title: ConsentsIDPutResponseVerified
1465
+ type: object
1466
+ description: |
1467
+ The HTTP request `PUT /tppConsents/{ID}` is used by the DFSP or Auth-Service to update a Consent object once it has been Verified.
1468
+ Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
1469
+ properties:
1470
+ status:
1471
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/status'
1472
+ scopes:
1473
+ type: array
1474
+ items:
1475
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1476
+ credential:
1477
+ title: VerifiedCredential
1478
+ type: object
1479
+ description: |
1480
+ A credential used to allow a user to prove their identity and access
1481
+ to an account with a DFSP.
1482
+
1483
+ VerifiedCredential is a special formatting of Credential to allow us to be
1484
+ more explicit about the `status` field - it should only ever be VERIFIED when
1485
+ updating a credential.
1486
+ properties:
1487
+ credentialType:
1488
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/credentialType'
1489
+ status:
1490
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/patch/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/status'
1491
+ genericPayload:
1492
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/genericPayload'
1493
+ fidoPayload:
1494
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/fidoPayload'
1495
+ required:
1496
+ - credentialType
1497
+ - status
1498
+ additionalProperties: false
1499
+ extensionList:
1500
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1501
+ required:
1502
+ - scopes
1503
+ - credential
1504
+ additionalProperties: false
1505
+ parameters:
1506
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1507
+ responses:
1508
+ '200':
1509
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1510
+ '202':
1511
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1512
+ '400':
1513
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1514
+ '401':
1515
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1516
+ '403':
1517
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1518
+ '404':
1519
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1520
+ '405':
1521
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1522
+ '406':
1523
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1524
+ '501':
1525
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1526
+ '503':
1527
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1528
+ delete:
1529
+ description: |
1530
+ Used by PISP, DFSP
1531
+
1532
+ The **DELETE /consents/**_{ID}_ request is used to request the revocation of a previously agreed consent.
1533
+ For tracing and auditing purposes, the switch should be sure not to delete the consent physically;
1534
+ instead, information relating to the consent should be marked as deleted and requests relating to the
1535
+ consent should not be honoured.
1536
+ operationId: DeleteConsentByID
1537
+ parameters:
1538
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1539
+ tags:
1540
+ - consents
1541
+ responses:
1542
+ '202':
1543
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1544
+ '400':
1545
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1546
+ '401':
1547
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1548
+ '403':
1549
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1550
+ '404':
1551
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1552
+ '405':
1553
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1554
+ '406':
1555
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1556
+ '501':
1557
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1558
+ '503':
1559
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1560
+ /tppConsents/{ID}/error:
1561
+ parameters:
1562
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1563
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1564
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1565
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1566
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1567
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1568
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1569
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1570
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1571
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1572
+ put:
1573
+ tags:
1574
+ - consents
1575
+ operationId: NotifyErrorConsents
1576
+ summary: NotifyErrorConsents
1577
+ description: |
1578
+ DFSP responds to the PISP if something went wrong with validating or storing consent.
1579
+ parameters:
1580
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1581
+ requestBody:
1582
+ description: Error information returned.
1583
+ required: true
1584
+ content:
1585
+ application/json:
1586
+ schema:
1587
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
1588
+ responses:
1589
+ '200':
1590
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1591
+ '400':
1592
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1593
+ '401':
1594
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1595
+ '403':
1596
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1597
+ '404':
1598
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1599
+ '405':
1600
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1601
+ '406':
1602
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1603
+ '501':
1604
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1605
+ '503':
1606
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1607
+ /tppVerifications:
1608
+ parameters:
1609
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1610
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1611
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1612
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1613
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1614
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1615
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1616
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1617
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1618
+ post:
1619
+ tags:
1620
+ - verifications
1621
+ operationId: tppPostVerifications
1622
+ summary: tppPostVerifications
1623
+ description: |
1624
+ The HTTP request `POST /tppVerifications` is used by the DFSP to verify a third party authorization in cases where the authentication service to be used is implemented by the switch and not internally by the DFSP.
1625
+ parameters:
1626
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1627
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1628
+ requestBody:
1629
+ description: The thirdparty authorization details to verify
1630
+ required: true
1631
+ content:
1632
+ application/json:
1633
+ schema:
1634
+ oneOf:
1635
+ - title: tppVerificationsPostRequestFIDO
1636
+ type: object
1637
+ description: The object sent in the POST /tppVerifications request.
1638
+ properties:
1639
+ verificationRequestId:
1640
+ allOf:
1641
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1642
+ challenge:
1643
+ type: string
1644
+ description: Base64 encoded bytes - The challenge generated by the DFSP.
1645
+ consentId:
1646
+ allOf:
1647
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1648
+ description: |
1649
+ The id of the stored consent object that contains the credential with which to verify
1650
+ the signed challenge against.
1651
+ signedPayloadType:
1652
+ title: SignedPayloadTypeFIDO
1653
+ type: string
1654
+ enum:
1655
+ - FIDO
1656
+ description: Describes a challenge that has been signed with FIDO Attestation flows
1657
+ fidoSignedPayload:
1658
+ title: FIDOPublicKeyCredentialAssertion
1659
+ type: object
1660
+ description: |
1661
+ A data model representing a FIDO Assertion result.
1662
+ Derived from PublicKeyCredential Interface in WebAuthN.
1663
+
1664
+ The PublicKeyCredential interface represents the below fields with a Type of
1665
+ Javascript ArrayBuffer.
1666
+ For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
1667
+
1668
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32128-fidopublickeycredentialassertion
1669
+ properties:
1670
+ id:
1671
+ type: string
1672
+ description: |
1673
+ credential id: identifier of pair of keys, base64 encoded
1674
+ https://w3c.github.io/webauthn/#ref-for-dom-credential-id
1675
+ minLength: 20
1676
+ maxLength: 118
1677
+ rawId:
1678
+ type: string
1679
+ description: |
1680
+ raw credential id: identifier of pair of keys, base64 encoded.
1681
+ minLength: 20
1682
+ maxLength: 118
1683
+ response:
1684
+ type: object
1685
+ description: |
1686
+ AuthenticatorAssertionResponse
1687
+ properties:
1688
+ authenticatorData:
1689
+ type: string
1690
+ description: |
1691
+ Authenticator data object.
1692
+ minLength: 49
1693
+ maxLength: 256
1694
+ clientDataJSON:
1695
+ type: string
1696
+ description: |
1697
+ JSON string with client data.
1698
+ minLength: 121
1699
+ maxLength: 512
1700
+ signature:
1701
+ type: string
1702
+ description: |
1703
+ The signature generated by the private key associated with this credential.
1704
+ minLength: 59
1705
+ maxLength: 256
1706
+ userHandle:
1707
+ type: string
1708
+ description: |
1709
+ This field is optionally provided by the authenticator, and
1710
+ represents the user.id that was supplied during registration.
1711
+ minLength: 1
1712
+ maxLength: 88
1713
+ required:
1714
+ - authenticatorData
1715
+ - clientDataJSON
1716
+ - signature
1717
+ additionalProperties: false
1718
+ type:
1719
+ type: string
1720
+ description: response type, we need only the type of public-key
1721
+ enum:
1722
+ - public-key
1723
+ required:
1724
+ - id
1725
+ - rawId
1726
+ - response
1727
+ - type
1728
+ additionalProperties: false
1729
+ extensionList:
1730
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1731
+ required:
1732
+ - verificationRequestId
1733
+ - challenge
1734
+ - consentId
1735
+ - signedPayloadType
1736
+ - fidoSignedPayload
1737
+ - title: tppVerificationsPostRequestGeneric
1738
+ type: object
1739
+ description: The object sent in the POST /tppVerifications request.
1740
+ properties:
1741
+ verificationRequestId:
1742
+ allOf:
1743
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1744
+ challenge:
1745
+ type: string
1746
+ description: Base64 encoded bytes - The challenge generated by the DFSP.
1747
+ consentId:
1748
+ allOf:
1749
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1750
+ description: |
1751
+ The id of the stored consent object that contains the credential with which to verify
1752
+ the signed challenge against.
1753
+ signedPayloadType:
1754
+ title: SignedPayloadTypeGeneric
1755
+ type: string
1756
+ enum:
1757
+ - GENERIC
1758
+ description: Describes a challenge that has been signed with a private key
1759
+ genericSignedPayload:
1760
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
1761
+ extensionList:
1762
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1763
+ required:
1764
+ - verificationRequestId
1765
+ - challenge
1766
+ - consentId
1767
+ - signedPayloadType
1768
+ - genericSignedPayload
1769
+ responses:
1770
+ '202':
1771
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1772
+ '400':
1773
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1774
+ '401':
1775
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1776
+ '403':
1777
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1778
+ '404':
1779
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1780
+ '405':
1781
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1782
+ '406':
1783
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1784
+ '501':
1785
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1786
+ '503':
1787
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1788
+ /tppVerifications/{ID}:
1789
+ parameters:
1790
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1791
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1792
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1793
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1794
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1795
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1796
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1797
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1798
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1799
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1800
+ get:
1801
+ tags:
1802
+ - verifications
1803
+ operationId: tppGetVerificationsById
1804
+ summary: tppGetVerificationsById
1805
+ description: |
1806
+ The HTTP request `/tppVerifications/{ID}` is used to get
1807
+ information regarding a previously created or requested authorization. The *{ID}*
1808
+ in the URI should contain the verification request ID
1809
+ parameters:
1810
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1811
+ responses:
1812
+ '202':
1813
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1814
+ '400':
1815
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1816
+ '401':
1817
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1818
+ '403':
1819
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1820
+ '404':
1821
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1822
+ '405':
1823
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1824
+ '406':
1825
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1826
+ '501':
1827
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1828
+ '503':
1829
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1830
+ put:
1831
+ tags:
1832
+ - verifications
1833
+ operationId: tppPutVerificationsById
1834
+ summary: tppPutVerificationsById
1835
+ description: |-
1836
+ The HTTP request `PUT /tppVerifications/{ID}` is used by the Auth-Service to inform the DFSP of a successful result in validating the verification of a Thirdparty Transaction Request.
1837
+ If the validation fails, the auth-service will send back `PUT /tppVerifications/{ID}` with `authenticationResponse: 'REJECTED'`.
1838
+ In unplanned error cases the Auth-Service MUST use `PUT /tppVerifications/{ID}/error`.
1839
+ parameters:
1840
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1841
+ requestBody:
1842
+ description: The result of validating the Thirdparty Transaction Request
1843
+ required: true
1844
+ content:
1845
+ application/json:
1846
+ schema:
1847
+ title: tppVerificationsIDPutResponse
1848
+ type: object
1849
+ description: |-
1850
+ Used by: Auth Service
1851
+ The callback PUT /tppVerifications/{ID} is used to inform the client of the result of an authorization check. The {ID} in the URI should contain the authorizationRequestId which was used to request the check, or the {ID} that was used in the GET /tppVerifications/{ID}.
1852
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31821-put-thirdpartyrequestsverificationsid
1853
+ properties:
1854
+ authenticationResponse:
1855
+ title: AuthenticationResponse
1856
+ type: string
1857
+ enum:
1858
+ - VERIFIED
1859
+ description: |-
1860
+ The AuthenticationResponse enumeration describes the result of authenticating verification request.
1861
+ Below are the allowed values for the enumeration AuthenticationResponse. - VERIFIED - The challenge was correctly signed.
1862
+ extensionList:
1863
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1864
+ required:
1865
+ - authenticationResponse
1866
+ example:
1867
+ authenticationResponse: VERIFIED
1868
+ responses:
1869
+ '200':
1870
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1871
+ '400':
1872
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1873
+ '401':
1874
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1875
+ '403':
1876
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1877
+ '404':
1878
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1879
+ '405':
1880
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1881
+ '406':
1882
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1883
+ '501':
1884
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1885
+ '503':
1886
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1887
+ /tppVerifications/{ID}/error:
1888
+ parameters:
1889
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1890
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1891
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1892
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1893
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1894
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1895
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1896
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1897
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1898
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1899
+ put:
1900
+ tags:
1901
+ - verifications
1902
+ operationId: tppPutVerificationsByIdAndError
1903
+ summary: tppPutVerificationsByIdAndError
1904
+ description: |
1905
+ The HTTP request `PUT /tppVerifications/{ID}/error` is used by the Auth-Service to inform
1906
+ the DFSP of a failure in validating or looking up the verification of a Thirdparty Transaction Request.
1907
+ parameters:
1908
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1909
+ requestBody:
1910
+ description: Error information returned.
1911
+ required: true
1912
+ content:
1913
+ application/json:
1914
+ schema:
1915
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
1916
+ responses:
1917
+ '200':
1918
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1919
+ '400':
1920
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1921
+ '401':
1922
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1923
+ '403':
1924
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1925
+ '404':
1926
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1927
+ '405':
1928
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1929
+ '406':
1930
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1931
+ '501':
1932
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1933
+ '503':
1934
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1935
+ /tppAuthorizations:
1936
+ parameters:
1937
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1938
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1939
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1940
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1941
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1942
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1943
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1944
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1945
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1946
+ post:
1947
+ description: |
1948
+ The HTTP request **POST /tppAuthorizations** used by a Payer DFSP to request authorization from the Payer to make a payment.
1949
+ This use case is applicable when the Payer DFSP receives a request to pay (a Payee initiated payment) and chooses to authorize the payment through the third party provider.
1950
+ operationId: tppPostAuthorizations
1951
+ summary: tppPostAuthorizations
1952
+ tags:
1953
+ - authorizations
1954
+ parameters:
1955
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1956
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1957
+ requestBody:
1958
+ description: Authorization request details
1959
+ required: true
1960
+ content:
1961
+ application/json:
1962
+ schema:
1963
+ title: tppAuthorizationsPostRequest
1964
+ description: |-
1965
+ Used by: DFSP
1966
+ The HTTP request POST /tppAuthorizations is used to request the validation by a customer for the transfer described in the request.
1967
+ Callback and data model information for POST /tppAuthorizations:
1968
+ Callback - PUT /tppAuthorizations/{ID} Error Callback - PUT /tppAuthorizations/{ID}/error
1969
+ type: object
1970
+ properties:
1971
+ authorizationRequestId:
1972
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1973
+ transactionRequestId:
1974
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1975
+ challenge:
1976
+ type: string
1977
+ description: The challenge that the PISP's client is to sign
1978
+ transferAmount:
1979
+ allOf:
1980
+ - $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
1981
+ description: The amount that will be debited from the sending customer's account as a consequence of the transaction.
1982
+ payeeReceiveAmount:
1983
+ allOf:
1984
+ - $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
1985
+ description: The amount that will be credited to the receiving customer's account as a consequence of the transaction.
1986
+ fees:
1987
+ allOf:
1988
+ - title: Money
1989
+ type: object
1990
+ additionalProperties: false
1991
+ description: Data model for the complex type Money.
1992
+ properties:
1993
+ currency:
1994
+ title: Currency
1995
+ description: The currency codes defined in [ISO 4217](https://www.iso.org/iso-4217-currency-codes.html) as three-letter alphabetic codes are used as the standard naming representation for currencies.
1996
+ type: string
1997
+ minLength: 3
1998
+ maxLength: 3
1999
+ enum:
2000
+ - AED
2001
+ - AFN
2002
+ - ALL
2003
+ - AMD
2004
+ - ANG
2005
+ - AOA
2006
+ - ARS
2007
+ - AUD
2008
+ - AWG
2009
+ - AZN
2010
+ - BAM
2011
+ - BBD
2012
+ - BDT
2013
+ - BGN
2014
+ - BHD
2015
+ - BIF
2016
+ - BMD
2017
+ - BND
2018
+ - BOB
2019
+ - BRL
2020
+ - BSD
2021
+ - BTN
2022
+ - BWP
2023
+ - BYN
2024
+ - BZD
2025
+ - CAD
2026
+ - CDF
2027
+ - CHF
2028
+ - CLP
2029
+ - CNY
2030
+ - COP
2031
+ - CRC
2032
+ - CUC
2033
+ - CUP
2034
+ - CVE
2035
+ - CZK
2036
+ - DJF
2037
+ - DKK
2038
+ - DOP
2039
+ - DZD
2040
+ - EGP
2041
+ - ERN
2042
+ - ETB
2043
+ - EUR
2044
+ - FJD
2045
+ - FKP
2046
+ - GBP
2047
+ - GEL
2048
+ - GGP
2049
+ - GHS
2050
+ - GIP
2051
+ - GMD
2052
+ - GNF
2053
+ - GTQ
2054
+ - GYD
2055
+ - HKD
2056
+ - HNL
2057
+ - HRK
2058
+ - HTG
2059
+ - HUF
2060
+ - IDR
2061
+ - ILS
2062
+ - IMP
2063
+ - INR
2064
+ - IQD
2065
+ - IRR
2066
+ - ISK
2067
+ - JEP
2068
+ - JMD
2069
+ - JOD
2070
+ - JPY
2071
+ - KES
2072
+ - KGS
2073
+ - KHR
2074
+ - KMF
2075
+ - KPW
2076
+ - KRW
2077
+ - KWD
2078
+ - KYD
2079
+ - KZT
2080
+ - LAK
2081
+ - LBP
2082
+ - LKR
2083
+ - LRD
2084
+ - LSL
2085
+ - LYD
2086
+ - MAD
2087
+ - MDL
2088
+ - MGA
2089
+ - MKD
2090
+ - MMK
2091
+ - MNT
2092
+ - MOP
2093
+ - MRO
2094
+ - MUR
2095
+ - MVR
2096
+ - MWK
2097
+ - MXN
2098
+ - MYR
2099
+ - MZN
2100
+ - NAD
2101
+ - NGN
2102
+ - NIO
2103
+ - NOK
2104
+ - NPR
2105
+ - NZD
2106
+ - OMR
2107
+ - PAB
2108
+ - PEN
2109
+ - PGK
2110
+ - PHP
2111
+ - PKR
2112
+ - PLN
2113
+ - PYG
2114
+ - QAR
2115
+ - RON
2116
+ - RSD
2117
+ - RUB
2118
+ - RWF
2119
+ - SAR
2120
+ - SBD
2121
+ - SCR
2122
+ - SDG
2123
+ - SEK
2124
+ - SGD
2125
+ - SHP
2126
+ - SLL
2127
+ - SOS
2128
+ - SPL
2129
+ - SRD
2130
+ - STD
2131
+ - SVC
2132
+ - SYP
2133
+ - SZL
2134
+ - THB
2135
+ - TJS
2136
+ - TMT
2137
+ - TND
2138
+ - TOP
2139
+ - TRY
2140
+ - TTD
2141
+ - TVD
2142
+ - TWD
2143
+ - TZS
2144
+ - UAH
2145
+ - UGX
2146
+ - USD
2147
+ - UYU
2148
+ - UZS
2149
+ - VEF
2150
+ - VND
2151
+ - VUV
2152
+ - WST
2153
+ - XAF
2154
+ - XCD
2155
+ - XDR
2156
+ - XOF
2157
+ - XPF
2158
+ - XTS
2159
+ - XXX
2160
+ - YER
2161
+ - ZAR
2162
+ - ZMW
2163
+ - ZWD
2164
+ amount:
2165
+ title: Amount
2166
+ type: string
2167
+ pattern: ^([0]|([1-9][0-9]{0,17}))([.][0-9]{0,3}[1-9])?$
2168
+ description: The API data type Amount is a JSON String in a canonical format that is restricted by a regular expression for interoperability reasons. This pattern does not allow any trailing zeroes at all, but allows an amount without a minor currency unit. It also only allows four digits in the minor currency unit; a negative value is not allowed. Using more than 18 digits in the major currency unit is not allowed.
2169
+ example: '123.45'
2170
+ required:
2171
+ - currency
2172
+ - amount
2173
+ description: The amount of fees that the paying customer will be charged as part of the transaction.
2174
+ payer:
2175
+ allOf:
2176
+ - $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
2177
+ description: Information about the Payer type, id, sub-type/id, FSP Id in the proposed financial transaction.
2178
+ payee:
2179
+ allOf:
2180
+ - title: Party
2181
+ type: object
2182
+ description: Data model for the complex type Party.
2183
+ properties:
2184
+ partyIdInfo:
2185
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
2186
+ merchantClassificationCode:
2187
+ title: MerchantClassificationCode
2188
+ type: string
2189
+ pattern: ^[\d]{1,4}$
2190
+ description: A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc.
2191
+ name:
2192
+ title: PartyName
2193
+ type: string
2194
+ minLength: 1
2195
+ maxLength: 128
2196
+ description: Name of the Party. Could be a real name or a nickname.
2197
+ personalInfo:
2198
+ title: PartyPersonalInfo
2199
+ type: object
2200
+ additionalProperties: false
2201
+ description: Data model for the complex type PartyPersonalInfo.
2202
+ properties:
2203
+ complexName:
2204
+ title: PartyComplexName
2205
+ type: object
2206
+ additionalProperties: false
2207
+ description: Data model for the complex type PartyComplexName.
2208
+ properties:
2209
+ firstName:
2210
+ title: FirstName
2211
+ type: string
2212
+ minLength: 1
2213
+ maxLength: 128
2214
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2215
+ description: First name of the Party (Name Type).
2216
+ example: Henrik
2217
+ middleName:
2218
+ title: MiddleName
2219
+ type: string
2220
+ minLength: 1
2221
+ maxLength: 128
2222
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2223
+ description: Middle name of the Party (Name Type).
2224
+ example: Johannes
2225
+ lastName:
2226
+ title: LastName
2227
+ type: string
2228
+ minLength: 1
2229
+ maxLength: 128
2230
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2231
+ description: Last name of the Party (Name Type).
2232
+ example: Karlsson
2233
+ dateOfBirth:
2234
+ title: DateofBirth (type Date)
2235
+ type: string
2236
+ pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$
2237
+ description: Date of Birth of the Party.
2238
+ example: '1966-06-16'
2239
+ kycInformation:
2240
+ title: KYCInformation
2241
+ type: string
2242
+ minLength: 1
2243
+ maxLength: 2048
2244
+ description: KYC information for the party in a form mandated by an individual scheme.
2245
+ example: |-
2246
+ {
2247
+ "metadata": {
2248
+ "format": "JSON",
2249
+ "version": "1.0",
2250
+ "description": "Data containing KYC Information"
2251
+ },
2252
+ "data": {
2253
+ "name": "John Doe",
2254
+ "dob": "1980-05-15",
2255
+ "gender": "Male",
2256
+ "address": "123 Main Street, Anytown, USA",
2257
+ "email": "johndoe@example.com",
2258
+ "phone": "+1 555-123-4567",
2259
+ "nationality": "US",
2260
+ "passport_number": "AB1234567",
2261
+ "issue_date": "2010-02-20",
2262
+ "expiry_date": "2025-02-20",
2263
+ "bank_account_number": "1234567890",
2264
+ "bank_name": "Example Bank",
2265
+ "employer": "ABC Company",
2266
+ "occupation": "Software Engineer",
2267
+ "income": "$80,000 per year",
2268
+ "marital_status": "Single",
2269
+ "dependents": 0,
2270
+ "risk_level": "Low"
2271
+ }
2272
+ }
2273
+ required:
2274
+ - partyIdInfo
2275
+ description: Information about the Payee in the proposed financial transaction.
2276
+ transactionType:
2277
+ title: TransactionType
2278
+ type: object
2279
+ additionalProperties: false
2280
+ description: Data model for the complex type TransactionType.
2281
+ properties:
2282
+ scenario:
2283
+ title: TransactionScenario
2284
+ type: string
2285
+ enum:
2286
+ - DEPOSIT
2287
+ - WITHDRAWAL
2288
+ - TRANSFER
2289
+ - PAYMENT
2290
+ - REFUND
2291
+ description: |-
2292
+ Below are the allowed values for the enumeration.
2293
+ - DEPOSIT - Used for performing a Cash-In (deposit) transaction. In a normal scenario, electronic funds are transferred from a Business account to a Consumer account, and physical cash is given from the Consumer to the Business User.
2294
+ - WITHDRAWAL - Used for performing a Cash-Out (withdrawal) transaction. In a normal scenario, electronic funds are transferred from a Consumer’s account to a Business account, and physical cash is given from the Business User to the Consumer.
2295
+ - TRANSFER - Used for performing a P2P (Peer to Peer, or Consumer to Consumer) transaction.
2296
+ - PAYMENT - Usually used for performing a transaction from a Consumer to a Merchant or Organization, but could also be for a B2B (Business to Business) payment. The transaction could be online for a purchase in an Internet store, in a physical store where both the Consumer and Business User are present, a bill payment, a donation, and so on.
2297
+ - REFUND - Used for performing a refund of transaction.
2298
+ example: DEPOSIT
2299
+ subScenario:
2300
+ title: TransactionSubScenario
2301
+ type: string
2302
+ pattern: ^[A-Z_]{1,32}$
2303
+ description: Possible sub-scenario, defined locally within the scheme (UndefinedEnum Type).
2304
+ example: LOCALLY_DEFINED_SUBSCENARIO
2305
+ initiator:
2306
+ title: TransactionInitiator
2307
+ type: string
2308
+ enum:
2309
+ - PAYER
2310
+ - PAYEE
2311
+ description: |-
2312
+ Below are the allowed values for the enumeration.
2313
+ - PAYER - Sender of funds is initiating the transaction. The account to send from is either owned by the Payer or is connected to the Payer in some way.
2314
+ - PAYEE - Recipient of the funds is initiating the transaction by sending a transaction request. The Payer must approve the transaction, either automatically by a pre-generated OTP or by pre-approval of the Payee, or by manually approving in his or her own Device.
2315
+ example: PAYEE
2316
+ initiatorType:
2317
+ title: TransactionInitiatorType
2318
+ type: string
2319
+ enum:
2320
+ - CONSUMER
2321
+ - AGENT
2322
+ - BUSINESS
2323
+ - DEVICE
2324
+ description: |-
2325
+ Below are the allowed values for the enumeration.
2326
+ - CONSUMER - Consumer is the initiator of the transaction.
2327
+ - AGENT - Agent is the initiator of the transaction.
2328
+ - BUSINESS - Business is the initiator of the transaction.
2329
+ - DEVICE - Device is the initiator of the transaction.
2330
+ example: CONSUMER
2331
+ refundInfo:
2332
+ title: Refund
2333
+ type: object
2334
+ additionalProperties: false
2335
+ description: Data model for the complex type Refund.
2336
+ properties:
2337
+ originalTransactionId:
2338
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
2339
+ refundReason:
2340
+ title: RefundReason
2341
+ type: string
2342
+ minLength: 1
2343
+ maxLength: 128
2344
+ description: Reason for the refund.
2345
+ example: Free text indicating reason for the refund.
2346
+ required:
2347
+ - originalTransactionId
2348
+ balanceOfPayments:
2349
+ title: BalanceOfPayments
2350
+ type: string
2351
+ pattern: ^[1-9]\d{2}$
2352
+ description: (BopCode) The API data type [BopCode](https://www.imf.org/external/np/sta/bopcode/) is a JSON String of 3 characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed.
2353
+ example: '123'
2354
+ required:
2355
+ - scenario
2356
+ - initiator
2357
+ - initiatorType
2358
+ expiration:
2359
+ allOf:
2360
+ - title: DateTime
2361
+ type: string
2362
+ pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:(\.\d{3}))(?:Z|[+-][01]\d:[0-5]\d)$
2363
+ description: The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html), expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples are "2016-05-24T08:38:08.699-04:00", "2016-05-24T08:38:08.699Z" (where Z indicates Zulu time zone, same as UTC).
2364
+ example: '2016-05-24T08:38:08.699-04:00'
2365
+ description: The time by which the transfer must be completed, set by the payee DFSP.
2366
+ extensionList:
2367
+ title: ExtensionList
2368
+ type: object
2369
+ additionalProperties: false
2370
+ description: Data model for the complex type ExtensionList. An optional list of extensions, specific to deployment.
2371
+ properties:
2372
+ extension:
2373
+ type: array
2374
+ items:
2375
+ title: Extension
2376
+ type: object
2377
+ additionalProperties: false
2378
+ description: Data model for the complex type Extension.
2379
+ properties:
2380
+ key:
2381
+ title: ExtensionKey
2382
+ type: string
2383
+ minLength: 1
2384
+ maxLength: 32
2385
+ description: Extension key.
2386
+ value:
2387
+ title: ExtensionValue
2388
+ type: string
2389
+ minLength: 1
2390
+ maxLength: 128
2391
+ description: Extension value.
2392
+ required:
2393
+ - key
2394
+ - value
2395
+ minItems: 1
2396
+ maxItems: 16
2397
+ description: Number of Extension elements.
2398
+ required:
2399
+ - extension
2400
+ required:
2401
+ - authorizationRequestId
2402
+ - transactionRequestId
2403
+ - challenge
2404
+ - transferAmount
2405
+ - payeeReceiveAmount
2406
+ - fees
2407
+ - payer
2408
+ - payee
2409
+ - transactionType
2410
+ - expiration
2411
+ additionalProperties: false
2412
+ responses:
2413
+ '202':
2414
+ $ref: '#/paths/~1tppConsents/post/responses/202'
2415
+ '400':
2416
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2417
+ '401':
2418
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2419
+ '403':
2420
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2421
+ '404':
2422
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2423
+ '405':
2424
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2425
+ '406':
2426
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2427
+ '501':
2428
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2429
+ '503':
2430
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2431
+ /tppAuthorizations/{ID}:
2432
+ parameters:
2433
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
2434
+ - $ref: '#/paths/~1tppConsents/parameters/0'
2435
+ - $ref: '#/paths/~1tppConsents/parameters/1'
2436
+ - $ref: '#/paths/~1tppConsents/parameters/2'
2437
+ - $ref: '#/paths/~1tppConsents/parameters/3'
2438
+ - $ref: '#/paths/~1tppConsents/parameters/4'
2439
+ - $ref: '#/paths/~1tppConsents/parameters/5'
2440
+ - $ref: '#/paths/~1tppConsents/parameters/6'
2441
+ - $ref: '#/paths/~1tppConsents/parameters/7'
2442
+ - $ref: '#/paths/~1tppConsents/parameters/8'
2443
+ get:
2444
+ description: |
2445
+ The HTTP request **GET /tppAuthorizations/**_{ID}_ is used to get information relating
2446
+ to a previously issued authorization request. The *{ID}* in the request should match the
2447
+ `authorizationRequestId` which was given when the authorization request was created.
2448
+ operationId: tppGetAuthorizationsById
2449
+ summary: ttpGetAuthorizationsById
2450
+ tags:
2451
+ - authorizations
2452
+ parameters:
2453
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
2454
+ responses:
2455
+ '202':
2456
+ $ref: '#/paths/~1tppConsents/post/responses/202'
2457
+ '400':
2458
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2459
+ '401':
2460
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2461
+ '403':
2462
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2463
+ '404':
2464
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2465
+ '405':
2466
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2467
+ '406':
2468
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2469
+ '501':
2470
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2471
+ '503':
2472
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2473
+ put:
2474
+ description: |
2475
+ After receiving the **POST /tppAuthorizations**, the PISP will present the details of the
2476
+ transaction to their user, and request that the client sign the `challenge` field using the credential
2477
+ they previously registered.
2478
+
2479
+ The signed challenge will be sent back by the PISP in **PUT /tppAuthorizations/**_{ID}_:
2480
+ operationId: tppPutAuthorizationsById
2481
+ summary: tppPutAuthorizationsById
2482
+ tags:
2483
+ - authorizations
2484
+ parameters:
2485
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
2486
+ requestBody:
2487
+ description: Signed authorization object
2488
+ required: true
2489
+ content:
2490
+ application/json:
2491
+ schema:
2492
+ oneOf:
2493
+ - title: tppAuthorizationsIDPutResponseRejected
2494
+ type: object
2495
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2496
+ properties:
2497
+ responseType:
2498
+ title: AuthorizationResponseTypeRejected
2499
+ description: |
2500
+ The customer rejected the terms of the transfer.
2501
+ type: string
2502
+ enum:
2503
+ - REJECTED
2504
+ extensionList:
2505
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2506
+ required:
2507
+ - responseType
2508
+ - title: tppAuthorizationsIDPutResponseFIDO
2509
+ type: object
2510
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2511
+ properties:
2512
+ responseType:
2513
+ title: AuthorizationResponseType
2514
+ description: |
2515
+ The customer accepted the terms of the transfer
2516
+ type: string
2517
+ enum:
2518
+ - ACCEPTED
2519
+ signedPayload:
2520
+ title: SignedPayloadFIDO
2521
+ type: object
2522
+ properties:
2523
+ signedPayloadType:
2524
+ $ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/0/properties/signedPayloadType'
2525
+ fidoSignedPayload:
2526
+ $ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/0/properties/fidoSignedPayload'
2527
+ required:
2528
+ - signedPayloadType
2529
+ - fidoSignedPayload
2530
+ additionalProperties: false
2531
+ extensionList:
2532
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2533
+ required:
2534
+ - responseType
2535
+ - signedPayload
2536
+ additionalProperties: false
2537
+ - title: tppAuthorizationsIDPutResponseGeneric
2538
+ type: object
2539
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2540
+ properties:
2541
+ responseType:
2542
+ $ref: '#/paths/~1tppAuthorizations~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/1/properties/responseType'
2543
+ signedPayload:
2544
+ title: SignedPayloadGeneric
2545
+ type: object
2546
+ properties:
2547
+ signedPayloadType:
2548
+ $ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/1/properties/signedPayloadType'
2549
+ genericSignedPayload:
2550
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
2551
+ required:
2552
+ - signedPayloadType
2553
+ - genericSignedPayload
2554
+ additionalProperties: false
2555
+ extensionList:
2556
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2557
+ required:
2558
+ - responseType
2559
+ - signedPayload
2560
+ additionalProperties: false
2561
+ responses:
2562
+ '200':
2563
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
2564
+ '400':
2565
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2566
+ '401':
2567
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2568
+ '403':
2569
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2570
+ '404':
2571
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2572
+ '405':
2573
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2574
+ '406':
2575
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2576
+ '501':
2577
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2578
+ '503':
2579
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2580
+ /tppAuthorizations/{ID}/error:
2581
+ parameters:
2582
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
2583
+ - $ref: '#/paths/~1tppConsents/parameters/0'
2584
+ - $ref: '#/paths/~1tppConsents/parameters/1'
2585
+ - $ref: '#/paths/~1tppConsents/parameters/2'
2586
+ - $ref: '#/paths/~1tppConsents/parameters/3'
2587
+ - $ref: '#/paths/~1tppConsents/parameters/4'
2588
+ - $ref: '#/paths/~1tppConsents/parameters/5'
2589
+ - $ref: '#/paths/~1tppConsents/parameters/6'
2590
+ - $ref: '#/paths/~1tppConsents/parameters/7'
2591
+ - $ref: '#/paths/~1tppConsents/parameters/8'
2592
+ put:
2593
+ tags:
2594
+ - authorizations
2595
+ operationId: tppAuthorizationsByIdAndError
2596
+ summary: tppAuthorizationsByIdAndError
2597
+ description: |
2598
+ The HTTP request `PUT /tppAuthorizations/{ID}/error` is used by the DFSP or PISP to inform
2599
+ the other party that something went wrong with a Thirdparty Transaction Authorization Request.
2600
+
2601
+ The PISP may use this to tell the DFSP that the Thirdparty Transaction Authorization Request is invalid or doesn't
2602
+ match a `transactionRequestId`.
2603
+
2604
+ The DFSP may use this to tell the PISP that the signed challenge returned in `PUT /tppAuthorizations/{ID}`
2605
+ was invalid.
2606
+ parameters:
2607
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
2608
+ requestBody:
2609
+ description: Error information returned.
2610
+ required: true
2611
+ content:
2612
+ application/json:
2613
+ schema:
2614
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
2615
+ responses:
2616
+ '200':
2617
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
2618
+ '400':
2619
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2620
+ '401':
2621
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2622
+ '403':
2623
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2624
+ '404':
2625
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2626
+ '405':
2627
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2628
+ '406':
2629
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2630
+ '501':
2631
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2632
+ '503':
2633
+ $ref: '#/paths/~1tppConsents/post/responses/503'