@mojaloop/api-snippets 18.3.1 → 18.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/audit-ci.jsonc +7 -1
- package/docs/fspiop-rest-v2.0-ISO20022-openapi3-snippets.yaml +0 -2
- package/docs/sdk-scheme-adapter-outbound-v2_1_0-openapi3-snippets.yaml +1 -1
- package/docs/thirdparty-admin-v2.0-openapi3-snippets.yaml +3705 -0
- package/docs/thirdparty-openapi3-snippets.yaml +5 -5
- package/docs/thirdparty-v1.0-openapi3-snippets.yaml +3802 -0
- package/docs/thirdparty-v2.0-openapi3-snippets.yaml +1825 -0
- package/eslint.config.mjs +70 -0
- package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification18.yaml +0 -1
- package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification23.yaml +0 -1
- package/lib/fspiop/v2_0/index.js +0 -1
- package/lib/fspiop/v2_0/index.js.map +1 -1
- package/lib/fspiop/v2_0_ISO20022/index.js +0 -1
- package/lib/fspiop/v2_0_ISO20022/index.js.map +1 -1
- package/lib/fspiop/v2_0_ISO20022/json-schemas.json +0 -71
- package/lib/fspiop/v2_0_ISO20022/schemas.d.ts +0 -140
- package/lib/index.js +0 -1
- package/lib/index.js.map +1 -1
- package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js +0 -1
- package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js.map +1 -1
- package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js +0 -1
- package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js.map +1 -1
- package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js +0 -1
- package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js.map +1 -1
- package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js +0 -1
- package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js.map +1 -1
- package/lib/sdk-scheme-adapter/v2_1_0/outbound/json-schemas.json +1 -1
- package/lib/sdk-scheme-adapter/v2_1_0/outbound/schemas.d.ts +1 -1
- package/lib/thirdparty/v2_0/openapi.d.ts +1726 -0
- package/lib/thirdparty/v2_0/openapi.js +7 -0
- package/lib/thirdparty/v2_0/openapi.js.map +1 -0
- package/package.json +48 -45
- package/sdk-scheme-adapter/v2_1_0/components/schemas/transferRequest.yaml +1 -1
- package/test/dto/{thirdparty.test.ts → thirdparty_v1_0.test.ts} +1 -1
- package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +2 -2
- package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +3 -3
- package/thirdparty/v1_0/openapi3/thirdparty-dfsp-api.yaml +68 -61
- package/thirdparty/v1_0/openapi3/thirdparty-pisp-api.yaml +82 -75
- package/thirdparty/v2_0/openapi3/components/headers/Content-Length.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/headers/Content-Type.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/Accept.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/Content-Length.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/Content-Type.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/Date.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Destination.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Encryption.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-HTTP-Method.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Signature.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Source.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-URI.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/ID.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/ServiceType.yaml +6 -0
- package/thirdparty/v2_0/openapi3/components/parameters/SubId.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/Type.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/parameters/X-Forwarded-For.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/200.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/202.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/400.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/401.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/403.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/404.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/405.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/406.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/501.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/responses/503.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Account.yaml +17 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AccountAddress.yaml +25 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AccountList.yaml +11 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Amount.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AmountType.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthenticationResponse.yaml +10 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAssertionResponse.yaml +32 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAttestationResponse.yaml +23 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseType.yaml +8 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeAccepted.yaml +6 -0
- package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeRejected.yaml +6 -0
- package/thirdparty/v2_0/openapi3/components/schemas/BinaryString.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelType.yaml +9 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeOTP.yaml +6 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeWeb.yaml +6 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPatchRequest.yaml +16 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseOTP.yaml +30 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseWeb.yaml +39 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsPostRequest.yaml +44 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatus.yaml +9 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusIssued.yaml +7 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusRevoked.yaml +7 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseRevoked.yaml +17 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseVerified.yaml +19 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseSigned.yaml +23 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseVerified.yaml +23 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestAUTH.yaml +33 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestPISP.yaml +32 -0
- package/thirdparty/v2_0/openapi3/components/schemas/CorrelationId.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusPending.yaml +7 -0
- package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusVerified.yaml +7 -0
- package/thirdparty/v2_0/openapi3/components/schemas/CredentialType.yaml +11 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Currency.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/DateOfBirth.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/DateTime.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ErrorCode.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ErrorDescription.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ErrorInformation.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Extension.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ExtensionKey.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ExtensionList.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ExtensionValue.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +71 -0
- package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +54 -0
- package/thirdparty/v2_0/openapi3/components/schemas/FirstName.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/FspId.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/GenericCredential.yaml +13 -0
- package/thirdparty/v2_0/openapi3/components/schemas/GeoCode.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/IlpCondition.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/IlpFulfilment.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/IlpPacket.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Integer.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/LastName.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Latitude.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Longitude.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/MerchantClassificationCode.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/MiddleName.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Money.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Name.yaml +2 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Note.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsIDPutResponse.yaml +17 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsPostRequest.yaml +20 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDPutResponse.yaml +8 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDSubIDPostRequest.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartiesTypeIDPutResponse.yaml +13 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Party.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyComplexName.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfo.yaml +17 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfoTPLink.yaml +17 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyIdType.yaml +58 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyIdTypeTPLink.yaml +7 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyIdentifier.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyName.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyPersonalInfo.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyResult.yaml +10 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartySubIdOrType.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/PartyTPLink.yaml +14 -0
- package/thirdparty/v2_0/openapi3/components/schemas/QuotesIDPutResponse.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/QuotesPostRequest.yaml +79 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Scope.yaml +20 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ScopeAction.yaml +14 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ServiceType.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/ServicesServiceTypePutResponse.yaml +26 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedCredential.yaml +23 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadFIDO.yaml +11 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadGeneric.yaml +11 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadType.yaml +9 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeFIDO.yaml +5 -0
- package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeGeneric.yaml +5 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Transaction.yaml +43 -0
- package/thirdparty/v2_0/openapi3/components/schemas/TransactionRequestState.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/TransactionState.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/TransactionType.yaml +1 -0
- package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestFIDO.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestGeneric.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/Uri.yaml +8 -0
- package/thirdparty/v2_0/openapi3/components/schemas/VerifiedCredential.yaml +23 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPostRequest.yaml +35 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPutResponse.yaml +30 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAccountsIDPutResponse.yaml +21 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseFIDO.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseGeneric.yaml +15 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseRejected.yaml +10 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsPostRequest.yaml +67 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPostRequest.yaml +60 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPutResponse.yaml +67 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPostRequest.yaml +19 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPutResponse.yaml +25 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsIDPutResponse.yaml +19 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestFIDO.yaml +28 -0
- package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestGeneric.yaml +28 -0
- package/thirdparty/v2_0/openapi3/openapi-admin.yaml +99 -0
- package/thirdparty/v2_0/openapi3/openapi.yaml +64 -0
- package/thirdparty/v2_0/openapi3/paths/health.yaml +25 -0
- package/thirdparty/v2_0/openapi3/paths/metrics.yaml +25 -0
- package/thirdparty/v2_0/openapi3/paths/participants.yaml +50 -0
- package/thirdparty/v2_0/openapi3/paths/participants_ID.yaml +49 -0
- package/thirdparty/v2_0/openapi3/paths/participants_ID_error.yaml +51 -0
- package/thirdparty/v2_0/openapi3/paths/participants_Type_ID.yaml +169 -0
- package/thirdparty/v2_0/openapi3/paths/participants_Type_ID_error.yaml +52 -0
- package/thirdparty/v2_0/openapi3/paths/services_ServiceType.yaml +77 -0
- package/thirdparty/v2_0/openapi3/paths/services_ServiceType_error.yaml +49 -0
- package/thirdparty/v2_0/openapi3/paths/tppAccountRequest.yaml +49 -0
- package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID.yaml +86 -0
- package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID_error.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID.yaml +88 -0
- package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID_error.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppAuthorizations.yaml +51 -0
- package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID.yaml +86 -0
- package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID_error.yaml +55 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsentRequests.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID.yaml +123 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID_error.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsents.yaml +49 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsents_ID.yaml +165 -0
- package/thirdparty/v2_0/openapi3/paths/tppConsents_ID_error.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests.yaml +48 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID.yaml +83 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID_error.yaml +52 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransfers.yaml +47 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID.yaml +86 -0
- package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID_error.yaml +52 -0
- package/thirdparty/v2_0/openapi3/paths/tppVerifications.yaml +49 -0
- package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID.yaml +87 -0
- package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID_error.yaml +49 -0
- package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.template.yaml +53 -0
- package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.yaml +2633 -0
- package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.template.yaml +57 -0
- package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.yaml +3103 -0
- package/tsconfig.build.json +4 -3
|
@@ -0,0 +1,2633 @@
|
|
|
1
|
+
openapi: 3.0.2
|
|
2
|
+
info:
|
|
3
|
+
title: Mojaloop Third Party Admin API for DFSPs
|
|
4
|
+
version: '2.0'
|
|
5
|
+
description: |
|
|
6
|
+
A Mojaloop API for DFSPs supporting Third Party functions.
|
|
7
|
+
DFSPs who want to enable Payment Initiation Service Providers (PISPs) to perform actions on behalf of a DFSP's user should implement this API.
|
|
8
|
+
PISPs should implement the accompanying API - Mojaloop Third Party API (PISP) instead.
|
|
9
|
+
license:
|
|
10
|
+
name: Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)
|
|
11
|
+
url: https://github.com/mojaloop/mojaloop-specification/blob/main/LICENSE.md
|
|
12
|
+
servers:
|
|
13
|
+
- url: /
|
|
14
|
+
paths:
|
|
15
|
+
/tppAccountRequest:
|
|
16
|
+
parameters:
|
|
17
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
18
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
19
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
20
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
21
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
22
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
23
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
24
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
25
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
26
|
+
post:
|
|
27
|
+
tags:
|
|
28
|
+
- accountRequest
|
|
29
|
+
operationId: AuthorisingAccountRequest
|
|
30
|
+
summary: AuthorisingAccountRequest
|
|
31
|
+
description: |
|
|
32
|
+
The `/tppAccountsRequest` resource is used to request consent from a user
|
|
33
|
+
for access to their accounts information. This resource must be called before
|
|
34
|
+
the /tppAccounts resource can be queried which provides the account information.
|
|
35
|
+
parameters:
|
|
36
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
37
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
38
|
+
requestBody:
|
|
39
|
+
description: The consentRequest to create
|
|
40
|
+
required: true
|
|
41
|
+
content:
|
|
42
|
+
application/json:
|
|
43
|
+
schema:
|
|
44
|
+
title: AccountRequestPostRequest
|
|
45
|
+
type: object
|
|
46
|
+
description: |-
|
|
47
|
+
Used by: PISP
|
|
48
|
+
The /tppAccountsRequest resource is used to request consent from a user for access to their accounts information. This resource must be called before the /tppAccounts resource can be queried which provides the account information.
|
|
49
|
+
Callback and data model for POST /tppAccountRequest:
|
|
50
|
+
Callback: PUT /tppAccountRequests/{ID} Error callback: PUT /tppAccountRequests/{ID}/error Data model - see below url
|
|
51
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31212-post-accountrequest
|
|
52
|
+
properties:
|
|
53
|
+
accountRequestId:
|
|
54
|
+
title: CorrelationId
|
|
55
|
+
type: string
|
|
56
|
+
pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[1-7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$|^[0-9A-HJKMNP-TV-Z]{26}$
|
|
57
|
+
description: Identifier that correlates all messages of the same sequence. The supported identifiers formats are for lowercase [UUID](https://datatracker.ietf.org/doc/html/rfc9562) and uppercase [ULID](https://github.com/ulid/spec)
|
|
58
|
+
example: b51ec534-ee48-4575-b6a9-ead2955b8069
|
|
59
|
+
partyItentifier:
|
|
60
|
+
title: PartyIdentifier
|
|
61
|
+
type: string
|
|
62
|
+
minLength: 1
|
|
63
|
+
maxLength: 128
|
|
64
|
+
description: Identifier of the Party.
|
|
65
|
+
example: '16135551212'
|
|
66
|
+
authChannels:
|
|
67
|
+
type: array
|
|
68
|
+
minLength: 1
|
|
69
|
+
maxLength: 256
|
|
70
|
+
items:
|
|
71
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
|
|
72
|
+
callbackUri:
|
|
73
|
+
title: Uri
|
|
74
|
+
type: string
|
|
75
|
+
pattern: ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?
|
|
76
|
+
minLength: 1
|
|
77
|
+
maxLength: 512
|
|
78
|
+
description: |
|
|
79
|
+
The API data type Uri is a JSON string in a canonical format that is restricted by a regular expression for interoperability reasons.
|
|
80
|
+
required:
|
|
81
|
+
- accountRequestId
|
|
82
|
+
- partyIdInfo
|
|
83
|
+
- authChannels
|
|
84
|
+
- callbackUri
|
|
85
|
+
responses:
|
|
86
|
+
'202':
|
|
87
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
88
|
+
'400':
|
|
89
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
90
|
+
'401':
|
|
91
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
92
|
+
'403':
|
|
93
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
94
|
+
'404':
|
|
95
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
96
|
+
'405':
|
|
97
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
98
|
+
'406':
|
|
99
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
100
|
+
'501':
|
|
101
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
102
|
+
'503':
|
|
103
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
104
|
+
/tppAccountRequest/{ID}:
|
|
105
|
+
parameters:
|
|
106
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
107
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
108
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
109
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
110
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
111
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
112
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
113
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
114
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
115
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
116
|
+
get:
|
|
117
|
+
operationId: GetAccountRequest
|
|
118
|
+
summary: GetAccountRequest
|
|
119
|
+
description: |
|
|
120
|
+
The `GET /tppAccountsRequest/{ID}` is used to request status of POST /tppAccountRequest/ call.
|
|
121
|
+
The *{ID}* in the URI should contain the accountRequestId that was assigned to the
|
|
122
|
+
request by the PISP when the PISP originated the request. The result is return via the PUT callback.
|
|
123
|
+
tags:
|
|
124
|
+
- accountRequest
|
|
125
|
+
parameters:
|
|
126
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
127
|
+
responses:
|
|
128
|
+
'202':
|
|
129
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
130
|
+
'400':
|
|
131
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
132
|
+
'401':
|
|
133
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
134
|
+
'403':
|
|
135
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
136
|
+
'404':
|
|
137
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
138
|
+
'405':
|
|
139
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
140
|
+
'406':
|
|
141
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
142
|
+
'501':
|
|
143
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
144
|
+
'503':
|
|
145
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
146
|
+
put:
|
|
147
|
+
tags:
|
|
148
|
+
- accountRequest
|
|
149
|
+
operationId: UpdateAccountRequest
|
|
150
|
+
summary: UpdateAccountRequest
|
|
151
|
+
description: |
|
|
152
|
+
A DFSP uses this callback to (1) inform the PISP that the accountRequest has been accepted,
|
|
153
|
+
and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
|
|
154
|
+
with.
|
|
155
|
+
|
|
156
|
+
When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer,
|
|
157
|
+
not all the permissions requested may be granted by the DFSP.
|
|
158
|
+
Conversely, the out-of-loop authorization process may result in additional privileges
|
|
159
|
+
being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>`
|
|
160
|
+
resource returns the current state of the permissions relating to a particular
|
|
161
|
+
authorization request.
|
|
162
|
+
parameters:
|
|
163
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
164
|
+
requestBody:
|
|
165
|
+
required: true
|
|
166
|
+
content:
|
|
167
|
+
application/json:
|
|
168
|
+
schema:
|
|
169
|
+
title: AccountRequestPutResponse
|
|
170
|
+
type: object
|
|
171
|
+
description: |-
|
|
172
|
+
Used by: PISP
|
|
173
|
+
This is the message that the DFSP sends to the PISP to inform the PISP that the accountRequest has been accepted, and to communicate to the PISP which `authChannel` it should use to authenticate their user with. I.e. it is a response to a POST /tppAccountsRequest request, or a GET /tppAccountsRequest/{ID} request.
|
|
174
|
+
When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer, not all the permissions requested may be granted by the DFSP. Conversely, the out-of-loop authorization process may result in additional privileges being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>` resource returns the current state of the permissions relating to a particular authorization request.
|
|
175
|
+
|
|
176
|
+
properties:
|
|
177
|
+
authChannel:
|
|
178
|
+
title: ConsentRequestChannelType
|
|
179
|
+
type: string
|
|
180
|
+
enum:
|
|
181
|
+
- WEB
|
|
182
|
+
- OTP
|
|
183
|
+
description: |
|
|
184
|
+
The auth channel being used for the consent request.
|
|
185
|
+
- WEB - DFSP can support authorization via a web-based login.
|
|
186
|
+
- OTP - DFSP can support authorization via a One Time PIN.
|
|
187
|
+
callbackUri:
|
|
188
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
189
|
+
authUri:
|
|
190
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
191
|
+
authToken:
|
|
192
|
+
type: string
|
|
193
|
+
pattern: ^[A-Za-z0-9-_]+[=]{0,2}$
|
|
194
|
+
description: The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.
|
|
195
|
+
required:
|
|
196
|
+
- authChannels
|
|
197
|
+
responses:
|
|
198
|
+
'202':
|
|
199
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
200
|
+
'400':
|
|
201
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
202
|
+
'401':
|
|
203
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
204
|
+
'403':
|
|
205
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
206
|
+
'404':
|
|
207
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
208
|
+
'405':
|
|
209
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
210
|
+
'406':
|
|
211
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
212
|
+
'501':
|
|
213
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
214
|
+
'503':
|
|
215
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
216
|
+
/tppAccountRequest/{ID}/error:
|
|
217
|
+
parameters:
|
|
218
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
219
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
220
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
221
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
222
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
223
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
224
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
225
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
226
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
227
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
228
|
+
put:
|
|
229
|
+
tags:
|
|
230
|
+
- accountRequest
|
|
231
|
+
operationId: NotifyErrorAccountRequest
|
|
232
|
+
summary: NotifyErrorAccountRequest
|
|
233
|
+
description: |
|
|
234
|
+
DFSP responds to the PISP if something went wrong with validating an OTP or secret.
|
|
235
|
+
parameters:
|
|
236
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
237
|
+
requestBody:
|
|
238
|
+
description: Error information returned.
|
|
239
|
+
required: true
|
|
240
|
+
content:
|
|
241
|
+
application/json:
|
|
242
|
+
schema:
|
|
243
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
|
|
244
|
+
responses:
|
|
245
|
+
'200':
|
|
246
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
247
|
+
'400':
|
|
248
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
249
|
+
'401':
|
|
250
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
251
|
+
'403':
|
|
252
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
253
|
+
'404':
|
|
254
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
255
|
+
'405':
|
|
256
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
257
|
+
'406':
|
|
258
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
259
|
+
'501':
|
|
260
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
261
|
+
'503':
|
|
262
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
263
|
+
/tppAccounts/{ID}:
|
|
264
|
+
parameters:
|
|
265
|
+
- name: ID
|
|
266
|
+
in: path
|
|
267
|
+
required: true
|
|
268
|
+
schema:
|
|
269
|
+
type: string
|
|
270
|
+
description: The identifier value.
|
|
271
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
272
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
273
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
274
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
275
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
276
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
277
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
278
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
279
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
280
|
+
get:
|
|
281
|
+
operationId: GetAccountsByUserId
|
|
282
|
+
summary: GetAccountsByUserId
|
|
283
|
+
description: |
|
|
284
|
+
The HTTP request `GET /tppAccounts/{ID}/{SignedChallenge}` is used to retrieve the list of potential accounts available for linking.
|
|
285
|
+
The request `{ID}` is the accountRequestID and the `{SignedChallenge}` is the signed challenge that resulted from the `POST /tppAccountRequest/` callback.
|
|
286
|
+
|
|
287
|
+
The signed challenge must match the authentication channel that was selected by the DFSP. For example, if the WEB authentication channel was selected by the DFSP, then signed challenge needs to be authToken, otherwise if the OTP channel was selected, then it needs to be the OTP that was entered by the party.
|
|
288
|
+
(For example, GET /tppAccounts/12345/56789).
|
|
289
|
+
tags:
|
|
290
|
+
- accounts
|
|
291
|
+
parameters:
|
|
292
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
293
|
+
responses:
|
|
294
|
+
'202':
|
|
295
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
296
|
+
'400':
|
|
297
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
298
|
+
'401':
|
|
299
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
300
|
+
'403':
|
|
301
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
302
|
+
'404':
|
|
303
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
304
|
+
'405':
|
|
305
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
306
|
+
'406':
|
|
307
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
308
|
+
'501':
|
|
309
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
310
|
+
'503':
|
|
311
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
312
|
+
put:
|
|
313
|
+
description: |
|
|
314
|
+
The HTTP request `PUT /tppAccounts/{ID}` is used to return the list of potential accounts available for linking
|
|
315
|
+
operationId: UpdateAccountsByUserId
|
|
316
|
+
summary: UpdateAccountsByUserId
|
|
317
|
+
tags:
|
|
318
|
+
- accounts
|
|
319
|
+
parameters:
|
|
320
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
321
|
+
requestBody:
|
|
322
|
+
required: true
|
|
323
|
+
content:
|
|
324
|
+
application/json:
|
|
325
|
+
schema:
|
|
326
|
+
title: AccountsIDPutResponse
|
|
327
|
+
type: object
|
|
328
|
+
description: |-
|
|
329
|
+
Callback and data model information for GET /accounts/{ID}:
|
|
330
|
+
Callback - PUT /tppAccounts/{ID} Error Callback - PUT /tppAccounts/{ID}/error Data Model - Empty body
|
|
331
|
+
The PUT /accounts/{ID} response is used to inform the requester of the result of a request for accounts information. The identifier ID given in the call are the values given in the original request.
|
|
332
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31121--put-accountsid
|
|
333
|
+
properties:
|
|
334
|
+
accounts:
|
|
335
|
+
title: AccountList
|
|
336
|
+
type: array
|
|
337
|
+
description: |-
|
|
338
|
+
The AccountList data model is used to hold information about the accounts that a party controls.
|
|
339
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3213-accountlist
|
|
340
|
+
items:
|
|
341
|
+
title: Account
|
|
342
|
+
type: object
|
|
343
|
+
description: |-
|
|
344
|
+
Data model for the complex type Account.
|
|
345
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3211-account
|
|
346
|
+
properties:
|
|
347
|
+
accountNickname:
|
|
348
|
+
title: Name
|
|
349
|
+
type: string
|
|
350
|
+
pattern: ^(?!\s*$)[\w .,'-]{1,128}$
|
|
351
|
+
description: |-
|
|
352
|
+
The API data type Name is a JSON String, restricted by a regular expression to avoid characters which are generally not used in a name.
|
|
353
|
+
|
|
354
|
+
Regular Expression - The regular expression for restricting the Name type is "^(?!\s*$)[\w .,'-]{1,128}$". The restriction does not allow a string consisting of whitespace only, all Unicode characters are allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) and space characters ( ).
|
|
355
|
+
|
|
356
|
+
**Note:** In some programming languages, Unicode support must be specifically enabled. For example, if Java is used, the flag UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters.
|
|
357
|
+
address:
|
|
358
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items/properties/address'
|
|
359
|
+
currency:
|
|
360
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0/properties/currency'
|
|
361
|
+
required:
|
|
362
|
+
- accountNickname
|
|
363
|
+
- address
|
|
364
|
+
- currency
|
|
365
|
+
minItems: 1
|
|
366
|
+
maxItems: 256
|
|
367
|
+
extensionList:
|
|
368
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
369
|
+
required:
|
|
370
|
+
- accounts
|
|
371
|
+
example:
|
|
372
|
+
- accountNickname: dfspa.user.nickname1
|
|
373
|
+
id: dfspa.username.1234
|
|
374
|
+
currency: ZAR
|
|
375
|
+
- accountNickname: dfspa.user.nickname2
|
|
376
|
+
id: dfspa.username.5678
|
|
377
|
+
currency: USD
|
|
378
|
+
responses:
|
|
379
|
+
'200':
|
|
380
|
+
description: OK
|
|
381
|
+
'400':
|
|
382
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
383
|
+
'401':
|
|
384
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
385
|
+
'403':
|
|
386
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
387
|
+
'404':
|
|
388
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
389
|
+
'405':
|
|
390
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
391
|
+
'406':
|
|
392
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
393
|
+
'501':
|
|
394
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
395
|
+
'503':
|
|
396
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
397
|
+
/tppAccounts/{ID}/error:
|
|
398
|
+
parameters:
|
|
399
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
400
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
401
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
402
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
403
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
404
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
405
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
406
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
407
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
408
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
409
|
+
put:
|
|
410
|
+
description: |
|
|
411
|
+
The HTTP request `PUT /ttpAccounts/{ID}/error` is used to return error information
|
|
412
|
+
operationId: UpdateAccountsByUserIdError
|
|
413
|
+
summary: UpdateAccountsByUserIdError
|
|
414
|
+
tags:
|
|
415
|
+
- accounts
|
|
416
|
+
parameters:
|
|
417
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
418
|
+
requestBody:
|
|
419
|
+
description: Details of the error returned.
|
|
420
|
+
required: true
|
|
421
|
+
content:
|
|
422
|
+
application/json:
|
|
423
|
+
schema:
|
|
424
|
+
title: ErrorInformationObject
|
|
425
|
+
type: object
|
|
426
|
+
additionalProperties: false
|
|
427
|
+
description: Data model for the complex type object that contains ErrorInformation.
|
|
428
|
+
properties:
|
|
429
|
+
errorInformation:
|
|
430
|
+
title: ErrorInformation
|
|
431
|
+
type: object
|
|
432
|
+
additionalProperties: false
|
|
433
|
+
description: Data model for the complex type ErrorInformation.
|
|
434
|
+
properties:
|
|
435
|
+
errorCode:
|
|
436
|
+
title: ErrorCode
|
|
437
|
+
type: string
|
|
438
|
+
pattern: ^[1-9]\d{3}$
|
|
439
|
+
description: The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represent the specific error.
|
|
440
|
+
example: '5100'
|
|
441
|
+
errorDescription:
|
|
442
|
+
title: ErrorDescription
|
|
443
|
+
type: string
|
|
444
|
+
minLength: 1
|
|
445
|
+
maxLength: 128
|
|
446
|
+
description: Error description string.
|
|
447
|
+
extensionList:
|
|
448
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
449
|
+
required:
|
|
450
|
+
- errorCode
|
|
451
|
+
- errorDescription
|
|
452
|
+
required:
|
|
453
|
+
- errorInformation
|
|
454
|
+
responses:
|
|
455
|
+
'200':
|
|
456
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
457
|
+
'400':
|
|
458
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
459
|
+
'401':
|
|
460
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
461
|
+
'403':
|
|
462
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
463
|
+
'404':
|
|
464
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
465
|
+
'405':
|
|
466
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
467
|
+
'406':
|
|
468
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
469
|
+
'501':
|
|
470
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
471
|
+
'503':
|
|
472
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
473
|
+
/tppConsentRequests:
|
|
474
|
+
parameters:
|
|
475
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
476
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
477
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
478
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
479
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
480
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
481
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
482
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
483
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
484
|
+
post:
|
|
485
|
+
tags:
|
|
486
|
+
- consentRequests
|
|
487
|
+
operationId: CreateConsentRequest
|
|
488
|
+
summary: CreateConsentRequest
|
|
489
|
+
description: |
|
|
490
|
+
The HTTP request **POST /tppConsentRequests** is used to request a DFSP to grant access to one or more
|
|
491
|
+
accounts owned by a customer of the DFSP for the PISP who sends the request.
|
|
492
|
+
parameters:
|
|
493
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
494
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
495
|
+
requestBody:
|
|
496
|
+
description: The consentRequest to create
|
|
497
|
+
required: true
|
|
498
|
+
content:
|
|
499
|
+
application/json:
|
|
500
|
+
schema:
|
|
501
|
+
title: ConsentRequestsPostRequest
|
|
502
|
+
type: object
|
|
503
|
+
description: |-
|
|
504
|
+
Used by: PISP
|
|
505
|
+
The HTTP request POST /tppConsentRequests is used to request a DFSP to grant access to one or more accounts owned by a customer of the DFSP for the PISP who sends the request.
|
|
506
|
+
Callback and data model for POST /tppConsentRequests:
|
|
507
|
+
Callback: PUT /tppConsentRequests/{ID} Error callback: PUT /tppConsentRequests/{ID}/error
|
|
508
|
+
properties:
|
|
509
|
+
consentRequestId:
|
|
510
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
511
|
+
partyIdInfo:
|
|
512
|
+
title: PartyIdInfo
|
|
513
|
+
type: object
|
|
514
|
+
description: Data model for the complex type PartyIdInfo.
|
|
515
|
+
properties:
|
|
516
|
+
partyIdType:
|
|
517
|
+
title: PartyIdType
|
|
518
|
+
type: string
|
|
519
|
+
enum:
|
|
520
|
+
- MSISDN
|
|
521
|
+
- EMAIL
|
|
522
|
+
- PERSONAL_ID
|
|
523
|
+
- BUSINESS
|
|
524
|
+
- DEVICE
|
|
525
|
+
- ACCOUNT_ID
|
|
526
|
+
- IBAN
|
|
527
|
+
- ALIAS
|
|
528
|
+
- CONSENT
|
|
529
|
+
- THIRD_PARTY_LINK
|
|
530
|
+
description: |
|
|
531
|
+
Below are the allowed values for the enumeration.
|
|
532
|
+
- MSISDN - An MSISDN (Mobile Station International Subscriber Directory
|
|
533
|
+
Number, that is, the phone number) is used as reference to a participant.
|
|
534
|
+
The MSISDN identifier should be in international format according to the
|
|
535
|
+
[ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en).
|
|
536
|
+
Optionally, the MSISDN may be prefixed by a single plus sign, indicating the
|
|
537
|
+
international prefix.
|
|
538
|
+
- EMAIL - An email is used as reference to a
|
|
539
|
+
participant. The format of the email should be according to the informational
|
|
540
|
+
[RFC 3696](https://tools.ietf.org/html/rfc3696).
|
|
541
|
+
- PERSONAL_ID - A personal identifier is used as reference to a participant.
|
|
542
|
+
Examples of personal identification are passport number, birth certificate
|
|
543
|
+
number, and national registration number. The identifier number is added in
|
|
544
|
+
the PartyIdentifier element. The personal identifier type is added in the
|
|
545
|
+
PartySubIdOrType element.
|
|
546
|
+
- BUSINESS - A specific Business (for example, an organization or a company)
|
|
547
|
+
is used as reference to a participant. The BUSINESS identifier can be in any
|
|
548
|
+
format. To make a transaction connected to a specific username or bill number
|
|
549
|
+
in a Business, the PartySubIdOrType element should be used.
|
|
550
|
+
- DEVICE - A specific device (for example, a POS or ATM) ID connected to a
|
|
551
|
+
specific business or organization is used as reference to a Party.
|
|
552
|
+
For referencing a specific device under a specific business or organization,
|
|
553
|
+
use the PartySubIdOrType element.
|
|
554
|
+
- ACCOUNT_ID - A bank account number or FSP account ID should be used as
|
|
555
|
+
reference to a participant. The ACCOUNT_ID identifier can be in any format,
|
|
556
|
+
as formats can greatly differ depending on country and FSP.
|
|
557
|
+
- IBAN - A bank account number or FSP account ID is used as reference to a
|
|
558
|
+
participant. The IBAN identifier can consist of up to 34 alphanumeric
|
|
559
|
+
characters and should be entered without whitespace.
|
|
560
|
+
- ALIAS An alias is used as reference to a participant. The alias should be
|
|
561
|
+
created in the FSP as an alternative reference to an account owner.
|
|
562
|
+
Another example of an alias is a username in the FSP system.
|
|
563
|
+
The ALIAS identifier can be in any format. It is also possible to use the
|
|
564
|
+
PartySubIdOrType element for identifying an account under an Alias defined
|
|
565
|
+
by the PartyIdentifier.
|
|
566
|
+
- CONSENT - A Consent represents an agreement between a PISP, a Customer and
|
|
567
|
+
a DFSP which allows the PISP permission to perform actions on behalf of the
|
|
568
|
+
customer. A Consent has an authoritative source: either the DFSP who issued
|
|
569
|
+
the Consent, or an Auth Service which administers the Consent.
|
|
570
|
+
- THIRD_PARTY_LINK - A Third Party Link represents an agreement between a PISP,
|
|
571
|
+
a DFSP, and a specific Customer's account at the DFSP. The content of the link
|
|
572
|
+
is created by the DFSP at the time when it gives permission to the PISP for
|
|
573
|
+
specific access to a given account.
|
|
574
|
+
example: PERSONAL_ID
|
|
575
|
+
partyIdentifier:
|
|
576
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/partyItentifier'
|
|
577
|
+
partySubIdOrType:
|
|
578
|
+
title: PartySubIdOrType
|
|
579
|
+
type: string
|
|
580
|
+
minLength: 1
|
|
581
|
+
maxLength: 128
|
|
582
|
+
description: Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType.
|
|
583
|
+
fspId:
|
|
584
|
+
title: FspId
|
|
585
|
+
type: string
|
|
586
|
+
minLength: 1
|
|
587
|
+
maxLength: 32
|
|
588
|
+
description: FSP identifier.
|
|
589
|
+
extensionList:
|
|
590
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
591
|
+
required:
|
|
592
|
+
- partyIdType
|
|
593
|
+
- partyIdentifier
|
|
594
|
+
scopes:
|
|
595
|
+
type: array
|
|
596
|
+
minLength: 1
|
|
597
|
+
maxLength: 256
|
|
598
|
+
items:
|
|
599
|
+
title: Scope
|
|
600
|
+
type: object
|
|
601
|
+
description: |-
|
|
602
|
+
The Scope element contains an identifier defining, in the terms of a DFSP, an account on which access types can be requested or granted. It also defines the access types which are requested or granted.
|
|
603
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32121-scope
|
|
604
|
+
properties:
|
|
605
|
+
address:
|
|
606
|
+
title: AccountAddress
|
|
607
|
+
type: string
|
|
608
|
+
description: |-
|
|
609
|
+
The AccountAddress data type is a variable length string with a maximum size of 1023 characters and consists of:
|
|
610
|
+
Alphanumeric characters, upper or lower case. (Addresses are case-sensitive so that they can contain data encoded in formats such as base64url.)
|
|
611
|
+
- Underscore (_) - Tilde (~) - Hyphen (-) - Period (.) Addresses MUST NOT end in a period (.) character
|
|
612
|
+
An entity providing accounts to parties (i.e. a participant) can provide any value for an AccountAddress that is meaningful to that entity. It does not need to provide an address that makes the account identifiable outside the entity's domain.
|
|
613
|
+
IMPORTANT: The policy for defining addresses and the life-cycle of these is at the discretion of the address space owner (the payer DFSP in this case).
|
|
614
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3212-accountaddress
|
|
615
|
+
pattern: ^([0-9A-Za-z_~\-\.]+[0-9A-Za-z_~\-])$
|
|
616
|
+
minLength: 1
|
|
617
|
+
maxLength: 1023
|
|
618
|
+
actions:
|
|
619
|
+
type: array
|
|
620
|
+
minItems: 1
|
|
621
|
+
maxItems: 32
|
|
622
|
+
items:
|
|
623
|
+
title: ScopeAction
|
|
624
|
+
type: string
|
|
625
|
+
description: |
|
|
626
|
+
The ScopeAction element contains an access type which a PISP can request
|
|
627
|
+
from a DFSP, or which a DFSP can grant to a PISP.
|
|
628
|
+
It must be a member of the appropriate enumeration.
|
|
629
|
+
|
|
630
|
+
- ACCOUNTS_GET_BALANCE: PISP can request a balance for the linked account
|
|
631
|
+
- ACCOUNTS_TRANSFER: PISP can request a transfer of funds from the linked account in the DFSP
|
|
632
|
+
- ACCOUNTS_STATEMENT: PISP can request a statement of individual transactions on a user's account
|
|
633
|
+
enum:
|
|
634
|
+
- ACCOUNTS_GET_BALANCE
|
|
635
|
+
- ACCOUNTS_TRANSFER
|
|
636
|
+
- ACCOUNTS_STATEMENT
|
|
637
|
+
required:
|
|
638
|
+
- address
|
|
639
|
+
- actions
|
|
640
|
+
authChannels:
|
|
641
|
+
type: array
|
|
642
|
+
minLength: 1
|
|
643
|
+
maxLength: 256
|
|
644
|
+
items:
|
|
645
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
|
|
646
|
+
callbackUri:
|
|
647
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
648
|
+
extensionList:
|
|
649
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
650
|
+
required:
|
|
651
|
+
- consentRequestId
|
|
652
|
+
- partyIdInfo
|
|
653
|
+
- scopes
|
|
654
|
+
- authChannels
|
|
655
|
+
- callbackUri
|
|
656
|
+
responses:
|
|
657
|
+
'202':
|
|
658
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
659
|
+
'400':
|
|
660
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
661
|
+
'401':
|
|
662
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
663
|
+
'403':
|
|
664
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
665
|
+
'404':
|
|
666
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
667
|
+
'405':
|
|
668
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
669
|
+
'406':
|
|
670
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
671
|
+
'501':
|
|
672
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
673
|
+
'503':
|
|
674
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
675
|
+
/tppConsentRequests/{ID}:
|
|
676
|
+
parameters:
|
|
677
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
678
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
679
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
680
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
681
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
682
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
683
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
684
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
685
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
686
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
687
|
+
get:
|
|
688
|
+
operationId: GetConsentRequestsById
|
|
689
|
+
summary: GetConsentRequestsById
|
|
690
|
+
description: |
|
|
691
|
+
The HTTP request `GET /tppConsentRequests/{ID}` is used to get information about a previously
|
|
692
|
+
requested consent. The *{ID}* in the URI should contain the consentRequestId that was assigned to the
|
|
693
|
+
request by the PISP when the PISP originated the request.
|
|
694
|
+
tags:
|
|
695
|
+
- consentRequests
|
|
696
|
+
parameters:
|
|
697
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
698
|
+
responses:
|
|
699
|
+
'202':
|
|
700
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
701
|
+
'400':
|
|
702
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
703
|
+
'401':
|
|
704
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
705
|
+
'403':
|
|
706
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
707
|
+
'404':
|
|
708
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
709
|
+
'405':
|
|
710
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
711
|
+
'406':
|
|
712
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
713
|
+
'501':
|
|
714
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
715
|
+
'503':
|
|
716
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
717
|
+
put:
|
|
718
|
+
tags:
|
|
719
|
+
- consentRequests
|
|
720
|
+
operationId: UpdateConsentRequest
|
|
721
|
+
summary: UpdateConsentRequest
|
|
722
|
+
description: |
|
|
723
|
+
A DFSP uses this callback to (1) inform the PISP that the consentRequest has been accepted,
|
|
724
|
+
and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
|
|
725
|
+
with.
|
|
726
|
+
|
|
727
|
+
When a PISP requests a series of permissions from a DFSP on behalf of a DFSP’s customer, not all
|
|
728
|
+
the permissions requested may be granted by the DFSP. Conversely, the out-of-band authorization
|
|
729
|
+
process may result in additional privileges being granted by the account holder to the PISP. The
|
|
730
|
+
**PUT /consentRequests/**_{ID}_ resource returns the current state of the permissions relating to a
|
|
731
|
+
particular authorization request.
|
|
732
|
+
parameters:
|
|
733
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
734
|
+
requestBody:
|
|
735
|
+
required: true
|
|
736
|
+
content:
|
|
737
|
+
application/json:
|
|
738
|
+
schema:
|
|
739
|
+
oneOf:
|
|
740
|
+
- title: ConsentRequestsIDPutResponseWeb
|
|
741
|
+
type: object
|
|
742
|
+
description: |
|
|
743
|
+
The object sent in a `PUT /tppConsentRequests/{ID}` request.
|
|
744
|
+
|
|
745
|
+
Schema used in the request consent phase of the account linking web flow,
|
|
746
|
+
the result is the PISP being instructed on a specific URL where this
|
|
747
|
+
supposed user should be redirected. This URL should be a place where
|
|
748
|
+
the user can prove their identity (e.g., by logging in).
|
|
749
|
+
properties:
|
|
750
|
+
scopes:
|
|
751
|
+
type: array
|
|
752
|
+
minLength: 1
|
|
753
|
+
maxLength: 256
|
|
754
|
+
items:
|
|
755
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
756
|
+
authChannels:
|
|
757
|
+
type: array
|
|
758
|
+
minLength: 1
|
|
759
|
+
maxLength: 1
|
|
760
|
+
items:
|
|
761
|
+
title: ConsentRequestChannelTypeWeb
|
|
762
|
+
type: string
|
|
763
|
+
enum:
|
|
764
|
+
- WEB
|
|
765
|
+
description: |
|
|
766
|
+
The web auth channel being used for `PUT /tppConsentRequest/{ID}` request.
|
|
767
|
+
callbackUri:
|
|
768
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
769
|
+
authUri:
|
|
770
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
771
|
+
extensionList:
|
|
772
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
773
|
+
required:
|
|
774
|
+
- scopes
|
|
775
|
+
- authChannels
|
|
776
|
+
- callbackUri
|
|
777
|
+
- authUri
|
|
778
|
+
additionalProperties: false
|
|
779
|
+
- title: ConsentRequestsIDPutResponseOTP
|
|
780
|
+
type: object
|
|
781
|
+
description: |
|
|
782
|
+
The object sent in a `PUT /tppConsentRequests/{ID}` request.
|
|
783
|
+
|
|
784
|
+
Schema used in the request consent phase of the account linking OTP/SMS flow.
|
|
785
|
+
properties:
|
|
786
|
+
scopes:
|
|
787
|
+
type: array
|
|
788
|
+
minLength: 1
|
|
789
|
+
maxLength: 256
|
|
790
|
+
items:
|
|
791
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
792
|
+
authChannels:
|
|
793
|
+
type: array
|
|
794
|
+
minLength: 1
|
|
795
|
+
maxLength: 1
|
|
796
|
+
items:
|
|
797
|
+
title: ConsentRequestChannelTypeOTP
|
|
798
|
+
type: string
|
|
799
|
+
enum:
|
|
800
|
+
- OTP
|
|
801
|
+
description: |
|
|
802
|
+
The OTP auth channel being used for `PUT /tppConsentRequests/{ID}` request.
|
|
803
|
+
callbackUri:
|
|
804
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
|
|
805
|
+
extensionList:
|
|
806
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
807
|
+
required:
|
|
808
|
+
- scopes
|
|
809
|
+
- authChannels
|
|
810
|
+
additionalProperties: false
|
|
811
|
+
responses:
|
|
812
|
+
'202':
|
|
813
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
814
|
+
'400':
|
|
815
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
816
|
+
'401':
|
|
817
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
818
|
+
'403':
|
|
819
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
820
|
+
'404':
|
|
821
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
822
|
+
'405':
|
|
823
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
824
|
+
'406':
|
|
825
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
826
|
+
'501':
|
|
827
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
828
|
+
'503':
|
|
829
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
830
|
+
patch:
|
|
831
|
+
tags:
|
|
832
|
+
- consentRequests
|
|
833
|
+
operationId: PatchConsentRequest
|
|
834
|
+
summary: PatchConsentRequest
|
|
835
|
+
description: |
|
|
836
|
+
After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
|
|
837
|
+
parameters:
|
|
838
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
839
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
840
|
+
requestBody:
|
|
841
|
+
required: true
|
|
842
|
+
content:
|
|
843
|
+
application/json:
|
|
844
|
+
schema:
|
|
845
|
+
title: ConsentRequestsIDPatchRequest
|
|
846
|
+
type: object
|
|
847
|
+
description: |-
|
|
848
|
+
Used by: PISP
|
|
849
|
+
After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
|
|
850
|
+
properties:
|
|
851
|
+
authToken:
|
|
852
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
|
|
853
|
+
extensionList:
|
|
854
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
855
|
+
required:
|
|
856
|
+
- authToken
|
|
857
|
+
responses:
|
|
858
|
+
'202':
|
|
859
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
860
|
+
'400':
|
|
861
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
862
|
+
'401':
|
|
863
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
864
|
+
'403':
|
|
865
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
866
|
+
'404':
|
|
867
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
868
|
+
'405':
|
|
869
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
870
|
+
'406':
|
|
871
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
872
|
+
'501':
|
|
873
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
874
|
+
'503':
|
|
875
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
876
|
+
/tppConsentRequests/{ID}/error:
|
|
877
|
+
parameters:
|
|
878
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
879
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
880
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
881
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
882
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
883
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
884
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
885
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
886
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
887
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
888
|
+
put:
|
|
889
|
+
tags:
|
|
890
|
+
- consentRequests
|
|
891
|
+
operationId: NotifyErrorConsentRequests
|
|
892
|
+
summary: NotifyErrorConsentRequests
|
|
893
|
+
description: |
|
|
894
|
+
DFSP responds to the PISP if something went wrong with validating an OTP or secret.
|
|
895
|
+
parameters:
|
|
896
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
897
|
+
requestBody:
|
|
898
|
+
description: Error information returned.
|
|
899
|
+
required: true
|
|
900
|
+
content:
|
|
901
|
+
application/json:
|
|
902
|
+
schema:
|
|
903
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
|
|
904
|
+
responses:
|
|
905
|
+
'200':
|
|
906
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
907
|
+
'400':
|
|
908
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
909
|
+
'401':
|
|
910
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
911
|
+
'403':
|
|
912
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
913
|
+
'404':
|
|
914
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
915
|
+
'405':
|
|
916
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
917
|
+
'406':
|
|
918
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
919
|
+
'501':
|
|
920
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
921
|
+
'503':
|
|
922
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
923
|
+
/tppConsents:
|
|
924
|
+
parameters:
|
|
925
|
+
- name: Content-Type
|
|
926
|
+
in: header
|
|
927
|
+
schema:
|
|
928
|
+
type: string
|
|
929
|
+
required: true
|
|
930
|
+
description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
|
|
931
|
+
- name: Date
|
|
932
|
+
in: header
|
|
933
|
+
schema:
|
|
934
|
+
type: string
|
|
935
|
+
required: true
|
|
936
|
+
description: The `Date` header field indicates the date when the request was sent.
|
|
937
|
+
- name: X-Forwarded-For
|
|
938
|
+
in: header
|
|
939
|
+
schema:
|
|
940
|
+
type: string
|
|
941
|
+
required: false
|
|
942
|
+
description: |-
|
|
943
|
+
The `X-Forwarded-For` header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple `X-Forwarded-For` values should be expected and supported by implementers of the API.
|
|
944
|
+
|
|
945
|
+
**Note:** An alternative to `X-Forwarded-For` is defined in [RFC 7239](https://tools.ietf.org/html/rfc7239). However, to this point RFC 7239 is less-used and supported than `X-Forwarded-For`.
|
|
946
|
+
- name: FSPIOP-Source
|
|
947
|
+
in: header
|
|
948
|
+
schema:
|
|
949
|
+
type: string
|
|
950
|
+
required: true
|
|
951
|
+
description: The `FSPIOP-Source` header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field `FSPIOP-Signature`).
|
|
952
|
+
- name: FSPIOP-Destination
|
|
953
|
+
in: header
|
|
954
|
+
schema:
|
|
955
|
+
type: string
|
|
956
|
+
required: false
|
|
957
|
+
description: The `FSPIOP-Destination` header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field must be set by the original sender of the request if the destination is known (valid for all services except GET /parties) so that any entities between the client and the server do not need to parse the payload for routing purposes. If the destination is not known (valid for service GET /parties), the field should be left empty.
|
|
958
|
+
- name: FSPIOP-Encryption
|
|
959
|
+
in: header
|
|
960
|
+
schema:
|
|
961
|
+
type: string
|
|
962
|
+
required: false
|
|
963
|
+
description: The `FSPIOP-Encryption` header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.
|
|
964
|
+
- name: FSPIOP-Signature
|
|
965
|
+
in: header
|
|
966
|
+
schema:
|
|
967
|
+
type: string
|
|
968
|
+
required: false
|
|
969
|
+
description: The `FSPIOP-Signature` header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.
|
|
970
|
+
- name: FSPIOP-URI
|
|
971
|
+
in: header
|
|
972
|
+
schema:
|
|
973
|
+
type: string
|
|
974
|
+
required: false
|
|
975
|
+
description: The `FSPIOP-URI` header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
|
|
976
|
+
- name: FSPIOP-HTTP-Method
|
|
977
|
+
in: header
|
|
978
|
+
schema:
|
|
979
|
+
type: string
|
|
980
|
+
required: false
|
|
981
|
+
description: The `FSPIOP-HTTP-Method` header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
|
|
982
|
+
post:
|
|
983
|
+
tags:
|
|
984
|
+
- consents
|
|
985
|
+
operationId: PostConsents
|
|
986
|
+
summary: PostConsents
|
|
987
|
+
description: |
|
|
988
|
+
The **POST /tppConsents** request is used to request the creation of a consent for interactions between a PISP and the DFSP who owns the account which a PISP’s customer wants to allow the PISP access to.
|
|
989
|
+
parameters:
|
|
990
|
+
- name: Accept
|
|
991
|
+
in: header
|
|
992
|
+
required: true
|
|
993
|
+
schema:
|
|
994
|
+
type: string
|
|
995
|
+
description: The `Accept` header field indicates the version of the API the client would like the server to use.
|
|
996
|
+
- name: Content-Length
|
|
997
|
+
in: header
|
|
998
|
+
required: false
|
|
999
|
+
schema:
|
|
1000
|
+
type: integer
|
|
1001
|
+
description: |-
|
|
1002
|
+
The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
|
|
1003
|
+
|
|
1004
|
+
**Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
|
|
1005
|
+
requestBody:
|
|
1006
|
+
required: true
|
|
1007
|
+
content:
|
|
1008
|
+
application/json:
|
|
1009
|
+
schema:
|
|
1010
|
+
oneOf:
|
|
1011
|
+
- title: ConsentPostRequestAUTH
|
|
1012
|
+
type: object
|
|
1013
|
+
description: |
|
|
1014
|
+
The object sent in a `POST /tppConsents` request to the Auth-Service
|
|
1015
|
+
by a DFSP to store registered Consent and credential
|
|
1016
|
+
properties:
|
|
1017
|
+
consentId:
|
|
1018
|
+
allOf:
|
|
1019
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1020
|
+
description: |
|
|
1021
|
+
Common ID between the PISP and FSP for the Consent object
|
|
1022
|
+
determined by the DFSP who creates the Consent.
|
|
1023
|
+
consentRequestId:
|
|
1024
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1025
|
+
scopes:
|
|
1026
|
+
minLength: 1
|
|
1027
|
+
maxLength: 256
|
|
1028
|
+
type: array
|
|
1029
|
+
items:
|
|
1030
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
1031
|
+
credential:
|
|
1032
|
+
allOf:
|
|
1033
|
+
- $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential'
|
|
1034
|
+
status:
|
|
1035
|
+
title: ConsentStatus
|
|
1036
|
+
type: string
|
|
1037
|
+
enum:
|
|
1038
|
+
- ISSUED
|
|
1039
|
+
- REVOKED
|
|
1040
|
+
description: |-
|
|
1041
|
+
Allowed values for the enumeration ConsentStatus
|
|
1042
|
+
- ISSUED - The consent has been issued by the DFSP
|
|
1043
|
+
- REVOKED - The consent has been revoked
|
|
1044
|
+
extensionList:
|
|
1045
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1046
|
+
required:
|
|
1047
|
+
- consentId
|
|
1048
|
+
- scopes
|
|
1049
|
+
- credential
|
|
1050
|
+
- status
|
|
1051
|
+
additionalProperties: false
|
|
1052
|
+
- title: ConsentPostRequestPISP
|
|
1053
|
+
type: object
|
|
1054
|
+
description: |
|
|
1055
|
+
The provisional Consent object sent by the DFSP in `POST /tppConsents`.
|
|
1056
|
+
properties:
|
|
1057
|
+
consentId:
|
|
1058
|
+
allOf:
|
|
1059
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1060
|
+
description: |
|
|
1061
|
+
Common ID between the PISP and the Payer DFSP for the consent object. The ID
|
|
1062
|
+
should be reused for re-sends of the same consent. A new ID should be generated
|
|
1063
|
+
for each new consent.
|
|
1064
|
+
consentRequestId:
|
|
1065
|
+
allOf:
|
|
1066
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1067
|
+
description: |
|
|
1068
|
+
The ID given to the original consent request on which this consent is based.
|
|
1069
|
+
scopes:
|
|
1070
|
+
type: array
|
|
1071
|
+
minLength: 1
|
|
1072
|
+
maxLength: 256
|
|
1073
|
+
items:
|
|
1074
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
1075
|
+
status:
|
|
1076
|
+
$ref: '#/paths/~1tppConsents/post/requestBody/content/application~1json/schema/oneOf/0/properties/status'
|
|
1077
|
+
extensionList:
|
|
1078
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1079
|
+
required:
|
|
1080
|
+
- consentId
|
|
1081
|
+
- consentRequestId
|
|
1082
|
+
- scopes
|
|
1083
|
+
- status
|
|
1084
|
+
responses:
|
|
1085
|
+
'202':
|
|
1086
|
+
description: Accepted
|
|
1087
|
+
'400':
|
|
1088
|
+
description: Bad Request
|
|
1089
|
+
content:
|
|
1090
|
+
application/json:
|
|
1091
|
+
schema:
|
|
1092
|
+
title: ErrorInformationResponse
|
|
1093
|
+
type: object
|
|
1094
|
+
additionalProperties: false
|
|
1095
|
+
description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.
|
|
1096
|
+
properties:
|
|
1097
|
+
errorInformation:
|
|
1098
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema/properties/errorInformation'
|
|
1099
|
+
headers:
|
|
1100
|
+
Content-Length:
|
|
1101
|
+
required: false
|
|
1102
|
+
schema:
|
|
1103
|
+
type: integer
|
|
1104
|
+
description: |-
|
|
1105
|
+
The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
|
|
1106
|
+
|
|
1107
|
+
**Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
|
|
1108
|
+
Content-Type:
|
|
1109
|
+
schema:
|
|
1110
|
+
type: string
|
|
1111
|
+
required: true
|
|
1112
|
+
description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
|
|
1113
|
+
'401':
|
|
1114
|
+
description: Unauthorized
|
|
1115
|
+
content:
|
|
1116
|
+
application/json:
|
|
1117
|
+
schema:
|
|
1118
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1119
|
+
headers:
|
|
1120
|
+
Content-Length:
|
|
1121
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1122
|
+
Content-Type:
|
|
1123
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1124
|
+
'403':
|
|
1125
|
+
description: Forbidden
|
|
1126
|
+
content:
|
|
1127
|
+
application/json:
|
|
1128
|
+
schema:
|
|
1129
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1130
|
+
headers:
|
|
1131
|
+
Content-Length:
|
|
1132
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1133
|
+
Content-Type:
|
|
1134
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1135
|
+
'404':
|
|
1136
|
+
description: Not Found
|
|
1137
|
+
content:
|
|
1138
|
+
application/json:
|
|
1139
|
+
schema:
|
|
1140
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1141
|
+
headers:
|
|
1142
|
+
Content-Length:
|
|
1143
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1144
|
+
Content-Type:
|
|
1145
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1146
|
+
'405':
|
|
1147
|
+
description: Method Not Allowed
|
|
1148
|
+
content:
|
|
1149
|
+
application/json:
|
|
1150
|
+
schema:
|
|
1151
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1152
|
+
headers:
|
|
1153
|
+
Content-Length:
|
|
1154
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1155
|
+
Content-Type:
|
|
1156
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1157
|
+
'406':
|
|
1158
|
+
description: Not Acceptable
|
|
1159
|
+
content:
|
|
1160
|
+
application/json:
|
|
1161
|
+
schema:
|
|
1162
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1163
|
+
headers:
|
|
1164
|
+
Content-Length:
|
|
1165
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1166
|
+
Content-Type:
|
|
1167
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1168
|
+
'501':
|
|
1169
|
+
description: Not Implemented
|
|
1170
|
+
content:
|
|
1171
|
+
application/json:
|
|
1172
|
+
schema:
|
|
1173
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1174
|
+
headers:
|
|
1175
|
+
Content-Length:
|
|
1176
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1177
|
+
Content-Type:
|
|
1178
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1179
|
+
'503':
|
|
1180
|
+
description: Service Unavailable
|
|
1181
|
+
content:
|
|
1182
|
+
application/json:
|
|
1183
|
+
schema:
|
|
1184
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
|
|
1185
|
+
headers:
|
|
1186
|
+
Content-Length:
|
|
1187
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
|
|
1188
|
+
Content-Type:
|
|
1189
|
+
$ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
|
|
1190
|
+
/tppConsents/{ID}:
|
|
1191
|
+
parameters:
|
|
1192
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
1193
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1194
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1195
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1196
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1197
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1198
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1199
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1200
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1201
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1202
|
+
get:
|
|
1203
|
+
description: |
|
|
1204
|
+
The **GET /tppConsents/**_{ID}_ resource allows a party to enquire after the status of a consent. The *{ID}* used in the URI of the request should be the consent request ID which was used to identify the consent when it was created.
|
|
1205
|
+
tags:
|
|
1206
|
+
- consents
|
|
1207
|
+
operationId: GetConsent
|
|
1208
|
+
summary: GetConsent
|
|
1209
|
+
parameters:
|
|
1210
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1211
|
+
responses:
|
|
1212
|
+
'202':
|
|
1213
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
1214
|
+
'400':
|
|
1215
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1216
|
+
'401':
|
|
1217
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1218
|
+
'403':
|
|
1219
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1220
|
+
'404':
|
|
1221
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1222
|
+
'405':
|
|
1223
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1224
|
+
'406':
|
|
1225
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1226
|
+
'501':
|
|
1227
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1228
|
+
'503':
|
|
1229
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1230
|
+
patch:
|
|
1231
|
+
description: |
|
|
1232
|
+
The HTTP request `PATCH /consents/{ID}` is used
|
|
1233
|
+
|
|
1234
|
+
- In account linking in the Credential Registration phase. Used by a DFSP
|
|
1235
|
+
to notify a PISP a credential has been verified and registered with an
|
|
1236
|
+
Auth service.
|
|
1237
|
+
|
|
1238
|
+
- In account unlinking by a hub hosted auth service and by DFSPs
|
|
1239
|
+
in non-hub hosted scenarios to notify participants of a consent being revoked.
|
|
1240
|
+
|
|
1241
|
+
Called by a `auth-service` to notify a PISP and DFSP of consent status in hub hosted scenario.
|
|
1242
|
+
Called by a `DFSP` to notify a PISP of consent status in non-hub hosted scenario.
|
|
1243
|
+
tags:
|
|
1244
|
+
- consents
|
|
1245
|
+
operationId: PatchConsentByID
|
|
1246
|
+
summary: PatchConsentByID
|
|
1247
|
+
requestBody:
|
|
1248
|
+
required: true
|
|
1249
|
+
content:
|
|
1250
|
+
application/json:
|
|
1251
|
+
schema:
|
|
1252
|
+
oneOf:
|
|
1253
|
+
- title: ConsentsIDPatchResponseVerified
|
|
1254
|
+
description: |
|
|
1255
|
+
PATCH /tppConsents/{ID} request object.
|
|
1256
|
+
|
|
1257
|
+
Sent by the DFSP to the PISP when a consent is issued and verified.
|
|
1258
|
+
Used in the "Register Credential" part of the Account linking flow.
|
|
1259
|
+
type: object
|
|
1260
|
+
properties:
|
|
1261
|
+
credential:
|
|
1262
|
+
type: object
|
|
1263
|
+
properties:
|
|
1264
|
+
status:
|
|
1265
|
+
title: CredentialStatusVerified
|
|
1266
|
+
type: string
|
|
1267
|
+
enum:
|
|
1268
|
+
- VERIFIED
|
|
1269
|
+
description: |
|
|
1270
|
+
The status of the Credential.
|
|
1271
|
+
- "VERIFIED" - The Credential is valid and verified.
|
|
1272
|
+
required:
|
|
1273
|
+
- status
|
|
1274
|
+
extensionList:
|
|
1275
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1276
|
+
required:
|
|
1277
|
+
- credential
|
|
1278
|
+
- title: ConsentsIDPatchResponseRevoked
|
|
1279
|
+
description: |
|
|
1280
|
+
PATCH /tppConsents/{ID} request object.
|
|
1281
|
+
|
|
1282
|
+
Sent to both the PISP and DFSP when a consent is revoked.
|
|
1283
|
+
Used in the "Unlinking" part of the Account Unlinking flow.
|
|
1284
|
+
type: object
|
|
1285
|
+
properties:
|
|
1286
|
+
status:
|
|
1287
|
+
title: ConsentStatusRevoked
|
|
1288
|
+
type: string
|
|
1289
|
+
enum:
|
|
1290
|
+
- REVOKED
|
|
1291
|
+
description: |-
|
|
1292
|
+
Allowed values for the enumeration ConsentStatus
|
|
1293
|
+
- REVOKED - The consent has been revoked
|
|
1294
|
+
revokedAt:
|
|
1295
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/expiration/allOf/0'
|
|
1296
|
+
extensionList:
|
|
1297
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1298
|
+
required:
|
|
1299
|
+
- status
|
|
1300
|
+
- revokedAt
|
|
1301
|
+
parameters:
|
|
1302
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1303
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1304
|
+
responses:
|
|
1305
|
+
'200':
|
|
1306
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
1307
|
+
'400':
|
|
1308
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1309
|
+
'401':
|
|
1310
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1311
|
+
'403':
|
|
1312
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1313
|
+
'404':
|
|
1314
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1315
|
+
'405':
|
|
1316
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1317
|
+
'406':
|
|
1318
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1319
|
+
'501':
|
|
1320
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1321
|
+
'503':
|
|
1322
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1323
|
+
put:
|
|
1324
|
+
description: |
|
|
1325
|
+
The HTTP request `PUT /consents/{ID}` is used by the PISP and Auth Service.
|
|
1326
|
+
|
|
1327
|
+
- Called by a `PISP` to after signing a challenge. Sent to an DFSP for verification.
|
|
1328
|
+
- Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
|
|
1329
|
+
tags:
|
|
1330
|
+
- consents
|
|
1331
|
+
operationId: PutConsentByID
|
|
1332
|
+
summary: PutConsentByID
|
|
1333
|
+
requestBody:
|
|
1334
|
+
required: true
|
|
1335
|
+
content:
|
|
1336
|
+
application/json:
|
|
1337
|
+
schema:
|
|
1338
|
+
oneOf:
|
|
1339
|
+
- title: ConsentsIDPutResponseSigned
|
|
1340
|
+
type: object
|
|
1341
|
+
description: |
|
|
1342
|
+
The HTTP request `PUT /tppConsents/{ID}` is used by the PISP to update a Consent with a signed challenge and register a credential.
|
|
1343
|
+
Called by a `PISP` to after signing a challenge. Sent to a DFSP for verification.
|
|
1344
|
+
properties:
|
|
1345
|
+
status:
|
|
1346
|
+
title: ConsentStatusIssued
|
|
1347
|
+
type: string
|
|
1348
|
+
enum:
|
|
1349
|
+
- ISSUED
|
|
1350
|
+
description: |-
|
|
1351
|
+
Allowed values for the enumeration ConsentStatus
|
|
1352
|
+
- ISSUED - The consent has been issued by the DFSP
|
|
1353
|
+
scopes:
|
|
1354
|
+
type: array
|
|
1355
|
+
items:
|
|
1356
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
1357
|
+
credential:
|
|
1358
|
+
title: SignedCredential
|
|
1359
|
+
type: object
|
|
1360
|
+
description: |
|
|
1361
|
+
A credential used to allow a user to prove their identity and access
|
|
1362
|
+
to an account with a DFSP.
|
|
1363
|
+
|
|
1364
|
+
SignedCredential is a special formatting of the credential to allow us to be
|
|
1365
|
+
more explicit about the `status` field - it should only ever be PENDING when
|
|
1366
|
+
updating a credential.
|
|
1367
|
+
properties:
|
|
1368
|
+
credentialType:
|
|
1369
|
+
title: CredentialType
|
|
1370
|
+
type: string
|
|
1371
|
+
enum:
|
|
1372
|
+
- FIDO
|
|
1373
|
+
- GENERIC
|
|
1374
|
+
description: |-
|
|
1375
|
+
The type of the Credential. - "FIDO" - The credential is based on a FIDO challenge. Its payload is a FIDOPublicKeyCredentialAttestation object. - "GENERIC" - The credential is based on a simple public key validation. Its payload is a GenericCredential object.
|
|
1376
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3226-credentialtype
|
|
1377
|
+
status:
|
|
1378
|
+
title: CredentialStatusPending
|
|
1379
|
+
type: string
|
|
1380
|
+
enum:
|
|
1381
|
+
- PENDING
|
|
1382
|
+
description: |
|
|
1383
|
+
The status of the Credential.
|
|
1384
|
+
- "PENDING" - The credential has been created, but has not been verified
|
|
1385
|
+
genericPayload:
|
|
1386
|
+
title: GenericCredential
|
|
1387
|
+
type: object
|
|
1388
|
+
description: |
|
|
1389
|
+
A publicKey + signature of a challenge for a generic public/private keypair.
|
|
1390
|
+
properties:
|
|
1391
|
+
publicKey:
|
|
1392
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
|
|
1393
|
+
signature:
|
|
1394
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
|
|
1395
|
+
required:
|
|
1396
|
+
- publicKey
|
|
1397
|
+
- signature
|
|
1398
|
+
additionalProperties: false
|
|
1399
|
+
fidoPayload:
|
|
1400
|
+
title: FIDOPublicKeyCredentialAttestation
|
|
1401
|
+
type: object
|
|
1402
|
+
description: |
|
|
1403
|
+
A data model representing a FIDO Attestation result. Derived from
|
|
1404
|
+
[`PublicKeyCredential` Interface](https://w3c.github.io/webauthn/#iface-pkcredential).
|
|
1405
|
+
|
|
1406
|
+
The `PublicKeyCredential` interface represents the below fields with
|
|
1407
|
+
a Type of Javascript [ArrayBuffer](https://heycam.github.io/webidl/#idl-ArrayBuffer).
|
|
1408
|
+
For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
|
|
1409
|
+
properties:
|
|
1410
|
+
id:
|
|
1411
|
+
type: string
|
|
1412
|
+
description: |
|
|
1413
|
+
credential id: identifier of pair of keys, base64 encoded
|
|
1414
|
+
https://w3c.github.io/webauthn/#ref-for-dom-credential-id
|
|
1415
|
+
minLength: 20
|
|
1416
|
+
maxLength: 118
|
|
1417
|
+
rawId:
|
|
1418
|
+
type: string
|
|
1419
|
+
description: |
|
|
1420
|
+
raw credential id: identifier of pair of keys, base64 encoded
|
|
1421
|
+
minLength: 20
|
|
1422
|
+
maxLength: 118
|
|
1423
|
+
response:
|
|
1424
|
+
type: object
|
|
1425
|
+
description: |
|
|
1426
|
+
AuthenticatorAttestationResponse
|
|
1427
|
+
properties:
|
|
1428
|
+
clientDataJSON:
|
|
1429
|
+
type: string
|
|
1430
|
+
description: |
|
|
1431
|
+
JSON string with client data
|
|
1432
|
+
minLength: 121
|
|
1433
|
+
maxLength: 512
|
|
1434
|
+
attestationObject:
|
|
1435
|
+
type: string
|
|
1436
|
+
description: |
|
|
1437
|
+
CBOR.encoded attestation object
|
|
1438
|
+
minLength: 306
|
|
1439
|
+
maxLength: 2048
|
|
1440
|
+
required:
|
|
1441
|
+
- clientDataJSON
|
|
1442
|
+
- attestationObject
|
|
1443
|
+
additionalProperties: false
|
|
1444
|
+
type:
|
|
1445
|
+
type: string
|
|
1446
|
+
description: response type, we need only the type of public-key
|
|
1447
|
+
enum:
|
|
1448
|
+
- public-key
|
|
1449
|
+
required:
|
|
1450
|
+
- id
|
|
1451
|
+
- response
|
|
1452
|
+
- type
|
|
1453
|
+
additionalProperties: false
|
|
1454
|
+
required:
|
|
1455
|
+
- credentialType
|
|
1456
|
+
- status
|
|
1457
|
+
additionalProperties: false
|
|
1458
|
+
extensionList:
|
|
1459
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1460
|
+
required:
|
|
1461
|
+
- scopes
|
|
1462
|
+
- credential
|
|
1463
|
+
additionalProperties: false
|
|
1464
|
+
- title: ConsentsIDPutResponseVerified
|
|
1465
|
+
type: object
|
|
1466
|
+
description: |
|
|
1467
|
+
The HTTP request `PUT /tppConsents/{ID}` is used by the DFSP or Auth-Service to update a Consent object once it has been Verified.
|
|
1468
|
+
Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
|
|
1469
|
+
properties:
|
|
1470
|
+
status:
|
|
1471
|
+
$ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/status'
|
|
1472
|
+
scopes:
|
|
1473
|
+
type: array
|
|
1474
|
+
items:
|
|
1475
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
|
|
1476
|
+
credential:
|
|
1477
|
+
title: VerifiedCredential
|
|
1478
|
+
type: object
|
|
1479
|
+
description: |
|
|
1480
|
+
A credential used to allow a user to prove their identity and access
|
|
1481
|
+
to an account with a DFSP.
|
|
1482
|
+
|
|
1483
|
+
VerifiedCredential is a special formatting of Credential to allow us to be
|
|
1484
|
+
more explicit about the `status` field - it should only ever be VERIFIED when
|
|
1485
|
+
updating a credential.
|
|
1486
|
+
properties:
|
|
1487
|
+
credentialType:
|
|
1488
|
+
$ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/credentialType'
|
|
1489
|
+
status:
|
|
1490
|
+
$ref: '#/paths/~1tppConsents~1%7BID%7D/patch/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/status'
|
|
1491
|
+
genericPayload:
|
|
1492
|
+
$ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/genericPayload'
|
|
1493
|
+
fidoPayload:
|
|
1494
|
+
$ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/fidoPayload'
|
|
1495
|
+
required:
|
|
1496
|
+
- credentialType
|
|
1497
|
+
- status
|
|
1498
|
+
additionalProperties: false
|
|
1499
|
+
extensionList:
|
|
1500
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1501
|
+
required:
|
|
1502
|
+
- scopes
|
|
1503
|
+
- credential
|
|
1504
|
+
additionalProperties: false
|
|
1505
|
+
parameters:
|
|
1506
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1507
|
+
responses:
|
|
1508
|
+
'200':
|
|
1509
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
1510
|
+
'202':
|
|
1511
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
1512
|
+
'400':
|
|
1513
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1514
|
+
'401':
|
|
1515
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1516
|
+
'403':
|
|
1517
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1518
|
+
'404':
|
|
1519
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1520
|
+
'405':
|
|
1521
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1522
|
+
'406':
|
|
1523
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1524
|
+
'501':
|
|
1525
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1526
|
+
'503':
|
|
1527
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1528
|
+
delete:
|
|
1529
|
+
description: |
|
|
1530
|
+
Used by PISP, DFSP
|
|
1531
|
+
|
|
1532
|
+
The **DELETE /consents/**_{ID}_ request is used to request the revocation of a previously agreed consent.
|
|
1533
|
+
For tracing and auditing purposes, the switch should be sure not to delete the consent physically;
|
|
1534
|
+
instead, information relating to the consent should be marked as deleted and requests relating to the
|
|
1535
|
+
consent should not be honoured.
|
|
1536
|
+
operationId: DeleteConsentByID
|
|
1537
|
+
parameters:
|
|
1538
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1539
|
+
tags:
|
|
1540
|
+
- consents
|
|
1541
|
+
responses:
|
|
1542
|
+
'202':
|
|
1543
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
1544
|
+
'400':
|
|
1545
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1546
|
+
'401':
|
|
1547
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1548
|
+
'403':
|
|
1549
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1550
|
+
'404':
|
|
1551
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1552
|
+
'405':
|
|
1553
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1554
|
+
'406':
|
|
1555
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1556
|
+
'501':
|
|
1557
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1558
|
+
'503':
|
|
1559
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1560
|
+
/tppConsents/{ID}/error:
|
|
1561
|
+
parameters:
|
|
1562
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
1563
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1564
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1565
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1566
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1567
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1568
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1569
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1570
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1571
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1572
|
+
put:
|
|
1573
|
+
tags:
|
|
1574
|
+
- consents
|
|
1575
|
+
operationId: NotifyErrorConsents
|
|
1576
|
+
summary: NotifyErrorConsents
|
|
1577
|
+
description: |
|
|
1578
|
+
DFSP responds to the PISP if something went wrong with validating or storing consent.
|
|
1579
|
+
parameters:
|
|
1580
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1581
|
+
requestBody:
|
|
1582
|
+
description: Error information returned.
|
|
1583
|
+
required: true
|
|
1584
|
+
content:
|
|
1585
|
+
application/json:
|
|
1586
|
+
schema:
|
|
1587
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
|
|
1588
|
+
responses:
|
|
1589
|
+
'200':
|
|
1590
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
1591
|
+
'400':
|
|
1592
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1593
|
+
'401':
|
|
1594
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1595
|
+
'403':
|
|
1596
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1597
|
+
'404':
|
|
1598
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1599
|
+
'405':
|
|
1600
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1601
|
+
'406':
|
|
1602
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1603
|
+
'501':
|
|
1604
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1605
|
+
'503':
|
|
1606
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1607
|
+
/tppVerifications:
|
|
1608
|
+
parameters:
|
|
1609
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1610
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1611
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1612
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1613
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1614
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1615
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1616
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1617
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1618
|
+
post:
|
|
1619
|
+
tags:
|
|
1620
|
+
- verifications
|
|
1621
|
+
operationId: tppPostVerifications
|
|
1622
|
+
summary: tppPostVerifications
|
|
1623
|
+
description: |
|
|
1624
|
+
The HTTP request `POST /tppVerifications` is used by the DFSP to verify a third party authorization in cases where the authentication service to be used is implemented by the switch and not internally by the DFSP.
|
|
1625
|
+
parameters:
|
|
1626
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1627
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1628
|
+
requestBody:
|
|
1629
|
+
description: The thirdparty authorization details to verify
|
|
1630
|
+
required: true
|
|
1631
|
+
content:
|
|
1632
|
+
application/json:
|
|
1633
|
+
schema:
|
|
1634
|
+
oneOf:
|
|
1635
|
+
- title: tppVerificationsPostRequestFIDO
|
|
1636
|
+
type: object
|
|
1637
|
+
description: The object sent in the POST /tppVerifications request.
|
|
1638
|
+
properties:
|
|
1639
|
+
verificationRequestId:
|
|
1640
|
+
allOf:
|
|
1641
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1642
|
+
challenge:
|
|
1643
|
+
type: string
|
|
1644
|
+
description: Base64 encoded bytes - The challenge generated by the DFSP.
|
|
1645
|
+
consentId:
|
|
1646
|
+
allOf:
|
|
1647
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1648
|
+
description: |
|
|
1649
|
+
The id of the stored consent object that contains the credential with which to verify
|
|
1650
|
+
the signed challenge against.
|
|
1651
|
+
signedPayloadType:
|
|
1652
|
+
title: SignedPayloadTypeFIDO
|
|
1653
|
+
type: string
|
|
1654
|
+
enum:
|
|
1655
|
+
- FIDO
|
|
1656
|
+
description: Describes a challenge that has been signed with FIDO Attestation flows
|
|
1657
|
+
fidoSignedPayload:
|
|
1658
|
+
title: FIDOPublicKeyCredentialAssertion
|
|
1659
|
+
type: object
|
|
1660
|
+
description: |
|
|
1661
|
+
A data model representing a FIDO Assertion result.
|
|
1662
|
+
Derived from PublicKeyCredential Interface in WebAuthN.
|
|
1663
|
+
|
|
1664
|
+
The PublicKeyCredential interface represents the below fields with a Type of
|
|
1665
|
+
Javascript ArrayBuffer.
|
|
1666
|
+
For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
|
|
1667
|
+
|
|
1668
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32128-fidopublickeycredentialassertion
|
|
1669
|
+
properties:
|
|
1670
|
+
id:
|
|
1671
|
+
type: string
|
|
1672
|
+
description: |
|
|
1673
|
+
credential id: identifier of pair of keys, base64 encoded
|
|
1674
|
+
https://w3c.github.io/webauthn/#ref-for-dom-credential-id
|
|
1675
|
+
minLength: 20
|
|
1676
|
+
maxLength: 118
|
|
1677
|
+
rawId:
|
|
1678
|
+
type: string
|
|
1679
|
+
description: |
|
|
1680
|
+
raw credential id: identifier of pair of keys, base64 encoded.
|
|
1681
|
+
minLength: 20
|
|
1682
|
+
maxLength: 118
|
|
1683
|
+
response:
|
|
1684
|
+
type: object
|
|
1685
|
+
description: |
|
|
1686
|
+
AuthenticatorAssertionResponse
|
|
1687
|
+
properties:
|
|
1688
|
+
authenticatorData:
|
|
1689
|
+
type: string
|
|
1690
|
+
description: |
|
|
1691
|
+
Authenticator data object.
|
|
1692
|
+
minLength: 49
|
|
1693
|
+
maxLength: 256
|
|
1694
|
+
clientDataJSON:
|
|
1695
|
+
type: string
|
|
1696
|
+
description: |
|
|
1697
|
+
JSON string with client data.
|
|
1698
|
+
minLength: 121
|
|
1699
|
+
maxLength: 512
|
|
1700
|
+
signature:
|
|
1701
|
+
type: string
|
|
1702
|
+
description: |
|
|
1703
|
+
The signature generated by the private key associated with this credential.
|
|
1704
|
+
minLength: 59
|
|
1705
|
+
maxLength: 256
|
|
1706
|
+
userHandle:
|
|
1707
|
+
type: string
|
|
1708
|
+
description: |
|
|
1709
|
+
This field is optionally provided by the authenticator, and
|
|
1710
|
+
represents the user.id that was supplied during registration.
|
|
1711
|
+
minLength: 1
|
|
1712
|
+
maxLength: 88
|
|
1713
|
+
required:
|
|
1714
|
+
- authenticatorData
|
|
1715
|
+
- clientDataJSON
|
|
1716
|
+
- signature
|
|
1717
|
+
additionalProperties: false
|
|
1718
|
+
type:
|
|
1719
|
+
type: string
|
|
1720
|
+
description: response type, we need only the type of public-key
|
|
1721
|
+
enum:
|
|
1722
|
+
- public-key
|
|
1723
|
+
required:
|
|
1724
|
+
- id
|
|
1725
|
+
- rawId
|
|
1726
|
+
- response
|
|
1727
|
+
- type
|
|
1728
|
+
additionalProperties: false
|
|
1729
|
+
extensionList:
|
|
1730
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1731
|
+
required:
|
|
1732
|
+
- verificationRequestId
|
|
1733
|
+
- challenge
|
|
1734
|
+
- consentId
|
|
1735
|
+
- signedPayloadType
|
|
1736
|
+
- fidoSignedPayload
|
|
1737
|
+
- title: tppVerificationsPostRequestGeneric
|
|
1738
|
+
type: object
|
|
1739
|
+
description: The object sent in the POST /tppVerifications request.
|
|
1740
|
+
properties:
|
|
1741
|
+
verificationRequestId:
|
|
1742
|
+
allOf:
|
|
1743
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1744
|
+
challenge:
|
|
1745
|
+
type: string
|
|
1746
|
+
description: Base64 encoded bytes - The challenge generated by the DFSP.
|
|
1747
|
+
consentId:
|
|
1748
|
+
allOf:
|
|
1749
|
+
- $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1750
|
+
description: |
|
|
1751
|
+
The id of the stored consent object that contains the credential with which to verify
|
|
1752
|
+
the signed challenge against.
|
|
1753
|
+
signedPayloadType:
|
|
1754
|
+
title: SignedPayloadTypeGeneric
|
|
1755
|
+
type: string
|
|
1756
|
+
enum:
|
|
1757
|
+
- GENERIC
|
|
1758
|
+
description: Describes a challenge that has been signed with a private key
|
|
1759
|
+
genericSignedPayload:
|
|
1760
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
|
|
1761
|
+
extensionList:
|
|
1762
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1763
|
+
required:
|
|
1764
|
+
- verificationRequestId
|
|
1765
|
+
- challenge
|
|
1766
|
+
- consentId
|
|
1767
|
+
- signedPayloadType
|
|
1768
|
+
- genericSignedPayload
|
|
1769
|
+
responses:
|
|
1770
|
+
'202':
|
|
1771
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
1772
|
+
'400':
|
|
1773
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1774
|
+
'401':
|
|
1775
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1776
|
+
'403':
|
|
1777
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1778
|
+
'404':
|
|
1779
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1780
|
+
'405':
|
|
1781
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1782
|
+
'406':
|
|
1783
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1784
|
+
'501':
|
|
1785
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1786
|
+
'503':
|
|
1787
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1788
|
+
/tppVerifications/{ID}:
|
|
1789
|
+
parameters:
|
|
1790
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
1791
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1792
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1793
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1794
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1795
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1796
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1797
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1798
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1799
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1800
|
+
get:
|
|
1801
|
+
tags:
|
|
1802
|
+
- verifications
|
|
1803
|
+
operationId: tppGetVerificationsById
|
|
1804
|
+
summary: tppGetVerificationsById
|
|
1805
|
+
description: |
|
|
1806
|
+
The HTTP request `/tppVerifications/{ID}` is used to get
|
|
1807
|
+
information regarding a previously created or requested authorization. The *{ID}*
|
|
1808
|
+
in the URI should contain the verification request ID
|
|
1809
|
+
parameters:
|
|
1810
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1811
|
+
responses:
|
|
1812
|
+
'202':
|
|
1813
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
1814
|
+
'400':
|
|
1815
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1816
|
+
'401':
|
|
1817
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1818
|
+
'403':
|
|
1819
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1820
|
+
'404':
|
|
1821
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1822
|
+
'405':
|
|
1823
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1824
|
+
'406':
|
|
1825
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1826
|
+
'501':
|
|
1827
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1828
|
+
'503':
|
|
1829
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1830
|
+
put:
|
|
1831
|
+
tags:
|
|
1832
|
+
- verifications
|
|
1833
|
+
operationId: tppPutVerificationsById
|
|
1834
|
+
summary: tppPutVerificationsById
|
|
1835
|
+
description: |-
|
|
1836
|
+
The HTTP request `PUT /tppVerifications/{ID}` is used by the Auth-Service to inform the DFSP of a successful result in validating the verification of a Thirdparty Transaction Request.
|
|
1837
|
+
If the validation fails, the auth-service will send back `PUT /tppVerifications/{ID}` with `authenticationResponse: 'REJECTED'`.
|
|
1838
|
+
In unplanned error cases the Auth-Service MUST use `PUT /tppVerifications/{ID}/error`.
|
|
1839
|
+
parameters:
|
|
1840
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1841
|
+
requestBody:
|
|
1842
|
+
description: The result of validating the Thirdparty Transaction Request
|
|
1843
|
+
required: true
|
|
1844
|
+
content:
|
|
1845
|
+
application/json:
|
|
1846
|
+
schema:
|
|
1847
|
+
title: tppVerificationsIDPutResponse
|
|
1848
|
+
type: object
|
|
1849
|
+
description: |-
|
|
1850
|
+
Used by: Auth Service
|
|
1851
|
+
The callback PUT /tppVerifications/{ID} is used to inform the client of the result of an authorization check. The {ID} in the URI should contain the authorizationRequestId which was used to request the check, or the {ID} that was used in the GET /tppVerifications/{ID}.
|
|
1852
|
+
https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31821-put-thirdpartyrequestsverificationsid
|
|
1853
|
+
properties:
|
|
1854
|
+
authenticationResponse:
|
|
1855
|
+
title: AuthenticationResponse
|
|
1856
|
+
type: string
|
|
1857
|
+
enum:
|
|
1858
|
+
- VERIFIED
|
|
1859
|
+
description: |-
|
|
1860
|
+
The AuthenticationResponse enumeration describes the result of authenticating verification request.
|
|
1861
|
+
Below are the allowed values for the enumeration AuthenticationResponse. - VERIFIED - The challenge was correctly signed.
|
|
1862
|
+
extensionList:
|
|
1863
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
1864
|
+
required:
|
|
1865
|
+
- authenticationResponse
|
|
1866
|
+
example:
|
|
1867
|
+
authenticationResponse: VERIFIED
|
|
1868
|
+
responses:
|
|
1869
|
+
'200':
|
|
1870
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
1871
|
+
'400':
|
|
1872
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1873
|
+
'401':
|
|
1874
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1875
|
+
'403':
|
|
1876
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1877
|
+
'404':
|
|
1878
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1879
|
+
'405':
|
|
1880
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1881
|
+
'406':
|
|
1882
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1883
|
+
'501':
|
|
1884
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1885
|
+
'503':
|
|
1886
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1887
|
+
/tppVerifications/{ID}/error:
|
|
1888
|
+
parameters:
|
|
1889
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
1890
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1891
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1892
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1893
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1894
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1895
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1896
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1897
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1898
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1899
|
+
put:
|
|
1900
|
+
tags:
|
|
1901
|
+
- verifications
|
|
1902
|
+
operationId: tppPutVerificationsByIdAndError
|
|
1903
|
+
summary: tppPutVerificationsByIdAndError
|
|
1904
|
+
description: |
|
|
1905
|
+
The HTTP request `PUT /tppVerifications/{ID}/error` is used by the Auth-Service to inform
|
|
1906
|
+
the DFSP of a failure in validating or looking up the verification of a Thirdparty Transaction Request.
|
|
1907
|
+
parameters:
|
|
1908
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1909
|
+
requestBody:
|
|
1910
|
+
description: Error information returned.
|
|
1911
|
+
required: true
|
|
1912
|
+
content:
|
|
1913
|
+
application/json:
|
|
1914
|
+
schema:
|
|
1915
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
|
|
1916
|
+
responses:
|
|
1917
|
+
'200':
|
|
1918
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
1919
|
+
'400':
|
|
1920
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
1921
|
+
'401':
|
|
1922
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
1923
|
+
'403':
|
|
1924
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
1925
|
+
'404':
|
|
1926
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
1927
|
+
'405':
|
|
1928
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
1929
|
+
'406':
|
|
1930
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
1931
|
+
'501':
|
|
1932
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
1933
|
+
'503':
|
|
1934
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
1935
|
+
/tppAuthorizations:
|
|
1936
|
+
parameters:
|
|
1937
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
1938
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
1939
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
1940
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
1941
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
1942
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
1943
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
1944
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
1945
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
1946
|
+
post:
|
|
1947
|
+
description: |
|
|
1948
|
+
The HTTP request **POST /tppAuthorizations** used by a Payer DFSP to request authorization from the Payer to make a payment.
|
|
1949
|
+
This use case is applicable when the Payer DFSP receives a request to pay (a Payee initiated payment) and chooses to authorize the payment through the third party provider.
|
|
1950
|
+
operationId: tppPostAuthorizations
|
|
1951
|
+
summary: tppPostAuthorizations
|
|
1952
|
+
tags:
|
|
1953
|
+
- authorizations
|
|
1954
|
+
parameters:
|
|
1955
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
1956
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
1957
|
+
requestBody:
|
|
1958
|
+
description: Authorization request details
|
|
1959
|
+
required: true
|
|
1960
|
+
content:
|
|
1961
|
+
application/json:
|
|
1962
|
+
schema:
|
|
1963
|
+
title: tppAuthorizationsPostRequest
|
|
1964
|
+
description: |-
|
|
1965
|
+
Used by: DFSP
|
|
1966
|
+
The HTTP request POST /tppAuthorizations is used to request the validation by a customer for the transfer described in the request.
|
|
1967
|
+
Callback and data model information for POST /tppAuthorizations:
|
|
1968
|
+
Callback - PUT /tppAuthorizations/{ID} Error Callback - PUT /tppAuthorizations/{ID}/error
|
|
1969
|
+
type: object
|
|
1970
|
+
properties:
|
|
1971
|
+
authorizationRequestId:
|
|
1972
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1973
|
+
transactionRequestId:
|
|
1974
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
1975
|
+
challenge:
|
|
1976
|
+
type: string
|
|
1977
|
+
description: The challenge that the PISP's client is to sign
|
|
1978
|
+
transferAmount:
|
|
1979
|
+
allOf:
|
|
1980
|
+
- $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
|
|
1981
|
+
description: The amount that will be debited from the sending customer's account as a consequence of the transaction.
|
|
1982
|
+
payeeReceiveAmount:
|
|
1983
|
+
allOf:
|
|
1984
|
+
- $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
|
|
1985
|
+
description: The amount that will be credited to the receiving customer's account as a consequence of the transaction.
|
|
1986
|
+
fees:
|
|
1987
|
+
allOf:
|
|
1988
|
+
- title: Money
|
|
1989
|
+
type: object
|
|
1990
|
+
additionalProperties: false
|
|
1991
|
+
description: Data model for the complex type Money.
|
|
1992
|
+
properties:
|
|
1993
|
+
currency:
|
|
1994
|
+
title: Currency
|
|
1995
|
+
description: The currency codes defined in [ISO 4217](https://www.iso.org/iso-4217-currency-codes.html) as three-letter alphabetic codes are used as the standard naming representation for currencies.
|
|
1996
|
+
type: string
|
|
1997
|
+
minLength: 3
|
|
1998
|
+
maxLength: 3
|
|
1999
|
+
enum:
|
|
2000
|
+
- AED
|
|
2001
|
+
- AFN
|
|
2002
|
+
- ALL
|
|
2003
|
+
- AMD
|
|
2004
|
+
- ANG
|
|
2005
|
+
- AOA
|
|
2006
|
+
- ARS
|
|
2007
|
+
- AUD
|
|
2008
|
+
- AWG
|
|
2009
|
+
- AZN
|
|
2010
|
+
- BAM
|
|
2011
|
+
- BBD
|
|
2012
|
+
- BDT
|
|
2013
|
+
- BGN
|
|
2014
|
+
- BHD
|
|
2015
|
+
- BIF
|
|
2016
|
+
- BMD
|
|
2017
|
+
- BND
|
|
2018
|
+
- BOB
|
|
2019
|
+
- BRL
|
|
2020
|
+
- BSD
|
|
2021
|
+
- BTN
|
|
2022
|
+
- BWP
|
|
2023
|
+
- BYN
|
|
2024
|
+
- BZD
|
|
2025
|
+
- CAD
|
|
2026
|
+
- CDF
|
|
2027
|
+
- CHF
|
|
2028
|
+
- CLP
|
|
2029
|
+
- CNY
|
|
2030
|
+
- COP
|
|
2031
|
+
- CRC
|
|
2032
|
+
- CUC
|
|
2033
|
+
- CUP
|
|
2034
|
+
- CVE
|
|
2035
|
+
- CZK
|
|
2036
|
+
- DJF
|
|
2037
|
+
- DKK
|
|
2038
|
+
- DOP
|
|
2039
|
+
- DZD
|
|
2040
|
+
- EGP
|
|
2041
|
+
- ERN
|
|
2042
|
+
- ETB
|
|
2043
|
+
- EUR
|
|
2044
|
+
- FJD
|
|
2045
|
+
- FKP
|
|
2046
|
+
- GBP
|
|
2047
|
+
- GEL
|
|
2048
|
+
- GGP
|
|
2049
|
+
- GHS
|
|
2050
|
+
- GIP
|
|
2051
|
+
- GMD
|
|
2052
|
+
- GNF
|
|
2053
|
+
- GTQ
|
|
2054
|
+
- GYD
|
|
2055
|
+
- HKD
|
|
2056
|
+
- HNL
|
|
2057
|
+
- HRK
|
|
2058
|
+
- HTG
|
|
2059
|
+
- HUF
|
|
2060
|
+
- IDR
|
|
2061
|
+
- ILS
|
|
2062
|
+
- IMP
|
|
2063
|
+
- INR
|
|
2064
|
+
- IQD
|
|
2065
|
+
- IRR
|
|
2066
|
+
- ISK
|
|
2067
|
+
- JEP
|
|
2068
|
+
- JMD
|
|
2069
|
+
- JOD
|
|
2070
|
+
- JPY
|
|
2071
|
+
- KES
|
|
2072
|
+
- KGS
|
|
2073
|
+
- KHR
|
|
2074
|
+
- KMF
|
|
2075
|
+
- KPW
|
|
2076
|
+
- KRW
|
|
2077
|
+
- KWD
|
|
2078
|
+
- KYD
|
|
2079
|
+
- KZT
|
|
2080
|
+
- LAK
|
|
2081
|
+
- LBP
|
|
2082
|
+
- LKR
|
|
2083
|
+
- LRD
|
|
2084
|
+
- LSL
|
|
2085
|
+
- LYD
|
|
2086
|
+
- MAD
|
|
2087
|
+
- MDL
|
|
2088
|
+
- MGA
|
|
2089
|
+
- MKD
|
|
2090
|
+
- MMK
|
|
2091
|
+
- MNT
|
|
2092
|
+
- MOP
|
|
2093
|
+
- MRO
|
|
2094
|
+
- MUR
|
|
2095
|
+
- MVR
|
|
2096
|
+
- MWK
|
|
2097
|
+
- MXN
|
|
2098
|
+
- MYR
|
|
2099
|
+
- MZN
|
|
2100
|
+
- NAD
|
|
2101
|
+
- NGN
|
|
2102
|
+
- NIO
|
|
2103
|
+
- NOK
|
|
2104
|
+
- NPR
|
|
2105
|
+
- NZD
|
|
2106
|
+
- OMR
|
|
2107
|
+
- PAB
|
|
2108
|
+
- PEN
|
|
2109
|
+
- PGK
|
|
2110
|
+
- PHP
|
|
2111
|
+
- PKR
|
|
2112
|
+
- PLN
|
|
2113
|
+
- PYG
|
|
2114
|
+
- QAR
|
|
2115
|
+
- RON
|
|
2116
|
+
- RSD
|
|
2117
|
+
- RUB
|
|
2118
|
+
- RWF
|
|
2119
|
+
- SAR
|
|
2120
|
+
- SBD
|
|
2121
|
+
- SCR
|
|
2122
|
+
- SDG
|
|
2123
|
+
- SEK
|
|
2124
|
+
- SGD
|
|
2125
|
+
- SHP
|
|
2126
|
+
- SLL
|
|
2127
|
+
- SOS
|
|
2128
|
+
- SPL
|
|
2129
|
+
- SRD
|
|
2130
|
+
- STD
|
|
2131
|
+
- SVC
|
|
2132
|
+
- SYP
|
|
2133
|
+
- SZL
|
|
2134
|
+
- THB
|
|
2135
|
+
- TJS
|
|
2136
|
+
- TMT
|
|
2137
|
+
- TND
|
|
2138
|
+
- TOP
|
|
2139
|
+
- TRY
|
|
2140
|
+
- TTD
|
|
2141
|
+
- TVD
|
|
2142
|
+
- TWD
|
|
2143
|
+
- TZS
|
|
2144
|
+
- UAH
|
|
2145
|
+
- UGX
|
|
2146
|
+
- USD
|
|
2147
|
+
- UYU
|
|
2148
|
+
- UZS
|
|
2149
|
+
- VEF
|
|
2150
|
+
- VND
|
|
2151
|
+
- VUV
|
|
2152
|
+
- WST
|
|
2153
|
+
- XAF
|
|
2154
|
+
- XCD
|
|
2155
|
+
- XDR
|
|
2156
|
+
- XOF
|
|
2157
|
+
- XPF
|
|
2158
|
+
- XTS
|
|
2159
|
+
- XXX
|
|
2160
|
+
- YER
|
|
2161
|
+
- ZAR
|
|
2162
|
+
- ZMW
|
|
2163
|
+
- ZWD
|
|
2164
|
+
amount:
|
|
2165
|
+
title: Amount
|
|
2166
|
+
type: string
|
|
2167
|
+
pattern: ^([0]|([1-9][0-9]{0,17}))([.][0-9]{0,3}[1-9])?$
|
|
2168
|
+
description: The API data type Amount is a JSON String in a canonical format that is restricted by a regular expression for interoperability reasons. This pattern does not allow any trailing zeroes at all, but allows an amount without a minor currency unit. It also only allows four digits in the minor currency unit; a negative value is not allowed. Using more than 18 digits in the major currency unit is not allowed.
|
|
2169
|
+
example: '123.45'
|
|
2170
|
+
required:
|
|
2171
|
+
- currency
|
|
2172
|
+
- amount
|
|
2173
|
+
description: The amount of fees that the paying customer will be charged as part of the transaction.
|
|
2174
|
+
payer:
|
|
2175
|
+
allOf:
|
|
2176
|
+
- $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
|
|
2177
|
+
description: Information about the Payer type, id, sub-type/id, FSP Id in the proposed financial transaction.
|
|
2178
|
+
payee:
|
|
2179
|
+
allOf:
|
|
2180
|
+
- title: Party
|
|
2181
|
+
type: object
|
|
2182
|
+
description: Data model for the complex type Party.
|
|
2183
|
+
properties:
|
|
2184
|
+
partyIdInfo:
|
|
2185
|
+
$ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
|
|
2186
|
+
merchantClassificationCode:
|
|
2187
|
+
title: MerchantClassificationCode
|
|
2188
|
+
type: string
|
|
2189
|
+
pattern: ^[\d]{1,4}$
|
|
2190
|
+
description: A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc.
|
|
2191
|
+
name:
|
|
2192
|
+
title: PartyName
|
|
2193
|
+
type: string
|
|
2194
|
+
minLength: 1
|
|
2195
|
+
maxLength: 128
|
|
2196
|
+
description: Name of the Party. Could be a real name or a nickname.
|
|
2197
|
+
personalInfo:
|
|
2198
|
+
title: PartyPersonalInfo
|
|
2199
|
+
type: object
|
|
2200
|
+
additionalProperties: false
|
|
2201
|
+
description: Data model for the complex type PartyPersonalInfo.
|
|
2202
|
+
properties:
|
|
2203
|
+
complexName:
|
|
2204
|
+
title: PartyComplexName
|
|
2205
|
+
type: object
|
|
2206
|
+
additionalProperties: false
|
|
2207
|
+
description: Data model for the complex type PartyComplexName.
|
|
2208
|
+
properties:
|
|
2209
|
+
firstName:
|
|
2210
|
+
title: FirstName
|
|
2211
|
+
type: string
|
|
2212
|
+
minLength: 1
|
|
2213
|
+
maxLength: 128
|
|
2214
|
+
pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
|
|
2215
|
+
description: First name of the Party (Name Type).
|
|
2216
|
+
example: Henrik
|
|
2217
|
+
middleName:
|
|
2218
|
+
title: MiddleName
|
|
2219
|
+
type: string
|
|
2220
|
+
minLength: 1
|
|
2221
|
+
maxLength: 128
|
|
2222
|
+
pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
|
|
2223
|
+
description: Middle name of the Party (Name Type).
|
|
2224
|
+
example: Johannes
|
|
2225
|
+
lastName:
|
|
2226
|
+
title: LastName
|
|
2227
|
+
type: string
|
|
2228
|
+
minLength: 1
|
|
2229
|
+
maxLength: 128
|
|
2230
|
+
pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
|
|
2231
|
+
description: Last name of the Party (Name Type).
|
|
2232
|
+
example: Karlsson
|
|
2233
|
+
dateOfBirth:
|
|
2234
|
+
title: DateofBirth (type Date)
|
|
2235
|
+
type: string
|
|
2236
|
+
pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$
|
|
2237
|
+
description: Date of Birth of the Party.
|
|
2238
|
+
example: '1966-06-16'
|
|
2239
|
+
kycInformation:
|
|
2240
|
+
title: KYCInformation
|
|
2241
|
+
type: string
|
|
2242
|
+
minLength: 1
|
|
2243
|
+
maxLength: 2048
|
|
2244
|
+
description: KYC information for the party in a form mandated by an individual scheme.
|
|
2245
|
+
example: |-
|
|
2246
|
+
{
|
|
2247
|
+
"metadata": {
|
|
2248
|
+
"format": "JSON",
|
|
2249
|
+
"version": "1.0",
|
|
2250
|
+
"description": "Data containing KYC Information"
|
|
2251
|
+
},
|
|
2252
|
+
"data": {
|
|
2253
|
+
"name": "John Doe",
|
|
2254
|
+
"dob": "1980-05-15",
|
|
2255
|
+
"gender": "Male",
|
|
2256
|
+
"address": "123 Main Street, Anytown, USA",
|
|
2257
|
+
"email": "johndoe@example.com",
|
|
2258
|
+
"phone": "+1 555-123-4567",
|
|
2259
|
+
"nationality": "US",
|
|
2260
|
+
"passport_number": "AB1234567",
|
|
2261
|
+
"issue_date": "2010-02-20",
|
|
2262
|
+
"expiry_date": "2025-02-20",
|
|
2263
|
+
"bank_account_number": "1234567890",
|
|
2264
|
+
"bank_name": "Example Bank",
|
|
2265
|
+
"employer": "ABC Company",
|
|
2266
|
+
"occupation": "Software Engineer",
|
|
2267
|
+
"income": "$80,000 per year",
|
|
2268
|
+
"marital_status": "Single",
|
|
2269
|
+
"dependents": 0,
|
|
2270
|
+
"risk_level": "Low"
|
|
2271
|
+
}
|
|
2272
|
+
}
|
|
2273
|
+
required:
|
|
2274
|
+
- partyIdInfo
|
|
2275
|
+
description: Information about the Payee in the proposed financial transaction.
|
|
2276
|
+
transactionType:
|
|
2277
|
+
title: TransactionType
|
|
2278
|
+
type: object
|
|
2279
|
+
additionalProperties: false
|
|
2280
|
+
description: Data model for the complex type TransactionType.
|
|
2281
|
+
properties:
|
|
2282
|
+
scenario:
|
|
2283
|
+
title: TransactionScenario
|
|
2284
|
+
type: string
|
|
2285
|
+
enum:
|
|
2286
|
+
- DEPOSIT
|
|
2287
|
+
- WITHDRAWAL
|
|
2288
|
+
- TRANSFER
|
|
2289
|
+
- PAYMENT
|
|
2290
|
+
- REFUND
|
|
2291
|
+
description: |-
|
|
2292
|
+
Below are the allowed values for the enumeration.
|
|
2293
|
+
- DEPOSIT - Used for performing a Cash-In (deposit) transaction. In a normal scenario, electronic funds are transferred from a Business account to a Consumer account, and physical cash is given from the Consumer to the Business User.
|
|
2294
|
+
- WITHDRAWAL - Used for performing a Cash-Out (withdrawal) transaction. In a normal scenario, electronic funds are transferred from a Consumer’s account to a Business account, and physical cash is given from the Business User to the Consumer.
|
|
2295
|
+
- TRANSFER - Used for performing a P2P (Peer to Peer, or Consumer to Consumer) transaction.
|
|
2296
|
+
- PAYMENT - Usually used for performing a transaction from a Consumer to a Merchant or Organization, but could also be for a B2B (Business to Business) payment. The transaction could be online for a purchase in an Internet store, in a physical store where both the Consumer and Business User are present, a bill payment, a donation, and so on.
|
|
2297
|
+
- REFUND - Used for performing a refund of transaction.
|
|
2298
|
+
example: DEPOSIT
|
|
2299
|
+
subScenario:
|
|
2300
|
+
title: TransactionSubScenario
|
|
2301
|
+
type: string
|
|
2302
|
+
pattern: ^[A-Z_]{1,32}$
|
|
2303
|
+
description: Possible sub-scenario, defined locally within the scheme (UndefinedEnum Type).
|
|
2304
|
+
example: LOCALLY_DEFINED_SUBSCENARIO
|
|
2305
|
+
initiator:
|
|
2306
|
+
title: TransactionInitiator
|
|
2307
|
+
type: string
|
|
2308
|
+
enum:
|
|
2309
|
+
- PAYER
|
|
2310
|
+
- PAYEE
|
|
2311
|
+
description: |-
|
|
2312
|
+
Below are the allowed values for the enumeration.
|
|
2313
|
+
- PAYER - Sender of funds is initiating the transaction. The account to send from is either owned by the Payer or is connected to the Payer in some way.
|
|
2314
|
+
- PAYEE - Recipient of the funds is initiating the transaction by sending a transaction request. The Payer must approve the transaction, either automatically by a pre-generated OTP or by pre-approval of the Payee, or by manually approving in his or her own Device.
|
|
2315
|
+
example: PAYEE
|
|
2316
|
+
initiatorType:
|
|
2317
|
+
title: TransactionInitiatorType
|
|
2318
|
+
type: string
|
|
2319
|
+
enum:
|
|
2320
|
+
- CONSUMER
|
|
2321
|
+
- AGENT
|
|
2322
|
+
- BUSINESS
|
|
2323
|
+
- DEVICE
|
|
2324
|
+
description: |-
|
|
2325
|
+
Below are the allowed values for the enumeration.
|
|
2326
|
+
- CONSUMER - Consumer is the initiator of the transaction.
|
|
2327
|
+
- AGENT - Agent is the initiator of the transaction.
|
|
2328
|
+
- BUSINESS - Business is the initiator of the transaction.
|
|
2329
|
+
- DEVICE - Device is the initiator of the transaction.
|
|
2330
|
+
example: CONSUMER
|
|
2331
|
+
refundInfo:
|
|
2332
|
+
title: Refund
|
|
2333
|
+
type: object
|
|
2334
|
+
additionalProperties: false
|
|
2335
|
+
description: Data model for the complex type Refund.
|
|
2336
|
+
properties:
|
|
2337
|
+
originalTransactionId:
|
|
2338
|
+
$ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
|
|
2339
|
+
refundReason:
|
|
2340
|
+
title: RefundReason
|
|
2341
|
+
type: string
|
|
2342
|
+
minLength: 1
|
|
2343
|
+
maxLength: 128
|
|
2344
|
+
description: Reason for the refund.
|
|
2345
|
+
example: Free text indicating reason for the refund.
|
|
2346
|
+
required:
|
|
2347
|
+
- originalTransactionId
|
|
2348
|
+
balanceOfPayments:
|
|
2349
|
+
title: BalanceOfPayments
|
|
2350
|
+
type: string
|
|
2351
|
+
pattern: ^[1-9]\d{2}$
|
|
2352
|
+
description: (BopCode) The API data type [BopCode](https://www.imf.org/external/np/sta/bopcode/) is a JSON String of 3 characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed.
|
|
2353
|
+
example: '123'
|
|
2354
|
+
required:
|
|
2355
|
+
- scenario
|
|
2356
|
+
- initiator
|
|
2357
|
+
- initiatorType
|
|
2358
|
+
expiration:
|
|
2359
|
+
allOf:
|
|
2360
|
+
- title: DateTime
|
|
2361
|
+
type: string
|
|
2362
|
+
pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:(\.\d{3}))(?:Z|[+-][01]\d:[0-5]\d)$
|
|
2363
|
+
description: The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html), expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples are "2016-05-24T08:38:08.699-04:00", "2016-05-24T08:38:08.699Z" (where Z indicates Zulu time zone, same as UTC).
|
|
2364
|
+
example: '2016-05-24T08:38:08.699-04:00'
|
|
2365
|
+
description: The time by which the transfer must be completed, set by the payee DFSP.
|
|
2366
|
+
extensionList:
|
|
2367
|
+
title: ExtensionList
|
|
2368
|
+
type: object
|
|
2369
|
+
additionalProperties: false
|
|
2370
|
+
description: Data model for the complex type ExtensionList. An optional list of extensions, specific to deployment.
|
|
2371
|
+
properties:
|
|
2372
|
+
extension:
|
|
2373
|
+
type: array
|
|
2374
|
+
items:
|
|
2375
|
+
title: Extension
|
|
2376
|
+
type: object
|
|
2377
|
+
additionalProperties: false
|
|
2378
|
+
description: Data model for the complex type Extension.
|
|
2379
|
+
properties:
|
|
2380
|
+
key:
|
|
2381
|
+
title: ExtensionKey
|
|
2382
|
+
type: string
|
|
2383
|
+
minLength: 1
|
|
2384
|
+
maxLength: 32
|
|
2385
|
+
description: Extension key.
|
|
2386
|
+
value:
|
|
2387
|
+
title: ExtensionValue
|
|
2388
|
+
type: string
|
|
2389
|
+
minLength: 1
|
|
2390
|
+
maxLength: 128
|
|
2391
|
+
description: Extension value.
|
|
2392
|
+
required:
|
|
2393
|
+
- key
|
|
2394
|
+
- value
|
|
2395
|
+
minItems: 1
|
|
2396
|
+
maxItems: 16
|
|
2397
|
+
description: Number of Extension elements.
|
|
2398
|
+
required:
|
|
2399
|
+
- extension
|
|
2400
|
+
required:
|
|
2401
|
+
- authorizationRequestId
|
|
2402
|
+
- transactionRequestId
|
|
2403
|
+
- challenge
|
|
2404
|
+
- transferAmount
|
|
2405
|
+
- payeeReceiveAmount
|
|
2406
|
+
- fees
|
|
2407
|
+
- payer
|
|
2408
|
+
- payee
|
|
2409
|
+
- transactionType
|
|
2410
|
+
- expiration
|
|
2411
|
+
additionalProperties: false
|
|
2412
|
+
responses:
|
|
2413
|
+
'202':
|
|
2414
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
2415
|
+
'400':
|
|
2416
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
2417
|
+
'401':
|
|
2418
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
2419
|
+
'403':
|
|
2420
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
2421
|
+
'404':
|
|
2422
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
2423
|
+
'405':
|
|
2424
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
2425
|
+
'406':
|
|
2426
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
2427
|
+
'501':
|
|
2428
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
2429
|
+
'503':
|
|
2430
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
2431
|
+
/tppAuthorizations/{ID}:
|
|
2432
|
+
parameters:
|
|
2433
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
2434
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
2435
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
2436
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
2437
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
2438
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
2439
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
2440
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
2441
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
2442
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
2443
|
+
get:
|
|
2444
|
+
description: |
|
|
2445
|
+
The HTTP request **GET /tppAuthorizations/**_{ID}_ is used to get information relating
|
|
2446
|
+
to a previously issued authorization request. The *{ID}* in the request should match the
|
|
2447
|
+
`authorizationRequestId` which was given when the authorization request was created.
|
|
2448
|
+
operationId: tppGetAuthorizationsById
|
|
2449
|
+
summary: ttpGetAuthorizationsById
|
|
2450
|
+
tags:
|
|
2451
|
+
- authorizations
|
|
2452
|
+
parameters:
|
|
2453
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/0'
|
|
2454
|
+
responses:
|
|
2455
|
+
'202':
|
|
2456
|
+
$ref: '#/paths/~1tppConsents/post/responses/202'
|
|
2457
|
+
'400':
|
|
2458
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
2459
|
+
'401':
|
|
2460
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
2461
|
+
'403':
|
|
2462
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
2463
|
+
'404':
|
|
2464
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
2465
|
+
'405':
|
|
2466
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
2467
|
+
'406':
|
|
2468
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
2469
|
+
'501':
|
|
2470
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
2471
|
+
'503':
|
|
2472
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
2473
|
+
put:
|
|
2474
|
+
description: |
|
|
2475
|
+
After receiving the **POST /tppAuthorizations**, the PISP will present the details of the
|
|
2476
|
+
transaction to their user, and request that the client sign the `challenge` field using the credential
|
|
2477
|
+
they previously registered.
|
|
2478
|
+
|
|
2479
|
+
The signed challenge will be sent back by the PISP in **PUT /tppAuthorizations/**_{ID}_:
|
|
2480
|
+
operationId: tppPutAuthorizationsById
|
|
2481
|
+
summary: tppPutAuthorizationsById
|
|
2482
|
+
tags:
|
|
2483
|
+
- authorizations
|
|
2484
|
+
parameters:
|
|
2485
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
2486
|
+
requestBody:
|
|
2487
|
+
description: Signed authorization object
|
|
2488
|
+
required: true
|
|
2489
|
+
content:
|
|
2490
|
+
application/json:
|
|
2491
|
+
schema:
|
|
2492
|
+
oneOf:
|
|
2493
|
+
- title: tppAuthorizationsIDPutResponseRejected
|
|
2494
|
+
type: object
|
|
2495
|
+
description: The object sent in the PUT /tppAuthorizations/{ID} callback.
|
|
2496
|
+
properties:
|
|
2497
|
+
responseType:
|
|
2498
|
+
title: AuthorizationResponseTypeRejected
|
|
2499
|
+
description: |
|
|
2500
|
+
The customer rejected the terms of the transfer.
|
|
2501
|
+
type: string
|
|
2502
|
+
enum:
|
|
2503
|
+
- REJECTED
|
|
2504
|
+
extensionList:
|
|
2505
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
2506
|
+
required:
|
|
2507
|
+
- responseType
|
|
2508
|
+
- title: tppAuthorizationsIDPutResponseFIDO
|
|
2509
|
+
type: object
|
|
2510
|
+
description: The object sent in the PUT /tppAuthorizations/{ID} callback.
|
|
2511
|
+
properties:
|
|
2512
|
+
responseType:
|
|
2513
|
+
title: AuthorizationResponseType
|
|
2514
|
+
description: |
|
|
2515
|
+
The customer accepted the terms of the transfer
|
|
2516
|
+
type: string
|
|
2517
|
+
enum:
|
|
2518
|
+
- ACCEPTED
|
|
2519
|
+
signedPayload:
|
|
2520
|
+
title: SignedPayloadFIDO
|
|
2521
|
+
type: object
|
|
2522
|
+
properties:
|
|
2523
|
+
signedPayloadType:
|
|
2524
|
+
$ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/0/properties/signedPayloadType'
|
|
2525
|
+
fidoSignedPayload:
|
|
2526
|
+
$ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/0/properties/fidoSignedPayload'
|
|
2527
|
+
required:
|
|
2528
|
+
- signedPayloadType
|
|
2529
|
+
- fidoSignedPayload
|
|
2530
|
+
additionalProperties: false
|
|
2531
|
+
extensionList:
|
|
2532
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
2533
|
+
required:
|
|
2534
|
+
- responseType
|
|
2535
|
+
- signedPayload
|
|
2536
|
+
additionalProperties: false
|
|
2537
|
+
- title: tppAuthorizationsIDPutResponseGeneric
|
|
2538
|
+
type: object
|
|
2539
|
+
description: The object sent in the PUT /tppAuthorizations/{ID} callback.
|
|
2540
|
+
properties:
|
|
2541
|
+
responseType:
|
|
2542
|
+
$ref: '#/paths/~1tppAuthorizations~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/1/properties/responseType'
|
|
2543
|
+
signedPayload:
|
|
2544
|
+
title: SignedPayloadGeneric
|
|
2545
|
+
type: object
|
|
2546
|
+
properties:
|
|
2547
|
+
signedPayloadType:
|
|
2548
|
+
$ref: '#/paths/~1tppVerifications/post/requestBody/content/application~1json/schema/oneOf/1/properties/signedPayloadType'
|
|
2549
|
+
genericSignedPayload:
|
|
2550
|
+
$ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
|
|
2551
|
+
required:
|
|
2552
|
+
- signedPayloadType
|
|
2553
|
+
- genericSignedPayload
|
|
2554
|
+
additionalProperties: false
|
|
2555
|
+
extensionList:
|
|
2556
|
+
$ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
|
|
2557
|
+
required:
|
|
2558
|
+
- responseType
|
|
2559
|
+
- signedPayload
|
|
2560
|
+
additionalProperties: false
|
|
2561
|
+
responses:
|
|
2562
|
+
'200':
|
|
2563
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
2564
|
+
'400':
|
|
2565
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
2566
|
+
'401':
|
|
2567
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
2568
|
+
'403':
|
|
2569
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
2570
|
+
'404':
|
|
2571
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
2572
|
+
'405':
|
|
2573
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
2574
|
+
'406':
|
|
2575
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
2576
|
+
'501':
|
|
2577
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
2578
|
+
'503':
|
|
2579
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|
|
2580
|
+
/tppAuthorizations/{ID}/error:
|
|
2581
|
+
parameters:
|
|
2582
|
+
- $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
|
|
2583
|
+
- $ref: '#/paths/~1tppConsents/parameters/0'
|
|
2584
|
+
- $ref: '#/paths/~1tppConsents/parameters/1'
|
|
2585
|
+
- $ref: '#/paths/~1tppConsents/parameters/2'
|
|
2586
|
+
- $ref: '#/paths/~1tppConsents/parameters/3'
|
|
2587
|
+
- $ref: '#/paths/~1tppConsents/parameters/4'
|
|
2588
|
+
- $ref: '#/paths/~1tppConsents/parameters/5'
|
|
2589
|
+
- $ref: '#/paths/~1tppConsents/parameters/6'
|
|
2590
|
+
- $ref: '#/paths/~1tppConsents/parameters/7'
|
|
2591
|
+
- $ref: '#/paths/~1tppConsents/parameters/8'
|
|
2592
|
+
put:
|
|
2593
|
+
tags:
|
|
2594
|
+
- authorizations
|
|
2595
|
+
operationId: tppAuthorizationsByIdAndError
|
|
2596
|
+
summary: tppAuthorizationsByIdAndError
|
|
2597
|
+
description: |
|
|
2598
|
+
The HTTP request `PUT /tppAuthorizations/{ID}/error` is used by the DFSP or PISP to inform
|
|
2599
|
+
the other party that something went wrong with a Thirdparty Transaction Authorization Request.
|
|
2600
|
+
|
|
2601
|
+
The PISP may use this to tell the DFSP that the Thirdparty Transaction Authorization Request is invalid or doesn't
|
|
2602
|
+
match a `transactionRequestId`.
|
|
2603
|
+
|
|
2604
|
+
The DFSP may use this to tell the PISP that the signed challenge returned in `PUT /tppAuthorizations/{ID}`
|
|
2605
|
+
was invalid.
|
|
2606
|
+
parameters:
|
|
2607
|
+
- $ref: '#/paths/~1tppConsents/post/parameters/1'
|
|
2608
|
+
requestBody:
|
|
2609
|
+
description: Error information returned.
|
|
2610
|
+
required: true
|
|
2611
|
+
content:
|
|
2612
|
+
application/json:
|
|
2613
|
+
schema:
|
|
2614
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
|
|
2615
|
+
responses:
|
|
2616
|
+
'200':
|
|
2617
|
+
$ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
|
|
2618
|
+
'400':
|
|
2619
|
+
$ref: '#/paths/~1tppConsents/post/responses/400'
|
|
2620
|
+
'401':
|
|
2621
|
+
$ref: '#/paths/~1tppConsents/post/responses/401'
|
|
2622
|
+
'403':
|
|
2623
|
+
$ref: '#/paths/~1tppConsents/post/responses/403'
|
|
2624
|
+
'404':
|
|
2625
|
+
$ref: '#/paths/~1tppConsents/post/responses/404'
|
|
2626
|
+
'405':
|
|
2627
|
+
$ref: '#/paths/~1tppConsents/post/responses/405'
|
|
2628
|
+
'406':
|
|
2629
|
+
$ref: '#/paths/~1tppConsents/post/responses/406'
|
|
2630
|
+
'501':
|
|
2631
|
+
$ref: '#/paths/~1tppConsents/post/responses/501'
|
|
2632
|
+
'503':
|
|
2633
|
+
$ref: '#/paths/~1tppConsents/post/responses/503'
|