@mojaloop/api-snippets 18.3.1 → 18.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/audit-ci.jsonc +7 -1
  3. package/docs/fspiop-rest-v2.0-ISO20022-openapi3-snippets.yaml +0 -2
  4. package/docs/sdk-scheme-adapter-outbound-v2_1_0-openapi3-snippets.yaml +1 -1
  5. package/docs/thirdparty-admin-v2.0-openapi3-snippets.yaml +3705 -0
  6. package/docs/thirdparty-openapi3-snippets.yaml +5 -5
  7. package/docs/thirdparty-v1.0-openapi3-snippets.yaml +3802 -0
  8. package/docs/thirdparty-v2.0-openapi3-snippets.yaml +1825 -0
  9. package/eslint.config.mjs +70 -0
  10. package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification18.yaml +0 -1
  11. package/fspiop/v2_0_ISO20022/openapi3/components/schemas/FinancialInstitutionIdentification23.yaml +0 -1
  12. package/lib/fspiop/v2_0/index.js +0 -1
  13. package/lib/fspiop/v2_0/index.js.map +1 -1
  14. package/lib/fspiop/v2_0_ISO20022/index.js +0 -1
  15. package/lib/fspiop/v2_0_ISO20022/index.js.map +1 -1
  16. package/lib/fspiop/v2_0_ISO20022/json-schemas.json +0 -71
  17. package/lib/fspiop/v2_0_ISO20022/schemas.d.ts +0 -140
  18. package/lib/index.js +0 -1
  19. package/lib/index.js.map +1 -1
  20. package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js +0 -1
  21. package/lib/sdk-scheme-adapter/v2_0_0/backend/index.js.map +1 -1
  22. package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js +0 -1
  23. package/lib/sdk-scheme-adapter/v2_0_0/outbound/index.js.map +1 -1
  24. package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js +0 -1
  25. package/lib/sdk-scheme-adapter/v2_1_0/backend/index.js.map +1 -1
  26. package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js +0 -1
  27. package/lib/sdk-scheme-adapter/v2_1_0/outbound/index.js.map +1 -1
  28. package/lib/sdk-scheme-adapter/v2_1_0/outbound/json-schemas.json +1 -1
  29. package/lib/sdk-scheme-adapter/v2_1_0/outbound/schemas.d.ts +1 -1
  30. package/lib/thirdparty/v2_0/openapi.d.ts +1726 -0
  31. package/lib/thirdparty/v2_0/openapi.js +7 -0
  32. package/lib/thirdparty/v2_0/openapi.js.map +1 -0
  33. package/package.json +48 -45
  34. package/sdk-scheme-adapter/v2_1_0/components/schemas/transferRequest.yaml +1 -1
  35. package/test/dto/{thirdparty.test.ts → thirdparty_v1_0.test.ts} +1 -1
  36. package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +2 -2
  37. package/thirdparty/v1_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +3 -3
  38. package/thirdparty/v1_0/openapi3/thirdparty-dfsp-api.yaml +68 -61
  39. package/thirdparty/v1_0/openapi3/thirdparty-pisp-api.yaml +82 -75
  40. package/thirdparty/v2_0/openapi3/components/headers/Content-Length.yaml +1 -0
  41. package/thirdparty/v2_0/openapi3/components/headers/Content-Type.yaml +1 -0
  42. package/thirdparty/v2_0/openapi3/components/parameters/Accept.yaml +1 -0
  43. package/thirdparty/v2_0/openapi3/components/parameters/Content-Length.yaml +1 -0
  44. package/thirdparty/v2_0/openapi3/components/parameters/Content-Type.yaml +1 -0
  45. package/thirdparty/v2_0/openapi3/components/parameters/Date.yaml +1 -0
  46. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Destination.yaml +1 -0
  47. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Encryption.yaml +1 -0
  48. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-HTTP-Method.yaml +1 -0
  49. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Signature.yaml +1 -0
  50. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-Source.yaml +1 -0
  51. package/thirdparty/v2_0/openapi3/components/parameters/FSPIOP-URI.yaml +1 -0
  52. package/thirdparty/v2_0/openapi3/components/parameters/ID.yaml +1 -0
  53. package/thirdparty/v2_0/openapi3/components/parameters/ServiceType.yaml +6 -0
  54. package/thirdparty/v2_0/openapi3/components/parameters/SubId.yaml +1 -0
  55. package/thirdparty/v2_0/openapi3/components/parameters/Type.yaml +1 -0
  56. package/thirdparty/v2_0/openapi3/components/parameters/X-Forwarded-For.yaml +1 -0
  57. package/thirdparty/v2_0/openapi3/components/responses/200.yaml +1 -0
  58. package/thirdparty/v2_0/openapi3/components/responses/202.yaml +1 -0
  59. package/thirdparty/v2_0/openapi3/components/responses/400.yaml +1 -0
  60. package/thirdparty/v2_0/openapi3/components/responses/401.yaml +1 -0
  61. package/thirdparty/v2_0/openapi3/components/responses/403.yaml +1 -0
  62. package/thirdparty/v2_0/openapi3/components/responses/404.yaml +1 -0
  63. package/thirdparty/v2_0/openapi3/components/responses/405.yaml +1 -0
  64. package/thirdparty/v2_0/openapi3/components/responses/406.yaml +1 -0
  65. package/thirdparty/v2_0/openapi3/components/responses/501.yaml +1 -0
  66. package/thirdparty/v2_0/openapi3/components/responses/503.yaml +1 -0
  67. package/thirdparty/v2_0/openapi3/components/schemas/Account.yaml +17 -0
  68. package/thirdparty/v2_0/openapi3/components/schemas/AccountAddress.yaml +25 -0
  69. package/thirdparty/v2_0/openapi3/components/schemas/AccountList.yaml +11 -0
  70. package/thirdparty/v2_0/openapi3/components/schemas/Amount.yaml +1 -0
  71. package/thirdparty/v2_0/openapi3/components/schemas/AmountType.yaml +1 -0
  72. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticationResponse.yaml +10 -0
  73. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAssertionResponse.yaml +32 -0
  74. package/thirdparty/v2_0/openapi3/components/schemas/AuthenticatorAttestationResponse.yaml +23 -0
  75. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseType.yaml +8 -0
  76. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeAccepted.yaml +6 -0
  77. package/thirdparty/v2_0/openapi3/components/schemas/AuthorizationResponseTypeRejected.yaml +6 -0
  78. package/thirdparty/v2_0/openapi3/components/schemas/BinaryString.yaml +1 -0
  79. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelType.yaml +9 -0
  80. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeOTP.yaml +6 -0
  81. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestChannelTypeWeb.yaml +6 -0
  82. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPatchRequest.yaml +16 -0
  83. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseOTP.yaml +30 -0
  84. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsIDPutResponseWeb.yaml +39 -0
  85. package/thirdparty/v2_0/openapi3/components/schemas/ConsentRequestsPostRequest.yaml +44 -0
  86. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatus.yaml +9 -0
  87. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusIssued.yaml +7 -0
  88. package/thirdparty/v2_0/openapi3/components/schemas/ConsentStatusRevoked.yaml +7 -0
  89. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseRevoked.yaml +17 -0
  90. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPatchResponseVerified.yaml +19 -0
  91. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseSigned.yaml +23 -0
  92. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsIDPutResponseVerified.yaml +23 -0
  93. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestAUTH.yaml +33 -0
  94. package/thirdparty/v2_0/openapi3/components/schemas/ConsentsPostRequestPISP.yaml +32 -0
  95. package/thirdparty/v2_0/openapi3/components/schemas/CorrelationId.yaml +1 -0
  96. package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusPending.yaml +7 -0
  97. package/thirdparty/v2_0/openapi3/components/schemas/CredentialStatusVerified.yaml +7 -0
  98. package/thirdparty/v2_0/openapi3/components/schemas/CredentialType.yaml +11 -0
  99. package/thirdparty/v2_0/openapi3/components/schemas/Currency.yaml +1 -0
  100. package/thirdparty/v2_0/openapi3/components/schemas/DateOfBirth.yaml +1 -0
  101. package/thirdparty/v2_0/openapi3/components/schemas/DateTime.yaml +1 -0
  102. package/thirdparty/v2_0/openapi3/components/schemas/ErrorCode.yaml +1 -0
  103. package/thirdparty/v2_0/openapi3/components/schemas/ErrorDescription.yaml +1 -0
  104. package/thirdparty/v2_0/openapi3/components/schemas/ErrorInformation.yaml +1 -0
  105. package/thirdparty/v2_0/openapi3/components/schemas/Extension.yaml +1 -0
  106. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionKey.yaml +1 -0
  107. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionList.yaml +1 -0
  108. package/thirdparty/v2_0/openapi3/components/schemas/ExtensionValue.yaml +1 -0
  109. package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAssertion.yaml +71 -0
  110. package/thirdparty/v2_0/openapi3/components/schemas/FIDOPublicKeyCredentialAttestation.yaml +54 -0
  111. package/thirdparty/v2_0/openapi3/components/schemas/FirstName.yaml +1 -0
  112. package/thirdparty/v2_0/openapi3/components/schemas/FspId.yaml +1 -0
  113. package/thirdparty/v2_0/openapi3/components/schemas/GenericCredential.yaml +13 -0
  114. package/thirdparty/v2_0/openapi3/components/schemas/GeoCode.yaml +1 -0
  115. package/thirdparty/v2_0/openapi3/components/schemas/IlpCondition.yaml +1 -0
  116. package/thirdparty/v2_0/openapi3/components/schemas/IlpFulfilment.yaml +1 -0
  117. package/thirdparty/v2_0/openapi3/components/schemas/IlpPacket.yaml +1 -0
  118. package/thirdparty/v2_0/openapi3/components/schemas/Integer.yaml +1 -0
  119. package/thirdparty/v2_0/openapi3/components/schemas/LastName.yaml +1 -0
  120. package/thirdparty/v2_0/openapi3/components/schemas/Latitude.yaml +1 -0
  121. package/thirdparty/v2_0/openapi3/components/schemas/Longitude.yaml +1 -0
  122. package/thirdparty/v2_0/openapi3/components/schemas/MerchantClassificationCode.yaml +1 -0
  123. package/thirdparty/v2_0/openapi3/components/schemas/MiddleName.yaml +1 -0
  124. package/thirdparty/v2_0/openapi3/components/schemas/Money.yaml +1 -0
  125. package/thirdparty/v2_0/openapi3/components/schemas/Name.yaml +2 -0
  126. package/thirdparty/v2_0/openapi3/components/schemas/Note.yaml +1 -0
  127. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsIDPutResponse.yaml +17 -0
  128. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsPostRequest.yaml +20 -0
  129. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDPutResponse.yaml +8 -0
  130. package/thirdparty/v2_0/openapi3/components/schemas/ParticipantsTypeIDSubIDPostRequest.yaml +15 -0
  131. package/thirdparty/v2_0/openapi3/components/schemas/PartiesTypeIDPutResponse.yaml +13 -0
  132. package/thirdparty/v2_0/openapi3/components/schemas/Party.yaml +15 -0
  133. package/thirdparty/v2_0/openapi3/components/schemas/PartyComplexName.yaml +1 -0
  134. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfo.yaml +17 -0
  135. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdInfoTPLink.yaml +17 -0
  136. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdType.yaml +58 -0
  137. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdTypeTPLink.yaml +7 -0
  138. package/thirdparty/v2_0/openapi3/components/schemas/PartyIdentifier.yaml +1 -0
  139. package/thirdparty/v2_0/openapi3/components/schemas/PartyName.yaml +1 -0
  140. package/thirdparty/v2_0/openapi3/components/schemas/PartyPersonalInfo.yaml +1 -0
  141. package/thirdparty/v2_0/openapi3/components/schemas/PartyResult.yaml +10 -0
  142. package/thirdparty/v2_0/openapi3/components/schemas/PartySubIdOrType.yaml +1 -0
  143. package/thirdparty/v2_0/openapi3/components/schemas/PartyTPLink.yaml +14 -0
  144. package/thirdparty/v2_0/openapi3/components/schemas/QuotesIDPutResponse.yaml +1 -0
  145. package/thirdparty/v2_0/openapi3/components/schemas/QuotesPostRequest.yaml +79 -0
  146. package/thirdparty/v2_0/openapi3/components/schemas/Scope.yaml +20 -0
  147. package/thirdparty/v2_0/openapi3/components/schemas/ScopeAction.yaml +14 -0
  148. package/thirdparty/v2_0/openapi3/components/schemas/ServiceType.yaml +15 -0
  149. package/thirdparty/v2_0/openapi3/components/schemas/ServicesServiceTypePutResponse.yaml +26 -0
  150. package/thirdparty/v2_0/openapi3/components/schemas/SignedCredential.yaml +23 -0
  151. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadFIDO.yaml +11 -0
  152. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadGeneric.yaml +11 -0
  153. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadType.yaml +9 -0
  154. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeFIDO.yaml +5 -0
  155. package/thirdparty/v2_0/openapi3/components/schemas/SignedPayloadTypeGeneric.yaml +5 -0
  156. package/thirdparty/v2_0/openapi3/components/schemas/Transaction.yaml +43 -0
  157. package/thirdparty/v2_0/openapi3/components/schemas/TransactionRequestState.yaml +1 -0
  158. package/thirdparty/v2_0/openapi3/components/schemas/TransactionState.yaml +1 -0
  159. package/thirdparty/v2_0/openapi3/components/schemas/TransactionType.yaml +1 -0
  160. package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestFIDO.yaml +15 -0
  161. package/thirdparty/v2_0/openapi3/components/schemas/TransfersPostRequestGeneric.yaml +15 -0
  162. package/thirdparty/v2_0/openapi3/components/schemas/Uri.yaml +8 -0
  163. package/thirdparty/v2_0/openapi3/components/schemas/VerifiedCredential.yaml +23 -0
  164. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPostRequest.yaml +35 -0
  165. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountRequestPutResponse.yaml +30 -0
  166. package/thirdparty/v2_0/openapi3/components/schemas/tppAccountsIDPutResponse.yaml +21 -0
  167. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseFIDO.yaml +15 -0
  168. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseGeneric.yaml +15 -0
  169. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsIDPutResponseRejected.yaml +10 -0
  170. package/thirdparty/v2_0/openapi3/components/schemas/tppAuthorizationsPostRequest.yaml +67 -0
  171. package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPostRequest.yaml +60 -0
  172. package/thirdparty/v2_0/openapi3/components/schemas/tppTransactionRequestPutResponse.yaml +67 -0
  173. package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPostRequest.yaml +19 -0
  174. package/thirdparty/v2_0/openapi3/components/schemas/tppTransfersPutResponse.yaml +25 -0
  175. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsIDPutResponse.yaml +19 -0
  176. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestFIDO.yaml +28 -0
  177. package/thirdparty/v2_0/openapi3/components/schemas/tppVerificationsPostRequestGeneric.yaml +28 -0
  178. package/thirdparty/v2_0/openapi3/openapi-admin.yaml +99 -0
  179. package/thirdparty/v2_0/openapi3/openapi.yaml +64 -0
  180. package/thirdparty/v2_0/openapi3/paths/health.yaml +25 -0
  181. package/thirdparty/v2_0/openapi3/paths/metrics.yaml +25 -0
  182. package/thirdparty/v2_0/openapi3/paths/participants.yaml +50 -0
  183. package/thirdparty/v2_0/openapi3/paths/participants_ID.yaml +49 -0
  184. package/thirdparty/v2_0/openapi3/paths/participants_ID_error.yaml +51 -0
  185. package/thirdparty/v2_0/openapi3/paths/participants_Type_ID.yaml +169 -0
  186. package/thirdparty/v2_0/openapi3/paths/participants_Type_ID_error.yaml +52 -0
  187. package/thirdparty/v2_0/openapi3/paths/services_ServiceType.yaml +77 -0
  188. package/thirdparty/v2_0/openapi3/paths/services_ServiceType_error.yaml +49 -0
  189. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest.yaml +49 -0
  190. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID.yaml +86 -0
  191. package/thirdparty/v2_0/openapi3/paths/tppAccountRequest_ID_error.yaml +48 -0
  192. package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID.yaml +88 -0
  193. package/thirdparty/v2_0/openapi3/paths/tppAccounts_ID_error.yaml +48 -0
  194. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations.yaml +51 -0
  195. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID.yaml +86 -0
  196. package/thirdparty/v2_0/openapi3/paths/tppAuthorizations_ID_error.yaml +55 -0
  197. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests.yaml +48 -0
  198. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID.yaml +123 -0
  199. package/thirdparty/v2_0/openapi3/paths/tppConsentRequests_ID_error.yaml +48 -0
  200. package/thirdparty/v2_0/openapi3/paths/tppConsents.yaml +49 -0
  201. package/thirdparty/v2_0/openapi3/paths/tppConsents_ID.yaml +165 -0
  202. package/thirdparty/v2_0/openapi3/paths/tppConsents_ID_error.yaml +48 -0
  203. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests.yaml +48 -0
  204. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID.yaml +83 -0
  205. package/thirdparty/v2_0/openapi3/paths/tppTransactionRequests_ID_error.yaml +52 -0
  206. package/thirdparty/v2_0/openapi3/paths/tppTransfers.yaml +47 -0
  207. package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID.yaml +86 -0
  208. package/thirdparty/v2_0/openapi3/paths/tppTransfers_ID_error.yaml +52 -0
  209. package/thirdparty/v2_0/openapi3/paths/tppVerifications.yaml +49 -0
  210. package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID.yaml +87 -0
  211. package/thirdparty/v2_0/openapi3/paths/tppVerifications_ID_error.yaml +49 -0
  212. package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.template.yaml +53 -0
  213. package/thirdparty/v2_0/openapi3/thirdparty-dfsp-admin-api.yaml +2633 -0
  214. package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.template.yaml +57 -0
  215. package/thirdparty/v2_0/openapi3/thirdparty-pisp-admin-api.yaml +3103 -0
  216. package/tsconfig.build.json +4 -3
@@ -0,0 +1,3103 @@
1
+ openapi: 3.0.1
2
+ info:
3
+ title: Mojaloop Third Party Admin API for PISPs
4
+ version: '2.0'
5
+ description: |
6
+ A Mojaloop API for Payment Initiation Service Providers (PISPs) to perform Third Party functions on DFSPs' User's accounts.
7
+ DFSPs who want to enable Payment Initiation Service Providers (PISPs) should implement the accompanying API - Mojaloop Third Party API (DFSP) instead.
8
+ license:
9
+ name: Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)
10
+ url: https://github.com/mojaloop/mojaloop-specification/blob/main/LICENSE.md
11
+ servers:
12
+ - url: /
13
+ paths:
14
+ /services/{ServiceType}:
15
+ parameters:
16
+ - name: ServiceType
17
+ in: path
18
+ required: true
19
+ schema:
20
+ type: string
21
+ description: The type of the service identifier. For example, `THIRD_PARTY_DFSP`
22
+ - $ref: '#/paths/~1tppConsents/parameters/0'
23
+ - $ref: '#/paths/~1tppConsents/parameters/1'
24
+ - $ref: '#/paths/~1tppConsents/parameters/2'
25
+ - $ref: '#/paths/~1tppConsents/parameters/3'
26
+ - $ref: '#/paths/~1tppConsents/parameters/4'
27
+ - $ref: '#/paths/~1tppConsents/parameters/5'
28
+ - $ref: '#/paths/~1tppConsents/parameters/6'
29
+ - $ref: '#/paths/~1tppConsents/parameters/7'
30
+ - $ref: '#/paths/~1tppConsents/parameters/8'
31
+ get:
32
+ operationId: GetServicesByServiceType
33
+ summary: GetServicesByServiceType
34
+ description: |
35
+ The HTTP request `GET /services/{ServiceType}` is used to retrieve the list of participants
36
+ that support a specified service.
37
+ parameters:
38
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
39
+ tags:
40
+ - services
41
+ responses:
42
+ '202':
43
+ $ref: '#/paths/~1tppConsents/post/responses/202'
44
+ '400':
45
+ $ref: '#/paths/~1tppConsents/post/responses/400'
46
+ '401':
47
+ $ref: '#/paths/~1tppConsents/post/responses/401'
48
+ '403':
49
+ $ref: '#/paths/~1tppConsents/post/responses/403'
50
+ '404':
51
+ $ref: '#/paths/~1tppConsents/post/responses/404'
52
+ '405':
53
+ $ref: '#/paths/~1tppConsents/post/responses/405'
54
+ '406':
55
+ $ref: '#/paths/~1tppConsents/post/responses/406'
56
+ '501':
57
+ $ref: '#/paths/~1tppConsents/post/responses/501'
58
+ '503':
59
+ $ref: '#/paths/~1tppConsents/post/responses/503'
60
+ put:
61
+ description: |
62
+ The HTTP request `PUT /services/{ServiceType}` is used to return list of participants
63
+ that support a specified service.
64
+ operationId: PutServicesByServiceType
65
+ summary: PutServicesByServiceType
66
+ tags:
67
+ - services
68
+ parameters:
69
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
70
+ requestBody:
71
+ required: true
72
+ content:
73
+ application/json:
74
+ schema:
75
+ title: ServicesServiceTypePutResponse
76
+ type: object
77
+ description: |-
78
+ Used by: Switch
79
+ The callback PUT /services/{ServiceType} is used to inform the client of a successful result of the service information lookup.
80
+ Callback and data model information for GET /services/{ServiceType}:
81
+ Callback - PUT /services/{ServiceType} Error Callback - PUT /services/{ServiceType}/error Data Model - Empty body
82
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31531-put-servicesservicetype
83
+ properties:
84
+ providers:
85
+ type: array
86
+ minLength: 0
87
+ maxLength: 256
88
+ items:
89
+ title: FspId
90
+ type: string
91
+ minLength: 1
92
+ maxLength: 32
93
+ description: FSP identifier.
94
+ extensionList:
95
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
96
+ required:
97
+ - providers
98
+ responses:
99
+ '200':
100
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
101
+ '400':
102
+ $ref: '#/paths/~1tppConsents/post/responses/400'
103
+ '401':
104
+ $ref: '#/paths/~1tppConsents/post/responses/401'
105
+ '403':
106
+ $ref: '#/paths/~1tppConsents/post/responses/403'
107
+ '404':
108
+ $ref: '#/paths/~1tppConsents/post/responses/404'
109
+ '405':
110
+ $ref: '#/paths/~1tppConsents/post/responses/405'
111
+ '406':
112
+ $ref: '#/paths/~1tppConsents/post/responses/406'
113
+ '501':
114
+ $ref: '#/paths/~1tppConsents/post/responses/501'
115
+ '503':
116
+ $ref: '#/paths/~1tppConsents/post/responses/503'
117
+ /services/{ServiceType}/error:
118
+ parameters:
119
+ - $ref: '#/paths/~1services~1%7BServiceType%7D/parameters/0'
120
+ - $ref: '#/paths/~1tppConsents/parameters/0'
121
+ - $ref: '#/paths/~1tppConsents/parameters/1'
122
+ - $ref: '#/paths/~1tppConsents/parameters/2'
123
+ - $ref: '#/paths/~1tppConsents/parameters/3'
124
+ - $ref: '#/paths/~1tppConsents/parameters/4'
125
+ - $ref: '#/paths/~1tppConsents/parameters/5'
126
+ - $ref: '#/paths/~1tppConsents/parameters/6'
127
+ - $ref: '#/paths/~1tppConsents/parameters/7'
128
+ - $ref: '#/paths/~1tppConsents/parameters/8'
129
+ put:
130
+ description: |
131
+ The HTTP request `PUT /services/{ServiceType}/error` is used to return error information
132
+ operationId: PutServicesByServiceTypeAndError
133
+ summary: PutServicesByServiceTypeAndError
134
+ tags:
135
+ - services
136
+ parameters:
137
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
138
+ requestBody:
139
+ description: Details of the error returned.
140
+ required: true
141
+ content:
142
+ application/json:
143
+ schema:
144
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
145
+ responses:
146
+ '200':
147
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
148
+ '400':
149
+ $ref: '#/paths/~1tppConsents/post/responses/400'
150
+ '401':
151
+ $ref: '#/paths/~1tppConsents/post/responses/401'
152
+ '403':
153
+ $ref: '#/paths/~1tppConsents/post/responses/403'
154
+ '404':
155
+ $ref: '#/paths/~1tppConsents/post/responses/404'
156
+ '405':
157
+ $ref: '#/paths/~1tppConsents/post/responses/405'
158
+ '406':
159
+ $ref: '#/paths/~1tppConsents/post/responses/406'
160
+ '501':
161
+ $ref: '#/paths/~1tppConsents/post/responses/501'
162
+ '503':
163
+ $ref: '#/paths/~1tppConsents/post/responses/503'
164
+ /tppAccountRequest:
165
+ parameters:
166
+ - $ref: '#/paths/~1tppConsents/parameters/0'
167
+ - $ref: '#/paths/~1tppConsents/parameters/1'
168
+ - $ref: '#/paths/~1tppConsents/parameters/2'
169
+ - $ref: '#/paths/~1tppConsents/parameters/3'
170
+ - $ref: '#/paths/~1tppConsents/parameters/4'
171
+ - $ref: '#/paths/~1tppConsents/parameters/5'
172
+ - $ref: '#/paths/~1tppConsents/parameters/6'
173
+ - $ref: '#/paths/~1tppConsents/parameters/7'
174
+ - $ref: '#/paths/~1tppConsents/parameters/8'
175
+ post:
176
+ tags:
177
+ - accountRequest
178
+ operationId: AuthorisingAccountRequest
179
+ summary: AuthorisingAccountRequest
180
+ description: |
181
+ The `/tppAccountsRequest` resource is used to request consent from a user
182
+ for access to their accounts information. This resource must be called before
183
+ the /tppAccounts resource can be queried which provides the account information.
184
+ parameters:
185
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
186
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
187
+ requestBody:
188
+ description: The consentRequest to create
189
+ required: true
190
+ content:
191
+ application/json:
192
+ schema:
193
+ title: AccountRequestPostRequest
194
+ type: object
195
+ description: |-
196
+ Used by: PISP
197
+ The /tppAccountsRequest resource is used to request consent from a user for access to their accounts information. This resource must be called before the /tppAccounts resource can be queried which provides the account information.
198
+ Callback and data model for POST /tppAccountRequest:
199
+ Callback: PUT /tppAccountRequests/{ID} Error callback: PUT /tppAccountRequests/{ID}/error Data model - see below url
200
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31212-post-accountrequest
201
+ properties:
202
+ accountRequestId:
203
+ title: CorrelationId
204
+ type: string
205
+ pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[1-7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$|^[0-9A-HJKMNP-TV-Z]{26}$
206
+ description: Identifier that correlates all messages of the same sequence. The supported identifiers formats are for lowercase [UUID](https://datatracker.ietf.org/doc/html/rfc9562) and uppercase [ULID](https://github.com/ulid/spec)
207
+ example: b51ec534-ee48-4575-b6a9-ead2955b8069
208
+ partyItentifier:
209
+ title: PartyIdentifier
210
+ type: string
211
+ minLength: 1
212
+ maxLength: 128
213
+ description: Identifier of the Party.
214
+ example: '16135551212'
215
+ authChannels:
216
+ type: array
217
+ minLength: 1
218
+ maxLength: 256
219
+ items:
220
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
221
+ callbackUri:
222
+ title: Uri
223
+ type: string
224
+ pattern: ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?
225
+ minLength: 1
226
+ maxLength: 512
227
+ description: |
228
+ The API data type Uri is a JSON string in a canonical format that is restricted by a regular expression for interoperability reasons.
229
+ required:
230
+ - accountRequestId
231
+ - partyIdInfo
232
+ - authChannels
233
+ - callbackUri
234
+ responses:
235
+ '202':
236
+ $ref: '#/paths/~1tppConsents/post/responses/202'
237
+ '400':
238
+ $ref: '#/paths/~1tppConsents/post/responses/400'
239
+ '401':
240
+ $ref: '#/paths/~1tppConsents/post/responses/401'
241
+ '403':
242
+ $ref: '#/paths/~1tppConsents/post/responses/403'
243
+ '404':
244
+ $ref: '#/paths/~1tppConsents/post/responses/404'
245
+ '405':
246
+ $ref: '#/paths/~1tppConsents/post/responses/405'
247
+ '406':
248
+ $ref: '#/paths/~1tppConsents/post/responses/406'
249
+ '501':
250
+ $ref: '#/paths/~1tppConsents/post/responses/501'
251
+ '503':
252
+ $ref: '#/paths/~1tppConsents/post/responses/503'
253
+ /tppAccountRequest/{ID}:
254
+ parameters:
255
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
256
+ - $ref: '#/paths/~1tppConsents/parameters/0'
257
+ - $ref: '#/paths/~1tppConsents/parameters/1'
258
+ - $ref: '#/paths/~1tppConsents/parameters/2'
259
+ - $ref: '#/paths/~1tppConsents/parameters/3'
260
+ - $ref: '#/paths/~1tppConsents/parameters/4'
261
+ - $ref: '#/paths/~1tppConsents/parameters/5'
262
+ - $ref: '#/paths/~1tppConsents/parameters/6'
263
+ - $ref: '#/paths/~1tppConsents/parameters/7'
264
+ - $ref: '#/paths/~1tppConsents/parameters/8'
265
+ get:
266
+ operationId: GetAccountRequest
267
+ summary: GetAccountRequest
268
+ description: |
269
+ The `GET /tppAccountsRequest/{ID}` is used to request status of POST /tppAccountRequest/ call.
270
+ The *{ID}* in the URI should contain the accountRequestId that was assigned to the
271
+ request by the PISP when the PISP originated the request. The result is return via the PUT callback.
272
+ tags:
273
+ - accountRequest
274
+ parameters:
275
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
276
+ responses:
277
+ '202':
278
+ $ref: '#/paths/~1tppConsents/post/responses/202'
279
+ '400':
280
+ $ref: '#/paths/~1tppConsents/post/responses/400'
281
+ '401':
282
+ $ref: '#/paths/~1tppConsents/post/responses/401'
283
+ '403':
284
+ $ref: '#/paths/~1tppConsents/post/responses/403'
285
+ '404':
286
+ $ref: '#/paths/~1tppConsents/post/responses/404'
287
+ '405':
288
+ $ref: '#/paths/~1tppConsents/post/responses/405'
289
+ '406':
290
+ $ref: '#/paths/~1tppConsents/post/responses/406'
291
+ '501':
292
+ $ref: '#/paths/~1tppConsents/post/responses/501'
293
+ '503':
294
+ $ref: '#/paths/~1tppConsents/post/responses/503'
295
+ put:
296
+ tags:
297
+ - accountRequest
298
+ operationId: UpdateAccountRequest
299
+ summary: UpdateAccountRequest
300
+ description: |
301
+ A DFSP uses this callback to (1) inform the PISP that the accountRequest has been accepted,
302
+ and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
303
+ with.
304
+
305
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer,
306
+ not all the permissions requested may be granted by the DFSP.
307
+ Conversely, the out-of-loop authorization process may result in additional privileges
308
+ being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>`
309
+ resource returns the current state of the permissions relating to a particular
310
+ authorization request.
311
+ parameters:
312
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
313
+ requestBody:
314
+ required: true
315
+ content:
316
+ application/json:
317
+ schema:
318
+ title: AccountRequestPutResponse
319
+ type: object
320
+ description: |-
321
+ Used by: PISP
322
+ This is the message that the DFSP sends to the PISP to inform the PISP that the accountRequest has been accepted, and to communicate to the PISP which `authChannel` it should use to authenticate their user with. I.e. it is a response to a POST /tppAccountsRequest request, or a GET /tppAccountsRequest/{ID} request.
323
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP's customer, not all the permissions requested may be granted by the DFSP. Conversely, the out-of-loop authorization process may result in additional privileges being granted by the account holder to the PISP. The `PUT /tppAccountsRequest/<ID>` resource returns the current state of the permissions relating to a particular authorization request.
324
+
325
+ properties:
326
+ authChannel:
327
+ title: ConsentRequestChannelType
328
+ type: string
329
+ enum:
330
+ - WEB
331
+ - OTP
332
+ description: |
333
+ The auth channel being used for the consent request.
334
+ - WEB - DFSP can support authorization via a web-based login.
335
+ - OTP - DFSP can support authorization via a One Time PIN.
336
+ callbackUri:
337
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
338
+ authUri:
339
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
340
+ authToken:
341
+ type: string
342
+ pattern: ^[A-Za-z0-9-_]+[=]{0,2}$
343
+ description: The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.
344
+ required:
345
+ - authChannels
346
+ responses:
347
+ '202':
348
+ $ref: '#/paths/~1tppConsents/post/responses/202'
349
+ '400':
350
+ $ref: '#/paths/~1tppConsents/post/responses/400'
351
+ '401':
352
+ $ref: '#/paths/~1tppConsents/post/responses/401'
353
+ '403':
354
+ $ref: '#/paths/~1tppConsents/post/responses/403'
355
+ '404':
356
+ $ref: '#/paths/~1tppConsents/post/responses/404'
357
+ '405':
358
+ $ref: '#/paths/~1tppConsents/post/responses/405'
359
+ '406':
360
+ $ref: '#/paths/~1tppConsents/post/responses/406'
361
+ '501':
362
+ $ref: '#/paths/~1tppConsents/post/responses/501'
363
+ '503':
364
+ $ref: '#/paths/~1tppConsents/post/responses/503'
365
+ /tppAccountRequest/{ID}/error:
366
+ parameters:
367
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
368
+ - $ref: '#/paths/~1tppConsents/parameters/0'
369
+ - $ref: '#/paths/~1tppConsents/parameters/1'
370
+ - $ref: '#/paths/~1tppConsents/parameters/2'
371
+ - $ref: '#/paths/~1tppConsents/parameters/3'
372
+ - $ref: '#/paths/~1tppConsents/parameters/4'
373
+ - $ref: '#/paths/~1tppConsents/parameters/5'
374
+ - $ref: '#/paths/~1tppConsents/parameters/6'
375
+ - $ref: '#/paths/~1tppConsents/parameters/7'
376
+ - $ref: '#/paths/~1tppConsents/parameters/8'
377
+ put:
378
+ tags:
379
+ - accountRequest
380
+ operationId: NotifyErrorAccountRequest
381
+ summary: NotifyErrorAccountRequest
382
+ description: |
383
+ DFSP responds to the PISP if something went wrong with validating an OTP or secret.
384
+ parameters:
385
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
386
+ requestBody:
387
+ description: Error information returned.
388
+ required: true
389
+ content:
390
+ application/json:
391
+ schema:
392
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
393
+ responses:
394
+ '200':
395
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
396
+ '400':
397
+ $ref: '#/paths/~1tppConsents/post/responses/400'
398
+ '401':
399
+ $ref: '#/paths/~1tppConsents/post/responses/401'
400
+ '403':
401
+ $ref: '#/paths/~1tppConsents/post/responses/403'
402
+ '404':
403
+ $ref: '#/paths/~1tppConsents/post/responses/404'
404
+ '405':
405
+ $ref: '#/paths/~1tppConsents/post/responses/405'
406
+ '406':
407
+ $ref: '#/paths/~1tppConsents/post/responses/406'
408
+ '501':
409
+ $ref: '#/paths/~1tppConsents/post/responses/501'
410
+ '503':
411
+ $ref: '#/paths/~1tppConsents/post/responses/503'
412
+ /tppAccounts/{ID}:
413
+ parameters:
414
+ - name: ID
415
+ in: path
416
+ required: true
417
+ schema:
418
+ type: string
419
+ description: The identifier value.
420
+ - $ref: '#/paths/~1tppConsents/parameters/0'
421
+ - $ref: '#/paths/~1tppConsents/parameters/1'
422
+ - $ref: '#/paths/~1tppConsents/parameters/2'
423
+ - $ref: '#/paths/~1tppConsents/parameters/3'
424
+ - $ref: '#/paths/~1tppConsents/parameters/4'
425
+ - $ref: '#/paths/~1tppConsents/parameters/5'
426
+ - $ref: '#/paths/~1tppConsents/parameters/6'
427
+ - $ref: '#/paths/~1tppConsents/parameters/7'
428
+ - $ref: '#/paths/~1tppConsents/parameters/8'
429
+ get:
430
+ operationId: GetAccountsByUserId
431
+ summary: GetAccountsByUserId
432
+ description: |
433
+ The HTTP request `GET /tppAccounts/{ID}/{SignedChallenge}` is used to retrieve the list of potential accounts available for linking.
434
+ The request `{ID}` is the accountRequestID and the `{SignedChallenge}` is the signed challenge that resulted from the `POST /tppAccountRequest/` callback.
435
+
436
+ The signed challenge must match the authentication channel that was selected by the DFSP. For example, if the WEB authentication channel was selected by the DFSP, then signed challenge needs to be authToken, otherwise if the OTP channel was selected, then it needs to be the OTP that was entered by the party.
437
+ (For example, GET /tppAccounts/12345/56789).
438
+ tags:
439
+ - accounts
440
+ parameters:
441
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
442
+ responses:
443
+ '202':
444
+ $ref: '#/paths/~1tppConsents/post/responses/202'
445
+ '400':
446
+ $ref: '#/paths/~1tppConsents/post/responses/400'
447
+ '401':
448
+ $ref: '#/paths/~1tppConsents/post/responses/401'
449
+ '403':
450
+ $ref: '#/paths/~1tppConsents/post/responses/403'
451
+ '404':
452
+ $ref: '#/paths/~1tppConsents/post/responses/404'
453
+ '405':
454
+ $ref: '#/paths/~1tppConsents/post/responses/405'
455
+ '406':
456
+ $ref: '#/paths/~1tppConsents/post/responses/406'
457
+ '501':
458
+ $ref: '#/paths/~1tppConsents/post/responses/501'
459
+ '503':
460
+ $ref: '#/paths/~1tppConsents/post/responses/503'
461
+ put:
462
+ description: |
463
+ The HTTP request `PUT /tppAccounts/{ID}` is used to return the list of potential accounts available for linking
464
+ operationId: UpdateAccountsByUserId
465
+ summary: UpdateAccountsByUserId
466
+ tags:
467
+ - accounts
468
+ parameters:
469
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
470
+ requestBody:
471
+ required: true
472
+ content:
473
+ application/json:
474
+ schema:
475
+ title: AccountsIDPutResponse
476
+ type: object
477
+ description: |-
478
+ Callback and data model information for GET /accounts/{ID}:
479
+ Callback - PUT /tppAccounts/{ID} Error Callback - PUT /tppAccounts/{ID}/error Data Model - Empty body
480
+ The PUT /accounts/{ID} response is used to inform the requester of the result of a request for accounts information. The identifier ID given in the call are the values given in the original request.
481
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#31121--put-accountsid
482
+ properties:
483
+ accounts:
484
+ title: AccountList
485
+ type: array
486
+ description: |-
487
+ The AccountList data model is used to hold information about the accounts that a party controls.
488
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3213-accountlist
489
+ items:
490
+ title: Account
491
+ type: object
492
+ description: |-
493
+ Data model for the complex type Account.
494
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3211-account
495
+ properties:
496
+ accountNickname:
497
+ title: Name
498
+ type: string
499
+ pattern: ^(?!\s*$)[\w .,'-]{1,128}$
500
+ description: |-
501
+ The API data type Name is a JSON String, restricted by a regular expression to avoid characters which are generally not used in a name.
502
+
503
+ Regular Expression - The regular expression for restricting the Name type is "^(?!\s*$)[\w .,'-]{1,128}$". The restriction does not allow a string consisting of whitespace only, all Unicode characters are allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) and space characters ( ).
504
+
505
+ **Note:** In some programming languages, Unicode support must be specifically enabled. For example, if Java is used, the flag UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters.
506
+ address:
507
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items/properties/address'
508
+ currency:
509
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0/properties/currency'
510
+ required:
511
+ - accountNickname
512
+ - address
513
+ - currency
514
+ minItems: 1
515
+ maxItems: 256
516
+ extensionList:
517
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
518
+ required:
519
+ - accounts
520
+ example:
521
+ - accountNickname: dfspa.user.nickname1
522
+ id: dfspa.username.1234
523
+ currency: ZAR
524
+ - accountNickname: dfspa.user.nickname2
525
+ id: dfspa.username.5678
526
+ currency: USD
527
+ responses:
528
+ '200':
529
+ description: OK
530
+ '400':
531
+ $ref: '#/paths/~1tppConsents/post/responses/400'
532
+ '401':
533
+ $ref: '#/paths/~1tppConsents/post/responses/401'
534
+ '403':
535
+ $ref: '#/paths/~1tppConsents/post/responses/403'
536
+ '404':
537
+ $ref: '#/paths/~1tppConsents/post/responses/404'
538
+ '405':
539
+ $ref: '#/paths/~1tppConsents/post/responses/405'
540
+ '406':
541
+ $ref: '#/paths/~1tppConsents/post/responses/406'
542
+ '501':
543
+ $ref: '#/paths/~1tppConsents/post/responses/501'
544
+ '503':
545
+ $ref: '#/paths/~1tppConsents/post/responses/503'
546
+ /tppAccounts/{ID}/error:
547
+ parameters:
548
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
549
+ - $ref: '#/paths/~1tppConsents/parameters/0'
550
+ - $ref: '#/paths/~1tppConsents/parameters/1'
551
+ - $ref: '#/paths/~1tppConsents/parameters/2'
552
+ - $ref: '#/paths/~1tppConsents/parameters/3'
553
+ - $ref: '#/paths/~1tppConsents/parameters/4'
554
+ - $ref: '#/paths/~1tppConsents/parameters/5'
555
+ - $ref: '#/paths/~1tppConsents/parameters/6'
556
+ - $ref: '#/paths/~1tppConsents/parameters/7'
557
+ - $ref: '#/paths/~1tppConsents/parameters/8'
558
+ put:
559
+ description: |
560
+ The HTTP request `PUT /ttpAccounts/{ID}/error` is used to return error information
561
+ operationId: UpdateAccountsByUserIdError
562
+ summary: UpdateAccountsByUserIdError
563
+ tags:
564
+ - accounts
565
+ parameters:
566
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
567
+ requestBody:
568
+ description: Details of the error returned.
569
+ required: true
570
+ content:
571
+ application/json:
572
+ schema:
573
+ title: ErrorInformationObject
574
+ type: object
575
+ additionalProperties: false
576
+ description: Data model for the complex type object that contains ErrorInformation.
577
+ properties:
578
+ errorInformation:
579
+ title: ErrorInformation
580
+ type: object
581
+ additionalProperties: false
582
+ description: Data model for the complex type ErrorInformation.
583
+ properties:
584
+ errorCode:
585
+ title: ErrorCode
586
+ type: string
587
+ pattern: ^[1-9]\d{3}$
588
+ description: The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represent the specific error.
589
+ example: '5100'
590
+ errorDescription:
591
+ title: ErrorDescription
592
+ type: string
593
+ minLength: 1
594
+ maxLength: 128
595
+ description: Error description string.
596
+ extensionList:
597
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
598
+ required:
599
+ - errorCode
600
+ - errorDescription
601
+ required:
602
+ - errorInformation
603
+ responses:
604
+ '200':
605
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
606
+ '400':
607
+ $ref: '#/paths/~1tppConsents/post/responses/400'
608
+ '401':
609
+ $ref: '#/paths/~1tppConsents/post/responses/401'
610
+ '403':
611
+ $ref: '#/paths/~1tppConsents/post/responses/403'
612
+ '404':
613
+ $ref: '#/paths/~1tppConsents/post/responses/404'
614
+ '405':
615
+ $ref: '#/paths/~1tppConsents/post/responses/405'
616
+ '406':
617
+ $ref: '#/paths/~1tppConsents/post/responses/406'
618
+ '501':
619
+ $ref: '#/paths/~1tppConsents/post/responses/501'
620
+ '503':
621
+ $ref: '#/paths/~1tppConsents/post/responses/503'
622
+ /tppConsentRequests:
623
+ parameters:
624
+ - $ref: '#/paths/~1tppConsents/parameters/0'
625
+ - $ref: '#/paths/~1tppConsents/parameters/1'
626
+ - $ref: '#/paths/~1tppConsents/parameters/2'
627
+ - $ref: '#/paths/~1tppConsents/parameters/3'
628
+ - $ref: '#/paths/~1tppConsents/parameters/4'
629
+ - $ref: '#/paths/~1tppConsents/parameters/5'
630
+ - $ref: '#/paths/~1tppConsents/parameters/6'
631
+ - $ref: '#/paths/~1tppConsents/parameters/7'
632
+ - $ref: '#/paths/~1tppConsents/parameters/8'
633
+ post:
634
+ tags:
635
+ - consentRequests
636
+ operationId: CreateConsentRequest
637
+ summary: CreateConsentRequest
638
+ description: |
639
+ The HTTP request **POST /tppConsentRequests** is used to request a DFSP to grant access to one or more
640
+ accounts owned by a customer of the DFSP for the PISP who sends the request.
641
+ parameters:
642
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
643
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
644
+ requestBody:
645
+ description: The consentRequest to create
646
+ required: true
647
+ content:
648
+ application/json:
649
+ schema:
650
+ title: ConsentRequestsPostRequest
651
+ type: object
652
+ description: |-
653
+ Used by: PISP
654
+ The HTTP request POST /tppConsentRequests is used to request a DFSP to grant access to one or more accounts owned by a customer of the DFSP for the PISP who sends the request.
655
+ Callback and data model for POST /tppConsentRequests:
656
+ Callback: PUT /tppConsentRequests/{ID} Error callback: PUT /tppConsentRequests/{ID}/error
657
+ properties:
658
+ consentRequestId:
659
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
660
+ partyIdInfo:
661
+ title: PartyIdInfo
662
+ type: object
663
+ description: Data model for the complex type PartyIdInfo.
664
+ properties:
665
+ partyIdType:
666
+ title: PartyIdType
667
+ type: string
668
+ enum:
669
+ - MSISDN
670
+ - EMAIL
671
+ - PERSONAL_ID
672
+ - BUSINESS
673
+ - DEVICE
674
+ - ACCOUNT_ID
675
+ - IBAN
676
+ - ALIAS
677
+ - CONSENT
678
+ - THIRD_PARTY_LINK
679
+ description: |
680
+ Below are the allowed values for the enumeration.
681
+ - MSISDN - An MSISDN (Mobile Station International Subscriber Directory
682
+ Number, that is, the phone number) is used as reference to a participant.
683
+ The MSISDN identifier should be in international format according to the
684
+ [ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en).
685
+ Optionally, the MSISDN may be prefixed by a single plus sign, indicating the
686
+ international prefix.
687
+ - EMAIL - An email is used as reference to a
688
+ participant. The format of the email should be according to the informational
689
+ [RFC 3696](https://tools.ietf.org/html/rfc3696).
690
+ - PERSONAL_ID - A personal identifier is used as reference to a participant.
691
+ Examples of personal identification are passport number, birth certificate
692
+ number, and national registration number. The identifier number is added in
693
+ the PartyIdentifier element. The personal identifier type is added in the
694
+ PartySubIdOrType element.
695
+ - BUSINESS - A specific Business (for example, an organization or a company)
696
+ is used as reference to a participant. The BUSINESS identifier can be in any
697
+ format. To make a transaction connected to a specific username or bill number
698
+ in a Business, the PartySubIdOrType element should be used.
699
+ - DEVICE - A specific device (for example, a POS or ATM) ID connected to a
700
+ specific business or organization is used as reference to a Party.
701
+ For referencing a specific device under a specific business or organization,
702
+ use the PartySubIdOrType element.
703
+ - ACCOUNT_ID - A bank account number or FSP account ID should be used as
704
+ reference to a participant. The ACCOUNT_ID identifier can be in any format,
705
+ as formats can greatly differ depending on country and FSP.
706
+ - IBAN - A bank account number or FSP account ID is used as reference to a
707
+ participant. The IBAN identifier can consist of up to 34 alphanumeric
708
+ characters and should be entered without whitespace.
709
+ - ALIAS An alias is used as reference to a participant. The alias should be
710
+ created in the FSP as an alternative reference to an account owner.
711
+ Another example of an alias is a username in the FSP system.
712
+ The ALIAS identifier can be in any format. It is also possible to use the
713
+ PartySubIdOrType element for identifying an account under an Alias defined
714
+ by the PartyIdentifier.
715
+ - CONSENT - A Consent represents an agreement between a PISP, a Customer and
716
+ a DFSP which allows the PISP permission to perform actions on behalf of the
717
+ customer. A Consent has an authoritative source: either the DFSP who issued
718
+ the Consent, or an Auth Service which administers the Consent.
719
+ - THIRD_PARTY_LINK - A Third Party Link represents an agreement between a PISP,
720
+ a DFSP, and a specific Customer's account at the DFSP. The content of the link
721
+ is created by the DFSP at the time when it gives permission to the PISP for
722
+ specific access to a given account.
723
+ example: PERSONAL_ID
724
+ partyIdentifier:
725
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/partyItentifier'
726
+ partySubIdOrType:
727
+ title: PartySubIdOrType
728
+ type: string
729
+ minLength: 1
730
+ maxLength: 128
731
+ description: Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType.
732
+ fspId:
733
+ $ref: '#/paths/~1services~1%7BServiceType%7D/put/requestBody/content/application~1json/schema/properties/providers/items'
734
+ extensionList:
735
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
736
+ required:
737
+ - partyIdType
738
+ - partyIdentifier
739
+ scopes:
740
+ type: array
741
+ minLength: 1
742
+ maxLength: 256
743
+ items:
744
+ title: Scope
745
+ type: object
746
+ description: |-
747
+ The Scope element contains an identifier defining, in the terms of a DFSP, an account on which access types can be requested or granted. It also defines the access types which are requested or granted.
748
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32121-scope
749
+ properties:
750
+ address:
751
+ title: AccountAddress
752
+ type: string
753
+ description: |-
754
+ The AccountAddress data type is a variable length string with a maximum size of 1023 characters and consists of:
755
+ Alphanumeric characters, upper or lower case. (Addresses are case-sensitive so that they can contain data encoded in formats such as base64url.)
756
+ - Underscore (_) - Tilde (~) - Hyphen (-) - Period (.) Addresses MUST NOT end in a period (.) character
757
+ An entity providing accounts to parties (i.e. a participant) can provide any value for an AccountAddress that is meaningful to that entity. It does not need to provide an address that makes the account identifiable outside the entity's domain.
758
+ IMPORTANT: The policy for defining addresses and the life-cycle of these is at the discretion of the address space owner (the payer DFSP in this case).
759
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3212-accountaddress
760
+ pattern: ^([0-9A-Za-z_~\-\.]+[0-9A-Za-z_~\-])$
761
+ minLength: 1
762
+ maxLength: 1023
763
+ actions:
764
+ type: array
765
+ minItems: 1
766
+ maxItems: 32
767
+ items:
768
+ title: ScopeAction
769
+ type: string
770
+ description: |
771
+ The ScopeAction element contains an access type which a PISP can request
772
+ from a DFSP, or which a DFSP can grant to a PISP.
773
+ It must be a member of the appropriate enumeration.
774
+
775
+ - ACCOUNTS_GET_BALANCE: PISP can request a balance for the linked account
776
+ - ACCOUNTS_TRANSFER: PISP can request a transfer of funds from the linked account in the DFSP
777
+ - ACCOUNTS_STATEMENT: PISP can request a statement of individual transactions on a user's account
778
+ enum:
779
+ - ACCOUNTS_GET_BALANCE
780
+ - ACCOUNTS_TRANSFER
781
+ - ACCOUNTS_STATEMENT
782
+ required:
783
+ - address
784
+ - actions
785
+ authChannels:
786
+ type: array
787
+ minLength: 1
788
+ maxLength: 256
789
+ items:
790
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authChannel'
791
+ callbackUri:
792
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
793
+ extensionList:
794
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
795
+ required:
796
+ - consentRequestId
797
+ - partyIdInfo
798
+ - scopes
799
+ - authChannels
800
+ - callbackUri
801
+ responses:
802
+ '202':
803
+ $ref: '#/paths/~1tppConsents/post/responses/202'
804
+ '400':
805
+ $ref: '#/paths/~1tppConsents/post/responses/400'
806
+ '401':
807
+ $ref: '#/paths/~1tppConsents/post/responses/401'
808
+ '403':
809
+ $ref: '#/paths/~1tppConsents/post/responses/403'
810
+ '404':
811
+ $ref: '#/paths/~1tppConsents/post/responses/404'
812
+ '405':
813
+ $ref: '#/paths/~1tppConsents/post/responses/405'
814
+ '406':
815
+ $ref: '#/paths/~1tppConsents/post/responses/406'
816
+ '501':
817
+ $ref: '#/paths/~1tppConsents/post/responses/501'
818
+ '503':
819
+ $ref: '#/paths/~1tppConsents/post/responses/503'
820
+ /tppConsentRequests/{ID}:
821
+ parameters:
822
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
823
+ - $ref: '#/paths/~1tppConsents/parameters/0'
824
+ - $ref: '#/paths/~1tppConsents/parameters/1'
825
+ - $ref: '#/paths/~1tppConsents/parameters/2'
826
+ - $ref: '#/paths/~1tppConsents/parameters/3'
827
+ - $ref: '#/paths/~1tppConsents/parameters/4'
828
+ - $ref: '#/paths/~1tppConsents/parameters/5'
829
+ - $ref: '#/paths/~1tppConsents/parameters/6'
830
+ - $ref: '#/paths/~1tppConsents/parameters/7'
831
+ - $ref: '#/paths/~1tppConsents/parameters/8'
832
+ get:
833
+ operationId: GetConsentRequestsById
834
+ summary: GetConsentRequestsById
835
+ description: |
836
+ The HTTP request `GET /tppConsentRequests/{ID}` is used to get information about a previously
837
+ requested consent. The *{ID}* in the URI should contain the consentRequestId that was assigned to the
838
+ request by the PISP when the PISP originated the request.
839
+ tags:
840
+ - consentRequests
841
+ parameters:
842
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
843
+ responses:
844
+ '202':
845
+ $ref: '#/paths/~1tppConsents/post/responses/202'
846
+ '400':
847
+ $ref: '#/paths/~1tppConsents/post/responses/400'
848
+ '401':
849
+ $ref: '#/paths/~1tppConsents/post/responses/401'
850
+ '403':
851
+ $ref: '#/paths/~1tppConsents/post/responses/403'
852
+ '404':
853
+ $ref: '#/paths/~1tppConsents/post/responses/404'
854
+ '405':
855
+ $ref: '#/paths/~1tppConsents/post/responses/405'
856
+ '406':
857
+ $ref: '#/paths/~1tppConsents/post/responses/406'
858
+ '501':
859
+ $ref: '#/paths/~1tppConsents/post/responses/501'
860
+ '503':
861
+ $ref: '#/paths/~1tppConsents/post/responses/503'
862
+ put:
863
+ tags:
864
+ - consentRequests
865
+ operationId: UpdateConsentRequest
866
+ summary: UpdateConsentRequest
867
+ description: |
868
+ A DFSP uses this callback to (1) inform the PISP that the consentRequest has been accepted,
869
+ and (2) communicate to the PISP which `authChannel` it should use to authenticate their user
870
+ with.
871
+
872
+ When a PISP requests a series of permissions from a DFSP on behalf of a DFSP’s customer, not all
873
+ the permissions requested may be granted by the DFSP. Conversely, the out-of-band authorization
874
+ process may result in additional privileges being granted by the account holder to the PISP. The
875
+ **PUT /consentRequests/**_{ID}_ resource returns the current state of the permissions relating to a
876
+ particular authorization request.
877
+ parameters:
878
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
879
+ requestBody:
880
+ required: true
881
+ content:
882
+ application/json:
883
+ schema:
884
+ oneOf:
885
+ - title: ConsentRequestsIDPutResponseWeb
886
+ type: object
887
+ description: |
888
+ The object sent in a `PUT /tppConsentRequests/{ID}` request.
889
+
890
+ Schema used in the request consent phase of the account linking web flow,
891
+ the result is the PISP being instructed on a specific URL where this
892
+ supposed user should be redirected. This URL should be a place where
893
+ the user can prove their identity (e.g., by logging in).
894
+ properties:
895
+ scopes:
896
+ type: array
897
+ minLength: 1
898
+ maxLength: 256
899
+ items:
900
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
901
+ authChannels:
902
+ type: array
903
+ minLength: 1
904
+ maxLength: 1
905
+ items:
906
+ title: ConsentRequestChannelTypeWeb
907
+ type: string
908
+ enum:
909
+ - WEB
910
+ description: |
911
+ The web auth channel being used for `PUT /tppConsentRequest/{ID}` request.
912
+ callbackUri:
913
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
914
+ authUri:
915
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
916
+ extensionList:
917
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
918
+ required:
919
+ - scopes
920
+ - authChannels
921
+ - callbackUri
922
+ - authUri
923
+ additionalProperties: false
924
+ - title: ConsentRequestsIDPutResponseOTP
925
+ type: object
926
+ description: |
927
+ The object sent in a `PUT /tppConsentRequests/{ID}` request.
928
+
929
+ Schema used in the request consent phase of the account linking OTP/SMS flow.
930
+ properties:
931
+ scopes:
932
+ type: array
933
+ minLength: 1
934
+ maxLength: 256
935
+ items:
936
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
937
+ authChannels:
938
+ type: array
939
+ minLength: 1
940
+ maxLength: 1
941
+ items:
942
+ title: ConsentRequestChannelTypeOTP
943
+ type: string
944
+ enum:
945
+ - OTP
946
+ description: |
947
+ The OTP auth channel being used for `PUT /tppConsentRequests/{ID}` request.
948
+ callbackUri:
949
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/callbackUri'
950
+ extensionList:
951
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
952
+ required:
953
+ - scopes
954
+ - authChannels
955
+ additionalProperties: false
956
+ responses:
957
+ '202':
958
+ $ref: '#/paths/~1tppConsents/post/responses/202'
959
+ '400':
960
+ $ref: '#/paths/~1tppConsents/post/responses/400'
961
+ '401':
962
+ $ref: '#/paths/~1tppConsents/post/responses/401'
963
+ '403':
964
+ $ref: '#/paths/~1tppConsents/post/responses/403'
965
+ '404':
966
+ $ref: '#/paths/~1tppConsents/post/responses/404'
967
+ '405':
968
+ $ref: '#/paths/~1tppConsents/post/responses/405'
969
+ '406':
970
+ $ref: '#/paths/~1tppConsents/post/responses/406'
971
+ '501':
972
+ $ref: '#/paths/~1tppConsents/post/responses/501'
973
+ '503':
974
+ $ref: '#/paths/~1tppConsents/post/responses/503'
975
+ patch:
976
+ tags:
977
+ - consentRequests
978
+ operationId: PatchConsentRequest
979
+ summary: PatchConsentRequest
980
+ description: |
981
+ After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
982
+ parameters:
983
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
984
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
985
+ requestBody:
986
+ required: true
987
+ content:
988
+ application/json:
989
+ schema:
990
+ title: ConsentRequestsIDPatchRequest
991
+ type: object
992
+ description: |-
993
+ Used by: PISP
994
+ After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP.
995
+ properties:
996
+ authToken:
997
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
998
+ extensionList:
999
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1000
+ required:
1001
+ - authToken
1002
+ responses:
1003
+ '202':
1004
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1005
+ '400':
1006
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1007
+ '401':
1008
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1009
+ '403':
1010
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1011
+ '404':
1012
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1013
+ '405':
1014
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1015
+ '406':
1016
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1017
+ '501':
1018
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1019
+ '503':
1020
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1021
+ /tppConsentRequests/{ID}/error:
1022
+ parameters:
1023
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1024
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1025
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1026
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1027
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1028
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1029
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1030
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1031
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1032
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1033
+ put:
1034
+ tags:
1035
+ - consentRequests
1036
+ operationId: NotifyErrorConsentRequests
1037
+ summary: NotifyErrorConsentRequests
1038
+ description: |
1039
+ DFSP responds to the PISP if something went wrong with validating an OTP or secret.
1040
+ parameters:
1041
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1042
+ requestBody:
1043
+ description: Error information returned.
1044
+ required: true
1045
+ content:
1046
+ application/json:
1047
+ schema:
1048
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
1049
+ responses:
1050
+ '200':
1051
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1052
+ '400':
1053
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1054
+ '401':
1055
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1056
+ '403':
1057
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1058
+ '404':
1059
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1060
+ '405':
1061
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1062
+ '406':
1063
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1064
+ '501':
1065
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1066
+ '503':
1067
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1068
+ /tppConsents:
1069
+ parameters:
1070
+ - name: Content-Type
1071
+ in: header
1072
+ schema:
1073
+ type: string
1074
+ required: true
1075
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
1076
+ - name: Date
1077
+ in: header
1078
+ schema:
1079
+ type: string
1080
+ required: true
1081
+ description: The `Date` header field indicates the date when the request was sent.
1082
+ - name: X-Forwarded-For
1083
+ in: header
1084
+ schema:
1085
+ type: string
1086
+ required: false
1087
+ description: |-
1088
+ The `X-Forwarded-For` header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple `X-Forwarded-For` values should be expected and supported by implementers of the API.
1089
+
1090
+ **Note:** An alternative to `X-Forwarded-For` is defined in [RFC 7239](https://tools.ietf.org/html/rfc7239). However, to this point RFC 7239 is less-used and supported than `X-Forwarded-For`.
1091
+ - name: FSPIOP-Source
1092
+ in: header
1093
+ schema:
1094
+ type: string
1095
+ required: true
1096
+ description: The `FSPIOP-Source` header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field `FSPIOP-Signature`).
1097
+ - name: FSPIOP-Destination
1098
+ in: header
1099
+ schema:
1100
+ type: string
1101
+ required: false
1102
+ description: The `FSPIOP-Destination` header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field must be set by the original sender of the request if the destination is known (valid for all services except GET /parties) so that any entities between the client and the server do not need to parse the payload for routing purposes. If the destination is not known (valid for service GET /parties), the field should be left empty.
1103
+ - name: FSPIOP-Encryption
1104
+ in: header
1105
+ schema:
1106
+ type: string
1107
+ required: false
1108
+ description: The `FSPIOP-Encryption` header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.
1109
+ - name: FSPIOP-Signature
1110
+ in: header
1111
+ schema:
1112
+ type: string
1113
+ required: false
1114
+ description: The `FSPIOP-Signature` header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.
1115
+ - name: FSPIOP-URI
1116
+ in: header
1117
+ schema:
1118
+ type: string
1119
+ required: false
1120
+ description: The `FSPIOP-URI` header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
1121
+ - name: FSPIOP-HTTP-Method
1122
+ in: header
1123
+ schema:
1124
+ type: string
1125
+ required: false
1126
+ description: The `FSPIOP-HTTP-Method` header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
1127
+ post:
1128
+ tags:
1129
+ - consents
1130
+ operationId: PostConsents
1131
+ summary: PostConsents
1132
+ description: |
1133
+ The **POST /tppConsents** request is used to request the creation of a consent for interactions between a PISP and the DFSP who owns the account which a PISP’s customer wants to allow the PISP access to.
1134
+ parameters:
1135
+ - name: Accept
1136
+ in: header
1137
+ required: true
1138
+ schema:
1139
+ type: string
1140
+ description: The `Accept` header field indicates the version of the API the client would like the server to use.
1141
+ - name: Content-Length
1142
+ in: header
1143
+ required: false
1144
+ schema:
1145
+ type: integer
1146
+ description: |-
1147
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
1148
+
1149
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
1150
+ requestBody:
1151
+ required: true
1152
+ content:
1153
+ application/json:
1154
+ schema:
1155
+ oneOf:
1156
+ - title: ConsentPostRequestAUTH
1157
+ type: object
1158
+ description: |
1159
+ The object sent in a `POST /tppConsents` request to the Auth-Service
1160
+ by a DFSP to store registered Consent and credential
1161
+ properties:
1162
+ consentId:
1163
+ allOf:
1164
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1165
+ description: |
1166
+ Common ID between the PISP and FSP for the Consent object
1167
+ determined by the DFSP who creates the Consent.
1168
+ consentRequestId:
1169
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1170
+ scopes:
1171
+ minLength: 1
1172
+ maxLength: 256
1173
+ type: array
1174
+ items:
1175
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1176
+ credential:
1177
+ allOf:
1178
+ - $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential'
1179
+ status:
1180
+ title: ConsentStatus
1181
+ type: string
1182
+ enum:
1183
+ - ISSUED
1184
+ - REVOKED
1185
+ description: |-
1186
+ Allowed values for the enumeration ConsentStatus
1187
+ - ISSUED - The consent has been issued by the DFSP
1188
+ - REVOKED - The consent has been revoked
1189
+ extensionList:
1190
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1191
+ required:
1192
+ - consentId
1193
+ - scopes
1194
+ - credential
1195
+ - status
1196
+ additionalProperties: false
1197
+ - title: ConsentPostRequestPISP
1198
+ type: object
1199
+ description: |
1200
+ The provisional Consent object sent by the DFSP in `POST /tppConsents`.
1201
+ properties:
1202
+ consentId:
1203
+ allOf:
1204
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1205
+ description: |
1206
+ Common ID between the PISP and the Payer DFSP for the consent object. The ID
1207
+ should be reused for re-sends of the same consent. A new ID should be generated
1208
+ for each new consent.
1209
+ consentRequestId:
1210
+ allOf:
1211
+ - $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1212
+ description: |
1213
+ The ID given to the original consent request on which this consent is based.
1214
+ scopes:
1215
+ type: array
1216
+ minLength: 1
1217
+ maxLength: 256
1218
+ items:
1219
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1220
+ status:
1221
+ $ref: '#/paths/~1tppConsents/post/requestBody/content/application~1json/schema/oneOf/0/properties/status'
1222
+ extensionList:
1223
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1224
+ required:
1225
+ - consentId
1226
+ - consentRequestId
1227
+ - scopes
1228
+ - status
1229
+ responses:
1230
+ '202':
1231
+ description: Accepted
1232
+ '400':
1233
+ description: Bad Request
1234
+ content:
1235
+ application/json:
1236
+ schema:
1237
+ title: ErrorInformationResponse
1238
+ type: object
1239
+ additionalProperties: false
1240
+ description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.
1241
+ properties:
1242
+ errorInformation:
1243
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema/properties/errorInformation'
1244
+ headers:
1245
+ Content-Length:
1246
+ required: false
1247
+ schema:
1248
+ type: integer
1249
+ description: |-
1250
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
1251
+
1252
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
1253
+ Content-Type:
1254
+ schema:
1255
+ type: string
1256
+ required: true
1257
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
1258
+ '401':
1259
+ description: Unauthorized
1260
+ content:
1261
+ application/json:
1262
+ schema:
1263
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1264
+ headers:
1265
+ Content-Length:
1266
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1267
+ Content-Type:
1268
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1269
+ '403':
1270
+ description: Forbidden
1271
+ content:
1272
+ application/json:
1273
+ schema:
1274
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1275
+ headers:
1276
+ Content-Length:
1277
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1278
+ Content-Type:
1279
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1280
+ '404':
1281
+ description: Not Found
1282
+ content:
1283
+ application/json:
1284
+ schema:
1285
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1286
+ headers:
1287
+ Content-Length:
1288
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1289
+ Content-Type:
1290
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1291
+ '405':
1292
+ description: Method Not Allowed
1293
+ content:
1294
+ application/json:
1295
+ schema:
1296
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1297
+ headers:
1298
+ Content-Length:
1299
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1300
+ Content-Type:
1301
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1302
+ '406':
1303
+ description: Not Acceptable
1304
+ content:
1305
+ application/json:
1306
+ schema:
1307
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1308
+ headers:
1309
+ Content-Length:
1310
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1311
+ Content-Type:
1312
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1313
+ '501':
1314
+ description: Not Implemented
1315
+ content:
1316
+ application/json:
1317
+ schema:
1318
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1319
+ headers:
1320
+ Content-Length:
1321
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1322
+ Content-Type:
1323
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1324
+ '503':
1325
+ description: Service Unavailable
1326
+ content:
1327
+ application/json:
1328
+ schema:
1329
+ $ref: '#/paths/~1tppConsents/post/responses/400/content/application~1json/schema'
1330
+ headers:
1331
+ Content-Length:
1332
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Length'
1333
+ Content-Type:
1334
+ $ref: '#/paths/~1tppConsents/post/responses/400/headers/Content-Type'
1335
+ /tppConsents/{ID}:
1336
+ parameters:
1337
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1338
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1339
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1340
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1341
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1342
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1343
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1344
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1345
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1346
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1347
+ get:
1348
+ description: |
1349
+ The **GET /tppConsents/**_{ID}_ resource allows a party to enquire after the status of a consent. The *{ID}* used in the URI of the request should be the consent request ID which was used to identify the consent when it was created.
1350
+ tags:
1351
+ - consents
1352
+ operationId: GetConsent
1353
+ summary: GetConsent
1354
+ parameters:
1355
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1356
+ responses:
1357
+ '202':
1358
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1359
+ '400':
1360
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1361
+ '401':
1362
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1363
+ '403':
1364
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1365
+ '404':
1366
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1367
+ '405':
1368
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1369
+ '406':
1370
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1371
+ '501':
1372
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1373
+ '503':
1374
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1375
+ patch:
1376
+ description: |
1377
+ The HTTP request `PATCH /consents/{ID}` is used
1378
+
1379
+ - In account linking in the Credential Registration phase. Used by a DFSP
1380
+ to notify a PISP a credential has been verified and registered with an
1381
+ Auth service.
1382
+
1383
+ - In account unlinking by a hub hosted auth service and by DFSPs
1384
+ in non-hub hosted scenarios to notify participants of a consent being revoked.
1385
+
1386
+ Called by a `auth-service` to notify a PISP and DFSP of consent status in hub hosted scenario.
1387
+ Called by a `DFSP` to notify a PISP of consent status in non-hub hosted scenario.
1388
+ tags:
1389
+ - consents
1390
+ operationId: PatchConsentByID
1391
+ summary: PatchConsentByID
1392
+ requestBody:
1393
+ required: true
1394
+ content:
1395
+ application/json:
1396
+ schema:
1397
+ oneOf:
1398
+ - title: ConsentsIDPatchResponseVerified
1399
+ description: |
1400
+ PATCH /tppConsents/{ID} request object.
1401
+
1402
+ Sent by the DFSP to the PISP when a consent is issued and verified.
1403
+ Used in the "Register Credential" part of the Account linking flow.
1404
+ type: object
1405
+ properties:
1406
+ credential:
1407
+ type: object
1408
+ properties:
1409
+ status:
1410
+ title: CredentialStatusVerified
1411
+ type: string
1412
+ enum:
1413
+ - VERIFIED
1414
+ description: |
1415
+ The status of the Credential.
1416
+ - "VERIFIED" - The Credential is valid and verified.
1417
+ required:
1418
+ - status
1419
+ extensionList:
1420
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1421
+ required:
1422
+ - credential
1423
+ - title: ConsentsIDPatchResponseRevoked
1424
+ description: |
1425
+ PATCH /tppConsents/{ID} request object.
1426
+
1427
+ Sent to both the PISP and DFSP when a consent is revoked.
1428
+ Used in the "Unlinking" part of the Account Unlinking flow.
1429
+ type: object
1430
+ properties:
1431
+ status:
1432
+ title: ConsentStatusRevoked
1433
+ type: string
1434
+ enum:
1435
+ - REVOKED
1436
+ description: |-
1437
+ Allowed values for the enumeration ConsentStatus
1438
+ - REVOKED - The consent has been revoked
1439
+ revokedAt:
1440
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/expiration/allOf/0'
1441
+ extensionList:
1442
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1443
+ required:
1444
+ - status
1445
+ - revokedAt
1446
+ parameters:
1447
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1448
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1449
+ responses:
1450
+ '200':
1451
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1452
+ '400':
1453
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1454
+ '401':
1455
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1456
+ '403':
1457
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1458
+ '404':
1459
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1460
+ '405':
1461
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1462
+ '406':
1463
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1464
+ '501':
1465
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1466
+ '503':
1467
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1468
+ put:
1469
+ description: |
1470
+ The HTTP request `PUT /consents/{ID}` is used by the PISP and Auth Service.
1471
+
1472
+ - Called by a `PISP` to after signing a challenge. Sent to an DFSP for verification.
1473
+ - Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
1474
+ tags:
1475
+ - consents
1476
+ operationId: PutConsentByID
1477
+ summary: PutConsentByID
1478
+ requestBody:
1479
+ required: true
1480
+ content:
1481
+ application/json:
1482
+ schema:
1483
+ oneOf:
1484
+ - title: ConsentsIDPutResponseSigned
1485
+ type: object
1486
+ description: |
1487
+ The HTTP request `PUT /tppConsents/{ID}` is used by the PISP to update a Consent with a signed challenge and register a credential.
1488
+ Called by a `PISP` to after signing a challenge. Sent to a DFSP for verification.
1489
+ properties:
1490
+ status:
1491
+ title: ConsentStatusIssued
1492
+ type: string
1493
+ enum:
1494
+ - ISSUED
1495
+ description: |-
1496
+ Allowed values for the enumeration ConsentStatus
1497
+ - ISSUED - The consent has been issued by the DFSP
1498
+ scopes:
1499
+ type: array
1500
+ items:
1501
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1502
+ credential:
1503
+ title: SignedCredential
1504
+ type: object
1505
+ description: |
1506
+ A credential used to allow a user to prove their identity and access
1507
+ to an account with a DFSP.
1508
+
1509
+ SignedCredential is a special formatting of the credential to allow us to be
1510
+ more explicit about the `status` field - it should only ever be PENDING when
1511
+ updating a credential.
1512
+ properties:
1513
+ credentialType:
1514
+ title: CredentialType
1515
+ type: string
1516
+ enum:
1517
+ - FIDO
1518
+ - GENERIC
1519
+ description: |-
1520
+ The type of the Credential. - "FIDO" - The credential is based on a FIDO challenge. Its payload is a FIDOPublicKeyCredentialAttestation object. - "GENERIC" - The credential is based on a simple public key validation. Its payload is a GenericCredential object.
1521
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#3226-credentialtype
1522
+ status:
1523
+ title: CredentialStatusPending
1524
+ type: string
1525
+ enum:
1526
+ - PENDING
1527
+ description: |
1528
+ The status of the Credential.
1529
+ - "PENDING" - The credential has been created, but has not been verified
1530
+ genericPayload:
1531
+ title: GenericCredential
1532
+ type: object
1533
+ description: |
1534
+ A publicKey + signature of a challenge for a generic public/private keypair.
1535
+ properties:
1536
+ publicKey:
1537
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
1538
+ signature:
1539
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
1540
+ required:
1541
+ - publicKey
1542
+ - signature
1543
+ additionalProperties: false
1544
+ fidoPayload:
1545
+ title: FIDOPublicKeyCredentialAttestation
1546
+ type: object
1547
+ description: |
1548
+ A data model representing a FIDO Attestation result. Derived from
1549
+ [`PublicKeyCredential` Interface](https://w3c.github.io/webauthn/#iface-pkcredential).
1550
+
1551
+ The `PublicKeyCredential` interface represents the below fields with
1552
+ a Type of Javascript [ArrayBuffer](https://heycam.github.io/webidl/#idl-ArrayBuffer).
1553
+ For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
1554
+ properties:
1555
+ id:
1556
+ type: string
1557
+ description: |
1558
+ credential id: identifier of pair of keys, base64 encoded
1559
+ https://w3c.github.io/webauthn/#ref-for-dom-credential-id
1560
+ minLength: 20
1561
+ maxLength: 118
1562
+ rawId:
1563
+ type: string
1564
+ description: |
1565
+ raw credential id: identifier of pair of keys, base64 encoded
1566
+ minLength: 20
1567
+ maxLength: 118
1568
+ response:
1569
+ type: object
1570
+ description: |
1571
+ AuthenticatorAttestationResponse
1572
+ properties:
1573
+ clientDataJSON:
1574
+ type: string
1575
+ description: |
1576
+ JSON string with client data
1577
+ minLength: 121
1578
+ maxLength: 512
1579
+ attestationObject:
1580
+ type: string
1581
+ description: |
1582
+ CBOR.encoded attestation object
1583
+ minLength: 306
1584
+ maxLength: 2048
1585
+ required:
1586
+ - clientDataJSON
1587
+ - attestationObject
1588
+ additionalProperties: false
1589
+ type:
1590
+ type: string
1591
+ description: response type, we need only the type of public-key
1592
+ enum:
1593
+ - public-key
1594
+ required:
1595
+ - id
1596
+ - response
1597
+ - type
1598
+ additionalProperties: false
1599
+ required:
1600
+ - credentialType
1601
+ - status
1602
+ additionalProperties: false
1603
+ extensionList:
1604
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1605
+ required:
1606
+ - scopes
1607
+ - credential
1608
+ additionalProperties: false
1609
+ - title: ConsentsIDPutResponseVerified
1610
+ type: object
1611
+ description: |
1612
+ The HTTP request `PUT /tppConsents/{ID}` is used by the DFSP or Auth-Service to update a Consent object once it has been Verified.
1613
+ Called by a `auth-service` to notify a DFSP that a credential has been verified and registered.
1614
+ properties:
1615
+ status:
1616
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/status'
1617
+ scopes:
1618
+ type: array
1619
+ items:
1620
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/scopes/items'
1621
+ credential:
1622
+ title: VerifiedCredential
1623
+ type: object
1624
+ description: |
1625
+ A credential used to allow a user to prove their identity and access
1626
+ to an account with a DFSP.
1627
+
1628
+ VerifiedCredential is a special formatting of Credential to allow us to be
1629
+ more explicit about the `status` field - it should only ever be VERIFIED when
1630
+ updating a credential.
1631
+ properties:
1632
+ credentialType:
1633
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/credentialType'
1634
+ status:
1635
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/patch/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/status'
1636
+ genericPayload:
1637
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/genericPayload'
1638
+ fidoPayload:
1639
+ $ref: '#/paths/~1tppConsents~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/0/properties/credential/properties/fidoPayload'
1640
+ required:
1641
+ - credentialType
1642
+ - status
1643
+ additionalProperties: false
1644
+ extensionList:
1645
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
1646
+ required:
1647
+ - scopes
1648
+ - credential
1649
+ additionalProperties: false
1650
+ parameters:
1651
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1652
+ responses:
1653
+ '200':
1654
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1655
+ '202':
1656
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1657
+ '400':
1658
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1659
+ '401':
1660
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1661
+ '403':
1662
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1663
+ '404':
1664
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1665
+ '405':
1666
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1667
+ '406':
1668
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1669
+ '501':
1670
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1671
+ '503':
1672
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1673
+ delete:
1674
+ description: |
1675
+ Used by PISP, DFSP
1676
+
1677
+ The **DELETE /consents/**_{ID}_ request is used to request the revocation of a previously agreed consent.
1678
+ For tracing and auditing purposes, the switch should be sure not to delete the consent physically;
1679
+ instead, information relating to the consent should be marked as deleted and requests relating to the
1680
+ consent should not be honoured.
1681
+ operationId: DeleteConsentByID
1682
+ parameters:
1683
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1684
+ tags:
1685
+ - consents
1686
+ responses:
1687
+ '202':
1688
+ $ref: '#/paths/~1tppConsents/post/responses/202'
1689
+ '400':
1690
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1691
+ '401':
1692
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1693
+ '403':
1694
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1695
+ '404':
1696
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1697
+ '405':
1698
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1699
+ '406':
1700
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1701
+ '501':
1702
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1703
+ '503':
1704
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1705
+ /tppConsents/{ID}/error:
1706
+ parameters:
1707
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
1708
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1709
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1710
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1711
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1712
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1713
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1714
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1715
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1716
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1717
+ put:
1718
+ tags:
1719
+ - consents
1720
+ operationId: NotifyErrorConsents
1721
+ summary: NotifyErrorConsents
1722
+ description: |
1723
+ DFSP responds to the PISP if something went wrong with validating or storing consent.
1724
+ parameters:
1725
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1726
+ requestBody:
1727
+ description: Error information returned.
1728
+ required: true
1729
+ content:
1730
+ application/json:
1731
+ schema:
1732
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
1733
+ responses:
1734
+ '200':
1735
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
1736
+ '400':
1737
+ $ref: '#/paths/~1tppConsents/post/responses/400'
1738
+ '401':
1739
+ $ref: '#/paths/~1tppConsents/post/responses/401'
1740
+ '403':
1741
+ $ref: '#/paths/~1tppConsents/post/responses/403'
1742
+ '404':
1743
+ $ref: '#/paths/~1tppConsents/post/responses/404'
1744
+ '405':
1745
+ $ref: '#/paths/~1tppConsents/post/responses/405'
1746
+ '406':
1747
+ $ref: '#/paths/~1tppConsents/post/responses/406'
1748
+ '501':
1749
+ $ref: '#/paths/~1tppConsents/post/responses/501'
1750
+ '503':
1751
+ $ref: '#/paths/~1tppConsents/post/responses/503'
1752
+ /tppAuthorizations:
1753
+ parameters:
1754
+ - $ref: '#/paths/~1tppConsents/parameters/0'
1755
+ - $ref: '#/paths/~1tppConsents/parameters/1'
1756
+ - $ref: '#/paths/~1tppConsents/parameters/2'
1757
+ - $ref: '#/paths/~1tppConsents/parameters/3'
1758
+ - $ref: '#/paths/~1tppConsents/parameters/4'
1759
+ - $ref: '#/paths/~1tppConsents/parameters/5'
1760
+ - $ref: '#/paths/~1tppConsents/parameters/6'
1761
+ - $ref: '#/paths/~1tppConsents/parameters/7'
1762
+ - $ref: '#/paths/~1tppConsents/parameters/8'
1763
+ post:
1764
+ description: |
1765
+ The HTTP request **POST /tppAuthorizations** used by a Payer DFSP to request authorization from the Payer to make a payment.
1766
+ This use case is applicable when the Payer DFSP receives a request to pay (a Payee initiated payment) and chooses to authorize the payment through the third party provider.
1767
+ operationId: tppPostAuthorizations
1768
+ summary: tppPostAuthorizations
1769
+ tags:
1770
+ - authorizations
1771
+ parameters:
1772
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
1773
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
1774
+ requestBody:
1775
+ description: Authorization request details
1776
+ required: true
1777
+ content:
1778
+ application/json:
1779
+ schema:
1780
+ title: tppAuthorizationsPostRequest
1781
+ description: |-
1782
+ Used by: DFSP
1783
+ The HTTP request POST /tppAuthorizations is used to request the validation by a customer for the transfer described in the request.
1784
+ Callback and data model information for POST /tppAuthorizations:
1785
+ Callback - PUT /tppAuthorizations/{ID} Error Callback - PUT /tppAuthorizations/{ID}/error
1786
+ type: object
1787
+ properties:
1788
+ authorizationRequestId:
1789
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1790
+ transactionRequestId:
1791
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
1792
+ challenge:
1793
+ type: string
1794
+ description: The challenge that the PISP's client is to sign
1795
+ transferAmount:
1796
+ allOf:
1797
+ - $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
1798
+ description: The amount that will be debited from the sending customer's account as a consequence of the transaction.
1799
+ payeeReceiveAmount:
1800
+ allOf:
1801
+ - $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/fees/allOf/0'
1802
+ description: The amount that will be credited to the receiving customer's account as a consequence of the transaction.
1803
+ fees:
1804
+ allOf:
1805
+ - title: Money
1806
+ type: object
1807
+ additionalProperties: false
1808
+ description: Data model for the complex type Money.
1809
+ properties:
1810
+ currency:
1811
+ title: Currency
1812
+ description: The currency codes defined in [ISO 4217](https://www.iso.org/iso-4217-currency-codes.html) as three-letter alphabetic codes are used as the standard naming representation for currencies.
1813
+ type: string
1814
+ minLength: 3
1815
+ maxLength: 3
1816
+ enum:
1817
+ - AED
1818
+ - AFN
1819
+ - ALL
1820
+ - AMD
1821
+ - ANG
1822
+ - AOA
1823
+ - ARS
1824
+ - AUD
1825
+ - AWG
1826
+ - AZN
1827
+ - BAM
1828
+ - BBD
1829
+ - BDT
1830
+ - BGN
1831
+ - BHD
1832
+ - BIF
1833
+ - BMD
1834
+ - BND
1835
+ - BOB
1836
+ - BRL
1837
+ - BSD
1838
+ - BTN
1839
+ - BWP
1840
+ - BYN
1841
+ - BZD
1842
+ - CAD
1843
+ - CDF
1844
+ - CHF
1845
+ - CLP
1846
+ - CNY
1847
+ - COP
1848
+ - CRC
1849
+ - CUC
1850
+ - CUP
1851
+ - CVE
1852
+ - CZK
1853
+ - DJF
1854
+ - DKK
1855
+ - DOP
1856
+ - DZD
1857
+ - EGP
1858
+ - ERN
1859
+ - ETB
1860
+ - EUR
1861
+ - FJD
1862
+ - FKP
1863
+ - GBP
1864
+ - GEL
1865
+ - GGP
1866
+ - GHS
1867
+ - GIP
1868
+ - GMD
1869
+ - GNF
1870
+ - GTQ
1871
+ - GYD
1872
+ - HKD
1873
+ - HNL
1874
+ - HRK
1875
+ - HTG
1876
+ - HUF
1877
+ - IDR
1878
+ - ILS
1879
+ - IMP
1880
+ - INR
1881
+ - IQD
1882
+ - IRR
1883
+ - ISK
1884
+ - JEP
1885
+ - JMD
1886
+ - JOD
1887
+ - JPY
1888
+ - KES
1889
+ - KGS
1890
+ - KHR
1891
+ - KMF
1892
+ - KPW
1893
+ - KRW
1894
+ - KWD
1895
+ - KYD
1896
+ - KZT
1897
+ - LAK
1898
+ - LBP
1899
+ - LKR
1900
+ - LRD
1901
+ - LSL
1902
+ - LYD
1903
+ - MAD
1904
+ - MDL
1905
+ - MGA
1906
+ - MKD
1907
+ - MMK
1908
+ - MNT
1909
+ - MOP
1910
+ - MRO
1911
+ - MUR
1912
+ - MVR
1913
+ - MWK
1914
+ - MXN
1915
+ - MYR
1916
+ - MZN
1917
+ - NAD
1918
+ - NGN
1919
+ - NIO
1920
+ - NOK
1921
+ - NPR
1922
+ - NZD
1923
+ - OMR
1924
+ - PAB
1925
+ - PEN
1926
+ - PGK
1927
+ - PHP
1928
+ - PKR
1929
+ - PLN
1930
+ - PYG
1931
+ - QAR
1932
+ - RON
1933
+ - RSD
1934
+ - RUB
1935
+ - RWF
1936
+ - SAR
1937
+ - SBD
1938
+ - SCR
1939
+ - SDG
1940
+ - SEK
1941
+ - SGD
1942
+ - SHP
1943
+ - SLL
1944
+ - SOS
1945
+ - SPL
1946
+ - SRD
1947
+ - STD
1948
+ - SVC
1949
+ - SYP
1950
+ - SZL
1951
+ - THB
1952
+ - TJS
1953
+ - TMT
1954
+ - TND
1955
+ - TOP
1956
+ - TRY
1957
+ - TTD
1958
+ - TVD
1959
+ - TWD
1960
+ - TZS
1961
+ - UAH
1962
+ - UGX
1963
+ - USD
1964
+ - UYU
1965
+ - UZS
1966
+ - VEF
1967
+ - VND
1968
+ - VUV
1969
+ - WST
1970
+ - XAF
1971
+ - XCD
1972
+ - XDR
1973
+ - XOF
1974
+ - XPF
1975
+ - XTS
1976
+ - XXX
1977
+ - YER
1978
+ - ZAR
1979
+ - ZMW
1980
+ - ZWD
1981
+ amount:
1982
+ title: Amount
1983
+ type: string
1984
+ pattern: ^([0]|([1-9][0-9]{0,17}))([.][0-9]{0,3}[1-9])?$
1985
+ description: The API data type Amount is a JSON String in a canonical format that is restricted by a regular expression for interoperability reasons. This pattern does not allow any trailing zeroes at all, but allows an amount without a minor currency unit. It also only allows four digits in the minor currency unit; a negative value is not allowed. Using more than 18 digits in the major currency unit is not allowed.
1986
+ example: '123.45'
1987
+ required:
1988
+ - currency
1989
+ - amount
1990
+ description: The amount of fees that the paying customer will be charged as part of the transaction.
1991
+ payer:
1992
+ allOf:
1993
+ - $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
1994
+ description: Information about the Payer type, id, sub-type/id, FSP Id in the proposed financial transaction.
1995
+ payee:
1996
+ allOf:
1997
+ - title: Party
1998
+ type: object
1999
+ description: Data model for the complex type Party.
2000
+ properties:
2001
+ partyIdInfo:
2002
+ $ref: '#/paths/~1tppConsentRequests/post/requestBody/content/application~1json/schema/properties/partyIdInfo'
2003
+ merchantClassificationCode:
2004
+ title: MerchantClassificationCode
2005
+ type: string
2006
+ pattern: ^[\d]{1,4}$
2007
+ description: A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc.
2008
+ name:
2009
+ title: PartyName
2010
+ type: string
2011
+ minLength: 1
2012
+ maxLength: 128
2013
+ description: Name of the Party. Could be a real name or a nickname.
2014
+ personalInfo:
2015
+ title: PartyPersonalInfo
2016
+ type: object
2017
+ additionalProperties: false
2018
+ description: Data model for the complex type PartyPersonalInfo.
2019
+ properties:
2020
+ complexName:
2021
+ title: PartyComplexName
2022
+ type: object
2023
+ additionalProperties: false
2024
+ description: Data model for the complex type PartyComplexName.
2025
+ properties:
2026
+ firstName:
2027
+ title: FirstName
2028
+ type: string
2029
+ minLength: 1
2030
+ maxLength: 128
2031
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2032
+ description: First name of the Party (Name Type).
2033
+ example: Henrik
2034
+ middleName:
2035
+ title: MiddleName
2036
+ type: string
2037
+ minLength: 1
2038
+ maxLength: 128
2039
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2040
+ description: Middle name of the Party (Name Type).
2041
+ example: Johannes
2042
+ lastName:
2043
+ title: LastName
2044
+ type: string
2045
+ minLength: 1
2046
+ maxLength: 128
2047
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2048
+ description: Last name of the Party (Name Type).
2049
+ example: Karlsson
2050
+ dateOfBirth:
2051
+ title: DateofBirth (type Date)
2052
+ type: string
2053
+ pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$
2054
+ description: Date of Birth of the Party.
2055
+ example: '1966-06-16'
2056
+ kycInformation:
2057
+ title: KYCInformation
2058
+ type: string
2059
+ minLength: 1
2060
+ maxLength: 2048
2061
+ description: KYC information for the party in a form mandated by an individual scheme.
2062
+ example: |-
2063
+ {
2064
+ "metadata": {
2065
+ "format": "JSON",
2066
+ "version": "1.0",
2067
+ "description": "Data containing KYC Information"
2068
+ },
2069
+ "data": {
2070
+ "name": "John Doe",
2071
+ "dob": "1980-05-15",
2072
+ "gender": "Male",
2073
+ "address": "123 Main Street, Anytown, USA",
2074
+ "email": "johndoe@example.com",
2075
+ "phone": "+1 555-123-4567",
2076
+ "nationality": "US",
2077
+ "passport_number": "AB1234567",
2078
+ "issue_date": "2010-02-20",
2079
+ "expiry_date": "2025-02-20",
2080
+ "bank_account_number": "1234567890",
2081
+ "bank_name": "Example Bank",
2082
+ "employer": "ABC Company",
2083
+ "occupation": "Software Engineer",
2084
+ "income": "$80,000 per year",
2085
+ "marital_status": "Single",
2086
+ "dependents": 0,
2087
+ "risk_level": "Low"
2088
+ }
2089
+ }
2090
+ required:
2091
+ - partyIdInfo
2092
+ description: Information about the Payee in the proposed financial transaction.
2093
+ transactionType:
2094
+ title: TransactionType
2095
+ type: object
2096
+ additionalProperties: false
2097
+ description: Data model for the complex type TransactionType.
2098
+ properties:
2099
+ scenario:
2100
+ title: TransactionScenario
2101
+ type: string
2102
+ enum:
2103
+ - DEPOSIT
2104
+ - WITHDRAWAL
2105
+ - TRANSFER
2106
+ - PAYMENT
2107
+ - REFUND
2108
+ description: |-
2109
+ Below are the allowed values for the enumeration.
2110
+ - DEPOSIT - Used for performing a Cash-In (deposit) transaction. In a normal scenario, electronic funds are transferred from a Business account to a Consumer account, and physical cash is given from the Consumer to the Business User.
2111
+ - WITHDRAWAL - Used for performing a Cash-Out (withdrawal) transaction. In a normal scenario, electronic funds are transferred from a Consumer’s account to a Business account, and physical cash is given from the Business User to the Consumer.
2112
+ - TRANSFER - Used for performing a P2P (Peer to Peer, or Consumer to Consumer) transaction.
2113
+ - PAYMENT - Usually used for performing a transaction from a Consumer to a Merchant or Organization, but could also be for a B2B (Business to Business) payment. The transaction could be online for a purchase in an Internet store, in a physical store where both the Consumer and Business User are present, a bill payment, a donation, and so on.
2114
+ - REFUND - Used for performing a refund of transaction.
2115
+ example: DEPOSIT
2116
+ subScenario:
2117
+ title: TransactionSubScenario
2118
+ type: string
2119
+ pattern: ^[A-Z_]{1,32}$
2120
+ description: Possible sub-scenario, defined locally within the scheme (UndefinedEnum Type).
2121
+ example: LOCALLY_DEFINED_SUBSCENARIO
2122
+ initiator:
2123
+ title: TransactionInitiator
2124
+ type: string
2125
+ enum:
2126
+ - PAYER
2127
+ - PAYEE
2128
+ description: |-
2129
+ Below are the allowed values for the enumeration.
2130
+ - PAYER - Sender of funds is initiating the transaction. The account to send from is either owned by the Payer or is connected to the Payer in some way.
2131
+ - PAYEE - Recipient of the funds is initiating the transaction by sending a transaction request. The Payer must approve the transaction, either automatically by a pre-generated OTP or by pre-approval of the Payee, or by manually approving in his or her own Device.
2132
+ example: PAYEE
2133
+ initiatorType:
2134
+ title: TransactionInitiatorType
2135
+ type: string
2136
+ enum:
2137
+ - CONSUMER
2138
+ - AGENT
2139
+ - BUSINESS
2140
+ - DEVICE
2141
+ description: |-
2142
+ Below are the allowed values for the enumeration.
2143
+ - CONSUMER - Consumer is the initiator of the transaction.
2144
+ - AGENT - Agent is the initiator of the transaction.
2145
+ - BUSINESS - Business is the initiator of the transaction.
2146
+ - DEVICE - Device is the initiator of the transaction.
2147
+ example: CONSUMER
2148
+ refundInfo:
2149
+ title: Refund
2150
+ type: object
2151
+ additionalProperties: false
2152
+ description: Data model for the complex type Refund.
2153
+ properties:
2154
+ originalTransactionId:
2155
+ $ref: '#/paths/~1tppAccountRequest/post/requestBody/content/application~1json/schema/properties/accountRequestId'
2156
+ refundReason:
2157
+ title: RefundReason
2158
+ type: string
2159
+ minLength: 1
2160
+ maxLength: 128
2161
+ description: Reason for the refund.
2162
+ example: Free text indicating reason for the refund.
2163
+ required:
2164
+ - originalTransactionId
2165
+ balanceOfPayments:
2166
+ title: BalanceOfPayments
2167
+ type: string
2168
+ pattern: ^[1-9]\d{2}$
2169
+ description: (BopCode) The API data type [BopCode](https://www.imf.org/external/np/sta/bopcode/) is a JSON String of 3 characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed.
2170
+ example: '123'
2171
+ required:
2172
+ - scenario
2173
+ - initiator
2174
+ - initiatorType
2175
+ expiration:
2176
+ allOf:
2177
+ - title: DateTime
2178
+ type: string
2179
+ pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:(\.\d{3}))(?:Z|[+-][01]\d:[0-5]\d)$
2180
+ description: The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html), expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples are "2016-05-24T08:38:08.699-04:00", "2016-05-24T08:38:08.699Z" (where Z indicates Zulu time zone, same as UTC).
2181
+ example: '2016-05-24T08:38:08.699-04:00'
2182
+ description: The time by which the transfer must be completed, set by the payee DFSP.
2183
+ extensionList:
2184
+ title: ExtensionList
2185
+ type: object
2186
+ additionalProperties: false
2187
+ description: Data model for the complex type ExtensionList. An optional list of extensions, specific to deployment.
2188
+ properties:
2189
+ extension:
2190
+ type: array
2191
+ items:
2192
+ title: Extension
2193
+ type: object
2194
+ additionalProperties: false
2195
+ description: Data model for the complex type Extension.
2196
+ properties:
2197
+ key:
2198
+ title: ExtensionKey
2199
+ type: string
2200
+ minLength: 1
2201
+ maxLength: 32
2202
+ description: Extension key.
2203
+ value:
2204
+ title: ExtensionValue
2205
+ type: string
2206
+ minLength: 1
2207
+ maxLength: 128
2208
+ description: Extension value.
2209
+ required:
2210
+ - key
2211
+ - value
2212
+ minItems: 1
2213
+ maxItems: 16
2214
+ description: Number of Extension elements.
2215
+ required:
2216
+ - extension
2217
+ required:
2218
+ - authorizationRequestId
2219
+ - transactionRequestId
2220
+ - challenge
2221
+ - transferAmount
2222
+ - payeeReceiveAmount
2223
+ - fees
2224
+ - payer
2225
+ - payee
2226
+ - transactionType
2227
+ - expiration
2228
+ additionalProperties: false
2229
+ responses:
2230
+ '202':
2231
+ $ref: '#/paths/~1tppConsents/post/responses/202'
2232
+ '400':
2233
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2234
+ '401':
2235
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2236
+ '403':
2237
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2238
+ '404':
2239
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2240
+ '405':
2241
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2242
+ '406':
2243
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2244
+ '501':
2245
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2246
+ '503':
2247
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2248
+ /tppAuthorizations/{ID}:
2249
+ parameters:
2250
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
2251
+ - $ref: '#/paths/~1tppConsents/parameters/0'
2252
+ - $ref: '#/paths/~1tppConsents/parameters/1'
2253
+ - $ref: '#/paths/~1tppConsents/parameters/2'
2254
+ - $ref: '#/paths/~1tppConsents/parameters/3'
2255
+ - $ref: '#/paths/~1tppConsents/parameters/4'
2256
+ - $ref: '#/paths/~1tppConsents/parameters/5'
2257
+ - $ref: '#/paths/~1tppConsents/parameters/6'
2258
+ - $ref: '#/paths/~1tppConsents/parameters/7'
2259
+ - $ref: '#/paths/~1tppConsents/parameters/8'
2260
+ get:
2261
+ description: |
2262
+ The HTTP request **GET /tppAuthorizations/**_{ID}_ is used to get information relating
2263
+ to a previously issued authorization request. The *{ID}* in the request should match the
2264
+ `authorizationRequestId` which was given when the authorization request was created.
2265
+ operationId: tppGetAuthorizationsById
2266
+ summary: ttpGetAuthorizationsById
2267
+ tags:
2268
+ - authorizations
2269
+ parameters:
2270
+ - $ref: '#/paths/~1tppConsents/post/parameters/0'
2271
+ responses:
2272
+ '202':
2273
+ $ref: '#/paths/~1tppConsents/post/responses/202'
2274
+ '400':
2275
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2276
+ '401':
2277
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2278
+ '403':
2279
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2280
+ '404':
2281
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2282
+ '405':
2283
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2284
+ '406':
2285
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2286
+ '501':
2287
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2288
+ '503':
2289
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2290
+ put:
2291
+ description: |
2292
+ After receiving the **POST /tppAuthorizations**, the PISP will present the details of the
2293
+ transaction to their user, and request that the client sign the `challenge` field using the credential
2294
+ they previously registered.
2295
+
2296
+ The signed challenge will be sent back by the PISP in **PUT /tppAuthorizations/**_{ID}_:
2297
+ operationId: tppPutAuthorizationsById
2298
+ summary: tppPutAuthorizationsById
2299
+ tags:
2300
+ - authorizations
2301
+ parameters:
2302
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
2303
+ requestBody:
2304
+ description: Signed authorization object
2305
+ required: true
2306
+ content:
2307
+ application/json:
2308
+ schema:
2309
+ oneOf:
2310
+ - title: tppAuthorizationsIDPutResponseRejected
2311
+ type: object
2312
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2313
+ properties:
2314
+ responseType:
2315
+ title: AuthorizationResponseTypeRejected
2316
+ description: |
2317
+ The customer rejected the terms of the transfer.
2318
+ type: string
2319
+ enum:
2320
+ - REJECTED
2321
+ extensionList:
2322
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2323
+ required:
2324
+ - responseType
2325
+ - title: tppAuthorizationsIDPutResponseFIDO
2326
+ type: object
2327
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2328
+ properties:
2329
+ responseType:
2330
+ title: AuthorizationResponseType
2331
+ description: |
2332
+ The customer accepted the terms of the transfer
2333
+ type: string
2334
+ enum:
2335
+ - ACCEPTED
2336
+ signedPayload:
2337
+ title: SignedPayloadFIDO
2338
+ type: object
2339
+ properties:
2340
+ signedPayloadType:
2341
+ title: SignedPayloadTypeFIDO
2342
+ type: string
2343
+ enum:
2344
+ - FIDO
2345
+ description: Describes a challenge that has been signed with FIDO Attestation flows
2346
+ fidoSignedPayload:
2347
+ title: FIDOPublicKeyCredentialAssertion
2348
+ type: object
2349
+ description: |
2350
+ A data model representing a FIDO Assertion result.
2351
+ Derived from PublicKeyCredential Interface in WebAuthN.
2352
+
2353
+ The PublicKeyCredential interface represents the below fields with a Type of
2354
+ Javascript ArrayBuffer.
2355
+ For this API, we represent ArrayBuffers as base64 encoded utf-8 strings.
2356
+
2357
+ https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v2.0.0/api/thirdparty/data-models.md#32128-fidopublickeycredentialassertion
2358
+ properties:
2359
+ id:
2360
+ type: string
2361
+ description: |
2362
+ credential id: identifier of pair of keys, base64 encoded
2363
+ https://w3c.github.io/webauthn/#ref-for-dom-credential-id
2364
+ minLength: 20
2365
+ maxLength: 118
2366
+ rawId:
2367
+ type: string
2368
+ description: |
2369
+ raw credential id: identifier of pair of keys, base64 encoded.
2370
+ minLength: 20
2371
+ maxLength: 118
2372
+ response:
2373
+ type: object
2374
+ description: |
2375
+ AuthenticatorAssertionResponse
2376
+ properties:
2377
+ authenticatorData:
2378
+ type: string
2379
+ description: |
2380
+ Authenticator data object.
2381
+ minLength: 49
2382
+ maxLength: 256
2383
+ clientDataJSON:
2384
+ type: string
2385
+ description: |
2386
+ JSON string with client data.
2387
+ minLength: 121
2388
+ maxLength: 512
2389
+ signature:
2390
+ type: string
2391
+ description: |
2392
+ The signature generated by the private key associated with this credential.
2393
+ minLength: 59
2394
+ maxLength: 256
2395
+ userHandle:
2396
+ type: string
2397
+ description: |
2398
+ This field is optionally provided by the authenticator, and
2399
+ represents the user.id that was supplied during registration.
2400
+ minLength: 1
2401
+ maxLength: 88
2402
+ required:
2403
+ - authenticatorData
2404
+ - clientDataJSON
2405
+ - signature
2406
+ additionalProperties: false
2407
+ type:
2408
+ type: string
2409
+ description: response type, we need only the type of public-key
2410
+ enum:
2411
+ - public-key
2412
+ required:
2413
+ - id
2414
+ - rawId
2415
+ - response
2416
+ - type
2417
+ additionalProperties: false
2418
+ required:
2419
+ - signedPayloadType
2420
+ - fidoSignedPayload
2421
+ additionalProperties: false
2422
+ extensionList:
2423
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2424
+ required:
2425
+ - responseType
2426
+ - signedPayload
2427
+ additionalProperties: false
2428
+ - title: tppAuthorizationsIDPutResponseGeneric
2429
+ type: object
2430
+ description: The object sent in the PUT /tppAuthorizations/{ID} callback.
2431
+ properties:
2432
+ responseType:
2433
+ $ref: '#/paths/~1tppAuthorizations~1%7BID%7D/put/requestBody/content/application~1json/schema/oneOf/1/properties/responseType'
2434
+ signedPayload:
2435
+ title: SignedPayloadGeneric
2436
+ type: object
2437
+ properties:
2438
+ signedPayloadType:
2439
+ title: SignedPayloadTypeGeneric
2440
+ type: string
2441
+ enum:
2442
+ - GENERIC
2443
+ description: Describes a challenge that has been signed with a private key
2444
+ genericSignedPayload:
2445
+ $ref: '#/paths/~1tppAccountRequest~1%7BID%7D/put/requestBody/content/application~1json/schema/properties/authToken'
2446
+ required:
2447
+ - signedPayloadType
2448
+ - genericSignedPayload
2449
+ additionalProperties: false
2450
+ extensionList:
2451
+ $ref: '#/paths/~1tppAuthorizations/post/requestBody/content/application~1json/schema/properties/extensionList'
2452
+ required:
2453
+ - responseType
2454
+ - signedPayload
2455
+ additionalProperties: false
2456
+ responses:
2457
+ '200':
2458
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
2459
+ '400':
2460
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2461
+ '401':
2462
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2463
+ '403':
2464
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2465
+ '404':
2466
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2467
+ '405':
2468
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2469
+ '406':
2470
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2471
+ '501':
2472
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2473
+ '503':
2474
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2475
+ /tppAuthorizations/{ID}/error:
2476
+ parameters:
2477
+ - $ref: '#/paths/~1tppAccounts~1%7BID%7D/parameters/0'
2478
+ - $ref: '#/paths/~1tppConsents/parameters/0'
2479
+ - $ref: '#/paths/~1tppConsents/parameters/1'
2480
+ - $ref: '#/paths/~1tppConsents/parameters/2'
2481
+ - $ref: '#/paths/~1tppConsents/parameters/3'
2482
+ - $ref: '#/paths/~1tppConsents/parameters/4'
2483
+ - $ref: '#/paths/~1tppConsents/parameters/5'
2484
+ - $ref: '#/paths/~1tppConsents/parameters/6'
2485
+ - $ref: '#/paths/~1tppConsents/parameters/7'
2486
+ - $ref: '#/paths/~1tppConsents/parameters/8'
2487
+ put:
2488
+ tags:
2489
+ - authorizations
2490
+ operationId: tppAuthorizationsByIdAndError
2491
+ summary: tppAuthorizationsByIdAndError
2492
+ description: |
2493
+ The HTTP request `PUT /tppAuthorizations/{ID}/error` is used by the DFSP or PISP to inform
2494
+ the other party that something went wrong with a Thirdparty Transaction Authorization Request.
2495
+
2496
+ The PISP may use this to tell the DFSP that the Thirdparty Transaction Authorization Request is invalid or doesn't
2497
+ match a `transactionRequestId`.
2498
+
2499
+ The DFSP may use this to tell the PISP that the signed challenge returned in `PUT /tppAuthorizations/{ID}`
2500
+ was invalid.
2501
+ parameters:
2502
+ - $ref: '#/paths/~1tppConsents/post/parameters/1'
2503
+ requestBody:
2504
+ description: Error information returned.
2505
+ required: true
2506
+ content:
2507
+ application/json:
2508
+ schema:
2509
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
2510
+ responses:
2511
+ '200':
2512
+ $ref: '#/paths/~1tppAccounts~1%7BID%7D/put/responses/200'
2513
+ '400':
2514
+ $ref: '#/paths/~1tppConsents/post/responses/400'
2515
+ '401':
2516
+ $ref: '#/paths/~1tppConsents/post/responses/401'
2517
+ '403':
2518
+ $ref: '#/paths/~1tppConsents/post/responses/403'
2519
+ '404':
2520
+ $ref: '#/paths/~1tppConsents/post/responses/404'
2521
+ '405':
2522
+ $ref: '#/paths/~1tppConsents/post/responses/405'
2523
+ '406':
2524
+ $ref: '#/paths/~1tppConsents/post/responses/406'
2525
+ '501':
2526
+ $ref: '#/paths/~1tppConsents/post/responses/501'
2527
+ '503':
2528
+ $ref: '#/paths/~1tppConsents/post/responses/503'
2529
+ /parties/{Type}/{ID}:
2530
+ parameters:
2531
+ - name: Type
2532
+ in: path
2533
+ required: true
2534
+ schema:
2535
+ type: string
2536
+ description: The type of the party identifier. For example, `MSISDN`, `PERSONAL_ID`.
2537
+ - name: ID
2538
+ in: path
2539
+ required: true
2540
+ schema:
2541
+ type: string
2542
+ description: The identifier value.
2543
+ - name: Content-Type
2544
+ in: header
2545
+ schema:
2546
+ type: string
2547
+ required: true
2548
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
2549
+ - name: Date
2550
+ in: header
2551
+ schema:
2552
+ type: string
2553
+ required: true
2554
+ description: The `Date` header field indicates the date when the request was sent.
2555
+ - name: X-Forwarded-For
2556
+ in: header
2557
+ schema:
2558
+ type: string
2559
+ required: false
2560
+ description: |-
2561
+ The `X-Forwarded-For` header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple `X-Forwarded-For` values should be expected and supported by implementers of the API.
2562
+
2563
+ **Note:** An alternative to `X-Forwarded-For` is defined in [RFC 7239](https://tools.ietf.org/html/rfc7239). However, to this point RFC 7239 is less-used and supported than `X-Forwarded-For`.
2564
+ - name: FSPIOP-Source
2565
+ in: header
2566
+ schema:
2567
+ type: string
2568
+ required: true
2569
+ description: The `FSPIOP-Source` header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field `FSPIOP-Signature`).
2570
+ - name: FSPIOP-Destination
2571
+ in: header
2572
+ schema:
2573
+ type: string
2574
+ required: false
2575
+ description: The `FSPIOP-Destination` header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field must be set by the original sender of the request if the destination is known (valid for all services except GET /parties) so that any entities between the client and the server do not need to parse the payload for routing purposes. If the destination is not known (valid for service GET /parties), the field should be left empty.
2576
+ - name: FSPIOP-Encryption
2577
+ in: header
2578
+ schema:
2579
+ type: string
2580
+ required: false
2581
+ description: The `FSPIOP-Encryption` header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.
2582
+ - name: FSPIOP-Signature
2583
+ in: header
2584
+ schema:
2585
+ type: string
2586
+ required: false
2587
+ description: The `FSPIOP-Signature` header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.
2588
+ - name: FSPIOP-URI
2589
+ in: header
2590
+ schema:
2591
+ type: string
2592
+ required: false
2593
+ description: The `FSPIOP-URI` header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
2594
+ - name: FSPIOP-HTTP-Method
2595
+ in: header
2596
+ schema:
2597
+ type: string
2598
+ required: false
2599
+ description: The `FSPIOP-HTTP-Method` header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set).
2600
+ get:
2601
+ description: The HTTP request `GET /parties/{Type}/{ID}` (or `GET /parties/{Type}/{ID}/{SubId}`) is used to look up information regarding the requested Party, defined by `{Type}`, `{ID}` and optionally `{SubId}` (for example, `GET /parties/MSISDN/123456789`, or `GET /parties/BUSINESS/shoecompany/employee1`).
2602
+ summary: Look up party information
2603
+ tags:
2604
+ - parties
2605
+ operationId: PartiesByTypeAndID
2606
+ parameters:
2607
+ - name: Accept
2608
+ in: header
2609
+ required: true
2610
+ schema:
2611
+ type: string
2612
+ description: The `Accept` header field indicates the version of the API the client would like the server to use.
2613
+ responses:
2614
+ '202':
2615
+ description: Accepted
2616
+ '400':
2617
+ description: Bad Request
2618
+ content:
2619
+ application/json:
2620
+ schema:
2621
+ title: ErrorInformationResponse
2622
+ type: object
2623
+ description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.
2624
+ properties:
2625
+ errorInformation:
2626
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D~1error/put/requestBody/content/application~1json/schema/properties/errorInformation'
2627
+ headers:
2628
+ Content-Length:
2629
+ required: false
2630
+ schema:
2631
+ type: integer
2632
+ description: |-
2633
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
2634
+
2635
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
2636
+ Content-Type:
2637
+ schema:
2638
+ type: string
2639
+ required: true
2640
+ description: The `Content-Type` header indicates the specific version of the API used to send the payload body.
2641
+ '401':
2642
+ description: Unauthorized
2643
+ content:
2644
+ application/json:
2645
+ schema:
2646
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2647
+ headers:
2648
+ Content-Length:
2649
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2650
+ Content-Type:
2651
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2652
+ '403':
2653
+ description: Forbidden
2654
+ content:
2655
+ application/json:
2656
+ schema:
2657
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2658
+ headers:
2659
+ Content-Length:
2660
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2661
+ Content-Type:
2662
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2663
+ '404':
2664
+ description: Not Found
2665
+ content:
2666
+ application/json:
2667
+ schema:
2668
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2669
+ headers:
2670
+ Content-Length:
2671
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2672
+ Content-Type:
2673
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2674
+ '405':
2675
+ description: Method Not Allowed
2676
+ content:
2677
+ application/json:
2678
+ schema:
2679
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2680
+ headers:
2681
+ Content-Length:
2682
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2683
+ Content-Type:
2684
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2685
+ '406':
2686
+ description: Not Acceptable
2687
+ content:
2688
+ application/json:
2689
+ schema:
2690
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2691
+ headers:
2692
+ Content-Length:
2693
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2694
+ Content-Type:
2695
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2696
+ '501':
2697
+ description: Not Implemented
2698
+ content:
2699
+ application/json:
2700
+ schema:
2701
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2702
+ headers:
2703
+ Content-Length:
2704
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2705
+ Content-Type:
2706
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2707
+ '503':
2708
+ description: Service Unavailable
2709
+ content:
2710
+ application/json:
2711
+ schema:
2712
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/content/application~1json/schema'
2713
+ headers:
2714
+ Content-Length:
2715
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Length'
2716
+ Content-Type:
2717
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400/headers/Content-Type'
2718
+ put:
2719
+ description: The callback `PUT /parties/{Type}/{ID}` (or `PUT /parties/{Type}/{ID}/{SubId}`) is used to inform the client of a successful result of the Party information lookup.
2720
+ summary: Return party information
2721
+ tags:
2722
+ - parties
2723
+ operationId: PartiesByTypeAndID2
2724
+ parameters:
2725
+ - name: Content-Length
2726
+ in: header
2727
+ required: false
2728
+ schema:
2729
+ type: integer
2730
+ description: |-
2731
+ The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body.
2732
+
2733
+ **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes).
2734
+ requestBody:
2735
+ description: Party information returned.
2736
+ required: true
2737
+ content:
2738
+ application/json:
2739
+ schema:
2740
+ title: PartiesTypeIDPutResponse
2741
+ type: object
2742
+ description: The object sent in the PUT /parties/{Type}/{ID} callback.
2743
+ properties:
2744
+ party:
2745
+ title: Party
2746
+ type: object
2747
+ description: Data model for the complex type Party.
2748
+ properties:
2749
+ partyIdInfo:
2750
+ title: PartyIdInfo
2751
+ type: object
2752
+ description: Data model for the complex type PartyIdInfo. An ExtensionList element has been added to this reqeust in version v1.1
2753
+ properties:
2754
+ partyIdType:
2755
+ title: PartyIdType
2756
+ type: string
2757
+ enum:
2758
+ - MSISDN
2759
+ - EMAIL
2760
+ - PERSONAL_ID
2761
+ - BUSINESS
2762
+ - DEVICE
2763
+ - ACCOUNT_ID
2764
+ - IBAN
2765
+ - ALIAS
2766
+ description: |-
2767
+ Below are the allowed values for the enumeration.
2768
+ - MSISDN - An MSISDN (Mobile Station International Subscriber Directory Number, that is, the phone number) is used as reference to a participant. The MSISDN identifier should be in international format according to the [ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en). Optionally, the MSISDN may be prefixed by a single plus sign, indicating the international prefix.
2769
+ - EMAIL - An email is used as reference to a participant. The format of the email should be according to the informational [RFC 3696](https://tools.ietf.org/html/rfc3696).
2770
+ - PERSONAL_ID - A personal identifier is used as reference to a participant. Examples of personal identification are passport number, birth certificate number, and national registration number. The identifier number is added in the PartyIdentifier element. The personal identifier type is added in the PartySubIdOrType element.
2771
+ - BUSINESS - A specific Business (for example, an organization or a company) is used as reference to a participant. The BUSINESS identifier can be in any format. To make a transaction connected to a specific username or bill number in a Business, the PartySubIdOrType element should be used.
2772
+ - DEVICE - A specific device (for example, a POS or ATM) ID connected to a specific business or organization is used as reference to a Party. For referencing a specific device under a specific business or organization, use the PartySubIdOrType element.
2773
+ - ACCOUNT_ID - A bank account number or FSP account ID should be used as reference to a participant. The ACCOUNT_ID identifier can be in any format, as formats can greatly differ depending on country and FSP.
2774
+ - IBAN - A bank account number or FSP account ID is used as reference to a participant. The IBAN identifier can consist of up to 34 alphanumeric characters and should be entered without whitespace.
2775
+ - ALIAS An alias is used as reference to a participant. The alias should be created in the FSP as an alternative reference to an account owner. Another example of an alias is a username in the FSP system. The ALIAS identifier can be in any format. It is also possible to use the PartySubIdOrType element for identifying an account under an Alias defined by the PartyIdentifier.
2776
+ partyIdentifier:
2777
+ title: PartyIdentifier
2778
+ type: string
2779
+ minLength: 1
2780
+ maxLength: 128
2781
+ description: Identifier of the Party.
2782
+ example: '16135551212'
2783
+ partySubIdOrType:
2784
+ title: PartySubIdOrType
2785
+ type: string
2786
+ minLength: 1
2787
+ maxLength: 128
2788
+ description: Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType.
2789
+ fspId:
2790
+ title: FspId
2791
+ type: string
2792
+ minLength: 1
2793
+ maxLength: 32
2794
+ description: FSP identifier.
2795
+ extensionList:
2796
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D~1error/put/requestBody/content/application~1json/schema/properties/errorInformation/properties/extensionList'
2797
+ required:
2798
+ - partyIdType
2799
+ - partyIdentifier
2800
+ merchantClassificationCode:
2801
+ title: MerchantClassificationCode
2802
+ type: string
2803
+ pattern: ^[\d]{1,4}$
2804
+ description: A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc.
2805
+ name:
2806
+ title: PartyName
2807
+ type: string
2808
+ minLength: 1
2809
+ maxLength: 128
2810
+ description: Name of the Party. Could be a real name or a nickname.
2811
+ personalInfo:
2812
+ title: PartyPersonalInfo
2813
+ type: object
2814
+ description: Data model for the complex type PartyPersonalInfo.
2815
+ properties:
2816
+ complexName:
2817
+ title: PartyComplexName
2818
+ type: object
2819
+ description: Data model for the complex type PartyComplexName.
2820
+ properties:
2821
+ firstName:
2822
+ title: FirstName
2823
+ type: string
2824
+ minLength: 1
2825
+ maxLength: 128
2826
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2827
+ description: First name of the Party (Name Type).
2828
+ example: Henrik
2829
+ middleName:
2830
+ title: MiddleName
2831
+ type: string
2832
+ minLength: 1
2833
+ maxLength: 128
2834
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2835
+ description: Middle name of the Party (Name Type).
2836
+ example: Johannes
2837
+ lastName:
2838
+ title: LastName
2839
+ type: string
2840
+ minLength: 1
2841
+ maxLength: 128
2842
+ pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$
2843
+ description: Last name of the Party (Name Type).
2844
+ example: Karlsson
2845
+ dateOfBirth:
2846
+ title: DateofBirth (type Date)
2847
+ type: string
2848
+ pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$
2849
+ description: Date of Birth of the Party.
2850
+ example: '1966-06-16'
2851
+ required:
2852
+ - partyIdInfo
2853
+ required:
2854
+ - party
2855
+ responses:
2856
+ '200':
2857
+ description: OK
2858
+ '400':
2859
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400'
2860
+ '401':
2861
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/401'
2862
+ '403':
2863
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/403'
2864
+ '404':
2865
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/404'
2866
+ '405':
2867
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/405'
2868
+ '406':
2869
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/406'
2870
+ '501':
2871
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/501'
2872
+ '503':
2873
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/503'
2874
+ /parties/{Type}/{ID}/error:
2875
+ put:
2876
+ description: If the server is unable to find Party information of the provided identity, or another processing error occurred, the error callback `PUT /parties/{Type}/{ID}/error` (or `PUT /parties/{Type}/{ID}/{SubI}/error`) is used.
2877
+ summary: Return party information error
2878
+ tags:
2879
+ - parties
2880
+ operationId: PartiesErrorByTypeAndID
2881
+ parameters:
2882
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/0'
2883
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/1'
2884
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/parameters/0'
2885
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/2'
2886
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/3'
2887
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/4'
2888
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/5'
2889
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/6'
2890
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/7'
2891
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/8'
2892
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/9'
2893
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/10'
2894
+ requestBody:
2895
+ description: Details of the error returned.
2896
+ required: true
2897
+ content:
2898
+ application/json:
2899
+ schema:
2900
+ title: ErrorInformationObject
2901
+ type: object
2902
+ description: Data model for the complex type object that contains ErrorInformation.
2903
+ properties:
2904
+ errorInformation:
2905
+ title: ErrorInformation
2906
+ type: object
2907
+ description: Data model for the complex type ErrorInformation.
2908
+ properties:
2909
+ errorCode:
2910
+ title: ErrorCode
2911
+ type: string
2912
+ pattern: ^[1-9]\d{3}$
2913
+ description: The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represent the specific error.
2914
+ example: '5100'
2915
+ errorDescription:
2916
+ title: ErrorDescription
2917
+ type: string
2918
+ minLength: 1
2919
+ maxLength: 128
2920
+ description: Error description string.
2921
+ extensionList:
2922
+ title: ExtensionList
2923
+ type: object
2924
+ description: Data model for the complex type ExtensionList. An optional list of extensions, specific to deployment.
2925
+ properties:
2926
+ extension:
2927
+ type: array
2928
+ items:
2929
+ title: Extension
2930
+ type: object
2931
+ description: Data model for the complex type Extension.
2932
+ properties:
2933
+ key:
2934
+ title: ExtensionKey
2935
+ type: string
2936
+ minLength: 1
2937
+ maxLength: 32
2938
+ description: Extension key.
2939
+ value:
2940
+ title: ExtensionValue
2941
+ type: string
2942
+ minLength: 1
2943
+ maxLength: 128
2944
+ description: Extension value.
2945
+ required:
2946
+ - key
2947
+ - value
2948
+ minItems: 1
2949
+ maxItems: 16
2950
+ description: Number of Extension elements.
2951
+ required:
2952
+ - extension
2953
+ required:
2954
+ - errorCode
2955
+ - errorDescription
2956
+ required:
2957
+ - errorInformation
2958
+ responses:
2959
+ '200':
2960
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/responses/200'
2961
+ '400':
2962
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400'
2963
+ '401':
2964
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/401'
2965
+ '403':
2966
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/403'
2967
+ '404':
2968
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/404'
2969
+ '405':
2970
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/405'
2971
+ '406':
2972
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/406'
2973
+ '501':
2974
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/501'
2975
+ '503':
2976
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/503'
2977
+ /parties/{Type}/{ID}/{SubId}:
2978
+ parameters:
2979
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/0'
2980
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/1'
2981
+ - name: SubId
2982
+ in: path
2983
+ required: true
2984
+ schema:
2985
+ type: string
2986
+ description: A sub-identifier of the party identifier, or a sub-type of the party identifier's type. For example, `PASSPORT`, `DRIVING_LICENSE`.
2987
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/2'
2988
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/3'
2989
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/4'
2990
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/5'
2991
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/6'
2992
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/7'
2993
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/8'
2994
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/9'
2995
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/10'
2996
+ get:
2997
+ description: The HTTP request `GET /parties/{Type}/{ID}` (or `GET /parties/{Type}/{ID}/{SubId}`) is used to look up information regarding the requested Party, defined by `{Type}`, `{ID}` and optionally `{SubId}` (for example, `GET /parties/MSISDN/123456789`, or `GET /parties/BUSINESS/shoecompany/employee1`).
2998
+ summary: Look up party information
2999
+ tags:
3000
+ - parties
3001
+ operationId: PartiesSubIdByTypeAndID
3002
+ parameters:
3003
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/parameters/0'
3004
+ responses:
3005
+ '202':
3006
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/202'
3007
+ '400':
3008
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400'
3009
+ '401':
3010
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/401'
3011
+ '403':
3012
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/403'
3013
+ '404':
3014
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/404'
3015
+ '405':
3016
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/405'
3017
+ '406':
3018
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/406'
3019
+ '501':
3020
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/501'
3021
+ '503':
3022
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/503'
3023
+ put:
3024
+ description: The callback `PUT /parties/{Type}/{ID}` (or `PUT /parties/{Type}/{ID}/{SubId}`) is used to inform the client of a successful result of the Party information lookup.
3025
+ summary: Return party information
3026
+ tags:
3027
+ - parties
3028
+ operationId: PartiesSubIdByTypeAndIDPut
3029
+ parameters:
3030
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/parameters/0'
3031
+ requestBody:
3032
+ description: Party information returned.
3033
+ required: true
3034
+ content:
3035
+ application/json:
3036
+ schema:
3037
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/requestBody/content/application~1json/schema'
3038
+ responses:
3039
+ '200':
3040
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/responses/200'
3041
+ '400':
3042
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400'
3043
+ '401':
3044
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/401'
3045
+ '403':
3046
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/403'
3047
+ '404':
3048
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/404'
3049
+ '405':
3050
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/405'
3051
+ '406':
3052
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/406'
3053
+ '501':
3054
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/501'
3055
+ '503':
3056
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/503'
3057
+ /parties/{Type}/{ID}/{SubId}/error:
3058
+ put:
3059
+ description: If the server is unable to find Party information of the provided identity, or another processing error occurred, the error callback `PUT /parties/{Type}/{ID}/error` (or `PUT /parties/{Type}/{ID}/{SubId}/error`) is used.
3060
+ summary: Return party information error
3061
+ tags:
3062
+ - parties
3063
+ operationId: PartiesSubIdErrorByTypeAndID
3064
+ parameters:
3065
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/0'
3066
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/1'
3067
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D~1%7BSubId%7D/parameters/2'
3068
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/parameters/0'
3069
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/2'
3070
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/3'
3071
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/4'
3072
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/5'
3073
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/6'
3074
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/7'
3075
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/8'
3076
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/9'
3077
+ - $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/parameters/10'
3078
+ requestBody:
3079
+ description: Details of the error returned.
3080
+ required: true
3081
+ content:
3082
+ application/json:
3083
+ schema:
3084
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D~1error/put/requestBody/content/application~1json/schema'
3085
+ responses:
3086
+ '200':
3087
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/put/responses/200'
3088
+ '400':
3089
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/400'
3090
+ '401':
3091
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/401'
3092
+ '403':
3093
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/403'
3094
+ '404':
3095
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/404'
3096
+ '405':
3097
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/405'
3098
+ '406':
3099
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/406'
3100
+ '501':
3101
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/501'
3102
+ '503':
3103
+ $ref: '#/paths/~1parties~1%7BType%7D~1%7BID%7D/get/responses/503'