@mojaloop/sdk-scheme-adapter 24.7.0 → 24.8.1-snapshot.0

package/modules/api-svc/src/InboundServer/api_template.yaml

@@ -1,71 +1,175 @@
-openapi: 3.0.0
+openapi: 3.0.2
 info:
-  version: '1.1'
+  version: '2.0-draft'
   title: Open API for FSP Interoperability (FSPIOP)
   description: >-
-    Based on API Definition.docx updated on 2020-05-19 Version 1.1.
-    API supports a maximum size of 65536 bytes (64 Kilobytes) in the HTTP
-    header.
+    Revision date: 2023-11-23
+    Based on [API Definition updated on 2020-05-19 Version
+    1.1](https://github.com/mojaloop/mojaloop-specification/blob/main/documents/v1.1-document-set/API%20Definition_v1.1.pdf).
+
+    This is implementation friendly version of the API definition.
+
+    It includes the below definitions needed for third-party functionality.
+    - AuthenticationType
+      - U2F enum
+    - AuthenticationValue
+      - oneOf is changed to anyOf
+      - new element is added U2FPinValue
+    - New element U2FPIN
+
+    **Note:** The API supports a maximum size of 65536 bytes (64 Kilobytes) in
+    the HTTP header.
   license:
-    name: Open API for FSP Interoperability (FSPIOP)
+    name: CC BY-ND 4.0
+    url: 'https://github.com/mojaloop/mojaloop-specification/blob/main/LICENSE.md'
+  contact:
+    name: Sam Kummary
+    url: 'https://github.com/mojaloop/mojaloop-specification/issues'
+servers:
+  - url: 'protocol://hostname:<port>/switch/'
+    variables:
+      protocol:
+        enum:
+          - http
+          - https
+        default: https
 paths:
-  '/participants/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_ID_error.yaml'
-  '/participants/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_ID.yaml'
-  '/participants/{Type}/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_Type_ID_error.yaml'
-  '/participants/{Type}/{ID}/{SubId}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_Type_ID_SubId_error.yaml'
-  '/participants/{Type}/{ID}/{SubId}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_Type_ID_SubId.yaml'
-  '/participants/{Type}/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants_Type_ID.yaml'
-  '/participants':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/participants.yaml'
-  '/parties/{Type}/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/parties_Type_ID.yaml'
-  '/parties/{Type}/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/parties_Type_ID_error.yaml'
-  '/parties/{Type}/{ID}/{SubId}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/parties_Type_ID_SubId.yaml'
-  '/parties/{Type}/{ID}/{SubId}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/parties_Type_ID_SubId_error.yaml'
-  '/transactionRequests/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transactionRequests_ID_error.yaml'
-  '/transactionRequests/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transactionRequests_ID.yaml'
-  '/transactionRequests':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transactionRequests.yaml'
-  '/quotes/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/quotes_ID_error.yaml'
-  '/quotes/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/quotes_ID.yaml'
-  '/quotes':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/quotes.yaml'
-  '/authorizations/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/authorizations_ID.yaml'
-  '/authorizations/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/authorizations_ID_error.yaml'
-  '/transfers/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transfers_ID_error.yaml'
-  '/transfers/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transfers_ID.yaml'
-  '/transfers':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transfers.yaml'
-  '/transactions/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transactions_ID.yaml'
-  '/transactions/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/transactions_ID_error.yaml'
-  '/bulkQuotes/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkQuotes_ID_error.yaml'
-  '/bulkQuotes/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkQuotes_ID.yaml'
-  '/bulkQuotes':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkQuotes.yaml'
-  '/bulkTransfers/{ID}':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkTransfers_ID.yaml'
-  '/bulkTransfers':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkTransfers.yaml'
-  '/bulkTransfers/{ID}/error':
-    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v1_1/openapi3/paths/bulkTransfers_ID_error.yaml'
+  /interface:
+    post:
+      description: >-
+        Essential path to include schema definitions that are not used so that
+        these definitions get included into the openapi-cli bundle api
+        definition so that they get converted into typescript definitions.
+      operationId: test
+      requestBody:
+        content:
+          application/json:
+            schema:
+              oneOf:
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/BinaryString.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/BinaryString32.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/Date.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/Integer.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/Name.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/PersonalIdentifierType.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/TokenCode.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/Transaction.yaml'
+                - $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/UndefinedEnum.yaml'
+      responses:
+        200:
+          description: Ok
+  /ping:
+    post:
+      description: The HTTP request `POST /ping` is used to validate mTLS and JWS
+      summary: For testing mTLS and JWS
+      tags:
+        - participants
+        - ping
+      operationId: handlePostPing
+      requestBody:
+        description: The object sent in the POST/PUT `/ping` requests with validation request ID.
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                requestId:
+                  $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/schemas/CorrelationId.yaml'
+              required:
+                - requestId
+      responses:
+        '202':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/202.yaml'
+        '400':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/400.yaml'
+        '401':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/401.yaml'
+        '403':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/403.yaml'
+        '404':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/404.yaml'
+        '405':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/405.yaml'
+        '406':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/406.yaml'
+        '501':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/501.yaml'
+        '503':
+          $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/components/responses/503.yaml'
+  /participants:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants.yaml'
+  /participants/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_ID.yaml'
+  /participants/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_ID_error.yaml'
+  /participants/{Type}/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_Type_ID.yaml'
+  /participants/{Type}/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_Type_ID_error.yaml'
+  /participants/{Type}/{ID}/{SubId}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_Type_ID_SubId.yaml'
+  /participants/{Type}/{ID}/{SubId}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/participants_Type_ID_SubId_error.yaml'
+  /parties/{Type}/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/parties_Type_ID.yaml'
+  /parties/{Type}/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/parties_Type_ID_error.yaml'
+  /parties/{Type}/{ID}/{SubId}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/parties_Type_ID_SubId.yaml'
+  /parties/{Type}/{ID}/{SubId}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/parties_Type_ID_SubId_error.yaml'
+  /transactionRequests:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transactionRequests.yaml'
+  /transactionRequests/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transactionRequests_ID.yaml'
+  /transactionRequests/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transactionRequests_ID_error.yaml'
+  /quotes:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/quotes.yaml'
+  /quotes/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/quotes_ID.yaml'
+  /quotes/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/quotes_ID_error.yaml'
+  /authorizations/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/authorizations_ID.yaml'
+  /authorizations/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/authorizations_ID_error.yaml'
+  /transfers:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transfers.yaml'
+  /transfers/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transfers_ID.yaml'
+  /transfers/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transfers_ID_error.yaml'
+  /transactions/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transactions_ID.yaml'
+  /transactions/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/transactions_ID_error.yaml'
+  /bulkQuotes:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkQuotes.yaml'
+  /bulkQuotes/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkQuotes_ID.yaml'
+  /bulkQuotes/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkQuotes_ID_error.yaml'
+  /bulkTransfers:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkTransfers.yaml'
+  /bulkTransfers/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkTransfers_ID.yaml'
+  /bulkTransfers/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/bulkTransfers_ID_error.yaml'
+  /fxQuotes:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxQuotes.yaml'
+  /fxQuotes/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxQuotes_ID.yaml'
+  /fxQuotes/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxQuotes_ID_error.yaml'
+  /fxTransfers:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxTransfers.yaml'
+  /fxTransfers/{ID}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxTransfers_ID.yaml'
+  /fxTransfers/{ID}/error:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/fxTransfers_ID_error.yaml'
+  /services/FXP:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/services_FXP.yaml'
+  /services/FXP/{SourceCurrency}/{TargetCurrency}:
+    $ref: '../../../../node_modules/@mojaloop/api-snippets/fspiop/v2_0/openapi3/paths/services_FXP_SourceCurrency_TargetCurrency.yaml'

package/modules/api-svc/src/InboundServer/handlers.js

@@ -34,6 +34,7 @@
 const { Enum } = require('@mojaloop/central-services-shared');
 const {
     InboundTransfersModel,
+    InboundPingModel,
     PartiesModel,
     QuotesModel,
     TransfersModel,
@@ -411,8 +412,8 @@ const putParticipantsByTypeAndId = async (ctx) => {
         // publish an event onto the cache for subscribers to action
         let cacheId = `${idType}_${idValue}` + (idSubValue ? `_${idSubValue}` : '');
         const message = { data };
-        
-        // We need to determine if this callback is a response to either a GET/POST /participants 
+
+        // We need to determine if this callback is a response to either a GET/POST /participants
         // or DELETE /participants/{Type}/{ID}/{SubId} request
         const adCacheId = `ad_${cacheId}`;
         if (ctx.state.cache._callbacks[adCacheId]) {
@@ -431,8 +432,8 @@ const putParticipantsByTypeAndId = async (ctx) => {
 
 
 /**
- * Handles a PUT /participants/{Type}/{ID}/{SubId}/error request. 
- * This is an error response to a GET /participants/{Type}/{ID}/{SubId} or 
+ * Handles a PUT /participants/{Type}/{ID}/{SubId}/error request.
+ * This is an error response to a GET /participants/{Type}/{ID}/{SubId} or
  * DELETE /participants/{Type}/{ID}/{SubId} request
  */
 const putParticipantsByTypeAndIdError = async(ctx) => {
@@ -450,7 +451,7 @@ const putParticipantsByTypeAndIdError = async(ctx) => {
     let cacheId = `${idType}_${idValue}` + (idSubValue ? `_${idSubValue}` : '');
     const message = { data };
 
-    // We need to determine if this callback is a response to either a GET/POST /participants 
+    // We need to determine if this callback is a response to either a GET/POST /participants
     // or DELETE /participants/{Type}/{ID}/{SubId} request
     const adCacheId = `ad_${cacheId}`;
     if (ctx.state.cache._callbacks[adCacheId]) {
@@ -1105,6 +1106,22 @@ const createPutFxTransfersHandler = (success) => async (ctx) => {
     ctx.response.status = ReturnCodes.OK.CODE;
 };
 
+const handlePostPing = (ctx) => {
+    const { jwsPingValidationResult, conf, logger, wso2 } = ctx.state;
+    const { sourceFspId, body, headers } = extractBodyHeadersSourceFspId(ctx);
+
+    const model = new InboundPingModel({
+        ...conf,
+        resourceVersions: ctx.resourceVersions,
+        logger,
+        wso2,
+    });
+    model.postPing({ jwsPingValidationResult, sourceFspId, body, headers })
+        .catch(err => logger.error('error in handlePostPing:', err));
+
+    prepareResponse(ctx);
+};
+
 module.exports = {
     '/': {
         get: healthCheck
@@ -1217,5 +1234,8 @@ module.exports = {
     },
     '/fxTransfers/{ID}/error': {
         put: createPutFxTransfersHandler(false)
-    }
+    },
+    '/ping': {
+        post: handlePostPing
+    },
 };

package/modules/api-svc/src/InboundServer/index.js

@@ -125,7 +125,8 @@ class InboundApi extends EventEmitter {
             api.use(middlewares.createJwsValidator(logger, jwsVerificationKeys, jwsExclusions));
         }
 
-        api.use(middlewares.applyState({ cache, wso2, conf, logExcludePaths }));
+        api.use(middlewares.applyState({ conf, cache, wso2, logExcludePaths }));
+        api.use(middlewares.createPingMiddleware(conf, jwsVerificationKeys));
         api.use(middlewares.createRequestValidator(validator));
         api.use(middlewares.assignFspiopIdentifier());
         if (conf.enableTestFeatures) {

package/modules/api-svc/src/InboundServer/middlewares.js

@@ -25,8 +25,8 @@
  --------------
  ******/
 const { env } = require('node:process');
-const coBody = require('co-body');
 const { generateSlug } = require('random-word-slugs');
+const coBody = require('co-body');
 
 const { Jws, Errors, common } = require('@mojaloop/sdk-standard-components');
 const { ReturnCodes } = require('@mojaloop/central-services-shared').Enum.Http;
@@ -58,7 +58,7 @@ const createErrorHandler = (logger) => async (ctx, next) => {
         await next();
     } catch (err) {
         // TODO: return a 500 here if the response has not already been sent?
-        logger.isErrorEnabled && logger.push({ err }).error('Error caught in catchall');
+        logger.error('Error caught in catchall: ', err);
     }
 };
 
@@ -261,7 +261,7 @@ const createHeaderValidator = (conf) => async (
 
     // Only validate requests for the requested resources
     if (!resources.includes(resource)) {
-        logger.info(`skip validation for ${resource}`);
+        logger.info(`skipping header validation for ${resource}`);
         return await next();
     }
 
@@ -347,17 +347,9 @@ const createHeaderValidator = (conf) => async (
         return;
     }
 
-    try {
-        ctx.request.body = await coBody.json(ctx.req, { limit: conf.fspiopApiServerMaxRequestBytes });
-    }
-    catch(err) {
-        // error parsing body
-        logger.push({ err }).error('Error parsing body');
-        ctx.response.status = Errors.MojaloopApiErrorCodes.MALFORMED_SYNTAX.httpStatusCode;
-        ctx.response.body = new Errors.MojaloopFSPIOPError(err, err.message, null,
-            Errors.MojaloopApiErrorCodes.MALFORMED_SYNTAX).toApiErrorObject();
-        return;
-    }
+    const isOk = await extractRequestBody(conf, ctx);
+    if (!isOk) return;
+
     await next();
 };
 
@@ -372,7 +364,7 @@ const createHeaderValidator = (conf) => async (
 const createJwsValidator = (logger, keys, exclusions) => {
     // todo: take logger from ctx
     const jwsValidator = new Jws.validator({
-        logger: logger,
+        logger,
         validationKeys: keys,
     });
     // JWS validation for incoming requests
@@ -383,22 +375,23 @@ const createJwsValidator = (logger, keys, exclusions) => {
             if (exclusions.includes('putParties')
                     && ctx.request.method === 'PUT'
                     && ctx.request.path.startsWith('/parties/')) {
-                logger.isInfoEnabled && logger.info('Skipping jws validation on put parties. config flag is set');
+                logger.info('skipping jws validation on put parties. config flag is set');
                 return await next();
             }
 
+            if (isPingRoute(ctx)) return await next();
+
             // we dont check signatures on GET requests
             // todo: validate this requirement. No state is mutated by GETs but
             // there are potential security issues if message origin is used to
             // determine permission sets i.e. what is "readable"
             if (ctx.request.method !== 'GET') {
                 logger.isDebugEnabled && logger.push({ request: ctx.request, body: ctx.request.body }).debug('Validating JWS');
-                jwsValidator.validate(ctx.request, logger);
+                jwsValidator.validate(ctx.request);
             }
 
-        }
-        catch(err) {
-            logger.push({ err }).error('Inbound request failed JWS validation');
+        } catch (err) {
+            logger.error('Inbound request failed JWS validation', err);
 
             ctx.response.status = ReturnCodes.BADREQUEST.CODE;
             ctx.response.body = new Errors.MojaloopFSPIOPError(
@@ -445,7 +438,6 @@ const createLogger = (logger) => async (ctx, next) => {
     await next();
 };
 
-
 /**
  * Add validation for each inbound request
  * @param validator
@@ -516,6 +508,53 @@ const createResponseLogging = () => async (ctx, next) => {
     return await next();
 };
 
+const createPingMiddleware = (config, validationKeys) => async (ctx, next) => {
+    if (!isPingRoute(ctx)) return await next();
+
+    const { logger } = ctx.state;
+    const isOk = await extractRequestBody(config, ctx);
+    if (!isOk) {
+        logger.warn('failed to extract request body');
+        return;
+    }
+
+    let result;
+
+    if (validationKeys) {
+        const jwsValidator = new Jws.validator({
+            logger,
+            validationKeys,
+        });
+
+        try {
+            result = jwsValidator.validate(ctx.request);
+        } catch (err) {
+            result = err;
+        }
+    }
+
+    ctx.state.jwsPingValidationResult = result;
+    logger.verbose(`is jwsPingValidation passed: ${result === true}`);
+
+    await next();
+};
+
+const extractRequestBody = async (conf, ctx) => {
+    try {
+        ctx.request.body = await coBody.json(ctx.req, { limit: conf.fspiopApiServerMaxRequestBytes });
+        return true;
+    } catch (err) {
+        // error parsing body
+        ctx.state.logger.error('Error parsing body: ', err);
+        ctx.response.status = Errors.MojaloopApiErrorCodes.MALFORMED_SYNTAX.httpStatusCode;
+        ctx.response.body = new Errors.MojaloopFSPIOPError(err, err.message, null,
+            Errors.MojaloopApiErrorCodes.MALFORMED_SYNTAX).toApiErrorObject();
+
+    }
+};
+
+const isPingRoute = (ctx) => ctx.request?.path?.startsWith('/ping');
+
 module.exports = {
     applyState,
     assignFspiopIdentifier,
@@ -528,5 +567,6 @@ module.exports = {
     createRequestValidator,
     createResponseBodyHandler,
     createResponseLogging,
+    createPingMiddleware,
     logResponse,
 };

package/modules/api-svc/src/config.js

@@ -157,6 +157,7 @@ module.exports = {
     bulkTransfersEndpoint: env.get('BULK_TRANSFERS_ENDPOINT').asString(),
     fxQuotesEndpoint: env.get('FX_QUOTES_ENDPOINT').asString(),
     fxTransfersEndpoint: env.get('FX_TRANSFERS_ENDPOINT').asString(),
+    pingEndpoint: env.get('PING_ENDPOINT').asString(),
     backendEndpoint: env.get('BACKEND_ENDPOINT').required().asString(),
 
     getServicesFxpResponse: env.get('GET_SERVICES_FXP_RESPONSE').default('').asArray(),

package/modules/api-svc/src/lib/model/InboundPingModel.js

@@ -0,0 +1,100 @@
+/*****
+ License
+ --------------
+ Copyright © 2020-2025 Mojaloop Foundation
+ The Mojaloop files are made available by the Mojaloop Foundation under the Apache License, Version 2.0 (the "License") and you may not use these files except in compliance with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, the Mojaloop files are distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+ Contributors
+ --------------
+ This is the official list of the Mojaloop project contributors for this file.
+ Names of the original copyright holders (individuals or organizations)
+ should be listed with a '*' in the first column. People who have
+ contributed from an organization can be listed under the organization
+ that actually holds the copyright for their contributions (see the
+ Mojaloop Foundation for an example). Those individuals should have
+ their names indented and be marked with a '-'. Email address can be added
+ optionally within square brackets <email>.
+
+ * Mojaloop Foundation
+ * Eugen Klymniuk <eugen.klymniuk@infitx.com>
+
+ --------------
+ ******/
+
+const { requests: { PingRequests }, Errors } = require('@mojaloop/sdk-standard-components');
+const { Headers } = require('@mojaloop/central-services-shared').Enum.Http;
+
+class InboundPingModel {
+    constructor(config) {
+        this.logger = config.logger.push({ component: this.constructor.name });
+        this.dfspId = config.dfspId;
+        this.pingRequests = new PingRequests({
+            logger: this.logger,
+            peerEndpoint: config.peerEndpoint,
+            pingEndpoint: config.pingEndpoint,
+            dfspId: config.dfspId,
+            tls: {
+                enabled: config.outbound.tls.mutualTLS.enabled,
+                creds: config.outbound.tls.creds,
+            },
+            jwsSign: config.jwsSign,
+            jwsSigningKey: config.jwsSigningKey,
+            // todo: think, if we need the rest
+            wso2: config.wso2,
+            resourceVersions: config.resourceVersions,
+            apiType: config.apiType,
+        });
+    }
+
+    async postPing({ jwsPingValidationResult, sourceFspId, body, headers }) {
+        const { requestId } = body;
+        const log = this.logger.child({ requestId, sourceFspId });
+        log.debug('postPing...', { jwsPingValidationResult, headers });
+
+        if (jwsPingValidationResult === true) {
+            log.verbose('ping JWS validation passed, sending PUT ping callback...');
+            return this.pingRequests.putPing({
+                requestId,
+                destination: sourceFspId,
+                headers: this.#createCallbackHeaders(headers),
+            });
+        }
+
+        const errInfo = this.#createPingError(jwsPingValidationResult);
+        log.info('ping JWS validation failed, sending PUT ping error callback...', { errInfo });
+        return this.pingRequests.putPingError({
+            requestId,
+            destination: sourceFspId,
+            headers: this.#createCallbackHeaders(headers),
+            errInfo
+        });
+    }
+
+    #createPingError(jwsPingValidationResult, destination) {
+        const cause = jwsPingValidationResult || new Error('JWS validationKeys are not provided');
+        const errMessage = 'error on JWS ping validation';
+        const fspiopError = new Errors.MojaloopFSPIOPError(
+            cause,
+            errMessage,
+            destination,
+            Errors.MojaloopApiErrorCodes.VALIDATION_ERROR
+        );
+        this.logger.warn(`${errMessage}: ${cause.message}`);
+
+        return fspiopError.toApiErrorObject();
+    }
+
+    #createCallbackHeaders(headers) {
+        return {
+            ...headers,
+            [Headers.FSPIOP.DESTINATION]: headers[Headers.FSPIOP.SOURCE],
+            [Headers.FSPIOP.SOURCE]: this.dfspId
+        };
+    }
+}
+
+module.exports = InboundPingModel;

package/modules/api-svc/src/lib/model/index.js

@@ -26,8 +26,8 @@
  ******/
 'use strict';
 
-
 const InboundTransfersModel = require('./InboundTransfersModel');
+const InboundPingModel = require('./InboundPingModel');
 const OutboundTransfersModel = require('./OutboundTransfersModel');
 const OutboundBulkQuotesModel = require('./OutboundBulkQuotesModel');
 const OutboundBulkTransfersModel = require('./OutboundBulkTransfersModel');
@@ -43,11 +43,12 @@ const TransfersModel = require('./TransfersModel');
 module.exports = {
     AccountsModel,
     BackendError,
+    InboundTransfersModel,
+    InboundPingModel,
     OutboundBulkQuotesModel,
     OutboundBulkTransfersModel,
     OutboundRequestToPayTransferModel,
     OutboundRequestToPayModel,
-    InboundTransfersModel,
     OutboundTransfersModel,
     ProxyModel,
     PersistentStateMachine,

package/modules/api-svc/test/__mocks__/@mojaloop/sdk-standard-components.js

@@ -33,6 +33,7 @@ const {
     axios,
     MojaloopRequests, Errors, WSO2Auth, Jws, Logger, common,
     httpRequester,
+    requests: { PingRequests },
     Ilp: { ILP_VERSIONS }
 } = jest.requireActual('@mojaloop/sdk-standard-components');
 
@@ -200,6 +201,7 @@ module.exports = {
     axios,
     Ilp,
     httpRequester,
+    requests: { PingRequests },
     MojaloopRequests: MockMojaloopRequests,
     Jws: {
         validator: MockJwsValidator,