--- swagger: "2.0" info: version: 4.0.8 title: Multibanco Payment Authorisation x-ibm-name: sibs-psd2-multibanco-payments-authorisation-api description: | The API is designed on a REST model using JSON structures. contact: name: "" url: "" license: name: "" url: "" termsOfService: "" schemes: - https produces: - application/json consumes: - application/json paths: /{aspsp-cde}/v1-0-4/{payment-service}/{multibanco-payment-type}/{service-payment-name}/{payment-id}/authorisations: post: operationId: mbPaymentAuthorisationRequest tags: - Multibanco Payment Authorisation Access Request summary: Multibanco Payment Authorisation Access Request description: Starts the authorisation process for a multibanco payment initiation. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Decoupled-Preferred' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' responses: 201: description: Created headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA-Approach: type: string description: 'Possible values are: \n - EMBEDDED \n - DECOUPLED \n - REDIRECT \n OAuth will be subsumed by the value REDIRECT' enum: - EMBEDDED - DECOUPLED - REDIRECT default: REDIRECT schema: $ref: '#/definitions/PaymentAuthorisationResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' get: operationId: getMbPaymentAuthorisationListRequest tags: - Multibanco Payment Authorisation List Request summary: Multibanco Payment Authorisation List Request description: Will deliver an array of resource identifications of all generated authorisation sub-resources. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' responses: 200: description: OK headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. schema: $ref: '#/definitions/PaymentAuthorisationSubresourcesResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' ? /{aspsp-cde}/v1-0-4/{payment-service}/{multibanco-payment-type}/{service-payment-name}/{payment-id}/authorisations/{authorisation-id} : put: operationId: updateMbPaymentAuthorisationPSUData tags: - Multibanco Payment Authorisation PSU Data Update Request summary: Mutibanco Payment Authorisation PSU Data Update Request description: Updates the multibanco payment initiation authorisation sub-resource data on the server by PSU data, if requested by the ASPSP. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Digest' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' - $ref: '#/parameters/authorisation-id' - $ref: '#/parameters/PaymentAuthorisationUpdateRequest' responses: 200: description: Ok headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA-Approach: type: string description: 'Possible values are: \n - EMBEDDED \n - DECOUPLED \n - REDIRECT \n OAuth will be subsumed by the value REDIRECT' enum: - EMBEDDED - DECOUPLED - REDIRECT default: REDIRECT schema: $ref: '#/definitions/PaymentAuthorisationUpdateResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' get: operationId: getMbPaymentAuthorisationSCAStatusRequest tags: - Multibanco Payment Authorisation SCA Status Inquiry Request summary: Multibanco Payment Authorisation SCA Status Inquiry Request description: Checks the SCA status of a authorisation sub-resource. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' - $ref: '#/parameters/authorisation-id' responses: 200: description: OK headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. schema: $ref: '#/definitions/PaymentAuthorisationStatusResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' /{aspsp-cde}/v1-0-4/{payment-service}/{multibanco-payment-type}/{service-payment-name}/{payment-id}/cancellation-authorisations: post: operationId: cancelMbPaymentAuthorisationRequest tags: - Cancel Multibanco Payment Authorisation Request summary: Cancel Multibanco Payment Authorisation Request description: Starts the authorisation process for a multibanco payment cancellation where needed. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Decoupled-Preferred' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' responses: 200: description: OK headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA-Approach: type: string description: 'Possible values are: \n - EMBEDDED \n - DECOUPLED \n - REDIRECT \n OAuth will be subsumed by the value REDIRECT' enum: - EMBEDDED - DECOUPLED - REDIRECT default: REDIRECT schema: $ref: '#/definitions/PaymentAuthorisationResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' get: operationId: getCancelMbPaymentAuthorisationListRequest tags: - Cancel Multibanco Payment Initiation Authorisation List Request summary: Cancel Multibanco Payment Initiation Authorisation List Request description: Will deliver an array of resource identifications to all generated cancellation authorisation sub-resources. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' responses: 200: description: OK headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. schema: $ref: '#/definitions/PaymentAuthorisationSubresourcesResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' ? /{aspsp-cde}/v1-0-4/{payment-service}/{multibanco-payment-type}/{service-payment-name}/{payment-id}/cancellation-authorisations/{authorisation-id} : put: operationId: updateCancelMbPaymentAuthorisationPSUData tags: - Cancel Multibanco Payment Authorisation PSU Data Update Request summary: Cancel Multibanco Payment Authorisation PSU Data Update Request description: Updates the multibanco payment initiation cancellation authorisation sub-resource data on the server by PSU data, if requested by the ASPSP. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/Digest' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' - $ref: '#/parameters/authorisation-id' - $ref: '#/parameters/PaymentAuthorisationUpdateRequest' responses: 200: description: Ok headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA-Approach: type: string description: 'Possible values are: \n - EMBEDDED \n - DECOUPLED \n - REDIRECT \n OAuth will be subsumed by the value REDIRECT' enum: - EMBEDDED - DECOUPLED - REDIRECT default: REDIRECT schema: $ref: '#/definitions/PaymentAuthorisationUpdateResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' get: operationId: getCancelMbPaymentAuthorisationSCAStatusRequest tags: - Get Cancel Multibanco Payment Authorisation SCA Status Request summary: Get Cancel Multibanco Payment Authorisation SCA Status Request description: Checks the SCA status of a cancellation authorisation sub-resource. parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/payment-service' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/service-payment-name' - $ref: '#/parameters/payment-id' - $ref: '#/parameters/authorisation-id' responses: 200: description: OK headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. schema: $ref: '#/definitions/PaymentAuthorisationStatusResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' definitions: Amount: description: Amount type: object required: - currency - amount properties: currency: description: | ISO 4217 currency code type: string pattern: ^[A-Z]{3,3}$ default: EUR amount: description: | The amount given with fractional digits, where fractions must be compliant to the currency definition. The decimal separator is a dot. type: string pattern: ^\-{0,1}[0-9]{1,9}(\.[0-9]{0,2}){0,1}$ default: "0" additionalProperties: false AuthenticationArray: description: Array of Authentication object type: array items: $ref: '#/definitions/Authentication' description: Authentication Data additionalProperties: false Authentication: description: Authentication Data type: object required: - authenticationType - authenticationMethodId properties: authenticationType: description: Type of the authentication method. $ref: '#/definitions/AuthenticationType' authenticationVersion: description: | Depending on the authenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation. type: string default: "" authenticationMethodId: description: | An identification provided by the ASPSP for the later identification of the authentication method selection. type: string maxLength: 35 default: "" name: description: | This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like “SMS OTP on phone +49160 xxxxx 28”. This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available. type: string default: "" explanation: description: | detailed information about the sca method for the PSU. type: string default: "" additionalProperties: false AuthenticationType: description: | authentication types: * SMS_OTP - An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel. * CHIP_OTP - An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram. To contact the card, the PSU normally needs a (handheld) device. With this device, the PSU either reads the challenging data through a visual interface like flickering or the PSU types in the challenge through the device key pad. The device then derives an OTP from the challenge data and displays the OTP to the PSU. * PHOTO_OTP - An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU. * PUSH_OTP - An OTP is pushed to a dedicated authentication APP and displayed to the PSU. type: string enum: - SMS_OTP - CHIP_OTP - PHOTO_OTP - PUSH_OTP default: SMS_OTP additionalProperties: false Challenge: description: Requested Authentication Data type: object properties: image: description: | PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding , cp. [RFC 4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method. type: string format: byte default: "" data: description: String challenge data type: string default: "" imageLink: description: A link where the ASPSP will provides the challenge image for the TPP. type: string default: "" otpMaxLength: description: The maximal length for the OTP to be typed in by the PSU. type: number default: 0 otpFormat: description: The format type of the OTP to be typed in. type: string enum: - characters - integer default: integer additionalInformation: description: Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU. type: string default: "" additionalProperties: false ErrorMessage: description: Error Information. type: object properties: tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. additionalProperties: false ErrorMessageWithStatus: description: Error and status Information. type: object properties: transactionStatus: $ref: '#/definitions/TransactionStatusType' description: The transaction status is filled with codes of the ISO 20022 corresponding element. tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. additionalProperties: false MessageCode: description: Message error codes. type: string enum: - SERVICE_BLOCKED - CORPORATE_ID_IVALID - CONSENT_UNKNOWN - CONSENT_INVALID - CONSENT_EXPIRED - RESOURCE_UNIKNOWN - RESOURCE_EXPIRED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKKNOWN - TRANSACTION_ID_INVALID - PRODUCT_INVALID - PRODUCT_UNKNOWN - PAYMENT_FAILED - REQUIRED_KID_MISSING - SESSIONS_NOT_SUPPORTED - ACCESS_EXCEEDED - REQUESTED_FORMATS_INVALID - CARD_INVALID - NO_PIIS_ACTIVATION default: CONSENT_INVALID additionalProperties: false PaymentAuthorisationSubresourcesResponseResource: description: Returns an array of all authorisationIds connected to this payment. type: object required: - authorisationIds properties: authorisationIds: description: An array of all authorisationIds connected to this payment. type: array items: type: string description: authorisationId connected to this payment. additionalProperties: false PaymentSCAStatusResponseLink: description: | A list of hyperlinks to be recognized by the TPP. properties: scaRedirect: description: A link to an ASPSP site where SCA is performed within the Redirect SCA approach type: string default: "" startAuthorisation: description: A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start. type: string default: "" startAuthorisationWithPsuIdentification: description: The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call. type: string default: "" updatePsuIdentification: description: | The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request. type: string default: "" startAuthorisationWithProprietaryData: description: A link to the endpoint, where the authorisation of a transaction or of a transaction cancellation shall be started, and where proprietary data needs to be updated with this call. The TPP can find the scope of missing proprietary data in the ASPSP documentation. type: string default: "" updateProprietaryData: description: The link to the payment initiation or account information resource, which needs to be updated by the proprietary data. type: string default: "" startAuthorisationWithPsuAuthentication: description: The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU authentication data shall be uploaded with the corresponding call. type: string default: "" updatePsuAuthenication: description: | The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach. type: string default: "" updateAdditionalPsuAuthentication: description: The link to the payment initiation or account information resource, which needs to be updated by an additional PSU password. type: string default: "" startAuthorisationWithAuthenticationMethodSelection: description: This is a link to and endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where the selected SCA method shall be uploaded with the corresponding call. type: string default: "" startAuthorisationWithTransactionAuthorisation: description: A link to an endpoint, where an authorisation of a transaction or a cancellation can be started, and where the response data for the challenge is uploaded in the same call for the transaction authorisation or transaction cancellation at the same time in the Embedded SCA Approach type: string default: "" selectAuthenticationMethod: description: This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there were several available authentication methods. type: string default: "" authoriseTransaction: description: | The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to. This is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach. type: string self: description: The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation. type: string default: "" status: description: | The link to retrieve the transaction status of the account information consent. type: string default: "" scaStatus: description: A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource. type: string default: "" additionalProperties: false PaymentResponseLink: description: | A list of hyperlinks to be recognized by the TPP. properties: scaRedirect: description: A link to an ASPSP site where SCA is performed within the Redirect SCA approach type: string default: "" updatePsuIdentification: description: | The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request. type: string default: "" updatePsuAuthentication: description: | The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach. type: string default: "" selectAuthenticationMethod: description: This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there were several available authentication methods. type: string default: "" authoriseTransaction: description: The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to. This is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach. type: string default: "" scaStatus: description: A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource. type: string default: "" additionalProperties: false PaymentUpdateLink: description: 'A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. \n Remark: All links can be relative or full links, to be decided by the ASPSP. \n Remark: This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. \n Type of links admitted in this response, (further links might be added for ASPSP defined extensions): \n "scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. \n "updatePsuIdentification": The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. \n "updatePsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. \n "authoriseTransaction": The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. \n "scaStatus": The link to retrieve the scaStatus of the corresponding authorisation sub-resource.' properties: scaRedirect: description: A link to an ASPSP site where SCA is performed within the Redirect SCA approach. type: string default: "" updatePsuIdentification: description: The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. type: string default: "" selectAuthenticationMethod: description: This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there are several available authentication methods and if the PSU is already sufficiently authenticated.. If this link is contained, then there is also the data element "scaMethods" contained in the response body type: string default: "" updatePsuAuthentication: description: The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. type: string default: "" authoriseTransaction: description: The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. type: string updateAdditionalPsuAuthentication: description: The link to the payment initiation or account information resource, which needs to be updated by an additional PSU password. This link is only contained in rare cases, where such additional passwords are needed for PSU authentications. type: string scaStatus: description: A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource. type: string default: "" additionalProperties: false PaymentCancellationAuthorisationResponseResource: description: Creates a payment cancellation to a authorisation response to TPP. type: object required: - scaStatus - authorisationId - _links properties: scaStatus: description: 'The Following codes are defined for this data type: \n - Received: An authorisation or cancellation-authorisation resource has been created successfully. \n - psuIdentified:The PSU related to the authorisation or cancellation-authorisation resource has been identified. \n -psuAuthenticated: The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. \n -scaMethodSelected:The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of "received". \n -started:The addressed SCA routine has been started. \n -unconfirmed: SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. \n - finalised: The SCA routine has been finlised successfully (including a potential confirmation command). This is a final status of the authorisation resource. \n -failed: The SCA routine failed. This is a final status of the authorisation resource. \n -exempted: SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource.' type: string enum: - received - psuIdentified - psuAuthenticated - scaMethodSelected - started - unconfirmed - finalised - failed - exempted default: received authorisationId: description: Unique resource identification of the created authorisation sub-resource. type: string transactionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport the total transaction fee relevant for the underlying payments. This field includes the entry of the currencyConversionFees if applicable. currencyConversionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport specific currency conversion fees related to the initiated credit transfer. estimatedTotalAmount: $ref: '#/definitions/Amount' description: 'The amount which is estimated to be debted from the debtor account. \n Note: This amount includes fees.' estimatedInterbankSettlementAmount: $ref: '#/definitions/Amount' description: The estimated amount to be transferred to the payee. scaMethods: $ref: '#/definitions/AuthenticationArray' description: Might be contained, if several authentication methods are available. (name, type) \n This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. \n These methods shall be presented towards the PSU for selection by the TPP. chosenScaMethod: $ref: '#/definitions/Authentication' description: This data element is only contained in the response if the ASPSP has chosen the Embedded SCA Approach, if the PSU is already identified e.g. with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected. challengeData: $ref: '#/definitions/Challenge' description: It is contained in addition to the data element "chosenScaMethod" if challenge data is needed for SCA. \n In rare cases this attribute is also used in the context of the "updatePsuAuthentication" or "updateEncryptedPsuAuthentication" link. _links: $ref: '#/definitions/PaymentResponseLink' psuMessage: description: Text to be displayed to the PSU. type: string default: "" additionalProperties: false PaymentAuthorisationResponseResource: description: Creates a payment authorisation response to TPP. type: object required: - scaStatus - authorisationId - _links properties: scaStatus: description: 'The Folowwing codes are defined for this data type: \n - Received: An authorisation or cancellation-authorisation resource has been created successfully. \n - psuIdentified:The PSU related to the authorisation or cancellation-authorisation resource has been identified. \n -psuAuthenticated: The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. \n -scaMethodSelected:The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of "received". \n -started:The addressed SCA routine has been started. \n -unconfirmed: SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. \n - finalised: The SCA routine has been finlised successfully (including a potential confirmation command). This is a final status of the authorisation resource. \n -failed: The SCA routine failed. This is a final status of the authorisation resource. \n -exempted: SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource.' type: string enum: - received - psuIdentified - psuAuthenticated - scaMethodSelected - started - unconfirmed - finalised - failed - exempted default: received authorisationId: description: Unique resource identification of the created authorisation sub-resource. type: string transactionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport the total transaction fee relevant for the underlying payments. This field includes the entry of the currencyConversionFees if applicable. currencyConversionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport specific currency conversion fees related to the initiated credit transfer. estimatedTotalAmount: $ref: '#/definitions/Amount' description: 'The amount which is estimated to be debted from the debtor account. \n Note: This amount includes fees.' estimatedInterbankSettlementAmount: $ref: '#/definitions/Amount' description: The estimated amount to be transferred to the payee. scaMethods: $ref: '#/definitions/AuthenticationArray' description: Might be contained, if several authentication methods are available. (name, type) \n This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. \n These methods shall be presented towards the PSU for selection by the TPP. chosenScaMethod: $ref: '#/definitions/Authentication' description: This data element is only contained in the response if the ASPSP has chosen the Embedded SCA Approach, if the PSU is already identified e.g. with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected. challengeData: $ref: '#/definitions/Challenge' description: It is contained in addition to the data element "chosenScaMethod" if challenge data is needed for SCA. \n In rare cases this attribute is also used in the context of the "updatePsuAuthentication" or "updateEncryptedPsuAuthentication" link. _links: $ref: '#/definitions/PaymentResponseLink' psuMessage: description: Text to be displayed to the PSU. type: string default: "" additionalProperties: false PaymentAuthorisationStatusResponseResource: description: Informs TPP about status of a payment initiation. type: object required: - scaStatus - _links properties: scaStatus: description: 'This data element is containing information about the status of the SCA method applied. \n The Folowwing codes are defined for this data type: \n - received: An authorisation or cancellation-authorisation resource has been created successfully. \n - psuIdentified:The PSU related to the authorisation or cancellation-authorisation resource has been identified. \n -psuAuthenticated: The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. \n -scaMethodSelected:The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of "received". \n -started:The addressed SCA routine has been started. \n -unconfirmed: SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. \n - finalised: The SCA routine has been finlised successfully (including a potential confirmation command). This is a final status of the authorisation resource. \n -failed: The SCA routine failed. This is a final status of the authorisation resource. \n -exempted: SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource.' type: string enum: - received - psuIdentified - psuAuthenticated - scaMethodSelected - started - unconfirmed - finalised - failed - exempted default: received _links: description: 'A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. \n Remark: All links can be relative or full links, to be decided by the ASPSP. \n Remark: This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. \n Type of links admitted in this response, (further links might be added for ASPSP defined extensions): \n "scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. \n "scaOAuth": In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. \n "confirmation": Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with \n - a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or \n - an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. \n "updatePsuIdentification": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. \n "updatePsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. \n "updateEncryptedPsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where encrypted PSU authentication data needs to be uploaded. \n "authoriseTransaction": \n The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. \n "scaStatus": The link to retrieve the scaStatus of the corresponding authorisation sub-resource.' $ref: '#/definitions/PaymentSCAStatusResponseLink' additionalProperties: false PaymentAuthorisationUpdateRequestResource: description: Update information related to a previous payment initiation in order to obtain PSUId credentials. It is only to be used to support Embedded method. type: object properties: psuData: $ref: '#/definitions/PSUData' description: Include all credentials related data (e.g., user, password and additional data accordingly with ASPSP requests) scaAuthenticationData: description: | SCA authentication data, depending on the chosen authentication method. if the data is binary, then it is base64 encoded. type: string default: "" authenticationMethodId: description: | The authentication method ID as provided by the ASPSP This property is mandatory in a Select Authentication Method type: string default: "" additionalProperties: false PaymentAuthorisationUpdateResponseResource: description: Sends an update information related to a previous payment initiation to TPP. type: object required: - scaStatus - _links properties: transactionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport the total transaction fee relevant for the underlying payments. This field includes the entry of the currencyConversionFees if applicable. currencyConversionFees: $ref: '#/definitions/Amount' description: Might be used by the ASPSP to transport specific currency conversion fees related to the initiated credit transfer. estimatedTotalAmount: $ref: '#/definitions/Amount' description: 'The amount which is estimated to be debted from the debtor account. \n Note: This amount includes fees.' estimatedInterbankSettlementAmount: $ref: '#/definitions/Amount' description: The estimated amount to be transferred to the payee. scaMethods: $ref: '#/definitions/AuthenticationArray' description: This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type "startAuthorisationWith AuthenticationMethodSelection" contained in the response body. These methods shall be presented towards the PSU for selection by the TPP. _links: $ref: '#/definitions/PaymentUpdateLink' description: 'A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. \n Remark: All links can be relative or full links, to be decided by the ASPSP. \n Remark: This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. \n Type of links admitted in this response, (further links might be added for ASPSP defined extensions): \n "scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. \n "scaOAuth": In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. \n "confirmation": Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with \n - a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or \n - an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. \n "updatePsuIdentification": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. \n "updatePsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. \n "updateEncryptedPsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where encrypted PSU authentication data needs to be uploaded. \n "authoriseTransaction": \n The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. \n "scaStatus": The link to retrieve the scaStatus of the corresponding authorisation sub-resource.' scaStatus: type: string default: "" description: A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource. psuMessage: description: Include all credentiText to be displayed to the PSUals related data (e.g., user, password and additional data accordingly with ASPSP requests) type: string default: "" additionalProperties: false PSUData: description: 'The password, encryptedPassword, additionalPassword, or additionalEncryptedPassword subfield is used, depending whether the password or the additional password needs to be sent and depending on encryption requirements of the ASPSP as indicated in the corresponding hyperlink contained in the preceding response message of the ASPSP. Remark for Future: More details on the encrypted password transport will be published by a future bulletin.' type: object properties: password: description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until remove. type: string default: "" encryptedPassword: description: Is used when a password is encrypted on application level. type: string default: "" additionalPassword: description: Contains an additional password in plaintext. type: string default: "" additionalEncryptedPassword: description: Is provided when the additional password is used and is encrypted on application level.. type: string default: "" additionalProperties: false TppMessage: required: - category - code description: Transports additional error information. properties: category: type: string default: "" description: Category of the error. Only "ERROR" or "WARNING" permitted. code: $ref: '#/definitions/MessageCode' description: Message error code. path: type: string default: "" description: Path of the element of the request message which provoked this error message. text: type: string maxLength: 512 default: "" description: Additional explaining text. additionalProperties: false TppMessageArray: type: array description: Messages to the TPP on operational issues. items: $ref: '#/definitions/TppMessage' description: Transports additional error information. additionalProperties: false TransactionStatusType: description: |- ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT ACTC : ACCEPTED TECHNICAL VALIDATION ACFC : ACCEPTED FUNDS CHECKED ACWC : ACCEPTED WITH CHANGE ACWP : ACCEPTED WITHOUT POSTING ACSP : ACCEPTED SETTLEMENT IN PROCESS ACSC : ACCEPTED SETTLEMENT COMPLETED ACCC : ACCEPTED SETTLEMENT COMPLETED CREDITOR CANC : CANCELED RJCT : REJECTED type: string enum: - RCVD - PDNG - PATC - ACTC - ACFC - ACWC - ACWP - ACSP - ACSC - ACCC - CANC - RJCT default: RJCT additionalProperties: false parameters: aspsp-cde: name: aspsp-cde in: path description: Identification of the aspsp required: true type: string default: "" payment-id: name: payment-id in: path description: Identification of the payment required: true type: string default: "" authorisation-id: name: authorisation-id in: path description: Resource identifciation of the related Payment Initiation sub-resource. required: true type: string default: "" payment-service: name: payment-service in: path description: The possible values are "multibanco-payments", "bulk-multibanco-payments" and "periodic-multibanco-payments" required: true type: string enum: - multibanco-payments - bulk-multibanco-payments - periodic-multibanco-payments default: multibanco-payments multibanco-payment-type: name: multibanco-payment-type type: string required: true in: path description: 'Multibanco Payment type should be fulfilled as determined by the initiating party and should assume the following values: - service-payments; - special-service-payments; - public-sector-payments; - social-security-payments.' default: service-payments enum: - service-payments - special-service-payments - public-sector-payments - social-security-payments service-payment-name: name: service-payment-name type: string required: true in: path description: 'set special-service-payment-name with: \n If Multibanco payment type is "service-payments" with value "service-payments"; \n If Multibanco payment type is "special-service-payments" with values from "Multibanco Payments Catalogue"; \n If Multibanco payment type is "public-sector-payments" with value "public-sector-payments"; \n If Multibanco payment type is "social-security-payments" with value "social-security-payments";' X-Request-ID: name: X-Request-ID in: header description: 'ID of the transaction as determined by the initiating party. ' required: true type: string format: uuid default: "" PSU-IP-Address: name: PSU-IP-Address in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. required: true type: string default: "" PSU-Accept: name: PSU-Accept in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. required: false type: string default: "" PSU-Accept-Charset: name: PSU-Accept-Charset in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. required: false type: string default: "" PSU-Accept-Encoding: name: PSU-Accept-Encoding in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. required: false type: string default: "" PSU-Accept-Language: name: PSU-Accept-Language in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. required: false type: string default: "" PSU-Http-Method: name: PSU-Http-Method in: header description: 'HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE' required: false type: string enum: - GET - POST - PUT - PATCH - DELETE default: GET PSU-User-Agent: name: PSU-User-Agent in: header description: The forwarded Agent header field of the HTTP request between PSU and TPP, if available. required: false type: string default: "" TPP-Signature-Certificate: name: TPP-Signature-Certificate in: header description: The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. required: false type: string default: "" TPP-Redirect-Preferred: name: TPP-Redirect-Preferred in: header description: If it equals "true", the TPP prefers a redirect over an embedded SCA approach. \n If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. required: false type: boolean TPP-Nok-Redirect-URI: name: TPP-Nok-Redirect-URI in: header description: If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This may be ignored by the ASPSP. See Section 4.10 for further requirements on this header. \n The same condition as for TPP-Redirect-URI on keeping the URI equal during a transaction lifecycle applies also to this header. required: false type: string TPP-Decoupled-Preferred: name: TPP-Decoupled-Preferred in: header description: 'If it equals "true", the TPP prefers a decoupled SCA approach. \n If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. \n The parameter might be ignored by the ASPSP. \n If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. \n RFU: TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility.' required: false type: boolean PSU-ID: name: PSU-ID in: header description: User identification in ASPSP required: false type: string default: "" PSU-ID-Type: name: PSU-ID-Type in: header description: Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. required: false type: string default: "" PSU-IP-Port: name: PSU-IP-Port in: header description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. required: false type: string default: "" PSU-Geo-Location: name: PSU-Geo-Location in: header description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. required: false type: string pattern: ^GEO:[-?+?(\d){1,3}.(\d){6}]{8,11};[-?+?(\d){1,3}.(\d){6}]{8,11}$ default: GEO:1.111111;-1.111111 PSU-Device-ID: name: PSU-Device-ID in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. required: false type: string default: "" PSU-Device-Fingerprint: name: PSU-Device-Fingerprint in: header description: Fingerprint of the device used in the request between PSU and TPP, if available. required: false type: string default: "" PSU-Corporate-ID: name: PSU-Corporate-ID in: header description: Corporate User identification in ASPSP required: false type: string default: "" PSU-Corporate-ID-Type: name: PSU-Corporate-ID-Type in: header description: Might be mandated in the ASPSPs documentation. Only used in a corporate context. required: false type: string default: "" TPP-Redirect-URI: name: TPP-Redirect-URI in: header description: URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Shall be contained at least if the tppRedirectPreferred parameter is set to true or is missing. required: false type: string default: "" Signature: name: Signature in: header description: A signature of the request by the TPP on application level. This might be mandated by ASPSP. required: true type: string default: "" Digest: name: Digest type: string required: false in: header description: Hash of the message body. Should be present when Request body exists default: "" Date: name: Date in: header description: Request date required: true type: string format: date-time pattern: yyyy-MM-dd'T'hh:MM:ss.SSS PaymentAuthorisationUpdateRequest: name: paymentAuthorisationUpdateRequest in: body description: Payment Authorisation Request Update required: false schema: $ref: '#/definitions/PaymentAuthorisationUpdateRequestResource' x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: x-ibm-client-id: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - x-ibm-client-id: [] basePath: / x-ibm-endpoints: - endpointUrl: https://site1.sibsapimarket.com/sibs/apimarket type: - production - endpointUrl: https://site2.sibsapimarket.com/sibs/apimarket type: - production - endpointUrl: https://site2.sibsapimarket.com:8444/sibs/apimarket type: - development - endpointUrl: https://site1.sibsapimarket.com:8444/sibs/apimarket type: - development ...