--- swagger: "2.0" info: x-ibm-name: sibs-psd2-bulk-multibanco-payments-api title: Bulk Multibanco Payments version: 4.0.13 contact: name: "" url: "" license: url: "" name: "" termsOfService: "" description: The MULTIBANCO Payment Initiation API enables you to initiate a MULTIBANCO payment using one of the payment products made available by the Bank of the Payment Service User in his internet Banking. schemes: - https consumes: - application/json produces: - application/json securityDefinitions: x-ibm-client-id: type: apiKey in: header name: X-IBM-Client-Id security: - x-ibm-client-id: [] paths: /{aspsp-cde}/v1-0-4/bulk-multibanco-payments/{multibanco-payment-type}: post: responses: 201: description: Created. headers: X-Request-ID: type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA-Approach: type: string description: 'Possible values are: \n - EMBEDDED \n - DECOUPLED \n - REDIRECT \n OAuth will be subsumed by the value REDIRECT' enum: - EMBEDDED - DECOUPLED - REDIRECT default: REDIRECT schema: $ref: '#/definitions/BulkMultibancoPaymentResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' parameters: - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Consent-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/TPP-Delegated-Preferred' - $ref: '#/parameters/TPP-Decoupled-Preferred' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - $ref: '#/parameters/TPP-Explicit-Authorisation-Preferred' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Brand-Logging-Information' - $ref: '#/parameters/Transaction-SCA-Performed' - $ref: '#/parameters/Delegation-ID' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/Digest' - $ref: '#/parameters/BulkMBPaymentRequest' tags: - Bulk MB Payment Service Initiation summary: Bulk MB Payment Service Initiation operationId: bulkMBPaymentServiceInitiation description: Creates a bulk Multibanco payment initiation request at the ASPSP. /{aspsp-cde}/v1-0-4/bulk-multibanco-payments/{multibanco-payment-type}/{bulk-payment-id}: get: responses: 200: description: OK. schema: $ref: '#/definitions/BulkMultibancoPaymentsDetailsResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' parameters: - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/bulk-payment-id' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Date' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' description: Requests the content of a bulk Multibanco payment initiation object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach. operationId: bulkMBPaymentServiceInquiryRequest summary: Bulk MB Payment service inquiry request tags: - Bulk MB Payment service inquiry request delete: responses: 200: description: OK. schema: $ref: '#/definitions/BulkMultibancoPaymentCancelResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' parameters: - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/bulk-payment-id' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Decoupled-Preferred' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - $ref: '#/parameters/TPP-Explicit-Authorisation-Preferred' - $ref: '#/parameters/Date' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' tags: - Bulk MB Cancel Payment Request summary: Bulk MB Cancel Payment Request operationId: bulkMBCancelPaymentRequest description: Cancels a bulk Multibanco payment initiation request at the ASPSP. /{aspsp-cde}/v1-0-4/bulk-multibanco-payments/{multibanco-payment-type}/{bulk-payment-id}/status: get: responses: 200: description: OK. schema: $ref: '#/definitions/BulkMultibancoPaymentStatusResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' parameters: - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/multibanco-payment-type' - $ref: '#/parameters/bulk-payment-id' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-Http-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Date' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' description: Request to check the status of a bulk Multibanco payment initiation. operationId: bulkMBPaymentServiceStatusInquiryRequest tags: - Bulk MB Payment service status inquiry request summary: Bulk MB Payment service status inquiry request definitions: AccountReference: description: Identifier of the addressed account. type: object properties: iban: description: International Bank Account Number type: string pattern: ^[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}$ default: PT000 bban: description: This data elements is used for payment accounts which have no IBAN. type: string default: "1" pattern: ^[a-zA-Z0-9]{1,30}$ pan: description: Primary Account Number (PAN) of a card, can be tokenised by the ASPSP due to PCI DSS requirements. type: string maxLength: 35 default: "" maskedPan: description: Primary Account Number (PAN) of a card in a masked form. type: string maxLength: 35 default: "" msisdn: description: An alias to access a payment account via a registered mobile phone number type: string maxLength: 35 default: "" currency: description: ISO 4217 Alpha 3 currency code. type: string default: "" additionalProperties: false Amount: description: Amount type: object required: - currency - amount properties: currency: description: | ISO 4217 currency code type: string pattern: ^[A-Z]{3,3}$ default: EUR amount: description: | The amount given with fractional digits, where fractions must be compliant to the currency definition. The decimal separator is a dot. type: string pattern: ^\-{0,1}[0-9]{1,9}(\.[0-9]{0,2}){0,1}$ default: "0" additionalProperties: false Authentication: description: Authentication Data type: object required: - authenticationMethodId properties: authenticationType: description: Type of the authentication method. $ref: '#/definitions/AuthenticationType' authenticationVersion: description: | Depending on the authenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation. type: string default: "" authenticationMethodId: description: | An identification provided by the ASPSP for the later identification of the authentication method selection. type: string maxLength: 35 default: "" name: description: | This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like “SMS OTP on phone +49160 xxxxx 28”. This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available. type: string default: "" explanation: description: | detailed information about the sca method for the PSU. type: string default: "" additionalProperties: false AuthenticationArray: type: array items: $ref: '#/definitions/Authentication' description: Array of Authentication object AuthenticationType: description: | authentication types: * SMS_OTP - An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel. * CHIP_OTP - An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram. To contact the card, the PSU normally needs a (handheld) device. With this device, the PSU either reads the challenging data through a visual interface like flickering or the PSU types in the challenge through the device key pad. The device then derives an OTP from the challenge data and displays the OTP to the PSU. * PHOTO_OTP - An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU. * PUSH_OTP - An OTP is pushed to a dedicated authentication APP and displayed to the PSU. type: string enum: - SMS_OTP - CHIP_OTP - PHOTO_OTP - PUSH_OTP default: SMS_OTP additionalProperties: false BulkEntry: description: Payment Initiations. type: object required: - multibancoPaymentEntity properties: instructedAmount: $ref: '#/definitions/Amount' description: Transaction amount to be checked within the funds check mechanism. Mandatory for Multibanco Payments different from "Social Security". endToEndIdentification: description: Unique identification as assigned by the sending party to unambiguously identify this payment. type: string maxLength: 35 default: "" multibancoPaymentEntity: description: Multibanco Payment Entity type: string maxLength: 5 servicePaymentName: description: Service Payment Name. Mandatory for "Special Service Payments". Not applicable for other Multibanco Payments. type: string maxLength: 40 multibancoPaymentReference: description: Multibanco Payment Reference. Mandatory for Multibanco Payments different from "Social Security". Not applicable to "Social Security". type: string maxLength: 15 default: "" taxpayerIdentificationNumber: description: Tax Payer Identification Number type: string maxLength: 12 default: "" socialSecurityEmployerIdentification: type: string maxLength: 11 description: Identifies the employer in the Portuguese Social Security System. Optional for Social Security Payments. Not applicable to other Multibanco Payments. socialSecurityEmployeeDetails: $ref: '#/definitions/SocialSecurityEmployeeDetails' description: Mandatory for Social Security Payments. Not applicable to other Multibanco Payments. additionalProperties: false BulkEntryGet: description: Get Payment Information. type: object required: - instructedAmount - multibancoPaymentEntity - multibancoPaymentReference properties: instructedAmount: $ref: '#/definitions/Amount' description: Transaction amount to be checked within the funds check mechanism. endToEndIdentification: description: Unique identification as assigned by the sending party to unambiguously identify this payment. type: string maxLength: 35 default: "" multibancoPaymentEntity: description: Multibanco Payment Entity type: string maxLength: 5 servicePaymentName: description: Service Payment Name type: string maxLength: 40 multibancoPaymentReference: description: Multibanco Payment Reference type: string maxLength: 15 default: "" additionalReference: description: Additional Multibanco Payment Reference type: string maxLength: 15 default: "" taxpayerIdentificationNumber: description: Tax Payer Identification Number type: string maxLength: 12 default: "" serviceEntityShortName: description: It identifies Service Entity Name. type: string maxLength: 30 default: "" plainInvoiceNumber: description: Only mandatory for Multibanco Payments type "special services" and when transaction status is accepted. type: string maxLength: 30 default: "" plainInvoiceFootnote: description: Only mandatory for Multibanco Payments type "special services" and when transaction status is accepted. type: string maxLength: 60 default: "" processorAuthorisation: description: Only mandatory for Multibanco Payments type "Payment of Services" and when transaction status is accepted. type: string maxLength: 20 default: "" socialSecurityEmployerIdentification: type: string maxLength: 11 description: Identifies the employer in the Portuguese Social Security System. Optional for Social Security Payments. Not applicable to other Multibanco Payments. socialSecurityEmployeeDetails: $ref: '#/definitions/SocialSecurityEmployeeDetails' description: Mandatory for Social Security Payments. Not applicable to other Multibanco Payments. paymentStatus: description: The values defined in Section 13.18 might be used. $ref: '#/definitions/TransactionStatusType' additionalProperties: false ChallengeData: properties: data: type: string description: String challenge data imageLink: type: string description: A link where the ASPSP will provides the challenge image for the TPP. otpMaxLength: type: string description: The maximal length for the OTP to be typed in by the PSU. otpFormat: type: string description: The format type of the OTP to be typed in. additionalInformation: type: string description: Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU. image: type: string description: PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding , cp. [RFC 4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method. additionalProperties: false description: Requested Authentication Data ErrorMessageWithStatus: description: Error and status Information. type: object properties: transactionStatus: $ref: '#/definitions/TransactionStatusType' description: The transaction status is filled with codes of the ISO 20022 corresponding element. tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. additionalProperties: false MessageCode: description: Message error codes. type: string enum: - SERVICE_BLOCKED - CORPORATE_ID_IVALID - CONSENT_UNKNOWN - CONSENT_INVALID - CONSENT_EXPIRED - RESOURCE_UNIKNOWN - RESOURCE_EXPIRED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKKNOWN - TRANSACTION_ID_INVALID - PRODUCT_INVALID - PRODUCT_UNKNOWN - PAYMENT_FAILED - REQUIRED_KID_MISSING - SESSIONS_NOT_SUPPORTED - ACCESS_EXCEEDED - REQUESTED_FORMATS_INVALID - CARD_INVALID - NO_PIIS_ACTIVATION default: CONSENT_INVALID additionalProperties: false MultibancoPaymentLinks: properties: scaRedirect: description: A link to an ASPSP site where SCA is performed within the Redirect SCA approach type: string default: "" startAuthorisation: description: A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start. type: string default: "" startAuthorisationWithPsuIdentification: description: The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call. type: string default: "" startAuthorisationWithPsuAuthentication: description: The link to the authorisation end-point, where the authorisation sub-resource has to be generated while selecting the authentication method. This link is contained under exactly the same conditions as the data element "scaMethods" type: string default: "" startAuthorisationWithAuthenticationMethodSelection: description: The link to the authorisation end-point, where the authorisation sub-resource has to be generated while selecting the authentication method. This link is contained under exactly the same conditions as the data element "scaMethods" type: string default: "" startAuthorisationWithTransactionAuthorisation: description: The link to the authorisation end-point, where the authorisation sub-resource has to be generated while authorising the transaction e.g. by uploading an OTP received by SMS. type: string default: "" self: description: The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data. type: string default: "" status: description: The link to retrieve the transaction status of the payment initiation. type: string default: "" scaStatus: description: The link to retrieve the scaStatus of the corresponding authorisation sub-resource. This link is only contained, if an authorisation sub-resource has been already created. type: string default: "" additionalProperties: false description: A list of hyperlinks to be recognized by the TPP. MultibancoPaymentDeleteLinks: properties: scaRedirect: description: A link to an ASPSP site where SCA is performed within the Redirect SCA approach type: string default: "" startAuthorisation: description: A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start. type: string default: "" startAuthorisationWithPsuIdentification: description: The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call. type: string default: "" startAuthorisationWithPsuAuthentication: description: The link to the authorisation end-point, where the authorisation sub-resource has to be generated while selecting the authentication method. This link is contained under exactly the same conditions as the data element "scaMethods" type: string default: "" startAuthorisationWithAuthenticationMethodSelection: description: The link to the authorisation end-point, where the authorisation sub-resource has to be generated while selecting the authentication method. This link is contained under exactly the same conditions as the data element "scaMethods" type: string default: "" additionalProperties: false description: A list of hyperlinks to be recognized by the TPP. MultibancoPaymentStatusLink: description: A list of hyperlinks to be recognized by the TPP. properties: self: description: | The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation. type: string default: "" additionalProperties: false TppMessage: required: - category - code description: Transports additional error information. properties: category: type: string default: "" description: Only ”ERROR” or "WARNING" permitted code: $ref: '#/definitions/MessageCode' description: Message error code. path: type: string default: "" description: Path of the element of the request message which provoked this error message. text: type: string maxLength: 512 default: "" description: Additional explaining text. additionalProperties: false TppMessageArray: type: array description: Messages to the TPP on operational issues. items: $ref: '#/definitions/TppMessage' description: Transports additional error information. additionalProperties: false PaymentArray: type: array description: Array of Payment Initiations items: $ref: '#/definitions/BulkEntry' description: Payment Initiations. additionalProperties: false maxItems: 20000 minItems: 1 additionalProperties: false GetPaymentArray: type: array description: Array of Payment Initiations items: $ref: '#/definitions/BulkEntryGet' description: Payment Initiations additionalProperties: false TransactionFees: properties: amount: type: string description: ISO 4217 currency code currency: type: string description: The amount given with fractional digits, where fractions must be compliant to the currency definition.The decimal separator is a dot. additionalProperties: false description: Amount TransactionStatusType: description: |- ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT ACTC : ACCEPTED TECHNICAL VALIDATION ACFC : ACCEPTED FUNDS CHECKED ACWC : ACCEPTED WITH CHANGE ACWP : ACCEPTED WITHOUT POSTING ACSP : ACCEPTED SETTLEMENT IN PROCESS ACSC : ACCEPTED SETTLEMENT COMPLETED CANC : CANCELED RJCT : REJECTED type: string enum: - RCVD - PDNG - PATC - ACTC - ACFC - ACWC - ACWP - ACSP - CANC - RJCT default: RJCT additionalProperties: false TransactionStatusBulkType: description: |- ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT PART : PARTIALLY ACCEPTED ACTC : ACCEPTED TECHNICAL VALIDATION ACFC : ACCEPTED FUNDS CHECKED ACSP : ACCEPTED SETTLEMENT IN PROCESS ACSC : ACCEPTED SETTLEMENT COMPLETED CANC : CANCELED RJCT : REJECTED type: string enum: - RCVD - PDNG - PATC - PART - ACTC - ACFC - ACSP - CANC - RJCT default: RJCT additionalProperties: false BulkMultibancoPaymentCancelResponseResource: type: object properties: transactionStatus: description: The transaction status is filled with codes of the ISO 20022 data table. $ref: '#/definitions/TransactionStatusType' _links: $ref: '#/definitions/MultibancoPaymentDeleteLinks' description: 'A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. Remark: All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): “redirect”: In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. “updatePsuIdentification”: The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in an embedded, redirect or decoupled SCA Approach, where the PSU ID was missing in the first request. “updatePsuAuthentication”: The link to the payment initiation resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in case of the Embedded or Decoupled SCA approach. “selectAuthenticationMethod” : This is a link to a resource, where the TPP can select the applicable strong customer authentication methods for the PSU, if there were several available authentication methods. This link contained under exactly the same conditions as the data element “authenticationMethods”, see above. “authoriseTransaction” : The link to the payment initiation resource, where the “Payment Authorisation Request” is sent to. This is the link to the resource which will authorise the payment by checking the SCA authentication data within the Embedded SCA approach.' psuMessage: type: string description: Text to be displayed to the PSU. tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. transactionFees: description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. $ref: '#/definitions/Amount' transactionFeeIndicator: type: boolean description: If equals “true”, the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals “false”, the transaction will not involve additional specific transaction costs to the PSU. scaMethods: description: This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. These methods shall be presented towards the PSU for selection by the TPP. $ref: '#/definitions/AuthenticationArray' additionalProperties: false description: Cancels a bulk Multibanco payment initiation response to TPP. BulkMultibancoPaymentRequestResource: type: object properties: debtorAccount: $ref: '#/definitions/AccountReference' description: Debtor account batchBookingPreferred: type: boolean description: If this element equals true, the PSU prefers only one booking entry. If this element equals false, the PSU prefers individual booking of all contained individual transactions. The ASPSP will follow this preference according to contracts agreed on with the PSU. paymentInformationId: type: string maxLength: 35 minLength: 1 description: Unique identification as assigned by the sending party to unambiguously identify this bulk payment. requestedExecutionDate: description: Indicates the acceptance of future dated payments (yyyy-MM-dd) by issuing an ASPSP. type: string format: date default: "9999-12-31" payments: $ref: '#/definitions/PaymentArray' description: Messages to the TPP on operational issues. additionalProperties: false required: - payments - paymentInformationId description: Creates a bulk Multibanco payment initiation request at the ASPSP. BulkMultibancoPaymentResponseResource: type: object properties: transactionStatus: description: The values defined in Section 13.18 might be used. $ref: '#/definitions/TransactionStatusBulkType' bulkPaymentId: type: string maxLength: 36 description: Resource identification of the generated bulk payment initiation resource. transactionFees: $ref: '#/definitions/Amount' description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. currencyConversionFees: $ref: '#/definitions/Amount' description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. estimatedTotalAmount: $ref: '#/definitions/Amount' description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. estimatedInterbankSettlementAmount: $ref: '#/definitions/Amount' description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. transactionFeeIndicator: type: boolean description: If equals “true”, the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals “false”, the transaction will not involve additional specific transaction costs to the PSU. scaMethods: $ref: '#/definitions/AuthenticationArray' description: This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. These methods shall be presented towards the PSU for selection by the TPP. chosenScaMethod: $ref: '#/definitions/Authentication' description: This data element is only contained in the response if the APSPS has chosen the Embedded SCA Approach, if the PSU is already identified e.g. with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected. challengeData: description: It is contained in addition to the data element chosenScaMethod if challenge data is needed for SCA. In rare cases this attribute is also used in the context of the psuAuthentication link. $ref: '#/definitions/ChallengeData' _links: $ref: '#/definitions/MultibancoPaymentLinks' description: 'A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. Remark: All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): “redirect”: In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. “oAuth”: In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. “updatePsuIdentification”: The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in an embedded, redirect or decoupled SCA Approach, where the PSU ID was missing in the first request. “updatePsuAuthentication”: The link to the payment initiation resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in case of the Embedded or Decoupled SCA approach. “selectAuthenticationMethod” : This is a link to a resource, where the TPP can select the applicable strong customer authentication methods for the PSU, if there were several available authentication methods. This link contained under exactly the same conditions as the data element “authenticationMethods”, see above. “authoriseTransaction” : The link to the payment initiation resource, where the “Payment Authorisation Request” is sent to. This is the link to the resource which will authorise the payment by checking the SCA authentication data within the Embedded SCA approach. “self” : The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data. “status”: The link to retrieve the transaction status of the payment initiation.' psuMessage: type: string description: Text to be displayed to the PSU. tppMessages: description: Messages to the TPP on operational issues. $ref: '#/definitions/TppMessageArray' additionalProperties: false required: - transactionStatus - bulkPaymentId - _links description: Creates a bulk Multibanco payment initiation response to TPP. BulkMultibancoPaymentsDetailsResponseResource: type: object properties: transactionStatus: description: The values defined in Section 13.18 might be used. $ref: '#/definitions/TransactionStatusBulkType' bulkPaymentId: type: string maxLength: 36 description: Resource identification of the generated bulk payment initiation resource. batchBookingPreferred: type: boolean description: If this element equals true, the PSU prefers only one booking entry. If this element equals false, the PSU prefers individual booking of all contained individual transactions. The ASPSP will follow this preference according to contracts agreed on with the PSU. paymentInformationId: type: string maxLength: 35 description: Unique identification as assigned by the sending party to unambiguously identify this bulk payment. requestedExecutionDate: description: Indicates the acceptance of future dated payments (yyyy-MM-dd) by issuing an ASPSP. type: string format: date default: "9999-12-31" debtorName: description: For a corporate account, the corporate name is used for this attribute type: string maxLength: 70 debtorAccount: $ref: '#/definitions/AccountReference' description: Debtor account transactionFees: $ref: '#/definitions/Amount' description: Can be used by the ASPSP to transport transaction fees relevant for the underlying payments. transactionFeeIndicator: description: | If equals "true" the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals "false" the transaction will not involve additional specific transaction costs to the PSU. type: boolean default: false payments: $ref: '#/definitions/GetPaymentArray' description: Array of Payment Initiations. additionalProperties: false required: - transactionStatus - bulkPaymentId - debtorAccount description: Returns the content of a bulk Multibanco payment initiation object. BulkMultibancoPaymentStatusResponseResource: type: object properties: transactionStatus: description: In case where the Payment Initiation Request was JSON encoded as defined in Section 5.3.1, the status is returned in this JSON based encoding. $ref: '#/definitions/TransactionStatusBulkType' _links: $ref: '#/definitions/MultibancoPaymentStatusLink' description: Should refer to next steps if the problem can be resolved via the interface e.g. for re-submission of credentials. additionalProperties: false required: - transactionStatus description: Informs TPP about status of a bulk Multibanco payment initiation. SocialSecurityEmployeeDetails: type: object properties: employeeIdentification: type: string maxLength: 11 description: Identifies the employee in the Portuguese Social Security System. referencePeriod: type: string maxLength: 6 pattern: ^\d{4}(0[1-9]{1}|1[0-2]{1})$ description: Employee Reference Period considered for payment (YYYYMM). socialSecurityPaymentType: type: string enum: - HSHP - CNTR - VLNT - AZFP description: 'It indicates the payment type performed to Social Security: \n HSHP - Housekeeping Work \n CNTR - Contractor \n VLNT - Voluntary Social Insurance \n AZFP - Azorian Farm Producers' salary: description: Employee salary to be declared to Social Security. $ref: '#/definitions/Salary' effectiveMonthlyAmount: $ref: '#/definitions/Amount' description: Montlhy salary which is object of employee contribution calculation. Only present when Social Security Payment Type is 'HSHP - Housekeeping Work' and Social Insurance Salary Type is 'MTCM - Monthly Complete' or 'MTIN-Monthly Incomplete'. referenceAmount: $ref: '#/definitions/Amount' description: Amount to be considered to employee contribution calculation, when present. \n Present if TPP had previously obtained its value directly from Social Security. \n Otherwise do not fill. interestAmount: $ref: '#/definitions/Amount' description: Interest Amount referred to the employee contribution. \n Present if TPP had previously obtained its value directly from Social Security. \n Otherwise do not fill. additionalProperties: false required: - employeeIdentification - referencePeriod - socialSecurityPaymentType - salary description: |- Informs TPP about status of a Multibanco payment initiation. For applicable Multibanco payments, it must have all necessary invoice data. Salary: properties: type: type: string enum: - MTCM - MTIN - HRLY description: 'Social Security Salary Type: \n MTCM - Monthly Complete \n MTIN - Monthly Incomplete \n HRLY - Hourly' totalTime: type: string description: It defines total time to be considered in calculation process of payment to be performed to Social Security. \n If Social Security Salary Type is fulfilled with "MTCM", it assumes default value of "001"; \n If Social Security Salary Type is fulfilled with "MTIN", totalTime is measured in days and can assume values between 1 and 29 (both inclusive); \n If Social Security Salary Type is fulfilled with "HRLY", totalTime is measured in hours and can assume values between 30 and 172 (both inclusive). additionalProperties: false required: - type description: Employee salary to be declared to Social Security. tags: [] parameters: aspsp-cde: name: aspsp-cde type: string required: true in: path description: Identification of the aspsp multibanco-payment-type: name: multibanco-payment-type type: string required: true in: path description: 'Multibanco Payment type should be fulfilled as determined by the initiating party and should assume the following values: - service-payments; - special-service-payments; - public-sector-payments.' default: service-payments enum: - service-payments - special-service-payments - public-sector-payments - social-security-payments bulk-payment-id: name: bulk-payment-id type: string required: true in: path description: Identification of the bulk payment Date: name: Date type: string required: true in: header format: date description: Standard https header element date and time PSU-User-Agent: name: PSU-User-Agent type: string required: false in: header description: The forwarded Agent header field of the http request between PSU and TPP. Consent-ID: name: Consent-ID type: string required: false in: header description: This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. PSU-Corporate-ID: name: PSU-Corporate-ID in: header description: Corporate User identification in ASPSP required: false type: string default: "" PSU-Corporate-ID-Type: name: PSU-Corporate-ID-Type in: header description: Might be mandated in the ASPSPs documentation. Only used in a corporate context. required: false type: string default: "" PSU-Geo-Location: name: PSU-Geo-Location type: string required: false in: header description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. PSU-ID: name: PSU-ID in: header description: User identification in ASPSP required: false type: string default: "" PSU-ID-Type: name: PSU-ID-Type in: header description: Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. required: false type: string default: "" PSU-IP-Address: name: PSU-IP-Address type: string required: true in: header description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. PSU-IP-Port: name: PSU-IP-Port in: header description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. required: false type: string default: "" PSU-Device-ID: name: PSU-Device-ID in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. required: false type: string default: "" Transaction-SCA-Performed: name: Transaction-SCA-Performed in: header description: Only used for Delegated Authentication Approach. \n "NSCA" - "SCA Not performed"; \n "SUCC" - "SCA Performed with Success"; \n If this data element is not used, there is no information about transaction SCA authentication required: false type: string enum: - NSCA - SUCC Signature: name: Signature type: string required: true in: header description: A signature of the request by the TPP on application level. This might be mandated by ASPSP. X-Request-ID: name: X-Request-ID type: string required: true in: header description: ID of the request, unique to the call, as determined bu the initiating party. TPP-Signature-Certificate: name: TPP-Signature-Certificate type: string required: true in: header description: The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. TPP-Delegated-Preferred: name: TPP-Delegated-Preferred in: header description: If it equals "true", the TPP requests a delegated SCA approach. If it equals "false", the TPP do not request a delegated SCA approach. If the parameter is not used, the TPP do not request a delegated SCA approach. required: false type: boolean TPP-Explicit-Authorisation-Preferred: name: TPP-Explicit-Authorisation-Preferred type: boolean required: false in: header description: If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. \n If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. Delegation-ID: name: Delegation-ID in: header description: An identification provided by the ASPSP for the later identification of the authentication delegated. required: false type: string default: "" TPP-Redirect-URI: name: TPP-Redirect-URI in: header description: URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Shall be contained at least if the tppRedirectPreferred parameter is set to true or is missing. required: false type: string default: "" TPP-Redirect-Preferred: name: TPP-Redirect-Preferred type: boolean required: false in: header description: If it equals “true”, the TPP prefers a redirect over an embedded SCA approach. If it equals “false”, the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. TPP-Decoupled-Preferred: name: TPP-Decoupled-Preferred type: boolean required: false in: header description: 'If it equals "true", the TPP prefers a decoupled SCA approach. \n If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. \n The parameter might be ignored by the ASPSP. \n If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used RFU: TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility.' TPP-Nok-Redirect-URI: name: TPP-Nok-Redirect-URI type: string required: false in: header description: If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. TPP-Brand-Logging-Information: name: TPP-Brand-Logging-Information type: string required: false in: header description: This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP. PSU-Accept: name: PSU-Accept type: string required: false in: header description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. PSU-Accept-Charset: name: PSU-Accept-Charset type: string required: false in: header description: The forwarded IP Accept Charset header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. PSU-Accept-Encoding: name: PSU-Accept-Encoding type: string required: false in: header description: The forwarded IP AcceptEncoding header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. PSU-Accept-Language: name: PSU-Accept-Language type: string required: false in: header description: The forwarded IP Accept Language header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. PSU-Http-Method: name: PSU-Http-Method in: header description: HTTP method used at the PSU – TPP interface, if available. required: false type: string enum: - GET - POST - PUT - PATCH - DELETE default: GET BulkMBPaymentRequest: name: BulkMBPaymentRequest required: true in: body schema: $ref: '#/definitions/BulkMultibancoPaymentRequestResource' description: Create a Bulk Multibanco payment initiation. Digest: name: Digest type: string required: false in: header description: Hash of the message body. Should be present when Request body exists x-ibm-configuration: testable: true enforced: true phase: realized basePath: / x-ibm-endpoints: - endpointUrl: https://site1.sibsapimarket.com/sibs/apimarket type: - production - endpointUrl: https://site2.sibsapimarket.com/sibs/apimarket type: - production - endpointUrl: https://site2.sibsapimarket.com:8444/sibs/apimarket type: - development - endpointUrl: https://site1.sibsapimarket.com:8444/sibs/apimarket type: - development ...