Sorry, you need to enable JavaScript to visit this website.
Skip to main content
developer.sibsapimarket.com/sandbox

developer.sibsapimarket.com/sandbox

  • Getting started
  • API Documentation
  • Help
Register
  • Welcome
  • Sandbox
  • Test & Production

Attention!

This site isn't fully compatible with Edge and you may find some technical issues. For a better experience, we recommend using Chrome, Firefox or Safari.

  • Accounts 4.0.1
  • APIs
  • Account Information 4.0.0
  • Consent 4.0.0
  • Availability of Funds 4.0.0
  • Consent Authorisation 4.0.0
      • Operations
      • POST /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
      • GET /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
      • PUT /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
      • GET /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
      • Definitions
      • Amount
      • Authentication
      • AuthenticationArray
      • AuthenticationType
      • Challenge
      • ConsentDetailAuthorisationResponseResource
      • ConsentAuthorisationResponseResource
      • ConsentAuthorisationUpdateRequestResource
      • ConsentResponseLink
      • ConsentUpdateLink
      • ConsentSCAStatusResponseResource
      • ConsentAuthorisationUpdateResponseResource
      • ErrorMessage
      • ErrorMessageWithStatus
      • MessageCode
      • PSUData
      • TppMessage
      • TppMessageArray
      • TransactionStatusType
  • Card Accounts 4.0.1

Consent Authorisation 4.0.0

0
No votes yet

The Account Information Consent Authorization API allows the management of several PSU’s authentications belonging to a specific account. This feature supports the multi-authentication of the PSUs to access the ASPSP accounts that the PSUs have provided consent to access. This API intends to provide an interface to access PSD2 Account Information Services. The API is designed on a REST model using JSON structures.

  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift
Subscribe
production
development
https://site1.sibsapimarket.com:8445/sibs/apimarket-sb
production
development
https://site2.sibsapimarket.com:8445/sibs/apimarket-sb

Paths

/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations

post /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Consent Authorisation Request

Consent Authorisation Request

Starts an authorisation process for establishing account information consent data on the server.

x-ibm-client-id
X-IBM-Client-Id
(apiKey located in header)
X-Request-ID
Required in header
string / uuid

ID of the transaction as determined by the initiating party.

{
    "default": ""
}
PSU-IP-Address
Required in header
string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

{
    "default": ""
}
PSU-IP-Port
Optional in header
string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

{
    "default": ""
}
PSU-ID
Optional in header
string

User identification in ASPSP

{
    "default": ""
}
PSU-ID-Type
Optional in header
string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

{
    "default": ""
}
PSU-Corporate-ID
Optional in header
string

Corporate User identification in ASPSP

{
    "default": ""
}
PSU-Corporate-ID-Type
Optional in header
string

Might be mandated in the ASPSPs documentation. Only used in a corporate context.

{
    "default": ""
}
PSU-Accept
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Charset
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Encoding
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Language
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-User-Agent
Optional in header
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

{
    "default": ""
}
PSU-Http-Method
Optional in header
string

HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ],
    "default": "GET"
}
PSU-Geo-Location
Optional in header
string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
    "default": "GEO:1.111111;-1.111111"
}
PSU-Device-ID
Optional in header
string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

{
    "default": ""
}
PSU-Device-Fingerprint
Optional in header
string

Fingerprint of the device used in the request between PSU and TPP, if available.

{
    "default": ""
}
TPP-Redirect-Preferred
Optional in header
boolean

If it equals "true", the TPP prefers a redirect over an embedded SCA approach. \n If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.

TPP-Redirect-URI
Optional in header
string

URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Shall be contained at least if the tppRedirectPreferred parameter is set to true or is missing.

{
    "default": ""
}
TPP-Decoupled-Preferred
Optional in header
boolean

If it equals "true", the TPP prefers a decoupled SCA approach. \n If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. \n The parameter might be ignored by the ASPSP. \n If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. \n RFU: TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility.

TPP-Nok-Redirect-URI
Optional in header
string

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This may be ignored by the ASPSP. See Section 4.10 for further requirements on this header. \n The same condition as for TPP-Redirect-URI on keeping the URI equal during a transaction lifecycle applies also to this header.

Signature
Required in header
string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

{
    "default": ""
}
TPP-Signature-Certificate
Optional in header
string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

{
    "default": ""
}
Date
Required in header
string / date-time

Request date

aspsp-cde
Required in path
string

Identification of the aspsp

{
    "default": ""
}
consent-id
Required in path
string

Identification of the consent

{
    "default": ""
}
Accept
Optional in header
string
application/json
200

OK

ConsentAuthorisationResponseResource
400

Bad Request.

ErrorMessageWithStatus
401

Unauthorized.

ErrorMessageWithStatus
403

Forbidden.

ErrorMessageWithStatus
404

Not Found.

ErrorMessageWithStatus
405

Method Not Allowed.

ErrorMessageWithStatus
406

Not Acceptable.

ErrorMessageWithStatus
408

Request Timeout.

ErrorMessageWithStatus
415

Unsupported Media Type.

ErrorMessageWithStatus
429

Too Many Requests.

ErrorMessageWithStatus
500

Internal Server Error.

ErrorMessageWithStatus
503

Service Unavailable.

ErrorMessageWithStatus
504

Gatewaty Timeout.

ErrorMessageWithStatus
Example Request
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Example Response
POST https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Show more open_in_new
                                          
                                        

x
Try this operation
https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Login to test this API.
Login to test this API.
accept
X-Request-ID
PSU-IP-Address
PSU-IP-Port
PSU-ID
PSU-ID-Type
PSU-Corporate-ID
PSU-Corporate-ID-Type
PSU-Accept
PSU-Accept-Charset
PSU-Accept-Encoding
PSU-Accept-Language
PSU-User-Agent
PSU-Http-Method
PSU-Geo-Location
PSU-Device-ID
PSU-Device-Fingerprint
TPP-Redirect-Preferred
TPP-Redirect-URI
TPP-Decoupled-Preferred
TPP-Nok-Redirect-URI
Signature
TPP-Signature-Certificate
Date
aspsp-cde
consent-id

                        
No response. This is a mixed content call. It is not possible to test HTTP APIs from an HTTPS secured Portal site and vice versa. No response. This is a cross-origin call. Make sure the server accepts requests from this portal. Or if using self-signed SSL certificates then paste the URL above into your browser to accept the certificate before trying again (On Internet Explorer it must be the same browser tab.).

                            
get /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Get Consent Authorisation List

Get Consent Authorisation List

Will deliver an array of resource identifications of all generated authorisation sub-resources

x-ibm-client-id
X-IBM-Client-Id
(apiKey located in header)
X-Request-ID
Required in header
string / uuid

ID of the transaction as determined by the initiating party.

{
    "default": ""
}
PSU-IP-Address
Required in header
string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

{
    "default": ""
}
PSU-Accept
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Charset
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Encoding
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Language
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-User-Agent
Optional in header
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

{
    "default": ""
}
PSU-Http-Method
Optional in header
string

HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ],
    "default": "GET"
}
PSU-Geo-Location
Optional in header
string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
    "default": "GEO:1.111111;-1.111111"
}
PSU-Device-ID
Optional in header
string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

{
    "default": ""
}
PSU-Device-Fingerprint
Optional in header
string

Fingerprint of the device used in the request between PSU and TPP, if available.

{
    "default": ""
}
Signature
Required in header
string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

{
    "default": ""
}
TPP-Signature-Certificate
Optional in header
string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

{
    "default": ""
}
Date
Required in header
string / date-time

Request date

aspsp-cde
Required in path
string

Identification of the aspsp

{
    "default": ""
}
consent-id
Required in path
string

Identification of the consent

{
    "default": ""
}
Accept
Optional in header
string
application/json
200

OK

ConsentDetailAuthorisationResponseResource
400

Bad Request.

ErrorMessageWithStatus
401

Unauthorized.

ErrorMessageWithStatus
403

Forbidden.

ErrorMessageWithStatus
404

Not Found.

ErrorMessageWithStatus
405

Method Not Allowed.

ErrorMessageWithStatus
406

Not Acceptable.

ErrorMessageWithStatus
408

Request Timeout.

ErrorMessageWithStatus
415

Unsupported Media Type.

ErrorMessageWithStatus
429

Too Many Requests.

ErrorMessageWithStatus
500

Internal Server Error.

ErrorMessageWithStatus
503

Service Unavailable.

ErrorMessageWithStatus
504

Gatewaty Timeout.

ErrorMessageWithStatus
Example Request
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Example Response
GET https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Show more open_in_new
                                          
                                        

x
Try this operation
https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations
Login to test this API.
Login to test this API.
accept
X-Request-ID
PSU-IP-Address
PSU-Accept
PSU-Accept-Charset
PSU-Accept-Encoding
PSU-Accept-Language
PSU-User-Agent
PSU-Http-Method
PSU-Geo-Location
PSU-Device-ID
PSU-Device-Fingerprint
Signature
TPP-Signature-Certificate
Date
aspsp-cde
consent-id

                        
No response. This is a mixed content call. It is not possible to test HTTP APIs from an HTTPS secured Portal site and vice versa. No response. This is a cross-origin call. Make sure the server accepts requests from this portal. Or if using self-signed SSL certificates then paste the URL above into your browser to accept the certificate before trying again (On Internet Explorer it must be the same browser tab.).

                            

/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}

put /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Consent Authorisation PSU Data Update Request

Consent Authorisation PSU Data Update Request

Update information related to a previous consent request in order to obtain PSU-ID credentials.

x-ibm-client-id
X-IBM-Client-Id
(apiKey located in header)
X-Request-ID
Required in header
string / uuid

ID of the transaction as determined by the initiating party.

{
    "default": ""
}
PSU-IP-Address
Required in header
string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

{
    "default": ""
}
PSU-ID
Optional in header
string

User identification in ASPSP

{
    "default": ""
}
PSU-ID-Type
Optional in header
string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

{
    "default": ""
}
PSU-Corporate-ID
Optional in header
string

Corporate User identification in ASPSP

{
    "default": ""
}
PSU-Corporate-ID-Type
Optional in header
string

Might be mandated in the ASPSPs documentation. Only used in a corporate context.

{
    "default": ""
}
PSU-Accept
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Charset
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Encoding
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Language
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-User-Agent
Optional in header
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

{
    "default": ""
}
PSU-Http-Method
Optional in header
string

HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ],
    "default": "GET"
}
PSU-Geo-Location
Optional in header
string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
    "default": "GEO:1.111111;-1.111111"
}
PSU-Device-ID
Optional in header
string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

{
    "default": ""
}
PSU-Device-Fingerprint
Optional in header
string

Fingerprint of the device used in the request between PSU and TPP, if available.

{
    "default": ""
}
Signature
Required in header
string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

{
    "default": ""
}
TPP-Signature-Certificate
Optional in header
string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

{
    "default": ""
}
Date
Required in header
string / date-time

Request date

Digest
Optional in header
string

Hash of the message body. Should be present when Request body exists

{
    "default": ""
}
aspsp-cde
Required in path
string

Identification of the aspsp

{
    "default": ""
}
consent-id
Required in path
string

Identification of the consent

{
    "default": ""
}
authorisation-id
Required in path
string

Resource identifciation of Consent authorisation sub-resource.

{
    "default": ""
}
consentAuthorisationUpdateRequest
Required in body
object

Consent Authorisation Update Request

{
    "schema": {
        "description": "Update information related to a previous consent request in order to obtain PSU-ID credentials.",
        "type": "object",
        "properties": {
            "psuData": {
                "$ref": "#\/definitions\/PSUData",
                "description": "Include all credentials related data"
            }
        },
        "additionalProperties": false
    }
}
Content-Type
Optional in header
string
application/json
Accept
Optional in header
string
application/json
200

OK

ConsentAuthorisationUpdateResponseResource
400

Bad Request.

ErrorMessageWithStatus
401

Unauthorized.

ErrorMessageWithStatus
403

Forbidden.

ErrorMessageWithStatus
404

Not Found.

ErrorMessageWithStatus
405

Method Not Allowed.

ErrorMessageWithStatus
406

Not Acceptable.

ErrorMessageWithStatus
408

Request Timeout.

ErrorMessageWithStatus
415

Unsupported Media Type.

ErrorMessageWithStatus
429

Too Many Requests.

ErrorMessageWithStatus
500

Internal Server Error.

ErrorMessageWithStatus
503

Service Unavailable.

ErrorMessageWithStatus
504

Gatewaty Timeout.

ErrorMessageWithStatus
Example Request
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Example Response
PUT https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Show more open_in_new
                                          
                                        

x
Try this operation
https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Login to test this API.
Login to test this API.
content-type
accept
X-Request-ID
PSU-IP-Address
PSU-ID
PSU-ID-Type
PSU-Corporate-ID
PSU-Corporate-ID-Type
PSU-Accept
PSU-Accept-Charset
PSU-Accept-Encoding
PSU-Accept-Language
PSU-User-Agent
PSU-Http-Method
PSU-Geo-Location
PSU-Device-ID
PSU-Device-Fingerprint
Signature
TPP-Signature-Certificate
Date
Digest
aspsp-cde
consent-id
authorisation-id

                        
No response. This is a mixed content call. It is not possible to test HTTP APIs from an HTTPS secured Portal site and vice versa. No response. This is a cross-origin call. Make sure the server accepts requests from this portal. Or if using self-signed SSL certificates then paste the URL above into your browser to accept the certificate before trying again (On Internet Explorer it must be the same browser tab.).

                            
get /{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Consent Authorisation SCA Status Inquiry Request

Consent Authorisation SCA Status Inquiry Request

Checks the SCA status of a authorisation sub-resource.

x-ibm-client-id
X-IBM-Client-Id
(apiKey located in header)
X-Request-ID
Required in header
string / uuid

ID of the transaction as determined by the initiating party.

{
    "default": ""
}
PSU-IP-Address
Required in header
string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

{
    "default": ""
}
PSU-IP-Port
Optional in header
string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

{
    "default": ""
}
PSU-ID
Optional in header
string

User identification in ASPSP

{
    "default": ""
}
PSU-ID-Type
Optional in header
string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

{
    "default": ""
}
PSU-Corporate-ID
Optional in header
string

Corporate User identification in ASPSP

{
    "default": ""
}
PSU-Corporate-ID-Type
Optional in header
string

Might be mandated in the ASPSPs documentation. Only used in a corporate context.

{
    "default": ""
}
PSU-Accept
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Charset
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Encoding
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-Accept-Language
Optional in header
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

{
    "default": ""
}
PSU-User-Agent
Optional in header
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

{
    "default": ""
}
PSU-Http-Method
Optional in header
string

HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE

{
    "enum": [
        "GET",
        "POST",
        "PUT",
        "PATCH",
        "DELETE"
    ],
    "default": "GET"
}
PSU-Geo-Location
Optional in header
string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

{
    "pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
    "default": "GEO:1.111111;-1.111111"
}
PSU-Device-ID
Optional in header
string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

{
    "default": ""
}
PSU-Device-Fingerprint
Optional in header
string

Fingerprint of the device used in the request between PSU and TPP, if available.

{
    "default": ""
}
Signature
Required in header
string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

{
    "default": ""
}
TPP-Signature-Certificate
Optional in header
string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

{
    "default": ""
}
Date
Required in header
string / date-time

Request date

aspsp-cde
Required in path
string

Identification of the aspsp

{
    "default": ""
}
consent-id
Required in path
string

Identification of the consent

{
    "default": ""
}
authorisation-id
Required in path
string

Resource identifciation of Consent authorisation sub-resource.

{
    "default": ""
}
Accept
Optional in header
string
application/json
200

OK

ConsentSCAStatusResponseResource
400

Bad Request.

ErrorMessageWithStatus
401

Unauthorized.

ErrorMessageWithStatus
403

Forbidden.

ErrorMessageWithStatus
404

Not Found.

ErrorMessageWithStatus
405

Method Not Allowed.

ErrorMessageWithStatus
406

Not Acceptable.

ErrorMessageWithStatus
408

Request Timeout.

ErrorMessageWithStatus
415

Unsupported Media Type.

ErrorMessageWithStatus
429

Too Many Requests.

ErrorMessageWithStatus
500

Internal Server Error.

ErrorMessageWithStatus
503

Service Unavailable.

ErrorMessageWithStatus
504

Gatewaty Timeout.

ErrorMessageWithStatus
Example Request
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Show more open_in_new

x
Example Response
GET https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Show more open_in_new
                                          
                                        

x
Try this operation
https://site1.sibsapimarket.com:8445/sibs/apimarket-sb/{aspsp-cde}/v1-0-4/consents/{consent-id}/authorisations/{authorisation-id}
Login to test this API.
Login to test this API.
accept
X-Request-ID
PSU-IP-Address
PSU-IP-Port
PSU-ID
PSU-ID-Type
PSU-Corporate-ID
PSU-Corporate-ID-Type
PSU-Accept
PSU-Accept-Charset
PSU-Accept-Encoding
PSU-Accept-Language
PSU-User-Agent
PSU-Http-Method
PSU-Geo-Location
PSU-Device-ID
PSU-Device-Fingerprint
Signature
TPP-Signature-Certificate
Date
aspsp-cde
consent-id
authorisation-id

                        
No response. This is a mixed content call. It is not possible to test HTTP APIs from an HTTPS secured Portal site and vice versa. No response. This is a cross-origin call. Make sure the server accepts requests from this portal. Or if using self-signed SSL certificates then paste the URL above into your browser to accept the certificate before trying again (On Internet Explorer it must be the same browser tab.).

                            

Definitions

Amount

{
    "type": "object",
    "required": [
        "currency",
        "content"
    ],
    "properties": {
        "currency": {
            "description": "ISO 4217 currency code\n",
            "type": "string",
            "pattern": "^[A-Z]{3,3}$",
            "default": "EUR"
        },
        "content": {
            "description": "The amount given with fractional digits, where fractions must be compliant to the currency definition.\n\nThe decimal separator is a dot.\n",
            "type": "string",
            "pattern": "^\\-{0,1}[0-9]{1,9}(\\.[0-9]{0,2}){0,1}$",
            "default": "0"
        }
    },
    "additionalProperties": false
}
              

Authentication Data.

{
    "type": "object",
    "required": [
        "authenticationType",
        "authenticationMethodId"
    ],
    "properties": {
        "authenticationType": {
            "description": "Type of the authentication method.",
            "$ref": "#/definitions/AuthenticationType"
        },
        "authenticationVersion": {
            "description": "Depending on the authenticationType.  This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type.  This version can be referred to in the ASPSP’s documentation.\n",
            "type": "string",
            "default": ""
        },
        "authenticationMethodId": {
            "description": "An identification provided by the ASPSP for the later identification of the authentication method selection.\n",
            "type": "string",
            "maxLength": 35,
            "default": ""
        },
        "name": {
            "description": "This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP.  Alternatively this could be a description provided by the ASPSP like “SMS OTP on phone +49160 xxxxx 28”. This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.\n",
            "type": "string",
            "default": ""
        },
        "explanation": {
            "description": "detailed information about the sca method for the PSU.\n",
            "type": "string",
            "default": ""
        }
    },
    "additionalProperties": false
}
              

Authentication Data.

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/Authentication"
    },
    "additionalProperties": false
}
              

authentication types: SMS_OTP - An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel. CHIP_OTP - An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram. To contact the card, the PSU normally needs a (handheld) device. With this device, the PSU either reads the challenging data through a visual interface like flickering or the PSU types in the challenge through the device key pad. The device then derives an OTP from the challenge data and displays the OTP to the PSU. PHOTO_OTP - An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU. PUSH_OTP - An OTP is pushed to a dedicated authentication APP and displayed to the PSU.

{
    "type": "string",
    "enum": [
        "SMS_OTP",
        "CHIP_OTP",
        "PHOTO_OTP",
        "PUSH_OTP"
    ],
    "default": "SMS_OTP",
    "additionalProperties": false
}
              

Requested Authentication Data

{
    "type": "object",
    "properties": {
        "image": {
            "description": "PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding , cp. [RFC 4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method.\n",
            "type": "string",
            "format": "byte",
            "default": ""
        },
        "data": {
            "description": "String challenge data",
            "type": "string",
            "default": ""
        },
        "imageLink": {
            "description": "A link where the ASPSP will provides the challenge image for the TPP.",
            "type": "string",
            "default": ""
        },
        "otpMaxLength": {
            "description": "The maximal length for the OTP to be typed in by the PSU.",
            "type": "number",
            "default": 0
        },
        "otpFormat": {
            "description": "The format type of the OTP to be typed in.",
            "type": "string",
            "enum": [
                "characters",
                "integer"
            ],
            "default": "characters"
        },
        "additionalInformation": {
            "description": "Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU.",
            "type": "string",
            "default": ""
        }
    },
    "additionalProperties": false
}
              

Get Consent Authorisation Subresources Response

{
    "type": "object",
    "required": [
        "authorisationIds"
    ],
    "properties": {
        "authorisationIds": {
            "description": "An array of all authorisationIds connected to this consent.",
            "type": "array",
            "items": {
                "type": "string",
                "description": "authorisationId connected to this consent."
            }
        }
    },
    "additionalProperties": false
}
              

Consent Authorisation Response.

{
    "type": "object",
    "required": [
        "scaStatus",
        "authorisationId",
        "_links"
    ],
    "properties": {
        "scaStatus": {
            "description": "The Folowwing codes are defined for this data type: \\n - received:  An authorisation or cancellation-authorisation resource has been created successfully. \\n - psuIdentified:The PSU related to the authorisation or cancellation-authorisation resource has been identified. \\n -psuAuthenticated: The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. \\n -scaMethodSelected:The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of \"received\". \\n -started:The addressed SCA routine has been started. \\n -unconfirmed: SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. \\n - finalised: The SCA routine has been finlised successfully (including a potential confirmation command). This is a final status of the authorisation resource. \\n -failed: The SCA routine failed. This is a final status of the authorisation resource. \\n -exempted: SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource.",
            "type": "string",
            "enum": [
                "received",
                "psuIdentified",
                "psuAuthenticated",
                "scaMethodSelected",
                "started",
                "unconfirmed",
                "finalised",
                "failed",
                "exempted"
            ],
            "default": "received"
        },
        "authorisationId": {
            "description": "Unique resource identification of the created authorisation sub-resource.",
            "type": "string"
        },
        "transactionFees": {
            "$ref": "#/definitions/Amount",
            "description": "Might be used by the ASPSP to transport the total transaction fee relevant for the underlying payments. This field includes the entry of the currencyConversionFees if applicable."
        },
        "scaMethods": {
            "description": "Might be contained, if several authentication methods are available. (name, type) \\n This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. \\n These methods shall be presented towards the PSU for selection by the TPP.",
            "$ref": "#/definitions/AuthenticationArray"
        },
        "chosenScaMethod": {
            "description": "This data element is only contained in the response if the ASPSP has chosen the Embedded SCA Approach, if the PSU is already identified e.g. with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected.",
            "$ref": "#/definitions/Authentication"
        },
        "challengeData": {
            "description": "It is contained in addition to the data element \"chosenScaMethod\" if challenge data is needed for SCA. \\n In rare cases this attribute is also used in the context of the \"updatePsuAuthentication\" or \"updateEncryptedPsuAuthentication\" link.",
            "$ref": "#/definitions/Challenge"
        },
        "_links": {
            "description": "A list of hyperlinks to be recognised by the TPP.",
            "$ref": "#/definitions/ConsentResponseLink"
        },
        "psuMessage": {
            "description": "Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU.",
            "type": "string",
            "maxLength": 500,
            "default": ""
        }
    },
    "additionalProperties": false
}
              

Update information related to a previous consent request in order to obtain PSU-ID credentials.

{
    "type": "object",
    "properties": {
        "psuData": {
            "$ref": "#/definitions/PSUData",
            "description": "Include all credentials related data"
        }
    },
    "additionalProperties": false
}
              

Hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request.

{
    "type": "object",
    "properties": {
        "scaRedirect": {
            "description": "A link to an ASPSP site where SCA is performed within the Redirect SCA approach",
            "type": "string",
            "default": ""
        },
        "scaOAuth": {
            "description": "The link refers to a JSON document specifying the OAuth details of the ASPSP’s authorisation server. JSON document follows the definition given in https://tools.ietf.org/html/draft-ietf-oauthdiscovery.",
            "type": "string",
            "default": ""
        },
        "confirmation": {
            "description": "\"confirmation\": Might be added by the ASPSP if either the \"scaRedirect\" or \"scaOAuth\" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with \\n - a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or \\n - an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server.",
            "type": "string",
            "default": ""
        },
        "startAuthorisation": {
            "description": "A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithPsuIdentification": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updatePsuIdentification": {
            "description": "The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request.\n",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithProprietaryData": {
            "description": "A link to the endpoint, where the authorisation of a transaction or of a transaction cancellation shall be started, and where proprietary data needs to be updated with this call. The TPP can find the scope of missing proprietary data in the ASPSP documentation.",
            "type": "string",
            "default": ""
        },
        "updateProprietaryData": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by the proprietary data.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithPsuAuthentication": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU authentication data shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updatePsuAuthentication": {
            "description": "The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach.\n",
            "type": "string",
            "default": ""
        },
        "updateAdditionalPsuAuthentication": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by an additional PSU password.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithEncryptedPsuAuthentication": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where encrypted PSU authentication data shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updateEncryptedPsuAuthentication": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where encrypted PSU authentication data shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updateAdditionalEncryptedPsuAuthentication": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by an additional encrypted PSU password.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithAuthenticationMethodSelection": {
            "description": "This is a link to and endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where the selected SCA method shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "selectAuthenticationMethod": {
            "description": "This is a link to a resource, where the TPP can select the applicable SCA for the PSU, if there were several available authentication methods.  This link is only contained under exactly the same conditions as the data element “authenticationMethods”, see above.\n",
            "type": "string",
            "default": ""
        },
        "authoriseTransaction": {
            "description": "The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to.\nThis is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach.\n",
            "type": "string"
        },
        "self": {
            "description": "The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation.",
            "type": "string",
            "default": ""
        },
        "status": {
            "description": "The link to retrieve the transaction status of the account information consent.\n",
            "type": "string",
            "default": ""
        },
        "scaStatus": {
            "description": "A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource.",
            "type": "string",
            "default": ""
        }
    },
    "additionalProperties": false
}
              

A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. \n Remark: All links can be relative or full links, to be decided by the ASPSP. \n Remark: This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. \n Type of links admitted in this response, (further links might be added for ASPSP defined extensions): \n "updatePsuIdentification": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. \n "updatePsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. \n "updateEncryptedPsuAuthentication": \n The link to the authorisation or cancellation authorisation sub-resource, where encrypted PSU authentication data needs to be uploaded. \n "authoriseTransaction": \n The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. \n "scaStatus": The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

{
    "properties": {
        "scaRedirect": {
            "description": "A link to an ASPSP site where SCA is performed within the Redirect SCA approach",
            "type": "string",
            "default": ""
        },
        "startAuthorisation": {
            "description": "A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithPsuIdentification": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updatePsuIdentification": {
            "description": "The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request.\n",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithProprietaryData": {
            "description": "A link to the endpoint, where the authorisation of a transaction or of a transaction cancellation shall be started, and where proprietary data needs to be updated with this call. The TPP can find the scope of missing proprietary data in the ASPSP documentation.",
            "type": "string",
            "default": ""
        },
        "updateProprietaryData": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by the proprietary data.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithPsuAuthentication": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU authentication data shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updatePsuAuthentication": {
            "description": "The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach.\n",
            "type": "string",
            "default": ""
        },
        "updateAdditionalPsuAuthentication": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by an additional PSU password.",
            "type": "string",
            "default": ""
        },
        "updateEncryptedPsuAuthentication": {
            "description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where encrypted PSU authentication data shall be uploaded with the corresponding call.",
            "type": "string",
            "default": ""
        },
        "updateAdditionalEncryptedPsuAuthentication": {
            "description": "The link to the payment initiation or account information resource, which needs to be updated by an additional encrypted PSU password.",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithAuthenticationMethodSelection": {
            "description": "This is a link to and endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where the selected SCA method shall be uploaded with the corresponding call",
            "type": "string",
            "default": ""
        },
        "selectAuthenticationMethod": {
            "description": "This is a link to a resource, where the TPP can select the applicable SCA for the PSU, if there were several available authentication methods.  This link is only contained under exactly the same conditions as the data element “authenticationMethods”, see above.\n",
            "type": "string",
            "default": ""
        },
        "startAuthorisationWithTransactionAuthorisation": {
            "description": "A link to an endpoint, where an authorisation of a transaction or a cancellation can be started, and where the response data for the challenge is uploaded in the same call for the transaction authorisation or transaction cancellation at the same time in the Embedded SCA Approach",
            "type": "string",
            "default": ""
        },
        "authoriseTransaction": {
            "description": "The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to.\nThis is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach.\n",
            "type": "string"
        },
        "self": {
            "description": "The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation.",
            "type": "string",
            "default": ""
        },
        "status": {
            "description": "The link to retrieve the transaction status of the account information consent.\n",
            "type": "string",
            "default": ""
        },
        "scaStatus": {
            "description": "A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource.",
            "type": "string",
            "default": ""
        }
    },
    "additionalProperties": false
}
              

Consent SCA Status Response

{
    "type": "object",
    "required": [
        "scaStatus",
        "_links"
    ],
    "properties": {
        "scaStatus": {
            "description": "This data element is containing information about the status of the SCA method applied. \\n The Folowwing codes are defined for this data type: \\n - received:  An authorisation or cancellation-authorisation resource has been created successfully. \\n - psuIdentified:The PSU related to the authorisation or cancellation-authorisation resource has been identified. \\n -psuAuthenticated: The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. \\n -scaMethodSelected:The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of \"received\". \\n -started:The addressed SCA routine has been started. \\n -unconfirmed: SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. \\n - finalised: The SCA routine has been finlised successfully (including a potential confirmation command). This is a final status of the authorisation resource. \\n -failed: The SCA routine failed. This is a final status of the authorisation resource. \\n -exempted: SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource.",
            "type": "string",
            "enum": [
                "received",
                "psuIdentified",
                "psuAuthenticated",
                "scaMethodSelected",
                "started",
                "unconfirmed",
                "finalised",
                "failed",
                "exempted"
            ],
            "default": "received"
        },
        "_links": {
            "description": "A list of hyperlinks to be recognised by the TPP.",
            "$ref": "#/definitions/ConsentResponseLink"
        }
    },
    "additionalProperties": false
}
              

Consent Authorisation PSU Data Update Response

{
    "type": "object",
    "required": [
        "_links"
    ],
    "properties": {
        "transactionFees": {
            "$ref": "#/definitions/Amount",
            "description": "Might be used by the ASPSP to transport the total transaction fee relevant for the underlying payments. This field includes the entry of the currencyConversionFees if applicable."
        },
        "chosenScaMethod": {
            "$ref": "#/definitions/Authentication",
            "description": "Might be contained, if several authentication methods are available. (name, type) \\n This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. \\n These methods shall be presented towards the PSU for selection by the TPP.  Usado apenas no método Decoupled e Embedded"
        },
        "scaMethods": {
            "$ref": "#/definitions/AuthenticationArray",
            "description": "Might be contained, if several authentication methods are available. (name, type) \\n This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type “selectAuthenticationMethods” contained in the response body. \\n These methods shall be presented towards the PSU for selection by the TPP."
        },
        "_links": {
            "$ref": "#/definitions/ConsentUpdateLink",
            "description": "A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. \\n Remark: All links can be relative or full links, to be decided by the ASPSP. \\n Remark: This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. \\n Type of links admitted in this response, (further links might be added for ASPSP defined extensions): \\n \"confirmation\": Might be added by the ASPSP if either the \"scaRedirect\" or \"scaOAuth\" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with \\n - a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or \\n - an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. \\n \"updatePsuIdentification\": \\n The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. \\n \"updatePsuAuthentication\": \\n The link to the authorisation or cancellation authorisation sub-resource, where PSU authentication data needs to be uploaded. \\n \"updateEncryptedPsuAuthentication\": \\n The link to the authorisation or cancellation authorisation sub-resource, where encrypted PSU authentication data needs to be uploaded. \\n \"authoriseTransaction\": \\n The link to the authorisation or cancellation authorisation sub-resource, where the authorisation data has to be uploaded, e.g. the TOP received by SMS. \\n \"scaStatus\": The link to retrieve the scaStatus of the corresponding authorisation sub-resource."
        },
        "scaStatus": {
            "description": "A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource.",
            "type": "string"
        },
        "psuMessage": {
            "description": "Text to be displayed to the PSU",
            "type": "string",
            "maxLength": 500
        }
    },
    "additionalProperties": false
}
              

Error Information.

{
    "type": "object",
    "properties": {
        "tppMessages": {
            "$ref": "#/definitions/TppMessageArray",
            "description": "Messages to the TPP on operational issues."
        }
    },
    "additionalProperties": false
}
              

Error and status Information.

{
    "type": "object",
    "properties": {
        "transactionStatus": {
            "$ref": "#/definitions/TransactionStatusType",
            "description": "The transaction status is filled with codes of the ISO 20022 corresponding element."
        },
        "tppMessages": {
            "$ref": "#/definitions/TppMessageArray",
            "description": "Messages to the TPP on operational issues."
        }
    },
    "additionalProperties": false
}
              

Message error codes.

{
    "type": "string",
    "enum": [
        "SERVICE_BLOCKED",
        "CORPORATE_ID_IVALID",
        "CONSENT_UNKNOWN",
        "CONSENT_INVALID",
        "CONSENT_EXPIRED",
        "RESOURCE_UNIKNOWN",
        "RESOURCE_EXPIRED",
        "TIMESTAMP_INVALID",
        "PERIOD_INVALID",
        "SCA_METHOD_UNKKNOWN",
        "TRANSACTION_ID_INVALID",
        "PRODUCT_INVALID",
        "PRODUCT_UNKNOWN",
        "PAYMENT_FAILED",
        "REQUIRED_KID_MISSING",
        "SESSIONS_NOT_SUPPORTED",
        "ACCESS_EXCEEDED",
        "REQUESTED_FORMATS_INVALID",
        "CARD_INVALID",
        "NO_PIIS_ACTIVATION"
    ],
    "default": "SERVICE_BLOCKED",
    "additionalProperties": false
}
              

The password, encryptedPassword, additionalPassword, or additionalEncryptedPassword subfield is used, depending whether the password or the additional password needs to be sent and depending on encryption requirements of the ASPSP as indicated in the corresponding hyperlink contained in the preceding response message of the ASPSP. Remark for Future: More details on the encrypted password transport will be published by a future bulletin.

{
    "type": "object",
    "properties": {
        "password": {
            "description": "UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until remove.",
            "type": "string",
            "default": "1",
            "minLength": 1
        },
        "encryptedPassword": {
            "description": "Is used when a password is encrypted on application level.",
            "type": "string",
            "default": "1",
            "minLength": 1
        },
        "additionalPassword": {
            "description": "Contains an additional password in plaintext.",
            "type": "string",
            "default": "1",
            "minLength": 1
        },
        "additionalEncryptedPassword": {
            "description": "Is provided when the additional password is used and is encrypted on application level..",
            "type": "string",
            "default": "1",
            "minLength": 1
        }
    },
    "additionalProperties": false
}
              

Transports additional error information.

{
    "required": [
        "category",
        "code"
    ],
    "properties": {
        "category": {
            "type": "string",
            "default": "",
            "description": "Category of the error. Only \"ERROR\" or \"WARNING\" permitted."
        },
        "code": {
            "$ref": "#/definitions/MessageCode",
            "description": "Message error code."
        },
        "path": {
            "type": "string",
            "default": "",
            "description": "Path of the element of the request message which provoked this error message."
        },
        "text": {
            "type": "string",
            "maxLength": 512,
            "default": "",
            "description": "Additional explaining text."
        }
    },
    "additionalProperties": false
}
              

Messages to the TPP on operational issues.

{
    "type": "array",
    "items": {
        "$ref": "#/definitions/TppMessage",
        "description": "Transports additional error information."
    },
    "additionalProperties": false
}
              

ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT ACTC : ACCEPTED TECHNICAL VALIDATION RJCT : REJECTED

{
    "type": "string",
    "enum": [
        "RCVD",
        "PDNG",
        "PATC",
        "ACTC",
        "RJCT"
    ],
    "default": "RJCT",
    "additionalProperties": false
}
              
  • Share this

WELCOME

API Products
API Providers
About Us
PSD2

 

SANDBOX

Getting Started
API Documentation

TEST & PRODUCTION

Getting Started

FAQS & SUPPORT

Developers Forum
FAQs
Contact Us
Check out our LinkedIn


Find more about SIBS
www.sibs.com

©SIBS API Market

Login

User login

Use your developer.sibsapimarket.com/sandbox account ...

  • Create new account
  • Request new password