--- swagger: "2.0" info: version: 3.1.1 title: Consent x-ibm-name: sibs-psd2-consents-stub-api description: | The Account Information consent API performs the PSU authentication and returns a consent resource identifier that will allow you to access the ASPSP accounts that the PSU have provided consent to access. This API intends to provide an interface to access PSD2 Consent services. The API is designed on a REST model using JSON structures. contact: name: "" url: "" license: name: "" url: "" basePath: / schemes: - https consumes: - application/json produces: - application/json paths: /{aspsp-cde}/v1-0-3/consents: post: operationId: accountInformationConsentRequest tags: - Account Information Consent Request summary: Account Information Consent Request description: | Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request. When this Consent Request is a request where the "recurringIndicator" equals “true”, and if it exists already a former consent for recurring access on account information for the addressed PSU, then the former consent automatically expires as soon as the new consent request is authorised by the PSU. parameters: - $ref: '#/parameters/TPP-Transaction-ID' - $ref: '#/parameters/TPP-Request-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-Geo-Location' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Device-Fingerprint' - $ref: '#/parameters/Transaction-SCA-Performed' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/PSU-Agent' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Delegated-Preferred' - $ref: '#/parameters/Delegation-ID' - $ref: '#/parameters/Signature' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/tppRedirectPreferred' - $ref: '#/parameters/ConsentRequest' - $ref: '#/parameters/withBalance' responses: 201: description: Created headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ConsentResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' /{aspsp-cde}/v1-0-3/consents/{consent-id}: get: operationId: getConsentRequest tags: - Get Consent Request summary: Get Consent Request description: Returns the content of an account information consent object. parameters: - $ref: '#/parameters/TPP-Transaction-ID' - $ref: '#/parameters/TPP-Request-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Signature' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/consent-id' responses: 200: description: OK headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ConsentDetailResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' put: operationId: updatePSUData tags: - Update PSU Data summary: Update PSU Data description: Updates the account information consent data. parameters: - $ref: '#/parameters/TPP-Transaction-ID' - $ref: '#/parameters/TPP-Request-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Signature' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/consent-id' - $ref: '#/parameters/ConsentUpdateRequest' responses: 200: description: OK headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ConsentUpdateResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' delete: operationId: deleteAccountInformationConsentObject tags: - Delete an Account Information Consent Object summary: Delete an Account Information Consent Object description: Deletes a given consent. parameters: - $ref: '#/parameters/TPP-Transaction-ID' - $ref: '#/parameters/TPP-Request-ID' - $ref: '#/parameters/Signature' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/consent-id' responses: 204: description: No Content headers: Location: type: string description: Response Location. 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessage' /{aspsp-cde}/v1-0-3/consents/{consent-id}/status: get: operationId: getStatusRequest tags: - Get Status Request summary: Get Status Request description: Check the status of an account information consent resource. parameters: - $ref: '#/parameters/TPP-Transaction-ID' - $ref: '#/parameters/TPP-Request-ID' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-ID-Type' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-Corporate-ID-Type' - $ref: '#/parameters/Signature' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Certificate' - $ref: '#/parameters/Date' - $ref: '#/parameters/aspsp-cde' - $ref: '#/parameters/consent-id' responses: 200: description: OK headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ConsentStatusResponseResource' 400: description: Bad Request. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 401: description: Unauthorized. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 403: description: Forbidden. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 404: description: Not Found. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 405: description: Method Not Allowed. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 406: description: Not Acceptable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 408: description: Request Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 415: description: Unsupported Media Type. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 429: description: Too Many Requests. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 500: description: Internal Server Error. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 503: description: Service Unavailable. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' 504: description: Gatewaty Timeout. headers: Location: type: string description: Response Location. schema: $ref: '#/definitions/ErrorMessageWithStatus' definitions: AccountAccess: description: Defines the properties of an account data consent request. type: object properties: accounts: description: | Is asking for detailed account information. If the array is empty, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorization dialogue. $ref: '#/definitions/AccountReferenceArray' balances: description: | Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted $ref: '#/definitions/AccountReferenceArray' transactions: description: | Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted $ref: '#/definitions/AccountReferenceArray' availableAccounts: description: Only the value "all-accounts" is admitted. default: "" $ref: '#/definitions/AvailableAccountsEnum' allPsd2: description: Only the value "all-accounts" is admitted. default: "" $ref: '#/definitions/AllPsd2Enum' authDelegation: description: Only the value "selected-accounts" is admitted. default: "" $ref: '#/definitions/AuthDelegationEnum' minProperties: 1 additionalProperties: false AccountReference: description: Identifier of the addressed account. type: object required: - iban properties: iban: description: International Bank Account Number type: string pattern: ^[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}$ default: PT0000 bban: description: This data elements is used for payment accounts which have no IBAN. type: string default: "" pan: description: Primary Account Number (PAN) of a card, can be tokenised by the ASPSP due to PCI DSS requirements. type: string maxLength: 35 default: "" maskedPan: description: Primary Account Number (PAN) of a card in a masked form. type: string maxLength: 35 default: "" msisdn: description: An alias to access a payment account via a registered mobile phone number type: string maxLength: 35 default: "" currency: description: ISO 4217 Alpha 3 currency code. type: string default: "" additionalProperties: false AccountReferenceArray: type: array items: $ref: '#/definitions/AccountReference' additionalProperties: false description: Array of Account References applicable to a consent. AllPsd2Enum: type: string enum: - all-accounts default: all-accounts additionalProperties: false description: Only the value "allAccounts" is admitted. Authentication: description: Authentication Data. type: object required: - authenticationType - authenticationMethodId properties: authenticationType: description: Type of the authentication method. $ref: '#/definitions/AuthenticationType' authenticationVersion: description: | Depending on the authenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation. type: string default: "" authenticationMethodId: description: | An identification provided by the ASPSP for the later identification of the authentication method selection. type: string maxLength: 35 default: "" name: description: | This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like “SMS OTP on phone +49160 xxxxx 28”. This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available. type: string default: "" explanation: description: | detailed information about the sca method for the PSU. type: string default: "" additionalProperties: false AuthenticationArray: type: array items: $ref: '#/definitions/Authentication' additionalProperties: false description: Authentication Data. AuthenticationType: description: | authentication types: SMS_OTP - An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel. CHIP_OTP - An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram. To contact the card, the PSU normally needs a (handheld) device. With this device, the PSU either reads the challenging data through a visual interface like flickering or the PSU types in the challenge through the device key pad. The device then derives an OTP from the challenge data and displays the OTP to the PSU. PHOTO_OTP - An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU. PUSH_OTP - An OTP is pushed to a dedicated authentication APP and displayed to the PSU. type: string enum: - SMS_OTP - CHIP_OTP - PHOTO_OTP - PUSH_OTP default: SMS_OTP additionalProperties: false AvailableAccountsEnum: type: string enum: - all-accounts default: all-accounts description: Only the value "allAccounts" is admitted. additionalProperties: false AuthDelegationEnum: type: string enum: - selected-accounts default: selected-accounts description: Only the value "selected-accounts" is admitted. additionalProperties: false Challenge: description: Requested Authentication Data type: object properties: image: description: | PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding , cp. [RFC 4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method. type: string format: byte default: "" data: description: String challenge data type: string default: "" imageLink: description: A link where the ASPSP will provides the challenge image for the TPP. type: string default: "" otpMaxLength: description: The maximal length for the OTP to be typed in by the PSU. type: number default: 0 otpFormat: description: The format type of the OTP to be typed in. type: string enum: - characters - integer default: characters additionalInformation: description: Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU. type: string default: "" additionalProperties: false ConsentDetailResponseResource: description: Returns the content of an account information consent object. type: object required: - access - recurringIndicator - validUntil - frequencyPerDay - lastActionDate - transactionStatus - consentStatus properties: access: description: Requested access services. $ref: '#/definitions/AccountAccess' recurringIndicator: description: True, if the consent is for recurring access to the account data False, if the consent is for one access to the account data type: boolean default: false validUntil: description: Requested validity ISODate for the consent. type: string format: date-time default: "1900-01-01T00:00:00Z" frequencyPerDay: description: Requested Maximum Frequency for an Access per Day. type: integer format: int32 default: 0 lastActionDate: description: | This date is containing the date of the last action on the consent object either through the XS2A interface or the PSU/ASPSP interface having an impact on the status. type: string format: date default: "1900-01-01" transactionStatus: description: This is the “authentication status” of the consent. $ref: '#/definitions/TransactionStatusType' consentStatus: description: The status of the consent resource. type: string enum: - empty - valid - blocked - expired - deleted default: empty additionalProperties: false ConsentRequestResource: description: Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request. type: object required: - access - recurringIndicator - validUntil - frequencyPerDay - combinedServiceIndicator properties: access: description: Requested access services. Only the sub attributes with the tags "accounts", "balances" and "transactions" are accepted for this request. $ref: '#/definitions/AccountAccess' recurringIndicator: description: | "true", if the consent is for recurring access to the account data. "false", if the consent is for one access to the account data. type: boolean default: false validUntil: description: | This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format. type: string format: date-time default: "1900-01-01T00:00:00Z" frequencyPerDay: description: | This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1". type: integer format: int32 minimum: 1 default: 1 combinedServiceIndicator: description: If "true" indicates that a payment initiation service will be addressed in the same "session". type: boolean default: false additionalProperties: false ConsentUpdateRequestResource: description: |- Update information related to a previous consent request in order to obtain PSUId credentials. It is only to be used to support Embedded method. type: object properties: psuData: $ref: '#/definitions/PSUData' description: Include all credentials related data scaAuthenticationData: description: "SCA authentication data, depending on the chosen authentication method. \n\nif the data is binary, then it is base64 encoded.\n" type: string default: "" authenticationMethodId: description: | The authentication method ID as provided by the ASPSP This property is mandatory in a Select Authentication Method type: string default: "" additionalProperties: false ConsentResponseLink: description: Hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. type: object properties: redirect: description: | In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. type: string default: "" updatePsuIdentification: description: | The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request. type: string default: "" updatePsuAuthenication: description: | The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach. type: string default: "" selectAuthenticationMethod: description: | This is a link to a resource, where the TPP can select the applicable SCA for the PSU, if there were several available authentication methods. This link is only contained under exactly the same conditions as the data element “authenticationMethods”, see above. type: string default: "" authoriseTransaction: description: | The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to. This is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach. type: string status: description: | The link to retrieve the transaction status of the account information consent. type: string default: "" additionalProperties: false ConsentUpdateLink: description: | A list of hyperlinks to be recognized by the TPP. Might be contained, if several authentication methods are available for the PSU. properties: selectAuthenticationMethod: description: | This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there were several available authentication methods. type: string default: "" authoriseTransaction: description: | The link to the resource, where the "Transaction Authorisation Request" is sent to. This is the link to the resource which will authorise the transaction by checking the SCA authentication data within the Embedded SCA approach. type: string default: "" self: description: | The link to the resource itself. type: string default: "" status: description: The link where the transaction status of the resoure can be retrieved. type: string default: "" additionalProperties: false ConsentResponseResource: description: Informs TPP about an account information consent resource. type: object required: - transactionStatus - _links properties: transactionStatus: description: authentication status of the consent. $ref: '#/definitions/TransactionStatusType' consentId: description: | Identification of the consent resource as it is used in the API structure Shall be contained, if a consent resource was generated. type: string default: "" scaMethods: description: | This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type "selectAuthenticationMethods" contained in the response body. These methods shall be presented towards the PSU for selection by the TPP. items: type: string $ref: '#/definitions/AuthenticationArray' chosenScaMethod: description: | This data element is only contained in the response if the APSPS has chosen the Embedded SCA Approach, if the PSU is already identified with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected. $ref: '#/definitions/Authentication' challengeData: description: | It is containded in addition to the data element chosenScaMethod if challenge data is needed for SCA. In rare cases this attribute is also used in the context of the psuAuthentication link. $ref: '#/definitions/Challenge' _links: description: | A list of hyperlinks to be recognised by the TPP. $ref: '#/definitions/ConsentResponseLink' psuMessage: description: | Text to be displayed to the PSU, e.g. in a Decoupled SCA Approach type: string default: "" delegationId: description: | An identification provided by the ASPSP for the later identification of the authentication delegated. type: string default: "" additionalProperties: false ConsentStatusResponseResource: description: Informs TPP about status of an account information consent resource. type: object required: - transactionStatus properties: transactionStatus: description: Authentication status of the consent. $ref: '#/definitions/TransactionStatusType' additionalProperties: false ConsentUpdateResponseResource: description: |- Response related to a previous consent update request. It is only to be used to support Embedded method. type: object required: - transactionStatus properties: chosenScaMethod: $ref: '#/definitions/Authentication' description: If the ASPSP has chosen the Embedded SCA Approach, if the PSU is already identified e.g. with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected. challengeData: $ref: '#/definitions/Challenge' description: It is contained in addition to the data element "chosenScaMethod" if challenge data is needed for SCA. scaMethods: $ref: '#/definitions/AuthenticationArray' description: This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type "startAuthorisationWith AuthenticationMethodSelection" contained in the response body. These methods shall be presented towards the PSU for selection by the TPP. _links: $ref: '#/definitions/ConsentUpdateLink' description: Consent Update Link transactionStatus: $ref: '#/definitions/TransactionStatusType' description: The transaction status is filled with codes of the ISO 20022 data table. psuMessage: description: Text to be displayed to the PSU type: string default: "" additionalProperties: false ErrorMessage: description: Error Information. type: object properties: tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. additionalProperties: false ErrorMessageWithStatus: description: Error and status Information. type: object properties: transactionStatus: $ref: '#/definitions/TransactionStatusType' description: The transaction status is filled with codes of the ISO 20022 corresponding element. tppMessages: $ref: '#/definitions/TppMessageArray' description: Messages to the TPP on operational issues. additionalProperties: false MessageCode: description: Message error codes. type: string enum: - SERVICE_BLOCKED - CORPORATE_ID_IVALID - CONSENT_UNKNOWN - CONSENT_INVALID - CONSENT_EXPIRED - RESOURCE_UNIKNOWN - RESOURCE_EXPIRED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKKNOWN - TRANSACTION_ID_INVALID - PRODUCT_INVALID - PRODUCT_UNKNOWN - PAYMENT_FAILED - REQUIRED_KID_MISSING - SESSIONS_NOT_SUPPORTED - ACCESS_EXCEEDED - REQUESTED_FORMATS_INVALID - CARD_INVALID - NO_PIIS_ACTIVATION default: SERVICE_BLOCKED additionalProperties: false PSUData: description: The password or encryptedPassword subfield is used, depending on encryption requirements of the ASPSP as indicated in the corresponding hyperlink contained in the last response message of the ASPSP. type: object properties: password: description: PSU Password. type: string default: "" additionalProperties: false TppMessage: required: - category - code description: Transports additional error information. properties: category: type: string default: "" description: Category of the error. Only "ERROR" or "WARNING" permitted. code: $ref: '#/definitions/MessageCode' description: Message error code. path: type: string default: "" description: Path of the element of the request message which provoked this error message. text: type: string maxLength: 512 default: "" description: Additional explaining text. additionalProperties: false TppMessageArray: type: array description: Messages to the TPP on operational issues. items: $ref: '#/definitions/TppMessage' description: Transports additional error information. additionalProperties: false TransactionStatusType: description: |- ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT ACTC : ACCEPTED TECHNICAL VALIDATION RJCT : REJECTED type: string enum: - RCVD - PDNG - PATC - ACTC - RJCT default: RJCT additionalProperties: false parameters: aspsp-cde: name: aspsp-cde in: path description: Identification of the aspsp required: true type: string default: "" consent-id: name: consent-id in: path description: Identification of the consent required: true type: string default: "" tppRedirectPreferred: name: tppRedirectPreferred in: query description: | If it equals “true”, the TPP prefers a redirect over an embedded SCA approach. If it equals “false”, the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. required: false type: boolean default: false withBalance: name: withBalance in: query description: | This parameter may only be used together with the access sub attribute “available-accounts” in the request body. \n\nThe request is rejected if the ASPSP is not NextGenPSD2 supporting this parameter.\n\nIf the ASPSP accepts this parameter in the /consents endpoint, he shall also accept it for the GET access method on the /accounts endpoint.\n required: false type: boolean default: false TPP-Transaction-ID: name: TPP-Transaction-ID in: header description: ID of the transaction as determined by the initiating party. required: true type: string format: uuid default: "" TPP-Request-ID: name: TPP-Request-ID in: header description: ID of the request, unique to the call, as determined by the initiating party. required: true type: string format: uuid default: "" PSU-ID: name: PSU-ID in: header description: User identification in ASPSP required: false type: string default: "" PSU-ID-Type: name: PSU-ID-Type in: header description: Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. required: false type: string default: "" PSU-IP-Address: name: PSU-IP-Address in: header description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. required: false type: string default: "" PSU-IP-Port: name: PSU-IP-Port in: header description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. required: false type: string default: "" PSU-Agent: name: PSU-Agent in: header description: The forwarded Agent header field of the http request between PSU and TPP. required: false type: string default: "" PSU-Geo-Location: name: PSU-Geo-Location in: header description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. required: false type: string pattern: ^GEO:[-?+?(\d){1,3}.(\d){6}]{8,11};[-?+?(\d){1,3}.(\d){6}]{8,11}$ default: GEO:1.111111;-1.111111 PSU-Device-ID: name: PSU-Device-ID in: header description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. required: false type: string default: "" PSU-Device-Fingerprint: name: PSU-Device-Fingerprint in: header description: Fingerprint of the device used in the request between PSU and TPP, if available. required: false type: string default: "" Transaction-SCA-Performed: name: Transaction-SCA-Performed in: header description: 'Only used for Delegated Authentication Approach. "NSCA" - "SCA Not performed"; "SUCC" - "SCA Performed with Success"; If this data element is not used, there is no information about transaction SCA authentication ' required: false type: string enum: - NSCA - SUCC PSU-Corporate-ID: name: PSU-Corporate-ID in: header description: Corporate User identification in ASPSP required: false type: string default: "" PSU-Corporate-ID-Type: name: PSU-Corporate-ID-Type in: header description: Might be mandated in the ASPSPs documentation. Only used in a corporate context. required: false type: string default: "" TPP-Redirect-URI: name: TPP-Redirect-URI in: header description: URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Shall be contained at least if the tppRedirectPreferred parameter is set to true or is missing. required: false type: string default: "" TPP-Delegated-Preferred: name: TPP-Delegated-Preferred in: header description: If it equals "true", the TPP requests a delegated SCA approach. If it equals "false", the TPP do not request a delegated SCA approach. If the parameter is not used, the TPP do not request a delegated SCA approach. required: false type: boolean Delegation-ID: name: Delegation-ID in: header description: An identification provided by the ASPSP for the later identification of the authentication delegated. required: false type: string default: "" Signature: name: Signature in: header description: A signature of the request by the TPP on application level. This might be mandated by ASPSP. required: true type: string default: "" Digest: name: Digest type: string required: false in: header description: Hash of the message body. Should be present when Request body exists default: "" TPP-Certificate: name: TPP-Certificate in: header description: The certificate used for signing the request, in base64 encoding. Shall be contained if the signature is used. required: true type: string default: "" Date: name: Date in: header description: Request date required: true type: string format: date-time ConsentRequest: name: consentRequest in: body description: Account Consent Request required: true schema: $ref: '#/definitions/ConsentRequestResource' ConsentUpdateRequest: name: consentUpdateRequest in: body description: Account Consent Request Update required: true schema: $ref: '#/definitions/ConsentUpdateRequestResource' x-ibm-configuration: enforced: true testable: true phase: realized securityDefinitions: x-ibm-client-id: type: apiKey description: "" in: header name: X-IBM-Client-Id security: - x-ibm-client-id: [] x-ibm-endpoints: - endpointUrl: https://site2.sibsapimarket.com:8445/sibs/apimarket-sb type: - production - development - endpointUrl: https://site1.sibsapimarket.com:8445/sibs/apimarket-sb type: - production - development ...