--- swagger: "2.0" info: contact: email: info@berlin-group.org name: The Berlin Group - A European Standards Initiative url: https://www.berlin-group.org/ description: "Contains Single cards data\n\n# Endpoints url \ndiscount sandbox \ \nhttps://mtls-api-nonprod.discountbank.co.il/devapi/cert\n\ndiscount prod \ \nhttps://mtls-api.discountbank.co.il/prod/d\n\nmercantile sandbox \nhttps://mtls-api-nonprod.mercantile.co.il/devapi/cert\n\nmercantile prod \nhttps://mtls-api.mercantile.co.il/prod/d\n\n# Summary\nAs before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by \nidentifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an \n\naccumulated way.\nIn addition, this specification adds to this consent model, that a masked PAN is addressing a single card.\nIt is up to the ASPSP if this consent grants access\n - to the single card identified by the masked PAN,\n - the card account identified by the masked PAN or\n - both,\ndelivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by \nthe ASPSP.\nAdditionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the \nreconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this \ntype will grant the respective access to both,\n - all cards reconciled through this account and\n - the related card account,\nif the ASPSP supports the corresponding endpoints at all.\nAs a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but \nrestricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access \nto both\n - cards and\n - card accounts,\nif the ASPSP supports the related endpoints at all.\nBOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.\n\nNot supported query parameters \nRead Card Balances: dateFrom \nRead Card Transaction List: dateFrom, dateTo, deltaList" license: name: "" url: "" title: PSD2 BERLIN CARDS 1.7 version: 1.0.0 x-ibm-name: psd2-berlin-cards-1-7 name: "" basePath: /psd2 schemes: - https paths: /v1.7/cards/{card-id}/balances: get: produces: - application/json - application/problem+json parameters: - description: This identification is denoting the addressed card. The card-id is retrieved by using a "Read Card List" call. The card-id is the "resourceId" attribute of the card structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: card-id required: true type: string - description: 'Conditional if supported by API provider. Requests in addition to the balances of the current accounting period all balances at the end of previous accounting periods (e.g. monthly periods) with payment due date starting from the provided date on if still retrievable under the given consent. A TPP may not include both parameters "dateFrom" and "valueDateFrom" in one request.Note: The accounting period is the invoicing period of the related card.This parameter is ignored by the ASPSP if it is not supported. BOI REMARK: The earliest date can be 12 month prior to "now".In case of exception from the minimum value a message code PERIOD_INVALID should returned.' format: date in: query name: valueDateFrom required: false type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 - description: Identification of the corresponding consent as granted by the PSU. in: header name: Consent-ID required: true type: string - description: "Is contained only, if an OAuth2 based SCA was performed in the corresponding mandate transaction or if OAuth2 has been used in \na pre-step.\n" in: header name: Authorization required: false type: string - $ref: '#/parameters/Digest' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/PSU-IP-Address' responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/readCardBalancesResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error400_NG' 401: description: Unauthorized headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error401_NG' 403: description: Forbidden headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error403_NG' 404: description: Not found headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error404_NG' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error405_NG' 408: description: Request Timeout headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string tags: - cards - balances description: Read detailed balance information about the addressed card by "card-id". For a given card, an optional parameter "dateFrom" defines the begin of a period from which to obtain available balance related information.Please note, that the current credit line of a given card might be tighter than what a response to this request will suggest due to general credit limits on the card account and transactions by other cards to the same card account. operationId: balances-CARD:get_card_balances summary: Read card balances. security: - oauth2: - balances-CARD /v1.7/cards: get: produces: - application/json - application/problem+json parameters: - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 - description: Identification of the corresponding consent as granted by the PSU. in: header name: Consent-ID required: true type: string - description: Is contained only, if an OAuth2 based SCA was performed in the corresponding mandate transaction or if OAuth2 has been used in a pre-step. in: header name: Authorization required: false type: string - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/readCardListResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error400_NG' 401: description: Unauthorized headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error401_NG' 403: description: Forbidden headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error403_NG' 404: description: Not found headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error404_NG' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error405_NG' 408: description: Request Timeout headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string tags: - cards - list description: Reads a list of cards potentially with additional information, e.g. balance information. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of cards depends then on the stored consent addressed by consentId, respectively the OAuth2 access token. operationId: accounts-CARD:get_cards summary: readListOfCards security: - oauth2: - accounts-CARD /v1.7/cards/{card-id}/transactions: get: produces: - application/json - application/problem+json parameters: - description: This identification is denoting the addressed card. The card-id is retrieved by using a "Read Card List" call. The card-id is the "resourceId" attribute of the card structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: card-id required: true type: string - description: 'Conditional if supported by API provider. Requests in addition to the balances of the current accounting period all balances at the end of previous accounting periods (e.g. monthly periods) with payment due date starting from the provided date on if still retrievable under the given consent. A TPP may not include both parameters "dateFrom" and "valueDateFrom" in one request.Note: The accounting period is the invoicing period of the related card.This parameter is ignored by the ASPSP if it is not supported. BOI REMARK: The earliest date can be 12 month prior to "now".In case of exception from the minimum value a message code PERIOD_INVALID should returned.' format: date in: query name: valueDateFrom required: true type: string - description: End date (inclusive the data dateTo) of the transaction list, default is "now" if not given. Might be ignored if a delta function is used.For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. in: query name: valueDateTo required: false type: string - description: Permitted codes are * "booked" enum: - booked - pending - both in: query name: bookingStatus required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 - description: Identification of the corresponding consent as granted by the PSU. in: header name: Consent-ID required: true type: string - description: Is contained only, if an OAuth2 based SCA was performed in the corresponding mandate transaction or if OAuth2 has been used in a pre-step. in: header name: Authorization required: false type: string - $ref: '#/parameters/Digest' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/PSU-IP-Address' responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/readCardTransactionsResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error400_NG' 401: description: Unauthorized headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error401_NG' 403: description: Forbidden headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error403_NG' 404: description: Not found headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error404_NG' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error405_NG' 408: description: Request Timeout headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string tags: - cards - account data - transactions description: | Reads transactions of a given card addressed by "card-id". operationId: transactions-CARD:get_card_transactions summary: getCardTransactionList security: - oauth2: - transactions-CARD /v1.7/cards/{card-id}: get: produces: - application/json - application/problem+json parameters: - description: "This identification is denoting the addressed card. The card-id is retrieved by using a \"Read Card List\" call. \nThe card-id is the \"resourceId\" attribute of the card structure. Its value is constant at least throughout the lifecycle \nof a given consent.\n" in: path name: card-id required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 - description: | Identification of the corresponding consent as granted by the PSU. in: header name: Consent-ID required: true type: string - description: "Is contained only, if an OAuth2 based SCA was performed in the corresponding mandate transaction or if OAuth2 has been used in \na pre-step.\n" in: header name: Authorization required: false type: string - $ref: '#/parameters/Digest' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/PSU-IP-Address' responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/readCardDetailsResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error400_NG' 401: description: Unauthorized headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error401_NG' 403: description: Forbidden headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error403_NG' 404: description: Not found headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error404_NG' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string schema: $ref: '#/definitions/Error405_NG' 408: description: Request Timeout headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string tags: - cards - details description: "Reads details about a card. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. \nThe addressed details of this account depends then on the stored consent addressed by consentId, respectively the OAuth2 access \ntoken.\n" operationId: accounts-CARD:get_card summary: readCardDetails security: - oauth2: - accounts-CARD definitions: Error400: description: "Standardised definition of reporting error information according to [RFC7807] \nin case of a HTTP error code 400.\n" properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode400' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode400' detail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string title: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" format: uri maxLength: 70 type: string required: - type - code type: object Error400_NG: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 400. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage400' type: array type: object Error401: description: "Standardised definition of reporting error information according to [RFC7807] \nin case of a HTTP error code 401.\n" properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode401' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode401' detail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string title: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" format: uri maxLength: 70 type: string required: - type - code type: object Error401_NG: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage401' type: array type: object Error403: description: "Standardised definition of reporting error information according to [RFC7807] \nin case of a HTTP error code 403.\n" properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode403' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode403' detail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string title: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" format: uri maxLength: 70 type: string required: - type - code type: object Error403_NG: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 403. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage403' type: array type: object Error404: description: "Standardised definition of reporting error information according to [RFC7807] \nin case of a HTTP error code 404.\n" properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode404' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode404' detail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string title: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" format: uri maxLength: 70 type: string required: - type - code type: object Error404_NG: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage404' type: array type: object Error405: description: "Standardised definition of reporting error information according to [RFC7807] \nin case of a HTTP error code 405.\n" properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405' detail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string title: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" format: uri maxLength: 70 type: string required: - type - code type: object Error405_NG: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 405. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405' type: array type: object MessageCode400: description: Message codes defined for HTTP Error code 400 (BAD_REQUEST). enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID - CONSENT_UNKNOWN type: string MessageCode401: description: Message codes defined for HTTP Error code 401 (UNAUTHORIZED). enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKE - CERTIFICATE_MISSING - SIGNATURE_INVALID - SIGNATURE_MISSING - CORPORATE_ID_INVALID - PSU_CREDENTIALS_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED type: string MessageCode403: description: Message codes defined for HTTP Error code 403 (FORBIDDEN). enum: - CONSENT_UNKNOWN - SERVICE_BLOCKED - RESOURCE_UNKNOWN - RESOURCE_EXPIRED type: string MessageCode404: description: Message codes defined for HTTP Error code 404 (NOT FOUND). enum: - RESOURCE_UNKNOWN type: string MessageCode405: description: Message codes defined for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - SERVICE_INVALID type: string _linksAccountDetails: additionalProperties: $ref: '#/definitions/hrefType' description: | Links to the card / card account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "cardTransactions" These links are only supported, when the corresponding consent has been already granted. properties: balances: $ref: '#/definitions/hrefType' card: $ref: '#/definitions/hrefType' cardTransactions: $ref: '#/definitions/hrefType' transactions: $ref: '#/definitions/hrefType' type: object _linksAll: additionalProperties: $ref: '#/definitions/hrefType' description: | A _link object with all availabel link types. properties: account: $ref: '#/definitions/hrefType' balances: $ref: '#/definitions/hrefType' cardAccount: $ref: '#/definitions/hrefType' cardTransactions: $ref: '#/definitions/hrefType' first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' self: $ref: '#/definitions/hrefType' status: $ref: '#/definitions/hrefType' transactionDetails: $ref: '#/definitions/hrefType' transactions: $ref: '#/definitions/hrefType' type: object _linksCardAccountReport: additionalProperties: $ref: '#/definitions/hrefType' properties: card: $ref: '#/definitions/hrefType' cardAccount: $ref: '#/definitions/hrefType' first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' type: object _linksPagination: additionalProperties: $ref: '#/definitions/hrefType' properties: first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' type: object accountAccess: description: | Requested access services for a consent. properties: accounts: description: "Is asking for detailed account information. \n\nIf the array is empty in a request, the TPP is asking for an accessible account list. \nThis may be restricted in a PSU/ASPSP authorization dialogue. \nIf the array is empty, also the arrays for balances, additionalInformation sub attributes or transactions shall be empty, if used.\n" items: $ref: '#/definitions/accountReference' type: array additionalInformation: $ref: '#/definitions/additionalInformationAccess' allPsd2: description: | Optional if supported by API provider. Only the value "allAccounts" is admitted. enum: - allAccounts type: string availableAccounts: description: "Optional if supported by API provider.\n\nThe values \"allAccounts\" and \"allAccountsWithOwnerName\" are admitted. \nThe support of the \"allAccountsWithOwnerName\" value by the ASPSP is optional.\n" enum: - allAccounts type: string availableAccountsWithBalance: description: "Optional if supported by API provider. \nOnly the value \"allAccounts\" is admitted.\n" enum: - allAccounts type: string balances: description: "Is asking for balances of the addressed accounts.\n\nIf the array is empty in the request, the TPP is asking for the balances of all accessible account lists. \nThis may be restricted in a PSU/ASPSP authorization dialogue. \nIf the array is empty, also the arrays for accounts, additionalInformation sub attributes or transactions shall be empty, if used.\n" items: $ref: '#/definitions/accountReference' type: array restrictedTo: description: "If the TPP requests access to accounts via availableAccounts (List of available accounts), global \nor bank driven consents, the TPP may include this element to restrict access to the referred \naccount types. Absence of the element is interpreted as \"no restriction\" (therefore access to \naccounts of all types is requested). The element may only occur, if each of the elements \n - accounts \n - balances \n - transactions \nis either not present or contains an empty array. \n BOI-REMARK:\n This attribute have to be supported by the API Provider. \n \n In detailed consent model this field have to be empty or not presented.\n" items: $ref: '#/definitions/cashAccountType' type: array transactions: description: "Is asking for transactions of the addressed accounts. \n\nIf the array is empty in the request, the TPP is asking for the transactions of all accessible account lists.\nThis may be restricted in a PSU/ASPSP authorization dialogue.\nIf the array is empty, also the arrays for accounts, additionalInformation sub attributes or balances shall be empty, if used.\n" items: $ref: '#/definitions/accountReference' type: array type: object accountReference: description: "Reference to an account by either\n * IBAN, of a payment accounts, or\n * BBAN, for payment accounts if there is no IBAN, or \n * the Primary Account Number (PAN) of a card, can be tokenised by the ASPSP due to PCI DSS requirements, or\n * the Primary Account Number (PAN) of a card in a masked form, or\n * an alias to access a payment account via a registered mobile phone number (MSISDN)\n" properties: bban: $ref: '#/definitions/bban' cashAccountType: $ref: '#/definitions/cashAccountType' currency: $ref: '#/definitions/currencyCode' iban: $ref: '#/definitions/iban' maskedPan: $ref: '#/definitions/maskedPan' msisdn: $ref: '#/definitions/msisdn' required: - maskedPan type: object accountStatus: description: | Account status. The value is one of the following: - "enabled": card / card account is available - "deleted": card / card account is terminated - "blocked": card / card account is blocked e.g. for legal reasons If this field is not used, than the card / card account is available in the sense of this specification. BOI-REMARK: "blocked" e.g. for legal reasons or suspended. enum: - enabled - deleted - blocked type: string additionalInformationAccess: description: "Optional if supported by API provider.\n\nIs asking for additional information as added within this structured object.\nThe usage of this data element requires at least one of the entries \"accounts\", \n\"transactions\" or \"balances\" also to be contained in the object. \nIf detailed accounts are referenced, it is required in addition that any account addressed within \nthe additionalInformation attribute is also addressed by at least one of the attributes \"accounts\", \n\"transactions\" or \"balances\".\n" properties: ownerName: description: "Is asking for account owner name of the accounts referenced within. \nIf the array is empty in the request, the TPP is asking for the account \nowner name of all accessible accounts. \nThis may be restricted in a PSU/ASPSP authorization dialogue. \nIf the array is empty, also the arrays for accounts, balances or transactions shall be empty, if used.\nThe ASPSP will indicate in the consent resource after a successful authorisation, \nwhether the ownerName consent can be accepted by providing the accounts on which the ownerName will \nbe delivered. \nThis array can be empty.\n" items: $ref: '#/definitions/accountReference' type: array trustedBeneficiaries: description: "Optional if supported by API provider.\nIs asking for the trusted beneficiaries related to the accounts referenced within and related to the PSU.\nIf the array is empty in the request, the TPP is asking for the lists of trusted beneficiaries of all accessible accounts. \nThis may be restricted in a PSU/ASPSP authorization dialogue by the PSU if also the account lists addressed \nby the tags �accounts�, �balances� or �transactions� are empty.\nThe ASPSP will indicate in the consent resource after a successful authorisation, \nwhether the trustedBeneficiaries consent can be accepted by providing the accounts on which the list of trusted beneficiaries will be delivered. \nThis array can be empty.\n" items: $ref: '#/definitions/accountReference' type: array type: object address: example: buildingnNumber: "89" country: FR postCode: "75000" streetName: rue blue townName: Paris properties: buildingNumber: type: string country: $ref: '#/definitions/countryCode' postCode: type: string streetName: maxLength: 70 type: string townName: type: string required: - country type: object amount: description: "" example: amount: "123" currency: EUR properties: amount: $ref: '#/definitions/amountValue' currency: $ref: '#/definitions/currencyCode' required: - currency - amount type: object amountValue: description: | The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. **Example:** Valid representations for EUR with up to two decimals are: * 1056 * 5768.2 * -1.50 * 5877.78 example: "5877.78" pattern: ^-?[0-9]{1,14}(\.[0-9]{1,3})?$ type: string authorization: description: | Authorization by OAuth2 based Protocol. type: string balance: description: | A single balance element. properties: balanceAmount: $ref: '#/definitions/amount' balanceType: $ref: '#/definitions/balanceType' creditLimitIncluded: description: "A flag indicating if the credit limit of the corresponding account \nis included in the calculation of the balance, where applicable.\n" example: false type: boolean lastChangeDateTime: description: "This data element might be used to indicate e.g. with the expected or booked balance that no action is known \non the account, which is not yet booked.\n" format: date-time type: string lastCommittedTransaction: description: "\"entryReference\" of the last commited transaction to support the TPP in identifying whether all \nPSU transactions are already known.\n" maxLength: 35 type: string referenceDate: description: Reference date of the balance. format: date type: string required: - balanceAmount - balanceType - creditLimitIncluded - referenceDate type: object balanceList: description: "The specific card account balances associated to this card / card account. In the context of a response to a \"cards\" endpoint, \neach balance that indicates that credit limit is included must respect all applicable credit limits relevant for this \ncard ( cp. Section 6.6)\n" items: $ref: '#/definitions/balance' type: array balanceType: description: "The following balance types are defined:\n - \"closingBooked\": \n Balance of the account at the end of the pre-agreed account reporting period. \n It is the sum of the opening booked balance at the beginning of the period and all entries booked \n to the account during the pre-agreed account reporting period.\n \n For card-accounts and cards, this is composed of\n \n - invoiced, but not yet paid entries\n For cards the account entries are booking entries from the card processor or invoices paid by the PSU. \n \n BOI-REMARK for future: \n For cards , this is composed of entries at the closing time of the accounting period, which have to be invoiced. i.e. invoiced and paid entries at the closing time of the accounting period.\n - \"expected\":\n Balance composed of booked entries and pending items known at the time of calculation, \n which projects the end of day balance if everything is booked on the account and no other entry is posted.\n \ \n For card accounts, this is composed of:\n - invoiced, but not yet paid entries\n - not yet invoiced but already booked entries and\n \ - pending items (not yet booked)\n \n For card-accounts:\n \n \ \"money to spend with the value of a pre-approved credit limit on the card account\"\n \n - \"openingBooked\":\n Book balance of the account at the beginning of the account reporting period. \n It always equals the closing book balance from the previous report.\n - \"interimAvailable\":\n Available balance calculated in the course of the account ?servicer?s business day, \n \ at the time specified, and subject to further changes during the business day. \n The interim balance is calculated on the basis of booked credit and debit items during the calculation \n time/period specified.\n \n For card-accounts, this is composed of:\n - invoiced, but not yet paid entries\n \ - not yet invoiced but already booked entries\n \n For cards, this is composed of \n - invoiced, but not yet paid entries \n - not yet invoiced but already booked entries \n - pending items (not yet booked)\n \ - \"interimBooked\":\n Balance calculated in the course of the account servicer's business day, at the time specified, \n and subject to further changes during the business day. \n The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period \n specified.\n \n BOI REMARK for future:\n For cards, this time period consists of the accounting period of the related card, e.g. thie interim booked items during a month. i.e. invoiced, but not yet paid entries.\n - \"forwardAvailable\":\n \ Forward available balance of money that is at the disposal of the account owner on the date specified.\n - \"nonInvoiced\": \n Only for card accounts, to be checked yet.\n" enum: - closingBooked - expected - openingBooked - interimAvailable - interimBooked - forwardAvailable - nonInvoiced type: string bban: description: "Basic Bank Account Number (BBAN) Identifier.\n\nThis data element can be used in the body of the consent request.\n Message for retrieving account access consent from this account. This\n data elements is used for payment accounts which have no IBAN.\n ISO20022: Basic Bank Account Number (BBAN). \n \n Identifier used nationally by financial institutions, i.e., in individual countries, \n generally as part of a National Account Numbering Scheme(s), \n which uniquely identifies the account of a customer.\n" example: BARC12345612345678 pattern: ^[a-zA-Z0-9]{1,30}$ type: string bookingDate: description: | The date when an entry is posted to an account on the ASPSPs books. format: date type: string cardAcceptorPhone: description: | Merchant phone number It consists of a "+" followed by the country code (from 1 to 3 characters) then a "-" and finally, any combination of numbers, "(", ")", "+" and "-" (up to 30 characters). pattern according to ISO20022 \+[0-9]{1,3}-[0-9()+\-]{1,30} pattern: ^\+[0-9]{1,3}\-[0-9()+\-]{1,30}$ type: string cardAccountDetails: description: | Card account details. properties: _links: $ref: '#/definitions/_linksAccountDetails' balances: $ref: '#/definitions/balanceList' creditLimit: $ref: '#/definitions/amount' currency: $ref: '#/definitions/currencyCode' details: description: | Specifications that might be provided by the ASPSP: - characteristics of the account - characteristics of the relevant card BOI REMARK: For example - charactaristic of the creditLimit level. - charactaristic of the monthly billing date. maxLength: 1000 type: string displayName: $ref: '#/definitions/displayName' maskedPan: $ref: '#/definitions/maskedPan' name: description: "Name of the card / card account, as assigned by the ASPSP, \nin agreement with the account owner in order to provide an additional means of identification of the account.\n" maxLength: 70 type: string ownerName: $ref: '#/definitions/ownerName' product: description: | Product Name of the Bank for this card / card account, proprietary definition. maxLength: 35 type: string resourceId: description: | This is the data element to be used in the path when retrieving data from a dedicated account. This shall be filled, if addressable resource are created by the ASPSP on the /card-accounts endpoint. type: string status: $ref: '#/definitions/accountStatus' usage: description: | Specifies the usage of the card / card account: * PRIV: private personal card / card account * ORGA: professional card / card account enum: - PRIV - ORGA maxLength: 4 type: string required: - maskedPan - currency type: object cardAccountReport: description: |- Only Booked transactions are supported JSON based card account report. This card account report contains transactions resulting from the query parameters. properties: _links: $ref: '#/definitions/_linksCardAccountReport' booked: $ref: '#/definitions/cardTransactionList' pending: $ref: '#/definitions/cardTransactionList' required: - _links type: object cardId: description: | This identification is denoting the addressed card. type: string cardTransaction: description: Card transaction information. properties: acceptorTransactionDateTime: description: Timestamp of the actual card transaction within the acceptance system format: date-time type: string bookingDate: $ref: '#/definitions/bookingDate' cardAcceptorAddress: $ref: '#/definitions/address' cardAcceptorId: maxLength: 35 type: string cardAcceptorPhone: $ref: '#/definitions/cardAcceptorPhone' cardTransactionId: $ref: '#/definitions/cardTransactionId' currencyExchange: $ref: '#/definitions/reportExchangeRateList' grandTotalAmount: allOf: - $ref: '#/definitions/amount' - description: | Total amount of the instalment including charges, insurance and taxes in addition to the funded amount. invoiced: type: boolean markupFee: $ref: '#/definitions/amount' markupFeePercentage: example: "0.3" type: string maskedPAN: $ref: '#/definitions/maskedPan' merchantCategoryCode: $ref: '#/definitions/merchantCategoryCode' originalAmount: $ref: '#/definitions/amount' proprietaryBankTransactionCode: $ref: '#/definitions/proprietaryBankTransactionCode' terminalId: $ref: '#/definitions/terminalId' transactionAmount: $ref: '#/definitions/amount' transactionDate: $ref: '#/definitions/transactionDate' transactionDetails: maxLength: 1000 type: string valueDate: description: The Date at which assets become available to the account owner in case of a credit, or cease to be available to the account owner in case of a debit entry. For card transactions this is the payment due date of related booked transactions of a card. format: date type: string required: - transactionAmount type: object cardTransactionId: description: Unique end to end identity. maxLength: 35 type: string cardTransactionList: description: Array of transaction details. items: $ref: '#/definitions/cardTransaction' type: array cashAccountType: description: "ExternalCashAccountType1Code from ISO 20022 or Type \"CARD\". The API provider may restrict the accepted \nvalues further (e.g. only \"CARD\" and \"CACC\" may be supported). The TPP includes this element, if the \naccount reference may identify several accounts of different types, but the TPP only requests access to \na specific type (e.g. card accounts).\n\nBOI Remark:Savings: SVGS for saving accounts Loan: \"LOAN\" for loan accounts If the cashAccountType is\nnot present, it indicates the cashAccountType\n - \"Card Account\" in case of the account identification being provided as a maskedPan \n - \"Current Account\" (CACC) otherwise.\nIn case the TPP requests access for several types with same identifiers, the TPP will send the same \nidentifier multiple times for each cashAccountType.\n" enum: - CACC - CARD type: string consentId: description: | This shall be contained if the push notification is about establishing a consent type: string countryCode: description: ISO 3166 ALPHA2 country code. example: SE pattern: ^[A-Z]{2}$ type: string currencyCode: description: | ISO 4217 Alpha 3 currency code. BOI-REMARK: Card/Account currency. example: EUR pattern: ^[A-Z]{3}$ type: string displayName: description: | Name of the card / card account as defined by the PSU within online channels. maxLength: 70 type: string hrefEntry: description: Link to a resource. example: /v1/payments/sepa-credit-transfers/1234-wertiq-983 type: string hrefType: description: Link to a resource. properties: href: $ref: '#/definitions/hrefEntry' type: object iban: description: IBAN of an account. example: FR7612345987650123456789014 pattern: ^[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}$ type: string maskedPan: description: "Primary Account Number (PAN) of the card in masked form. In the context of a response to a \"/card-accounts\" endpoint, this is the \nPAN of the main card; in the context of a \"/cards\" endpoint, this identifies the specific card for that the information is presented.\nThis data element can be used in the body of the Consent Request Message for retrieving account access consent from this card.\n" example: 123456xxxxxx1234 maxLength: 35 type: string merchantCategoryCode: description: Merchant category code. maxLength: 4 minLength: 4 type: string msisdn: description: Mobile phone number. example: +49 170 1234567 maxLength: 35 type: string otherType: description: In cases where the specifically defined criteria (IBAN, BBAN, MSISDN) are not provided to identify an instance of the respective account type (e.g. a savings account), the ASPSP shall include a proprietary ID of the respective account that uniquely identifies the account for this ASPSP. properties: identification: description: Proprietary identification of the account. maxLength: 35 type: string issuer: description: Issuer of the identification. maxLength: 35 type: string schemeNameCode: description: An entry provided by an external ISO code list. type: string schemeNameProprietary: description: A scheme name defined in a proprietary way. maxLength: 35 type: string required: - identification type: object ownerName: description: "Name of the legal account owner. \nIf there is more than one owner, then e.g. two names might be noted here.\n\nFor a corporate account, the corporate name is used for this attribute.\nEven if supported by the ASPSP, the provision of this field might depend on the fact whether an explicit consent to this specific \nadditional account information has been given by the PSU.\n" example: John Doe maxLength: 140 type: string proprietaryBankTransactionCode: description: "Proprietary bank transaction code as used within a community or within an ASPSP e.g. \nfor MT94x based transaction reports.\n" maxLength: 35 type: string readCardBalancesResponse-200_json: description: Balances of the cards. properties: balances: $ref: '#/definitions/balanceList' card: $ref: '#/definitions/accountReference' required: - card - balances type: object readCardDetailsResponse-200_json: description: Details of the card. properties: card: $ref: '#/definitions/cardAccountDetails' required: - card type: object readCardListResponse-200_json: description: Descriptions of the accessible cards. properties: cards: items: $ref: '#/definitions/cardAccountDetails' type: array required: - cards type: object readCardTransactionsResponse-200_json: description: Transactions of the cards. properties: _links: $ref: '#/definitions/_linksPagination' balances: $ref: '#/definitions/balanceList' card: $ref: '#/definitions/accountReference' cardTransactions: $ref: '#/definitions/cardAccountReport' required: - card - cardTransactions type: object reportExchangeRate: description: Exchange Rate. properties: contractIdentification: maxLength: 35 type: string exchangeRate: type: string quotationDate: format: date type: string sourceCurrency: $ref: '#/definitions/currencyCode' targetCurrency: $ref: '#/definitions/currencyCode' unitCurrency: $ref: '#/definitions/currencyCode' required: - sourceCurrency - exchangeRate - unitCurrency - targetCurrency - quotationDate type: object reportExchangeRateList: description: Array of exchange rates. items: $ref: '#/definitions/reportExchangeRate' type: array terminalId: description: Identification of the Terminal, where the card has been used. maxLength: 35 type: string tppErrorDetail: description: "Detailed human readable text specific to this instance of the error. \nXPath might be used to point to the issue generating the error in addition.\nRemark for Future: In future, a dedicated field might be introduced for the XPath.\n" maxLength: 500 type: string tppErrorTitle: description: "Short human readable description of error type. \nCould be in local language. \nTo be provided by ASPSPs.\n" maxLength: 70 type: string tppMessage400: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode400' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage401: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode401' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage403: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode403' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage404: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode404' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessageCategory: description: Category of the TPP message category. enum: - ERROR - WARNING type: string tppMessageText: description: Additional explaining text to the TPP. maxLength: 500 type: string transactionDate: description: Date of the actual card transaction. format: date type: string externalDocs: description: | Full Documentation of NextGenPSD2 Access to Account Interoperability Framework (General Introduction Paper, Operational Rules, Implementation Guidelines) url: https://www.berlin-group.org/nextgenpsd2-downloads x-components: parameters: Authorization: description: "Is contained only, if an OAuth2 based SCA was performed in the corresponding mandate transaction or if OAuth2 has been used in \na pre-step.\n" in: header name: Authorization required: false type: string Digest: description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header maxLength: 1024 name: Digest required: true type: string x-example: SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A= PSU-IP-Address_optional: description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 Signature: description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header maxLength: 4096 name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" TPP-Signature-Certificate: description: "The certificate used for signing the request, in base64 encoding. \nMust be contained if a signature is contained.\n" format: byte in: header name: TPP-Signature-Certificate required: true type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 bookingStatus: description: "Permitted codes are \n * \"booked\",\n * \"pending\",\n * \"both\",\n\"booked\" shall be supported by the ASPSP.\nTo support the \"pending\" and \"both\" feature is optional for the ASPSP, \nError code if not supported in the online banking frontend.\nIf supported, \"both\" means to request transaction reports of transaction of bookingStatus either \"pending\" or \"booked\".\nBOI-REMARK: \"pending\" must be supported by the API provider if supported in the online banking frontend.\n" enum: - booked - pending - both in: query name: bookingStatus required: true type: string cardId_PATH: description: "This identification is denoting the addressed card. The card-id is retrieved by using a \"Read Card List\" call. \nThe card-id is the \"resourceId\" attribute of the card structure. Its value is constant at least throughout the lifecycle \nof a given consent.\n" in: path name: card-id required: true type: string consentId_HEADER_mandatory: description: | Identification of the corresponding consent as granted by the PSU. in: header name: Consent-ID required: true type: string dateFrom: description: "Conditional: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required\nand if bookingStatus does not equal \"information\".\nFor booked transactions, the relevant date is the booking date. \nFor pending transactions, the relevant date is the entry date, which may not be transparent \nneither in this API nor other channels of the ASPSP.\n\nOptional: For card balances. This parameter is ignored by the ASPSP if it is not supported. \nRequests in addition to the balances of the current accounting period all booked balances at the end of previous accounting periods (e.g. monthly periods) from the provided date on if still retrievable under the given consent.\nNote: The accounting period for card balances is the invoicing period of the related card.\nThis parameter is ignored by the ASPSP if it is not supported.\nA TPP may not include both parameters \"dateFrom\" and \"valueDateFrom\" in one request.\nBOI REMARK: The parameter \"dateFrom\" may only be used, if it is supported by the ASPSP.\nThe ASPSP must support at least one of the query parameters \"dateFrom\" and \"valueDateFrom\".\nThis parameter is relevant only for differed debit card or credit card. \nIf this parameter is empty, the TPP will get the balances for the last cycle (closing booked) and the balances for the current cycle (interim booked). \nThe earliest date can be 12 month prior to \"now\".\n" format: date in: query name: dateFrom required: false type: string dateTo: description: "End date (inclusive the data dateTo) of the transaction list, default is \"now\" if not given. \nMight be ignored if a delta function is used.\nFor booked transactions, the relevant date is the booking date. \nFor pending transactions, the relevant date is the entry date, which may not be transparent \nneither in this API nor other channels of the ASPSP.\n" format: date in: query name: dateTo required: false type: string deltaList: description: This data attribute is indicating that the AISP is in favour to get all transactions after the last report access for this PSU on the addressed account. This is another implementation of a delta access-report. This delta indicator might be rejected by the ASPSP if this function is not supported. Optional if supported by API provider in: query name: deltaList type: boolean valueDateFrom: description: "Conditional if supported by API provider.\nRequests in addition to the balances of the current accounting period all balances at the end of previous accounting periods (e.g. monthly periods) with payment due date starting from the provided date on if still retrievable under the given consent. \nA TPP may not include both parameters \"dateFrom\" and \"valueDateFrom\" in one request.\nNote: The accounting period is the invoicing period of the related card.\nThis parameter is ignored by the ASPSP if it is not supported. \n\nBOI REMARK: The earliest date can be 12 month prior to \"now\".\nIn case of exception from the minimum value a message code PERIOD_INVALID should returned.\n" format: date in: query name: valueDateFrom required: false type: string valueDateTo: description: | End date (inclusive the data dateTo) of the transaction list with regards to element "valueDate", default is "now" if not given. "valueDateTo" must not be included in the request, if parameter "valueDateFrom" is not included. The parameter "valueDateTo" may only be used, if it is supported by the ASPSP. The ASPSP must support if it supports query parameter "valueDateFrom". format: date in: query name: valueDateTo required: false type: string responses: BAD_REQUEST_400: description: Bad Request headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/Error400_NG' FORBIDDEN_403: description: Forbidden headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/Error403_NG' INTERNAL_SERVER_ERROR_500: description: Internal Server Error headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string METHOD_NOT_ALLOWED_405: description: Method Not Allowed headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/Error405_NG' NOT_FOUND_404: description: Not found headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/Error404_NG' OK_200_CARDBALANCES: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/readCardBalancesResponse-200_json' OK_200_CARDDETAILS: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/readCardDetailsResponse-200_json' OK_200_CARDS: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/readCardListResponse-200_json' OK_200_CARDTRANSACTIONS: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/readCardTransactionsResponse-200_json' REQUEST_TIMEOUT_408: description: Request Timeout headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string SERVICE_UNAVAILABLE_503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string UNAUTHORIZED_401: description: Unauthorized headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string schema: $ref: '#/definitions/Error401_NG' UNSUPPORTED_MEDIA_TYPE_415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string examples: readCardBalancesResponse-200_json_Example1: description: | Read card balances. Example on current balance only value: balances: - balanceAmount: amount: "5654.22" currency: EUR balanceType: interimAvailable creditLimitIncluded: true - balanceAmount: amount: "4355.78" currency: EUR balanceType: interimBooked card: maskedPan: 525412xxxxxx3241 readCardBalancesResponse-200_json_Example2: description: | Read card balances. Example on booked balances of the past requested in addition value: balances: - balanceAmount: amount: "5654.22" currency: EUR balanceType: interimAvailable creditLimitIncluded: true - balanceAmount: amount: "4355.78" currency: EUR balanceType: interimBooked - balanceAmount: amount: "2255.45" currency: EUR balanceType: closingBooked referenceDate: "2020-06-30" - balanceAmount: amount: "1234.56" currency: EUR balanceType: closingBooked referenceDate: "2020-07-31" - balanceAmount: amount: "234.01" currency: EUR balanceType: closingBooked referenceDate: "2020-08-31" card: maskedPan: 525412xxxxxx3241 readCardDetailsResponse-200_json_Example1: description: Read card details. value: card: _links: self: href: /v1/cards/4d9a81b3-a47d-4130-8765-a9c0ff861b99 transactions: href: /v1/cards/4d9a81b3-a47d-4130-8765-a9c0ff861b99/transactions balances: - balanceAmount: amount: "1390.10" currency: EUR balanceType: interimBooked - balanceAmount: amount: "3609.90" currency: EUR balanceType: interimAvailable creditLimitIncluded: true creditLimit: amount: "5000" currency: EUR currency: EUR maskedPan: 525412xxxxxx3241 name: Main product: Basic Credit Card resourceId: 4d9a81b3-a47d-4130-8765-a9c0ff861b99 status: enabled readCardDetailsResponse-200_json_Example2: description: Read card details. value: card: _links: self: href: /v1/cards/4d9a81b3-a47d-4130-8765-a9c0ff861b99 transactions: href: /v1/cards/4d9a81b3-a47d-4130-8765-a9c0ff861b99/transactions balances: - balanceAmount: amount: "1390.10" currency: EUR balanceType: interimBooked - balanceAmount: amount: "3155.17" currency: EUR balanceType: interimAvailable creditLimitIncluded: true - balanceAmount: amount: "500.20" currency: USD balanceType: interimBooked - balanceAmount: amount: "3470.69" currency: EUR balanceType: interimAvailable creditLimitIncluded: true creditLimit: amount: "5000" currency: EUR currency: XXX maskedPan: 525412xxxxxx3241 name: Main product: Basic Credit Card resourceId: 4d9a81b3-a47d-4130-8765-a9c0ff861b99 status: enabled readCardListResponse-200_json_Example: description: Read card list. value: cards: - balances: - balanceAmount: amount: "1390.10" currency: EUR balanceType: interimBooked - balanceAmount: amount: "3609.90" currency: EUR balanceType: interimAvailable creditLimitIncluded: true creditLimit: amount: "5000" currency: EUR currency: EUR maskedPan: 525412xxxxxx3241 name: Main product: Basic Credit Card resourceId: 4d9a81b3-a47d-4130-8765-a9c0ff861b99 status: enabled - balances: - balanceAmount: amount: "559.10" currency: EUR balanceType: interimBooked - balanceAmount: amount: "4440.90" currency: EUR balanceType: interimAvailable creditLimitIncluded: true creditLimit: amount: "5000" currency: EUR currency: EUR maskedPan: 525412xxxxxx3242 name: PartnerCard product: Basic Credit Card resourceId: 4d9a81b3-a47d-4130-8765-a9c0ff861b98 status: enabled readCardTransactionsResponse-200_json_Example: description: Read card transaction list. value: card: maskedPan: 525412xxxxxx3241 cardTransactions: _links: card: href: /v1/cards/4d9a81b3-a47d-4130-8765-a9c0ff861b99 booked: - bookingDate: "2017-10-26" cardAcceptorAddress: city: STOCKHOLM country: SE cardTransactionId: "201710020036959" grandTotalAmount: amount: "2566.70" currency: EUR invoiced: false proprietaryBankTransactionCode: INSTALMENT transactionAmount: amount: "256.67" currency: EUR transactionDate: "2017-10-25" transactionDetails: WIFIMARKET.SE valueDate: "2017-11-01" - bookingDate: "2017-10-26" cardAcceptorAddress: city: STOCKHOLM country: SE cardTransactionId: "201710020091863" invoiced: false originalAmount: amount: "99" currency: SEK proprietaryBankTransactionCode: PURCHASE transactionAmount: amount: "10.72" currency: EUR transactionDate: "2017-10-25" transactionDetails: ICA SUPERMARKET SKOGHA valueDate: "2017-11-01" pending: [] headers: Location: description: | Location of the created resource. format: url required: false type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 format: uuid required: true type: string x-ibm-configuration: enforced: true testable: true phase: realized consumes: - application/json produces: - application/json securityDefinitions: oauth2: type: oauth2 description: "" flow: accessCode scopes: accounts-CARD: "" balances-CARD: "" transactions-CARD: "" authorizationUrl: https://api-nonprod.discountbank.co.il/devapi/cert/consent/authorize tokenUrl: https://mtls-api-nonprod.discountbank.co.il/devapi/cert/consent/authorize x-scopeValidate: tls-profile: inbal.harel@dbank.co.il parameters: Digest: name: Digest type: string required: true in: header description: This field is not verified Signature: name: Signature type: string required: true in: header description: A signature of the request by the TPP on application level. This field is not verified. TPP-Signature-Certificate: name: TPP-Signature-Certificate type: string required: true in: header description: The certificate used for signing the request, in base64 encoding. The certificate is eIDAS Qseal certificate must contain the same O + OU that exsists in the eIDAS Qwac certificate. PSU-IP-Address: name: PSU-IP-Address type: string required: false in: header description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. x-ibm-endpoints: - endpointUrl: https://mtls-api.discountbank.co.il/prod/d type: - production - development ...