--- swagger: "2.0" info: x-ibm-name: psd2-berlin-mandate-services contact: name: The Berlin Group - A European Standards Initiative url: https://www.berlin-group.org/ email: info@berlin-group.org description: "# Endpoints url \ndiscount sandbox \nhttps://mtls-api-nonprod.discountbank.co.il/devapi/cert\n\ndiscount prod \nhttps://mtls-api.discountbank.co.il/prod/d\n\nmercantile sandbox \ \nhttps://mtls-api-nonprod.mercantile.co.il/devapi/cert\n\nmercantile prod \nhttps://mtls-api.mercantile.co.il/prod/d\n\n# Summary\nThe processing of direct debit transactions comes with a related mandate of the debtor towards the creditor, creditor bank and debtor bank to process such mandates. \nSuch a mandate might come with a creditor mandate flow or a debtor mandate flow, depending on the underlying direct debit scheme. \nThe mandate can be signed by the debtor manually or the debtor agrees via electronic means, again depending on the related direct debit scheme rules." license: name: Creative Commons Attribution 4.0 International Public License url: https://creativecommons.org/licenses/by/4.0/ title: PSD2 BERLIN Mandate Services version: "1.0" name: "" schemes: - https basePath: /psd2 consumes: - application/json produces: - application/json security: - oauth2: - mandates securityDefinitions: oauth2: type: oauth2 description: "" flow: accessCode scopes: mandates: /mandates/{resourceId} authorizationUrl: "" tokenUrl: "" x-scopeValidate: tls-profile: inbal.harel@dbank.co.il x-ibm-configuration: enforced: true testable: true phase: realized paths: /v2/mandates: post: summary: Establish Mandate Request on Dedicated Account description: | Creates a mandate resource at the ASPSP for the account specified in this request. Note: This call is a Transaction Initiation Request in the sense of [oFA SMPF] and makes use e.g. of authorisation processes, where applicable, and header parameters as defined therein. operationId: initiateMandate consumes: - application/json produces: - application/json tags: - Mandates API security: - [] parameters: - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/Digest' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - description: | BOI-REMARK- If it equals "false" , the ASPSP has to choose Decoupled SCA approach if supported by the ASPSP for the related PSU, because Embedded does not supported. ASPSP not supporting Decoupled SCA approach can ignore this attribute. name: TPP-Redirect-Preferred in: header type: boolean required: false - description: | If it equals "true", the TPP prefers a decoupled SCA approach. If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. The parameter might be ignored by the ASPSP. If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. **Remark for Future:** TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility. name: TPP-Decoupled-Preferred in: header type: boolean required: false - description: | If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. name: TPP-Explicit-Authorisation-Preferred in: header type: boolean required: false - description: | If it equals "true" then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals "false" then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter might be ignored by the ASPSP. name: TPP-Rejection-NoFunds-Preferred in: header type: boolean required: false - description: | This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. name: TPP-Brand-Logging-Information in: header type: string required: false - description: | URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply. name: TPP-Notification-URI in: header type: string format: uri maxLength: 2048 required: false - description: | The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP. name: TPP-Notification-Content-Preferred in: header type: string maxLength: 2048 required: false - description: | BOI-REMARK - The PSU id number or passport number. Possible values are: * ID = only digits. * Passport = 2 characters ISO 3166 country code + '-' + Passport number. name: PSU-ID in: header type: string pattern: ^([0-9]{9}|[A-Za-z]{2}-([A-Za-z0-9]){1,16})$ required: true x-example: IL-12345678945 - description: | BOI-REMARK - Specific brands or channels of the ASPSP only in case there is more than one. Possible values should be found in ASPSP's documentation and get approved in advance by BOI. name: PSU-ID-Type in: header type: string enum: - Retail - SME required: true - description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. name: PSU-Corporate-ID in: header type: string pattern: ^[A-Z]{2}[-]\d{9}|\d{9}$ required: false - description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. enum: - Company - ForeignCompany - StatutoryWithoutID in: header name: PSU-Corporate-ID-Type required: false type: string - description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. name: PSU-IP-Address in: header type: string format: ipv4 required: true x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. name: PSU-IP-Port in: header type: string maxLength: 5 required: false x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. name: PSU-Accept in: header type: string maxLength: 1024 required: false - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. name: PSU-Accept-Charset in: header type: string maxLength: 1024 required: false - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. name: PSU-Accept-Encoding in: header type: string maxLength: 1024 required: false - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. name: PSU-Accept-Language in: header type: string maxLength: 1024 required: false - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. name: PSU-User-Agent in: header type: string maxLength: 1024 required: false - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE name: PSU-Http-Method in: header type: string enum: - GET - POST - PUT - PATCH - DELETE required: false - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. name: PSU-Device-ID in: header type: string format: uuid required: false x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. name: PSU-Geo-Location in: header type: string pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false x-example: GEO:52.506931;13.144558 - description: | Request body for a mandates request in: body name: body schema: $ref: '#/definitions/mandatesRequest' required: true responses: 201: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean ASPSP-SCA-Approach: description: | This data element must be contained, if the SCA Approach is already fixed. Possible values are * DECOUPLED * REDIRECT The OAuth SCA approach will be subsumed by REDIRECT. type: string ASPSP-Notification-Content: description: | The string has the form status=X1, …, Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the following semantics SCA - Notification on every change of the scaStatus attribute for all related authorisation processes is provided by the ASPSP for the related resource. PROCESS - Notification on all changes of consentStatus or transactionStatus attributes is provided by the ASPSP for the related resource LAST - Notification on the last consentStatus or transactionStatus as available in the XS2A interface is provided by the ASPSP for the related resource. This field must be provided if the ASPSP-Notification-Support=true. The ASPSP might consider the notification content as preferred by the TPP, but can also respond independently of the preferred request type: string description: Created schema: $ref: '#/definitions/mandatesResponse-201' 400: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Bad Request schema: $ref: '#/definitions/error_NG_400_Mandates' 401: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unauthorised schema: $ref: '#/definitions/error_NG_401_Mandates' 403: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Forbidden schema: $ref: '#/definitions/error_NG_403_Mandates' 404: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Found schema: $ref: '#/definitions/error_NG_404_Mandates' 405: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Method not allowed 406: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Acceptable 408: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Request Timeout 409: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Conflict 415: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unsupported Media Type 500: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Internal Server Error 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean /v2/mandates/{resourceId}: get: summary: Get Mandate Request description: "Returns the content of a mandate object. \nThis is returning the data for the API Client especially in cases, where the mandate was directly managed in detail between ASPSP and PSU e.g. in a re-direct SCA Approach.\n" operationId: mandates-valid:get_mandate consumes: - application/json produces: - application/json tags: - Mandates API security: - oauth2: - mandates parameters: - description: Resource identification of the related payment initiation, signing basket, consent, subscription or other related business transaction resource. in: path name: resourceId required: true type: string maxLength: 70 responses: 200: headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string description: OK schema: $ref: '#/definitions/getMandateResponse-200' 400: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Bad Request schema: $ref: '#/definitions/error_NG_400_Mandates' 401: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unauthorised schema: $ref: '#/definitions/error_NG_401_Mandates' 403: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Forbidden schema: $ref: '#/definitions/error_NG_403_Mandates' 404: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Found schema: $ref: '#/definitions/error_NG_404_Mandates' 405: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Method not allowed 406: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Acceptable 408: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Request Timeout 409: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Conflict 415: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unsupported Media Type 500: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Internal Server Error 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean delete: summary: Cancellation of a Mandate description: | Deletes a given mandate operationId: cancelMandate consumes: - application/json produces: - application/json tags: - Mandates API security: - [] parameters: - description: Resource identification of the related payment initiation, signing basket, consent, subscription or other related business transaction resource. in: path name: resourceId required: true type: string maxLength: 70 - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Nok-Redirect-URI' - $ref: '#/parameters/Digest' - $ref: '#/parameters/Signature' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Accept' - $ref: '#/parameters/Content-Type' responses: 202: headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string description: Received schema: $ref: '#/definitions/mandatesCancelResponse-202' 204: headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string description: NO CONTENT 400: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Bad Request schema: $ref: '#/definitions/error_NG_400_Mandates' 401: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unauthorised schema: $ref: '#/definitions/error_NG_401_Mandates' 403: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Forbidden schema: $ref: '#/definitions/error_NG_403_Mandates' 404: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Found schema: $ref: '#/definitions/error_NG_404_Mandates' 405: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Method not allowed 406: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Acceptable 408: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Request Timeout 409: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Conflict 415: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unsupported Media Type 500: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Internal Server Error 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean /v2/mandates/{resourceId}/status: get: summary: Get Status Request description: | Can check the status of a mandate resource. operationId: mandates-any:get_mandate_status consumes: - application/json produces: - application/json tags: - Mandates API security: - [] parameters: - description: Resource identification of the related payment initiation, signing basket, consent, subscription or other related business transaction resource. in: path name: resourceId required: true type: string maxLength: 70 - description: ID of the request, unique to the call, as determined by the initiating party. in: header name: X-Request-ID required: true type: string format: uuid x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 responses: 200: headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string description: OK schema: $ref: '#/definitions/getMandateStatusResponse-200' 400: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Bad Request schema: $ref: '#/definitions/error_NG_400_Mandates' 401: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unauthorised schema: $ref: '#/definitions/error_NG_401_Mandates' 403: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Forbidden schema: $ref: '#/definitions/error_NG_403_Mandates' 404: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Found schema: $ref: '#/definitions/error_NG_404_Mandates' 405: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Method not allowed 406: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Not Acceptable 408: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Request Timeout 409: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Conflict 415: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Unsupported Media Type 500: headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean description: Internal Server Error 503: description: Service Unavailable headers: Location: description: | Location of the created resource. format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean /v2/oauth/mandates/.well-known/oauth-authorization-server: get: responses: 200: description: 200 OK schema: $ref: '#/definitions/well-known-response' operationId: mandates_wellknown security: - [] summary: OAuth2 Location description: The link where the configuration of the OAuth2 Server is defined. parameters: - name: Digest type: string required: false in: header description: This field is not verified - name: Signature type: string required: false in: header description: A signature of the request by the TPP on application level. This field is not verified. - name: tpp-signature-certificate type: string required: false in: header description: The certificate used for signing the request, in base64 encoding. The certificate is eIDAS Qseal certificate must contain the same O + OU that exsists in the eIDAS Qwac certificate. /v2/oauth/mandates/cancellation/.well-known/oauth-authorization-server: get: responses: 200: description: 200 OK schema: $ref: '#/definitions/well-known-mandateCancellation-response' operationId: mandates_cancellation_wellknown consumes: - application/json produces: - application/json parameters: - name: TPP-Signature-Certificate type: string required: true in: header description: The certificate used for signing the request, in base64 encoding. The certificate is eIDAS Qseal certificate must contain the same O + OU that exsists in the eIDAS Qwac certificate. security: - [] definitions: getMandateResponse-200: type: object required: - mandateId - type - creditor - creditorAccount - debtor - mandateStatus - lastActionDate - debtorAccount properties: mandateId: description: | Unique identification, as assigned by the creditor, to unambiguously identify the mandate. allOf: - $ref: '#/definitions/Max35Text' type: description: | Specifies the type of mandate, such as paper, electronic or scheme. allOf: - $ref: '#/definitions/mandateType' occurrences: description: | Provides details of the duration of the mandate and occurrence of the underlying direct debit transactions. allOf: - $ref: '#/definitions/ocurrences' firstCollectionAmount: description: | Amount different from the collection amount, as it includes the costs associated with the first debited amount. allOf: - $ref: '#/definitions/amount' collectionAmount: description: | Fixed amount to be collected from the debtor's account allOf: - $ref: '#/definitions/amount' maximumAmount: description: | Maximum amount that may be collected from the debtor's account, per instruction. allOf: - $ref: '#/definitions/amount' reasonCode: description: | Provides the reason for the setup of the mandate as an ISO code. allOf: - $ref: '#/definitions/MandateSetupReasonCode' reasonProprietary: description: | Provides the reason for the setup of the mandate as a proprietary code. allOf: - $ref: '#/definitions/Max35Text' creditorSchemeIdentification: description: | Credit party that signs the mandate. Could be mandated by ASPSP to fulfil requirements of the related direct debit schemes. allOf: - $ref: '#/definitions/extendedPartyDescription' creditor: description: | Party that signs the mandate and to whom an amount of money is due. allOf: - $ref: '#/definitions/extendedPartyDescription' creditorAccount: description: | This attribute is optional by default, but maybe mandated by ASPSPs or Direct Debit Schemes. If so, this must be documented accordingly in e.g. related Discovery Services. allOf: - $ref: '#/definitions/accountReference' creditorAgent: description: "" allOf: - $ref: '#/definitions/agentDescription' ultimateCreditor: description: "" allOf: - $ref: '#/definitions/extendedPartyDescription' debtor: description: "In case of synchronous authorisation, this attribute might be made optional by rules of direct debit schemes or the implementing ASPSP in case the debtorAccount is provided. \n" allOf: - $ref: '#/definitions/extendedPartyDescription' debtorAccount: description: "" allOf: - $ref: '#/definitions/accountReference' ultimateDebtor: description: "" allOf: - $ref: '#/definitions/extendedPartyDescription' mandateReference: description: | Reference assigned by a creditor or ultimate creditor for internal usage for the mandate. allOf: - $ref: '#/definitions/Max35Text' referredDocument: description: | Provides information to identify the underlying documents associated with the mandate. allOf: - $ref: '#/definitions/referredMandateDocumentInformation' mandateStatus: description: | The status of the mandate resource. allOf: - $ref: '#/definitions/MandateStatus' lastActionDate: description: | This date is containing the date of the last action on the mandate object either through the openFinance API or the PSU/ASPSP interface having an impact on the status. allOf: - $ref: '#/definitions/ISODate' getMandateStatusResponse-200: type: object required: - mandateStatus properties: mandateStatus: description: | This is the overall lifecycle status of the mandate. allOf: - $ref: '#/definitions/MandateStatus' mandateReasonCode: description: | Mandate reason code. allOf: - $ref: '#/definitions/MandateReasonCode' mandateReasonProprietary: description: | Proprietary mandate reason code. allOf: - $ref: '#/definitions/Max35Text' mandatesResponse-201: description: Body of the JSON response for a successful mandate request. properties: mandateResourceId: description: | Technical resource identification allOf: - $ref: '#/definitions/UUID' mandateStatus: description: | authentication status of the mandate allOf: - $ref: '#/definitions/MandateStatus' mandateReasonCode: description: | Mandate reason code allOf: - $ref: '#/definitions/MandateReasonCode' mandateReasonProprietary: description: | Propietary mandate reason code allOf: - $ref: '#/definitions/Max35Text' _links: description: "A list of hyperlinks to be recognised by the API Client. \nType of links admitted in this response (which might be extended by single ASPSPs as indicated in its documentation) are defined in [oFA SMPF] generically for all Transaction Initiation Response messages. \n" allOf: - $ref: '#/definitions/_links_201_Mandates' psuMessage: description: | Text to be displayed to the PSU, e.g. in a Decoupled SCA Approach allOf: - $ref: '#/definitions/Max512Text' required: - mandateStatus - mandateResourceId - _links type: object additionalProperties: true mandatesRequest: type: object required: - mandateId - type - creditor - debtor - debtorAccount properties: mandateId: description: | Unique identification, as assigned by the creditor, to unambiguously identify the mandate. allOf: - $ref: '#/definitions/Max35Text' type: description: | Specifies the type of mandate, such as paper, electronic or scheme. allOf: - $ref: '#/definitions/mandateType' occurrences: description: | Provides details of the duration of the mandate and occurrence of the underlying direct debit transactions. allOf: - $ref: '#/definitions/ocurrences' firstCollectionAmount: description: | Amount different from the collection amount, as it includes the costs associated with the first debited amount. allOf: - $ref: '#/definitions/amount' collectionAmount: description: | Fixed amount to be collected from the debtor's account allOf: - $ref: '#/definitions/amount' maximumAmount: description: | Maximum amount that may be collected from the debtor's account, per instruction. allOf: - $ref: '#/definitions/amount' reasonCode: description: | Provides the reason for the setup of the mandate as an ISO code. allOf: - $ref: '#/definitions/MandateSetupReasonCode' reasonProprietary: description: | Provides the reason for the setup of the mandate as a proprietary code. allOf: - $ref: '#/definitions/Max35Text' creditorSchemeIdentification: description: | Credit party that signs the mandate. Could be mandated by ASPSP to fulfil requirements of the related direct debit schemes. allOf: - $ref: '#/definitions/extendedPartyDescription' creditor: description: | Party that signs the mandate and to whom an amount of money is due. allOf: - $ref: '#/definitions/extendedPartyDescription' creditorAccount: description: | This attribute is optional by default, but maybe mandated by ASPSPs or Direct Debit Schemes. If so, this must be documented accordingly in e.g. related Discovery Services. allOf: - $ref: '#/definitions/accountReference' creditorAgent: description: "" allOf: - $ref: '#/definitions/agentDescription' ultimateCreditor: description: "" allOf: - $ref: '#/definitions/extendedPartyDescription' debtor: description: "In case of synchronous authorisation, this attribute might be made optional by rules of direct debit schemes or the implementing ASPSP in case the debtorAccount is provided. \n" allOf: - $ref: '#/definitions/extendedPartyDescription' debtorAccount: description: "" allOf: - $ref: '#/definitions/accountReference' ultimateDebtor: description: "" allOf: - $ref: '#/definitions/extendedPartyDescription' mandateReference: description: | Reference assigned by a creditor or ultimate creditor for internal usage for the mandate. allOf: - $ref: '#/definitions/Max35Text' referredDocument: description: | Provides information to identify the underlying documents associated with the mandate. allOf: - $ref: '#/definitions/referredMandateDocumentInformation' ServiceLevelCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. allOf: - $ref: '#/definitions/ServiceLevelCode' ServiceLevelCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - BKTR - G001 - G002 - G003 - G004 - NPCA - NUGP - NURG - PRPT - SDVA - SEPA - SVDE - URGP - URNS - INST - SRTP - SVAT - G006 - G007 - G005 - G009 - WFSM - EOLO example: SEPA Max2048Text: type: string maxLength: 2048 example: Text, maximum of 2048 characters. error_NG_409_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_409_Mandates' _links: $ref: '#/definitions/links' _links_201_Mandates: type: object additionalProperties: $ref: '#/definitions/hrefType' properties: scaOAuth: $ref: '#/definitions/hrefType' confirmation: $ref: '#/definitions/hrefType' self: $ref: '#/definitions/hrefType' status: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' error_NG_403_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_403_Mandates' _links: $ref: '#/definitions/links' PreferredMethod: description: See document \"openFinance API Framework Data Dictionary\", section \"Preferred Method\" for more details. type: string enum: - LETT - MAIL - PHON - FAXX - CELL example: MAIL OrganisationIdentificationCode: description: "" type: string enum: - BANK - CBID - CHID - CINC - COID - CUST - DUNS - EMPL - GS1G - SREN - SRET - TXID - BDID - BOID example: BOID clientMessageInformation_400_Mandates: type: object required: - category - code properties: category: description: Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_400' path: type: string text: $ref: '#/definitions/Max500Text' clientMessageInformation_403_Mandates: type: object required: - category - code properties: category: description: Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_403' path: type: string text: $ref: '#/definitions/Max500Text' ocurrences: description: See document \"openFinance API Framework Data Dictionary\", section \"Ocurrences\" for more details. type: object required: - sequenceType properties: sequenceType: description: A code allocated to a business entity or to a financial institution by a Registration Authority under an international identification scheme. allOf: - $ref: '#/definitions/SequenceTypeCode' frequencyType: description: "" allOf: - $ref: '#/definitions/FrequencyCode' duration: description: Length of time for which the mandate remains valid. allOf: - $ref: '#/definitions/duration' firstCollectionDate: description: Date of the first collection of a direct debit as per the mandate. allOf: - $ref: '#/definitions/ISODate' finalCollectionDate: description: Date of the final collection of a direct debit as per the mandate. allOf: - $ref: '#/definitions/ISODate' Max500Text: type: string maxLength: 500 example: Text, maximum of 500 characters. mandatesCancelResponse-202: description: Body of the response for a successful cancel mandate request. type: object required: - mandateStatus properties: mandateStatus: $ref: '#/definitions/MandateStatus' _links: $ref: '#/definitions/_linksMandateCancellation' error_NG_400_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_400_Mandates' _links: $ref: '#/definitions/links' CurrencyCode: description: See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[A-Z]{3}' example: EUR FrequencyCode: description: See document \"openFinance API Framework Data Dictionary\", section type: string enum: - Daily - Weekly - EveryTwoWeeks - Monthly - EveryTwoMonths - Quarterly - SemiAnnual - Annual - MonthlyVariable example: Monthly Max70Text: type: string maxLength: 70 example: Text, maximum of 70 characters. mandateType: description: See document \"openFinance API Framework Data Dictionary\", section \"Mandate Type\" for more details. type: object properties: localInstrumentCode: description: External List e.g. Core, B2B, DDMC (for electronic mandate) allOf: - $ref: '#/definitions/ExternalLocalInstrumentCode' localInstrumentProprietary: description: "" allOf: - $ref: '#/definitions/Max35Text' serviceLevelCode: description: External code allOf: - $ref: '#/definitions/ServiceLevelCode' serviceLevelProprietary: description: "" allOf: - $ref: '#/definitions/Max35Text' categoryPurposeCode: description: External list allOf: - $ref: '#/definitions/CategoryPurposeCode' categoryPurposeProprietary: description: "" allOf: - $ref: '#/definitions/Max35Text' classificationCode: description: | FIXE, USGB, VARI (internal code) allOf: - $ref: '#/definitions/ClassificationCode' classificationProprietary: description: "" allOf: - $ref: '#/definitions/Max35Text' referredMandateDocumentInformation: description: | See document \"openFinance API Framework Data Dictionary\", section \"Referred Mandate Document Information\" for more details. type: object properties: typeCode: description: | Specifies the type of referred document, provided as code. allOf: - $ref: '#/definitions/ReferredDocumentTypeCode' typeProprietary: description: | Specifies the type of referred document, provided in proprietary encoding. allOf: - $ref: '#/definitions/Max35Text' typeIssuer: description: | Issuer of the document type. allOf: - $ref: '#/definitions/Max35Text' number: description: | Unique and unambiguous identification of the referred document. allOf: - $ref: '#/definitions/Max35Text' creditorReference: description: | Unique and unambiguous identification as assigned by the creditor to the referred document shared with the debtor for its own reference. allOf: - $ref: '#/definitions/Max35Text' relatedDate: description: | Date associated with the referred document. allOf: - $ref: '#/definitions/ISODate' ClassificationCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Mandate Classification Code\" for more details. type: string enum: - FIXE - USGB - VARI example: FIXE MandateSetupReasonCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Mandate Setup Reason Code\" for more details. type: string hrefType: description: | See document \"openFinance API Framework Data Dictionary\", section \"href Type\" for more details. type: object required: - href properties: href: description: "" type: string _linksMandateCancellation: description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. Remark: All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): BOI Remarks: Added by BOI * 'scaOAuth': In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. type: object additionalProperties: $ref: '#/definitions/hrefType' properties: scaOAuth: $ref: '#/definitions/hrefType' links: description: | See document \"openFinance API Framework Data Dictionary\", section \"Links\" for more details. type: object properties: scaOAuth: description: | The link refers to a JSON document specifying the OAuth details of the ASPSP's authorisation server. JSON document follows the definition given in [RFC 8414]. allOf: - $ref: '#/definitions/hrefType' confirmation: description: "\\\"confirmation\\\": Might be added by the ASPSP if either the \\\"scaRedirect\\\" or \\\"scaOAuth\\\" hyperlink is returned in the same response message. \nThis hyperlink defines the URL to the resource which needs to be updated with \n* a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or\n* an access token as retrieved by submitting an authorization code after the integrated Oauth based authentication process with the ASPSP authentication server.\n" allOf: - $ref: '#/definitions/hrefType' self: description: "The link to the payment initiation resource created by the request itself. \nThis link can be used later to retrieve the transaction status of the payment initiation.\n" allOf: - $ref: '#/definitions/hrefType' status: description: | A link to retrieve the status of the transaction resource. allOf: - $ref: '#/definitions/hrefType' transactionfees: description: "The link is to the status resource. \nThis link is only added within the authorisation process in case fee information is available via the status resource.\n" allOf: - $ref: '#/definitions/hrefType' scaStatus: description: | A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource. allOf: - $ref: '#/definitions/hrefType' account: description: | A link to the resource providing the details of one account allOf: - $ref: '#/definitions/hrefType' savingsAccount: description: | A link to the resource providing the details of a savings account. allOf: - $ref: '#/definitions/hrefType' loanAccount: description: | A link to the resource providing the details of a loan account. allOf: - $ref: '#/definitions/hrefType' balances: description: | A link to the resource providing the balance of a dedicated account. allOf: - $ref: '#/definitions/hrefType' transactions: description: | A link to the resource providing the transaction history of a dedicated account. allOf: - $ref: '#/definitions/hrefType' cardAccount: description: | A link to the resource providing the details of one card account. allOf: - $ref: '#/definitions/hrefType' cardTransactions: description: | A link to the resource providing the transaction history of a dedicated card account. allOf: - $ref: '#/definitions/hrefType' transactionDetails: description: | A link to the resource providing details of a dedicated transaction. allOf: - $ref: '#/definitions/hrefType' ibanCheck: description: | A link to the endpoint offering the addressed iban check result. allOf: - $ref: '#/definitions/hrefType' paymentInitiation: description: | A link to an initiation related to a payment resource. allOf: - $ref: '#/definitions/hrefType' securitiesAccount: description: | A link to the resource providing the details of one securitiesAccount. allOf: - $ref: '#/definitions/hrefType' positions: description: | A link to the resource providing the list of positions of one securitiesAccount. allOf: - $ref: '#/definitions/hrefType' orders: description: | A link to the resource providing the list of orders of one securitiesAccount. allOf: - $ref: '#/definitions/hrefType' orderDetails: description: | A link to the resource providing details of one specific order. allOf: - $ref: '#/definitions/hrefType' relatedOrders: description: "An array of links to request order details of related orders related to the order that is represented by the data structure containing this element \n(e.g. other orders that originated from the same order split as this order). \n" type: array items: $ref: '#/definitions/hrefType' relatedTransactions: description: | An array of links to request securities transaction details of transactions that resulted from this order. type: array items: $ref: '#/definitions/hrefType' subscription: description: | A link to the resource providing the details of a subscription for Push AIS Services. allOf: - $ref: '#/definitions/hrefType' entryStatusRevoked: description: | Links to entry endpoints where the entry status is revoked. type: array items: $ref: '#/definitions/hrefType' first: description: | Navigation link for paginated account reports. allOf: - $ref: '#/definitions/hrefType' next: description: | Navigation link for paginated account reports. allOf: - $ref: '#/definitions/hrefType' previous: description: | Navigation link for paginated account reports. allOf: - $ref: '#/definitions/hrefType' last: description: | Navigation link for paginated account reports. allOf: - $ref: '#/definitions/hrefType' download: description: | Download link for huge AIS data packages. allOf: - $ref: '#/definitions/hrefType' confirmInitiation: description: | link to a confirmation endpoint, where a payment initiation needs to be confirmed explicitly by the API Client for execution. allOf: - $ref: '#/definitions/hrefType' aspspParameters: description: "" allOf: - $ref: '#/definitions/hrefType' aspspContacts: description: "" allOf: - $ref: '#/definitions/hrefType' aspspDowntimes: description: "" allOf: - $ref: '#/definitions/hrefType' UUID: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string format: uuid example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 genericFinancialInstitutionIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Generic Financial Institution Identification\" for more details. type: object required: - identification properties: identification: description: | Unique and unambiguous identification of a financial insitution. allOf: - $ref: '#/definitions/Max35Text' schemeNameCode: description: | An entry provided by an external ISO code list allOf: - $ref: '#/definitions/FinancialInstitutionIdentificationCode' schemeNameProprietary: description: | A scheme name defined in a proprietary way. allOf: - $ref: '#/definitions/Max35Text' issuer: description: | Issuer of the identification allOf: - $ref: '#/definitions/Max35Text' financialInstitutionIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Financial Institution Identification\" for more details. type: object properties: bicfi: description: "" allOf: - $ref: '#/definitions/BICFI' clearingSystemMemberId: description: | Information used to identify a member within a clearing system. allOf: - $ref: '#/definitions/clearingSystemMemberIdentification' name: description: | Name of the financial institution allOf: - $ref: '#/definitions/Max140Text' postalAddress: description: | Postal Address of the financial institution. allOf: - $ref: '#/definitions/postalAddress' other: description: | Unique identification of an organisation, as assigned by an institution, using an identification scheme. allOf: - $ref: '#/definitions/genericFinancialInstitutionIdentification' AuthenticationType: description: | See document \"openFinance API Framework Data Dictionary\", section \"Authentication Type\" for more details. type: string enum: - SMS_OTP - CHIP_OTP - PHOTO_OTP - PUSH_OTP - SMTP_OTP example: PUSH_OTP Max35Text: type: string maxLength: 35 example: Text, maximum of 35 characters. SequenceTypeCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - RCUR - OOFF example: OOFF msisdn: description: | An alias to access a payment account via a registered mobile phone number. type: string pattern: ^[0-9]{3}-\+?[1-9]\d{1,14}(\s?\d{1,13})*$ accountReference: description: | See document \"openFinance API Framework Data Dictionary\", section \"Account Reference\" for more details. type: object properties: iban: description: "" allOf: - $ref: '#/definitions/IBAN' bban: description: | BBAN of the account. This data elements is used for payment accounts which have no IBAN. allOf: - $ref: '#/definitions/BBAN' maskedPan: description: | Primary Account Number (PAN) of a card in a masked form. allOf: - $ref: '#/definitions/Max35Text' msisdn: description: | An alias to access a payment account via a registered mobile phone number. allOf: - $ref: '#/definitions/msisdn' other: description: | An alias with a proprietary coding allOf: - $ref: '#/definitions/genericAccountIdentification' typeCode: description: | Remark: Shall not be used in the consent model, since account category provides enough information for the ASPSP. allOf: - $ref: '#/definitions/CashAccountType' typeProprietary: description: | Remark: Shall not be used in the consent model, since account category provides enough information for the ASPSP. allOf: - $ref: '#/definitions/Max35Text' currency: description: | ISO 4217 Alpha 3 currency code allOf: - $ref: '#/definitions/CurrencyCode' IBAN: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}' example: FR7612345987650123456789014 ClearingSystemIdentificationCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more detail type: string enum: - ATBLZ - AUBSB - CACPA - CHBCC - CHSIC - CNAPS - DEBLZ - ESNCC - GBDSC - GRBIC - HKNCC - IENCC - INFSC - ITNCC - JPZGN - NZNCC - PLKNR - PTNCC - RUCBC - SESBA - SGIBG - THCBC - TWNCC - USABA - USPID - ZANCC - NZRSA - MZBMO - CNCIP - KRBOK example: DEBLZ Max16Text: type: string maxLength: 16 example: 16 Chars at most error_RFC7807_405_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_405' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_405' _links: $ref: '#/definitions/links' error_NG_404_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_404_Mandates' _links: $ref: '#/definitions/links' clientMessageInformation_404_Mandates: type: object required: - category - code properties: category: description: | Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_404' path: type: string text: $ref: '#/definitions/Max500Text' CashAccountType: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - CACC example: CACC genericAccountIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Generic Account Identification\" for more details. type: object required: - identification properties: identification: description: | Unique and unambiguous identification of an account. allOf: - $ref: '#/definitions/Max35Text' schemeNameCode: description: | An entry provided by an external ISO code list allOf: - $ref: '#/definitions/AccountIdentificationCode' schemeNameProprietary: description: | A scheme name defined in a proprietary way. allOf: - $ref: '#/definitions/Max35Text' issuer: description: | Issuer of the identification allOf: - $ref: '#/definitions/Max35Text' postalAddress: description: | See document \"openFinance API Framework Data Dictionary\", section \"Postal Address\" for more details. type: object properties: addressLines: description: | At most seven entries are permitted. May only be used, if none of the structured address elements \"streetName\", \"buildingNumber\", \"postcode\" or \"townName\" is used. *Remark:* For SEPA transactions this is further restricted to a maximum of 1 entry. type: array maxItems: 7 items: $ref: '#/definitions/Max140Text' department: description: | Identification of a division of a large organisation or building. allOf: - $ref: '#/definitions/Max70Text' subDepartment: description: | Identification of a sub-division of a large organisation or building. allOf: - $ref: '#/definitions/Max70Text' streetName: description: | Name of a street or thoroughfare. allOf: - $ref: '#/definitions/Max70Text' buildingNumber: description: | Number that identifies the position of a building on a street. allOf: - $ref: '#/definitions/Max16Text' buildingName: description: | Name of the building or house. allOf: - $ref: '#/definitions/Max35Text' floor: description: | Floor or storey within a building. allOf: - $ref: '#/definitions/Max70Text' postBox: description: | Numbered box in a post office, assigned to a person or organisation, where letters are kept until called for. allOf: - $ref: '#/definitions/Max16Text' room: description: | Building room number. allOf: - $ref: '#/definitions/Max70Text' postCode: description: | Identifier consisting of a group of letters and/or numbers that is added to a postal address to assist the sorting of mail. allOf: - $ref: '#/definitions/Max16Text' townName: description: "Name of a built-up area, with defined boundaries, and a local government. \n*Usage Rule:* If address lines are not used, this attribute is mandatrory.\n" allOf: - $ref: '#/definitions/Max35Text' townLocationName: description: | Specific location name within the town. allOf: - $ref: '#/definitions/Max35Text' districtName: description: | Identifies a subdivision within a country sub-division. allOf: - $ref: '#/definitions/Max35Text' countrySubDivision: description: | Identifies a subdivision of a country such as state, region, county. allOf: - $ref: '#/definitions/Max35Text' country: description: | Nation with its own government. *Usage Rule:* If address lines are not used, this attribute is mandatrory. allOf: - $ref: '#/definitions/CountryCode' genericOrganisationIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Generic Organisation Identification\" for more details. type: object required: - identification properties: identification: description: | Unique and unambiguous identification of an organisation. allOf: - $ref: '#/definitions/Max35Text' schemeNameCode: description: | An entry provided by an external ISO code list allOf: - $ref: '#/definitions/OrganisationIdentificationCode' schemeNameProprietary: description: | A scheme name defined in a proprietary way. allOf: - $ref: '#/definitions/Max35Text' issuer: description: | Issuer of the identification allOf: - $ref: '#/definitions/Max35Text' psuId: description: | Psu Id number or passport number. type: string pattern: ^([0-9]{9}|[A-Za-z]{2}-([A-Za-z0-9]){1,16})$ personIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Person Identification\" for more details. type: object required: - identification properties: identification: description: | Unique and unambiguous identification of a oersib. allOf: - $ref: '#/definitions/psuId' schemeNameCode: description: | An entry provided by an external ISO code list allOf: - $ref: '#/definitions/PersonIdentificationCode' schemeNameProprietary: description: | A scheme name defined in a proprietary way. allOf: - $ref: '#/definitions/Max35Text' issuer: description: | Issuer of the identification allOf: - $ref: '#/definitions/Max35Text' privateIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Private Identification\" for more details. type: object properties: birthDate: description: "" allOf: - $ref: '#/definitions/ISODate' provinceOfBirth: description: "" allOf: - $ref: '#/definitions/Max35Text' cityOfBirth: description: "" allOf: - $ref: '#/definitions/Max35Text' countryOfBirth: description: "" allOf: - $ref: '#/definitions/CountryCode' others: description: "Unique identification of a person, as assigned by an institution, using an identification scheme. \nShall be used if none of the above attributes is used.\n" type: array items: $ref: '#/definitions/personIdentification' error_RFC7807_400_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_400' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_400' _links: $ref: '#/definitions/links' clientMessageInformation_409_Mandates: type: object required: - category - code properties: category: description: | Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_409' path: type: string text: $ref: '#/definitions/Max500Text' error_RFC7807_401_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_401' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_401' _links: $ref: '#/definitions/links' error_RFC7807_404_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_404' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_404' _links: $ref: '#/definitions/links' AccountIdentificationCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - AIIN - BBAN - CUID - UPIC example: AIIN CategoryPurposeCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - BONU - CASH - CBLK - CCRD - CORT - DCRD - DIVI - DVPM - EPAY - FCIN - FCOL - GP2P - GOVT - HEDG - ICCP - IDCP - INTC - INTE - LBOX - LOAN - MP2B - MP2P - OTHR - PENS - RPRE - RRCT - RVPM - SALA - SECU - SSBE - SUPP - TAXS - TRAD - TREA - VATX - WHLD - SWEP - TOPG - ZABA - VOST - FCDT - CIPC - CONC example: OTHR Max256Text: type: string maxLength: 256 example: Text, maximum of 256 characters. clearingSystemMemberIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Clearing System Member Identification\" for more details. type: object properties: memberId: description: | Identification of a member of a clearing system. allOf: - $ref: '#/definitions/Max35Text' clearingSystemIdentificationCode: description: | Identification of a clearing system, in a coded form as published in an external list. allOf: - $ref: '#/definitions/ClearingSystemIdentificationCode' clearingSystemIdentificationProprietary: description: | Identification code for a clearing system, that has not yet been identified in the list of clearing systems. allOf: - $ref: '#/definitions/Max35Text' organisationIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Organisation Identification\" for more details. type: object properties: anyBIC: description: | A code allocated to a business entity or to a financial institution by a Registration Authority under an international identification scheme. allOf: - $ref: '#/definitions/BICFI' lei: description: | Legal Entity Identifier. allOf: - $ref: '#/definitions/LEI' others: description: | Unique identification of an organisation, as assigned by an institution, using an identification scheme. type: array items: $ref: '#/definitions/genericOrganisationIdentification' extendedPartyDescription: description: | See document \"openFinance API Framework Data Dictionary\", section \"Extended Party Description\" for more details. type: object properties: name: description: | Name of the party. allOf: - $ref: '#/definitions/Max140Text' postalAddress: description: | Postal Address of the party. allOf: - $ref: '#/definitions/postalAddress' identification: description: | Identification of the party. allOf: - $ref: '#/definitions/partyIdentification' countryOfResidence: description: "Country in which a person resides (the place of a person's home). \nIn the case of a company, it is the country from which the affairs of that company are directed.\n" allOf: - $ref: '#/definitions/CountryCode' contactDetails: description: | Set of elements used to indicate how to contact the party. allOf: - $ref: '#/definitions/contactDetails' agentDescription: description: | See document \"openFinance API Framework Data Dictionary\", section \"Agent Description\" for more details. type: object required: - financialInstitutionId properties: financialInstitutionId: description: "" allOf: - $ref: '#/definitions/financialInstitutionIdentification' branchIdentificationId: description: | Unique and unambiguous identification of a branch of a financial institution. allOf: - $ref: '#/definitions/Max35Text' branchIdentificationName: description: | Name by which an agent is known and which is usually used to identify that agent. allOf: - $ref: '#/definitions/Max140Text' authenticationObject: description: | See document \"openFinance API Framework Data Dictionary\", section \"Authentication Object\" for more details. type: object required: - authenticationType - authenticationMethodId - name properties: authenticationType: description: | Type of the authentication method. allOf: - $ref: '#/definitions/AuthenticationType' authenticationVersion: description: "Depending on the \\\"authenticationType\\\". This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. \nThis version can be referred to in the ASPSP's documentation.\n" type: string authenticationMethodId: description: | An identification provided by the ASPSP for the later identification of the authentication method selection. allOf: - $ref: '#/definitions/Max35Text' name: description: "This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. \nAlternatively this could be a description provided by the ASPSP like \\\"SMS OTP on phone +49160 xxxxx 28\\\".\nThis name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.\n" type: string explanation: description: | detailed information about the SCA method for the PSU type: string duration: description: | See document \"openFinance API Framework Data Dictionary\", section \"Duration\" for more details. type: object required: - fromDate properties: fromDate: description: "" allOf: - $ref: '#/definitions/ISODate' toDate: description: "" allOf: - $ref: '#/definitions/ISODate' ReferredDocumentTypeCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Referred Document Type Code\" for more details. type: string enum: - MSIN - CNFA - DNFA - CINV - CREN - DEBN - HIRI - SBIN - CMCN - SOAC - DISP - BOLD - VCHR - AROI - TSUT - PUOR example: PUOR MandateStatus: description: | See document \"openFinance API Framework Data Dictionary\", section \"Mandate Status\" for more details. type: string enum: - received - rejected - partiallyAuthorised - valid - revokedByPsu - expired - terminatedByTpp example: received NamePrefixCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Name Prefix Code\" for more details. type: string enum: - DOCT - MADM - MISS - MIST - MIKS example: MADM error_NG_405_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_405_Mandates' _links: $ref: '#/definitions/links' BICFI: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' example: ECBFDEFFFIM MandateReasonCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Mandate Reason Code\" for more details. type: string enum: - AC01 - AC04 - AC06 - AG01 - AG02 - AM02 - AM03 - AM05 - BE01 - BE04 - BE05 - BE06 - BE07 - DT01 - FF01 - MD01 - MD02 - MD07 - MD08 - MD09 - MD10 - MD11 - MD12 - MD13 - MD14 - MD15 - MD16 - MD17 - MD18 - MD19 - MD20 - MD21 - MD22 - MD23 - MS02 - MS03 - NARR - RC01 - RF01 - RR01 - RR02 - RR03 - RR04 - SL01 - SL11 - SL12 - SL13 - SL14 example: SL14 CountryCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[A-Z]{2}' example: SE Max140Text: type: string maxLength: 140 example: Text, maximum of 140 characters. Max512Text: type: string maxLength: 512 example: Text, maximum of 512 characters. clientMessageInformation_405_Mandates: type: object required: - category - code properties: category: description: | Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_405' path: type: string text: $ref: '#/definitions/Max500Text' PersonIdentificationCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string enum: - ARNU - CCPT - CUST - DRLC - EMPL - NIDN - SOSE - TELE - TXID - POID example: NIDN amount: description: | See document \"openFinance API Framework Data Dictionary\", section \"Amount\" for more details. type: object required: - currency - amount properties: currency: description: | ISO 4217 Alpha 3 currency code allOf: - $ref: '#/definitions/CurrencyCode' amount: description: | The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. Example: Valid representations for EUR with up to two decimals are: * 1056 * 5768.2 * -1.50 * 5877.78 type: string pattern: -?[0-9]{1,14}(\.[0-9]{1,3})? ExternalLocalInstrumentCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Exchange Rate Type Code\" for more details. type: string enum: - MASAV example: MASAV MessageCode_ServiceUnspecific_409: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. enum: - STATUS_INVALID example: STATUS_INVALID contactDetails: description: | See document \"openFinance API Framework Data Dictionary\", section \"Contact Details\" for more details. type: object properties: namePrefix: description: | Specifies the terms used to formally address a person. allOf: - $ref: '#/definitions/NamePrefixCode' name: description: "" allOf: - $ref: '#/definitions/Max70Text' phoneNumber: description: | pattern \+[0-9]{1,3}-[0-9()+\-]{1,30} allOf: - $ref: '#/definitions/Max35Text' mobileNumber: description: | pattern \+[0-9]{1,3}-[0-9()+\-]{1,30} allOf: - $ref: '#/definitions/Max35Text' faxNumber: description: | pattern \+[0-9]{1,3}-[0-9()+\-]{1,30} allOf: - $ref: '#/definitions/Max35Text' emailAddress: description: | Address for electronic mail (e-mail). allOf: - $ref: '#/definitions/Max70Text' emailPurpose: description: | Purpose for which an email address may be used. allOf: - $ref: '#/definitions/Max35Text' jobTitle: description: | Title of the function. allOf: - $ref: '#/definitions/Max35Text' responsibility: description: | Role of a person in an organisation. allOf: - $ref: '#/definitions/Max35Text' department: description: | Identification of a division of a large organisation or building. allOf: - $ref: '#/definitions/Max35Text' preferredMethod: description: | Preferred method used to reach the contact. allOf: - $ref: '#/definitions/PreferredMethod' error_RFC7807_409_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_409' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_409' _links: $ref: '#/definitions/links' FinancialInstitutionIdentificationCode: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string MessageCode_ServiceUnspecific_405: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. type: string enum: - SERVICE_INVALID example: SERVICE_INVALID ISODate: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string format: date example: "2020-01-01" LEI: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[A-Z0-9]{18,18}[0-9]{2,2}' example: 549300DTUYXVMJXZNY75 MessageCode_ServiceUnspecific_404: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. type: string enum: - RESOURCE_UNKNOWN example: RESOURCE_UNKNOWN BBAN: description: | See document \"openFinance API Framework Data Dictionary\", section \"Other ISO-related basic Types\" for more details. type: string pattern: '[a-zA-Z0-9]{1,30}' example: BARC12345612345678 MessageCode_ServiceUnspecific_403: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. type: string enum: - SERVICE_BLOCKED - CONSENT_UNKNOWN - RESOURCE_UNKNOWN - RESOURCE_EXPIRED example: SERVICE_BLOCKED clientMessageInformation_401_Mandates: type: object required: - category - code properties: category: description: Only \"ERROR\" or \"WARNING\" permitted type: string code: $ref: '#/definitions/MessageCode_ServiceUnspecific_401' path: type: string text: $ref: '#/definitions/Max500Text' MessageCode_ServiceUnspecific_401: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. type: string enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKED - CERTIFICATE_MISSING - CLIENT_INVALID - CLIENT_INCONSISTENT - SIGNATURE_INVALID - SIGNATURE_MISSING - PSU_CREDENTIALS_INVALID - CORPORATE_ID_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED example: CERTIFICATE_INVALID MessageCode_ServiceUnspecific_400: description: | See document \"openFinance API Framework Data Dictionary\", section \"Service Unspecific HTTP Error Codes\" for more details. type: string enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - CONSENT_UNKNOWN - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID example: FORMAT_ERROR error_NG_401_Mandates: type: object properties: apiClientMessages: type: array items: $ref: '#/definitions/clientMessageInformation_401_Mandates' _links: $ref: '#/definitions/links' challenge: description: | See document \"openFinance API Framework Data Dictionary\", section \"Challenge\" for more details. type: object properties: image: description: | PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding, cp. [RFC4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method. type: string data: description: | A collection of challenge data type: array items: type: string imageLink: description: | A link where the ASPSP will provides the challenge image for the TPP. type: string otpMaxLength: description: | The maximal length for the OTP to be typed in by the PSU. type: integer otpFormat: description: | The format type of the OTP to be typed in. The admitted values are \"characters\" or \"integer\". type: string additionalInformation: description: | Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU. type: string error_RFC7807_403_Mandates: description: | Standardised definition of reporting error information according to [RFC7807]. type: object required: - type - code properties: type: description: "A URI reference [RFC3986] that identifies the problem type. \nRemark For Future: These URI will be provided by NextGenPSD2 in future.\n" type: string format: uri maxLength: 70 title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. allOf: - $ref: '#/definitions/Max70Text' status: description: "HTTP response code generated by the server.\nIf contained, this is more relevant as the actual http response code in the actual response, because it is introduced by the application server. \n" type: integer detail: description: "Detailed human readable text specific to this instance of the error. \n" allOf: - $ref: '#/definitions/Max500Text' instance: description: | This attribute is containing a JSON pointer (as defined in [RFC6901]) or XPath expression to indicate the path to an issue generating the error in the related request. allOf: - $ref: '#/definitions/Max256Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_403' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/definitions/Max70Text' detail: $ref: '#/definitions/Max500Text' code: $ref: '#/definitions/MessageCode_ServiceUnspecific_403' _links: $ref: '#/definitions/links' partyIdentification: description: | See document \"openFinance API Framework Data Dictionary\", section \"Party Identification\" for more details. type: object properties: organisationId: description: | An entry provided by an external ISO code list allOf: - $ref: '#/definitions/organisationIdentification' privateId: description: | A scheme name defined in a proprietary way. allOf: - $ref: '#/definitions/privateIdentification' well-known: properties: issuer: type: object example: https://mtls-api-nonprod.discountbank.co.il authorization_endpoint: type: string example: https://api-nonprod.discountbank.co.il/devapi/cert/mandate/authorize token_endpoint: type: string example: https://mtls-api-nonprod.discountbank.co.il/devapi/cert/mandate/token response_types_supported: type: array items: type: string example: '["code" ]' additionalProperties: false well-known-cancellation: properties: issuer: type: object example: https://mtls-api-nonprod.discountbank.co.il authorization_endpoint: type: string example: https://api-nonprod.discountbank.co.il/devapi/cert/mandate/cancellation/authorize response_types_supported: type: array items: type: string example: '["code" ]' additionalProperties: false well-known-response: properties: response: $ref: '#/definitions/well-known' example: '{ "issuer": "https://mtls-api-nonprod.discountbank.co.il", "authorization_endpoint": "https://api-nonprod.discountbank.co.il/development/cert-dev/mandate/authorize", "token_endpoint": "https://mtls-api-nonprod.discountbank.co.il/development/cert-dev/mandate/token", "response_types_supported": [ "code" ] }' additionalProperties: false well-known-mandateCancellation-response: properties: response: $ref: '#/definitions/well-known-cancellation' example: '{ "issuer": "https://mtls-api-nonprod.discountbank.co.il", "authorization_endpoint": "https://api-nonprod.discountbank.co.il/development/cert-dev/mandate/cancellation/authorize", "response_types_supported": [ "code" ] }' additionalProperties: false parameters: X-Request-ID: name: X-Request-ID type: string format: uuid required: true in: header description: ID of the request, unique to the call, as determined by the initiating party. x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 Digest: name: Digest type: string required: true in: header description: Is contained if and only if the "Signature" element is contained in the header of the request. x-example: SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A= Signature: name: Signature type: string required: true in: header description: A signature of the request by the TPP on application level. This might be mandated by ASPSP. x-example: keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" TPP-Signature-Certificate: name: TPP-Signature-Certificate type: string format: byte required: true in: header description: The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. Accept: name: Accept type: string required: false in: header Content-Type: name: Content-Type type: string required: true in: header TPP-Nok-Redirect-URI: name: TPP-Nok-Redirect-URI type: string format: uri maxLength: 2048 required: false in: header description: If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. TPP-Redirect-URI: name: TPP-Redirect-URI type: string format: uri maxLength: 2048 required: false in: header description: |- URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification. tags: [] externalDocs: description: openFinance API Framework Implementation Guidelines for Extended Services url: https://www.berlin-group.org/openfinance-downloads x-ibm-endpoints: - endpointUrl: https://mtls-api.discountbank.co.il/prod/d type: - production - development ...