--- swagger: "2.0" info: x-ibm-name: psd2-business contact: email: Support_api@dbank.co.il name: Discount Bank LTD url: https://www.OpenBanking.co.il/ description: '# Summary' license: name: "" url: "" title: PSD2 Business version: OBG 1.0.0 name: "" schemes: - https basePath: /psd2/business consumes: - application/json produces: - application/json security: - oauth2: - consents - balances-CACC - accounts-CACC - transactions-CACC - payments - Client-Id: [] securityDefinitions: Client-Id: type: apiKey description: "" in: header name: X-IBM-Client-Id oauth2: type: oauth2 description: "" flow: accessCode scopes: consents: /consents/{consentId} balances-CACC: data balances accounts-CACC: data account access transactions-CACC: data transactions payments: "" authorizationUrl: "" tokenUrl: "" x-scopeValidate: tls-profile: eyal.dullberg@dbank.co.il x-ibm-configuration: enforced: true testable: true phase: realized paths: /accounts: get: produces: - application/json parameters: - description: | If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP. in: query name: withBalance required: false type: boolean - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature type: string - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. in: header name: TPP-Signature-Certificate type: string - description: | This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK. In case, no account is accessible, the ASPSP shall return an empty array. As this is also considered a positive response, the Response code must still be 200. headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/accountList' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | Read the identifiers of the available payment account together with booking balance information, depending on the consent granted. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId, respectively the OAuth2 access token. Returns all identifiers of the accounts, to which an account access has been granted to through the /consents endpoint by the PSU. In addition, relevant information about the accounts and hyperlinks to corresponding account information resources are provided if a related consent has been already granted. Remark: Note that the /consents endpoint optionally offers to grant an access on all available payment accounts of a PSU. In this case, this endpoint will deliver the information about all available payment accounts of the PSU at this ASPSP. BOI-REMARK: TPP with PSP_IC role is authorised to much less details about accounts, all attributes that should be filtered are marked on schema AccountDetails. operationId: accounts-CACC:get_cacc_accounts summary: Read account list security: - oauth2: - accounts-CACC Client-Id: [] /accounts/{account-id}: get: produces: - application/json parameters: - description: | This identification is denoting the addressed (card) account. The account-id is retrieved by using a "Read Account List" or "Read Card Account list" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: account-id required: true type: string - description: | If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP. in: query name: withBalance required: false type: boolean - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: properties: account: $ref: '#/definitions/accountDetails' required: - account type: object 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | Reads details about an account, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed details of this account depends then on the stored consent addressed by consentId, respectively the OAuth2 access token. **NOTE:** The account-id can represent a multicurrency account. In this case the currency code is set to "XXX". Give detailed information about the addressed account. Give detailed information about the addressed account together with balance information BOI-REMARK: TPP with PSP_IC role is authorised to much less details about accounts, all attributes that should be filtered are marked on schema AccountDetails. operationId: accounts-CACC:get_cacc_account summary: Read account details security: - oauth2: - accounts-CACC /accounts/{account-id}/balances: get: produces: - application/json parameters: - description: | This identification is denoting the addressed (card) account. The account-id is retrieved by using a "Read Account List" or "Read Card Account list" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: account-id required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/readAccountBalanceResponse-200' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | Reads account data from a given account addressed by "account-id". **Remark:** This account-id can be a tokenised identification due to data protection reason since the path information might be logged on intermediary servers within the ASPSP sphere. This account-id then can be retrieved by the "Get account list" call. The account-id is constant at least throughout the lifecycle of a given consent. operationId: balances-CACC:get_cacc_balances summary: Read balance security: - oauth2: - balances-CACC /accounts/{account-id}/transactions: get: produces: - application/json parameters: - description: | This identification is denoting the addressed (card) account. The account-id is retrieved by using a "Read Account List" or "Read Card Account list" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: account-id required: true type: string - description: | Conditional: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required and if bookingStatus does not equal "information". For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. BOI remarks: the minimum value can be at least 12 month prior to "now". In case of exception from the minimum value the response will be only for the minimum period. format: date in: query name: dateFrom required: true type: string - description: | End date (inclusive the data dateTo) of the transaction list, default is "now" if not given. Might be ignored if a delta function is used. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. BOI-REMARK: ASPSP must support this option for account-id/transactions format: date in: query name: dateTo required: false type: string - description: | This data attribute is indicating that the AISP is in favour to get all transactions after the transaction with identification entryReferenceFrom alternatively to the above defined period. This is a implementation of a delta access. If this data element is contained, the entries "dateFrom" and "dateTo" might be ignored by the ASPSP if a delta report is supported. Optional if supported by API provider. in: query name: entryReferenceFrom required: false type: string - description: | Permitted codes are * "booked", * "pending", * "both", * "information" and * "all" "booked" shall be supported by the ASPSP. To support the "pending" and "both" feature is optional for the ASPSP, Error code if not supported in the online banking frontend. If supported, "both" means to request transaction reports of transaction of bookingStatus either "pending" or "booked". To support the "information" feature is optional for the ASPSP. Currently the booking status “information” only covers standing orders. Error code if not supported. To support the "all" feature is optional for the ASPSP, Error code if not supported. If supported, "all" means to request transaction reports of transaction of any bookingStatus ("pending", "booked" or "information"). enum: - information - booked - pending - both - all in: query name: bookingStatus required: true type: string - description: |- This data attribute is indicating that the AISP is in favour to get all transactions after the last report access for this PSU on the addressed account. This is another implementation of a delta access-report. This delta indicator might be rejected by the ASPSP if this function is not supported. Optional if supported by API provider in: query name: deltaList type: boolean - description: | If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP. in: query name: withBalance required: false type: boolean - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/transactionsResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | Read transaction reports or transaction lists of a given account ddressed by "account-id", depending on the steering parameter "bookingStatus" together with balances. For a given account, additional parameters are e.g. the attributes "dateFrom" and "dateTo". The ASPSP might add balance information, if transaction lists without balances are not supported. operationId: transactions-CACC:get_cacc_transactions summary: Read transaction list of an account security: - oauth2: - transactions-CACC /consents: post: consumes: - application/json produces: - application/json parameters: - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | BOI-REMARK - The PSU id number or passport number. Possible values are: * ID = only digits. * Passport = 2 characters ISO 3166 country code + '-' + Passport number. in: header name: PSU-ID pattern: ^([0-9]{9}|[A-Za-z]{2}-([A-Za-z0-9]){1,16})$ required: true type: string x-example: IL-12345678945 - description: | BOI-REMARK - Specific brands or channels of the ASPSP only in case there is more than one. Possible values should be found in ASPSP's documentation and get approved in advance by BOI. in: header maxLength: 512 name: PSU-ID-Type required: false type: string - description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. in: header name: PSU-Corporate-ID pattern: ^[A-Z]{2}[-]\d{9,10}|\d{9,10}$ required: false type: string - description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. in: header maxLength: 512 name: PSU-Corporate-ID-Type required: false type: string - description: | BOI-REMARK- If it equals "false" , the ASPSP has to choose Decoupled SCA approach if supported by the ASPSP for the related PSU, because Embedded does not supported. ASPSP not supporting Decoupled SCA approach can ignore this attribute. in: header name: TPP-Redirect-Preferred required: false type: boolean - description: | If it equals "true", the TPP prefers a decoupled SCA approach. If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. The parameter might be ignored by the ASPSP. If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. **Remark for Future:** TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility. in: header name: TPP-Decoupled-Preferred required: false type: boolean - description: | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification. format: uri in: header maxLength: 2048 name: TPP-Redirect-URI required: false type: string - description: | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. format: uri in: header maxLength: 2048 name: TPP-Nok-Redirect-URI required: false type: string - description: | If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. in: header name: TPP-Explicit-Authorisation-Preferred required: false type: boolean - description: | This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP. in: header name: TPP-Brand-Logging-Information required: false type: string - description: | URI for the Endpoint of the TPP-API to which the status of the consent status should be sent. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply. format: uri in: header maxLength: 2048 name: TPP-Notification-URI required: true type: string - description: | The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP. in: header maxLength: 2048 name: TPP-Notification-Content-Preferred required: false type: string - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. format: ipv4 in: header name: PSU-IP-Address required: true type: string x-example: 192.168.8.78 - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 - description: | Request body for a consents request. in: body name: body schema: $ref: '#/definitions/consents' responses: 201: description: Created headers: ASPSP-Notification-Content: description: | The string has the form status=X1, …, Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the following semantics SCA - Notification on every change of the scaStatus attribute for all related authorisation processes is provided by the ASPSP for the related resource. PROCESS - Notification on all changes of consentStatus or transactionStatus attributes is provided by the ASPSP for the related resource LAST - Notification on the last consentStatus or transactionStatus as available in the XS2A interface is provided by the ASPSP for the related resource. This field must be provided if the ASPSP-Notification-Support=true. The ASPSP might consider the notification content as preferred by the TPP, but can also respond independently of the preferred request type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean ASPSP-SCA-Approach: description: | This data element must be contained, if the SCA Approach is already fixed. Possible values are * DECOUPLED * REDIRECT The OAuth SCA approach will be subsumed by REDIRECT. type: string Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/consentsResponse-201' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | This method create a consent resource, defining access rights to dedicated accounts of a given PSU-ID. These accounts are addressed explicitly in the method as parameters as a core function. **Side Effects** When this consent request is a request where the "recurringIndicator" equals "true", and if it exists already a former consent for recurring access on account information for the addressed PSU, then the former consent automatically expires as soon as the new consent request is authorised by the PSU. BOI-REMARK: BOI is differentiating ASPSPs in the role of banks and of credit card processors. For banks, the detailed consent will differentiate between payment accounts and card accounts- payment accounts are addressed by the IBAN as offered in the generic NextGenPSD2 standard. If card related information is also addressed, the TPP shall not use PANs of a credit card. The TPP may use the IBAN with the additional cashAccountType "CARD". When card related information is addressed the meaning is that the consent is given to all credit cards related to the same IBAN. For credit card processors, all cards which are to be consented for account information need to be addressed by maskedPANs specificlly in the Detailed Consent Model. Credit card processors are mandated to offer in addition the Bank Offered Consent Model, i.e. in a first (or follow up) consent request, the TPP can let the PSU choose all cards to be addressed during authorisation on the ASPSP authorisation page. The TPP will retrieve the maskedPANs of all related cards in the GET /card-accounts/… calls. Optional Extension: As an option, an ASPSP might optionally accept a specific access right on the access on all PSD2 related services for all available accounts. As another option an ASPSP might optionally also accept a command, where only access rights are inserted without mentioning the addressed account. The relation to accounts is then handled afterwards between PSU and ASPSP. This option is not supported for the Embedded SCA Approach. As a last option, an ASPSP might in addition accept a command with access rights * to see the list of available payment accounts or * to see the list of available payment accounts with balances. operationId: create_consent summary: Create consent security: - [] /consents/{consentId}: delete: produces: - application/json parameters: - description: | ID of the corresponding consent object as returned by an account information consent request. in: path maxLength: 512 name: consentId required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 204: description: No Content headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: The TPP can delete an account information consent object if needed. operationId: consents-NotCancelled:delete_consent summary: Delete consent consumes: - application/json security: - [] get: produces: - application/json parameters: - description: | ID of the corresponding consent object as returned by an account information consent request. in: path maxLength: 512 name: consentId required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/consentInformationResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: | Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a redirect SCA Approach. operationId: consents-valid:get_consent summary: Get consent request security: - oauth2: - consents /consents/{consentId}/status: get: produces: - application/json parameters: - description: | ID of the corresponding consent object as returned by an account information consent request. in: path maxLength: 512 name: consentId required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string - description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/consentStatusResponse-200' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_AIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_AIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_AIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_AIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_AIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error406_NG_AIS' 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_AIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error429_NG_AIS' 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Account Information Service (AIS) description: Read the status of an account information consent resource. operationId: consents-any:get_consent_status summary: Consent status request security: - [] /payments/{payment-product}/{paymentId}: get: produces: - application/json parameters: - description: | The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - "masav" - "zahav" - "fp" **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants. enum: - masav - zahav - fp in: path name: payment-product required: true type: string - description: Resource identification of the generated payment initiation resource. in: path name: paymentId required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: false type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: false type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: false type: string - description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 - name: content-authorization type: string required: false in: header description: signed JWT with the required claims - name: Authorization type: string required: true in: header description: token responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_PIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_PIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_PIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_PIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_PIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_PIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Payment Initiation Service (PIS) description: Returns the content of a payment object operationId: payments-valid:get_payment summary: Get payment information security: - Client-Id: [] oauth2: - payments /payments/{payment-product}/{paymentId}/status: get: produces: - application/json parameters: - description: | The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - "masav" - "zahav" - "fp" **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants. enum: - masav - zahav - fp in: path name: payment-product required: true type: string - description: Resource identification of the generated payment initiation resource. in: path name: paymentId required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: false type: string - description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: false type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" - description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: false type: string - description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 - name: content-authorization type: string required: false in: header description: signed JWT with the required claims responses: 200: description: OK headers: X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/paymentInitiationStatusResponse-200_json' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_PIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_PIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_PIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_PIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_PIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_PIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Payment Initiation Service (PIS) description: Check the transaction status of a payment initiation. operationId: payments-any:get_payment_status summary: Payment initiation status request security: - Client-Id: [] /payments/{payment-product}: post: consumes: - application/json produces: - application/json parameters: - description: | The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - "masav" - "zahav" - "fp" **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants. enum: - masav - zahav - fp in: path name: payment-product required: true type: string - description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string - description: signed JWT with the required claims in: header name: Content-Authorization required: true type: string - description: | BOI-REMARK - The PSU id number or passport number. Possible values are: * ID = only digits. * Passport = 2 characters ISO 3166 country code + '-' + Passport number. in: header name: PSU-ID pattern: ^([0-9]{9}|[A-Za-z]{2}-([A-Za-z0-9]){1,16})$ required: true type: string x-example: IL-12345678945 - description: | BOI-REMARK - Specific brands or channels of the ASPSP only in case there is more than one. Possible values should be found in ASPSP's documentation and get approved in advance by BOI. in: header maxLength: 512 name: PSU-ID-Type required: false type: string - description: | This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: false type: string - description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 - description: | BOI-REMARK- If it equals "false" , the ASPSP has to choose Decoupled SCA approach if supported by the ASPSP for the related PSU, because Embedded does not supported. ASPSP not supporting Decoupled SCA approach can ignore this attribute. in: header name: TPP-Redirect-Preferred required: false type: boolean - description: | If it equals "true", the TPP prefers a decoupled SCA approach. If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. The parameter might be ignored by the ASPSP. If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. **Remark for Future:** TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility. in: header name: TPP-Decoupled-Preferred required: false type: boolean - description: | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification. format: uri in: header maxLength: 2048 name: TPP-Redirect-URI required: false type: string - description: | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. format: uri in: header maxLength: 2048 name: TPP-Nok-Redirect-URI required: false type: string - description: | If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. in: header name: TPP-Explicit-Authorisation-Preferred required: false type: boolean - description: | If it equals "true" then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals "false" then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter might be ignored by the ASPSP. in: header name: TPP-Rejection-NoFunds-Preferred required: false type: boolean - description: | This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP. in: header name: TPP-Brand-Logging-Information required: false type: string - description: | URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply. format: uri in: header maxLength: 2048 name: TPP-Notification-URI required: false type: string - description: | The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP. in: header maxLength: 2048 name: TPP-Notification-Content-Preferred required: false type: string - description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string - description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string - description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string - description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string - description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 - description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 - description: | JSON request body for a payment inition request message. There are the following payment-products supported: * "masav" with JSON-Body * "zahav" with JSON-Body * "FP" with JSON-Body There are the following payment-services supported: * "payments" * "bulk-payments" - optional * "periodic-payments" - optional All optional, conditional and predefined but not yet used fields are defined. in: body name: body required: true schema: $ref: '#/definitions/paymentInitiation_json' responses: 201: description: CREATED headers: ASPSP-Notification-Content: description: | The string has the form status=X1, …, Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the following semantics SCA - Notification on every change of the scaStatus attribute for all related authorisation processes is provided by the ASPSP for the related resource. PROCESS - Notification on all changes of consentStatus or transactionStatus attributes is provided by the ASPSP for the related resource LAST - Notification on the last consentStatus or transactionStatus as available in the XS2A interface is provided by the ASPSP for the related resource. This field must be provided if the ASPSP-Notification-Support=true. The ASPSP might consider the notification content as preferred by the TPP, but can also respond independently of the preferred request type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. type: boolean ASPSP-SCA-Approach: description: | This data element must be contained, if the SCA Approach is already fixed. Possible values are * DECOUPLED * REDIRECT The OAuth SCA approach will be subsumed by REDIRECT. type: string Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/paymentInitationRequestResponse-201' 400: description: Bad Request headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error400_NG_PIS' 401: description: Unauthorized headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error401_NG_PIS' 403: description: Forbidden headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error403_NG_PIS' 404: description: Not found headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error404_NG_PIS' 405: description: Method Not Allowed headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error405_NG_PIS' 406: description: Not Acceptable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 408: description: Request Timeout headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 409: description: Conflict headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string schema: $ref: '#/definitions/Error409_NG_PIS' 415: description: Unsupported Media Type headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 429: description: Too Many Requests headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 500: description: Internal Server Error headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string 503: description: Service Unavailable headers: Location: description: | Location of the created resource. type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. type: string tags: - Payment Initiation Service (PIS) description: | This method is used to initiate a payment at the ASPSP. ## Variants of payment initiation requests This method to initiate a payment initiation at the ASPSP can be sent with JSON body . There are the following **payment products**: - Payment products with payment information in *JSON* format: - ***masav*** - ***zahav*** - ***FP*** Furthermore the request body depends on the **payment-service**: * ***payments***: A single payment initiation request. * ***bulk-payments***: A collection of several payment initiation requests. In case of a *pain.001* message there are more than one payments contained in the *pain.001 message. In case of a *JSON* there are several JSON payment blocks contained in a joining list. * ***periodic-payments***: Create a standing order initiation resource for recurrent i.e. periodic payments addressable under {paymentId} with all data relevant for the corresponding payment product and the execution of the standing order contained in a JSON body. This is the first step in the API to initiate the related recurring/periodic payment. ### BOI-REMARK : Multilevel SCA Approach does not supported. The Payment Initiation Requests are independent from the need of one or multilevel ## Single and mulitilevel SCA Processes The payment initiation requests are independent from the need of one or multilevel SCA processing, i.e. independent from the number of authorisations needed for the execution of payments. But the response messages are specific to either one SCA processing or multilevel SCA processing. For payment initiation with multilevel SCA, this specification requires an explicit start of the authorisation, i.e. links directly associated with SCA processing like 'scaRedirect' or 'scaOAuth' cannot be contained in the response message of a Payment Initation Request for a payment, where multiple authorisations are needed. Also if any data is needed for the next action, like selecting an SCA method is not supported in the response, since all starts of the multiple authorisations are fully equal. In these cases, first an authorisation sub-resource has to be generated following the 'startAuthorisation' link. operationId: initiatePayment summary: Payment initiation request security: - Client-Id: [] /oauth/consents/.well-known/oauth-authorization-server: get: responses: 200: description: 200 OK schema: $ref: '#/definitions/well-known-response' operationId: consents_wellknown security: - Client-Id: [] summary: OAuth2 Location description: The link where the configuration of the OAuth2 Server is defined. parameters: - name: Digest type: string required: false in: header description: This field is not verified - name: Signature type: string required: false in: header description: A signature of the request by the TPP on application level. This field is not verified. - name: tpp-signature-certificate type: string required: false in: header description: The certificate used for signing the request, in base64 encoding. The certificate is eIDAS Qseal certificate must contain the same O + OU that exsists in the eIDAS Qwac certificate. /oauth/payments/.well-known/oauth-authorization-server: get: responses: 200: description: 200 OK schema: $ref: '#/definitions/well-known-payment-response' operationId: payments_wellknown parameters: - name: TPP-Signature-Certificate type: string required: true in: header description: The certificate used for signing the request, in base64 encoding. The certificate is eIDAS Qseal certificate must contain the same O + OU that exsists in the eIDAS Qwac certificate. security: - Client-Id: [] definitions: EntryDetailsElement: properties: checkId: description: Identification of a Cheque. maxLength: 35 type: string creditorAccount: $ref: '#/definitions/accountReference' creditorAgent: $ref: '#/definitions/bicfi' creditorId: $ref: '#/definitions/creditorId' creditorName: $ref: '#/definitions/creditorName' currencyExchange: $ref: '#/definitions/reportExchangeRateList' debtorAccount: $ref: '#/definitions/accountReference' debtorAgent: $ref: '#/definitions/bicfi' debtorName: $ref: '#/definitions/debtorName' endToEndId: description: Unique end to end identity. maxLength: 35 type: string mandateId: description: Identification of Mandates, e.g. a SEPA Mandate ID. maxLength: 35 type: string purposeCode: $ref: '#/definitions/purposeCode' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' remittanceInformationUnstructuredArray: $ref: '#/definitions/remittanceInformationUnstructuredArray' transactionAmount: $ref: '#/definitions/amount' ultimateCreditor: $ref: '#/definitions/ultimateCreditor' ultimateDebtor: $ref: '#/definitions/ultimateDebtor' required: - transactionAmount type: object Error400_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 400 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode400_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode400_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error400_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 400. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage400_AIS' type: array type: object Error400_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 400. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage400_PIIS' type: array type: object Error400_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 400. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage400_PIS' type: array type: object Error400_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 400. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage400_SBS' type: array type: object Error400_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 400 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode400_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode400_PIIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error400_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 400 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode400_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode400_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error400_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 400 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode400_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode400_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error401_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode401_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode401_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error401_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage401_AIS' type: array type: object Error401_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage401_PIIS' type: array type: object Error401_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage401_PIS' type: array type: object Error401_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage401_SBS' type: array type: object Error401_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode401_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode401_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error401_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode401_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode401_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error401_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode401_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode401_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error403_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode403_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode403_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error403_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 403. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage403_AIS' type: array type: object Error403_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 403. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage403_PIIS' type: array type: object Error403_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 403. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage403_PIS' type: array type: object Error403_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 403. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage403_SBS' type: array type: object Error403_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode403_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode403_PIIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error403_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode403_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode403_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error403_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode403_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode403_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error404_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 404 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode404_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode404_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error404_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage404_AIS' type: array type: object Error404_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage404_PIIS' type: array type: object Error404_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage404_PIS' type: array type: object Error404_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 404. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage404_SBS' type: array type: object Error404_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 404 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode404_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode404_PIIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error404_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 404 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode404_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode404_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error404_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 404 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode404_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode404_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error405_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error405_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405_AIS' type: array type: object Error405_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405_PIIS' type: array type: object Error405_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405_PIS' type: array type: object Error405_NG_PIS_CANC: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405_PIS_CANC' type: array type: object Error405_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 401. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage405_SBS' type: array type: object Error405_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405_PIIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error405_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error405_PIS_CANC: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for a pament cancelation (PIS). properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405_PIS_CANC' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405_PIS_CANC' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error405_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode405_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode405_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error406_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 406 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode406_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode406_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error406_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 406. properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage406_AIS' type: array type: object Error409_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 409 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode409_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode409_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error409_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 409. example: - category: ERROR code: STATUS_INVALID text: additional text information of the ASPSP up to 500 characters properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage409_AIS' type: array type: object Error409_NG_PIIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 409. example: - category: ERROR code: STATUS_INVALID text: additional text information of the ASPSP up to 500 characters properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage409_PIIS' type: array type: object Error409_NG_PIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 409. example: - category: ERROR code: STATUS_INVALID text: additional text information of the ASPSP up to 500 characters properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage409_PIS' type: array type: object Error409_NG_SBS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 409. example: - category: ERROR code: STATUS_INVALID text: additional text information of the ASPSP up to 500 characters properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage409_SBS' type: array type: object Error409_PIIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 409 for PIIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode409_PIIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode409_PIIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error409_PIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 409 for PIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode409_PIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode409_PIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error409_SBS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 409 for signing baskets. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: This is a data element to support the declaration of additional errors in the context of [RFC7807]. properties: code: $ref: '#/definitions/MessageCode409_SBS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode409_SBS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error429_AIS: description: | Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 429 for AIS. properties: _links: $ref: '#/definitions/_linksAll' additionalErrors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated items: description: | This is a data element to support the declaration of additional errors in the context of [RFC7807] in case of a HTTP error code 429 for. properties: code: $ref: '#/definitions/MessageCode429_AIS' detail: $ref: '#/definitions/tppErrorDetail' title: $ref: '#/definitions/tppErrorTitle' required: - code type: object type: array code: $ref: '#/definitions/MessageCode429_AIS' detail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string title: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string type: description: | A URI reference [RFC3986] that identifies the problem type. Remark For Future: These URI will be provided by NextGenPSD2 in future. format: uri maxLength: 70 type: string required: - type - code type: object Error429_NG_AIS: description: | NextGenPSD2 specific definition of reporting error information in case of a HTTP error code 429. example: - category: ERROR code: ACCESS_EXCEEDED text: additional text information of the ASPSP up to 500 characters properties: _links: $ref: '#/definitions/_linksAll' tppMessages: items: $ref: '#/definitions/tppMessage429_AIS' type: array type: object MessageCode200InitiationStatus: description: Message codes for HTTP codes 200 to a Payment Initiation Status Request. enum: - FUNDS_NOT_AVAILABLE type: string MessageCode201PaymentInitiation: description: Message codes for HTTP Codes 201 to a Payment Initiation Request. enum: - WARNING - BENEFICIARY_WHITELISTING_REQUIRED type: string MessageCode2XX: description: Message codes for HTTP Error codes 2XX. enum: - WARNING type: string MessageCode400_AIS: description: Message codes defined for AIS for HTTP Error code 400 (BAD_REQUEST). enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID - CONSENT_UNKNOWN - SESSIONS_NOT_SUPPORTED type: string MessageCode400_PIIS: description: Message codes defined for PIIS for HTTP Error code 400 (BAD_REQUEST). enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID - CONSENT_UNKNOWN - CARD_INVALID - NO_PIIS_ACTIVATION type: string MessageCode400_PIS: description: Message codes defined for PIS for HTTP Error code 400 (BAD_REQUEST). enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID - CONSENT_UNKNOWN - PAYMENT_FAILED - EXECUTION_DATE_INVALID type: string MessageCode400_SBS: description: Message codes defined for signing baskets for HTTP Error code 400 (BAD_REQUEST). enum: - FORMAT_ERROR - PARAMETER_NOT_CONSISTENT - PARAMETER_NOT_SUPPORTED - SERVICE_INVALID - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - RESOURCE_BLOCKED - TIMESTAMP_INVALID - PERIOD_INVALID - SCA_METHOD_UNKNOWN - SCA_INVALID - CONSENT_UNKNOWN - REFERENCE_MIX_INVALID type: string MessageCode401_AIS: description: Message codes defined for AIS for HTTP Error code 401 (UNAUTHORIZED). enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKE - CERTIFICATE_MISSING - SIGNATURE_INVALID - SIGNATURE_MISSING - CORPORATE_ID_INVALID - PSU_CREDENTIALS_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED type: string MessageCode401_PIIS: description: Message codes defined for PIIS for HTTP Error code 401 (UNAUTHORIZED). enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKE - CERTIFICATE_MISSING - SIGNATURE_INVALID - SIGNATURE_MISSING - CORPORATE_ID_INVALID - PSU_CREDENTIALS_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED type: string MessageCode401_PIS: description: Message codes defined for PIS for HTTP Error code 401 (UNAUTHORIZED). enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKE - CERTIFICATE_MISSING - SIGNATURE_INVALID - SIGNATURE_MISSING - CORPORATE_ID_INVALID - PSU_CREDENTIALS_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED - KID_MISSING type: string MessageCode401_SBS: description: Message codes defined for signing baskets for HTTP Error code 401 (UNAUTHORIZED). enum: - CERTIFICATE_INVALID - ROLE_INVALID - CERTIFICATE_EXPIRED - CERTIFICATE_BLOCKED - CERTIFICATE_REVOKE - CERTIFICATE_MISSING - SIGNATURE_INVALID - SIGNATURE_MISSING - CORPORATE_ID_INVALID - PSU_CREDENTIALS_INVALID - CONSENT_INVALID - CONSENT_EXPIRED - TOKEN_UNKNOWN - TOKEN_INVALID - TOKEN_EXPIRED type: string MessageCode403_AIS: description: Message codes defined for AIS for HTTP Error code 403 (FORBIDDEN). enum: - CONSENT_UNKNOWN - SERVICE_BLOCKED - RESOURCE_UNKNOWN - RESOURCE_EXPIRED type: string MessageCode403_PIIS: description: Message codes defined for PIIS for HTTP Error code 403 (FORBIDDEN). enum: - CONSENT_UNKNOWN - SERVICE_BLOCKED - RESOURCE_UNKNOWN - RESOURCE_EXPIRED type: string MessageCode403_PIS: description: Message codes defined defined for PIS for PIS for HTTP Error code 403 (FORBIDDEN). enum: - CONSENT_UNKNOWN - SERVICE_BLOCKED - RESOURCE_UNKNOWN - RESOURCE_EXPIRED - PRODUCT_INVALID type: string MessageCode403_SBS: description: Message codes defined for signing baskets for HTTP Error code 403 (FORBIDDEN). enum: - CONSENT_UNKNOWN - SERVICE_BLOCKED - RESOURCE_UNKNOWN - RESOURCE_EXPIRED type: string MessageCode404_AIS: description: Message codes defined for AIS for HTTP Error code 404 (NOT FOUND). enum: - RESOURCE_UNKNOWN type: string MessageCode404_PIIS: description: Message codes defined for PIIS for HTTP Error code 404 (NOT FOUND). enum: - RESOURCE_UNKNOWN type: string MessageCode404_PIS: description: Message codes defined for PIS for HTTP Error code 404 (NOT FOUND). enum: - RESOURCE_UNKNOWN - PRODUCT_UNKNOWN type: string MessageCode404_SBS: description: Message codes defined for signing baskets for HTTP Error code 404 (NOT FOUND). enum: - RESOURCE_UNKNOWN type: string MessageCode405_AIS: description: Message codes defined for AIS for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - SERVICE_INVALID type: string MessageCode405_PIIS: description: Message codes defined for PIIS for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - SERVICE_INVALID type: string MessageCode405_PIS: description: Message codes defined for payment cancelations PIS for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - SERVICE_INVALID type: string MessageCode405_PIS_CANC: description: Message codes defined for payment cancelations PIS for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - CANCELLATION_INVALID - SERVICE_INVALID type: string MessageCode405_SBS: description: Message codes defined for SBS for HTTP Error code 405 (METHOD NOT ALLOWED). enum: - SERVICE_INVALID type: string MessageCode406_AIS: description: Message codes defined for AIS for HTTP Error code 406 (NOT ACCEPTABLE). enum: - REQUESTED_FORMATS_INVALID type: string MessageCode409_AIS: description: Message codes defined for AIS for HTTP Error code 409 (CONFLICT). enum: - STATUS_INVALID type: string MessageCode409_PIIS: description: Message codes defined for PIIS for HTTP Error code 409 (CONFLICT). enum: - STATUS_INVALID type: string MessageCode409_PIS: description: Message codes defined for PIS for HTTP Error code 409 (CONFLICT). enum: - STATUS_INVALID type: string MessageCode409_SBS: description: Message codes defined for signing baskets for HTTP Error code 409 (CONFLICT). enum: - REFERENCE_STATUS_INVALID - STATUS_INVALID type: string MessageCode429_AIS: description: Message codes for HTTP Error code 429 (TOO MANY REQUESTS). enum: - ACCESS_EXCEEDED type: string _linksAccountDetails: additionalProperties: $ref: '#/definitions/hrefType' description: | Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "transactions" These links are only supported, when the corresponding consent has been already granted. properties: balances: $ref: '#/definitions/hrefType' transactions: $ref: '#/definitions/hrefType' type: object _linksAccountReport: additionalProperties: $ref: '#/definitions/hrefType' properties: account: $ref: '#/definitions/hrefType' first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' required: - account type: object _linksAll: additionalProperties: $ref: '#/definitions/hrefType' description: | A _link object with all available link types. properties: account: $ref: '#/definitions/hrefType' balances: $ref: '#/definitions/hrefType' cardAccount: $ref: '#/definitions/hrefType' cardTransactions: $ref: '#/definitions/hrefType' confirmation: $ref: '#/definitions/hrefType' first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' self: $ref: '#/definitions/hrefType' status: $ref: '#/definitions/hrefType' transactionDetails: $ref: '#/definitions/hrefType' transactions: $ref: '#/definitions/hrefType' type: object _linksAuthorisationConfirmation: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. **Remark:** All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): - 'scaStatus': The link to retrieve the status of the corresponding transaction resource. properties: scaStatus: $ref: '#/definitions/hrefType' type: object _linksCardAccountReport: additionalProperties: $ref: '#/definitions/hrefType' properties: card: $ref: '#/definitions/hrefType' cardAccount: $ref: '#/definitions/hrefType' first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' required: - cardAccount - card type: object _linksConsents: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. Type of links admitted in this response (which might be extended by single ASPSPs as indicated in its XS2A documentation): * 'scaOAuth': In case of an OAuth2 based Redirect Approach, the ASPSP is transmitting the link where the configuration of the OAuth2 Server is defined. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. * 'confirmation': Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with * a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or * an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. * 'self': The link to the Establish Account Information Consent resource created by this request. This link can be used to retrieve the resource data. * 'status': The link to retrieve the status of the account information consent. * 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource. This link is only contained, if an authorisation sub-resource has been already created. properties: confirmation: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' self: $ref: '#/definitions/hrefType' status: $ref: '#/definitions/hrefType' type: object _linksGetConsent: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. Links of type "account" and/or "cardAccount", depending on the nature of the consent. properties: account: $ref: '#/definitions/hrefType' card-account: $ref: '#/definitions/hrefType' type: object _linksPagination: additionalProperties: $ref: '#/definitions/hrefType' properties: first: $ref: '#/definitions/hrefType' last: $ref: '#/definitions/hrefType' next: $ref: '#/definitions/hrefType' previous: $ref: '#/definitions/hrefType' type: object _linksPaymentInitiation: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. **Remark:** All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): * 'scaOAuth': In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. * 'confirmation': Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with * a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or * an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. * 'self': The link to the payment initiation resource created by this request. This link can be used to retrieve the resource data. * 'status': The link to retrieve the transaction status of the payment initiation. * 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource. This link is only contained, if an authorisation sub-resource has been already created. example: self: href: /psd2/v1/payments/sepa-credit-transfers/1234-wertiq-983 properties: confirmation: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' self: $ref: '#/definitions/hrefType' status: $ref: '#/definitions/hrefType' type: object _linksPaymentInitiationStatus: additionalProperties: $ref: '#/definitions/hrefType' description: | Should refer to next steps if the problem can be resolved via the interface e.g. for re-submission of credentials. example: self: href: /psd2/v1/payments/sepa-credit-transfers/1234-wertiq-983 type: object _linksSelectPsuAuthenticationMethod: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. **Remark:** All links can be relative or full links, to be decided by the ASPSP. **Remark:** This method can be applied before or after PSU identification. This leads to many possible hyperlink responses. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): - 'scaRedirect': In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. - 'scaOAuth': In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. * 'confirmation': Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with * a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or * an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. - 'updatePsuIdentification': The link to the authorisation or cancellation authorisation sub-resource, where PSU identification data needs to be uploaded. - 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource. properties: confirmation: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaRedirect: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' updatePsuIdentification: $ref: '#/definitions/hrefType' type: object _linksStartScaProcess: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. **Remark:** All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): - 'scaOAuth': In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification. * 'confirmation': Might be added by the ASPSP if either the "scaRedirect" or "scaOAuth" hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with * a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authentication server or * an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. - 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource. properties: confirmation: $ref: '#/definitions/hrefType' scaOAuth: $ref: '#/definitions/hrefType' scaStatus: $ref: '#/definitions/hrefType' type: object _linksTransactionDetails: additionalProperties: $ref: '#/definitions/hrefType' properties: transactionDetails: $ref: '#/definitions/hrefType' required: - transactionDetails type: object _linksUpdatePsuIdentification: additionalProperties: $ref: '#/definitions/hrefType' description: | A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request. **Remark:** All links can be relative or full links, to be decided by the ASPSP. Type of links admitted in this response, (further links might be added for ASPSP defined extensions): - 'scaStatus': The link to retrieve the scaStatus of the corresponding authorisation sub-resource. - 'selectAuthenticationMethod': This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there are several available authentication methods and if the PSU is already sufficiently authenticated.. If this link is contained, then there is also the data element "scaMethods" contained in the response body. properties: scaStatus: $ref: '#/definitions/hrefType' selectAuthenticationMethod: $ref: '#/definitions/hrefType' type: object accountAccess: description: | Requested access services for a consent. properties: accounts: description: | Is asking for detailed account information. If the array is empty in a request, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for balances, additionalInformation sub attributes or transactions shall be empty, if used. items: $ref: '#/definitions/consentAccountReference' type: array additionalInformation: $ref: '#/definitions/additionalInformationAccess' allPsd2: description: | Optional if supported by API provider. The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The support of the "allAccountsWithOwnerName" value by the ASPSP is optional. enum: - allAccounts type: string availableAccounts: description: | Optional if supported by API provider. The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The support of the "allAccountsWithOwnerName" value by the ASPSP is optional. enum: - allAccounts type: string availableAccountsWithBalance: description: | Optional if supported by API provider. The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The support of the "allAccountsWithOwnerName" value by the ASPSP is optional. enum: - allAccounts type: string balances: description: | Is asking for balances of the addressed accounts. If the array is empty in the request, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts, additionalInformation sub attributes or transactions shall be empty, if used. items: $ref: '#/definitions/consentAccountReference' type: array restrictedTo: description: | If the TPP requests access to accounts via availableAccounts (List of available accounts), global or bank driven consents, the TPP may include this element to restrict access to the referred account types. Absence of the element is interpreted as "no restriction" (therefore access to accounts of all types is requested). The element may only occur, if each of the elements - accounts - balances - transactions is either not present or contains an empty array. BOI-REMARK: This attribute have to be supported by the API Provider. In detailed consent model this field have to be empty or not presented. items: $ref: '#/definitions/cashAccountType' type: array transactions: description: | Is asking for transactions of the addressed accounts. If the array is empty in the request, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts, additionalInformation sub attributes or balances shall be empty, if used. items: $ref: '#/definitions/consentAccountReference' type: array type: object accountDetails: description: | The ASPSP shall give at least one of the account reference identifiers: - iban - bban - maskedPan - msisdn - other If the account is a multicurrency account currency code in "currency" is set to "XXX" or "ILY" depents on the consent. properties: _links: $ref: '#/definitions/_linksAccountDetails' balances: $ref: '#/definitions/balanceList' bban: $ref: '#/definitions/bban' bic: $ref: '#/definitions/bicfi' cashAccountType: $ref: '#/definitions/cashAccountType' currency: $ref: '#/definitions/currencyCode' details: description: | Specifications that might be provided by the ASPSP: - characteristics of the account - characteristics of the relevant card maxLength: 500 type: string displayName: $ref: '#/definitions/displayName' iban: $ref: '#/definitions/iban' linkedAccounts: description: Case of a set of pending card transactions, the APSP will provide the relevant cash account the card is set up on. maxLength: 70 type: string msisdn: $ref: '#/definitions/msisdn' name: description: Name of the account, as assigned by the ASPSP, in agreement with the account owner in order to provide an additional means of identification of the account. maxLength: 70 type: string other: $ref: '#/definitions/otherType' ownerName: $ref: '#/definitions/ownerName' product: description: Product name of the bank for this account, proprietary definition. maxLength: 35 type: string resourceId: description: This shall be filled, if addressable resource are created by the ASPSP on the /accounts or /card-accounts endpoint. type: string status: $ref: '#/definitions/accountStatus' usage: description: | Specifies the usage of the account: * PRIV: private personal account * ORGA: professional account enum: - PRIV - ORGA maxLength: 4 type: string required: - currency - cashAccountType type: object accountId: description: This identification is denoting the addressed account, where the transaction has been performed. example: qwer3456tzui7890 type: string accountList: description: | List of accounts with details. properties: accounts: items: $ref: '#/definitions/accountDetails' type: array required: - accounts type: object accountReference: description: | Reference to an account by either * IBAN, of a payment accounts, or * BBAN, for payment accounts if there is no IBAN, or * the Primary Account Number (PAN) of a card in a masked form, or * an alias to access a payment account via a registered mobile phone number (MSISDN), or * a proprietary ID of the respective account that uniquely identifies the account for this ASPSP. properties: bban: $ref: '#/definitions/bban' cashAccountType: $ref: '#/definitions/cashAccountType' currency: $ref: '#/definitions/currencyCode' iban: $ref: '#/definitions/iban' maskedPan: $ref: '#/definitions/maskedPan' msisdn: $ref: '#/definitions/msisdn' other: $ref: '#/definitions/otherType' type: object accountReport: description: | JSON based account report. This account report contains transactions resulting from the query parameters. 'booked' shall be contained if bookingStatus parameter is set to "booked" or "both". 'pending' is not contained if the bookingStatus parameter is set to "booked" or "information". 'information' Only contained if the bookingStatus is set to "information" and if supported by ASPSP. properties: _links: $ref: '#/definitions/_linksAccountReport' booked: $ref: '#/definitions/transactionList' information: $ref: '#/definitions/transactionList' pending: $ref: '#/definitions/transactionList' required: - _links type: object accountStatus: description: | Account status. The value is one of the following: - "enabled": account is available - "deleted": account is terminated - "blocked": account is blocked e.g. for legal reasons If this field is not used, than the account is available in the sense of this specification. enum: - enabled - deleted - blocked type: string additionalInformation: description: | Might be used by the ASPSP to transport additional transaction related information to the PSU example: Some additional transaction related information. maxLength: 500 type: string additionalInformationAccess: description: | Optional if supported by API provider. Is asking for additional information as added within this structured object. The usage of this data element requires at least one of the entries "accounts", "transactions" or "balances" also to be contained in the object. If detailed accounts are referenced, it is required in addition that any account addressed within the additionalInformation attribute is also addressed by at least one of the attributes "accounts", "transactions" or "balances". properties: ownerName: description: | Is asking for account owner name of the accounts referenced within. If the array is empty in the request, the TPP is asking for the account owner name of all accessible accounts. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts, balances or transactions shall be empty, if used. The ASPSP will indicate in the consent resource after a successful authorisation, whether the ownerName consent can be accepted by providing the accounts on which the ownerName will be delivered. This array can be empty. items: $ref: '#/definitions/accountReference' type: array trustedBeneficiaries: description: | Optional if supported by API provider. Is asking for the trusted beneficiaries related to the accounts referenced within and related to the PSU. If the array is empty in the request, the TPP is asking for the lists of trusted beneficiaries of all accessible accounts. This may be restricted in a PSU/ASPSP authorization dialogue by the PSU if also the account lists addressed by the tags “accounts”, “balances” or “transactions” are empty. The ASPSP will indicate in the consent resource after a successful authorisation, whether the trustedBeneficiaries consent can be accepted by providing the accounts on which the list of trusted beneficiaries will be delivered. This array can be empty. items: $ref: '#/definitions/accountReference' type: array type: object additionalInformationStructured: description: | Is used if and only if the bookingStatus entry equals "information". Every active standing order related to the dedicated payment account result into one entry. properties: standingOrderDetails: $ref: '#/definitions/standingOrderDetails' required: - standingOrderDetails type: object address: example: buildingnNumber: "89" country: FR postCode: "75000" streetName: rue blue townName: Paris properties: buildingNumber: maxLength: 10 type: string country: $ref: '#/definitions/countryCode' postCode: maxLength: 10 type: string streetName: maxLength: 70 type: string townName: maxLength: 70 type: string required: - country type: object amount: example: amount: "123" currency: EUR properties: amount: $ref: '#/definitions/amountValue' currency: $ref: '#/definitions/currencyCode' required: - currency - amount type: object amountValue: description: | The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. **Example:** Valid representations for EUR with up to two decimals are: * 1056 * 5768.2 * -1.50 * 5877.78 example: "5877.78" pattern: ^-?[0-9]{1,14}(\.[0-9]{1,3})?$ type: string authenticationMethodId: description: | An identification provided by the ASPSP for the later identification of the authentication method selection. example: myAuthenticationID maxLength: 35 type: string authorisationConfirmation: description: | Content of the body of an authorisation confirmation request properties: confirmationCode: description: Confirmation Code as retrieved by the TPP from the redirect based SCA process. type: string required: - confirmationCode type: object authorisationConfirmationResponse: description: Body of the JSON response for an authorisation confirmation request. properties: _links: $ref: '#/definitions/_linksAuthorisationConfirmation' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatusAuthorisationConfirmation' required: - scaStatus - _links type: object authorisationId: description: Resource identification of the related SCA. example: 123auth456 type: string authorisations: description: An array of all authorisationIds. properties: authorisationIds: $ref: '#/definitions/authorisationsList' required: - authorisationIds type: object authorisationsList: description: An array of all authorisationIds. items: $ref: '#/definitions/authorisationId' type: array authorization: description: | Authorization by OAuth2 based Protocol. type: string balance: description: | A single balance element. properties: balanceAmount: $ref: '#/definitions/amount' balanceType: $ref: '#/definitions/balanceType' creditLimitIncluded: description: | A flag indicating if the credit limit of the corresponding account is included in the calculation of the balance, where applicable. example: false type: boolean lastChangeDateTime: description: | This data element might be used to indicate e.g. with the expected or booked balance that no action is known on the account, which is not yet booked. format: date-time type: string lastCommittedTransaction: description: | "entryReference" of the last commited transaction to support the TPP in identifying whether all PSU transactions are already known. maxLength: 35 type: string referenceDate: description: Indicates the date of the balance. format: date type: string required: - balanceAmount - balanceType - creditLimitIncluded - referenceDate type: object balanceList: description: | A list of balances regarding this account, e.g. the current balance, the last booked balance. The list might be restricted to the current balance. items: $ref: '#/definitions/balance' type: array balanceType: description: "The following balance types are defined:\n - \"closingBooked\": #BOI-REMARK: THIS TYPE IS MANDATORY\n Balance of the account at the end of the pre-agreed account reporting period.\n It is the sum of the opening booked balance at the beginning of the period and all entries booked\n to the account during the pre-agreed account reporting period.\n\n For card-accounts, this is composed of\n\n - invoiced, but not yet paid entries\n\n - \"expected\": #BOI-REMARK: THIS TYPE IS CONDITIONAL\n Balance composed of booked entries and pending items known at the time of calculation,\n which projects the end of day balance if everything is booked on the account and no other entry is posted.\n\n For card accounts, this is composed of:\n - invoiced, but not yet paid entries\n - not yet invoiced but already booked entries and\n - pending items (not yet booked)\n\n For card-accounts:\n\n \"money to spend with the value of a pre-approved credit limit on the card account\"\n\n \ - \"openingBooked\": #BOI-REMARK: THIS TYPE IS OPTIONAL\n Book balance of the account at the beginning of the account reporting period.\n It always equals the closing book balance from the previous report.\n - \"interimAvailable\": #BOI-REMARK: THIS TYPE IS CONDITIONAL\n Available balance calculated in the course of the account ?servicer?s business day,\n at the time specified, and subject to further changes during the business day.\n The interim balance is calculated on the basis of booked credit and debit items during the calculation\n \ time/period specified.\n\n For card-accounts, this is composed of:\n \ - invoiced, but not yet paid entries\n - not yet invoiced but already booked entries\n - \"interimBooked\": #BOI-REMARK: THIS TYPE IS CONDITIONAL\n \ Balance calculated in the course of the account servicer's business day, at the time specified,\n and subject to further changes during the business day.\n The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period\n specified.\n - \"forwardAvailable\": #BOI-REMARK: THIS TYPE IS CONDITIONAL\n Forward available balance of money that is at the disposal of the account owner on the date specified.\n - \"nonInvoiced\": \ \n Only for card accounts, to be checked yet.\n" enum: - closingBooked - expected - openingBooked - interimAvailable - interimBooked - forwardAvailable - nonInvoiced type: string bankTransactionCode: description: | Bank transaction code as used by the ASPSP and using the sub elements of this structured code defined by ISO 20022. This code type is concatenating the three ISO20022 Codes * Domain Code, * Family Code, and * SubFamiliy Code by hyphens, resulting in 'DomainCode'-'FamilyCode'-'SubFamilyCode'. example: PMNT-RDDT-ESDD type: string batchBookingPreferred: description: | If this element equals 'true', the PSU prefers only one booking entry. If this element equals 'false', the PSU prefers individual booking of all contained individual transactions. The ASPSP will follow this preference according to contracts agreed on with the PSU. example: false type: boolean bban: description: | Basic Bank Account Number (BBAN) Identifier. This data element can be used in the body of the consent request. Message for retrieving account access consent from this account. This data elements is used for payment accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. type: string bicfi: description: | BICFI example: AAAADEBBXXX pattern: ^[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}$ type: string bookingDate: description: | The date when an entry is posted to an account on the ASPSPs books. format: date type: string bulkPaymentInitiationWithStatusResponse: description: | Generic JSON response body consistion of the corresponding bulk payment initation JSON body together with an optional transaction status field. properties: acceptorTransactionDateTime: format: date-time type: string batchBookingPreferred: $ref: '#/definitions/batchBookingPreferred' debtorAccount: $ref: '#/definitions/accountReference' paymentInformationId: maxLength: 35 type: string payments: description: | A list of generic JSON bodies payment initations for bulk payments via JSON. Note: Some fields from single payments do not occcur in a bulk payment element items: $ref: '#/definitions/paymentInitiationBulkElement_json' type: array requestedExecutionDate: format: date type: string tppMessage: description: Messages to the TPP on operational issues. items: $ref: '#/definitions/tppMessageGeneric' type: array transactionStatus: $ref: '#/definitions/transactionStatus' required: - payments - debtorAccount type: object bulkPaymentInitiation_json: description: | Generic Body for a bulk payment initation via JSON. paymentInformationId is contained in code but commented since it is n.a. and not all ASPSP are able to support this field now. In a later version the field will be mandatory. properties: batchBookingPreferred: $ref: '#/definitions/batchBookingPreferred' debtorAccount: $ref: '#/definitions/accountReference' payments: description: | A list of generic JSON bodies payment initations for bulk payments via JSON. Note: Some fields from single payments do not occcur in a bulk payment element items: $ref: '#/definitions/paymentInitiationBulkElement_json' type: array requestedExecutionDate: format: date type: string requestedExecutionTime: format: date-time type: string required: - payments - debtorAccount type: object cardAcceptorPhone: description: | Merchant phone number It consists of a "+" followed by the country code (from 1 to 3 characters) then a "-" and finally, any combination of numbers, "(", ")", "+" and "-" (up to 30 characters). pattern according to ISO20022 \+[0-9]{1,3}-[0-9()+\-]{1,30} pattern: ^\+[0-9]{1,3}\-[0-9()+\-]{1,30}$ type: string cardAccountDetails: description: | Card account details. properties: _links: $ref: '#/definitions/_linksAccountDetails' balances: $ref: '#/definitions/balanceList' creditLimit: $ref: '#/definitions/amount' currency: $ref: '#/definitions/currencyCode' details: description: | Specifications that might be provided by the ASPSP: - characteristics of the account - characteristics of the relevant card maxLength: 1000 type: string displayName: $ref: '#/definitions/displayName' maskedPan: $ref: '#/definitions/maskedPan' name: description: | Name of the account, as assigned by the ASPSP, in agreement with the account owner in order to provide an additional means of identification of the account. maxLength: 70 type: string ownerName: $ref: '#/definitions/ownerName' product: description: | Product Name of the Bank for this account, proprietary definition. maxLength: 35 type: string resourceId: description: | This is the data element to be used in the path when retrieving data from a dedicated account. This shall be filled, if addressable resource are created by the ASPSP on the /card-accounts endpoint. type: string status: $ref: '#/definitions/accountStatus' usage: description: | Specifies the usage of the account: * PRIV: private personal account * ORGA: professional account enum: - PRIV - ORGA maxLength: 4 type: string required: - maskedPan - currency type: object cardAccountList: description: | List of card accounts with details. properties: cardAccounts: items: $ref: '#/definitions/cardAccountDetails' type: array required: - cardAccounts type: object cardAccountReport: description: | JSON based card account report. This card account report contains transactions resulting from the query parameters. properties: _links: $ref: '#/definitions/_linksCardAccountReport' booked: $ref: '#/definitions/cardTransactionList' pending: $ref: '#/definitions/cardTransactionList' required: - booked - _links type: object cardAccountsTransactionsResponse200: description: | Body of the JSON response for a successful read card account transaction list request. This card account report contains transactions resulting from the query parameters. properties: _links: $ref: '#/definitions/_linksPagination' balances: $ref: '#/definitions/balanceList' cardAccount: $ref: '#/definitions/accountReference' cardTransactions: $ref: '#/definitions/cardAccountReport' required: - cardAccount type: object cardTransaction: description: Card transaction information. properties: acceptorTransactionDateTime: description: Timestamp of the actual card transaction within the acceptance system format: date-time type: string bookingDate: $ref: '#/definitions/bookingDate' cardAcceptorAddress: $ref: '#/definitions/address' cardAcceptorId: maxLength: 35 type: string cardAcceptorPhone: $ref: '#/definitions/cardAcceptorPhone' cardTransactionId: $ref: '#/definitions/cardTransactionId' currencyExchange: $ref: '#/definitions/reportExchangeRateList' grandTotalAmount: allOf: - $ref: '#/definitions/amount' - description: | Total amount of the instalment including charges, insurance and taxes in addition to the funded amount. invoiced: type: boolean markupFee: $ref: '#/definitions/amount' markupFeePercentage: example: "0.3" type: string maskedPAN: $ref: '#/definitions/maskedPan' merchantCategoryCode: $ref: '#/definitions/merchantCategoryCode' originalAmount: $ref: '#/definitions/amount' proprietaryBankTransactionCode: $ref: '#/definitions/proprietaryBankTransactionCode' terminalId: $ref: '#/definitions/terminalId' transactionAmount: $ref: '#/definitions/amount' transactionDate: $ref: '#/definitions/transactionDate' transactionDetails: maxLength: 1000 type: string valueDate: description: The Date at which assets become available to the account owner in case of a credit, or cease to be available to the account owner in case of a debit entry. For card transactions this is the payment due date of related booked transactions of a card. BOI Remarks - this fiels is mandatory for non pending transactions. format: date type: string required: - transactionAmount type: object cardTransactionId: description: Unique end to end identity. maxLength: 35 type: string cardTransactionList: description: Array of transaction details. items: $ref: '#/definitions/cardTransaction' type: array cashAccountType: description: | ExternalCashAccountType1Code from ISO 20022. enum: - CACC - CARD - LOAN - SVGS type: string combinedServiceIndicator: description: | If "true" indicates that a payment initiation service will be addressed in the same "session". example: false type: boolean consentAccountReference: description: | Reference to an account by either * IBAN, of a payment accounts, or * PAN of a card in a masked form, or * an alias to access a payment account via a registered mobile phone number (MSISDN). BOI-REMARK: The currency of the account is needed, where the currency is an account charactaristic identifying certain sub-accounts under one external identifier like an IBAN. Once the currency wasn't defined, a specific IBAN includes all the currencies relates to this IBAN. properties: bban: $ref: '#/definitions/bban' cashAccountType: $ref: '#/definitions/cashAccountType' currency: $ref: '#/definitions/consentCurrencyCode' iban: $ref: '#/definitions/iban' maskedPan: $ref: '#/definitions/maskedPan' msisdn: $ref: '#/definitions/msisdn' other: $ref: '#/definitions/otherType' type: object consentCurrencyCode: description: | In the Israeli market there are 3 options for currency code in post consent for CACC- * "ILS" - consent just for the ILS local currency. * "ILY" - consent just for all foreign currencies. * empty [] - consent for all currencies. If the user want a multicurrency consent, this field should be empty. enum: - ILS - ILY example: ILS type: string consentId: description: | ID of the corresponding consent object as returned by an account information consent request. maxLength: 512 type: string consentInformationResponse-200_json: description: Body of the JSON response for a successfull get consent request. properties: _links: $ref: '#/definitions/_linksGetConsent' access: $ref: '#/definitions/accountAccess' consentStatus: $ref: '#/definitions/consentStatus' frequencyPerDay: $ref: '#/definitions/frequencyPerDay' lastActionDate: $ref: '#/definitions/lastActionDate' recurringIndicator: $ref: '#/definitions/recurringIndicator' validUntil: $ref: '#/definitions/validUntil' required: - access - recurringIndicator - validUntil - frequencyPerDay - lastActionDate - consentStatus type: object well-known: properties: issuer: type: object example: https://mtls-api-nonprod.discountbank.co.il authorization_endpoint: type: string example: https://api-nonprod.discountbank.co.il/devapi/cert/consent/authorize token_endpoint: type: string example: https://mtls-api-nonprod.discountbank.co.il/devapi/cert/consent/token response_types_supported: type: array items: type: string example: '["code" ]' additionalProperties: false well-known-response: properties: response: $ref: '#/definitions/well-known' example: '{ "response": { "issuer": "https://mtls-api-prod.discountbank.co.il", "authorization_endpoint":"https://api-prod.discountbank.co.il/devapi/d/consent/authorize", "token_endpoint":"https://mtls-api-prod.discountbank.co.il/devapi/d/consent/token", "response_types_supported": [ "code"] } }' additionalProperties: false well-known-payment: properties: issuer: type: object example: https://mtls-api-nonprod.discountbank.co.il authorization_endpoint: type: string example: https://api-nonprod.discountbank.co.il/devapi/cert/payment/authorize token_endpoint: type: string example: https://mtls-api-nonprod.discountbank.co.il/devapi/cert/payment/token response_types_supported: type: array items: type: string example: '["code" ]' additionalProperties: false well-known-payment-response: properties: response: $ref: '#/definitions/well-known' example: '{ "issuer": "https://mtls-api-nonprod.discountbank.co.il", "authorization_endpoint": "https://api-nonprod.discountbank.co.il/development/cert-dev/payment/authorize", "token_endpoint": "https://mtls-api-nonprod.discountbank.co.il/development/cert-dev/payment/token", "response_types_supported": [ "code" ] }' additionalProperties: false consentStatus: description: | This is the overall lifecycle status of the consent. BOI-REMARK: Any further codes should be cordinated in advance with BOI. Valid values are: - 'received': The consent data have been received and are technically correct. The data is not authorised yet. - 'rejected': The consent data have been rejected e.g. since no successful authorisation has taken place. - 'valid': The consent is accepted and valid for GET account data calls and others as specified in the consent object. - 'revokedByPsu': The consent has been revoked by the PSU towards the ASPSP. - 'expired': The consent expired. - 'terminatedByTpp': The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource. - 'partiallyAuthorised': The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. - 'suspendedByASPSP' : The consent has been suspended by the ASPSP, according to requirements that are detailed in BOI's directive. The ASPSP might add further codes. These codes then shall be contained in the ASPSP's documentation of the XS2A interface and has to be added to this API definition as well. enum: - received - rejected - valid - revokedByPsu - expired - terminatedByTpp - partiallyAuthorised - suspendedByASPSP type: string consentStatusResponse-200: description: Body of the JSON response for a successful get status request for a consent. properties: consentStatus: $ref: '#/definitions/consentStatus' psuMessage: $ref: '#/definitions/psuMessageText' required: - consentStatus type: object consents: description: | Content of the body of a consent request. properties: access: $ref: '#/definitions/accountAccess' combinedServiceIndicator: description: | If "true" indicates that a payment initiation service will be addressed in the same "session". example: false type: boolean frequencyPerDay: $ref: '#/definitions/frequencyPerDay' recurringIndicator: $ref: '#/definitions/recurringIndicator' validUntil: $ref: '#/definitions/validUntil' required: - access - recurringIndicator - validUntil - frequencyPerDay - combinedServiceIndicator type: object consentsResponse-201: description: Body of the JSON response for a successful consent request. properties: _links: $ref: '#/definitions/_linksConsents' consentId: $ref: '#/definitions/consentId' consentStatus: $ref: '#/definitions/consentStatus' psuMessage: $ref: '#/definitions/psuMessageText' required: - consentStatus - consentId - _links type: object countryCode: description: ISO 3166 ALPHA2 country code. example: SE pattern: ^[A-Z]{2}$ type: string creditorAgentName: description: Creditor agent name. example: Creditor Agent Name maxLength: 140 type: string creditorId: description: Identification of Creditors, e.g. a SEPA Creditor ID. example: Creditor Id 5678 maxLength: 35 type: string creditorName: description: Creditor name. example: Creditor Name maxLength: 70 type: string creditorNameAndAddress: description: Creditor Name and Address in a free text field. example: Max Masters, Main Street 1, 12345 City, Example Country maxLength: 140 type: string currencyCode: description: | ISO 4217 Alpha 3 currency code. BOI REMARK - XXX for multicurrency account. example: EUR pattern: ^[A-Z]{3}$ type: string dayOfExecution: description: | Day of execution as string. This string consists of up two characters. Leading zeroes are not allowed. 31 is ultimo of the month. enum: - "1" - "2" - "3" - "4" - "5" - "6" - "7" - "8" - "9" - "10" - "11" - "12" - "13" - "14" - "15" - "16" - "17" - "18" - "19" - "20" - "21" - "22" - "23" - "24" - "25" - "26" - "27" - "28" - "29" - "30" - "31" maxLength: 2 type: string debtorId: description: Debtor Id. example: Debtor Id 1234 maxLength: 35 type: string debtorName: description: Debtor name. example: Debtor Name maxLength: 70 type: string displayName: description: | Name of the account as defined by the PSU within online channels. maxLength: 70 type: string endDate: description: | The last applicable day of execution. If not given, it is an infinite standing order. format: date type: string entryDetails: description: | Might be used by the ASPSP to transport details about transactions within a batch. items: $ref: '#/definitions/EntryDetailsElement' type: array entryReference: description: | Is the identification of the transaction as used e.g. for reference for deltafunction on application level. The same identification as for example used within camt.05x messages. maxLength: 35 type: string executionRule: description: | "following" or "preceding" supported as values. This data attribute defines the behaviour when recurring payment dates falls on a weekend or bank holiday. The payment is then executed either the "preceding" or "following" working day. ASPSP might reject the request due to the communicated value, if rules in Online-Banking are not supporting this execution rule. enum: - following - preceding type: string frequencyCode: description: | The following codes from the "EventFrequency7Code" of ISO 20022 are supported: - "Daily" - "Weekly" - "EveryTwoWeeks" - "Monthly" - "EveryTwoMonths" - "Quarterly" - "SemiAnnual" - "Annual" - "MonthlyVariable" enum: - Daily - Weekly - EveryTwoWeeks - Monthly - EveryTwoMonths - Quarterly - SemiAnnual - Annual - MonthlyVariable type: string frequencyPerDay: description: | This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to "1". The frequency needs to be greater equal to one. If not otherwise agreed bilaterally between TPP and ASPSP, the frequency is less equal to 4. enum: - 100 example: 100 type: integer fundsAvailable: description: | Equals true if sufficient funds are available at the time of the request, false otherwise. This datalemenet is allways contained in a confirmation of funds response. This data element is contained in a payment status response, if supported by the ASPSP, if a funds check has been performed and if the transactionStatus is "ACTC", "ACWC" or "ACCP". type: boolean hrefEntry: description: Link to a resource. example: /v1/payments/sepa-credit-transfers/1234-wertiq-983 type: string hrefType: description: Link to a resource. properties: href: $ref: '#/definitions/hrefEntry' type: object iban: description: IBAN of an account. example: FR7612345987650123456789014 pattern: ^[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}$ type: string lastActionDate: description: | This date is containing the date of the last action on the consent object either through the XS2A interface or the PSU/ASPSP interface having an impact on the status. example: "2018-07-01" format: date type: string maskedPan: description: | Masked Primary Account Number. example: 123456xxxxxx1234 maxLength: 35 type: string merchantCategoryCode: description: Merchant category code. maxLength: 4 minLength: 4 type: string monthsOfExecution: description: | The format is following the regular expression \d{1,2}. The array is restricted to 11 entries. The values contained in the array entries shall all be different and the maximum value of one entry is 12. This attribute is contained if and only if the frequency equals "MonthlyVariable". Example: An execution on January, April and October each year is addressed by ["1", "4", "10"]. items: enum: - "1" - "2" - "3" - "4" - "5" - "6" - "7" - "8" - "9" - "10" - "11" - "12" maxLength: 2 type: string maxItems: 11 type: array msisdn: description: Mobile phone number. example: +49 170 1234567 maxLength: 35 type: string otherType: description: In cases where the specifically defined criteria (IBAN, BBAN, MSISDN) are not provided to identify an instance of the respective account type (e.g. a savings account), the ASPSP shall include a proprietary ID of the respective account that uniquely identifies the account for this ASPSP. properties: identification: description: Proprietary identification of the account. maxLength: 35 type: string issuer: description: Issuer of the identification. maxLength: 35 type: string schemeNameCode: description: An entry provided by an external ISO code list. maxLength: 35 type: string schemeNameProprietary: description: A scheme name defined in a proprietary way. maxLength: 35 type: string required: - identification type: object ownerName: description: | Name of the legal account owner. If there is more than one owner, then e.g. two names might be noted here. For a corporate account, the corporate name is used for this attribute. Even if supported by the ASPSP, the provision of this field might depend on the fact whether an explicit consent to this specific additional account information has been given by the PSU. example: John Doe maxLength: 140 type: string paymentId: description: Resource identification of the generated payment initiation resource. example: 1234-wertiq-983 type: string paymentInitationRequestResponse-201: description: Body of the response for a successful payment initiation request. properties: _links: $ref: '#/definitions/_linksPaymentInitiation' currencyConversionFee: $ref: '#/definitions/amount' estimatedInterbankSettlementAmount: $ref: '#/definitions/amount' estimatedTotalAmount: $ref: '#/definitions/amount' paymentId: $ref: '#/definitions/paymentId' psuMessage: $ref: '#/definitions/psuMessageText' tppMessages: items: $ref: '#/definitions/tppMessage201PaymentInitiation' type: array transactionFeeIndicator: $ref: '#/definitions/transactionFeeIndicator' transactionFees: $ref: '#/definitions/amount' transactionStatus: $ref: '#/definitions/transactionStatus' required: - transactionStatus - paymentId - _links type: object paymentInitiationBulkElement_json: description: | Generic body for a bulk payment initation entry. The bulk entry type is a type which follows the JSON formats for the supported products for single payments excluding the data elements (if supported): * debtorAccount * requestedExecutionDate, * requestedExecutionTime. These data elements may not be contained in any bulk entry. This data object can be used to represent valid bulk payment initiations entry for the following JSON based payment product, which where defined in the Implementation Guidelines: * masav * zahav * FP For the convenience of the implementer additional which are already predefinded in the Implementation Guidelines are included (but commented in source code), such that an ASPSP may add them easily. Take care: Since the format is intended to fit for all payment products there are additional conditions which are NOT covered by this specification. Please check the Implementation Guidelines for detailes. The following data element are depending on the actual payment product available (in source code): Address
Data ElementTypemasavzahavfp
endToEndIdentification Max35Text optional optionaloptional
debtorAccount Account Reference mandatory mandatorymandatory
debtorId Max35Text n.a. n.a.n.a.
ultimateDebtor Max70Text n.a. n.a.n.a.
instructedAmount Amount mandatory mandatorymandatory
CurrencyOfTransfer CurrencyCode n.a. n.a.n.a.
exchangeRateInformation Payment Exchange Rate n.a.n.a.n.a.
creditorAccount Account Reference mandatory mandatorymandatory
creditorAgent BICFI optional optionaloptional
creditorAgentName Max140Text n.a. n.a.n.a.
creditorName Max70Text mandatory mandatorymandatory
creditorId Max35Text n.a. n.a.n.a.
creditorAddress optional optionaloptional
creditorNameAndAddress Max140Text n.a. n.a.n.a.
ultimateCreditor Max70Text n.a. n.a.n.a.
purposeCode Purpose Code n.a. n.a.n.a.
chargeBearer Charge Bearer n.a. n.a.n.a.
serviceLevel Service Level Code n.a. n.a.n.a.
remittanceInformationUnstructured Max28Text mandatory mandatory mandatory
remittanceInformationUnstructuredArray Array of Max140Text n.a. n.a.n.a.
remittanceInformationStructured Remmitance n.a. n.a.n.a.
requestedExecutionDate ISODate n.a. n.a.n.a.
requestedExecutionTime ISODateTime n.a. n.a.n.a.
IMPORTANT: In this API definition the following holds: * All data elements mentioned above are defined, but some of them are commented, i.e. they are only visible in the source code and can be used by uncommenting them. * Data elements which are mandatory in the table above for all payment products are set to be mandatory in this specification. * Data elements which are indicated in the table above as n.a. for all payment products are commented in the source code. * Data elements which are indicated to be option, conditional or mandatory for at least one payment product in the table above are set to be optional in the s specification except the case where all are definde to be mandatory. * Data element which are inticated to be n.a. can be used by the ASPS if needed. In this case uncomment tthe the relatetd lines in the source code. * If one uses this data types for some payment products he has to ensure that the used data type is valid according to the underlying payment product, e.g. by some appropriate validations. properties: creditorAccount: $ref: '#/definitions/accountReference' creditorAddress: $ref: '#/definitions/address' creditorAgent: $ref: '#/definitions/bicfi' creditorAgentName: $ref: '#/definitions/creditorAgentName' creditorName: $ref: '#/definitions/creditorName' endToEndIdentification: maxLength: 35 type: string instructedAmount: $ref: '#/definitions/amount' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' required: - instructedAmount - creditorAccount - creditorName type: object paymentInitiationCancelResponse-202: description: Body of the response for a successful cancel payment request. properties: transactionStatus: $ref: '#/definitions/transactionStatus' required: - transactionStatus type: object paymentInitiationStatusResponse-200_json: description: Body of the response for a successful payment initiation status request in case of an JSON based endpoint. *Remark:* If the PSU does not complete a required SCA within the required timeframe the payment resource's status must be set to "RJCT". Particularly, if a multi-level-SCA is required and the number of successful SCAs during the required timeframe is insufficient, the status must also be set to "RJCT". properties: _links: $ref: '#/definitions/_linksPaymentInitiationStatus' fundsAvailable: $ref: '#/definitions/fundsAvailable' psuMessage: $ref: '#/definitions/psuMessageText' tppMessage: description: Messages to the TPP on operational issues. items: $ref: '#/definitions/tppMessageGeneric' type: array transactionStatus: $ref: '#/definitions/transactionStatus' required: - transactionStatus type: object paymentInitiationWithStatusResponse: description: | Generic JSON response body consistion of the corresponding payment initation JSON body together with an optional transaction status field. properties: creditorAccount: $ref: '#/definitions/accountReference' creditorAddress: $ref: '#/definitions/address' creditorAgent: $ref: '#/definitions/bicfi' creditorName: $ref: '#/definitions/creditorName' debtorAccount: $ref: '#/definitions/accountReference' endToEndIdentification: maxLength: 35 type: string instructedAmount: $ref: '#/definitions/amount' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' tppMessage: description: Messages to the TPP on operational issues. items: $ref: '#/definitions/tppMessageGeneric' type: array transactionStatus: $ref: '#/definitions/transactionStatus' required: - debtorAccount - instructedAmount - creditorAccount - creditorName type: object paymentInitiation_json: description: | Generic Body for a payment initation via JSON. This generic JSON body can be used to represent valid payment initiations for the following JSON based payment product, which where defined in the Implementation Guidelines: * masav * zahav * FP For the convenience of the implementer additional which are already predefinded in the Implementation Guidelines are included (but commented in source code), such that an ASPSP may add them easily. Take care: Since the format is intended to fit for all payment products there are additional conditions which are NOT covered by this specification. Please check the Implementation Guidelines for detailes. The following data element are depending on the actual payment product available (in source code): Address
Data ElementTypemasavzahavfp
endToEndIdentification Max35Text optional optionaloptional
debtorAccount Account Reference mandatory mandatorymandatory
debtorId Max35Text n.a. n.a.n.a.
ultimateDebtor Max70Text n.a. n.a.n.a.
instructedAmount Amount mandatory mandatorymandatory
CurrencyOfTransfer CurrencyCode n.a. n.a.n.a.
exchangeRateInformation Payment Exchange Rate n.a.n.a.n.a.
creditorAccount Account Reference mandatory mandatorymandatory
creditorAgent BICFI optional optionaloptional
creditorAgentName Max140Text n.a. n.a.n.a.
creditorName Max70Text mandatory mandatorymandatory
creditorId Max35Text n.a. n.a.n.a.
creditorAddress optional optionaloptional
creditorNameAndAddress Max140Text n.a. n.a.n.a.
ultimateCreditor Max70Text n.a. n.a.n.a.
purposeCode Purpose Code n.a. n.a.n.a.
chargeBearer Charge Bearer n.a. n.a.n.a.
serviceLevel Service Level Code n.a. n.a.n.a.
remittanceInformationUnstructured Max140Text mandatory mandatory mandatory
remittanceInformationUnstructuredArray Array of Max140Text n.a. n.a.n.a.
remittanceInformationStructured Remmitance n.a. n.a.n.a.
requestedExecutionDate ISODate n.a. n.a.n.a.
requestedExecutionTime ISODateTime n.a. n.a.n.a.
IMPORTANT: In this API definition the following holds: * All data elements mentioned above are defined, but some of them are commented, i.e. they are only visible in the source code and can be used by uncommenting them. * Data elements which are mandatory in the table above for all payment products are set to be mandatory in this specification. * Data elements which are indicated in the table above as n.a. for all payment products are commented in the source code. * Data elements which are indicated to be option, conditional or mandatory for at least one payment product in the table above are set to be optional in the s specification except the case where all are definde to be mandatory. * Data element which are inticated to be n.a. can be used by the ASPS if needed. In this case uncomment tthe the relatetd lines in the source code. * If one uses this data types for some payment products he has to ensure that the used data type is valid according to the underlying payment product, e.g. by some appropriate validations. properties: creditorAccount: $ref: '#/definitions/accountReference' creditorAddress: $ref: '#/definitions/address' creditorAgent: $ref: '#/definitions/bicfi' creditorAgentName: $ref: '#/definitions/creditorAgentName' creditorName: $ref: '#/definitions/creditorName' debtorAccount: $ref: '#/definitions/accountReference' endToEndIdentification: maxLength: 35 type: string instructedAmount: $ref: '#/definitions/amount' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' required: - debtorAccount - instructedAmount - creditorAccount - creditorName - remittanceInformationUnstructured type: object periodicPaymentInitiationWithStatusResponse: description: | Generic JSON response body consistion of the corresponding periodic payment initation JSON body together with an optional transaction status field. properties: creditorAccount: $ref: '#/definitions/accountReference' creditorAddress: $ref: '#/definitions/address' creditorAgent: $ref: '#/definitions/bicfi' creditorName: $ref: '#/definitions/creditorName' dayOfExecution: $ref: '#/definitions/dayOfExecution' debtorAccount: $ref: '#/definitions/accountReference' endDate: $ref: '#/definitions/endDate' endToEndIdentification: maxLength: 35 type: string executionRule: $ref: '#/definitions/executionRule' frequency: $ref: '#/definitions/frequencyCode' instructedAmount: $ref: '#/definitions/amount' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' startDate: $ref: '#/definitions/startDate' tppMessage: description: Messages to the TPP on operational issues. items: $ref: '#/definitions/tppMessageGeneric' type: array transactionStatus: $ref: '#/definitions/transactionStatus' required: - debtorAccount - instructedAmount - creditorAccount - creditorName - startDate - frequency type: object periodicPaymentInitiation_json: description: | Generic Body for a periodic payment initation via JSON. This generic JSON body can be used to represent valid periodic payment initiations for the following JSON based payment product, which where defined in the Implementation Guidelines: * masav * zahav * FP For the convenience of the implementer additional which are already predefinded in the Implementation Guidelines are included (but commented in source code), such that an ASPSP may add them easily. Take care: Since the format is intended to fit for all payment products there are additional conditions which are NOT covered by this specification. Please check the Implementation Guidelines for detailes. The following data element are depending on the actual payment product available (in source code): Address
Data ElementTypemasavzahavfp
endToEndIdentification Max35Text optional optionaloptional
debtorAccount Account Reference mandatory mandatorymandatory
debtorId Max35Text n.a. n.a.n.a.
ultimateDebtor Max70Text n.a. n.a.n.a.
instructedAmount Amount mandatory mandatorymandatory
CurrencyOfTransfer CurrencyCode n.a. n.a.n.a.
exchangeRateInformation Payment Exchange Rate n.a.n.a.n.a.
creditorAccount Account Reference mandatory mandatorymandatory
creditorAgent BICFI optional optionaloptional
creditorAgentName Max140Text n.a. n.a.n.a.
creditorName Max70Text mandatory mandatorymandatory
creditorId Max35Text n.a. n.a.n.a.
creditorAddress optional optionaloptional
creditorNameAndAddress Max140Text n.a. n.a.n.a.
ultimateCreditor Max70Text n.a. n.a.n.a.
purposeCode Purpose Code n.a. n.a.n.a.
chargeBearer Charge Bearer n.a. n.a.n.a.
serviceLevel Service Level Code n.a. n.a.n.a.
remittanceInformationUnstructured Max140Text mandatory mandatory mandatory
remittanceInformationUnstructuredArray Array of Max140Text n.a. n.a.n.a.
remittanceInformationStructured Remmitance n.a. n.a.n.a.
requestedExecutionDate ISODate n.a. n.a.n.a.
requestedExecutionTime ISODateTime n.a. n.a.n.a.
IMPORTANT: In this API definition the following holds: * All data elements mentioned above are defined, but some of them are commented, i.e. they are only visible in the source code and can be used by uncommenting them. * Data elements which are mandatory in the table above for all payment products are set to be mandatory in this specification. * Data elements which are indicated in the table above as n.a. for all payment products are commented in the source code. * Data elements which are indicated to be option, conditional or mandatory for at least one payment product in the table above are set to be optional in the s specification except the case where all are definde to be mandatory. * Data element which are inticated to be n.a. can be used by the ASPS if needed. In this case uncomment tthe the relatetd lines in the source code. * If one uses this data types for some payment products he has to ensure that the used data type is valid according to the underlying payment product, e.g. by some appropriate validations. properties: creditorAccount: $ref: '#/definitions/accountReference' creditorAddress: $ref: '#/definitions/address' creditorAgent: $ref: '#/definitions/bicfi' creditorName: $ref: '#/definitions/creditorName' dayOfExecution: $ref: '#/definitions/dayOfExecution' debtorAccount: $ref: '#/definitions/accountReference' endDate: $ref: '#/definitions/endDate' endToEndIdentification: maxLength: 35 type: string executionRule: $ref: '#/definitions/executionRule' frequency: $ref: '#/definitions/frequencyCode' instructedAmount: $ref: '#/definitions/amount' monthsOfExecution: $ref: '#/definitions/monthsOfExecution' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' startDate: $ref: '#/definitions/startDate' required: - debtorAccount - instructedAmount - creditorAccount - creditorName - startDate - frequency type: object proprietaryBankTransactionCode: description: | Proprietary bank transaction code as used within a community or within an ASPSP e.g. for MT94x based transaction reports. maxLength: 35 type: string psuMessageText: description: Text to be displayed to the PSU. maxLength: 500 type: string purposeCode: description: | ExternalPurpose1Code from ISO 20022. Values from ISO 20022 External Code List ExternalCodeSets_1Q2018 June 2018. enum: - BKDF - BKFE - BKFM - BKIP - BKPP - CBLK - CDCB - CDCD - CDCS - CDDP - CDOC - CDQC - ETUP - FCOL - MTUP - ACCT - CASH - COLL - CSDB - DEPT - INTC - LIMA - NETT - BFWD - CCIR - CCPC - CCPM - CCSM - CRDS - CRPR - CRSP - CRTL - EQPT - EQUS - EXPT - EXTD - FIXI - FWBC - FWCC - FWSB - FWSC - MARG - MBSB - MBSC - MGCC - MGSC - OCCC - OPBC - OPCC - OPSB - OPSC - OPTN - OTCD - REPO - RPBC - RPCC - RPSB - RPSC - RVPO - SBSC - SCIE - SCIR - SCRP - SHBC - SHCC - SHSL - SLEB - SLOA - SWBC - SWCC - SWPT - SWSB - SWSC - TBAS - TBBC - TBCC - TRCP - AGRT - AREN - BEXP - BOCE - COMC - CPYR - GDDS - GDSV - GSCB - LICF - MP2B - POPE - ROYA - SCVE - SERV - SUBS - SUPP - TRAD - CHAR - COMT - MP2P - ECPG - ECPR - ECPU - EPAY - CLPR - COMP - DBTC - GOVI - HLRP - HLST - INPC - INPR - INSC - INSU - INTE - LBRI - LIFI - LOAN - LOAR - PENO - PPTI - RELG - RINP - TRFD - FORW - FXNT - ADMG - ADVA - BCDM - BCFG - BLDM - BNET - CBFF - CBFR - CCRD - CDBL - CFEE - CGDD - CORT - COST - CPKC - DCRD - DSMT - DVPM - EDUC - FACT - FAND - FCPM - FEES - GOVT - ICCP - IDCP - IHRP - INSM - IVPT - MCDM - MCFG - MSVC - NOWS - OCDM - OCFG - OFEE - OTHR - PADD - PTSP - RCKE - RCPT - REBT - REFU - RENT - REOD - RIMB - RPNT - RRBN - RVPM - SLPI - SPLT - STDY - TBAN - TBIL - TCSC - TELI - TMPG - TPRI - TPRP - TRNC - TRVC - WEBI - ANNI - CAFI - CFDI - CMDT - DERI - DIVD - FREX - HEDG - INVS - PRME - SAVG - SECU - SEPI - TREA - UNIT - FNET - FUTR - ANTS - CVCF - DMEQ - DNTS - HLTC - HLTI - HSPC - ICRF - LTCF - MAFC - MARF - MDCS - VIEW - CDEP - SWFP - SWPP - SWRS - SWUF - ADCS - AEMP - ALLW - ALMY - BBSC - BECH - BENE - BONU - CCHD - COMM - CSLP - GFRP - GVEA - GVEB - GVEC - GVED - GWLT - HREC - PAYR - PEFC - PENS - PRCP - RHBS - SALA - SSBE - LBIN - LCOL - LFEE - LMEQ - LMFI - LMRK - LREB - LREV - LSFL - ESTX - FWLV - GSTX - HSTX - INTX - NITX - PTXP - RDTX - TAXS - VATX - WHLD - TAXR - B112 - BR12 - TLRF - TLRR - AIRB - BUSB - FERB - RLWY - TRPT - CBTV - ELEC - ENRG - GASB - NWCH - NWCM - OTLC - PHON - UBIL - WTER type: string readAccountBalanceResponse-200: description: Body of the response for a successful read balance for an account request. properties: account: $ref: '#/definitions/accountReference' balances: $ref: '#/definitions/balanceList' required: - account - balances type: object readCardAccountBalanceResponse-200: description: Body of the response for a successful read balance for a card account request. properties: balances: $ref: '#/definitions/balanceList' cardAccount: $ref: '#/definitions/accountReference' required: - balances type: object recurringIndicator: description: | "true", if the consent is for recurring access to the account data. "false", if the consent is for one access to the account data. BOI Remarks: If false it means that the consent is valid for two hours from the moment of sending GET call (except get consent request and get consent status). example: false type: boolean remittanceInformationUnstructured: description: | Unstructured remittance information. example: Ref Number Merchant maxLength: 140 type: string remittanceInformationUnstructuredArray: description: | Array of unstructured remittance information. example: - Ref Number Merchant - Some Other Text items: $ref: '#/definitions/remittanceInformationUnstructured' type: array reportExchangeRate: description: Exchange Rate. properties: contractIdentification: maxLength: 35 type: string exchangeRate: type: string quotationDate: format: date type: string sourceCurrency: $ref: '#/definitions/currencyCode' targetCurrency: $ref: '#/definitions/currencyCode' unitCurrency: $ref: '#/definitions/currencyCode' required: - sourceCurrency - exchangeRate - unitCurrency - targetCurrency - quotationDate type: object reportExchangeRateList: description: Array of exchange rates. items: $ref: '#/definitions/reportExchangeRate' type: array scaAuthenticationData: description: | SCA authentication data, depending on the chosen authentication method. If the data is binary, then it is base64 encoded. type: string scaStatus: description: | This data element is containing information about the status of the SCA method applied. The following codes are defined for this data type. * 'received': An authorisation or cancellation-authorisation resource has been created successfully. * 'psuIdentified': The PSU related to the authorisation or cancellation-authorisation resource has been identified. * 'psuAuthenticated': The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. * 'unconfirmed': SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. * 'started': The addressed SCA routine has been started. * 'finalised': The SCA routine has been finalised successfully (including a potential confirmation command). This is a final status of the authorisation resource. * 'failed': The SCA routine failed. This is a final status of the authorisation resource. * 'exempted': SCA was exempted for the related transaction, the related authorisation is successful. This is a final status of the authorisation resource. enum: - received - psuIdentified - psuAuthenticated - started - unconfirmed - finalised - failed - exempted example: psuAuthenticated type: string scaStatusAuthorisationConfirmation: description: | This data element is containing information about the status of the SCA method in an authorisation confirmation response. The following codes are defined for this data type. * 'finalised': if the transaction authorisation and confirmation was successfule. * 'failed': if the transaction authorisation or confirmation was not successful. enum: - finalised - failed type: string scaStatusResponse: description: Body of the JSON response with SCA Status. properties: _links: $ref: '#/definitions/_linksAll' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatus' tppMessage: description: Messages to the TPP on operational issues. items: $ref: '#/definitions/tppMessageGeneric' type: array trustedBeneficiaryFlag: $ref: '#/definitions/trustedBeneficiaryFlag' required: - scaStatus type: object selectPsuAuthenticationMethod: description: | Content of the body of a Select PSU authentication method request properties: authenticationMethodId: $ref: '#/definitions/authenticationMethodId' required: - authenticationMethodId type: object selectPsuAuthenticationMethodResponse: description: Body of the JSON response for a successful select PSU authentication method request. properties: _links: $ref: '#/definitions/_linksSelectPsuAuthenticationMethod' currencyConversionFees: $ref: '#/definitions/amount' estimatedInterbankSettlementAmount: $ref: '#/definitions/amount' estimatedTotalAmount: $ref: '#/definitions/amount' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatus' transactionFees: $ref: '#/definitions/amount' required: - scaStatus type: object standingOrderDetails: description: | Details of underlying standing orders. properties: endDate: $ref: '#/definitions/endDate' executionRule: $ref: '#/definitions/executionRule' frequency: $ref: '#/definitions/frequencyCode' startDate: $ref: '#/definitions/startDate' withinAMonthFlag: description: | This element is only used in case of frequency equals "Monthly". If this element equals false it has no effect. If this element equals true, then the execution rule is overruled if the day of execution would fall into a different month using the execution rule. Example: executionRule equals "preceding", dayOfExecution equals "02" and the second of a month is a Sunday. In this case, the transaction date would be on the last day of the month before. This would be overruled if withinAMonthFlag equals true and the payment is processed on Monday the third of the Month. Remark: This attribute is rarely supported in the market. type: boolean required: - startDate - frequency type: object startDate: description: | The first applicable day of execution starting from this date is the first payment. format: date type: string startScaprocessResponse: description: Body of the JSON response for a Start SCA authorisation request. properties: _links: $ref: '#/definitions/_linksStartScaProcess' authorisationId: $ref: '#/definitions/authorisationId' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatus' required: - scaStatus - authorisationId - _links type: object terminalId: description: Identification of the Terminal, where the card has been used. maxLength: 35 type: string tppErrorDetail: description: | Detailed human readable text specific to this instance of the error. XPath might be used to point to the issue generating the error in addition. Remark for Future: In future, a dedicated field might be introduced for the XPath. maxLength: 500 type: string tppErrorTitle: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. maxLength: 70 type: string tppMessage201PaymentInitiation: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode201PaymentInitiation' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage2XX: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode2XX' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage400_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode400_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage400_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode400_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage400_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode400_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage400_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode400_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage401_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode401_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage401_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode401_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage401_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode401_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage401_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode401_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage403_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode403_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage403_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode403_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage403_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode403_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage403_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode403_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage404_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode404_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage404_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode404_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage404_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode404_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage404_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode404_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405_PIS_CANC: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405_PIS_CANC' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage405_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode405_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage406_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode406_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage409_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode409_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage409_PIIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode409_PIIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage409_PIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode409_PIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage409_SBS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode409_SBS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessage429_AIS: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode429_AIS' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessageCategory: description: Category of the TPP message category. enum: - ERROR - WARNING type: string tppMessageGeneric: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/tppMessageCategory' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessageInitiationStatusResponse-200: properties: category: $ref: '#/definitions/tppMessageCategory' code: $ref: '#/definitions/MessageCode200InitiationStatus' path: type: string text: $ref: '#/definitions/tppMessageText' required: - category - code type: object tppMessageText: description: Additional explaining text to the TPP. maxLength: 500 type: string transactionAuthorisation: description: | Content of the body of a transaction authorisation request properties: scaAuthenticationData: $ref: '#/definitions/scaAuthenticationData' required: - scaAuthenticationData type: object transactionDate: description: Date of the actual card transaction. format: date type: string transactionDetailsBody: description: Transaction details. properties: transactionDetails: $ref: '#/definitions/transactions' required: - transactionDetails type: object transactionFeeIndicator: description: | If equals 'true', the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals 'false', the transaction will not involve additional specific transaction costs to the PSU unless the fee amount is given specifically in the data elements transactionFees and/or currencyConversionFees. If this data element is not used, there is no information about transaction fees unless the fee amount is given explicitly in the data element transactionFees and/or currencyConversionFees. type: boolean transactionId: description: | This identification is given by the attribute transactionId of the corresponding entry of a transaction list. example: 3dc3d5b3-7023-4848-9853-f5400a64e80f type: string transactionList: description: Array of transaction details. items: $ref: '#/definitions/transactions' type: array transactionStatus: description: | The transaction status is filled with codes of the ISO 20022 data table: - 'ACCC': 'AcceptedSettlementCompleted' - Settlement on the creditor's account has been completed. - 'ACCP': 'AcceptedCustomerProfile' - Preceding check of technical validation was successful. Customer profile check was also successful. - 'ACSC': 'AcceptedSettlementCompleted' - Settlement on the debtor�s account has been completed. **Usage:** this can be used by the first agent to report to the debtor that the transaction has been completed. **Warning:** this status is provided for transaction status reasons, not for financial information. It can only be used after bilateral agreement. - 'ACSP': 'AcceptedSettlementInProcess' - All preceding checks such as technical validation and customer profile were successful and therefore the payment initiation has been accepted for execution. - 'ACTC': 'AcceptedTechnicalValidation' - Authentication and syntactical and semantical validation are successful. - 'ACWC': 'AcceptedWithChange' - Instruction is accepted but a change will be made, such as date or remittance not sent. - 'ACWP': 'AcceptedWithoutPosting' - Payment instruction included in the credit transfer is accepted without being posted to the creditor customer�s account. - 'RCVD': 'Received' - Payment initiation has been received by the receiving agent. - 'PDNG': 'Pending' - Payment initiation or individual transaction included in the payment initiation is pending. Further checks and status update will be performed. - 'RJCT': 'Rejected' - Payment initiation or individual transaction included in the payment initiation has been rejected. - 'CANC': 'Cancelled' Payment initiation has been cancelled before execution Remark: This codeis accepted as new code by ISO20022. - 'ACFC': 'AcceptedFundsChecked' - Preceding check of technical validation and customer profile was successful and an automatic funds check was positive . Remark: This code is accepted as new code by ISO20022. - 'PATC': 'PartiallyAcceptedTechnical' Correct The payment initiation needs multiple authentications, where some but not yet all have been performed. Syntactical and semantical validations are successful. Remark: This code is accepted as new code by ISO20022. - 'PART': 'PartiallyAccepted' - A number of transactions have been accepted, whereas another number of transactions have not yet achieved 'accepted' status. Remark: This code may be used only in case of bulk payments. It is only used in a situation where all mandated authorisations have been applied, but some payments have been rejected. enum: - ACCC - ACCP - ACSC - ACSP - ACTC - ACWC - ACWP - RCVD - PDNG - RJCT - CANC - ACFC - PATC - PART example: ACCP type: string transactions: description: Transaction details. properties: _links: $ref: '#/definitions/_linksTransactionDetails' additionalInformation: $ref: '#/definitions/additionalInformation' additionalInformationStructured: $ref: '#/definitions/additionalInformationStructured' balanceAfterTransaction: $ref: '#/definitions/balance' bankTransactionCode: $ref: '#/definitions/bankTransactionCode' batchIndicator: description: | If this indicator equals true, then the related entry is a batch entry. type: boolean batchNumberOfTransactions: description: | Shall be used if and only if the batchIndicator is contained and equals true. type: integer bookingDate: $ref: '#/definitions/bookingDate' checkId: description: Identification of a Cheque. maxLength: 35 type: string creditorAccount: $ref: '#/definitions/accountReference' creditorAgent: $ref: '#/definitions/bicfi' creditorId: $ref: '#/definitions/creditorId' creditorName: $ref: '#/definitions/creditorName' currencyExchange: $ref: '#/definitions/reportExchangeRateList' debtorAccount: $ref: '#/definitions/accountReference' debtorAgent: $ref: '#/definitions/bicfi' debtorName: $ref: '#/definitions/debtorName' endToEndId: description: Unique end to end identity. maxLength: 35 type: string entryDetails: $ref: '#/definitions/entryDetails' entryReference: $ref: '#/definitions/entryReference' mandateId: description: Identification of Mandates, e.g. a SEPA Mandate ID. maxLength: 35 type: string proprietaryBankTransactionCode: $ref: '#/definitions/proprietaryBankTransactionCode' purposeCode: $ref: '#/definitions/purposeCode' remittanceInformationUnstructured: $ref: '#/definitions/remittanceInformationUnstructured' remittanceInformationUnstructuredArray: $ref: '#/definitions/remittanceInformationUnstructuredArray' transactionAmount: $ref: '#/definitions/amount' transactionId: $ref: '#/definitions/transactionId' ultimateCreditor: $ref: '#/definitions/ultimateCreditor' ultimateDebtor: $ref: '#/definitions/ultimateDebtor' valueDate: description: The Date at which assets become available to the account owner in case of a credit, or cease to be available to the account owner in case of a debit entry. **Usage:** If entry status is pending and value date is present, then the value date refers to an expected/requested value date. format: date type: string required: - transactionAmount type: object transactionsResponse-200_json: description: | Body of the JSON response for a successful read transaction list request. This account report contains transactions resulting from the query parameters. properties: _links: $ref: '#/definitions/_linksPagination' account: $ref: '#/definitions/accountReference' balances: $ref: '#/definitions/balanceList' transactions: $ref: '#/definitions/accountReport' required: - account - transactions type: object trustedBeneficiaryFlag: description: | Additional Service: Trusted Benificiaries Within this data element, the ASPSP might optionally communicate towards the TPP whether the creditor was part of the related trusted beneficiary list. This attribute is only contained in case of a final scaStatus. example: false type: boolean ultimateCreditor: description: Ultimate creditor. example: Ultimate Creditor maxLength: 70 type: string ultimateDebtor: description: Ultimate debtor. example: Ultimate Debtor maxLength: 70 type: string updatePsuAuthenticationResponse: description: Body of the JSON response for a successful update PSU authentication request. properties: authorisationId: $ref: '#/definitions/authorisationId' currencyConversionFees: $ref: '#/definitions/amount' estimatedInterbankSettlementAmount: $ref: '#/definitions/amount' estimatedTotalAmount: $ref: '#/definitions/amount' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatus' transactionFees: $ref: '#/definitions/amount' required: - scaStatus type: object updatePsuIdenticationResponse: description: Body of the JSON response for a successful update PSU identification request. properties: _links: $ref: '#/definitions/_linksUpdatePsuIdentification' currencyConversionFees: $ref: '#/definitions/amount' estimatedInterbankSettlementAmount: $ref: '#/definitions/amount' estimatedTotalAmount: $ref: '#/definitions/amount' psuMessage: $ref: '#/definitions/psuMessageText' scaStatus: $ref: '#/definitions/scaStatus' transactionFees: $ref: '#/definitions/amount' required: - _links - scaStatus type: object validUntil: description: | This parameter is defining a valid until date (including the mentioned date) for the requested consent. The content is the local ASPSP date in ISO-Date format, e.g. 2017-10-30. Future dates might get adjusted by ASPSP. If a maximal available date is requested, a date in far future is to be used: "9999-12-31". In both cases the consent object to be retrieved by the get consent request will contain the adjusted date. example: "2020-12-31" format: date type: string tags: [] x-components: parameters: Authorization: description: | This field might be used in case where a consent was agreed between ASPSP and PSU through an OAuth2 based protocol, facilitated by the TPP. in: header name: Authorization required: false schema: $ref: '#/definitions/authorization' Digest: description: Is contained if and only if the "Signature" element is contained in the header of the request. in: header name: Digest required: true type: string x-example: SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A= PSU-Accept: description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept required: false type: string PSU-Accept-Charset: description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Charset required: false type: string PSU-Accept-Encoding: description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Encoding required: false type: string PSU-Accept-Language: description: | The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-Accept-Language required: false type: string PSU-Corporate-ID: description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. in: header name: PSU-Corporate-ID pattern: ^[A-Z]{2}[-]\d{9,10}|\d{9,10}$ required: false type: string PSU-Corporate-ID-Type: description: | Might be mandated in the ASPSP's documentation. Only used in a corporate context. in: header maxLength: 512 name: PSU-Corporate-ID-Type required: false type: string PSU-Device-ID: description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID needs to be unaltered until removal from device. format: uuid in: header name: PSU-Device-ID required: false type: string x-example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 PSU-Device-ID_conditional: description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. example: 99435c7e-ad88-49ec-a2ad-99ddcb1f5555 in: header name: PSU-Device-ID required: false schema: format: uuid type: string PSU-Geo-Location: description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. in: header name: PSU-Geo-Location pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ required: false type: string x-example: GEO:52.506931;13.144558 PSU-Geo-Location_conditional: description: | The forwarded Geo Location of the corresponding http request between PSU and TPP if available. example: GEO:52.506931;13.144558 in: header name: PSU-Geo-Location required: false schema: pattern: ^GEO:-?[0-9]{1,2}\.[0-9]{6};-?[0-9]{1,3}\.[0-9]{6}$ type: string PSU-Http-Method: description: | HTTP method used at the PSU ? TPP interface, if available. Valid values are: * GET * POST * PUT * PATCH * DELETE enum: - GET - POST - PUT - PATCH - DELETE in: header name: PSU-Http-Method required: false type: string PSU-ID: description: | BOI-REMARK - The PSU id number or passport number. Possible values are: * ID = only digits. * Passport = 2 characters ISO 3166 country code + '-' + Passport number. in: header name: PSU-ID pattern: ^([0-9]{9}|[A-Za-z]{2}-([A-Za-z0-9]){1,16})$ required: true type: string x-example: IL-12345678945 PSU-ID-Type: description: | BOI-REMARK - Specific brands or channels of the ASPSP only in case there is more than one. Possible values should be found in ASPSP's documentation and get approved in advance by BOI. in: header maxLength: 512 name: PSU-ID-Type required: false type: string PSU-IP-Address_conditionalForAis: description: | The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 PSU-IP-Address_mandatory: description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. If not available, the TPP shall use the IP Address used by the TPP when submitting this request. format: ipv4 in: header name: PSU-IP-Address required: true type: string x-example: 192.168.8.78 PSU-IP-Address_optional: description: | The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. format: ipv4 in: header name: PSU-IP-Address required: false type: string x-example: 192.168.8.78 PSU-IP-Port: description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. in: header maxLength: 5 name: PSU-IP-Port required: false type: string x-example: "1234" PSU-IP-Port_mandatory: description: | The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. example: "1234" in: header name: PSU-IP-Port required: false schema: maxLength: 5 type: string PSU-User-Agent: description: | The forwarded Agent header field of the HTTP request between PSU and TPP, if available. in: header maxLength: 1024 name: PSU-User-Agent required: false type: string Signature: description: | A signature of the request by the TPP on application level. This might be mandated by ASPSP. in: header name: Signature required: true type: string x-example: | keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE",algorithm="rsa-sha256", headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date", signature="Base64(RSA-SHA256(signing string))" TPP-Brand-Logging-Information: description: | This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP. in: header name: TPP-Brand-Logging-Information required: false type: string TPP-Decoupled-Preferred: description: | If it equals "true", the TPP prefers a decoupled SCA approach. If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. The parameter might be ignored by the ASPSP. If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. **Remark for Future:** TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility. in: header name: TPP-Decoupled-Preferred required: false type: boolean TPP-Explicit-Authorisation-Preferred: description: | If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. in: header name: TPP-Explicit-Authorisation-Preferred required: false type: boolean TPP-Nok-Redirect-URI: description: | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. format: uri in: header maxLength: 2048 name: TPP-Nok-Redirect-URI required: false type: string TPP-Notification-Content-Preferred: description: | The string has the form status=X1, ..., Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the of following semantics: SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP. PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP. LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP. This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP. in: header maxLength: 2048 name: TPP-Notification-Content-Preferred required: false type: string TPP-Notification-URI: description: | URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply. format: uri in: header maxLength: 2048 name: TPP-Notification-URI required: false type: string TPP-Notification-URI_mandatory: description: | URI for the Endpoint of the TPP-API to which the status of the consent status should be sent. For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies: URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant. Wildcard definitions shall be taken into account for compliance checks by the ASPSP. ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply. format: uri in: header maxLength: 2048 name: TPP-Notification-URI required: true type: string TPP-Redirect-Preferred: description: | BOI-REMARK- If it equals "false" , the ASPSP has to choose Decoupled SCA approach if supported by the ASPSP for the related PSU, because Embedded does not supported. ASPSP not supporting Decoupled SCA approach can ignore this attribute. in: header name: TPP-Redirect-Preferred required: false type: boolean TPP-Redirect-URI: description: | URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. **Remark for Future:** This field might be changed to mandatory in the next version of the specification. format: uri in: header maxLength: 2048 name: TPP-Redirect-URI required: false type: string TPP-Rejection-NoFunds-Preferred: description: | If it equals "true" then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals "false" then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter might be ignored by the ASPSP. in: header name: TPP-Rejection-NoFunds-Preferred required: false type: boolean TPP-Signature-Certificate: description: | The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. format: byte in: header name: TPP-Signature-Certificate required: true type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. format: uuid in: header name: X-Request-ID required: true type: string x-example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 accountId: description: | This identification is denoting the addressed (card) account. The account-id is retrieved by using a "Read Account List" or "Read Card Account list" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent. in: path name: account-id required: true type: string authorisationId: description: Resource identification of the related SCA. in: path name: authorisationId required: true type: string bookingStatusCard: description: | Permitted codes are * "booked", * "pending", * "both", "booked" shall be supported by the ASPSP. To support the "pending" and "both" feature is optional for the ASPSP, Error code if not supported in the online banking frontend. If supported, "both" means to request transaction reports of transaction of bookingStatus either "pending" or "booked". enum: - booked - pending - both in: query name: bookingStatus required: true type: string bookingStatusGeneric: description: | Permitted codes are * "booked", * "pending", * "both", * "information" and * "all" "booked" shall be supported by the ASPSP. To support the "pending" and "both" feature is optional for the ASPSP, Error code if not supported in the online banking frontend. If supported, "both" means to request transaction reports of transaction of bookingStatus either "pending" or "booked". To support the "information" feature is optional for the ASPSP. Currently the booking status “information” only covers standing orders. Error code if not supported. To support the "all" feature is optional for the ASPSP, Error code if not supported. If supported, "all" means to request transaction reports of transaction of any bookingStatus ("pending", "booked" or "information"). enum: - information - booked - pending - both - all in: query name: bookingStatus required: true type: string consentId_HEADER_mandatory: description: | This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: true type: string consentId_HEADER_optional: description: | This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the consentId of the related AIS consent, which was performed prior to this payment initiation. in: header maxLength: 512 name: Consent-ID required: false type: string consentId_PATH: description: | ID of the corresponding consent object as returned by an account information consent request. in: path maxLength: 512 name: consentId required: true type: string dateFrom: description: | Conditional: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required and if bookingStatus does not equal "information". For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. BOI remarks: the minimum value can be at least 12 month prior to "now". In case of exception from the minimum value the response will be only for the minimum period. format: date in: query name: dateFrom required: true type: string dateTo: description: | End date (inclusive the data dateTo) of the transaction list, default is "now" if not given. Might be ignored if a delta function is used. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. BOI-REMARK: ASPSP must support this option for account-id/transactions format: date in: query name: dateTo required: false type: string deltaList: description: |- This data attribute is indicating that the AISP is in favour to get all transactions after the last report access for this PSU on the addressed account. This is another implementation of a delta access-report. This delta indicator might be rejected by the ASPSP if this function is not supported. Optional if supported by API provider in: query name: deltaList type: boolean entryReferenceFrom: description: | This data attribute is indicating that the AISP is in favour to get all transactions after the transaction with identification entryReferenceFrom alternatively to the above defined period. This is a implementation of a delta access. If this data element is contained, the entries "dateFrom" and "dateTo" might be ignored by the ASPSP if a delta report is supported. Optional if supported by API provider. in: query name: entryReferenceFrom required: false type: string paymentId: description: Resource identification of the generated payment initiation resource. in: path name: paymentId required: true type: string paymentProduct: description: | The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported. The following payment products are supported: - "masav" - "zahav" - "fp" **Remark:** For all SEPA Credit Transfer based endpoints which accept XML encoding, the XML pain.001 schemes provided by EPC are supported by the ASPSP as a minimum for the body content. Further XML schemes might be supported by some communities. **Remark:** For cross-border and TARGET-2 payments only community wide pain.001 schemes do exist. There are plenty of country specificic scheme variants. enum: - masav - zahav - fp in: path name: payment-product required: true type: string paymentService: description: | Payment service: Possible values are: * payments * bulk-payments * periodic-payments enum: - payments - bulk-payments - periodic-payments in: path name: payment-service required: true type: string transactionId: description: | This identification is given by the attribute transactionId of the corresponding entry of a transaction list. in: path name: transactionId required: true type: string withBalanceQuery: description: | If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP. in: query name: withBalance required: false type: boolean responses: BAD_REQUEST_400_AIS: content: application/json: schema: $ref: '#/definitions/Error400_NG_AIS' description: Bad Request headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' BAD_REQUEST_400_PIIS: content: application/json: schema: $ref: '#/definitions/Error400_NG_AIS' description: Bad Request headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' BAD_REQUEST_400_PIS: content: application/json: schema: $ref: '#/definitions/Error400_NG_PIS' description: Bad Request headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CONFLICT_409_AIS: content: application/json: schema: $ref: '#/definitions/Error409_NG_AIS' description: Conflict headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CONFLICT_409_PIIS: content: application/json: schema: $ref: '#/definitions/Error409_NG_PIIS' description: Conflict headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CONFLICT_409_PIS: content: application/json: schema: $ref: '#/definitions/Error409_NG_PIS' description: Conflict headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CONFLICT_409_SBS: content: application/json: schema: $ref: '#/definitions/Error409_NG_SBS' description: Conflict headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CREATED_201_Consents: content: application/json: examples: Response in case of the OAuth2 approach with an implicit generated authorisation resource: $ref: '#/x-components/examples/consentResponseExample2_OAuth2' Response in case of the decoupled approach: $ref: '#/x-components/examples/consentResponseExample3_Decoupled' schema: $ref: '#/definitions/consentsResponse-201' description: Created headers: ASPSP-Notification-Content: $ref: '#/x-components/headers/ASPSP-Notification-Content' ASPSP-Notification-Support: $ref: '#/x-components/headers/ASPSP-Notification-Support' ASPSP-SCA-Approach: $ref: '#/x-components/headers/ASPSP-SCA-Approach' Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CREATED_201_PaymentInitiation: content: application/json: examples: Response in case of an OAuth2 SCA approach approach with implicitly creating an authorisation sub-resource: $ref: '#/x-components/examples/paymentInitiationExample_json_OAuth2' ? Response in case of the decoupled approach with explicit start of authorisation needed (will be done with the update PSU identification function) : $ref: '#/x-components/examples/paymentInitiationExample_json_Decoupled' schema: $ref: '#/definitions/paymentInitationRequestResponse-201' description: CREATED headers: ASPSP-Notification-Content: $ref: '#/x-components/headers/ASPSP-Notification-Content' ASPSP-Notification-Support: $ref: '#/x-components/headers/ASPSP-Notification-Support' ASPSP-SCA-Approach: $ref: '#/x-components/headers/ASPSP-SCA-Approach' Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' CREATED_201_StartScaProcess: content: application/json: examples: 'Example 1: payments - Decoupled Approach': $ref: '#/x-components/examples/startScaProcessResponseExample1' schema: $ref: '#/definitions/startScaprocessResponse' description: Created headers: ASPSP-SCA-Approach: $ref: '#/x-components/headers/ASPSP-SCA-Approach' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' FORBIDDEN_403_AIS: content: application/json: schema: $ref: '#/definitions/Error403_NG_AIS' description: Forbidden headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' FORBIDDEN_403_PIIS: content: application/json: schema: $ref: '#/definitions/Error403_NG_PIIS' description: Forbidden headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' FORBIDDEN_403_PIS: content: application/json: schema: $ref: '#/definitions/Error403_NG_PIS' description: Forbidden headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' FORBIDDEN_403_SBS: content: application/json: schema: $ref: '#/definitions/Error403_NG_SBS' description: Forbidden headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' INTERNAL_SERVER_ERROR_500_AIS: description: Internal Server Error headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' INTERNAL_SERVER_ERROR_500_PIIS: description: Internal Server Error headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' INTERNAL_SERVER_ERROR_500_PIS: description: Internal Server Error headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' INTERNAL_SERVER_ERROR_500_SBS: description: Internal Server Error headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' METHOD_NOT_ALLOWED_405_AIS: content: application/json: schema: $ref: '#/definitions/Error405_NG_AIS' description: Method Not Allowed headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' METHOD_NOT_ALLOWED_405_PIIS: content: application/json: schema: $ref: '#/definitions/Error405_NG_PIIS' description: Method Not Allowed headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' METHOD_NOT_ALLOWED_405_PIS: content: application/json: schema: $ref: '#/definitions/Error405_NG_PIS' description: Method Not Allowed headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' METHOD_NOT_ALLOWED_405_PIS_CANC: content: application/json: schema: $ref: '#/definitions/Error405_NG_PIS_CANC' description: Method Not Allowed headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' METHOD_NOT_ALLOWED_405_SBS: content: application/json: schema: $ref: '#/definitions/Error405_NG_SBS' description: Method Not Allowed headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_ACCEPTABLE_406_AIS: content: application/json: schema: $ref: '#/definitions/Error406_NG_AIS' description: Not Acceptable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_ACCEPTABLE_406_PIIS: description: Not Acceptable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_ACCEPTABLE_406_PIS: description: Not Acceptable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_ACCEPTABLE_406_SBS: description: Not Acceptable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_FOUND_404_AIS: content: application/json: schema: $ref: '#/definitions/Error404_NG_AIS' description: Not found headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_FOUND_404_PIIS: content: application/json: schema: $ref: '#/definitions/Error404_NG_PIIS' description: Not found headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_FOUND_404_PIS: content: application/json: schema: $ref: '#/definitions/Error404_NG_PIS' description: Not found headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NOT_FOUND_404_SBS: content: application/json: schema: $ref: '#/definitions/Error404_NG_SBS' description: Not found headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NO_CONTENT_204_Consents: description: No Content headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NO_CONTENT_204_PaymentInitiationCancel: description: No Content headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' NO_CONTENT_204_SigningBasket: description: No Content headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_AccountDetails: content: application/json: examples: Multicurrency Account: $ref: '#/x-components/examples/accountDetailsMulticurrencyAccount' Regular Account: $ref: '#/x-components/examples/accountDetailsRegularAccount' schema: properties: account: $ref: '#/definitions/accountDetails' required: - account type: object description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_AccountList: content: application/json: examples: Example 1: $ref: '#/x-components/examples/accountListExample1' Example 2: $ref: '#/x-components/examples/accountListExample2' Example 3: $ref: '#/x-components/examples/accountListExample3' schema: $ref: '#/definitions/accountList' description: OK. In case, no account is accessible, the ASPSP shall return an empty array. As this is also considered a positive response, the Response code must still be 200. headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_AccountsTransactions: content: application/json: examples: Example 1: $ref: '#/x-components/examples/transactionsExample1_RegularAccount_json' Example 2: $ref: '#/x-components/examples/transactionsExample2_paging_json' Example 3: $ref: '#/x-components/examples/transactionsExample3_MulticurrencyAccount_json' schema: $ref: '#/definitions/transactionsResponse-200_json' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_Authorisations: content: application/json: examples: Example: $ref: '#/x-components/examples/authorisationListExample' schema: $ref: '#/definitions/authorisations' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_Balances: content: application/json: examples: 'Example 1: Regular Account': $ref: '#/x-components/examples/balancesExample1_RegularAccount' 'Example 2: Multicurrency Account': $ref: '#/x-components/examples/balancesExample2_MulticurrencyAcount' 'Example 3:': $ref: '#/x-components/examples/balancesExample3_RegularAccount' schema: $ref: '#/definitions/readAccountBalanceResponse-200' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_CardAccountBalances: content: application/json: examples: 'Example:': $ref: '#/x-components/examples/balancesExample_CardAccount' schema: $ref: '#/definitions/readCardAccountBalanceResponse-200' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_CardAccountDetails: content: application/json: examples: Card Account: $ref: '#/x-components/examples/cardAccountDetailsExample' schema: properties: cardAccount: $ref: '#/definitions/cardAccountDetails' required: - cardAccount type: object description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_CardAccountList: content: application/json: examples: Example 1: $ref: '#/x-components/examples/cardAccountListExample1' schema: $ref: '#/definitions/cardAccountList' description: OK. In case, no card-account is accessible, the ASPSP shall return an empty array. As this is also considered a positive response, the Response Code must still be 200. headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_CardAccountsTransactions: content: application/json: schema: $ref: '#/definitions/cardAccountsTransactionsResponse200' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_ConsentInformation: content: application/json: examples: Example: $ref: '#/x-components/examples/consentsInformationResponseExample' schema: $ref: '#/definitions/consentInformationResponse-200_json' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_ConsentStatus: content: application/json: examples: Example: $ref: '#/x-components/examples/consentStatusResponseExample1' schema: $ref: '#/definitions/consentStatusResponse-200' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_PaymentInitiationInformation: content: application/json: schema: oneOf: - $ref: '#/definitions/paymentInitiationWithStatusResponse' - $ref: '#/definitions/periodicPaymentInitiationWithStatusResponse' - $ref: '#/definitions/bulkPaymentInitiationWithStatusResponse' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_PaymentInitiationStatus: content: application/json: examples: extended: $ref: '#/x-components/examples/paymentInitiationStatusResponse_json_Extended' simple: $ref: '#/x-components/examples/paymentInitiationStatusResponse_json_Simple' schema: $ref: '#/definitions/paymentInitiationStatusResponse-200_json' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_ScaStatus: content: application/json: schema: $ref: '#/definitions/scaStatusResponse' description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_TransactionDetails: content: application/json: examples: Example: $ref: '#/x-components/examples/transactionDetailsExample' schema: properties: transactionsDetails: $ref: '#/definitions/transactionDetailsBody' required: - transactionsDetails type: object description: OK headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' OK_200_UpdatePsuData: content: application/json: examples: Authorisation confirmation: $ref: '#/x-components/examples/authorisationConfirmationResponseExample' schema: oneOf: - $ref: '#/definitions/authorisationConfirmationResponse' description: OK headers: ASPSP-SCA-Approach: $ref: '#/x-components/headers/ASPSP-SCA-Approach' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' RECEIVED_202_PaymentInitiationCancel: content: application/json: examples: Example: $ref: '#/x-components/examples/paymentInitiationCancelResponse-202' schema: $ref: '#/definitions/paymentInitiationCancelResponse-202' description: Received headers: X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' REQUEST_TIMEOUT_408_AIS: description: Request Timeout headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' REQUEST_TIMEOUT_408_PIIS: description: Request Timeout headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' REQUEST_TIMEOUT_408_PIS: description: Request Timeout headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' REQUEST_TIMEOUT_408_SBS: description: Request Timeout headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' SERVICE_UNAVAILABLE_503_AIS: description: Service Unavailable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' SERVICE_UNAVAILABLE_503_PIIS: description: Service Unavailable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' SERVICE_UNAVAILABLE_503_PIS: description: Service Unavailable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' SERVICE_UNAVAILABLE_503_SBS: description: Service Unavailable headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' TOO_MANY_REQUESTS_429_AIS: content: application/json: schema: $ref: '#/definitions/Error429_NG_AIS' description: Too Many Requests headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' TOO_MANY_REQUESTS_429_PIIS: description: Too Many Requests headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' TOO_MANY_REQUESTS_429_PIS: description: Too Many Requests headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' TOO_MANY_REQUESTS_429_SBS: description: Too Many Requests headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNAUTHORIZED_401_AIS: content: application/json: schema: $ref: '#/definitions/Error401_NG_AIS' description: Unauthorized headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNAUTHORIZED_401_PIIS: content: application/json: schema: $ref: '#/definitions/Error401_NG_PIIS' description: Unauthorized headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNAUTHORIZED_401_PIS: content: application/json: schema: $ref: '#/definitions/Error401_NG_PIS' description: Unauthorized headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNAUTHORIZED_401_SBS: content: application/json: schema: $ref: '#/definitions/Error401_NG_SBS' description: Unauthorized headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNSUPPORTED_MEDIA_TYPE_415_AIS: description: Unsupported Media Type headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNSUPPORTED_MEDIA_TYPE_415_PIIS: description: Unsupported Media Type headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNSUPPORTED_MEDIA_TYPE_415_PIS: description: Unsupported Media Type headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' UNSUPPORTED_MEDIA_TYPE_415_SBS: description: Unsupported Media Type headers: Location: $ref: '#/x-components/headers/Location' X-Request-ID: $ref: '#/x-components/headers/X-Request-ID' examples: accountDetailsMulticurrencyAccount: description: Account details for a multicurrency account. value: account: _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions cashAccountType: CACC currency: XXX iban: FR7612345987650123456789014 name: Aggregation Account ownerName: Heike Mustermann product: Multicurrency Account resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80f accountDetailsRegularAccount: description: Account details for a regular Account. value: account: _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions cashAccountType: CACC currency: EUR iban: FR7612345987650123456789014 name: Main Account ownerName: Heike Mustermann product: Girokonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80f accountListExample1: description: Response in case of an example, where the consent has been given on two different IBANs. summary: Account list Example 1 value: accounts: - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances transactions: href: v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions cashAccountType: CACC currency: EUR iban: DE2310010010123456789 name: Main Account product: Girokonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80f - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81e/balances cashAccountType: CACC currency: USD iban: DE2310010010123456788 name: US Dollar Account product: Fremdwährungskonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e81e accountListExample2: description: | Response in case of an example where consent on transactions and balances has been given to a multicurrency account which has two sub-accounts with currencies EUR and USD, and where the ASPSP is giving the data access only on sub-account level. summary: Account list Example 2 value: accounts: - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions cashAccountType: CACC currency: EUR iban: DE2310010010123456788 name: Main Account product: Girokonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80f - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81e/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81e/transactions cashAccountType: CACC currency: USD iban: DE2310010010123456788 name: US Dollar Account product: Fremdwährungskonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e81e accountListExample3: description: | Account list response in case of an example where consent on balances and transactions has been given to a multicurrency account which has two sub-accounts with currencies EUR and USD and where the ASPSP is giving the data access on aggregation level and on sub-account level. summary: Account list Example 3 value: accounts: - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e333/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e333/transactions cashAccountType: CACC currency: XXX iban: DE2310010010123456788 name: Aggregation Account product: Multi currency account resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80f - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80e/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80e/transactions cashAccountType: CACC currency: EUR iban: DE2310010010123456788 name: Main Account product: Girokonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e80e - _links: balances: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81d/balances transactions: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81d/transactions cashAccountType: CACC currency: USD iban: DE2310010010123456788 name: US Dollar Account product: Fremdwährungskonto resourceId: 3dc3d5b3-7023-4848-9853-f5400a64e81d authorisationConfirmationExample_Redirect: description: Authorisation confirmation request body for the redirect approach. value: confirmationCode: 2256ffgh authorisationConfirmationResponseExample: description: Response of an authorisation confirmation request. value: _links: status: href: /v1/payments/masav/qwer3456tzui7890/status scaStatus: finalised authorisationListExample: value: authorisationIds: - 123auth456 balancesExample1_RegularAccount: description: Response for a read balance request in case of a regular account. value: account: iban: FR7612345987650123456789014 balances: - balanceAmount: amount: "500.00" currency: EUR balanceType: closingBooked referenceDate: "2017-10-25" - balanceAmount: amount: "900.00" currency: EUR balanceType: expected lastChangeDateTime: "2017-10-25T15:30:35.035Z" balancesExample2_MulticurrencyAcount: description: | Response in case of a multicurrency account with one account in EUR, one in USD, where the ASPSP has delivered a link to the balance endpoint relative to the aggregated multicurrency account (aggregation level). value: balances: - balanceAmount: amount: "500.00" currency: EUR balanceType: closingBooked referenceDate: "2017-10-25" - balanceAmount: amount: "900.00" currency: EUR balanceType: expected lastChangeDateTime: "2017-10-25T15:30:35.035Z" - balanceAmount: amount: "350.00" currency: USD balanceType: closingBooked referenceDate: "2017-10-25" - balanceAmount: amount: "350.00" currency: USD balanceType: expected lastChangeDateTime: "2017-10-24T14:30:21Z" balancesExample3_RegularAccount: description: Response in case of a regular account where the corresponding balances in the online channel is reported independently from account statements with fixed dates, i.e. always displaying running balance for current time. value: balances: - balanceAmount: amount: "1000.00" currency: EUR balanceType: interimBooked - balanceAmount: amount: "300.00" currency: EUR balanceType: interimAvailable - balanceAmount: amount: "5300.00" currency: EUR balanceType: interimAvailable creditLimitIncluded: true balancesExample_CardAccount: description: | Response in case of card account balance request. value: balances: - balanceAmount: amount: "14355.78" currency: EUR balanceType: interimBooked - balanceAmount: amount: "4175.86" currency: EUR balanceType: nonInvoiced cardAccount: maskedPan: 525412******3241 cardAccountDetailsExample: description: | Card account details example. summary: Card account details example 1 value: cardAccount: _links: transactions: href: /v1/card-accounts/3d9a81b3-a47d-4130-8765-a9c0ff861b99/transactions balances: - balanceAmount: amount: "14355.78" currency: EUR balanceType: interimBooked - balanceAmount: amount: "4175.86" currency: EUR balanceType: nonInvoiced creditLimit: amount: "15000" currency: EUR currency: EUR maskedPan: 525412******3241 name: Main ownerName: Heike Mustermann product: Basic Credit resourceId: 3d9a81b3-a47d-4130-8765-a9c0ff861b99 status: enabled cardAccountListExample1: description: | Card account list example. summary: Card account list example 1 value: cardAccounts: - _links: transactions: href: /v1/card-accounts/3d9a81b3-a47d-4130-8765-a9c0ff861b99/transactions balances: - balanceAmount: amount: "14355.78" currency: EUR balanceType: interimBooked - balanceAmount: amount: "4175.86" currency: EUR balanceType: nonInvoiced creditLimit: amount: "15000" currency: EUR currency: EUR maskedPan: 525412******3241 name: Main product: Basic Credit resourceId: 3d9a81b3-a47d-4130-8765-a9c0ff861b99 status: enabled confirmationOfFundsExample: description: Request body for a confirmation of funds. value: account: iban: DE23100120020123456789 cardNumber: "12345678901234" instructedAmount: amount: "123" currency: EUR confirmationOfFundsResponseExample: description: Response for a confirmation of funds request. value: fundsAvailable: "true" consentResponseExample2_OAuth2: description: Response in case of the OAuth2 approach with an implicit generated authorisation resource. value: _links: scaOAuth: href: https://www.testbank.com/oauth/.well-known/oauth-authorization-server scaStatus: href: /v1/consents/1234-wertiq-983/authorisations/123auth567 self: href: /v1/consents/1234-wertiq-983 consentId: 1234-wertiq-983 consentStatus: received consentResponseExample3_Decoupled: description: Response in case of the decoupled approach. value: _links: startAuthorisationWithPsuIdentification: href: /psd2/v1/consents/1234-wertiq-983/authorisations consentId: 1234-wertiq-983 consentStatus: received consentResponseExample4_Embedded: description: Response in case of the embedded approach. value: _links: self: href: /v1.0.8/consents/1234-wertiq-983 consentId: 1234-wertiq-983 consentStatus: received consentStatusResponseExample1: description: Response for a consent status request. value: consentStatus: valid consentsExample_AccountList: description: Consent on account list of available accounts. value: access: availableAccounts: allAccounts frequencyPerDay: 100 recurringIndicator: "false" validUntil: "2017-08-06" consentsExample_DedicatedAccounts: description: Consent request on dedicated accounts. value: access: balances: - iban: DE40100100103307118608 - currency: ILS iban: DE02100100109307118603 - iban: DE67100100101306118605 transactions: - iban: DE40100100103307118608 frequencyPerDay: 100 recurringIndicator: "true" validUntil: "2017-11-01" consentsExample_without_Accounts: description: Consent request on account list or without indication of accounts. value: access: balances: [] transactions: [] frequencyPerDay: 100 recurringIndicator: "true" validUntil: "2017-11-01" consentsInformationResponseExample: description: Consent request on account list or without indication of accounts. value: _links: account: href: /v1/accounts access: balances: - iban: DE2310010010123456789 transactions: - iban: DE2310010010123456789 consentStatus: valid frequencyPerDay: 100 recurringIndicator: "true" validUntil: "2017-11-01" ibanExampleDe_01: value: DE02100100109307118603 ibanExampleDe_02: value: DE23100120020123456789 ibanExampleDe_03: value: DE40100100103307118608 ibanExampleDe_04: value: DE67100100101306118605 ibanExampleDe_05: value: DE87200500001234567890 ibanExampleFr_01: value: FR7612345987650123456789014 ibanExampleNl_01: value: NL76RABO0359400371 ibanExampleSe_01: value: SE9412309876543211234567 maskedPanExample: value: 123456xxxxxx1234 paymentInitiationCancelResponse-202: value: _links: self: href: /v1/payments/123456scheduled789 startAuthorisation: href: /v1/payments/123456scheduled789/cancellation-authorisations status: href: /v1/payments/123456scheduled789/status transactionStatus: ACTC paymentInitiationExample_json_Decoupled: description: Response in case of the decoupled approach with explicit start of authorisation needed value: _links: self: href: /v1/payments/1234-wertiq-983 startAuthorisationWithPsuIdentification: href: /v1/payments/1234-wertiq-983/authorisations paymentId: 1234-wertiq-983 transactionStatus: RCVD paymentInitiationExample_json_OAuth2: description: Response in case of an OAuth2 SCA approach approach with implicitly creating an authorisation sub-resource value: _links: scaOAuth: href: https://www.testbank.com/oauth/.well-known/oauth-authorization-server scaStatus: href: /v1/payments/1234-wertiq-983/authorisations/123auth456 self: href: /v1/payments/1234-wertiq-983 status: href: /v1/payments/1234-wertiq-983/status paymentId: 1234-wertiq-983 transactionStatus: RCVD paymentInitiationSctBody_bulk-payments_json: value: batchBookingPreferred: "true" debtorAccount: iban: DE40100100103307118608 paymentInformationId: my-bulk-identification-1234 payments: - creditorAccount: iban: DE02100100109307118603 creditorName: Merchant123 instructedAmount": amount: "123.50" currency: EUR remittanceInformationUnstructured: Ref Number Merchant 1 - creditorAccount: iban: FR7612345987650123456789014 creditorName: Merchant456 instructedAmount": amount: "34.10" currency: EUR remittanceInformationUnstructured: Ref Number Merchant 2 requestedExecutionDate: "2018-08-01" paymentInitiationSctBody_payments_json: value: creditorAccount: iban: DE02100100109307118603 creditorName: Merchant123 debtorAccount: iban: DE40100100103307118608 instructedAmount: amount: "123.50" currency: EUR remittanceInformationUnstructured: Ref Number Merchant paymentInitiationSctBody_periodic-payments_json: value: creditorAccount: iban: DE23100120020123456789 creditorName: Merchant123 dayOfExecution: "01" debtorAccount: iban: DE40100100103307118608 executionRule: preceding frequency: Monthly instructedAmount: amount: "123" currency: EUR remittanceInformationUnstructured: Ref Number Abonnement startDate: "2018-03-01" paymentInitiationStatusResponse_json_Extended: value: | { "transactionStatus": "ACCP", "scaStatus": "received" } paymentInitiationStatusResponse_json_Simple: value: transactionStatus: ACCP startScaProcessResponseExample1: value: _links: scaStatus: href: /v1/payments/qwer3456tzui7890/authorisations/123auth456 authorisationId: 123auth456 psuMessage: Please use your BankApp for transaction Authorisation. scaStatus: received transactionAuthorisationResponseExample: description: Response of a Transaction Authorisation request for the embedded approach. value: scaStatus: finalised transactionDetailsExample: description: Example for transaction details. value: transactionsDetails: bankTransactionCode: PMNT-RDDT-ESDD bookingDate: "2017-10-25" creditorAccount: iban: DE67100100101306118605 creditorName: John Miles mandateId: Mandate-2018-04-20-1234 remittanceInformationUnstructured: Example 1 transactionAmount: amount: "-256.67" currency: EUR transactionId: "1234567" valueDate: "2017-10-26" transactionsExample1_RegularAccount_json: description: Response in JSON format for an access on a regular account. value: account: iban: DE2310010010123456788 transactions: _links: account: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f booked: - bookingDate: "2017-10-25" creditorAccount: iban: DE67100100101306118605 creditorName: John Miles remittanceInformationUnstructured: Example 1 transactionAmount: amount: "256.67" currency: EUR transactionId: "1234567" valueDate: "2017-10-26" - bookingDate: "2017-10-25" debtorAccount: iban: NL76RABO0359400371 debtorName: Paul Simpson remittanceInformationUnstructured: Example 2 transactionAmount: amount: "343.01" currency: EUR transactionId: "1234568" valueDate: "2017-10-26" pending: - creditorAccount: iban: FR7612345987650123456789014 creditorName: Claude Renault remittanceInformationUnstructured: Example 3 transactionAmount: amount: "-100.03" currency: EUR transactionId: "1234569" valueDate: "2017-10-26" transactionsExample2_paging_json: description: Response in case of data paging. value: _links: first: href: /v1/accounts/12345678991/transactions last: href: /v1/accounts/12345678999/transactions next: href: /v1/accounts/12345678995/transactions previous: href: /v1/accounts/12345678993/transactions transactionsExample3_MulticurrencyAccount_json: description: Response in JSON format for an access on a multicurrency account on aggregation level value: account: iban: DE40100100103307118608 transactions: _links: account: href: /v1/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f booked: - bookingDate: "2017-10-25" creditorAccount: iban: DE67100100101306118605 creditorName: John Miles remittanceInformationUnstructured: Example 1 transactionAmount: amount: "-256.67" currency: EUR transactionId: "1234567" valueDate: "2017-10-26" - bookingDate: "2017-10-25" debtorAccount: iban: NL76RABO0359400371 debtorName: Paul Simpson remittanceInformationUnstructured: Example 2 transactionAmount: amount: "343.01" currency: EUR transactionId: "1234568" valueDate: "2017-10-26" - bookingDate: "2017-10-25" debtorAccount: iban: SE9412309876543211234567 debtorName: Pepe Martin remittanceInformationUnstructured: Example 3 transactionAmount: amount: "100" currency: USD transactionId: "1234569" valueDate: "2017-10-26" pending: - creditorAccount: iban: FR7612345987650123456789014 creditorName: Claude Renault remittanceInformationUnstructured: Example 4 transactionAmount: amount: "-100.03" currency: EUR transactionId: "1234570" valueDate: "2017-10-26" updatePsuIdentificationResponseExample_Decoupled_payments: description: Response of an update PSU identification for a payment initiation request for the decoupled approach. value: _links: scaStatus: href: /v1/payments/qwer3456tzui7890/authorisations/123auth456 psuMessage: Please use your BankApp for transaction Authorisation. scatransactionStatus: psuIdentified uuidExample: value: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 headers: ASPSP-Multiple-Consent-Support: description: | true if the ASPSP supports the Multiple Consent Service. false if the ASPSP does not support the Multiple Consent Service. If not provided, this also implies that the ASPSP does not support the Multiple Consent Service. required: false schema: type: boolean ASPSP-Notification-Content: description: | The string has the form status=X1, …, Xn where Xi is one of the constants SCA, PROCESS, LAST and where constants are not repeated. The usage of the constants supports the following semantics SCA - Notification on every change of the scaStatus attribute for all related authorisation processes is provided by the ASPSP for the related resource. PROCESS - Notification on all changes of consentStatus or transactionStatus attributes is provided by the ASPSP for the related resource LAST - Notification on the last consentStatus or transactionStatus as available in the XS2A interface is provided by the ASPSP for the related resource. This field must be provided if the ASPSP-Notification-Support=true. The ASPSP might consider the notification content as preferred by the TPP, but can also respond independently of the preferred request required: false schema: type: string ASPSP-Notification-Support: description: | true if the ASPSP supports resource status notification services. false if the ASPSP supports resource status notification in general, but not for the current request. Not used, if resource status notification services are generally not supported by the ASPSP. Shall be supported if the ASPSP supports resource status notification services. required: false schema: type: boolean ASPSP-SCA-Approach: description: | This data element must be contained, if the SCA Approach is already fixed. Possible values are * DECOUPLED * REDIRECT The OAuth SCA approach will be subsumed by REDIRECT. required: false schema: enum: - DECOUPLED - REDIRECT example: REDIRECT type: string Location: description: | Location of the created resource. required: false schema: format: url type: string X-Request-ID: description: ID of the request, unique to the call, as determined by the initiating party. example: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721 required: true schema: format: uuid type: string requestBodies: consents: content: application/json: examples: Consent Request on Account List or without Indication of dedicated Accounts: $ref: '#/x-components/examples/consentsExample_without_Accounts' Consent Request on Dedicated Accounts: $ref: '#/x-components/examples/consentsExample_DedicatedAccounts' Consent on Account List of Available Accounts: $ref: '#/x-components/examples/consentsExample_AccountList' schema: $ref: '#/definitions/consents' description: | Request body for a consents request. paymentInitiation: content: application/json: examples: 'Example 1: ''payments'' ': $ref: '#/x-components/examples/paymentInitiationSctBody_payments_json' 'Example 2: ''periodic-payments'' - ''masav': $ref: '#/x-components/examples/paymentInitiationSctBody_periodic-payments_json' 'Example 3: ''bulk-payments'' - ''masav''': $ref: '#/x-components/examples/paymentInitiationSctBody_bulk-payments_json' schema: oneOf: - $ref: '#/definitions/paymentInitiation_json' - $ref: '#/definitions/periodicPaymentInitiation_json' - $ref: '#/definitions/bulkPaymentInitiation_json' description: | JSON request body for a payment inition request message. There are the following payment-products supported: * "masav" with JSON-Body * "zahav" with JSON-Body * "FP" with JSON-Body There are the following payment-services supported: * "payments" * "bulk-payments" - optional * "periodic-payments" - optional All optional, conditional and predefined but not yet used fields are defined. x-ibm-endpoints: - endpointUrl: https://mtls-api.discountbank.co.il/prod/d type: - production - development ...