openapi: 3.0.1
info:
title: Consent registration API Specification
description: OpenAPI for Account consent registration API Specification
version: tmsx_1
paths:
/account-access-consents:
post:
tags:
- Account Access
summary: Create Account Access Consents
operationId: CreateAccountAccessConsents
parameters:
- $ref: '#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
- $ref: '#/components/parameters/Authorization'
responses:
'201':
$ref: '#/components/responses/201AccountAccessConsentsCreated'
'400':
$ref: '#/components/responses/400Error'
'401':
$ref: '#/components/responses/401Error'
'403':
$ref: '#/components/responses/403Error'
'404':
$ref: '#/components/responses/404Error'
'405':
$ref: '#/components/responses/405Error'
'406':
$ref: '#/components/responses/406Error'
'429':
$ref: '#/components/responses/429Error'
'500':
$ref: '#/components/responses/500Error'
security:
- TPPOAuth2Security:
- accounts
requestBody:
$ref: '#/components/requestBodies/OBReadConsent1Param'
components:
parameters:
ConsentId:
name: ConsentId
in: path
description: ConsentId
required: true
schema:
type: string
Authorization:
in: header
name: Authorization
required: true
description: 'An Authorisation Token as per https://tools.ietf.org/html/rfc6750'
schema:
type: string
x-customer-user-agent:
in: header
name: x-customer-user-agent
description: Indicates the user-agent that the PSU is using.
required: false
schema:
type: string
x-fapi-customer-ip-address:
in: header
name: x-fapi-customer-ip-address
required: false
description: The PSU's IP address if the PSU is currently logged in with the TPP.
schema:
type: string
x-fapi-auth-date:
in: header
name: x-fapi-auth-date
required: false
description: >-
The time when the PSU last logged in with the TPP.
All dates in the HTTP headers are represented as RFC 7231 Full Dates. An
example is below:
Sun, 10 Sep 2017 19:43:31 UTC
schema:
type: string
pattern: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-interaction-id:
in: header
name: x-fapi-interaction-id
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
x-idempotency-key:
name: x-idempotency-key
in: header
description: |
Every request will be processed only once per x-idempotency-key. The
Idempotency Key will be valid for 24 hours.
required: true
schema:
type: string
pattern: ^(?!\s)(.*)(\S)$
maxLength: 40
x-jws-signature:
in: header
name: x-jws-signature
required: true
description: A detached JWS signature of the body of the payload.
schema:
type: string
requestBodies:
OBReadConsent1Param:
description: Default
content:
application/json:
schema:
$ref: '#/components/schemas/OBReadConsent1'
required: true
responses:
201AccountAccessConsentsCreated:
description: Account Access Consents Created
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/OBReadConsentResponse1'
400Error:
description: Bad request
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse1'
401Error:
description: Unauthorized
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
403Error:
description: Forbidden
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse1'
404Error:
description: Not found
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
405Error:
description: Method Not Allowed
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
406Error:
description: Not Acceptable
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
415Error:
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
429Error:
description: Too Many Requests
headers:
Retry-After:
description: Number in seconds to wait
schema:
type: integer
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
500Error:
description: Internal Server Error
headers:
x-fapi-interaction-id:
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse1'
schemas:
CreationDateTime:
description: >-
Date and time at which the resource was created.All dates in the JSON
payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example
is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
ISODateTime:
description: >-
All dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An example
is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
Links:
type: object
description: Links relevant to the payload
properties:
Self:
type: string
format: uri
First:
type: string
format: uri
Prev:
type: string
format: uri
Next:
type: string
format: uri
Last:
type: string
format: uri
additionalProperties: false
required:
- Self
Meta:
title: MetaData
type: object
description: Meta Data relevant to the payload
properties:
TotalPages:
type: integer
format: int32
FirstAvailableDateTime:
$ref: '#/components/schemas/ISODateTime'
LastAvailableDateTime:
$ref: '#/components/schemas/ISODateTime'
additionalProperties: false
OBError1:
type: object
properties:
ErrorCode:
description: 'Low level textual error code, e.g., UK.OBIE.Field.Missing'
type: string
x-namespaced-enum:
- Field.Expected
- Field.Invalid
- Field.InvalidDate
- Field.Missing
- Field.Unexpected
- Header.Invalid
- Header.Missing
- Reauthenticate
- Resource.ConsentMismatch
- Resource.InvalidConsentStatus
- Resource.InvalidFormat
- Resource.NotFound
- Rules.AfterCutOffDateTime
- Rules.DuplicateReference
- Signature.Invalid
- Signature.InvalidClaim
- Signature.Malformed
- Signature.Missing
- Signature.MissingClaim
- Signature.Unexpected
- UnexpectedError
- Unsupported.AccountIdentifier
- Unsupported.AccountSecondaryIdentifier
- Unsupported.Currency
- Unsupported.Frequency
- Unsupported.LocalInstrument
- Unsupported.Scheme
Message:
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
OBIE doesn't standardise this field
type: string
minLength: 1
maxLength: 500
Path:
description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
type: string
minLength: 1
maxLength: 500
Url:
description: >-
URL to help remediate the problem, or provide more information, or
to API Reference, or help etc
type: string
required:
- ErrorCode
- Message
additionalProperties: false
minProperties: 1
OBErrorResponse1:
description: >-
An array of detail error codes, and messages, and URLs to documentation
to help remediation.
type: object
properties:
Code:
description: 'High level textual error code, to help categorize the errors.'
type: string
minLength: 1
maxLength: 40
Id:
description: >-
A unique reference for the error instance, for audit purposes, in
case of unknown/unclassified errors.
type: string
minLength: 1
maxLength: 40
Message:
description: >-
Brief Error message, e.g., 'There is something wrong with the
request parameters provided'
type: string
minLength: 1
maxLength: 500
Errors:
items:
$ref: '#/components/schemas/OBError1'
type: array
minItems: 1
required:
- Code
- Message
- Errors
additionalProperties: false
OBReadConsent1:
type: object
required:
- Data
- Risk
properties:
Data:
type: object
required:
- Permissions
properties:
Permissions:
type: array
items:
description: >-
Specifies the Open Banking account access data types. This is
a list of the data clusters being consented by the PSU, and
requested for authorisation with the ASPSP.
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadDirectDebits
- ReadOffers
- ReadPAN
- ReadParty
- ReadPartyPSU
- ReadProducts
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadStatementsBasic
- ReadStatementsDetail
- ReadTransactionsBasic
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadTransactionsDetail
minItems: 1
ExpirationDateTime:
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
TransactionFromDateTime:
description: >-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
TransactionToDateTime:
description: >-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
Risk:
$ref: '#/components/schemas/OBRisk2'
OBReadConsentResponse1:
type: object
required:
- Data
- Risk
properties:
Data:
type: object
required:
- ConsentId
- CreationDateTime
- Status
- StatusUpdateDateTime
- Permissions
properties:
ConsentId:
description: >-
Unique identification as assigned to identify the account access
consent resource.
type: string
minLength: 1
maxLength: 128
CreationDateTime:
$ref: '#/components/schemas/CreationDateTime'
Status:
description: Specifies the status of consent resource in code form.
type: string
enum:
- Authorised
- AwaitingAuthorisation
- Rejected
- Revoked
StatusUpdateDateTime:
$ref: '#/components/schemas/StatusUpdateDateTime'
Permissions:
type: array
items:
description: >-
Specifies the Open Banking account access data types. This is
a list of the data clusters being consented by the PSU, and
requested for authorisation with the ASPSP.
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadDirectDebits
- ReadOffers
- ReadPAN
- ReadParty
- ReadPartyPSU
- ReadProducts
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadStatementsBasic
- ReadStatementsDetail
- ReadTransactionsBasic
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadTransactionsDetail
minItems: 1
ExpirationDateTime:
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
TransactionFromDateTime:
description: >-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
TransactionToDateTime:
description: >-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time
Risk:
$ref: '#/components/schemas/OBRisk2'
Links:
$ref: '#/components/schemas/Links'
Meta:
$ref: '#/components/schemas/Meta'
OBRisk2:
description: >-
The Risk section is sent by the initiating party to the ASPSP. It is
used to specify additional details for risk scoring for Account Info.
type: object
properties: {}
additionalProperties: false
StatusUpdateDateTime:
description: >-
Date and time at which the resource status was updated.All dates in the
JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example
is below:
2017-04-05T10:43:07+00:00
type: string
format: date-time