openapi: 3.0.1
servers:
- url: https://{your<your-ozone-cm-serverx}
description: Consent manager for the tenant
server>
info:
title: Consent Manager Apis
description: |
This document provides the OAS3 specification for the APIs provided by the Ozone Consent Manager.
These APIs are implemented by Ozone and should be called by the financial institution to find, modify and delete consents.
contact: #### Changes in name: Ozone Financial Technology LimitedRelease 2024.34.1
version:* Release 2024.34
tags:
- name: consents
- name: consent-groups
- name: consents-by-psu
- name: consents-by-account
- name: payments
- name: actions
paths:
/consents:
post:
tags:CreditCard, PrePaidCard, EMoney, ChargeCard and Other enums have been removed from the AccountSubType.
* In AEAccountAccessConsentBody, Purpose field has been made mandatory and it has been made optional in AEInsuranceConsentBody.
* Amount field has been changed from number type to string.
* Amount, MaximumIndividualPaymentAmount -and consentsPeriodicSchedule have been made optional in MultiPayment.
summary:
Creates a new consent * In PeriodicSchedule, DefinedSchedule, FixedPeriodicSchedule and description:VariablePeriodicSchedule |have been made optional.
Used* byIn OzoneVariablePeriodicSchedule, toMaximumCumulativeValueOfPaymentsPerPeriodType createand aMaximumCumulativeNumberOfPaymentsPerPeriodType newhave consentbeen usingmade aoptional.
Heimdall interaction.
* In VariablePeriodicSchedule, Type field has been removed.
* In FilePayment, RequestedExecutionDateTime has been changed to RequestedExecutionDate
* In AEServiceInitiationDefinedSchedule, maxItems has been updated to 50
* ConnectToken has been added to cbuaePatchBody
* Refactored Security Scheme Objects to use common definitions across all API Hub APIs
* Implemented the correct Security Requirements for this API description, reflecting security patterns available in API Hub
* Added Rich Authorization Request (RAR) payload enumeration values for each consent type based on standards definitions
#### Changes in Release 2024.31.1
* Added the `authorizationChannel` field to the `patchConsent` and `getConsent` APIs
contact:
name: Ozone Financial Technology Limited
version: Version 2024.34.1
tags:
- name: consents
- name: consent-groups
- name: consents-by-psu
- name: consents-by-account
- name: payments
- name: actions
security:
- {}
- OzoneConnectJwtAuth: []
paths:
/consents:
post:
tags:
- consents
summary: Creates a new consent
description: |
Used by Ozone to create a new consent using a Heimdall interaction.
operationId: addConsent
requestBody:
description: |
Creates a new consent in the consent Manager.
The API is primararily used by Ozone for creating consents when requested by a TPPs.
Financial Institutions may use this end-point to import consents and for supporting externally managed consents. This is not part of the CBUAE standard.
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AuthorizationDetails"
responses:
'201':
description: |
Indicates the successful creation of a consent
content:
application/json:
schema:
$ref: "#/components/schemas/ConsentPostResponse"
'400':
description: |
Indicates a failure to create the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
get:
tags:
- consents
summary: Retrieves all the consents that meet the search criteria
description: |
Retrieves an array of consents that meets the search criteria.
If no consents could be found, then an empty array is returned.
This API may be used by an financial institution to get a "stream" of consents that have been created or updated since a given timestamp.
operationId: getAllConsents
parameters:
- name: updatedAt
in: query
schema:
type: number
required: false
description: |
Select only consents updated after the specified time
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
'200':
description: |
Successful response
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponse"
'400':
description: Indicates a failure to retrieve the consents
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consents/{consentId}:
get:
tags:
- consents
summary: Retrieve a consent by its id
description: Retrieves a consent by its id.
operationId: getConsentsByConsentId
parameters:
- $ref: "#/components/parameters/consentId"
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
required:
- data
- meta
properties:
data:
$ref: "#/components/schemas/consent"
meta:
$ref: "#/components/schemas/meta"
'400':
description: |
Indicates a failure to retrieve the consent
content:
application/json:
schema:
operationId$ref: addConsent"#/components/schemas/errorResponse"
patch:
requestBody: tags:
description: | - consents
summary: Patches Createsone aor newmore consentfields in thea consent
Manager. description: |
The API is primararily usedThis byoperation Ozoneallows foran creatingfinancial consentsinstitution whenmodify requestedfields bywithin a TPPs.consent's `consentBody`.
Typically, this API would Financialbe Institutionscalled mayafter usethe thisPSU end-pointhas toauthorised importa consentsconsent. andThis forwould
supporting externally managed consents. This is not part ofallow the CBUAEfinancial standard.institution to "patch in" the `psuIdentifier` and `accountIds` associated with the
required: true consent.
content: This is application/json:
also called as authentication progresses for a multi-auth consent.
schemaoperationId: patchConsent
parameters:
- $ref: "#/components/schemasparameters/AuthorizationDetailsconsentId"
responses:requestBody:
required: true
content:
'201' application/json:
description: | schema:
$ref: "#/components/schemas/cbuaePatchBody"
Indicates the successful creation of a consentresponses:
'204':
content: description: |
application/json: Indicates a successful operation.
schema: The response does not have a $ref: "#/components/schemas/ConsentPostResponse"
body.
'400':
description: |
Indicates a failure to createpatch the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consents/{consentId}/audit:
get:
tags:
- consents
summary: RetrievesRetrieve an allaudit theof consentsa thatconsent meetby the searchconsent's criteriaid
description:
| Retrieves an arrayaudit of consentsa thatconsent meetsby the searchconsent's criteriaid.
The audit log is a If no consents could be found, then an empty array is returned.
low-level record of all changes applied to a Consent
throughout its life-cycle
operationId: getAuditConsentsByConsentId
This APIparameters:
may be used by an financial institution to get- a$ref: "stream" of consents that have been created or updated since a given timestamp.#/components/parameters/consentId"
responses:
'200':
operationId: getAllConsentsdescription: successful operation
parameterscontent:
- nameapplication/json:
updatedAt in: query schema:
schema: type: object
type: number required:
false description: | - data
Select only consents updated after the specified time - meta
- $ref: "#/components/parameters/consentType" - $ref: "#/components/parameters/status"
properties:
- $ref: "#/components/parameters/page" - $refdata:
"#/components/parameters/pageSize" responses: '200': type: array
description: | Successful responseitems:
content: application/jsontype: object
schema: required:
$ref: "#/components/schemas/multiConsentResponse" '400': - providerId
description: Indicates a failure to retrieve the consents content: - operation
application/json: schema: - timestamp
$ref: "#/components/schemas/errorResponse" /consents/{consentId}: get: - fkMongoId
tags: - consents summary: Retrieve a consent- byfkId
its id description: Retrieves a consent by its id. operationId: getConsentsByConsentId - id
parameters: - $ref: "#/components/parameters/consentId" responses: - ozoneInteractionId
'200': description: successful operation properties:
content: application/json: providerId:
schema: type: objectstring
required: description: |
- data - metaThe provider id of the financial institution that made the change
properties: dataoperation:
$ref: "#/components/schemas/consent" type: string
meta: description: |
$ref: "#/components/schemas/meta" '400': description: |
Like "create" or "patch"
Indicates a failure to retrieve the consent timestamp:
content: application/json: type: integer
schema: $ref: "#/components/schemas/errorResponse" patchfkMongoId:
tags: - consents summarytype: string
Patches one or more fields in a consent description: | This operation allowsdescription: an|
financial institution modify fields within a consent's `consentBody`. Typically, this API would be called after the PSU has authorised aA consent.unique Thisidentifier wouldfor the audit log in mongodb
allow the financial institution to "patch in" the `psuIdentifier` and `accountIds` associated with the consent.fkId:
This is also called as authentication progresses for a multi-auth consent. operationIdtype: string
patchConsent parameters: - $ref: "#/components/parameters/consentId" requestBodydescription: |
required: true content: A application/json:
unique identifier for the consentId
schema: $refid:
"#/components/schemas/cbuaePatchBody" responses: '204': type: string
description: | Indicates a successful operation. description: |
The response does not have a body. '400': A description:unique |identifier for the audit log
Indicates a failure to patch the consent contentozoneInteractionId:
application/json: type: schema:string
$ref: "#/components/schemas/errorResponse" /consents/{consentId}/audit: getdescription: |
tags: - consents summary: Retrieve an audit of a consentThe by the consent'sozone interaction id assigned to the interaction that caused description:this changed. Useful for looking up the api-log.
Retrieves an audit of a consent by the consent's id. The audit log is a low-level record of all changesNote applied- tothis ais Consentnot the "heimdall Interaction Id" - this is an throughoutidentifier itsfor life-cyclethe API log
operationId: getAuditConsentsByConsentId parameters: - $ref: "#/components/parameters/consentId"
callerDetails:
responses: '200': descriptiontype: successfulobject
operation content: application/json: description: |
schema: type:The objectdetails of the API caller that made the change
required: additionalProperties: -false
data - meta properties:
properties: callerOrgId:
data: type: array type: string
items: callerClientId:
type: object requiredtype: string
- providerId callerSoftwareStatementId:
- operation type: string
- timestamp patchFilter:
- fkMongoId type: string
- fkId description: |
- id Low-level operation description of the selector for the patch
-
ozoneInteractionId propertiespatch:
providerId type: string
typedescription: string|
description: |Low-level operation description of the patch that was applied at the storage level
The provider id ofmeta:
the financial institution that made the change $ref: "#/components/schemas/meta"
'400':
operation: description: |
Indicates a failure to type:retrieve stringthe consent's audit trail
content:
descriptionapplication/json:
| schema:
Like "create" or "patch"
$ref: "#/components/schemas/errorResponse"
/consent-groups/{consentGroupId}/consents:
get:
tags:
- consent-groups
timestampsummary: Retrieves consents within a consent group
description: |
Retrieves an array of type:consents integerthat are within a consent group.
If no consents could be found, then an empty array is fkMongoId:returned.
For CBUAE, a consent group id is the `BaseConsentId`
typeoperationId: stringgetConsentsInConsentGroup
parameters:
- name: consentGroupId
description: | in: path
schema:
type: string
A unique identifier for the audit log in mongodb required: true
description: |
fkId: Select consents within the consentGroupId
- $ref: "#/components/parameters/consentType"
- type$ref: string"#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
description: | responses:
'200':
description: |
A unique identifier for the consentId Successful response
content:
idapplication/json:
schema:
type: string $ref: "#/components/schemas/multiConsentResponse"
'400':
description: |Indicates a failure to retrieve the consents
content:
A unique identifier for the audit log application/json:
schema:
ozoneInteractionId: $ref: "#/components/schemas/errorResponse"
/psu/{userId}/consents:
get:
tags:
type: string - consents-by-psu
summary: Retrieves all the consents associated with a given PSU
description: |
Retrieves an array of consents associated with the PSU.
If no Theconsents ozonecould interactionbe idfound assignedassociated towith the PSU, then interactionan thatempty causedarray thisis changedreturned.
Useful
for looking up the api-log. The userId path parameter is matched with the `psuIdentifiers.userId` field in the consent.
operationId: getConsents
Noteparameters:
- this is not the "heimdall Interaction Id" - this is an identifier for the API log$ref: "#/components/parameters/userId"
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- callerDetails$ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
type: object '200':
description: |
Successful description:response
| content:
application/json:
The details of the API caller that made the changeschema:
$ref: "#/components/schemas/multiConsentResponse"
additionalProperties'400':
false description: Indicates a failure to retrieve the consents
propertiescontent:
application/json:
callerOrgIdschema:
$ref: "#/components/schemas/errorResponse"
/accounts/{accountId}/consents:
get:
typetags:
string - consents-by-account
summary: Retrieve consents of a account by its id
callerClientIddescription: |
Retrieve consents of a account by its id
operationId: getAccountIdConsents
typeparameters:
string - name: accountId
in: path
callerSoftwareStatementId schema:
type: string
required: true
type: string description: Identifier for the account
- $ref: "#/components/parameters/consentType"
patchFilter: - $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- type$ref: string"#/components/parameters/pageSize"
responses:
'200':
description: |Successful response
content:
application/json:
Low-level operation description of the selector for the patch schema:
$ref: "#/components/schemas/multiConsentResponse"
patch'400':
description: |
Indicates a type:failure stringto create the consent
content:
descriptionapplication/json:
| schema:
Low-level operation description of the patch that was applied at the storage level$ref: "#/components/schemas/errorResponse"
/consent-groups/{consentGroupId}/consents/action/revoke:
post:
tags:
- actions
meta: summary: Revokes consents within a consent group
description: |
$ref: "#/components/schemas/meta" Revokes consents that are '400':within a consent group.
descriptionoperationId: |revokeConsentsInConsentGroup
parameters:
Indicates a failure to retrieve- the consent's audit trailname: consentGroupId
contentin: path
application/jsonschema:
type: string
schema: required: true
$ref: "#/components/schemas/errorResponse" /consent-groups/{consentGroupId}/consentsdescription: |
get: tags: Select consents within the consentGroupId
- consent-groups summary: Retrieves consents within a consent grouprequestBody:
description: |
Retrieves anAn arrayend-point offor consentsrevoking thata areconsent within a consent group.
If no consents could be found, then an empty arrayThis is returned.similar in behaviour to the consent revocation endpoint, but operates For CBUAE,on a consent group id isparameter theinstead
`BaseConsentId` operationIdrequired: true
getConsentsInConsentGroup parameterscontent:
- nameapplication/json:
consentGroupId inschema:
path schema: $ref: "#/components/schemas/RevokeConsent"
typeresponses:
string required'204':
true
description: |
SelectIndicates consentsa withinsuccessful theoperation.
consentGroupId - $ref: "#/components/parameters/consentType"
The response does not have a body.
- $ref: "#/components/parameters/status" - $ref: "#/components/parameters/page"'400':
- $refdescription: "#/components/parameters/pageSize"
responses:Indicates a failure to revoke the consent
'200'content:
description: | application/json:
Successful response schema:
content: $ref: "#/components/schemas/errorResponse"
application/json/consents/{consentId}/action/revoke:
post:
schematags:
- actions
$refsummary: "#/components/schemas/multiConsentResponse"
'400':Revoke a consent by its id
description:
description: Indicates a failure to retrieveRevokes thea consentsconsent by its id along with any associated access and refresh content:tokens.
This API is application/json:used by ozone internally to revoke consents.
schema: The API should be used by a financial institution to revoke consents (rather than simply patching $ref: "#/components/schemas/errorResponse"
/psu/{userId}/consents:
get:the consent) to also revoke the tokens associated with the consent
tagsoperationId: revokeConsentsByConsentId
parameters:
- consents-by-psu - summary$ref: Retrieves all the consents associated with a given PSU"#/components/parameters/consentId"
requestBody:
description: |
Retrieves an arrayAn ofend-point consentsfor associatedrevoking witha the PSUconsent.
required: If notrue
consents could be found associated with the PSU, thencontent:
an empty array is returned. application/json:
The userId path parameter is matched with the `psuIdentifiers.userId` fieldschema:
in the consent. operationId: getConsents $ref: "#/components/schemas/RevokeConsent"
parameters: responses:
- $ref: "#/components/parameters/userId" '204':
- $ref: "#/components/parameters/consentType" description: |
- $ref: "#/components/parameters/status" Indicates a -successful $ref: "#/components/parameters/page"operation.
- $ref: "#/components/parameters/pageSize"
responses: The response does not have a body.
'200400':
description: |
Successful responseIndicates a failure to revoke the consent
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponseerrorResponse"
/payment-log:
'400'get:
tags:
description: Indicates a failure to retrieve- thepayments
consents summary: Retrieve a payment log content:by its consent id or account id
application/jsonoperationId: getAuditConsentsByConsentIdw
description: |
schema: Either one of the query parameters can be used, not both.
$refparameters: "#/components/schemas/errorResponse"
/accounts/{accountId}/consents- name: consentId
get: tagsin: query
- consents-by-account schema:
summary: Retrieve consents of a accounttype: bystring
its id description: | required: true
Retrieve consents of a accountdescription: by|
its id operationId: getAccountIdConsents Identifier for the consent
parameters:
- name: accountId
in: pathquery
schema:
type: string
required: true
description: |
Identifier for the account
responses:
- $ref: "#/components/parameters/consentType" '200':
- $refdescription: "#/components/parameters/status" successful operation
- $refcontent: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"application/json:
responsesschema:
'200': type: object
description: Successful response contentrequired:
application/json: - data
schema: - meta
$ref: "#/components/schemas/multiConsentResponse" '400':properties:
description: | data:
Indicates a failure to create the consent type: array
content: application/json: items:
schema: type: object
$ref: "#/components/schemas/errorResponse" /consent-groups/{consentGroupId}/consents/action/revoke: post: tags: required:
- actions summary: Revokes consents within a consent group - consentId
description: | Revokes consents that are within a consent group. - paymentType
operationId: revokeConsentsInConsentGroup parameters: - name: consentGroupId - paymentId
in: path schema: - idempotencyKey
type: string required: true - paymentResponse
description: | Select consents within the consentGroupId - tpp
requestBody: description: | An end-point accountId
for revoking a consent within a consent group. This is similar in behaviour- topsuIdentifiers
the consent revocation endpoint, but operates on a consent group id parameter instead required: true - interactionId
content: application/json: - authorizationCode
schema: $ref: "#/components/schemas/RevokeConsent" - requestBody
responses: '204': description: | - requestHeaders
Indicates a successful operation. properties:
The response does not have a body. '400': consentId:
description: Indicates a failure to revoke the consent content: type: string
application/json: schema: description: |
$ref: "#/components/schemas/errorResponse" /consents/{consentId}/action/revoke: post: tags: A ConsentId generated by the financial institution -for actionsthe consent.
summary: Revoke a consent by its id description: paymentType:
Revokes a consent by its id along with any associated access and refresh tokens. This API istype: usedstring
by ozone internally to revoke consents. The API should be used by a financial institution to revoke consentsdescription: (rather|
than simply patching the consent) to also revoke the tokens associated with the consent operationId: revokeConsentsByConsentId The parameters:underlying payment type
- $ref: "#/components/parameters/consentId" requestBody: description: | For example,
An end-point for revoking a consent. required: true content: - cbuae-payment (Single Instant Payment, Multi Payment - Fixed and application/json:Variable Recurring Payment, Future Dated Payment etc)
schema: $ref: "#/components/schemas/RevokeConsent" responses:
- cbuae-file-payment
'204': description: | paymentId:
Indicates a successful operation. The response does not havetype: astring
body.
'400': description: | idempotencyKey:
Indicates a failure to revoke the consent contenttype: string
application/json: schemapaymentResponse:
$ref: "#/components/schemas/errorResponse" /payment-log: gettype: object
tags: - payments summary: Retrieve a paymentdescription: log|
by its consent id or account id operationId: getAuditConsentsByConsentIdw description: | The payment response Eitheras onereceived offrom the queryfinancial parametersinstitution canas bea used,result notof both.a `make-payment` call
parameters: - name: consentId inproperties:
query schema: type: string id:
required: true description: | type: string
Identifier for the consent - name: accountId in: query description: |
schema: type: string A required:unique trueid for the payment in uuid-v4 format.
description: | Identifier for the account responsesstatus:
'200': description: successful operation contenttype: string
application/json: schema: description: |
type: object required: The current status of the payment
- data -enum:
meta properties: - "Pending"
data: type: array - "AcceptedSettlementCompleted"
items: - "AcceptedCreditSettlementCompleted"
type: object required: - "AcceptedWithoutPosting"
- consentId - "Rejected"
- paymentType - "Received"
-
paymentId - idempotencyKey creationDateTime:
- paymentResponse type: string
- tpp pattern: ($date-time)
- accountId description: |
- psuIdentifiers - interactionId An ISO date-time representing when the consent was created
- authorizationCode statusUpdateDateTime:
- requestBody type: string
- requestHeaders propertiespattern: ($date-time)
consentId: description: |
type: string An ISO date-time representing when the consent status was last updated
description: | signedResponse:
A ConsentId generated by the financial institution for the consent. type: string
paymentType: tpp:
type: string $ref: "#/components/schemas/tpp"
description: | accountId:
The underlying payment type type: integer
ForpsuIdentifiers:
example, $ref: "#/components/schemas/psuIdentifiers"
- cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc) interactionId:
- cbuae-file-payment$ref: "#/components/schemas/apiLogInteractionId"
paymentIdauthorizationCode:
type: stringobject
idempotencyKey: properties:
type: string paymentId:
paymentResponse: type: string
type: object accessTokenHash:
description: | type: string
The payment response as received from the financial institution as a result of a `make-payment` call currentDateTime:
properties: type: string
id: pattern: ($date-time)
type: string requestBody:
description: |$ref: "#/components/schemas/AEPaymentAndFilePaymentRequest"
signedRequestBody:
A unique id for the payment in uuid-v4 format. type: string
status: requestHeaders:
type: string type: object
description: |
The entire set of Http request headers that was Thereceived currentby statusOzone offrom the payment TPP
additionalProperties: true
enum: meta:
-$ref: "Pending#/components/schemas/meta"
'400':
description: |
- "AcceptedSettlementCompleted"Indicates a failure to retrieve the payments
content:
application/json:
- "AcceptedCreditSettlementCompleted" schema:
$ref: "#/components/schemas/errorResponse"
/payment- "AcceptedWithoutPosting"
log/{id}:
patch:
tags:
- payments
summary: Patches one or more fields in a payment-log "Rejected"based on id .
description: |
This operation allows an modify fields within a payment's `paymentResponse`.
- "Received" This is used by the financial institutions to update the status of a payment
operationId: patchPymentlog
creationDateTime: parameters:
- $ref: "#/components/parameters/id"
requestBody:
typerequired: stringtrue
content:
application/json:
patternschema:
($date-time) $ref: "#/components/schemas/CbuaePatchPaymentRecordBody"
responses:
description'204':
| description: |
Indicates a successful operation.
An ISO date-time representing when the consent wasThe createdresponse does not have a body.
'400':
statusUpdateDateTimedescription: |
Indicates a failure to retrieve the payments
typecontent:
string application/json:
schema:
pattern: ($date-time) $ref: "#/components/schemas/errorResponse"
components:
schemas:
errorResponse:
descriptiontype: |object
properties:
errorCode:
type: string
An ISO date-time representing when the consentdescription: statusError wascode lastidentifying updatedthe problem occured
errorMessage:
type: string
signedResponse: description: Message describing what problem has occured
meta:
type: stringobject
additionalProperties: false
apiLogInteractionId:
type: object
tpp: properties:
ozoneInteractionId:
type: string
$ref: "#/components/schemas/tpp" clientInteractionId:
type: string
accountIdadditionalProperties: false
required:
- ozoneInteractionId
typetpp:
integer type: object
description: |
The TPP psuIdentifiers:record as held by Ozone.
If Ozone TPP Connect has been integrated into $ref: "#/components/schemas/psuIdentifiers"
a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format.
interactionIdrequired:
- clientId
- orgId
$ref: "#/components/schemas/apiLogInteractionId" - softwareStatementId
- tppName
properties:
authorizationCode: clientId:
type: string
typedescription: objectThe clientId for the TPP as issued by Ozone
orgId:
propertiestype: string
description: The organization id for the TPP
paymentIdsoftwareStatementId:
type: string
description: The organization id for the TPP
type: string tppName:
type: string
accessTokenHashdescription: The name of the TPP
directoryRecord:
type: string
description: The latest copy of the TPP directory record if the TPP has registered with a directory
currentDateTime: additionalProperties: false
psuIdentifiers:
type: object
typedescription: string|
The PSU that is associated with this consent.
The `PSUIdentifiers` object may have pattern: ($date-time)
artitrary custom fields that an financial institution may use to
identify the PSU.
requestBody: However, all `PSUIdentifiers` must have a mandatory `userId` field that provides a unique
user id for $ref: "#/components/schemas/AEPaymentAndFilePaymentRequest"the PSU.
The consent is initially created without a PSU identified.
signedRequestBody: The value must be specified once the consent is authorised.
properties:
type: string userId:
type: string
required:
requestHeaders: - userId
additionalProperties: true
newConsent:
type: object
properties:
id:
descriptiontype: |string
description: |
A unique identifier for Thethe entireconsent setin of Http request headers that was received by Ozone from the TPPuuid-v4 format.
consentGroupId:
type: string
description: |
additionalProperties: true A unique identifier for the consent group in uuid-v4 format.
meta: The consent group id is used to group together consents $ref: "#/components/schemas/meta"
that are related to each other.
'400': requestUrl:
description: | type: string
Indicates a failure toformat: retrieveurl
the payments contentdescription: |
application/json: The request url of Http request that was received by Ozone from the TPP
schema:
consentType:
$ref: "#/components/schemas/errorResponse"
/payment-log/{id}:
type: string
patch: tagsdescription: |
- payments The type of summary: Patches one or more fields in a payment-log based on id the consent that is being created.
description: | Each financial institution's Thisinstance operationmay allowssupport ana different modifyset fieldsof withinconsent atypes
payment's `paymentResponse`. This is usedThe byConsent theManager financialsupports institutionsthe tocreation updateof theconsents status of adifferent paymentconsent types depending on the standards supported.
operationId: patchPymentlog parameters: - cbuae-account-access-consents
- $ref: "#/components/parameters/id" requestBody:
- cbuae-service-initiation-consents
required: true - cbuae-insurance-consents
content: status:
application/json: $ref: "#/components/schemas/AEConsentStatus"
schema: request:
$ref: "#/components/schemas/CbuaePatchPaymentRecordBodyAuthorizationDetails"
responsesrequestHeaders:
'204' type: object
description: |
The entire set of IndicatesHttp arequest successfulheaders operation.that was received by Ozone from the TPP
The response does not have aadditionalProperties: body.true
'400'consentBody:
description: |$ref: "#/components/schemas/cbuaeConsentBody"
interactionId:
Indicates a failure to retrieve thetype: paymentsstring
contentdescription: |
application/json: The heimdall interaction id that this consent is associated with.
schema: tpp:
$ref: "#/components/schemas/errorResponsetpp"
components: schemas: errorResponseozoneSupplementaryInformation:
type: object type: object
properties: errorCodeadditionalProperties: true
typeupdatedAt: string
descriptiontype: Errornumber
code
identifying the problem occured required:
errorMessage: - id
type: string- consentType
- description:request
Message describing what problem has occured - requestHeaders
meta: type:- objecttpp
additionalProperties: falsetrue
apiLogInteractionIdcbuaeConsentBody:
type: object
propertiesdescription: |
An ozoneInteractionId:object representing the current state of the consent.
type: string This includes the entire request, augmented by clientInteractionId:additional computed properties
type: string
(e.g. ids, charges etc)
additionalPropertiesoneOf:
false - required:$ref: "#/components/schemas/AEAccountAccessConsentBody"
- ozoneInteractionId$ref: "#/components/schemas/AEInsuranceConsentBody"
- tpp$ref: "#/components/schemas/AEPaymentConsentResponse"
typepatchedConsent:
object type: object
description: | properties:
The TPP record as heldpsuIdentifiers:
by Ozone. If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format.$ref: "#/components/schemas/psuIdentifiers"
accountIds:
type: array
requireditems:
- clientId type: string
- orgId minItems: 1
- softwareStatementId description: |-
- tppName properties: An array of account ids associated with clientId:the consent. The array must be populated once consent has been type:authorised.
string description: TheFor clientIdpayment forconsents, the TPParray asmust issuedalways byhave Ozoneone element - the debtor account from which the payment orgId:will be made
type: string For CBPII consents, the array must always have one description:element The- organizationthe idaccount for thewhich TPPCoF requests will be answered
softwareStatementId: For AIS requests, the type:array stringmay contain multiple values, representing each of the payment accounts for description:which Thean organizationAIS idservice forwill thebe TPPprovided.
tppNamesupplementaryInformation:
typedescription:
string Contains additional information description:at Thethe namediscretion of the TPPfinancial institution.
directoryRecordtype: object
typeadditionalProperties: stringtrue
interactionId:
description: The latest copy of the TPP directorytype: recordstring
if the TPP has registered with a directory description: The heimdall interaction id additionalProperties:that falsethis consent is associated with. This psuIdentifiers:is updated by heimdall and must not type:be objectset by financial institutions.
description: | paymentContext:
The PSU that is associated with this consent.type: object
The `PSUIdentifiers` objectadditionalProperties: maytrue
have
artitrary custom fields that an financial institution may useConnectToken:
to identify thetype: PSU.string
However, alldescription: `PSUIdentifiers`A mustbearer havetoken athat mandatorywill `userId`be fieldsent thatas providesthe a`Authorization` uniqueheader for calls to Ozone Connect made under this userconsent.
id for the PSU. additionalProperties: true
ThecbuaePatchBody:
consent is initially created without a PSUdescription: identified.|
Describes Thethe valuefields mustto be specifiedpatched onceand thetheir consentcorresponding isvalues.
authorised.
propertiestype: object
userIdrequired:
- type:authorizationChannel
string requiredadditionalProperties: false
properties:
- userId additionalPropertiespsuIdentifiers:
true newConsent: $ref: "#/components/schemas/psuIdentifiers"
type: object propertiesaccountIds:
id type: array
typeitems:
string descriptiontype: string
| minItems: 1
A unique identifier for the consent in uuid-v4 format.
description: |-
consentGroupId: An array of account ids associated with type:the stringconsent. The array must be populated once consent has been authorised.
description: | For service Ainitiation, uniquethe identifierarray formust thealways consenthave groupone inelement uuid-v4 format.the debtor account from which the payment will be made
The consent group id is used to group together consentsFor thatdata aresharing relatedrequests, tothe eacharray other.may contain multiple values, representing each of the payment accounts requestUrl:for which an AIS service will be provided.
type: string As a format:convenience, urlwhen updating the status, the LFI may patch `status` or description: |
`consentBody.Data.Status` - the CM will ensure that these are synced.
The request url of Http request that wasNot receivedall bystate Ozonetransitions fromare thepossible TPPfor consent statuses - the standard provides a list of consentType:valid transitions.
typesupplementaryInformation: string
description:
| Contains Theadditional typeinformation ofat the consentdiscretion thatof isthe beingfinancial createdinstitution.
Each financial institution's instance may support a different set of consent typestype: object
additionalProperties: true
The Consent Manager supports thestatus:
creation of consents of different consent types depending on the standards supported.$ref: "#/components/schemas/cbuaePatchableConsentStatus"
consentBody.Data.Status:
- cbuae-account-access-consents $ref: "#/components/schemas/cbuaePatchableConsentStatus"
- cbuae-service-initiation-consents consentBody.Data.ExchangeRate:
- cbuae-insurance-consents
$ref: "#/components/schemas/AEExchangeRateInformation"
statusconsentBody.Data.Charges:
$ref: "#/components/schemas/AEConsentStatusAECharges"
requestconsentBody.Data.RevokedBy:
$ref: "#/components/schemas/AuthorizationDetailsAERevokedBy"
requestHeadersconsentBody.Meta.MultipleAuthorizers:
type$ref: object"#/components/schemas/AEMetaMultiAuthorization"
descriptionauthorizationChannel:
| type: string
The entire set of Http request headers that was receivedenum:
by Ozone from the TPP - App
additionalProperties: true consentBody:- Web
$refConnectToken:
"#/components/schemas/cbuaeConsentBody" interactionIdtype: string
typedescription: string
description: |A bearer token that will be sent as the `Authorization` header for certain calls to bank connect.
cbuaePatchableConsentStatus:
Thedescription: heimdall|
interaction id that this consent is associated with. Specifies the statuses that a consent can be patched tpp:to by an LFI.
$reftype: "#/components/schemas/tppstring"
ozoneSupplementaryInformationenum:
- "Authorized"
type: object - "Rejected"
additionalProperties: true - "Revoked"
updatedAt: - "Expired"
type: number - "Consumed"
required: - "Suspended"
- id CbuaePatchPaymentRecordBody:
-type: consentTypeobject
description: |
- request Describes the -fields requestHeadersto be patched and their corresponding values.
- tpp required:
additionalProperties: true - cbuaeConsentBody:paymentResponse.status
typeadditionalProperties: objectfalse
descriptionproperties:
| paymentResponse.status:
An object representing the current state of the consent. type: string
This includes the entire request, augmenteddescription: by|
additional computed properties (e.g. ids, charges etc)
The current status of the payment
oneOf: enum:
- $ref: "#/components/schemas/AEAccountAccessAndInsuranceConsentBody" - $ref: "#/components/schemas/AEPaymentConsentResponsePending"
patchedConsent: type: object- "AcceptedSettlementCompleted"
properties: - "AcceptedCreditSettlementCompleted"
psuIdentifiers: $ref:- "#/components/schemas/psuIdentifiersAcceptedWithoutPosting"
accountIds: - "Rejected"
type: array items:- "Received"
AEInsuranceConsentBody:
type: object
string required:
minItems: 1 - Data
descriptionproperties:
|- Data:
An array of account ids associated withtype: theobject
consent. The array must be populated once consent has been authorised.required:
For- payment"ConsentId"
consents, the array must always have one element - the debtor account from- which"BaseConsentId"
the payment will be made - "Status"
For CBPII consents, the array must always haveproperties:
one element - the account for which CoF requests will be answered ConsentId:
For AIS requests, the array may contain multiple values, representing each of the payment accounts for which an AIS service will be provided.$ref: '#/components/schemas/AEConsentId'
Permissions:
supplementaryInformation$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
descriptionallOf:
Contains- additional information at the discretion of the financial institution.$ref: '#/components/schemas/AEInsuranceAuthorizationDetailProperties'
typeadditionalProperties: objectfalse
additionalPropertiesMeta: true
interactionIdtype: object
typeproperties:
string MultipleAuthorizers:
description: The heimdall interaction id that this consent is associated with. This is updated by heimdall and must not be set by financial institutions.$ref: '#/components/schemas/AEMetaMultiAuthorization'
Subscription:
type: paymentContext:object
typeproperties:
object additionalPropertiesWebhook:
true ConnectToken$ref: '#/components/schemas/Webhook'
AEAccountAccessConsentBody:
type: stringobject
required:
description: A bearer token that will- beData
sent as the `Authorization` header for callsproperties:
to Ozone Connect made under this consent. Data:
additionalProperties: true cbuaePatchBodytype: object
description: | required:
Describes the fields to be patched and their- corresponding"ConsentId"
values. type: object - "BaseConsentId"
additionalProperties: false properties: - "Status"
psuIdentifiers: properties:
$ref: "#/components/schemas/psuIdentifiers" ConsentId:
accountIds: type$ref: array'#/components/schemas/AEConsentId'
itemsPermissions:
type$ref: string'#/components/schemas/AEAccountAccesssConsentPermissionCodes'
minItemsallOf:
1 description: |- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties'
An arrayadditionalProperties: offalse
account ids associated with the consent. The array mustMeta:
be populated once consent has been authorised. type: object
For service initiation, the array must always have one element - the debtor account from which the payment will be made properties:
MultipleAuthorizers:
$ref: '#/components/schemas/AEMetaMultiAuthorization'
For data sharing requests,Subscription:
the array may contain multiple values, representing each of the paymenttype: accountsobject
for which an AIS service will be provided. properties:
As aWebhook:
convenience, when updating the status, the LFI may patch `status` or `consentBody.Data.Status` - the CM will ensure that these are synced. $ref: '#/components/schemas/Webhook'
AEAccountAccessAuthorizationDetailProperties:
type: object
Notrequired:
all state transitions are possible for consent statuses - thePurpose
standard provides a list of valid transitions.properties:
supplementaryInformationBaseConsentId:
description$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
Contains additional information at the discretion of the financialtype: institution.string
typeformat: objectdate-time
additionalPropertiesdescription: >-
true status: Specified date and time the permissions will expire.
$ref: "#/components/schemas/cbuaePatchableConsentStatus" consentBody.Data.Status:
$ref: "#/components/schemas/cbuaePatchableConsentStatus"If this is not populated, the permissions will be open ended.All
consentBody.Data.ExchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"dates in the JSON payloads are represented in ISO 8601 date-time
consentBody.Dataformat.Charges:
$ref: "#/components/schemas/AECharges" All date-time fields in responses must consentBody.Data.RevokedBy:
include the timezone. An
$ref: "#/components/schemas/AERevokedBy" example is below:
consentBody.Meta.MultipleAuthorizers: 2017-04-05T10:43:07+00:00
$ref: "#/components/schemas/AEMetaMultiAuthorization" cbuaePatchableConsentStatusTransactionFromDateTime:
description type: |string
Specifies the statuses that a consent can be patched to by an LFI.
format: date-time
description: |2-
type: "string" enum: Specified start date and time for -the "Authorized"transaction query period.
- "Rejected" - "Revoked"If this is not populated, the start date will -be "Expired"open ended, and
- "Consumed" -data "Suspended"will be returned from the earliest CbuaePatchPaymentRecordBody:available
type: object description: | transaction.All dates in the JSON payloads are represented Describesin
the fields to be patched and their corresponding values. required:ISO 8601 date-time format.
- paymentResponse.status additionalProperties: false All date-time fields in properties:responses must include the timezone. An
paymentResponse.status: type: string example is below:
description: | 2017-04-05T10:43:07+00:00
The current status of the paymentTransactionToDateTime:
enumtype: string
format: date-time
"Pending" description: |2-
- "AcceptedSettlementCompleted" - "AcceptedCreditSettlementCompleted"Specified end date and time for the transaction query period.
- "AcceptedWithoutPosting" -If "Rejected"this is not populated, the end date will be open ended, and
- "Received" AEAccountAccessAndInsuranceConsentBody: type: objectdata will be returned to the latest required:available transaction.All
- Data properties: dates in the JSON payloads are represented in Data:ISO 8601 date-time
type: object format.
required: - "ConsentId"
All date-time fields in responses must include the timezone. An
- "BaseConsentId" example - "Status"is below:
properties: 2017-04-05T10:43:07+00:00
ConsentId: AccountType:
$reftype: '#/components/schemas/AEConsentId'array
Permissionsitems:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodesAEAccountTypeCode'
allOfAccountSubType:
type: array
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties' items:
additionalProperties: false Meta$ref: '#/components/schemas/AEAccountSubTypeCode'
typeOnBehalfOf:
object properties$ref: '#/components/schemas/AEOnBehalfOf'
MultipleAuthorizersStatus:
$ref: '#/components/schemas/AEMetaMultiAuthorizationAEAccountAccessConsentStatus'
SubscriptionPurpose:
type: objectarray
propertiesitems:
Webhook: $ref: '#/components/schemas/AEAccountAccessConsentPurpose'
RevokedBy:
$ref: '#/components/schemas/WebhookAERevokedBy'
AEAccountAccessAuthorizationDetailProperties additionalProperties: false
AEInsuranceAuthorizationDetailProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Status:
$ref: '#/components/schemas/AEAccountAccessConsentStatus'
Purpose:
type: array
items:
$ref: '#/components/schemas/AEInsuranceConsentPurpose'
RevokedBy:
$ref: '#/components/schemas/AEAccountAccessConsentStatusAERevokedBy'
additionalProperties: false
Purpose AEInsuranceConsentPurpose:
type: string
type: array enum:
- InsurancePolicyAggregation
items: - PersonalFinanceManager
$ref: '#/components/schemas/AEAccountAccessConsentPurpose'
- CreditAssessment
RevokedBy: - MotorInsuranceQuote
- EnterpriseFinancialManagement
$ref: '#/components/schemas/AERevokedBy' - additionalProperties:Other
false
AEAccountAccessConsentStatus:
description: >-
Consent Status is set
to either Authorized ,Revoked ,Rejected or AwaitingAuthorization
type: string
enum:
- Authorized
- AwaitingAuthorization
- Rejected
- Revoked
- Expired
- Suspended
AEAccountAccessConsentPurpose:
type: string
enum:
- Account Aggregation
- Personal Finance Manager
- Credit Assessment
- Tax Filing
- Enterprise Financial Management
- Other
AEAccountAccesssConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadTransactionsBasic
- ReadTransactionsDetail
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadProduct
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadDirectDebits
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadConsents
- ReadPartyPSU
- ReadPartyPSUIdentity
- ReadParty
description: >-
Specifies the permitted account access policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
AEAccountSubTypeCode:
type: string
enum:
- CurrentAccount
- Savings
- CreditCard
- PrePaidCard
- EMoney
- ChargeCard
- Other
description: Specifies the sub type of account (product family group)
AEAccountTypeCode:
type: string
enum:
- Retail
- Corporate
description: Specifies the type of account (Retail or Corporate).
AEBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
AEConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
AEOnBehalfOf:
type: object
properties:
TradingName:
type: string
description: Trading Name
LegalName:
type: string
description: Legal Name
IdentifierType:
allOf:
- $ref: '#/components/schemas/AEOnBehalfOfIdentifierType'
description: Identifier Type
Identifier:
type: string
description: Identifier
additionalProperties: false
AEOnBehalfOfIdentifierType:
type: string
enum:
- Other
Webhook:
type: object
description: |
A Webhook Subscription Schema
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: string
example: https://api.tpp.com/webhook/callbackUrl
IsActive:
description: >
The TPP specifying whether the LFI should send (IsActive true)
or not send (IsActive false) Webhook Notifications to the TPP's
Webhook URL
type: boolean
example: false
additionalProperties: false
AERevokedBy:
description: |
Denotes the Identifier of the revocation.
| Identifier| Description|
|-----------|------------|
| LFI | Revoked by LFI without User initiation|
| TPP | Revoked by TPP without User initiation|
| LFI.InitiatedByUser | Initiated by User via the LFI|
| TPP.InitiatedByUser | Initiated by User via the TPP|
type: string
enum:
- LFI
- TPP
- LFI.InitiatedByUser
- TPP.InitiatedByUser
AEMetaMultiAuthorization:
type: "object"
description: |
Meta Data with Multi-Authorization relevant to the payload.
For a payment, it represents any Authorizers within the financial institution domain that are involved in approving the payment request.
properties:
TotalRequired:
description: |
The total number of Authorizers required to process the request
type: "number"
Authorizations:
type: "array"
items:
description: |
Authorizer
type: "object"
properties:
AuthorizerId:
description: |
The Authorizer's Identifier
type: "string"
AuthorizerType:
description: |
The Type of Authorizer. For example, Financial, Management, etc.
type: "string"
AuthorizationDate:
description: |
The DateTime of when the Authorization occurred. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00
type: "string"
format: "date-time"
AuthorizationStatus:
description: |
The Status reflecting the Authorizer's final decision regarding the request
type: "string"
enum:
- "Pending"
- "Approved"
- "Rejected"
additionalProperties: false
additionalProperties: false
additionalProperties: false
AEReference:
description: |
A reason or reference in relation to a payment.
Reason or reference for the beneficiary regarding the Payment
type: "string"
minLength: 1
maxLength: 120
AEPaymentConsentResponse:
description: |
Payment Consent Response Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "BaseConsentId"
- "Status"
# - "StatusUpdateDateTime"
# - "CreationDateTime"
# - "ControlParameters"
# - "PaymentPurposeCode"
# - "PaymentConsumption"
# - "AcceptedAuthorizationType"
# - "ExpirationDateTime"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
BaseConsentId:
$ref: "#/components/schemas/AEBaseConsentId"
AcceptedAuthorizationType:
$ref: "#/components/schemas/AEAcceptedAuthorizationType"
AuthorizationExpirationDateTime:
$ref: "#/components/schemas/AEAuthorizationExpirationDateTime"
Permissions:
$ref: "#/components/schemas/AEConsentPermissions"
ReadRefundAccount:
$ref: "#/components/schemas/AEReadRefundAccount"
ExpirationDateTime:
$ref: "#/components/schemas/AEConsentExpirationDateTime"
Status:
$ref: "#/components/schemas/AEConsentStatus"
RevokedBy:
$ref: "#/components/schemas/AERevokedBy"
CreationDateTime:
$ref: "#/components/schemas/AECreationDateTime"
StatusUpdateDateTime:
$ref: "#/components/schemas/AEStatusUpdateDateTime"
Charges:
$ref: "#/components/schemas/AECharges"
ExchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
ControlParameters:
description: |
Control Parameters set the overall rules for the Payment Schedule
type: "object"
additionalProperties: false
properties:
IsPayByAccount:
$ref: "#/components/schemas/AEIsPayByAccount"
ConsentSchedule:
type: "object"
description: |
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
properties:
SinglePayment:
description: |
A Consent definition for defining Single Payments
oneOf:
- $ref: "#/components/schemas/AESingleInstantPayment"
- $ref: "#/components/schemas/AESingleFutureDatedPayment"
discriminator:
propertyName: Type
MultiPayment:
$ref: "#/components/schemas/AELongLivedPaymentConsent"
FilePayment:
$ref: "#/components/schemas/AEFilePaymentConsent"
additionalProperties: false
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
CreditorReference:
$ref: "#/components/schemas/AEReference"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
SponsoredTPPInformation:
$ref: "#/components/schemas/AESponsoredTPPInformation"
PaymentConsumption:
$ref: "#/components/schemas/AEPaymentConsumption"
IsSingleAuthorization:
description: |
Specifies to the LFI that the consent authorization must be completed in a single authorization Step
with the LFI
type: "boolean"
Subscription:
$ref: "#/components/schemas/AEEventNotification"
Meta:
$ref: "#/components/schemas/AEMetaMultiAuthorization"
AEEventNotification:
type: "object"
description: |
A Webhook Subscription Schema
required:
- "Webhook"
properties:
Webhook:
description: |
A Webhook Schema
type: "object"
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: "string"
example: "https://api.tpp.com/webhook/callbackUrl"
IsActive:
description: |
The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL
type: "boolean"
example: false
additionalProperties: false
additionalProperties: false
AEAcceptedAuthorizationType:
description: |
Specifies to the LFI the type of consent authorization accepted by the TPP when staging the consent
* Single - The consent should incur a single authorization Step with the LFI
* Multi - The consent should incur a multi-authorization Step with the LFI
type: "string"
enum:
- "Single"
- "Multi"
AEAuthorizationExpirationDateTime:
description: |
A time window by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
type: "string"
pattern: "^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$"
example: "720:00:00"
AEConsentPermissions:
type: "array"
description: |
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
items:
type: "string"
enum:
- "ReadAccountsBasic" # Ability to read basic account information
- "ReadAccountsDetail" # Ability to read account identification details
- "ReadBalances" # Ability to read all balance information
minItems: 1
AEReadRefundAccount:
description: "Allows the LFI to share the refund account details with TPP"
type: boolean
AEFileNumberOfTransactions:
type: "integer"
description: |
Number of individual transactions contained in the payment information group.
AEControlSum:
description: |
Total of all individual amounts included in the group, irrespective of currencies.
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEFileType:
type: "string"
description: "Specifies the payment file type"
minLength: 1
maxLength: 40
AEFileHash:
type: "string"
description: "A base64 encoding of a SHA256 hash of the file to be uploaded."
minLength: 1
maxLength: 44
AEConsentExpirationDateTime:
description: |
Specified date and time the consent will expire.
If this is not populated, the consent will remain active as a long lived consent until the maximum consent validity period as per section 4.1.1 Consent Elements in the API User Guide.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
* For Payment Consents, the maximum expiration time limit should be 23:59:59 (1 second before 00:00:00)
type: "string"
format: "date-time"
AEConsentStatus:
description: |
Specifies the status of a payment consent.
| Consent Status| State Type| Description|
|---------------|-----------|------|
| AwaitingAuthorization | Pending | The consent is awaiting authorization.|
| Authorized | In Use | The consent has been successfully authorized.|
| Rejected | Terminal | The unauthorized consent has been rejected at the LFI.|
| Revoked | Terminal | The consent has been revoked at the TPP or LFI.|
| Expired | Terminal | The consent is now expired.|
| Consumed | Terminal | The consented action(s) have either been completed successfully.|
| Suspended | In Use | The consent has been suspended, pending further enquiries.|
type: "string"
enum:
- "AwaitingAuthorization"
- "Authorized"
- "Rejected"
- "Revoked"
- "Expired"
- "Consumed"
- "Suspended"
AECreationDateTime:
description: "Date and time at which the message was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AEStatusUpdateDateTime:
description: "Date and time at which the resource status was updated.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECharges:
type: "array"
items:
type: "object"
additionalProperties: false
description: |
Set of elements used to provide details of a charge for the payment initiation.
* For Payments, these Charges are on the Debtor.
required:
- "ChargeBearer"
- "Type"
- "Amount"
properties:
ChargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
Type:
$ref: "#/components/schemas/AEExternalPaymentChargeTypeCode"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AEExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "UnitCurrency"
- "ExchangeRate"
- "RateType"
description: "Further detailed information on the exchange rate that has been used in the payment transaction."
properties:
UnitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
ExchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
RateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
ContractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
ExpirationDateTime:
description: "Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECurrencyRequest:
description: |
The details of the non-local currency or FX request that has been agreed between the User and the TPP.
The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object.
type: "object"
additionalProperties: false
required:
- "CurrencyOfTransfer"
properties:
InstructionPriority:
description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction."
type: "string"
enum:
- "Normal"
- "Urgent"
ExtendedPurpose:
description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes."
type: "string"
minLength: 1
maxLength: 140
ChargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
CurrencyOfTransfer:
description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account."
type: "string"
pattern: "^[A-Z]{3,3}$"
DestinationCountryCode:
description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)."
type: "string"
pattern: "[A-Z]{2,2}"
ExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "UnitCurrency"
- "RateType"
description: "Provides details on the currency exchange rate and contract."
properties:
UnitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
ExchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
RateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
ContractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
AEIsPayByAccount:
type: boolean
description: |
A flag to denote if the Payment is an E-Commerce transaction
default: false
AESingleInstantPayment:
type: "object"
description: |
A single immediate payment consent that MUST be be used for a single payment which will be initiated immediately after User authorization at the LFI.
required:
- "Type"
- "Amount"
properties:
Type:
type: "string"
description: "The Payment Type"
enum:
- SingleInstantPayment
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
ExpectedInitiationTimeWindow:
$ref: "#/components/schemas/AEExpectedInitiationTimeWindow"
additionalProperties: false
AESingleFutureDatedPayment:
type: "object"
description: |
A long-lived consent that MUST be used for a single payment which will be authorized by the User during the payment journey, but the payment will be initiated by the TPP in the future.
required:
- "Type"
- "Amount"
- "RequestedExecutionDate"
properties:
Type:
type: "string"
description: "The Payment Type"
enum:
- SingleFutureDatedPayment
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AEFixedPeriodicSchedule:
description: |
Payment Controls that apply to all payment instructions in a given period under this payment consent.
type: "object"
additionalProperties: false
required:
- "PeriodType"
- "PeriodStartDate"
- "Amount"
- "Type"
properties:
Type:
type: "string"
description: "The Periodic Schedule Type"
enum:
- FixedPeriodicSchedule
PeriodType:
$ref: "#/components/schemas/AEPeriodType"
PeriodStartDate:
$ref: "#/components/schemas/AEPeriodStartDate"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AELongLivedPaymentConsent:
type: "object"
description: |
A long-lived payment consent.
A Consent definition for defining Multi Payments
properties:
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
MaximumIndividualPaymentAmount:
$ref: "#/components/schemas/AEMaximumIndividualPaymentAmount"
MaximumCumulativeValueOfPayments:
$ref: "#/components/schemas/AEMaximumCumulativeValueOfPayments"
MaximumCumulativeNumberOfPayments:
$ref: "#/components/schemas/AEMaximumCumulativeNumberOfPayments"
PeriodicSchedule:
description: |
The definition for a schedule
oneOf:
- $ref: "#/components/schemas/AEDefinedSchedule"
- $ref: "#/components/schemas/AEFixedPeriodicSchedule"
- $ref: "#/components/schemas/AEVariablePeriodicSchedule"
discriminator:
propertyName: Type
additionalProperties: false
AEStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Payer reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC and PostCode for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
A PostCode is specified according to the standard format for ISO 20022, and can therefore be either a maximum of 16 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference, followed by the PostCode.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1},PostCode=[A-Z0-9]{1,16}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}($|,.+$)"
AEPaymentPurposeCode:
description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list.
type: "string"
minLength: 1
maxLength: 4
pattern: "^[A-Z]{3}$"
AESponsoredTPPInformation:
type: "object"
description: |
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
properties:
Name:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Name
Identification:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Identification
additionalProperties: false
AEFilePaymentConsent:
type: "object"
description: |
A file based payment consent.
A Consent definition for defining Multi Payments
required:
- "FileType"
- "FileHash"
- "NumberOfTransactions"
- "ControlSum"
properties:
FileType:
$ref: "#/components/schemas/AEFileType"
FileHash:
$ref: "#/components/schemas/AEFileHash"
FileReference:
$ref: "#/components/schemas/AEReference"
NumberOfTransactions:
$ref: "#/components/schemas/AEFileNumberOfTransactions"
ControlSum:
$ref: "#/components/schemas/AEControlSum"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AEPaymentConsumption:
type: "object"
description: |
Data to track the consumption of Payments in relation to an authorized Consent Schedule
required:
- "CumulativeNumberOfPayments"
- "CumulativeValueOfPayments"
- "CumulativeValueOfPaymentsPerCurrentPeriod"
properties:
CumulativeNumberOfPayments:
type: "number"
description: |
The cumulative number of payment instructions successfully accepted under the current consent schedule (Settlement on the Creditor's account has been completed)
minLength: 1
example: 4
CumulativeValueOfPayments:
description: |
The cumulative value of payment instructions successfully accepted under the current consent schedule (Settlement on the Creditor's account has been completed)
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
CumulativeNumberOfPaymentsPerCurrentPeriod:
type: "number"
description: |
The cumulative number of payment instructions in the current period that are successfully accepted (Settlement on the Creditor's account has been completed)
minLength: 1
example: 1
CumulativeValueOfPaymentsPerCurrentPeriod:
description: |
The cumulative value of payment instructions in the current period that are successfully accepted (Settlement on the Creditor's account has been completed)
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
additionalProperties: false
AEActiveOrHistoricAmount:
description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEActiveOrHistoricCurrencyCode:
description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."
type: "string"
pattern: "^[A-Z]{3,3}$"
example: "AED"
AERequestedExecutionDate:
description: |
The date when the TPP expects the LFI to execute the payment.
The date must be in the future and cannot be on the same day or a day in the past.
The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP.
All dates in the JSON payloads are represented in ISO 8601 date format.
type: "string"
format: "date"
AEExternalPaymentChargeTypeCode:
description: "Charge type, in a coded form."
type: "string"
enum:
- "VAT"
- "Fees"
AEChargeBearerType1Code:
description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction."
type: "string"
enum:
- "BorneByCreditor"
- "BorneByDebtor"
- "FollowingServiceLevel"
- "Shared"
AEActiveCurrencyAmount:
description: |
The Currency and Amount relating to the Payment, Refund or Request to Pay
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEDefinedSchedule:
type: "object"
description: |
Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates.
additionalProperties: false
required:
- "Schedule"
- "Type"
properties:
Type:
type: "string"
description: "The Periodic Schedule Type"
enum:
- DefinedSchedule
Schedule:
type: "array"
minItems: 1
uniqueItems: false
items:
type: "object"
additionalProperties: false
required:
- "PaymentExecutionDate"
- "Amount"
properties:
PaymentExecutionDate:
$ref: "#/components/schemas/AEPaymentExecutionDate"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AEPaymentExecutionDate:
description: |
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
type: "string"
format: "date"
AEMaximumIndividualPaymentAmount:
description: |
This is the Maximum amount a variable payment related to the Consent can take.
All payment amounts must be smaller or equal to this value.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEPeriodType:
type: "string"
description: |
A Period may begin from the Consent CreationDateTime if a PeriodStartDate is not provided.
|Period Type|Description|
|-----------|-----------|
|Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. |
|Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. |
|Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.|
|Year|A continuous period of time, consisting of 12 months.|
enum:
- Day
- Week
- Month
- Year
AEPeriodStartDate:
type: "string"
description: |
* Payments: Specifies the start date of when a payment schedule begins.
Where this is an optional field, if a value is not provided, then it must default to the Consent CreationDateTime, starting from midnight 00:00:00.
format: "date"
AEVariablePeriodicSchedule:
description: |
Payment Controls that apply to all payment instructions in a given period under this payment consent.
type: "object"
additionalProperties: false the Consent CreationDateTime, starting from midnight 00:00:00.
requiredformat: "date"
AEVariablePeriodicSchedule:
- "PeriodType" description: |
- "Type" Payment Controls that apply properties:to all payment instructions in a given period under Type:this payment consent.
type: "stringobject"
descriptionadditionalProperties: "Thefalse
Periodic Schedule Type" required:
enum: - "PeriodType"
properties:
- VariablePeriodicSchedule PeriodType:
$ref: "#/components/schemas/AEPeriodType"
PeriodStartDate:
$ref: "#/components/schemas/AEPeriodStartDate"
MaximumCumulativeValueOfPaymentsPerPeriodType:
$ref: "#/components/schemas/AEPeriodTypeMaximumCumulativeValueOfPayments"
MaximumCumulativeNumberOfPaymentsPerPeriodType:
$ref: "#/components/schemas/AEPeriodTypeMaximumCumulativeNumberOfPayments"
AEPeriodTypeMaximumCumulativeValueOfPayments:
description: |
The maximum cumulative payment value of all payment initiations per Period Type.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEPeriodTypeMaximumCumulativeNumberOfPayments:
type: "integer"
description: |
The maximum frequency of payment initiations per Period Type.
AEMaximumCumulativeNumberOfPayments:
type: "integer"
description: |
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
AEMaximumCumulativeValueOfPayments:
description: |
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEExpectedInitiationTimeWindow:
description: |
A time window set by the TPP in which a Payment must be initated by the LFI.
The time window is based on a custom time format hhh:mm:ss. e.g. 000:00:15 represents a time window of 15 seconds to initiate the Payment.
type: "string"
pattern: "^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$"
example: "000:00:15"
AEPaymentAndFilePaymentRequest:
description: The payment request body as received from the TPP
oneOf:
- $ref: "#/components/schemas/AEPaymentRequest"
- $ref: "#/components/schemas/AEFilePaymentRequest"
AEPaymentRequest:
description: |
Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "Instruction"
- "PersonalIdentifiableInformation"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEPaymentInstruction"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
PersonalIdentifiableInformation:
$ref: "#/components/schemas/AEJWEPaymentPII"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
CreditorReference:
$ref: "#/components/schemas/AEStructuredCreditorReference"
AEFilePaymentRequest:
description: |
File Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEFilePaymentConsent"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
AEStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEPaymentInstruction:
type: "object"
additionalProperties: false
required:
- "Amount"
- "PaymentSequenceNumber"
description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment."
properties:
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
PaymentSequenceNumber:
$ref: "#/components/schemas/AEPaymentSequenceNumber"
AEPaymentSequenceNumber:
type: "string"
description: |
This indicates the underlying sequence of the recurring payment that is being instructed.
For example:
* 1 can represent the first payment instruction
* 12 can represent the twelfth payment instruction
minLength: 1
maxLength: 10
pattern: "^[1-9]\\d*$"
consent:
description: |
A consent in its current state.
If the consent has been authorised, then it can be expected that the financial institution would have patched in `accountIds` and `psuIdentifier` fields.
Additionally, the financial institution may also patch in an arbitrary set of fields along with consent in the `supplementaryInformation` field. consent in the `supplementaryInformation` field.
allOf:
- $ref: "#/components/schemas/newConsent"
- $ref: "#/components/schemas/patchedConsent"
- properties:
authorizationChannel:
type: string
enum:
allOf:- App
- $ref: "#/components/schemas/newConsent" - $ref: "#/components/schemas/patchedConsent"Web
multiConsentResponse:
type: object
required:
- data
- meta
properties:
data:
type: array
items:
$ref: "#/components/schemas/consent"
meta:
$ref: "#/components/schemas/meta"
ConsentPostResponse:
type: object
required:
- data
- meta
properties:
data:
$ref: "#/components/schemas/newConsent"
meta:
$ref: "#/components/schemas/meta"
RevokeConsent:
type: object
required:
- revokedBy
properties:
revokedBy:
$ref: "#/components/schemas/AERevokedBy"
revokedByPsu:
type: object
properties:
userId:
type: string
AuthorizationDetails:
description: |
The request body for creating a new consent.
The body consists of the RAR request that is sent by the TPP to the authorization server.
oneOf:
- $ref: "#/components/schemas/DataSharingAuthorizationDetails"
- $ref: "#/components/schemas/InsuranceAuthorizationDetails"
- $ref: "#/components/schemas/ServiceInitiationAuthorizationDetails"
DataSharingAuthorizationDetails:
type: object
properties:
Type:
description: The Rich Authorization Request (RAR) type
type: string
enum:
- urn:openfinanceuae:account-access-consent:v1.0
Consent:
$ref: "#/components/schemas/AuthorizationDetailsDataSharingConsent"
Subscription:
$ref: '#/components/schemas/EventNotification'
InsuranceAuthorizationDetails:
type: object
properties:
Type:
description: The Rich Authorization Request (RAR) type
type: string
enum:
- urn:openfinanceuae:insurance-consent:v1.0
Consent:
$ref: "#/components/schemas/AuthorizationDetailsInsuranceConsent"
Subscription:
$ref: '#/components/schemas/EventNotification'
ServiceInitiationAuthorizationDetails:schemas/EventNotification'
ServiceInitiationAuthorizationDetails:
type: object
properties:
Type:
description: The Rich Authorization Request (RAR) type
type: objectstring
properties: enum:
Type: type: string- urn:openfinanceuae:service-initiation-consent:v1.0
Consent:
$ref: "#/components/schemas/AEServiceInitiationAuthorizationDetailProperties"
Subscription:
$ref: '#/components/schemas/EventNotification'
AEServiceInitiationAuthorizationDetailProperties:
type: object
required:
- ConsentId
- PersonalIdentifiableInformation
- ControlParameters
- PaymentPurposeCode
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
IsSingleAuthorization:
$ref: '#/components/schemas/IsSingleAuthorization'
AuthorizationExpirationDateTime:
type: string
format: date-time
description: |2-
A time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
ExpirationDateTime:
allOf:
- $ref: '#/components/schemas/ARConsentExpirationDateTime'
description: |2-
Specified date and time the consent will expire.
If this is not populated, the consent will remain active as a long lived consent until the maximum consent validity period as per section 4.1.1 Consent Elements in the API User Guide.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
* For Payment Consents, the maximum expiration time limit should be 23:59:59 (1 second before 00:00:00)
Permissions:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationConsentPermissionCodes'
description: |2-
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
ReadRefundAccount:
type: boolean
description: Allows the LFI to share the refund account details with TPP
CurrencyRequest:
$ref: '#/components/schemas/AECurrencyRequest'
PersonalIdentifiableInformation:
$ref: '#/components/schemas/AEJWEPaymentPII'
ControlParameters:
$ref: '#/components/schemas/AEServiceInitiationConsentControlParameters'
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
CreditorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredCreditorReference'
PaymentPurposeCode:
$ref: '#/components/schemas/AEServiceInitiationPaymentPurposeCode'
SponsoredTPPInformation:
$ref: '#/components/schemas/AEServiceInitiationSponsoredTPPInformation'
additionalProperties: false
ARConsentExpirationDateTime:
type: string
format: date-time
AEServiceInitiationSponsoredTPPInformation:
type: object
required:
- Name
- Identification
properties:
Name:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Name
Identification:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Identification
description: |2-
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
additionalProperties: false
AEServiceInitiationPaymentPurposeCode:
type: string
minLength: 1
maxLength: 4
pattern: ^[A-Z]{4}$
description: |2-
A Category code, related to the type of services or goods that corresponds to the underlying purpose of the Payment.
* The ISO20022 External code sets
AEServiceInitiationStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationConsentControlParameters:
type: object
properties:
IsPayByAccount:
type: boolean
description: A flag to denote if the Payment is an E-Commerce transaction
ConsentSchedule:
$ref: '#/components/schemas/AEServiceInitiationConsentSchedule'
description: Control Parameters set the overall rules for the Payment Schedule
additionalProperties: false
AEServiceInitiationConsentSchedule:
type: object
properties:
SinglePayment:
$ref: '#/components/schemas/AEServiceInitiationSinglePayment'
MultiPayment:
$ref: '#/components/schemas/AEServiceInitiationLongLivedPaymentConsent'
FilePayment:
$ref: '#/components/schemas/AEServiceInitiationFilePaymentConsent'
description: |2-
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
additionalProperties: false
AEServiceInitiationFilePaymentConsent:
type: object
required:
- FileType
- FileHash
- NumberOfTransactions
- ControlSum
properties:
FileType:
type: string
minLength: 1
maxLength: 40
description: Specifies the payment file type
FileHash:
type: string
minLength: 1
maxLength: 44
description: A base64 encoding of a SHA256 hash of the file to be uploaded.
FileReference:
$ref: '#/components/schemas/AEServiceInitiationReference'
NumberOfTransactions:
type: integer
description: >-
Number of individual transactions contained in the payment
information group.
ControlSum:
type: string
pattern: ^\d{1,16}\.\d{2}$
description: >-
Total of all individual amounts included in the group, irrespective
of currencies.
RequestedExecutionDateTimeRequestedExecutionDate:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: A Consent definition for defining Bulk/Batch Payments
additionalProperties: false
AEServiceInitiationReference:
type: string
minLength: 1
maxLength: 120
description: A reason or reference in relation to a payment.
AEServiceInitiationLongLivedPaymentConsent:
type: object
required:
- Amount
- MaximumIndividualPaymentAmount
- PeriodicSchedule
properties:
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
MaximumIndividualPaymentAmount:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
This is the Maximum amount a variable payment related to the Consent can take.
All payment amounts must be smaller or equal to this value.
MaximumCumulativeValueOfPayments:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
MaximumCumulativeNumberOfPayments:
type: integer
description: |2-
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
PeriodicSchedule:
$ref: >-
#/components/schemas/AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule
description: A Consent definition for defining Multi Payments
additionalProperties: false
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule:
typeoneOf:
object
required: - DefinedSchedule
- FixedPeriodicSchedule
- VariablePeriodicSchedule
properties:
DefinedSchedule:
$ref: '#/components/schemas/AEServiceInitiationDefinedSchedule'
FixedPeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationFixedPeriodicSchedule'
VariablePeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationVariablePeriodicSchedule'
Type:
type: string
description: >-
Discriminator property for
- $ref: '#/components/schemas/AEServiceInitiationFixedPeriodicSchedule'
- AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule.$ref: '#/components/schemas/AEServiceInitiationVariablePeriodicSchedule'
discriminator:
propertyName: Type
description: The definition for a schedule
additionalProperties: false
AEServiceInitiationVariablePeriodicSchedule:
type: object
required:
- Type
- PeriodType
- MaximumCumulativeValueOfPaymentsPerPeriodType - MaximumCumulativeNumberOfPaymentsPerPeriodType
properties:
Type:
type: string
enum:
- VariablePeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
MaximumCumulativeValueOfPaymentsPerPeriodType:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
The maximum cumulative payment value of all payment initiations per
Period Type.
MaximumCumulativeNumberOfPaymentsPerPeriodType:
type: integer
description: The maximum frequency of payment initiations per Period Type.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
AEServiceInitiationSchedule:
type: object
required:
- PaymentExecutionDate
- Amount
properties:
PaymentExecutionDate:
type: string
format: date
description: |2-
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
additionalProperties: false
AEServiceInitiationFixedPeriodicSchedule:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Amount
properties:
Type:
type: string
enum:
- FixedPeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
AEServiceInitiationDefinedSchedule:
type: object
required:
- Type
- Schedule
properties:
Type:
type: string
enum:
- DefinedSchedule
description: The Periodic Schedule Type
Schedule:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationSchedule'
minItems: 1
maxItems: 50
description: >-
Payment Schedule denoting a list of pre-defined future dated payments
all with fixed amounts and dates.
additionalProperties: false
AEServiceInitiationSinglePayment:
anyOf:
- $ref: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
- $ref: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
discriminator:
propertyName: Type
mapping:
SingleInstantPayment: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
SingleFutureDatedPayment: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
description: A Consent definition for defining Single Payments
AEServiceInitiationFutureDatedPayment:
type: object
required:
- Type
- Amount
- RequestedExecutionDate
properties:
Type:
type: string
enum:
- SingleFutureDatedPayment
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
RequestedExecutionDate:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: >-
A long-lived consent that MUST be used for a single payment which will
be authorized by the User during the payment journey, but the payment
will be initiated by the TPP in the future.
additionalProperties: false
AEServiceInitiationSingleInstantPayment:
type: object
required:
- Type
- Amount
properties:
Type:
type: string
enum:
- SingleInstantPayment
description: The Payment Type
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
ExpectedInitiationTimeWindow:
$ref: '#/components/schemas/AEExpectedInitiationTimeWindow'
description: >-
A single immediate payment consent that MUST be be used for a single
payment which will be initiated immediately after User authorization at
the LFI.
additionalProperties: false
AEAmountAndCurrency:
type: object
required:
- Currency
- Amount
properties:
Currency:
$ref: '#/components/schemas/CurrencyCode'
Amount:
$ref: '#/components/schemas/Amount'
description: >-
The Currency and Amount relating to the Payment, Refund or Request to
Pay
additionalProperties: false
Amount:
description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: number
CurrencyCode: string
pattern: ^\\d{1,16}\\.\\d{2}$
CurrencyCode:
description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."
type: string
pattern: ^[A-Z]{3}$
IsSingleAuthorization:
description: |
Specifies to the LFI that the consent authorization must be completed in a single authorization Step
with the LFI
type: "boolean"
AEServiceInitiationConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
AEJWEPaymentPII:
type: string
description: |2-
A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization
of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures.
The decrypted JWS content has the structure of the AEPaymentPII schema.
AuthorizationDetailsDataSharingConsent:
type: object
required:
- ConsentId
- Permissions
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
minItems: 1
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsProperties'
additionalProperties: false
AuthorizationDetailsInsuranceConsent:
type: object
required:
- ConsentId
- Permissions
properties:
BaseConsentId:
type: string
ExpirationDateTime:
type: string
format: date-time
OnBehalfOf:
$ref: '#/components/schemas/OnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/OBConsentPurpose'
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
$ref: '#/components/schemas/AEInsuranceConsentPermissions'
OBConsentPurpose:
type: string
enum:
- InsurancePolicyAggregation
- PersonalFinanceManager
- CreditAssessment
- MotorInsuranceQuote
- EnterpriseFinancialManagement
- Other
AEAccountAccessAuthorizationDetailsProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEExternalAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/AEAccountAccessConsentPurpose'
additionalProperties: false
AEExternalAccountTypeCode:
description: Specifies the type of account (Retail, SME or Corporate).
type: string
enum:
- Retail
- SME
- Corporate
OnBehalfOf:
type: object
description: On Behalf Of
properties:
TradingName:
type: string
description: Trading Name
example: Acme Accounting Trading Name
LegalName:
type: string
description: Legal Name
example: Acme Accounting Legal Name
IdentifierType:
type: string
description: Identifier Type
enum:
- Other
Identifier:
type: string
description: Identifier
example: abcd1234
additionalProperties: false
AEInsuranceConsentPermissions:
type: string
enum:
- ReadMotorInsurancePolicies
- ReadMotorInsuranceCustomerBasic
- ReadMotorInsuranceCustomerDetail
- ReadMotorInsuranceCustomerPaymentDetails
- ReadMotorInsuranceProduct
- ReadMotorInsuranceTransactions
EventNotification:
type: object
description: |
A Webhook Subscription Schema
required:
- Webhook
properties:
Webhook:
description: |
A Webhook Schema
type: object
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: string
example: https://api.tpp.com/webhook/callbackUrl
IsActive:
description: >
The TPP specifying whether the LFI should send (IsActive true)
or not send (IsActive false) Webhook Notifications to the TPP's
Webhook URL
type: boolean
example: false
additionalProperties: false
additionalProperties: false
parameters:
consentId:
name: consentId
in: path
schema:
type: string
required: true
description: |
Identifies the consent by an id
id:
name: id
in: path
schema:
type: string
required: true
description: |
Identifies the payment by an id
userId:
name: userId
in: path
schema:
type: string
required: true
description: |
Identifies the PSU associated with a consent.
This should match up with the `psuIdentifier.userId` field.
page:
name: page
in: query
schema:
type: string
format: int32
minimum: 1
required: false
description: |
The page number to retrieve in a paginated response
pageSize:
name: pageSize
in: query
schema:
type: string
format: int32
minimum: 1
required: false
description: |
The maximum rows to retrieve in a given page. Defaults to 25 if not specified.
consentType:
name: consentType
in: query
schema:
type: string
description: Consents of particular accountId
required: false
status:
name: status
in: query
schema:
type: string
description: Status of the consent
required: false
securitySchemes:
api_keyOzoneConnectJwtAuth:
type: apiKeydescription: |
Communications between the API Hub and the LFI Ozone Connect implementation are secured using the "JWT Auth" mechanism, where the Client presents a signed JSON Web Token as a credential.
name: api_key The Server MUST verify the in: headersignature in order to authenticate the Client.
Please note that the value of the `scheme` parameter is not a registered HTTP Authentication Scheme, to indicate it is specific to Ozone Connect. Please refer to API Hub documentation for further details.
descriptiontype: TLS-MA and Jws in authorization header http
scheme: Ozone-Connect-JWT-Auth
|
