--- swagger: "2.0" info: title: Consent API x-ibm-name: consents-api version: 1.0.0 contact: name: psd2@sb1telemark.no license: name: Copyright © 2018-2019 SPAREBANK 1 TELEMARK. All rights reserved. url: https://psd2.sb1telemark.no/terms description: | [**Read the developer documentation before using this API** ](https://psd2.sb1telemark.no/portal-sandbox/documentation/) basePath: / tags: - name: /v1/consents - name: /v1/bank-offered-consents schemes: - https paths: /v1/consents: post: tags: - /v1/consents summary: Returns a new _scaRedirect_ link which should be used by the PSU to update its consents. description: "Deprecated, will be removed, provides same functionality as /v1/bank-offered-consents. \n" operationId: updateConsents produces: - application/json;charset=utf-8 parameters: - $ref: '#/parameters/x-accept-fix' - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Session-ID' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-HTTP-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Geo-Location' responses: 201: description: Created schema: $ref: '#/definitions/ConsentResponse' 400: description: Bad Request schema: $ref: '#/definitions/Error' examples: FORMAT_ERROR: id: "5615873375" status: 400 system: ERA-PSD2 code: FORMAT_ERROR 404: description: Not Found schema: $ref: '#/definitions/Error' examples: RESOURCE_UNKNOWN: id: "5615873376" system: ERA-PSD2 status: 404 code: RESOURCE_UNKNOWN 500: description: Internal Server Error schema: $ref: '#/definitions/Error' examples: SYSTEM_ERROR: id: "5615873378" system: ERA-PSD2 status: 500 code: SYSTEM_ERROR /v1/bank-offered-consents: post: tags: - /v1/bank-offered-consents summary: Returns a new _scaRedirect_ link which should be used by the PSU to update its consents. description: | Use this endpoint to let the PSU revoke or add new consents. It is not strictly neccessary to use this endpoint the first time the PSU enters the application. See _XS2A Framework Implementation Guidelines, Section 6.4.1.1 and 6.4.1.2 (Consent Request without Indication of Accounts – Bank Offered Consent)_ for additional details. operationId: updateBankOfferedConsents produces: - application/json;charset=utf-8 parameters: - $ref: '#/parameters/x-accept-fix' - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Session-ID' - $ref: '#/parameters/TPP-Redirect-URI' - $ref: '#/parameters/TPP-Redirect-Preferred' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' - $ref: '#/parameters/PSU-ID' - $ref: '#/parameters/PSU-Corporate-ID' - $ref: '#/parameters/PSU-IP-Address' - $ref: '#/parameters/PSU-IP-Port' - $ref: '#/parameters/PSU-User-Agent' - $ref: '#/parameters/PSU-Accept' - $ref: '#/parameters/PSU-Accept-Charset' - $ref: '#/parameters/PSU-Accept-Encoding' - $ref: '#/parameters/PSU-Accept-Language' - $ref: '#/parameters/PSU-HTTP-Method' - $ref: '#/parameters/PSU-Device-ID' - $ref: '#/parameters/PSU-Geo-Location' responses: 201: description: Created schema: $ref: '#/definitions/ConsentResponse' 400: description: Bad Request schema: $ref: '#/definitions/Error' examples: FORMAT_ERROR: id: "5615873375" status: 400 system: ERA-PSD2 code: FORMAT_ERROR 404: description: Not Found schema: $ref: '#/definitions/Error' examples: RESOURCE_UNKNOWN: id: "5615873376" system: ERA-PSD2 status: 404 code: RESOURCE_UNKNOWN 500: description: Internal Server Error schema: $ref: '#/definitions/Error' examples: SYSTEM_ERROR: id: "5615873378" system: ERA-PSD2 status: 500 code: SYSTEM_ERROR parameters: x-accept-fix: name: x-accept-fix in: header required: true type: string description: Set this to "amount-as-string", will make amounts be serialized as strings with the correct number of decimal points. Temporarily required , default serialization will be switched to string when all clients sends this header. x-example: amount-as-string Accept: name: Accept in: header type: string required: false description: Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header. x-example: application/json Accept-Charset: name: Accept-Charset in: header type: string required: false description: Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header. x-example: utf-8 Accept-Encoding: name: Accept-Encoding in: header required: false type: string description: Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header. x-example: deflate, gzip;q=1.0, *;q=0.5 Accept-Language: name: Accept-Language in: header description: Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header. required: false type: string x-example: en-US,en;q=0.7,nb;q=0.3 Host: name: Host in: header type: string required: false description: The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening. x-example: http://lbxp02vip.unix.cosng.net:20100/secesb/rest/era-psd2 X-Request-ID: name: X-Request-ID in: header type: string required: true description: Request identifier, unique to the call, as determined by the TPP. x-example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19 TPP-Session-ID: name: TPP-Session-ID in: header type: string required: true description: TPP session identifier. x-example: b29f79d9-12ea-462b-ad8a-8ad38b8c57b7 TPP-Redirect-URI: name: TPP-Redirect-URI in: header type: string required: true description: URI of the TPP, where the transaction flow shalle be redirected to after a Redirect. x-example: http://httpbin.org/get TPP-Redirect-Preferred: name: TPP-Redirect-Preferred in: header type: string required: false description: Set to *false* to automatically trigger biometric authentication for mobile apps whenever available. Default is *true*. x-example: "false" TPP-Signature-Certificate: name: TPP-Signature-Certificate in: header type: string required: true description: The certificate used for signing the request in base64 encoding. x-example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k== Signature: name: Signature in: header type: string required: true description: | HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework. - *keyId* must be formatted as `keyId="SN=XXX,CA=YYY"` where `XXX` is the serial number of the signing certificate in hexadecimal encoding and `YYY` is the ful Distinguished Name of the Certificate Authority having certificate - *algorithm* must identify the same algorithm for the signature as presented in the signing certificate and should be `rsa-sha256` - *headers* must contain `date`, `digest`, `x-request-id`, `psu-id`, `psu-corporate-id`, and `tpp-redirect-uri` when available - *signature* must be computed as `Base64(RSA-SHA256(signingString))` If any values in the signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the signature header according to RFC 2047 which means MIME encoding the signature. Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?= Example of this encoding: `=?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=` Java example of how to implement encoding: ``` if (charset.equals(StandardCharsets.UTF_8)) { signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8))); } ``` x-example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************" PSU-ID: name: PSU-ID in: header type: string format: UUID required: false description: The PSU identifier. x-example: 49ae0cfe-6b72-4310-81f5-ad4eef897fe3 PSU-Corporate-ID: name: PSU-Corporate-ID in: header required: false type: string description: The PSU Corporate agreement identifier. x-example: aog5kNSbDNo2srEPAqsCGaR8LNCAfLVlKPzbwKZQJzI= PSU-Corporate-ID-Required: name: PSU-Corporate-ID in: header required: true type: string description: The PSU Corporate agreement identifier. x-example: aog5kNSbDNo2srEPAqsCGaR8LNCAfLVlKPzbwKZQJzI= PSU-IP-Address: name: PSU-IP-Address in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. required: true type: string x-example: 153.110.241.229 PSU-IP-Port: name: PSU-IP-Port in: header description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. required: false type: string x-example: 443 PSU-User-Agent: name: PSU-User-Agent in: header description: The forwarded value for the User-Agent header field between the PSU and TPP, if available. required: false type: string x-example: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/63.0 PSU-Accept: name: PSU-Accept in: header description: The forwarded value for the Accept header field between the PSU and TPP, if available. required: false type: string x-example: application/json PSU-Accept-Charset: name: PSU-Accept-Charset in: header description: The forwarded value for the Accept-Charset header field between the PSU and TPP, if available. required: false type: string x-example: utf-8 PSU-Accept-Encoding: name: PSU-Accept-Encoding in: header description: The forwarded value for the Accept-Encoding header field between the PSU and TPP, if available. required: false type: string x-example: gzip, deflate, br PSU-Accept-Language: name: PSU-Accept-Language in: header description: The forwarded value for the Accept-Language header field between the PSU and TPP, if available. required: false type: string x-example: en-US,en;q=0.7,nb;q=0.3 PSU-HTTP-Method: name: PSU-HTTP-Method in: header type: string enum: - GET - POST - PUT - PATCH - DELETE required: false description: The forwarded value for the HTTP method used between the PSU and TPP, if available. x-example: GET PSU-Device-ID: name: PSU-Device-ID in: header type: string format: UUID required: false description: The forwarded value of the device ID used by the PSU, if available. x-example: 35-67660-48540-8 PSU-Geo-Location: name: PSU-Geo-Location in: header description: The forwarded value of the Geo Location of the corresponding HTTP request between the PSU and TPP, if available. required: false type: string x-example: GEO:52.506931,13.144558 definitions: ConsentResponse: type: object properties: _links: type: object readOnly: true additionalProperties: $ref: '#/definitions/Link' example: _links: scaRedirect: href: https://psd2.sb1telemark.no/tap verbs: - GET Link: type: object required: - href - verbs properties: href: type: string example: https://psd2.sb1telemark.no/ verbs: type: array items: type: string enum: - GET - PUT - POST - DELETE example: GET Error: type: object properties: id: type: string example: "5884127160" system: type: string example: ERA-PSD2 status: type: number example: 400 code: type: string example: ERROR_CODE message: type: string example: error message appears here x-ibm-configuration: enforced: true testable: true phase: realized x-ibm-endpoints: - endpointUrl: https://psd2.sb1telemark.no/api-sandbox type: - production - development ...