openapi: 3.0.2 info: version: '0.1' title: Thirdparty Snippets description: | Based on sequence diagrams (https://github.com/mojaloop/pisp/tree/main/docs/out). This is a work in progress. license: name: TBD servers: - url: '{protocol}://hostname:/switch/' variables: protocol: enum: - http - https default: https paths: /interface: post: description: Essential path to include schema definitions that are not used so that these definitions get included into the openapi-cli bundle api definition so that they get converted into typescript definitions. operationId: test requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/ParticipantsIDPutResponse' - $ref: '#/components/schemas/PartiesTypeIDPutResponse' - $ref: '#/components/schemas/QuotesIDPutResponse' - $ref: '#/components/schemas/ThirdpartyRequestsTransactionsIDPatchResponse' - $ref: '#/components/schemas/AuthorizationResponseType' - $ref: '#/components/schemas/ConsentStatusIssued' - $ref: '#/components/schemas/IlpFulfilment' - $ref: '#/components/schemas/Integer' - $ref: '#/components/schemas/Note' - $ref: '#/components/schemas/PartyIdInfoTPLink' - $ref: '#/components/schemas/PartyResult' - $ref: '#/components/schemas/ServiceType' - $ref: '#/components/schemas/ParticipantsPostRequest' - $ref: '#/components/schemas/QuotesPostRequest' responses: '200': description: Ok /accounts/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: operationId: GetAccountsByUserId summary: GetAccountsByUserId description: | The HTTP request `GET /accounts/{ID}` is used to retrieve the list of potential accounts available for linking. tags: - accounts - sampled parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: description: | The HTTP request `PUT /accounts/{ID}` is used to return the list of potential accounts available for linking operationId: UpdateAccountsByUserId summary: UpdateAccountsByUserId tags: - accounts - sampled parameters: - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountsIDPutResponse' example: - accountNickname: dfspa.user.nickname1 id: dfspa.username.1234 currency: ZAR - accountNickname: dfspa.user.nickname2 id: dfspa.username.5678 currency: USD responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /accounts/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: description: | The HTTP request `PUT /accounts/{ID}/error` is used to return error information operationId: UpdateAccountsByUserIdError summary: UpdateAccountsByUserIdError tags: - accounts - sampled parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Details of the error returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /health: get: tags: - health responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' operationId: HealthGet summary: Health check endpoint description: The HTTP request GET /health is used to return the current status of the API. /metrics: get: tags: - health responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' operationId: MetricsGet summary: Prometheus metrics endpoint description: The HTTP request GET /metrics is used to return metrics for the API. /consentRequests: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: tags: - consentRequests - sampled operationId: CreateConsentRequest summary: CreateConsentRequest description: | The HTTP request **POST /consentRequests** is used to request a DFSP to grant access to one or more accounts owned by a customer of the DFSP for the PISP who sends the request. parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: The consentRequest to create required: true content: application/json: schema: $ref: '#/components/schemas/ConsentRequestsPostRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /consentRequests/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: operationId: GetConsentRequestsById summary: GetConsentRequestsById description: | The HTTP request `GET /consentRequests/{ID}` is used to get information about a previously requested consent. The *{ID}* in the URI should contain the consentRequestId that was assigned to the request by the PISP when the PISP originated the request. tags: - consentRequests - sampled parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: tags: - consentRequests - sampled operationId: UpdateConsentRequest summary: UpdateConsentRequest description: | A DFSP uses this callback to (1) inform the PISP that the consentRequest has been accepted, and (2) communicate to the PISP which `authChannel` it should use to authenticate their user with. When a PISP requests a series of permissions from a DFSP on behalf of a DFSP’s customer, not all the permissions requested may be granted by the DFSP. Conversely, the out-of-band authorization process may result in additional privileges being granted by the account holder to the PISP. The **PUT /consentRequests/**_{ID}_ resource returns the current state of the permissions relating to a particular authorization request. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ConsentRequestsIDPutResponseWeb' - $ref: '#/components/schemas/ConsentRequestsIDPutResponseOTP' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' patch: tags: - consentRequests - sampled operationId: PatchConsentRequest summary: PatchConsentRequest description: | After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP. parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConsentRequestsIDPatchRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /consentRequests/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: tags: - consentRequests - sampled operationId: NotifyErrorConsentRequests summary: NotifyErrorConsentRequests description: | DFSP responds to the PISP if something went wrong with validating an OTP or secret. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Error information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /consents: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: tags: - consents - sampled operationId: PostConsents summary: PostConsents description: | The **POST /consents** request is used to request the creation of a consent for interactions between a PISP and the DFSP who owns the account which a PISP’s customer wants to allow the PISP access to. parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ConsentsPostRequestAUTH' - $ref: '#/components/schemas/ConsentsPostRequestPISP' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /consents/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: description: | The **GET /consents/**_{ID}_ resource allows a party to enquire after the status of a consent. The *{ID}* used in the URI of the request should be the consent request ID which was used to identify the consent when it was created. tags: - consents operationId: GetConsent summary: GetConsent parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' patch: description: | The HTTP request `PATCH /consents/{ID}` is used - In account linking in the Credential Registration phase. Used by a DFSP to notify a PISP a credential has been verified and registered with an Auth service. - In account unlinking by a hub hosted auth service and by DFSPs in non-hub hosted scenarios to notify participants of a consent being revoked. Called by a `auth-service` to notify a PISP and DFSP of consent status in hub hosted scenario. Called by a `DFSP` to notify a PISP of consent status in non-hub hosted scenario. tags: - consents - sampled operationId: PatchConsentByID summary: PatchConsentByID requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ConsentsIDPatchResponseVerified' - $ref: '#/components/schemas/ConsentsIDPatchResponseRevoked' parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: description: | The HTTP request `PUT /consents/{ID}` is used by the PISP and Auth Service. - Called by a `PISP` to after signing a challenge. Sent to an DFSP for verification. - Called by a `auth-service` to notify a DFSP that a credential has been verified and registered. tags: - consents - sampled operationId: PutConsentByID summary: PutConsentByID requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ConsentsIDPutResponseSigned' - $ref: '#/components/schemas/ConsentsIDPutResponseVerified' parameters: - $ref: '#/components/parameters/Content-Length' responses: '200': $ref: '#/components/responses/200' '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' delete: description: | Used by PISP, DFSP The **DELETE /consents/**_{ID}_ request is used to request the revocation of a previously agreed consent. For tracing and auditing purposes, the switch should be sure not to delete the consent physically; instead, information relating to the consent should be marked as deleted and requests relating to the consent should not be honoured. operationId: DeleteConsentByID parameters: - $ref: '#/components/parameters/Accept' tags: - consents responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /consents/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: tags: - consents - sampled operationId: NotifyErrorConsents summary: NotifyErrorConsents description: | DFSP responds to the PISP if something went wrong with validating or storing consent. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Error information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /participants: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: description: The HTTP request `POST /participants` is used to create information in the server regarding the provided list of identities. This request should be used for bulk creation of FSP information for more than one Party. The optional currency parameter should indicate that each provided Party supports the currency. summary: Create bulk participant information tags: - participants - sampled operationId: Participants1 parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: Participant information to be created. required: true content: application/json: schema: $ref: '#/components/schemas/ParticipantsPostRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /participants/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: description: The callback `PUT /participants/{ID}` is used to inform the client of the result of the creation of the provided list of identities. summary: Return bulk participant information tags: - participants - sampled operationId: PutParticipantsByID parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Participant information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ParticipantsIDPutResponse' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /participants/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: description: If there is an error during FSP information creation in the server, the error callback `PUT /participants/{ID}/error` is used. The `{ID}` in the URI should contain the requestId that was used for the creation of the participant information. summary: Return bulk participant information error tags: - participants - sampled operationId: PutParticipantsByIDAndError parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Details of the error returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /participants/{Type}/{ID}: parameters: - $ref: '#/components/parameters/Type' - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: description: The HTTP request `POST /participants/{Type}/{ID}` (or `POST /participants/{Type}/{ID}/{SubId}`) is used to create information in the server regarding the provided identity, defined by `{Type}`, `{ID}`, and optionally `{SubId}` (for example, `POST /participants/MSISDN/123456789` or `POST /participants/BUSINESS/shoecompany/employee1`). An ExtensionList element has been added to this reqeust in version v1.1 summary: Create participant information tags: - participants - sampled operationId: ParticipantsByIDAndType parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: Participant information to be created. required: true content: application/json: schema: $ref: '#/components/schemas/ParticipantsTypeIDSubIDPostRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' get: description: The HTTP request `GET /participants/{Type}/{ID}` (or `GET /participants/{Type}/{ID}/{SubId}`) is used to find out in which FSP the requested Party, defined by `{Type}`, `{ID}` and optionally `{SubId}`, is located (for example, `GET /participants/MSISDN/123456789`, or `GET /participants/BUSINESS/shoecompany/employee1`). This HTTP request should support a query string for filtering of currency. To use filtering of currency, the HTTP request `GET /participants/{Type}/{ID}?currency=XYZ` should be used, where `XYZ` is the requested currency. summary: Look up participant information tags: - participants operationId: ParticipantsByTypeAndID parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: description: The callback `PUT /participants/{Type}/{ID}` (or `PUT /participants/{Type}/{ID}/{SubId}`) is used to inform the client of a successful result of the lookup, creation, or deletion of the FSP information related to the Party. If the FSP information is deleted, the fspId element should be empty; otherwise the element should include the FSP information for the Party. summary: Return participant information tags: - participants operationId: ParticipantsByTypeAndID3 parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Participant information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ParticipantsTypeIDPutResponse' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' delete: description: |- The HTTP request `DELETE /participants/{Type}/{ID}` (or `DELETE /participants/{Type}/{ID}/{SubId}`) is used to delete information in the server regarding the provided identity, defined by `{Type}` and `{ID}`) (for example, `DELETE /participants/MSISDN/123456789`), and optionally `{SubId}`. This HTTP request should support a query string to delete FSP information regarding a specific currency only. To delete a specific currency only, the HTTP request `DELETE /participants/{Type}/{ID}?currency=XYZ` should be used, where `XYZ` is the requested currency. **Note:** The Account Lookup System should verify that it is the Party’s current FSP that is deleting the FSP information. summary: Delete participant information tags: - participants operationId: ParticipantsByTypeAndID2 parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /participants/{Type}/{ID}/error: parameters: - $ref: '#/components/parameters/Type' - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: description: If the server is unable to find, create or delete the associated FSP of the provided identity, or another processing error occurred, the error callback `PUT /participants/{Type}/{ID}/error` (or `PUT /participants/{Type}/{ID}/{SubId}/error`) is used. summary: Return participant information error tags: - participants - sampled operationId: ParticipantsErrorByTypeAndID parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Details of the error returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /services/{ServiceType}: parameters: - $ref: '#/components/parameters/ServiceType' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: operationId: GetServicesByServiceType summary: GetServicesByServiceType description: | The HTTP request `GET /services/{ServiceType}` is used to retrieve the list of participants that support a specified service. parameters: - $ref: '#/components/parameters/Accept' tags: - services - sampled responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: description: | The HTTP request `PUT /services/{ServiceType}` is used to return list of participants that support a specified service. operationId: PutServicesByServiceType summary: PutServicesByServiceType tags: - services - sampled parameters: - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServicesServiceTypePutResponse' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /services/{ServiceType}/error: parameters: - $ref: '#/components/parameters/ServiceType' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: description: | The HTTP request `PUT /services/{ServiceType}/error` is used to return error information operationId: PutServicesByServiceTypeAndError summary: PutServicesByServiceTypeAndError tags: - services - sampled parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Details of the error returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/transactions: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: operationId: ThirdpartyRequestsTransactionsPost summary: ThirdpartyRequestsTransactionsPost description: The HTTP request POST `/thirdpartyRequests/transactions` is used by a PISP to initiate a 3rd party Transaction request with a DFSP tags: - thirdpartyRequests - sampled parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: Transaction request to be created. required: true content: application/json: schema: $ref: '#/components/schemas/ThirdpartyRequestsTransactionsPostRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/transactions/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: tags: - thirdpartyRequests - sampled operationId: GetThirdpartyTransactionRequests summary: GetThirdpartyTransactionRequests description: | The HTTP request `GET /thirdpartyRequests/transactions/{ID}` is used to request the retrieval of a third party transaction request. parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: tags: - thirdpartyRequests - sampled operationId: UpdateThirdPartyTransactionRequests summary: UpdateThirdPartyTransactionRequests description: | The HTTP request `PUT /thirdpartyRequests/transactions/{ID}` is used by the DFSP to inform the client about the status of a previously requested thirdparty transaction request. Switch(Thirdparty API Adapter) -> PISP parameters: - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ThirdpartyRequestsTransactionsIDPutResponse' example: transactionRequestState: RECEIVED responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' patch: operationId: NotifyThirdpartyTransactionRequests summary: NotifyThirdpartyTransactionRequests description: | The HTTP request `PATCH /thirdpartyRequests/transactions/{ID}` is used to notify a thirdparty of the outcome of a transaction request. Switch(Thirdparty API Adapter) -> PISP tags: - thirdpartyRequests parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ThirdpartyRequestsTransactionsIDPatchResponse' example: transactionRequestState: ACCEPTED transactionState: COMMITTED responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/transactions/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: tags: - thirdpartyRequests - sampled operationId: ThirdpartyTransactionRequestsError summary: ThirdpartyTransactionRequestsError description: | If the server is unable to find the transaction request, or another processing error occurs, the error callback `PUT /thirdpartyRequests/transactions/{ID}/error` is used. The `{ID}` in the URI should contain the `transactionRequestId` that was used for the creation of the thirdparty transaction request. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Error information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/authorizations: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: description: | The HTTP request **POST /thirdpartyRequests/authorizations** is used to request the validation by a customer for the transfer described in the request. operationId: PostThirdpartyRequestsAuthorizations summary: PostThirdpartyRequestsAuthorizations tags: - authorizations - sampled parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: Authorization request details required: true content: application/json: schema: $ref: '#/components/schemas/ThirdpartyRequestsAuthorizationsPostRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/authorizations/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: description: | The HTTP request **GET /thirdpartyRequests/authorizations/**_{ID}_ is used to get information relating to a previously issued authorization request. The *{ID}* in the request should match the `authorizationRequestId` which was given when the authorization request was created. operationId: GetThirdpartyRequestsAuthorizationsById summary: GetThirdpartyRequestsAuthorizationsById tags: - authorizations - sampled parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: description: | After receiving the **POST /thirdpartyRequests/authorizations**, the PISP will present the details of the transaction to their user, and request that the client sign the `challenge` field using the credential they previously registered. The signed challenge will be sent back by the PISP in **PUT /thirdpartyRequests/authorizations/**_{ID}_: operationId: PutThirdpartyRequestsAuthorizationsById summary: PutThirdpartyRequestsAuthorizationsById tags: - authorizations parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Signed authorization object required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ThirdpartyRequestsAuthorizationsIDPutResponseRejected' - $ref: '#/components/schemas/ThirdpartyRequestsAuthorizationsIDPutResponseFIDO' - $ref: '#/components/schemas/ThirdpartyRequestsAuthorizationsIDPutResponseGeneric' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/authorizations/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: tags: - thirdpartyRequests - sampled operationId: PutThirdpartyRequestsAuthorizationsByIdAndError summary: PutThirdpartyRequestsAuthorizationsByIdAndError description: | The HTTP request `PUT /thirdpartyRequests/authorizations/{ID}/error` is used by the DFSP or PISP to inform the other party that something went wrong with a Thirdparty Transaction Authorization Request. The PISP may use this to tell the DFSP that the Thirdparty Transaction Authorization Request is invalid or doesn't match a `transactionRequestId`. The DFSP may use this to tell the PISP that the signed challenge returned in `PUT /thirdpartyRequest/authorizations/{ID}` was invalid. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Error information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/verifications: parameters: - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' post: tags: - thirdpartyRequests - sampled operationId: PostThirdpartyRequestsVerifications summary: PostThirdpartyRequestsVerifications description: | The HTTP request `POST /thirdpartyRequests/verifications` is used by the DFSP to verify a third party authorization. parameters: - $ref: '#/components/parameters/Accept' - $ref: '#/components/parameters/Content-Length' requestBody: description: The thirdparty authorization details to verify required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/ThirdpartyRequestsVerificationsPostRequestFIDO' - $ref: '#/components/schemas/ThirdpartyRequestsVerificationsPostRequestGeneric' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/verifications/{ID}: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' get: tags: - thirdpartyRequests - sampled operationId: GetThirdpartyRequestsVerificationsById summary: GetThirdpartyRequestsVerificationsById description: | The HTTP request `/thirdpartyRequests/verifications/{ID}` is used to get information regarding a previously created or requested authorization. The *{ID}* in the URI should contain the verification request ID parameters: - $ref: '#/components/parameters/Accept' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' put: tags: - thirdpartyRequests - sampled operationId: PutThirdpartyRequestsVerificationsById summary: PutThirdpartyRequestsVerificationsById description: |- The HTTP request `PUT /thirdpartyRequests/verifications/{ID}` is used by the Auth-Service to inform the DFSP of a successful result in validating the verification of a Thirdparty Transaction Request. If the validation fails, the auth-service will send back `PUT /thirdpartyRequests/verifications/{ID}` with `authenticationResponse: 'REJECTED'`. In unplanned error cases the Auth-Service MUST use `PUT /thirdpartyRequests/verifications/{ID}/error`. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: The result of validating the Thirdparty Transaction Request required: true content: application/json: schema: $ref: '#/components/schemas/ThirdpartyRequestsVerificationsIDPutResponse' example: authenticationResponse: VERIFIED responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' /thirdpartyRequests/verifications/{ID}/error: parameters: - $ref: '#/components/parameters/ID' - $ref: '#/components/parameters/Content-Type' - $ref: '#/components/parameters/Date' - $ref: '#/components/parameters/X-Forwarded-For' - $ref: '#/components/parameters/FSPIOP-Source' - $ref: '#/components/parameters/FSPIOP-Destination' - $ref: '#/components/parameters/FSPIOP-Encryption' - $ref: '#/components/parameters/FSPIOP-Signature' - $ref: '#/components/parameters/FSPIOP-URI' - $ref: '#/components/parameters/FSPIOP-HTTP-Method' put: tags: - thirdpartyRequests - sampled operationId: PutThirdpartyRequestsVerificationsByIdAndError summary: PutThirdpartyRequestsVerificationsByIdAndError description: | The HTTP request `PUT /thirdpartyRequests/verifications/{ID}/error` is used by the Auth-Service to inform the DFSP of a failure in validating or looking up the verification of a Thirdparty Transaction Request. parameters: - $ref: '#/components/parameters/Content-Length' requestBody: description: Error information returned. required: true content: application/json: schema: $ref: '#/components/schemas/ErrorInformationObject' responses: '200': $ref: '#/components/responses/200' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '405': $ref: '#/components/responses/405' '406': $ref: '#/components/responses/406' '501': $ref: '#/components/responses/501' '503': $ref: '#/components/responses/503' components: schemas: PartyIdType: title: PartyIdType type: string enum: - MSISDN - EMAIL - PERSONAL_ID - BUSINESS - DEVICE - ACCOUNT_ID - IBAN - ALIAS - CONSENT - THIRD_PARTY_LINK description: | Below are the allowed values for the enumeration. - MSISDN - An MSISDN (Mobile Station International Subscriber Directory Number, that is, the phone number) is used as reference to a participant. The MSISDN identifier should be in international format according to the [ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en). Optionally, the MSISDN may be prefixed by a single plus sign, indicating the international prefix. - EMAIL - An email is used as reference to a participant. The format of the email should be according to the informational [RFC 3696](https://tools.ietf.org/html/rfc3696). - PERSONAL_ID - A personal identifier is used as reference to a participant. Examples of personal identification are passport number, birth certificate number, and national registration number. The identifier number is added in the PartyIdentifier element. The personal identifier type is added in the PartySubIdOrType element. - BUSINESS - A specific Business (for example, an organization or a company) is used as reference to a participant. The BUSINESS identifier can be in any format. To make a transaction connected to a specific username or bill number in a Business, the PartySubIdOrType element should be used. - DEVICE - A specific device (for example, a POS or ATM) ID connected to a specific business or organization is used as reference to a Party. For referencing a specific device under a specific business or organization, use the PartySubIdOrType element. - ACCOUNT_ID - A bank account number or FSP account ID should be used as reference to a participant. The ACCOUNT_ID identifier can be in any format, as formats can greatly differ depending on country and FSP. - IBAN - A bank account number or FSP account ID is used as reference to a participant. The IBAN identifier can consist of up to 34 alphanumeric characters and should be entered without whitespace. - ALIAS An alias is used as reference to a participant. The alias should be created in the FSP as an alternative reference to an account owner. Another example of an alias is a username in the FSP system. The ALIAS identifier can be in any format. It is also possible to use the PartySubIdOrType element for identifying an account under an Alias defined by the PartyIdentifier. - CONSENT - A Consent represents an agreement between a PISP, a Customer and a DFSP which allows the PISP permission to perform actions on behalf of the customer. A Consent has an authoritative source: either the DFSP who issued the Consent, or an Auth Service which administers the Consent. - THIRD_PARTY_LINK - A Third Party Link represents an agreement between a PISP, a DFSP, and a specific Customer's account at the DFSP. The content of the link is created by the DFSP at the time when it gives permission to the PISP for specific access to a given account. example: PERSONAL_ID PartyIdentifier: title: PartyIdentifier type: string minLength: 1 maxLength: 128 description: Identifier of the Party. example: '16135551212' PartySubIdOrType: title: PartySubIdOrType type: string minLength: 1 maxLength: 128 description: Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType. FspId: title: FspId type: string minLength: 1 maxLength: 32 description: FSP identifier. ExtensionKey: title: ExtensionKey type: string minLength: 1 maxLength: 32 description: Extension key. ExtensionValue: title: ExtensionValue type: string minLength: 1 maxLength: 128 description: Extension value. Extension: title: Extension type: object description: Data model for the complex type Extension. properties: key: $ref: '#/components/schemas/ExtensionKey' value: $ref: '#/components/schemas/ExtensionValue' required: - key - value ExtensionList: title: ExtensionList type: object description: Data model for the complex type ExtensionList. An optional list of extensions, specific to deployment. properties: extension: type: array items: $ref: '#/components/schemas/Extension' minItems: 1 maxItems: 16 description: Number of Extension elements. required: - extension PartyIdInfo: title: PartyIdInfo type: object description: Data model for the complex type PartyIdInfo. properties: partyIdType: $ref: '#/components/schemas/PartyIdType' partyIdentifier: $ref: '#/components/schemas/PartyIdentifier' partySubIdOrType: $ref: '#/components/schemas/PartySubIdOrType' fspId: $ref: '#/components/schemas/FspId' extensionList: $ref: '#/components/schemas/ExtensionList' required: - partyIdType - partyIdentifier ErrorCode: title: ErrorCode type: string pattern: ^[1-9]\d{3}$ description: The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represent the specific error. example: '5100' ErrorDescription: title: ErrorDescription type: string minLength: 1 maxLength: 128 description: Error description string. ErrorInformation: title: ErrorInformation type: object description: Data model for the complex type ErrorInformation. properties: errorCode: $ref: '#/components/schemas/ErrorCode' errorDescription: $ref: '#/components/schemas/ErrorDescription' extensionList: $ref: '#/components/schemas/ExtensionList' required: - errorCode - errorDescription PartyResult: title: PartyResult type: object description: Data model for the complex type PartyResult. properties: partyId: $ref: '#/components/schemas/PartyIdInfo' errorInformation: $ref: '#/components/schemas/ErrorInformation' required: - partyId Currency: title: Currency description: The currency codes defined in [ISO 4217](https://www.iso.org/iso-4217-currency-codes.html) as three-letter alphabetic codes are used as the standard naming representation for currencies. type: string minLength: 3 maxLength: 3 enum: - AED - AFN - ALL - AMD - ANG - AOA - ARS - AUD - AWG - AZN - BAM - BBD - BDT - BGN - BHD - BIF - BMD - BND - BOB - BRL - BSD - BTN - BWP - BYN - BZD - CAD - CDF - CHF - CLP - CNY - COP - CRC - CUC - CUP - CVE - CZK - DJF - DKK - DOP - DZD - EGP - ERN - ETB - EUR - FJD - FKP - GBP - GEL - GGP - GHS - GIP - GMD - GNF - GTQ - GYD - HKD - HNL - HRK - HTG - HUF - IDR - ILS - IMP - INR - IQD - IRR - ISK - JEP - JMD - JOD - JPY - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LYD - MAD - MDL - MGA - MKD - MMK - MNT - MOP - MRO - MUR - MVR - MWK - MXN - MYR - MZN - NAD - NGN - NIO - NOK - NPR - NZD - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - RON - RSD - RUB - RWF - SAR - SBD - SCR - SDG - SEK - SGD - SHP - SLL - SOS - SPL - SRD - STD - SVC - SYP - SZL - THB - TJS - TMT - TND - TOP - TRY - TTD - TVD - TWD - TZS - UAH - UGX - USD - UYU - UZS - VEF - VND - VUV - WST - XAF - XCD - XDR - XOF - XPF - XTS - XXX - YER - ZAR - ZMW - ZWD ParticipantsIDPutResponse: title: ParticipantsIDPutResponse type: object description: The object sent in the PUT /participants/{ID} callback. properties: partyList: type: array items: $ref: '#/components/schemas/PartyResult' minItems: 1 maxItems: 10000 description: List of PartyResult elements that were either created or failed to be created. currency: $ref: '#/components/schemas/Currency' required: - partyList MerchantClassificationCode: title: MerchantClassificationCode type: string pattern: ^[\d]{1,4}$ description: A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc. PartyName: title: PartyName type: string minLength: 1 maxLength: 128 description: Name of the Party. Could be a real name or a nickname. FirstName: title: FirstName type: string minLength: 1 maxLength: 128 pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$ description: First name of the Party (Name Type). example: Henrik MiddleName: title: MiddleName type: string minLength: 1 maxLength: 128 pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$ description: Middle name of the Party (Name Type). example: Johannes LastName: title: LastName type: string minLength: 1 maxLength: 128 pattern: ^(?!\s*$)[\p{L}\p{gc=Mark}\p{digit}\p{gc=Connector_Punctuation}\p{Join_Control} .,''-]{1,128}$ description: Last name of the Party (Name Type). example: Karlsson PartyComplexName: title: PartyComplexName type: object description: Data model for the complex type PartyComplexName. properties: firstName: $ref: '#/components/schemas/FirstName' middleName: $ref: '#/components/schemas/MiddleName' lastName: $ref: '#/components/schemas/LastName' DateOfBirth: title: DateofBirth (type Date) type: string pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$ description: Date of Birth of the Party. example: '1966-06-16' PartyPersonalInfo: title: PartyPersonalInfo type: object description: Data model for the complex type PartyPersonalInfo. properties: complexName: $ref: '#/components/schemas/PartyComplexName' dateOfBirth: $ref: '#/components/schemas/DateOfBirth' Party: title: Party type: object description: Data model for the complex type Party. properties: partyIdInfo: $ref: '#/components/schemas/PartyIdInfo' merchantClassificationCode: $ref: '#/components/schemas/MerchantClassificationCode' name: $ref: '#/components/schemas/PartyName' personalInfo: $ref: '#/components/schemas/PartyPersonalInfo' required: - partyIdInfo PartiesTypeIDPutResponse: title: PartiesTypeIDPutResponse type: object description: | The object sent in the PUT /parties/{Type}/{ID} callback. This is a variant based on FSPIOP `PartiesTypeIDPutResponse` specification. Main difference being that it returns a `Party` with the newly added `accounts` property. properties: party: $ref: '#/components/schemas/Party' required: - party Amount: title: Amount type: string pattern: ^([0]|([1-9][0-9]{0,17}))([.][0-9]{0,3}[1-9])?$ description: The API data type Amount is a JSON String in a canonical format that is restricted by a regular expression for interoperability reasons. This pattern does not allow any trailing zeroes at all, but allows an amount without a minor currency unit. It also only allows four digits in the minor currency unit; a negative value is not allowed. Using more than 18 digits in the major currency unit is not allowed. example: '123.45' Money: title: Money type: object description: Data model for the complex type Money. properties: currency: $ref: '#/components/schemas/Currency' amount: $ref: '#/components/schemas/Amount' required: - currency - amount DateTime: title: DateTime type: string pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:(\.\d{3}))(?:Z|[+-][01]\d:[0-5]\d)$ description: The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html), expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples are "2016-05-24T08:38:08.699-04:00", "2016-05-24T08:38:08.699Z" (where Z indicates Zulu time zone, same as UTC). example: '2016-05-24T08:38:08.699-04:00' Latitude: title: Latitude type: string pattern: ^(\+|-)?(?:90(?:(?:\.0{1,6})?)|(?:[0-9]|[1-8][0-9])(?:(?:\.[0-9]{1,6})?))$ description: The API data type Latitude is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. example: '+45.4215' Longitude: title: Longitude type: string pattern: ^(\+|-)?(?:180(?:(?:\.0{1,6})?)|(?:[0-9]|[1-9][0-9]|1[0-7][0-9])(?:(?:\.[0-9]{1,6})?))$ description: The API data type Longitude is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. example: '+75.6972' GeoCode: title: GeoCode type: object description: Data model for the complex type GeoCode. Indicates the geographic location from where the transaction was initiated. properties: latitude: $ref: '#/components/schemas/Latitude' longitude: $ref: '#/components/schemas/Longitude' required: - latitude - longitude IlpPacket: title: IlpPacket type: string pattern: ^[A-Za-z0-9-_]+[=]{0,2}$ minLength: 1 maxLength: 32768 description: Information for recipient (transport layer information). example: AYIBgQAAAAAAAASwNGxldmVsb25lLmRmc3AxLm1lci45T2RTOF81MDdqUUZERmZlakgyOVc4bXFmNEpLMHlGTFGCAUBQU0svMS4wCk5vbmNlOiB1SXlweUYzY3pYSXBFdzVVc05TYWh3CkVuY3J5cHRpb246IG5vbmUKUGF5bWVudC1JZDogMTMyMzZhM2ItOGZhOC00MTYzLTg0NDctNGMzZWQzZGE5OGE3CgpDb250ZW50LUxlbmd0aDogMTM1CkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbgpTZW5kZXItSWRlbnRpZmllcjogOTI4MDYzOTEKCiJ7XCJmZWVcIjowLFwidHJhbnNmZXJDb2RlXCI6XCJpbnZvaWNlXCIsXCJkZWJpdE5hbWVcIjpcImFsaWNlIGNvb3BlclwiLFwiY3JlZGl0TmFtZVwiOlwibWVyIGNoYW50XCIsXCJkZWJpdElkZW50aWZpZXJcIjpcIjkyODA2MzkxXCJ9IgA IlpCondition: title: IlpCondition type: string pattern: ^[A-Za-z0-9-_]{43}$ maxLength: 48 description: Condition that must be attached to the transfer by the Payer. QuotesIDPutResponse: title: QuotesIDPutResponse type: object description: The object sent in the PUT /quotes/{ID} callback. properties: transferAmount: $ref: '#/components/schemas/Money' payeeReceiveAmount: $ref: '#/components/schemas/Money' payeeFspFee: $ref: '#/components/schemas/Money' payeeFspCommission: $ref: '#/components/schemas/Money' expiration: $ref: '#/components/schemas/DateTime' geoCode: $ref: '#/components/schemas/GeoCode' ilpPacket: $ref: '#/components/schemas/IlpPacket' condition: $ref: '#/components/schemas/IlpCondition' extensionList: $ref: '#/components/schemas/ExtensionList' required: - transferAmount - expiration - ilpPacket - condition TransactionRequestState: title: TransactionRequestState type: string enum: - RECEIVED - PENDING - ACCEPTED - REJECTED description: |- Below are the allowed values for the enumeration. - RECEIVED - Payer FSP has received the transaction from the Payee FSP. - PENDING - Payer FSP has sent the transaction request to the Payer. - ACCEPTED - Payer has approved the transaction. - REJECTED - Payer has rejected the transaction. example: RECEIVED TransactionState: title: TransactionState type: string enum: - RECEIVED - PENDING - COMPLETED - REJECTED description: |- Below are the allowed values for the enumeration. - RECEIVED - Payee FSP has received the transaction from the Payer FSP. - PENDING - Payee FSP has validated the transaction. - COMPLETED - Payee FSP has successfully performed the transaction. - REJECTED - Payee FSP has failed to perform the transaction. example: RECEIVED ThirdpartyRequestsTransactionsIDPatchResponse: title: ThirdpartyRequestsTransactionsIDPatchResponse type: object description: |- Used by: DFSP The issuing PISP will expect a response to their request for a transfer which describes the finalized state of the requested transfer. This response will be given by a PATCH call on the /thirdpartyRequests/transactions/{ID} resource. The {ID} given in the query string should be the transactionRequestId which was originally used by the PISP to identify the transaction request. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31612-post-thirdpartyrequestsauthorizations properties: completedTimestamp: $ref: '#/components/schemas/DateTime' transactionRequestState: $ref: '#/components/schemas/TransactionRequestState' transactionState: $ref: '#/components/schemas/TransactionState' extensionList: $ref: '#/components/schemas/ExtensionList' required: - transactionRequestState - transactionState AuthorizationResponseType: title: AuthorizationResponseType description: | Enum containing authorization response information; if the customer accepted the terms of the transfer, or rejected the terms. type: string enum: - ACCEPTED - REJECTED ConsentStatusIssued: title: ConsentStatusIssued type: string enum: - ISSUED description: |- Allowed values for the enumeration ConsentStatus - ISSUED - The consent has been issued by the DFSP IlpFulfilment: title: IlpFulfilment type: string pattern: ^[A-Za-z0-9-_]{43}$ maxLength: 48 description: Fulfilment that must be attached to the transfer by the Payee. example: WLctttbu2HvTsa1XWvUoGRcQozHsqeu9Ahl2JW9Bsu8 Integer: title: Integer type: string pattern: ^[1-9]\d*$ description: The API data type Integer is a JSON String consisting of digits only. Negative numbers and leading zeroes are not allowed. The data type is always limited to a specific number of digits. Note: title: Note type: string minLength: 1 maxLength: 128 description: Memo assigned to transaction. example: Note sent to Payee. PartyIdTypeTPLink: title: PartyIdTypeTPLink type: string enum: - THIRD_PARTY_LINK description: | - THIRD_PARTY_LINK - is the DFSP's internal reference which allows DFSP to find out the corresponding consent example: PERSONAL_ID PartyIdInfoTPLink: title: PartyIdInfo type: object description: Data model for the complex type PartyIdInfo. properties: partyIdType: $ref: '#/components/schemas/PartyIdTypeTPLink' partyIdentifier: $ref: '#/components/schemas/PartyIdentifier' partySubIdOrType: $ref: '#/components/schemas/PartySubIdOrType' fspId: $ref: '#/components/schemas/FspId' extensionList: $ref: '#/components/schemas/ExtensionList' required: - partyIdType - partyIdentifier ServiceType: title: ServiceType type: string description: |- The ServiceType enumeration describes the types of role for which a DFSP may query using the /services resource. Below are the allowed values for the enumeration ServiceType - THIRD_PARTY_DFSP - Enum used to query for DFSPs that have thirdparty features enabled. - PISP - Enum used to query for PISPs. - AUTH_SERVICE - Participants which provide Authentication Services. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3229-servicetype enum: - THIRD_PARTY_DFSP - PISP - AUTH_SERVICE CorrelationId: title: CorrelationId type: string pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$ description: Identifier that correlates all messages of the same sequence. The API data type UUID (Universally Unique Identifier) is a JSON String in canonical format, conforming to [RFC 4122](https://tools.ietf.org/html/rfc4122), that is restricted by a regular expression for interoperability reasons. A UUID is always 36 characters long, 32 hexadecimal symbols and 4 dashes (‘-‘). example: b51ec534-ee48-4575-b6a9-ead2955b8069 ParticipantsPostRequest: title: ParticipantsPostRequest type: object description: The object sent in the POST /participants request. properties: requestId: $ref: '#/components/schemas/CorrelationId' partyList: type: array items: $ref: '#/components/schemas/PartyIdInfo' minItems: 1 maxItems: 10000 description: | List of PartyIdInfo elements that the client would like to update or create FSP information about. currency: $ref: '#/components/schemas/Currency' required: - requestId - partyList AmountType: title: AmountType type: string enum: - SEND - RECEIVE description: |- Below are the allowed values for the enumeration AmountType. - SEND - Amount the Payer would like to send, that is, the amount that should be withdrawn from the Payer account including any fees. - RECEIVE - Amount the Payer would like the Payee to receive, that is, the amount that should be sent to the receiver exclusive of any fees. example: RECEIVE TransactionScenario: title: TransactionScenario type: string enum: - DEPOSIT - WITHDRAWAL - TRANSFER - PAYMENT - REFUND description: |- Below are the allowed values for the enumeration. - DEPOSIT - Used for performing a Cash-In (deposit) transaction. In a normal scenario, electronic funds are transferred from a Business account to a Consumer account, and physical cash is given from the Consumer to the Business User. - WITHDRAWAL - Used for performing a Cash-Out (withdrawal) transaction. In a normal scenario, electronic funds are transferred from a Consumer’s account to a Business account, and physical cash is given from the Business User to the Consumer. - TRANSFER - Used for performing a P2P (Peer to Peer, or Consumer to Consumer) transaction. - PAYMENT - Usually used for performing a transaction from a Consumer to a Merchant or Organization, but could also be for a B2B (Business to Business) payment. The transaction could be online for a purchase in an Internet store, in a physical store where both the Consumer and Business User are present, a bill payment, a donation, and so on. - REFUND - Used for performing a refund of transaction. example: DEPOSIT TransactionSubScenario: title: TransactionSubScenario type: string pattern: ^[A-Z_]{1,32}$ description: Possible sub-scenario, defined locally within the scheme (UndefinedEnum Type). example: LOCALLY_DEFINED_SUBSCENARIO TransactionInitiator: title: TransactionInitiator type: string enum: - PAYER - PAYEE description: |- Below are the allowed values for the enumeration. - PAYER - Sender of funds is initiating the transaction. The account to send from is either owned by the Payer or is connected to the Payer in some way. - PAYEE - Recipient of the funds is initiating the transaction by sending a transaction request. The Payer must approve the transaction, either automatically by a pre-generated OTP or by pre-approval of the Payee, or by manually approving in his or her own Device. example: PAYEE TransactionInitiatorType: title: TransactionInitiatorType type: string enum: - CONSUMER - AGENT - BUSINESS - DEVICE description: |- Below are the allowed values for the enumeration. - CONSUMER - Consumer is the initiator of the transaction. - AGENT - Agent is the initiator of the transaction. - BUSINESS - Business is the initiator of the transaction. - DEVICE - Device is the initiator of the transaction. example: CONSUMER RefundReason: title: RefundReason type: string minLength: 1 maxLength: 128 description: Reason for the refund. example: Free text indicating reason for the refund. Refund: title: Refund type: object description: Data model for the complex type Refund. properties: originalTransactionId: $ref: '#/components/schemas/CorrelationId' refundReason: $ref: '#/components/schemas/RefundReason' required: - originalTransactionId BalanceOfPayments: title: BalanceOfPayments type: string pattern: ^[1-9]\d{2}$ description: (BopCode) The API data type [BopCode](https://www.imf.org/external/np/sta/bopcode/) is a JSON String of 3 characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. example: '123' TransactionType: title: TransactionType type: object description: Data model for the complex type TransactionType. properties: scenario: $ref: '#/components/schemas/TransactionScenario' subScenario: $ref: '#/components/schemas/TransactionSubScenario' initiator: $ref: '#/components/schemas/TransactionInitiator' initiatorType: $ref: '#/components/schemas/TransactionInitiatorType' refundInfo: $ref: '#/components/schemas/Refund' balanceOfPayments: $ref: '#/components/schemas/BalanceOfPayments' required: - scenario - initiator - initiatorType QuotesPostRequest: title: QuotesPostRequest type: object description: The object sent in the POST /quotes request. properties: quoteId: $ref: '#/components/schemas/CorrelationId' description: Common ID between the FSPs for the quote object, decided by the Payer FSP. The ID should be reused for resends of the same quote for a transaction. A new ID should be generated for each new quote for a transaction. example: b51ec534-ee48-4575-b6a9-ead2955b8069 transactionId: $ref: '#/components/schemas/CorrelationId' description: Common ID (decided by the Payer FSP) between the FSPs for the future transaction object. The actual transaction will be created as part of a successful transfer process. The ID should be reused for resends of the same quote for a transaction. A new ID should be generated for each new quote for a transaction. example: a8323bc6-c228-4df2-ae82-e5a997baf899 transactionRequestId: $ref: '#/components/schemas/CorrelationId' description: Identifies an optional previously-sent transaction request. example: a8323bc6-c228-4df2-ae82-e5a997baf890 payee: $ref: '#/components/schemas/Party' description: Information about the Payee in the proposed financial transaction. payer: $ref: '#/components/schemas/Party' description: Information about the Payer in the proposed financial transaction. amountType: $ref: '#/components/schemas/AmountType' description: SEND for send amount, RECEIVE for receive amount. example: SEND amount: $ref: '#/components/schemas/Money' description: Depending on amountType - If SEND - The amount the Payer would like to send, that is, the amount that should be withdrawn from the Payer account including any fees. The amount is updated by each participating entity in the transaction. If RECEIVE - The amount the Payee should receive, that is, the amount that should be sent to the receiver exclusive any fees. The amount is not updated by any of the participating entities. fees: $ref: '#/components/schemas/Money' description: The fees in the transaction. The fees element should be empty if fees should be non-disclosed. The fees element should be non-empty if fees should be disclosed. transactionType: $ref: '#/components/schemas/TransactionType' description: Type of transaction for which the quote is requested. geoCode: $ref: '#/components/schemas/GeoCode' description: Longitude and Latitude of the initiating Party. Can be used to detect fraud. note: $ref: '#/components/schemas/Note' description: A memo that will be attached to the transaction. example: Free-text memo. expiration: $ref: '#/components/schemas/DateTime' description: Expiration is optional. It can be set to get a quick failure in case the peer FSP takes too long to respond. Also, it may be beneficial for Consumer, Agent, and Merchant to know that their request has a time limit. example: '2016-05-24T08:38:08.699-04:00' extensionList: $ref: '#/components/schemas/ExtensionList' description: Optional extension, specific to deployment. required: - quoteId - transactionId - payee - payer - amountType - amount - transactionType ErrorInformationResponse: title: ErrorInformationResponse type: object description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses. properties: errorInformation: $ref: '#/components/schemas/ErrorInformation' Name: title: Name type: string pattern: ^(?!\s*$)[\w .,'-]{1,128}$ description: |- The API data type Name is a JSON String, restricted by a regular expression to avoid characters which are generally not used in a name. Regular Expression - The regular expression for restricting the Name type is "^(?!\s*$)[\w .,'-]{1,128}$". The restriction does not allow a string consisting of whitespace only, all Unicode characters are allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) and space characters ( ). **Note:** In some programming languages, Unicode support must be specifically enabled. For example, if Java is used, the flag UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters. AccountAddress: title: AccountAddress type: string description: |- The AccountAddress data type is a variable length string with a maximum size of 1023 characters and consists of: Alphanumeric characters, upper or lower case. (Addresses are case-sensitive so that they can contain data encoded in formats such as base64url.) - Underscore (_) - Tilde (~) - Hyphen (-) - Period (.) Addresses MUST NOT end in a period (.) character An entity providing accounts to parties (i.e. a participant) can provide any value for an AccountAddress that is meaningful to that entity. It does not need to provide an address that makes the account identifiable outside the entity's domain. IMPORTANT: The policy for defining addresses and the life-cycle of these is at the discretion of the address space owner (the payer DFSP in this case). https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3212-accountaddress pattern: ^([0-9A-Za-z_~\-\.]+[0-9A-Za-z_~\-])$ minLength: 1 maxLength: 1023 Account: title: Account type: object description: |- Data model for the complex type Account. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3211-account properties: accountNickname: $ref: '#/components/schemas/Name' address: $ref: '#/components/schemas/AccountAddress' currency: $ref: '#/components/schemas/Currency' required: - accountNickname - address - currency AccountList: title: AccountList type: array description: |- The AccountList data model is used to hold information about the accounts that a party controls. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3213-accountlist items: $ref: '#/components/schemas/Account' minItems: 1 maxItems: 256 AccountsIDPutResponse: title: AccountsIDPutResponse type: object description: |- Callback and data model information for GET /accounts/{ID}: Callback - PUT /accounts/{ID} Error Callback - PUT /accounts/{ID}/error Data Model - Empty body The PUT /accounts/{ID} response is used to inform the requester of the result of a request for accounts information. The identifier ID given in the call are the values given in the original request. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31121--put-accountsid properties: accounts: $ref: '#/components/schemas/AccountList' extensionList: $ref: '#/components/schemas/ExtensionList' required: - accounts ErrorInformationObject: title: ErrorInformationObject type: object description: Data model for the complex type object that contains ErrorInformation. properties: errorInformation: $ref: '#/components/schemas/ErrorInformation' required: - errorInformation ScopeAction: title: ScopeAction type: string description: | The ScopeAction element contains an access type which a PISP can request from a DFSP, or which a DFSP can grant to a PISP. It must be a member of the appropriate enumeration. - ACCOUNTS_GET_BALANCE: PISP can request a balance for the linked account - ACCOUNTS_TRANSFER: PISP can request a transfer of funds from the linked account in the DFSP - ACCOUNTS_STATEMENT: PISP can request a statement of individual transactions on a user's account enum: - ACCOUNTS_GET_BALANCE - ACCOUNTS_TRANSFER - ACCOUNTS_STATEMENT Scope: title: Scope type: object description: |- The Scope element contains an identifier defining, in the terms of a DFSP, an account on which access types can be requested or granted. It also defines the access types which are requested or granted. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#32121-scope properties: address: $ref: '#/components/schemas/AccountAddress' actions: type: array minItems: 1 maxItems: 32 items: $ref: '#/components/schemas/ScopeAction' required: - address - actions ConsentRequestChannelType: title: ConsentRequestChannelType type: string enum: - WEB - OTP description: | The auth channel being used for the consent request. - WEB - DFSP can support authorization via a web-based login. - OTP - DFSP can support authorization via a One Time PIN. Uri: title: Uri type: string pattern: ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))? minLength: 1 maxLength: 512 description: | The API data type Uri is a JSON string in a canonical format that is restricted by a regular expression for interoperability reasons. ConsentRequestsPostRequest: title: ConsentRequestsPostRequest type: object description: |- Used by: PISP The HTTP request POST /consentRequests is used to request a DFSP to grant access to one or more accounts owned by a customer of the DFSP for the PISP who sends the request. Callback and data model for POST /consentRequests: Callback: PUT /consentRequests/{ID} Error callback: PUT /consentRequests/{ID}/error Data model - see below url https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31212-post-consentrequests properties: consentRequestId: $ref: '#/components/schemas/CorrelationId' userId: type: string description: The identifier used in the **GET /accounts/**_{ID}_. Used by the DFSP to correlate an account lookup to a `consentRequest` minLength: 1 maxLength: 128 scopes: type: array minLength: 1 maxLength: 256 items: $ref: '#/components/schemas/Scope' authChannels: type: array minLength: 1 maxLength: 256 items: $ref: '#/components/schemas/ConsentRequestChannelType' callbackUri: $ref: '#/components/schemas/Uri' extensionList: $ref: '#/components/schemas/ExtensionList' required: - consentRequestId - userId - scopes - authChannels - callbackUri ConsentRequestChannelTypeWeb: title: ConsentRequestChannelTypeWeb type: string enum: - WEB description: | The web auth channel being used for `PUT /consentRequest/{ID}` request. ConsentRequestsIDPutResponseWeb: title: ConsentRequestsIDPutResponseWeb type: object description: | The object sent in a `PUT /consentRequests/{ID}` request. Schema used in the request consent phase of the account linking web flow, the result is the PISP being instructed on a specific URL where this supposed user should be redirected. This URL should be a place where the user can prove their identity (e.g., by logging in). properties: scopes: type: array minLength: 1 maxLength: 256 items: $ref: '#/components/schemas/Scope' authChannels: type: array minLength: 1 maxLength: 1 items: $ref: '#/components/schemas/ConsentRequestChannelTypeWeb' callbackUri: $ref: '#/components/schemas/Uri' authUri: $ref: '#/components/schemas/Uri' extensionList: $ref: '#/components/schemas/ExtensionList' required: - scopes - authChannels - callbackUri - authUri additionalProperties: false ConsentRequestChannelTypeOTP: title: ConsentRequestChannelTypeOTP type: string enum: - OTP description: | The OTP auth channel being used for `PUT /consentRequests/{ID}` request. ConsentRequestsIDPutResponseOTP: title: ConsentRequestsIDPutResponseOTP type: object description: | The object sent in a `PUT /consentRequests/{ID}` request. Schema used in the request consent phase of the account linking OTP/SMS flow. properties: scopes: type: array minLength: 1 maxLength: 256 items: $ref: '#/components/schemas/Scope' authChannels: type: array minLength: 1 maxLength: 1 items: $ref: '#/components/schemas/ConsentRequestChannelTypeOTP' callbackUri: $ref: '#/components/schemas/Uri' extensionList: $ref: '#/components/schemas/ExtensionList' required: - scopes - authChannels additionalProperties: false BinaryString: type: string pattern: ^[A-Za-z0-9-_]+[=]{0,2}$ description: The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters. ConsentRequestsIDPatchRequest: title: ConsentRequestsIDPatchRequest type: object description: |- Used by: PISP After the user completes an out-of-band authorization with the DFSP, the PISP will receive a token which they can use to prove to the DFSP that the user trusts this PISP. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31222-patch-consentrequestsid properties: authToken: $ref: '#/components/schemas/BinaryString' extensionList: $ref: '#/components/schemas/ExtensionList' required: - authToken CredentialType: title: CredentialType type: string enum: - FIDO - GENERIC description: |- The type of the Credential. - "FIDO" - The credential is based on a FIDO challenge. Its payload is a FIDOPublicKeyCredentialAttestation object. - "GENERIC" - The credential is based on a simple public key validation. Its payload is a GenericCredential object. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#3226-credentialtype CredentialStatusPending: title: CredentialStatusPending type: string enum: - PENDING description: | The status of the Credential. - "PENDING" - The credential has been created, but has not been verified GenericCredential: title: GenericCredential type: object description: | A publicKey + signature of a challenge for a generic public/private keypair. properties: publicKey: $ref: '#/components/schemas/BinaryString' signature: $ref: '#/components/schemas/BinaryString' required: - publicKey - signature additionalProperties: false FIDOPublicKeyCredentialAttestation: title: FIDOPublicKeyCredentialAttestation type: object description: | A data model representing a FIDO Attestation result. Derived from [`PublicKeyCredential` Interface](https://w3c.github.io/webauthn/#iface-pkcredential). The `PublicKeyCredential` interface represents the below fields with a Type of Javascript [ArrayBuffer](https://heycam.github.io/webidl/#idl-ArrayBuffer). For this API, we represent ArrayBuffers as base64 encoded utf-8 strings. properties: id: type: string description: | credential id: identifier of pair of keys, base64 encoded https://w3c.github.io/webauthn/#ref-for-dom-credential-id minLength: 20 maxLength: 118 rawId: type: string description: | raw credential id: identifier of pair of keys, base64 encoded minLength: 20 maxLength: 118 response: type: object description: | AuthenticatorAttestationResponse properties: clientDataJSON: type: string description: | JSON string with client data minLength: 121 maxLength: 512 attestationObject: type: string description: | CBOR.encoded attestation object minLength: 306 maxLength: 2048 required: - clientDataJSON - attestationObject additionalProperties: false type: type: string description: response type, we need only the type of public-key enum: - public-key required: - id - response - type additionalProperties: false SignedCredential: title: SignedCredential type: object description: | A credential used to allow a user to prove their identity and access to an account with a DFSP. SignedCredential is a special formatting of the credential to allow us to be more explicit about the `status` field - it should only ever be PENDING when updating a credential. properties: credentialType: $ref: '#/components/schemas/CredentialType' status: $ref: '#/components/schemas/CredentialStatusPending' genericPayload: $ref: '#/components/schemas/GenericCredential' fidoPayload: $ref: '#/components/schemas/FIDOPublicKeyCredentialAttestation' required: - credentialType - status additionalProperties: false ConsentStatus: title: ConsentStatus type: string enum: - ISSUED - REVOKED description: |- Allowed values for the enumeration ConsentStatus - ISSUED - The consent has been issued by the DFSP - REVOKED - The consent has been revoked ConsentsPostRequestAUTH: title: ConsentPostRequestAUTH type: object description: | The object sent in a `POST /consents` request to the Auth-Service by a DFSP to store registered Consent and credential properties: consentId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | Common ID between the PISP and FSP for the Consent object determined by the DFSP who creates the Consent. consentRequestId: $ref: '#/components/schemas/CorrelationId' scopes: minLength: 1 maxLength: 256 type: array items: $ref: '#/components/schemas/Scope' credential: allOf: - $ref: '#/components/schemas/SignedCredential' status: $ref: '#/components/schemas/ConsentStatus' extensionList: $ref: '#/components/schemas/ExtensionList' required: - consentId - scopes - credential - status additionalProperties: false ConsentsPostRequestPISP: title: ConsentPostRequestPISP type: object description: | The provisional Consent object sent by the DFSP in `POST /consents`. properties: consentId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | Common ID between the PISP and the Payer DFSP for the consent object. The ID should be reused for re-sends of the same consent. A new ID should be generated for each new consent. consentRequestId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | The ID given to the original consent request on which this consent is based. scopes: type: array minLength: 1 maxLength: 256 items: $ref: '#/components/schemas/Scope' status: $ref: '#/components/schemas/ConsentStatus' extensionList: $ref: '#/components/schemas/ExtensionList' required: - consentId - consentRequestId - scopes - status ConsentsIDPutResponseSigned: title: ConsentsIDPutResponseSigned type: object description: | The HTTP request `PUT /consents/{ID}` is used by the PISP to update a Consent with a signed challenge and register a credential. Called by a `PISP` to after signing a challenge. Sent to a DFSP for verification. properties: status: $ref: '#/components/schemas/ConsentStatusIssued' scopes: type: array items: $ref: '#/components/schemas/Scope' credential: $ref: '#/components/schemas/SignedCredential' extensionList: $ref: '#/components/schemas/ExtensionList' required: - scopes - credential additionalProperties: false CredentialStatusVerified: title: CredentialStatusVerified type: string enum: - VERIFIED description: | The status of the Credential. - "VERIFIED" - The Credential is valid and verified. VerifiedCredential: title: VerifiedCredential type: object description: | A credential used to allow a user to prove their identity and access to an account with a DFSP. VerifiedCredential is a special formatting of Credential to allow us to be more explicit about the `status` field - it should only ever be VERIFIED when updating a credential. properties: credentialType: $ref: '#/components/schemas/CredentialType' status: $ref: '#/components/schemas/CredentialStatusVerified' genericPayload: $ref: '#/components/schemas/GenericCredential' fidoPayload: $ref: '#/components/schemas/FIDOPublicKeyCredentialAttestation' required: - credentialType - status additionalProperties: false ConsentsIDPutResponseVerified: title: ConsentsIDPutResponseVerified type: object description: | The HTTP request `PUT /consents/{ID}` is used by the DFSP or Auth-Service to update a Consent object once it has been Verified. Called by a `auth-service` to notify a DFSP that a credential has been verified and registered. properties: status: $ref: '#/components/schemas/ConsentStatusIssued' scopes: type: array items: $ref: '#/components/schemas/Scope' credential: $ref: '#/components/schemas/VerifiedCredential' extensionList: $ref: '#/components/schemas/ExtensionList' required: - scopes - credential additionalProperties: false ConsentsIDPatchResponseVerified: title: ConsentsIDPatchResponseVerified description: | PATCH /consents/{ID} request object. Sent by the DFSP to the PISP when a consent is issued and verified. Used in the "Register Credential" part of the Account linking flow. type: object properties: credential: type: object properties: status: $ref: '#/components/schemas/CredentialStatusVerified' required: - status extensionList: $ref: '#/components/schemas/ExtensionList' required: - credential ConsentStatusRevoked: title: ConsentStatusRevoked type: string enum: - REVOKED description: |- Allowed values for the enumeration ConsentStatus - REVOKED - The consent has been revoked ConsentsIDPatchResponseRevoked: title: ConsentsIDPatchResponseRevoked description: | PATCH /consents/{ID} request object. Sent to both the PISP and DFSP when a consent is revoked. Used in the "Unlinking" part of the Account Unlinking flow. type: object properties: status: $ref: '#/components/schemas/ConsentStatusRevoked' revokedAt: $ref: '#/components/schemas/DateTime' extensionList: $ref: '#/components/schemas/ExtensionList' required: - status - revokedAt ParticipantsTypeIDPutResponse: title: ParticipantsTypeIDPutResponse type: object description: The object sent in the PUT /participants/{Type}/{ID}/{SubId} and /participants/{Type}/{ID} callbacks. properties: fspId: $ref: '#/components/schemas/FspId' ParticipantsTypeIDSubIDPostRequest: title: ParticipantsTypeIDSubIDPostRequest type: object description: The object sent in the POST /participants/{Type}/{ID}/{SubId} and /participants/{Type}/{ID} requests. An additional optional ExtensionList element has been added as part of v1.1 changes. properties: fspId: $ref: '#/components/schemas/FspId' currency: $ref: '#/components/schemas/Currency' extensionList: $ref: '#/components/schemas/ExtensionList' required: - fspId ServicesServiceTypePutResponse: title: ServicesServiceTypePutResponse type: object description: |- Used by: Switch The callback PUT /services/{ServiceType} is used to inform the client of a successful result of the service information lookup. Callback and data model information for GET /services/{ServiceType}: Callback - PUT /services/{ServiceType} Error Callback - PUT /services/{ServiceType}/error Data Model - Empty body https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31531-put-servicesservicetype properties: providers: type: array minLength: 0 maxLength: 256 items: $ref: '#/components/schemas/FspId' extensionList: $ref: '#/components/schemas/ExtensionList' required: - providers ThirdpartyRequestsTransactionsPostRequest: title: ThirdpartyRequestsTransactionsPostRequest type: object description: |- Used by: PISP The HTTP request POST /thirdpartyRequests/transactions is used to request the creation of a transaction request on the server for the transfer described in the request. Callback and data model information for POST /thirdpartyRequests/transactions: Callback - PUT /thirdpartyRequests/transactions/{ID} Error Callback - PUT /thirdpartyRequests/transactions/{ID}/error Data Model - See link below https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31712-post-thirdpartyrequeststransactions properties: transactionRequestId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | Common ID between the PISP and the Payer DFSP for the transaction request object. The ID should be reused for resends of the same transaction request. A new ID should be generated for each new transaction request. payee: allOf: - $ref: '#/components/schemas/Party' description: Information about the Payee in the proposed financial transaction. payer: allOf: - $ref: '#/components/schemas/PartyIdInfo' description: Information about the Payer in the proposed financial transaction. amountType: allOf: - $ref: '#/components/schemas/AmountType' description: SEND for sendAmount, RECEIVE for receiveAmount. amount: allOf: - $ref: '#/components/schemas/Money' description: Requested amount to be transferred from the Payer to Payee. transactionType: allOf: - $ref: '#/components/schemas/TransactionType' description: Type of transaction. note: type: string minLength: 1 maxLength: 256 description: A memo that will be attached to the transaction. expiration: type: string description: | Date and time until when the transaction request is valid. It can be set to get a quick failure in case the peer FSP takes too long to respond. example: '2016-05-24T08:38:08.699-04:00' extensionList: $ref: '#/components/schemas/ExtensionList' required: - transactionRequestId - payee - payer - amountType - amount - transactionType - expiration ThirdpartyRequestsTransactionsIDPutResponse: title: ThirdpartyRequestsTransactionsIDPutResponse type: object description: |- Used by: DFSP After a PISP requests the creation of a Third Party Transaction request (POST /thirdpartyRequests/transactions) or the status of a previously created Third Party Transaction request (GET /thirdpartyRequests/transactions/{ID}), the DFSP will send this callback. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31721-put-thirdpartyrequeststransactionsid properties: transactionId: $ref: '#/components/schemas/CorrelationId' transactionRequestState: $ref: '#/components/schemas/TransactionRequestState' extensionList: $ref: '#/components/schemas/ExtensionList' required: - transactionRequestState ThirdpartyRequestsAuthorizationsPostRequest: title: ThirdpartyRequestsAuthorizationsPostRequest description: |- Used by: DFSP The HTTP request POST /thirdpartyRequests/authorizations is used to request the validation by a customer for the transfer described in the request. Callback and data model information for POST /thirdpartyRequests/authorizations: Callback - PUT /thirdpartyRequests/authorizations/{ID} Error Callback - PUT /thirdpartyRequests/authorizations/{ID}/error Data Model - See below url https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31612-post-thirdpartyrequestsauthorizations type: object properties: authorizationRequestId: $ref: '#/components/schemas/CorrelationId' transactionRequestId: $ref: '#/components/schemas/CorrelationId' challenge: type: string description: The challenge that the PISP's client is to sign transferAmount: allOf: - $ref: '#/components/schemas/Money' description: The amount that will be debited from the sending customer's account as a consequence of the transaction. payeeReceiveAmount: allOf: - $ref: '#/components/schemas/Money' description: The amount that will be credited to the receiving customer's account as a consequence of the transaction. fees: allOf: - $ref: '#/components/schemas/Money' description: The amount of fees that the paying customer will be charged as part of the transaction. payer: allOf: - $ref: '#/components/schemas/PartyIdInfo' description: Information about the Payer type, id, sub-type/id, FSP Id in the proposed financial transaction. payee: allOf: - $ref: '#/components/schemas/Party' description: Information about the Payee in the proposed financial transaction. transactionType: $ref: '#/components/schemas/TransactionType' expiration: allOf: - $ref: '#/components/schemas/DateTime' description: The time by which the transfer must be completed, set by the payee DFSP. extensionList: $ref: '#/components/schemas/ExtensionList' required: - authorizationRequestId - transactionRequestId - challenge - transferAmount - payeeReceiveAmount - fees - payer - payee - transactionType - expiration additionalProperties: false AuthorizationResponseTypeRejected: title: AuthorizationResponseTypeRejected description: | The customer rejected the terms of the transfer. type: string enum: - REJECTED ThirdpartyRequestsAuthorizationsIDPutResponseRejected: title: ThirdpartyRequestsAuthorizationsIDPutResponseRejected type: object description: The object sent in the PUT /thirdpartyRequests/authorizations/{ID} callback. properties: responseType: $ref: '#/components/schemas/AuthorizationResponseTypeRejected' extensionList: $ref: '#/components/schemas/ExtensionList' required: - responseType AuthorizationResponseTypeAccepted: title: AuthorizationResponseType description: | The customer accepted the terms of the transfer type: string enum: - ACCEPTED SignedPayloadTypeFIDO: title: SignedPayloadTypeFIDO type: string enum: - FIDO description: Describes a challenge that has been signed with FIDO Attestation flows FIDOPublicKeyCredentialAssertion: title: FIDOPublicKeyCredentialAssertion type: object description: | A data model representing a FIDO Assertion result. Derived from PublicKeyCredential Interface in WebAuthN. The PublicKeyCredential interface represents the below fields with a Type of Javascript ArrayBuffer. For this API, we represent ArrayBuffers as base64 encoded utf-8 strings. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#32128-fidopublickeycredentialassertion properties: id: type: string description: | credential id: identifier of pair of keys, base64 encoded https://w3c.github.io/webauthn/#ref-for-dom-credential-id minLength: 20 maxLength: 118 rawId: type: string description: | raw credential id: identifier of pair of keys, base64 encoded. minLength: 20 maxLength: 118 response: type: object description: | AuthenticatorAssertionResponse properties: authenticatorData: type: string description: | Authenticator data object. minLength: 49 maxLength: 256 clientDataJSON: type: string description: | JSON string with client data. minLength: 121 maxLength: 512 signature: type: string description: | The signature generated by the private key associated with this credential. minLength: 59 maxLength: 256 userHandle: type: string description: | This field is optionally provided by the authenticator, and represents the user.id that was supplied during registration. minLength: 1 maxLength: 88 required: - authenticatorData - clientDataJSON - signature additionalProperties: false type: type: string description: response type, we need only the type of public-key enum: - public-key required: - id - rawId - response - type additionalProperties: false SignedPayloadFIDO: title: SignedPayloadFIDO type: object properties: signedPayloadType: $ref: '#/components/schemas/SignedPayloadTypeFIDO' fidoSignedPayload: $ref: '#/components/schemas/FIDOPublicKeyCredentialAssertion' required: - signedPayloadType - fidoSignedPayload additionalProperties: false ThirdpartyRequestsAuthorizationsIDPutResponseFIDO: title: ThirdpartyRequestsAuthorizationsIDPutResponseFIDO type: object description: The object sent in the PUT /thirdpartyRequests/authorizations/{ID} callback. properties: responseType: $ref: '#/components/schemas/AuthorizationResponseTypeAccepted' signedPayload: $ref: '#/components/schemas/SignedPayloadFIDO' extensionList: $ref: '#/components/schemas/ExtensionList' required: - responseType - signedPayload additionalProperties: false SignedPayloadTypeGeneric: title: SignedPayloadTypeGeneric type: string enum: - GENERIC description: Describes a challenge that has been signed with a private key SignedPayloadGeneric: title: SignedPayloadGeneric type: object properties: signedPayloadType: $ref: '#/components/schemas/SignedPayloadTypeGeneric' genericSignedPayload: $ref: '#/components/schemas/BinaryString' required: - signedPayloadType - genericSignedPayload additionalProperties: false ThirdpartyRequestsAuthorizationsIDPutResponseGeneric: title: ThirdpartyRequestsAuthorizationsIDPutResponseGeneric type: object description: The object sent in the PUT /thirdpartyRequests/authorizations/{ID} callback. properties: responseType: $ref: '#/components/schemas/AuthorizationResponseTypeAccepted' signedPayload: $ref: '#/components/schemas/SignedPayloadGeneric' extensionList: $ref: '#/components/schemas/ExtensionList' required: - responseType - signedPayload additionalProperties: false ThirdpartyRequestsVerificationsPostRequestFIDO: title: ThirdpartyRequestsVerificationsPostRequestFIDO type: object description: The object sent in the POST /thirdpartyRequests/verifications request. properties: verificationRequestId: allOf: - $ref: '#/components/schemas/CorrelationId' challenge: type: string description: Base64 encoded bytes - The challenge generated by the DFSP. consentId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | The id of the stored consent object that contains the credential with which to verify the signed challenge against. signedPayloadType: $ref: '#/components/schemas/SignedPayloadTypeFIDO' fidoSignedPayload: $ref: '#/components/schemas/FIDOPublicKeyCredentialAssertion' extensionList: $ref: '#/components/schemas/ExtensionList' required: - verificationRequestId - challenge - consentId - signedPayloadType - fidoSignedPayload ThirdpartyRequestsVerificationsPostRequestGeneric: title: ThirdpartyRequestsVerificationsPostRequestGeneric type: object description: The object sent in the POST /thirdpartyRequests/verifications request. properties: verificationRequestId: allOf: - $ref: '#/components/schemas/CorrelationId' challenge: type: string description: Base64 encoded bytes - The challenge generated by the DFSP. consentId: allOf: - $ref: '#/components/schemas/CorrelationId' description: | The id of the stored consent object that contains the credential with which to verify the signed challenge against. signedPayloadType: $ref: '#/components/schemas/SignedPayloadTypeGeneric' genericSignedPayload: $ref: '#/components/schemas/BinaryString' extensionList: $ref: '#/components/schemas/ExtensionList' required: - verificationRequestId - challenge - consentId - signedPayloadType - genericSignedPayload AuthenticationResponse: title: AuthenticationResponse type: string enum: - VERIFIED description: |- The AuthenticationResponse enumeration describes the result of authenticating verification request. Below are the allowed values for the enumeration AuthenticationResponse. - VERIFIED - The challenge was correctly signed. ThirdpartyRequestsVerificationsIDPutResponse: title: ThirdpartyRequestsVerificationsIDPutResponse type: object description: |- Used by: Auth Service The callback PUT /thirdpartyRequests/verifications/{ID} is used to inform the client of the result of an authorization check. The {ID} in the URI should contain the authorizationRequestId which was used to request the check, or the {ID} that was used in the GET /thirdpartyRequests/verifications/{ID}. https://github.com/mojaloop/documentation/blob/main/website/versioned_docs/v1.0.1/api/thirdparty/data-models.md#31821-put-thirdpartyrequestsverificationsid properties: authenticationResponse: $ref: '#/components/schemas/AuthenticationResponse' extensionList: $ref: '#/components/schemas/ExtensionList' required: - authenticationResponse parameters: ID: name: ID in: path required: true schema: type: string description: The identifier value. Content-Type: name: Content-Type in: header schema: type: string required: true description: The `Content-Type` header indicates the specific version of the API used to send the payload body. Date: name: Date in: header schema: type: string required: true description: The `Date` header field indicates the date when the request was sent. X-Forwarded-For: name: X-Forwarded-For in: header schema: type: string required: false description: |- The `X-Forwarded-For` header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple `X-Forwarded-For` values should be expected and supported by implementers of the API. **Note:** An alternative to `X-Forwarded-For` is defined in [RFC 7239](https://tools.ietf.org/html/rfc7239). However, to this point RFC 7239 is less-used and supported than `X-Forwarded-For`. FSPIOP-Source: name: FSPIOP-Source in: header schema: type: string required: true description: The `FSPIOP-Source` header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field `FSPIOP-Signature`). FSPIOP-Destination: name: FSPIOP-Destination in: header schema: type: string required: false description: The `FSPIOP-Destination` header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field must be set by the original sender of the request if the destination is known (valid for all services except GET /parties) so that any entities between the client and the server do not need to parse the payload for routing purposes. If the destination is not known (valid for service GET /parties), the field should be left empty. FSPIOP-Encryption: name: FSPIOP-Encryption in: header schema: type: string required: false description: The `FSPIOP-Encryption` header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request. FSPIOP-Signature: name: FSPIOP-Signature in: header schema: type: string required: false description: The `FSPIOP-Signature` header field is a non-HTTP standard field used by the API for applying an end-to-end request signature. FSPIOP-URI: name: FSPIOP-URI in: header schema: type: string required: false description: The `FSPIOP-URI` header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set). FSPIOP-HTTP-Method: name: FSPIOP-HTTP-Method in: header schema: type: string required: false description: The `FSPIOP-HTTP-Method` header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information, see [the API Signature document](https://github.com/mojaloop/docs/tree/main/Specification%20Document%20Set). Accept: name: Accept in: header required: true schema: type: string description: The `Accept` header field indicates the version of the API the client would like the server to use. Content-Length: name: Content-Length in: header required: false schema: type: integer description: |- The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body. **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes). Type: name: Type in: path required: true schema: type: string description: The type of the party identifier. For example, `MSISDN`, `PERSONAL_ID`. ServiceType: name: ServiceType in: path required: true schema: type: string description: The type of the service identifier. For example, `THIRD_PARTY_DFSP` responses: '200': description: OK '202': description: Accepted '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '405': description: Method Not Allowed content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '406': description: Not Acceptable content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '501': description: Not Implemented content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' '503': description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/ErrorInformationResponse' headers: Content-Length: $ref: '#/components/headers/Content-Length' Content-Type: $ref: '#/components/headers/Content-Type' headers: Content-Length: required: false schema: type: integer description: |- The `Content-Length` header field indicates the anticipated size of the payload body. Only sent if there is a body. **Note:** The API supports a maximum size of 5242880 bytes (5 Megabytes). Content-Type: schema: type: string required: true description: The `Content-Type` header indicates the specific version of the API used to send the payload body.