--- swagger: "2.0" info: version: 1.0.5 title: BT - BG PSD2 PIISP API description: "The **NextGenPSD2** *Framework Version 1.2* offers a modern, open, harmonised and interoperable set of \nApplication Programming Interfaces (APIs) as the safest and most efficient way to provide data securely. \nThe NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards \nin Europe and, aligned with the goals of the Euro Retail Payments Board,\nenables European banking customers to benefit from innovative products and services ('Banking as a Service') \nby granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.\n\n Futhermore this API definition contains only a subset of the methods, the ones which are mandatory or which are applicable in the BT ecosystem.\n \n## Some General Remarks Related to this version of the OpenAPI Specification:\n* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.** \n It is not an replacement in any sense.\n The main specification is (at the moment) allways the Implementation Guidelines of the Berlin Group PSD2 API.\n* **This API definition contains the REST-API for requests from the PIISP to the ASPSP.**\n* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**\n*\n\nChangelog:\n\nVersion 1.0.3\n- Added POST Consent, GET Consent Details, GET Consent Status, DELETE Consent APIs\n- tppMessages error parameter is array instead of object\n- various minor corrections and additions" x-ibm-name: bt-bg-psd2-piisp-api host: datapower basePath: /bt-psd2-piisp schemes: - https consumes: - application/json produces: - application/json paths: /v2/funds-confirmations: post: description: Creates a confirmation of funds request at the ASPSP. Checks whether a specific amount is available at point of time of the request on an account linked to a given tuple card issuer(TPP)/card number, or addressed by IBAN and TPP respectively summary: Confirmation of Funds Request tags: - Confirmation of Funds Service operationId: V1FundsConfirmationsPost produces: - application/json parameters: - name: X-Request-ID in: header required: true type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. - name: body in: body required: true description: Request body for a confirmation of funds request. schema: $ref: '#/definitions/ConfirmationOfFunds' - name: Consent-ID type: string required: true in: header description: This contains the consentId of the related PIISP consent, which was performed prior to this call. - name: Authorization type: string required: true in: header description: This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2 Token endpoint. responses: 200: description: OK schema: $ref: '#/definitions/V1FundsConfirmationsResponse' 400: description: Bad Request 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 405: description: Method Not Allowed 406: description: Not Acceptable 408: description: Request Timeout 415: description: Unsupported Media Type 429: description: Too Many Requests 503: description: Service Unavailable default: description: Internal Server Error security: [] x-unitTests: [] x-operation-settings: CollectParameters: false AllowDynamicQueryParameters: false AllowDynamicFormParameters: false IsMultiContentStreaming: false /v2/consents/confirmation-of-funds/{consentId}: get: description: "Returns the content of an account information consent object. \nThis is returning the data for the TPP especially in cases, \nwhere the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.\n" summary: Get Consent Request tags: - Account Information Service (AIS) operationId: V1ConsentsByConsentIdGet produces: - application/json parameters: - name: consentId in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request. - name: X-Request-ID in: header required: true type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-IP-Address in: header required: false type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. - name: PSU-Geo-Location in: header required: false type: string pattern: (GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6} description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. - name: Authorization type: string required: true in: header description: This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2 Token endpoint. responses: 200: description: OK schema: $ref: '#/definitions/Consentinformationresponse-200Json' 400: description: Bad Request 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 405: description: Method Not Allowed 406: description: Not Acceptable 408: description: Request Timeout 415: description: Unsupported Media Type 429: description: Too Many Requests 503: description: Service Unavailable default: description: Internal Server Error security: [] x-unitTests: [] x-operation-settings: CollectParameters: false AllowDynamicQueryParameters: false AllowDynamicFormParameters: false IsMultiContentStreaming: false delete: description: The TPP can delete an account information consent object if needed. summary: Delete Consent tags: - Account Information Service (AIS) operationId: V1ConsentsByConsentIdDelete produces: - application/json parameters: - name: consentId in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request. - name: X-Request-ID in: header required: true type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-IP-Address in: header required: false type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. - name: PSU-Geo-Location in: header required: false type: string pattern: (GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6} description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. - name: Authorization type: string required: true in: header description: This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2 Token endpoint. responses: 204: description: No Content 400: description: Bad Request 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 405: description: Method Not Allowed 406: description: Not Acceptable 408: description: Request Timeout 415: description: Unsupported Media Type 429: description: Too Many Requests 503: description: Service Unavailable default: description: Internal Server Error security: [] x-unitTests: [] x-operation-settings: CollectParameters: false AllowDynamicQueryParameters: false AllowDynamicFormParameters: false IsMultiContentStreaming: false /v2/consents/confirmation-of-funds: post: description: "This method create a consent resource, defining access rights to dedicated accounts of \na given PSU-ID. These accounts are addressed explicitly in the method as \nparameters as a core function.\n\n**Side Effects**\nWhen this Consent Request is a request where the \"recurringIndicator\" equals \"true\", \nand if it exists already a former consent for recurring access on account information \nfor the addressed PSU, then the former consent automatically expires as soon as the new \nconsent request is authorised by the PSU.\n\nOptional Extension:\nAs an option, an ASPSP might optionally accept a specific access right on the access on all psd2 related services for all available accounts. \n\nAs another option an ASPSP might optionally also accept a command, where only access rights are inserted without mentioning the addressed account. \nThe relation to accounts is then handled afterwards between PSU and ASPSP. \nThis option is supported only within the Decoupled, OAuth2 or Re-direct SCA Approach. \nAs a last option, an ASPSP might in addition accept a command with access rights\n * to see the list of available payment accounts or\n \ * to see the list of available payment accounts with balances.\n" summary: Create consent tags: - Account Information Service (AIS) operationId: V1ConsentsPost produces: - application/json parameters: - name: X-Request-ID in: header required: true type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-IP-Address in: header required: true type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. - name: PSU-Geo-Location in: header required: false type: string pattern: (GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6} description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. - name: body in: body required: false description: Requestbody for a consents request schema: $ref: '#/definitions/Consents' example: access: availableAccounts: allAccounts recurringIndicator: true validUntil: "2019-04-22" combinedServiceIndicator: false frequencyPerDay: 4 responses: 201: description: Created schema: $ref: '#/definitions/Consentsresponse201' example: consentStatus: received consentId: 15535944504672sfbf51fa _links: scaOAuth: href: https://apistorebt.ro/bt/sb/oauth/.well-known/oauth-authorization-server self: href: https://apistorebt.ro/bt/sb/bt-psd2-aisp/v3/consents/15535944504672sfbf51fa status: href: https://apistorebt.ro/bt/sb/bt-psd2-aisp/v3/consents/15535944504672sfbf51fa/status 400: description: Bad Request 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 405: description: Method Not Allowed 406: description: Not Acceptable 408: description: Request Timeout 415: description: Unsupported Media Type 429: description: Too Many Requests 503: description: Service Unavailable default: description: Internal Server Error security: [] x-unitTests: [] x-operation-settings: CollectParameters: false AllowDynamicQueryParameters: false AllowDynamicFormParameters: false IsMultiContentStreaming: false /v2/consents/confirmation-of-funds/{consentId}/status: get: description: Read the status of an account information consent resource. summary: Consent status request tags: - Account Information Service (AIS) operationId: V1ConsentsStatusByConsentIdGet produces: - application/json parameters: - name: consentId in: path required: true type: string description: ID of the corresponding consent object as returned by an Account Information Consent Request. - name: X-Request-ID in: header required: true type: string format: uuid description: ID of the request, unique to the call, as determined by the initiating party. - name: PSU-IP-Address in: header required: false type: string description: The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. - name: PSU-Geo-Location in: header required: false type: string pattern: (GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6} description: The forwarded Geo Location of the corresponding http request between PSU and TPP if available. - name: Authorization type: string required: true in: header description: This header should be in the form "Bearer Token", where Token is returned from the call to OAuth2 Token endpoint. responses: 200: description: OK schema: $ref: '#/definitions/Consentstatusresponse200' 400: description: Bad Request 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 405: description: Method Not Allowed 406: description: Not Acceptable 408: description: Request Timeout 415: description: Unsupported Media Type 429: description: Too Many Requests 503: description: Service Unavailable default: description: Internal Server Error security: [] x-unitTests: [] x-operation-settings: CollectParameters: false AllowDynamicQueryParameters: false AllowDynamicFormParameters: false IsMultiContentStreaming: false definitions: Amount: title: amount example: currency: EUR amount: "123" type: object properties: currency: description: ISO 4217 Alpha 3 currency code example: EUR type: string pattern: '[A-Z]{3}' amount: description: |- The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot. **Example:** Valid representations for EUR with up to two decimals are: * 1056 * 5768.2 * -1.50 * 5877.78 example: "5877.78" type: string pattern: -?[0-9]{1,14}(\.[0-9]{1,3})? required: - currency - amount ConfirmationOfFunds: title: confirmationOfFunds description: "JSON Request body for the \"Confirmation of Funds Service\"\n\n
cardNumber | \nString | \nOptional | \nCard Number of the card issued by the PIISP. Should be delivered if available. | \n
account | \nAccount Reference | \nMandatory | \n \PSU's account number. | \n
payee | \nMax70Text | \n \Optional | \nThe merchant where the card is accepted as an information to the PSU. | \n
instructedAmount | \nAmount | \n \Mandatory | \nTransaction amount to be checked within the funds check mechanism. | \n