openapi: 3.0.1 info: title: NextGenPSD2XS2AFramework version: "1.3.6 Jan 31th 2020 - HR Country Specific" description: | # Summary The **NextGenPSD2** *Framework Version 1.3.6* offers a modern, open, harmonised and interoperable set of Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely. The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards in Europe and, aligned with the goals of the Euro Retail Payments Board, enables European banking customers to benefit from innovative products and services ('Banking as a Service') by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data. This is the Croatian edition of the standard with the changes described in the normative country specific documentation. The possible Approaches are: * Redirect SCA Approach * OAuth SCA Approach * Decoupled SCA Approach * Embedded SCA Approach without SCA method * Embedded SCA Approach with only one SCA method available * Embedded SCA Approach with Selection of a SCA method Not every message defined in this API definition is necessary for all approaches. Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional. Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support a certain subset of the methods defined in this API definition. **Please have a look at the implementation guidelines if you are not sure which message has to be used for the approach you are going to use.** ## Some General Remarks Related to this version of the OpenAPI Specification: * **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.** It is not a replacement in any sense. The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API. * **This API definition contains the REST-API for requests from the PISP to the ASPSP.** * **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.** * According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md] "If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored." The element "Accept" will not be defined in this file at any place. The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security". * There are several predefined types which might occur in payment initiation messages, but are not used in the standard JSON messages in the Implementation Guidelines. Therefore they are not used in the corresponding messages in this file either. We added them for the convenience of the user. If there is a payment product, which needs these fields, one can easily use the predefined types. But the ASPSP need not to accept them in general. * **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional) except they are mentioned in the Implementation Guidelines.** Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file. ## General Remarks on Data Types The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 / - ? : ( ) . , ' + Space license: name: Creative Commons Attribution 4.0 International Public License url: https://creativecommons.org/licenses/by/4.0/ #termsOfService: URL for Terms of Service of the API contact: name: The Berlin Group - A European Standards Initiative url: https://www.berlin-group.org/ email: info@berlin-group.org externalDocs: description: | Full Documentation of NextGenPSD2 Access to Account Interoperability Framework (General Introduction Paper, Operational Rules, Implementation Guidelines) url: https://www.berlin-group.org/nextgenpsd2-downloads servers: - url: https://api.testbank.com/psd2 description: PSD2 server - url: https://test-api.testbank.com/psd2 description: Optional PSD2 test server paths: ##################################################### # Payment Information Service ##################################################### /v1/{payment-service}/{payment-product}: post: summary: Payment initiation request description: | This method is used to initiate a payment at the ASPSP. ## Variants of payment initiation requests This method to initiate a payment initiation at the ASPSP can be sent with either a JSON body or an pain.001 body depending on the payment product in the path. There are the following **payment products**: - Payment products with payment information in *JSON* format: - ***sepa-credit-transfers*** (Mandatory Support of ASPSP) - ***cross-border-credit-transfers*** (Mandatory Support of ASPSP) - ***domestic-credit-transfers-hr*** (Mandatory Support of ASPSP) - ***hr-rtgs-payments*** (Optional Support of ASPSP) - Payment products with payment information in *pain.001* XML format: - ***pain.001-credit-transfers*** It is important to note that the support for *pain.001* XML format is only supported for the bulk payments using the Croatian specific pain.001-credit-transfers! Furthermore the request body depends on the **payment-service** * ***payments***: A single payment initiation request. In case of single payments, only the *JSON* format is mandatory. The *pain.001* message implementations are ASPSP specific, see individual standard descriptions for your ASPSP. * ***bulk-payments***: A collection of several payment iniatiation requests. In case of a *pain.001* message there are more than one payments contained in the *pain.001* message. ## Single and mulitilevel SCA Processes The Payment Initiation requests are independent from the need of one or multilevel SCA processing, i.e. independent from the number of authorisations needed for the execution of payments. But the response messages are specific to either one SCA processing or multilevel SCA processing. For payment initiation with multilevel SCA, this specification requires an explicit start of the authorisation, i.e. links directly associated with SCA processing like 'scaRedirect' or 'scaOAuth' cannot be contained in the response message of a Payment Initation Request for a payment, where multiple authorisations are needed. Also if any data is needed for the next action, like selecting an SCA method is not supported in the response, since all starts of the multiple authorisations are fully equal. In these cases, first an authorisation sub-resource has to be generated following the 'startAuthorisation' link. operationId: initiatePayment tags: - Payment Initiation Service (PIS) security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #method specific header elements - $ref: "#/components/parameters/PSU-ID" - $ref: "#/components/parameters/PSU-ID-Type" - $ref: "#/components/parameters/PSU-Corporate-ID" - $ref: "#/components/parameters/PSU-Corporate-ID-Type" - $ref: "#/components/parameters/consentId_HEADER_optional" - $ref: "#/components/parameters/PSU-IP-Address_mandatory" - $ref: "#/components/parameters/TPP-Redirect-Preferred" - $ref: "#/components/parameters/TPP-Redirect-URI" - $ref: "#/components/parameters/TPP-Nok-Redirect-URI" - $ref: "#/components/parameters/TPP-Explicit-Authorisation-Preferred" - $ref: "#/components/parameters/TPP-Rejection-NoFunds-Preferred" - $ref: "#/components/parameters/TPP-Brand-Logging-Information" #conditional for extended service lean Push - $ref: "#/components/parameters/TPP-Notification-URI" - $ref: "#/components/parameters/TPP-Notification-Content-Preferred" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" requestBody: $ref: "#/components/requestBodies/paymentInitiation" responses: '201': $ref: "#/components/responses/CREATED_201_PaymentInitiation" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}: get: summary: Get payment information description: Returns the content of a payment object operationId: getPaymentInformation tags: - Payment Initiation Service (PIS) security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_PaymentInitiationInformation" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" delete: summary: Payment cancellation request description: | This method initiates the cancellation of a payment. Depending on the payment-service, the payment-product and the ASPSP's implementation, this TPP call might be sufficient to cancel a payment. If an authorisation of the payment cancellation is mandated by the ASPSP, a corresponding hyperlink will be contained in the response message. Cancels the addressed payment with resource identification paymentId if applicable to the payment-service, payment-product and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day). The response to this DELETE command will tell the TPP whether the * access method was rejected, * access method was successful, or * access method is generally applicable, but further authorisation processes are needed. operationId: cancelPayment tags: - Payment Initiation Service (PIS) security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" - $ref: "#/components/parameters/TPP-Redirect-Preferred" - $ref: "#/components/parameters/TPP-Nok-Redirect-URI" - $ref: "#/components/parameters/TPP-Redirect-URI" - $ref: "#/components/parameters/TPP-Explicit-Authorisation-Preferred" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '204': $ref: "#/components/responses/NO_CONTENT_204_PaymentInitiationCancel" #If the DELETE is sufficient for cancelling the payment '202': $ref: "#/components/responses/RECEIVED_202_PaymentInitiationCancel" #If the DELETE is not sufficient for cancelling the payment since an authorisation of the cancellation by the PSU is needed. '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS_CANC" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}/status: get: summary: Payment initiation status request description: Check the transaction status of a payment initiation. operationId: getPaymentInitiationStatus tags: - Payment Initiation Service (PIS) security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE #In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_PaymentInitiationStatus" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}/authorisations: post: summary: Start the authorisation process for a payment initiation description: | Create an authorisation sub-resource and start the authorisation process. The message might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the transaction. The ASPSP might make the usage of this access method unnecessary in case of only one SCA process needed, since the related authorisation resource might be automatically created by the ASPSP after the submission of the payment data with the first POST payments/{payment-product} call. The start authorisation process is a process which is needed for creating a new authorisation or cancellation sub-resource. This applies in the following scenarios: * The ASPSP has indicated with a 'startAuthorisation' hyperlink in the preceding Payment initiation response that an explicit start of the authorisation process is needed by the TPP. The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded by using the extended forms: * 'startAuthorisationWithPsuIdentfication' * 'startAuthorisationWithPsuAuthentication' * 'startAuthorisationWithEncryptedPsuAuthentication' * 'startAuthorisationWithAuthentciationMethodSelection' * The related payment initiation cannot yet be executed since a multilevel SCA is mandated. * The ASPSP has indicated with a 'startAuthorisation' hyperlink in the preceding Payment cancellation response that an explicit start of the authorisation process is needed by the TPP. The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded by using the extended forms as indicated above. * The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for executing the cancellation. * The signing basket needs to be authorised yet. operationId: startPaymentAuthorisation tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #method specific header elements - $ref: "#/components/parameters/PSU-ID" - $ref: "#/components/parameters/PSU-ID-Type" - $ref: "#/components/parameters/PSU-Corporate-ID" - $ref: "#/components/parameters/PSU-Corporate-ID-Type" - $ref: "#/components/parameters/TPP-Redirect-Preferred" - $ref: "#/components/parameters/TPP-Redirect-URI" - $ref: "#/components/parameters/TPP-Nok-Redirect-URI" #conditional for extended service lean Push - $ref: "#/components/parameters/TPP-Notification-URI" - $ref: "#/components/parameters/TPP-Notification-Content-Preferred" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" requestBody: content: application/json: schema: oneOf: #Different Authorisation Bodies - {} - $ref: "#/components/schemas/updatePsuAuthentication" - $ref: "#/components/schemas/selectPsuAuthenticationMethod" - $ref: "#/components/schemas/transactionAuthorisation" responses: '201': $ref: "#/components/responses/CREATED_201_StartScaProcess" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" get: summary: Get payment initiation authorisation sub-resources request description: | Read a list of all authorisation subresources IDs which have been created. This function returns an array of hyperlinks to all generated authorisation sub-resources. operationId: getPaymentInitiationAuthorisation tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE #In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_Authorisations" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}: get: summary: Read the SCA status of the payment authorisation description: | This method returns the SCA status of a payment initiation's authorisation sub-resource. operationId: getPaymentInitiationScaStatus tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" - $ref: "#/components/parameters/authorisationId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_ScaStatus" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" put: summary: Update PSU data for payment initiation description: | This methods updates PSU data on the authorisation resource if needed. It may authorise a payment within the Embedded SCA Approach where needed. Independently from the SCA Approach it supports e.g. the selection of the authentication method and a non-SCA PSU authentication. There are several possible update PSU data requests in the context of payment initiation services needed, which depends on the SCA approach: * Redirect SCA Approach: A specific update PSU data request is applicable for * the selection of authentication methods, before choosing the actual SCA approach. * Decoupled SCA Approach: A specific update PSU data request is only applicable for * adding the PSU identification, if not provided yet in the payment initiation request or the account information consent request, or if no OAuth2 access token is used, or * the selection of authentication methods. * Embedded SCA Approach: The Update PSU Data request might be used * to add credentials as a first factor authentication data of the PSU and * to select the authentication method and * transaction authorisation. The SCA Approach might depend on the chosen SCA method. For that reason, the following possible Update PSU data request can apply to all SCA approaches: * Select an SCA method in case of several SCA methods are available for the customer. There are the following request types on this access path: * Update PSU identification * Update PSU authentication * Select PSU autorization method WARNING: This method needs a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change. * Transaction authorisation WARNING: This method needs a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change. operationId: updatePaymentPsuData tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" - $ref: "#/components/parameters/authorisationId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #method specific header elements # Not always allowed depending on the kind of update which is ask for - $ref: "#/components/parameters/PSU-ID" - $ref: "#/components/parameters/PSU-ID-Type" - $ref: "#/components/parameters/PSU-Corporate-ID" - $ref: "#/components/parameters/PSU-Corporate-ID-Type" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" requestBody: content: application/json: schema: oneOf: #Different authorisation bodies - {} - $ref: "#/components/schemas/updatePsuAuthentication" - $ref: "#/components/schemas/selectPsuAuthenticationMethod" - $ref: "#/components/schemas/transactionAuthorisation" - $ref: "#/components/schemas/authorisationConfirmation" examples: "Update PSU identification (Decoupled Approach)": value: {} "Update PSU authentication (Embedded Approach)": $ref: "#/components/examples/updatePsuAuthenticationExample_Embedded" "Select PSU authentication method (Embedded Approach)": $ref: "#/components/examples/selectPsuAuthenticationMethodExample_Embedded" "Transaction authorisation (Embedded Approach)": $ref: "#/components/examples/transactionAuthorisationExample_Embedded" "Authorisation confirmation (Redirect Approach)": $ref: "#/components/examples/authorisationConfirmationExample_Redirect" responses: '200': $ref: "#/components/responses/OK_200_UpdatePsuData" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations: post: summary: Start the authorisation process for the cancellation of the addressed payment description: | Creates an authorisation sub-resource and start the authorisation process of the cancellation of the addressed payment. The message might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the cancellation-authorisation. The ASPSP might make the usage of this access method unnecessary in case of only one SCA process needed, since the related authorisation resource might be automatically created by the ASPSP after the submission of the payment data with the first POST payments/{payment-product} call. The start authorisation process is a process which is needed for creating a new authorisation or cancellation sub-resource. This applies in the following scenarios: * The ASPSP has indicated with a 'startAuthorisation' hyperlink in the preceding payment initiation response that an explicit start of the authorisation process is needed by the TPP. The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded by using the extended forms: * 'startAuthorisationWithPsuIdentfication' * 'startAuthorisationWithPsuAuthentication' * 'startAuthorisationWithAuthentciationMethodSelection' * The related payment initiation cannot yet be executed since a multilevel SCA is mandated. * The ASPSP has indicated with a 'startAuthorisation' hyperlink in the preceding payment cancellation response that an explicit start of the authorisation process is needed by the TPP. The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded by using the extended forms as indicated above. * The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for executing the cancellation. * The signing basket needs to be authorised yet. operationId: startPaymentInitiationCancellationAuthorisation tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #method specific header elements - $ref: "#/components/parameters/PSU-ID" - $ref: "#/components/parameters/PSU-ID-Type" - $ref: "#/components/parameters/PSU-Corporate-ID" - $ref: "#/components/parameters/PSU-Corporate-ID-Type" - $ref: "#/components/parameters/TPP-Redirect-Preferred" - $ref: "#/components/parameters/TPP-Redirect-URI" - $ref: "#/components/parameters/TPP-Nok-Redirect-URI" #conditional for extended service lean Push - $ref: "#/components/parameters/TPP-Notification-URI" - $ref: "#/components/parameters/TPP-Notification-Content-Preferred" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" requestBody: content: application/json: schema: oneOf: #Different Authorisation Bodies - {} - $ref: "#/components/schemas/updatePsuAuthentication" - $ref: "#/components/schemas/selectPsuAuthenticationMethod" - $ref: "#/components/schemas/transactionAuthorisation" responses: '201': $ref: "#/components/responses/CREATED_201_StartScaProcess" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" get: summary: Will deliver an array of resource identifications to all generated cancellation authorisation sub-resources description: | Retrieve a list of all created cancellation authorisation sub-resources. operationId: getPaymentInitiationCancellationAuthorisationInformation tags: - Payment Initiation Service (PIS) security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_CancellationList" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" /v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations/{cancellationId}: get: summary: Read the SCA status of the payment cancellation's authorisation description: | This method returns the SCA status of a payment initiation's authorisation sub-resource. operationId: getPaymentCancellationScaStatus tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" - $ref: "#/components/parameters/cancellationId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" #NO REQUEST BODY responses: '200': $ref: "#/components/responses/OK_200_ScaStatus" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" put: summary: Update PSU data for payment initiation cancellation description: | This method updates PSU data on the cancellation authorisation resource if needed. It may authorise a cancellation of the payment within the Embedded SCA Approach where needed. Independently from the SCA Approach it supports e.g. the selection of the authentication method and a non-SCA PSU authentication. This methods updates PSU data on the cancellation authorisation resource if needed. There are several possible update PSU data requests in the context of a cancellation authorisation within the payment initiation services needed, which depends on the SCA approach: * Redirect SCA Approach: A specific Update PSU data request is applicable for * the selection of authentication methods, before choosing the actual SCA approach. * Decoupled SCA Approach: A specific Update PSU data request is only applicable for * adding the PSU Identification, if not provided yet in the payment initiation request or the Account Information Consent Request, or if no OAuth2 access token is used, or * the selection of authentication methods. * Embedded SCA Approach: The Update PSU data request might be used * to add credentials as a first factor authentication data of the PSU and * to select the authentication method and * transaction authorisation. The SCA approach might depend on the chosen SCA method. For that reason, the following possible update PSU data request can apply to all SCA approaches: * Select an SCA method in case of several SCA methods are available for the customer. There are the following request types on this access path: * Update PSU identification * Update PSU authentication * Select PSU autorization method WARNING: This method needs a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change. * Transaction Authorisation WARNING: This method needs a reduced header, therefore many optional elements are not present. Maybe in a later version the access path will change. operationId: updatePaymentCancellationPsuData tags: - Payment Initiation Service (PIS) - Common Services security: ##################################################### # REMARKS ON SECURITY IN THIS OPENAPI FILE # In this file only the basic security element to transport # the bearer token of an OAuth2 process, which has to # be included in the HTTP header is described. # # WARNING: # If you want to use this file for a productive implementation, # it is recommended to adjust the security schemes according to # your system environments and security policies. ##################################################### - {} - BearerAuthOAuth: [] parameters: #path - $ref: "#/components/parameters/paymentService" - $ref: "#/components/parameters/paymentProduct" - $ref: "#/components/parameters/paymentId" - $ref: "#/components/parameters/cancellationId" #query # NO QUERY PARAMETER #header #common header parameter - $ref: "#/components/parameters/X-Request-ID" #header to support the signature function - $ref: "#/components/parameters/Digest" - $ref: "#/components/parameters/Signature" - $ref: "#/components/parameters/TPP-Signature-Certificate" #method specific header elements # Not always allowed depending on the kind of update which is ask for - $ref: "#/components/parameters/PSU-ID" - $ref: "#/components/parameters/PSU-ID-Type" - $ref: "#/components/parameters/PSU-Corporate-ID" - $ref: "#/components/parameters/PSU-Corporate-ID-Type" #optional additional PSU Information in header - $ref: "#/components/parameters/PSU-IP-Address_optional" - $ref: "#/components/parameters/PSU-IP-Port" - $ref: "#/components/parameters/PSU-Accept" - $ref: "#/components/parameters/PSU-Accept-Charset" - $ref: "#/components/parameters/PSU-Accept-Encoding" - $ref: "#/components/parameters/PSU-Accept-Language" - $ref: "#/components/parameters/PSU-User-Agent" - $ref: "#/components/parameters/PSU-Http-Method" - $ref: "#/components/parameters/PSU-Device-ID" - $ref: "#/components/parameters/PSU-Geo-Location" requestBody: content: application/json: schema: oneOf: #Different Authorisation Bodies - {} - $ref: "#/components/schemas/updatePsuAuthentication" - $ref: "#/components/schemas/selectPsuAuthenticationMethod" - $ref: "#/components/schemas/transactionAuthorisation" - $ref: "#/components/schemas/authorisationConfirmation" examples: "Update PSU Identification (Embedded Approach)": value: {} "Update PSU authentication (Embedded Approach)": $ref: "#/components/examples/updatePsuAuthenticationExample_Embedded" "Select PSU Authentication Method (Embedded Approach)": $ref: "#/components/examples/selectPsuAuthenticationMethodExample_Embedded" "Transaction Authorisation (Embedded Approach)": $ref: "#/components/examples/transactionAuthorisationExample_Embedded" "Authorisation confirmation (Redirect Approach)": $ref: "#/components/examples/authorisationConfirmationExample_Redirect" responses: '200': $ref: "#/components/responses/OK_200_UpdatePsuData" '400': $ref: "#/components/responses/BAD_REQUEST_400_PIS" '401': $ref: "#/components/responses/UNAUTHORIZED_401_PIS" '403': $ref: "#/components/responses/FORBIDDEN_403_PIS" '404': $ref: "#/components/responses/NOT_FOUND_404_PIS" '405': $ref: "#/components/responses/METHOD_NOT_ALLOWED_405_PIS" '406': $ref: "#/components/responses/NOT_ACCEPTABLE_406_PIS" '408': $ref: "#/components/responses/REQUEST_TIMEOUT_408_PIS" '409': $ref: "#/components/responses/CONFLICT_409_PIS" '415': $ref: "#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_PIS" '429': $ref: "#/components/responses/TOO_MANY_REQUESTS_429_PIS" '500': $ref: "#/components/responses/INTERNAL_SERVER_ERROR_500_PIS" '503': $ref: "#/components/responses/SERVICE_UNAVAILABLE_503_PIS" ##################################################### # Account Information Service ##################################################### ##################################################### # Accounts ##################################################### /v1/accounts: get: summary: Read account list description: | Read the identifiers of the available payment account together with booking balance information, depending on the consent granted. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId, respectively the OAuth2 access token. Returns all identifiers of the accounts, to which an account access has been granted to through the /consents endpoint by the PSU.