openapi: 3.0.1 info: title: Open Banking Account Information V3 version: '3.8.0' description: | There are several possible flows (sequence of API calls) to obtain a consent before Account Information data can be retrieved. Which API's are required depend on the ASPSP (the bank of the PSU) and the chosen strong customer authentication approach. The response of an API call will indicate in the 'Links' section which next API call is required to complete the consent request. #### PSD2 Sandbox Several AspspId's are available to test specific account information scenario's, see sandbox documentation. The following authorization token can be used to test in the sandbox (unlike a real token this one doesn't expire): **d5bd895a4080dbbb469a207460b6fca** x-tpp-buildversion: '1.47' servers: - url: https://xs2a.awltest.de/xs2a/routingservice/services/ob/ais/v3 description: PSD2 Sandbox paths: /psus/{psuId}/consents: post: security: - Authorization: [] tags: - Account Information Service summary: Initiates the consent request, with additional options operationId: consent extended parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' - $ref: '#/components/parameters/InitiatingPartyNotificationUrl' - $ref: '#/components/parameters/NotificationVersion' - $ref: '#/components/parameters/InitiatingPartyReturnUrl' - $ref: '#/components/parameters/UseAuthorisationLandingPages' - $ref: '#/components/parameters/Locale' - $ref: '#/components/parameters/AppRedirectPreferred' - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/LastLogin' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/PsuIpPort' - $ref: '#/components/parameters/HttpMethod' - $ref: '#/components/parameters/HttpHeaderUserAgent' - $ref: '#/components/parameters/HttpHeaderReferer' - $ref: '#/components/parameters/HttpHeaderAccept' - $ref: '#/components/parameters/HttpHeaderAcceptCharset' - $ref: '#/components/parameters/HttpHeaderAcceptEncoding' - $ref: '#/components/parameters/HttpHeaderAcceptLanguage' - $ref: '#/components/parameters/DeviceId' - $ref: '#/components/parameters/GeoLocation' - $ref: '#/components/parameters/UseImplicitPreAuthCombined' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentRequest' required: false responses: 201: description: | Created headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' AspspScaApproach: $ref: '#/components/headers/AspspScaApproach' content: application/json: schema: $ref: '#/components/schemas/ConsentResponse' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' x-codegen-request-body-name: body /psus/{psuId}/consents/{consentId}/identification: post: security: - Authorization: [] tags: - Account Information Service summary: PSU identification request description: | Use this operation to identify a PSU in a decoupled approach. operationId: identification parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/ConsentId' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentIdentificationRequest' responses: 201: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/ConsentIdentificationResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /psus/{psuId}/consents/{consentId}/authorisations: post: security: - Authorization: [] tags: - Account Information Service summary: Start the authorisation process for a consent description: Use this operation to authorize a PSU in multilevel authorization approach. operationId: authorisation parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/ConsentId' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentAuthorisationRequest' required: false responses: 201: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/ConsentAuthorisationResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' x-codegen-request-body-name: body /psus/{psuId}/consents/{consentId}/authorisations/{authorisationId}: put: security: - Authorization: [] tags: - Account Information Service summary: Consent authorisation update description: | Use this operation to update the authorization. operationId: authorisationUpdate parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/ConsentId' - $ref: '#/components/parameters/AuthorisationId' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' requestBody: content: application/json: schema: $ref: '#/components/schemas/ConsentAuthorisationUpdateRequest' required: false responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/ConsentAuthorisationUpdateResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' x-codegen-request-body-name: body /psus/{psuId}/consents/{consentId}/status: get: security: - Authorization: [] tags: - Account Information Service summary: Get the status of a consent for a specific PSU operationId: status parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/ConsentId' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' AspspScaApproach: $ref: '#/components/headers/AspspScaApproach' content: application/json: schema: $ref: '#/components/schemas/ConsentDetailedInformation' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /psus/{psuId}/consents/{consentId}: delete: security: - Authorization: [] tags: - Account Information Service summary: Revoke the consent for a specific PSU operationId: revoke parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/ConsentId' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' responses: 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /psus/{psuId}/aspsps/{aspspId}/accounts: get: security: - Authorization: [] tags: - Account Information Service summary: Lists all accounts that are consented by the PSU for a specific ASPSP operationId: accounts parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/AspspId' - $ref: '#/components/parameters/Page' - $ref: '#/components/parameters/TotalPages' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/GetAccountsResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 410: $ref: '#/components/responses/410' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /psus/{psuId}/aspsps/{aspspId}/accounts/{accountId}/balances: get: security: - Authorization: [] tags: - Account Information Service summary: Get balances for a specific PSU's account operationId: balances parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/AspspId' - $ref: '#/components/parameters/AccountId' - $ref: '#/components/parameters/Page' - $ref: '#/components/parameters/TotalPages' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/GetBalancesResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 410: $ref: '#/components/responses/410' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /psus/{psuId}/aspsps/{aspspId}/accounts/{accountId}/transactions: get: security: - Authorization: [] tags: - Account Information Service summary: Get the list of transactions for a specific PSU's' account operationId: transactions parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/AspspId' - $ref: '#/components/parameters/AccountId' - $ref: '#/components/parameters/DateFrom' - $ref: '#/components/parameters/DateTo' - $ref: '#/components/parameters/Page' - $ref: '#/components/parameters/TotalPages' - $ref: '#/components/parameters/PsuIpAddress' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/GetTransactionsResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: description: Bad Request headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 401: $ref: '#/components/responses/401' 403: description: Expired IP Token headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 404: $ref: '#/components/responses/404' 410: $ref: '#/components/responses/410' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' 502: $ref: '#/components/responses/502' 503: $ref: '#/components/responses/503' 511: $ref: '#/components/responses/511' /download/psus/{psuId}/aspsps/{aspspId}/accounts/{accountId}/transactions: get: security: - Authorization: [] tags: - Account Information Service summary: Get the list of transactions for a specific PSU's' account as a download operationId: transactionsdownload parameters: - $ref: '#/components/parameters/PsuId' - $ref: '#/components/parameters/AspspId' - $ref: '#/components/parameters/AccountId' - $ref: '#/components/parameters/Dl' - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/PsuIpAddress' responses: 200: description: | Successful content: application/json: schema: $ref: '#/components/schemas/GetTransactionsResponse' 204: description: | No content headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: {} 400: description: | Bad Request content: application/json: schema: $ref: '#/components/schemas/Error' 401: description: | Missing or wrong IP Token. content: application/json: schema: $ref: '#/components/schemas/Error' 403: description: | Expired IP Token. content: application/json: schema: $ref: '#/components/schemas/Error' 404: description: | Not Found, resource at TPP not found. content: application/json: schema: $ref: '#/components/schemas/Error' 410: description: | Pagination resource timed out. content: application/json: schema: $ref: '#/components/schemas/Error' 500: description: | Internal Server Error. content: application/json: schema: $ref: '#/components/schemas/Error' 502: description: | Bad Gateway, connection to ASPSP failed or token to ASPSP missing. content: application/json: schema: $ref: '#/components/schemas/Error' 503: description: | Service Unavailable, too many request to the ASPSP. content: application/json: schema: $ref: '#/components/schemas/Error' 511: description: | Network Authentication Required, authentication to ASPSP failed . content: application/json: schema: $ref: '#/components/schemas/Error' /register: post: security: - Authorization: [] tags: - Account Information Service (Extended Service) summary: POST a new registration resource for a specific product. description: 'The available products utilize the PSUs AIS consent.' operationId: registration parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' requestBody: content: application/json: schema: $ref: '#/components/schemas/PostRegistrationRequest' responses: 201: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/PostRegistrationResponse' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' /register/{registrationId}/initialisation/{psuId}: post: security: - Authorization: [] tags: - Account Information Service (Extended Service) summary: Get the link to the IS for the consent authorisation operationId: post consent authorisation parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' - $ref: '#/components/parameters/Locale' - $ref: '#/components/parameters/InitiatingPartyReturnUrl' - $ref: '#/components/parameters/RegistrationId' - $ref: '#/components/parameters/PsuId' requestBody: content: application/json: schema: $ref: '#/components/schemas/InitialisationRequest' responses: 201: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/InitialisationResponse' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' /register/{registrationId}: put: security: - Authorization: [] tags: - Account Information Service (Extended Service) summary: Update an existing registration for the PSU description: '' operationId: put registration parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' - $ref: '#/components/parameters/RegistrationId' requestBody: content: application/json: schema: $ref: '#/components/schemas/PutRegistrationRequest' responses: 204: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' delete: security: - Authorization: [] tags: - Account Information Service (Extended Service) summary: Delete an existing registration description: '' operationId: delete registration parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' - $ref: '#/components/parameters/RegistrationId' responses: 204: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' /register/{registrationId}/status: get: security: - Authorization: [] tags: - Account Information Service (Extended Service) summary: Get an existing registration status description: '' operationId: get registration status parameters: - $ref: '#/components/parameters/X-Request-ID' - $ref: '#/components/parameters/MessageCreateDateTime' - $ref: '#/components/parameters/RegistrationId' responses: 200: description: | Successful headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/GetRegistrationResponseStatus' 400: $ref: '#/components/responses/400' 401: $ref: '#/components/responses/401' 403: $ref: '#/components/responses/403' 404: $ref: '#/components/responses/404' 415: $ref: '#/components/responses/415' 500: $ref: '#/components/responses/500' components: securitySchemes: Authorization: type: http scheme: bearer schemas: ConsentRequest: type: object additionalProperties: false properties: PsuData: $ref: '#/components/schemas/PsuData' UsePreAuthentication: type: boolean default: false description: | This field is only applicable for ASPSP's which support pre-authentication. It can also be filled in consent requests toward other ASPSP's, but the value will then be ignored. * If set to true the Open Banking Service will store the pre-authentication token for use with future consent requests. This will only work if also a PsuId is provided which is stored in the Open Banking Service.
* If set to false the pre-authentication token will only be used to finish one consent request. After which it will be discarded. PreferredScaMethod: type: array default: Redirect items: type: string description: | Multiple preferred methods can be choosen. It's up to the ASPSP which approach will actually be used, this could be a non-preferred SCA method. enum: - Redirect - Decoupled - Embedded Permissions: type: array items: $ref: '#/components/schemas/PermissionEnum' Details: $ref: '#/components/schemas/ConsentDetails' TransactionFromDateTime: type: string format: date-time description: Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. TransactionToDateTime: type: string format: date-time description: Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. description: Consent Request Initiation example: { "PsuData": { "AspspId": "20101", "Country": "FR" }, "PreferredScaMethod": ["Redirect"], "Permissions": [ "Accounts", "Balances", "Transactions" ], "Details": { "FrequencyPerDay": 4, "RecurringIndicator": true } } ConsentResponse: required: - ConsentId - ConsentStatus type: object additionalProperties: false properties: ConsentId: description: | Id generated by the Open Banking Service. This should be used to refer to this consent. maxLength: 1024 minLength: 1 type: string ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' PermissionInformation: type: string description: | Optionally a text for detailed information on the permission handling of the ASPSP is given. E.g. By default a consent is allowing a frequency of up to 4 requests per day. This default is set implicitly by the Open Banking Service. If this parameter is not supported by the ASPSP, the Initiating Party is informed using this field. AuthorisationRequiredData: $ref: '#/components/schemas/AuthorisationRequiredData' Links: $ref: '#/components/schemas/InitiationResponseLinks' PsuMessage: description: | Text to be displayed to the PSU. maxLength: 1024 minLength: 1 type: string description: | ConsentResponse xml: name: ConsentResponse namespace: urn:eu:xs2a:xsd:v1 ConsentIdentificationRequest: type: object additionalProperties: false properties: PsuData: $ref: '#/components/schemas/PsuDataIdentification' ConsentIdentificationResponse: required: - ConsentId - ConsentStatus type: object additionalProperties: false properties: ConsentId: maxLength: 1024 minLength: 1 type: string description: | Id generated by the Open Banking Service. This should be used to refer to this consent. ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' AuthStatus: $ref: '#/components/schemas/AuthStatusEnum' Links: $ref: '#/components/schemas/Links' PsuMessage: description: | Text to be displayed to the PSU. maxLength: 1024 minLength: 1 type: string ConsentAuthorisationRequest: type: object additionalProperties: false properties: PsuData: $ref: '#/components/schemas/PsuDataIdentification' PsuCredentials: type: array description: | List of PSU's credentials. items: $ref: '#/components/schemas/PsuAuthCredentials' ConsentAuthorisationResponse: required: - ConsentStatus type: object additionalProperties: false properties: ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' AuthStatus: $ref: '#/components/schemas/AuthStatusEnum' AuthorisationRequiredData: $ref: '#/components/schemas/AuthorisationRequiredData' Links: $ref: '#/components/schemas/AuthorisationResponseLinks' PsuMessage: description: | Text to be displayed to the PSU. maxLength: 1024 minLength: 1 type: string ConsentAuthorisationUpdateRequest: type: object additionalProperties: false properties: PsuData: $ref: '#/components/schemas/PsuDataIdentification' PsuCredentials: type: array description: | List of PSU's credentials. items: $ref: '#/components/schemas/PsuAuthCredentials' AuthenticationMethodId: type: string description: | Id of the selected method. ScaAuthenticationData: type: string description: | Depending on method. In case of binary data it has to be given base64 encoded. ConsentAuthorisationUpdateResponse: required: - ConsentStatus type: object additionalProperties: false properties: ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' AuthStatus: $ref: '#/components/schemas/AuthStatusEnum' AuthorisationRequiredData: $ref: '#/components/schemas/AuthorisationRequiredData' Links: $ref: '#/components/schemas/AuthorisationResponseLinks' PsuMessage: description: | Text to be displayed to the PSU. maxLength: 1024 minLength: 1 type: string ConsentDetailedInformation: required: - ConsentId - ConsentStatus type: object additionalProperties: false properties: ConsentId: maxLength: 1024 minLength: 1 type: string description: | Id generated by the Open Banking Service. This should be used to refer to this consent. ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' AspspId: type: string minLength: 1 description: | The Id of the ASPSP. The Open Banking Service uses this information to route the consent and accounts information requests. AuthorisationRequiredData: $ref: '#/components/schemas/AuthorisationRequiredData' PermissionInformation: type: string description: | Optionally a text for detailed information on the permission handling of the ASPSP is given. E.g. by default a consent is allowing a frequency of up to 4 requests per day. This default is set implicitly by the Open Banking Service. If this parameter is not supported by the ASPSP the Initiating Party is informed by this. FrequencyPerDay: type: integer description: | This field indicates the maximum frequency for an access per day. For a one-off access, this attribute is set to "1. RecurringIndicator: type: boolean description: | "true", if the consent is for recurring access to the account data. "false", if the consent is for one access to the account data. ValidUntilDate: type: string format: date-time description: | Date to which the consent is valid. LastActionDate: type: string format: date description: | Date of the last change to the consent object. Either through the XS2A interface or the PSU/ASPSP interface. TransactionFromDateTime: type: string format: date-time description: | Specified start date and time for the transaction query period. TransactionToDateTime: type: string format: date-time description: | Specified end date and time for the transaction query period. Links: $ref: '#/components/schemas/ConsentStatusLinks' PsuMessage: description: | Text to be displayed to the PSU. maxLength: 1024 minLength: 1 type: string description: | Consent Detailed Information xml: name: ConsentDetailedInformation namespace: urn:eu:xs2a:xsd:v1 GetAccountsResponse: required: - Accounts type: object additionalProperties: false properties: Accounts: type: array items: $ref: '#/components/schemas/Account' Links: $ref: '#/components/schemas/AccountLinks' Metadata: $ref: '#/components/schemas/Meta' description: | GetAccountsResponse xml: name: GetAccountsResponse namespace: urn:eu:xs2a:xsd:v1 GetBalancesResponse: required: - AccountId - Balances - Timestamp type: object additionalProperties: false properties: AccountId: maxLength: 70 minLength: 1 type: string description: | Id of the account of the PSU as retrieved form the GET accounts response. Timestamp: type: string description: | Indicates the date (and time) of the balance. All dates are represented in ISO 8601 date-time. format: date-time Balances: type: array items: $ref: '#/components/schemas/Balance' Links: $ref: '#/components/schemas/BalanceLinks' Metadata: $ref: '#/components/schemas/Meta' description: | GetBalancesResponse xml: name: GetBalancesResponse namespace: urn:eu:xs2a:xsd:v1 GetTransactionsResponse: required: - AccountId type: object additionalProperties: false properties: DateFrom: type: string format: date-time description: | Date and time. All transactions on this date are included in the result. DateTo: type: string format: date-time description: | Date and time, transactions up to this date are included. So transaction on this date are not included in the result. AccountId: maxLength: 70 minLength: 1 type: string description: | Id of the account of the PSU as retrieved form the GET accounts response. Transactions: type: array items: $ref: '#/components/schemas/Transactions' Links: $ref: '#/components/schemas/TransactionLinks' Metadata: $ref: '#/components/schemas/Meta' description: | GetTransactionsResponse xml: name: GetTransactionsResponse namespace: urn:eu:xs2a:xsd:v1 ConsentDetails: type: object additionalProperties: false properties: PermittedAccountReferences: type: array items: $ref: '#/components/schemas/PermittedAccountReference' ValidUntilDate: type: string format: date description: | This parameter is requesting a valid until date for the requested consent. If this date is not given in the request a validity period of 90 days is used towards the ASPSP. FrequencyPerDay: type: integer description: | This field indicates the requested maximum frequency for an access per day. Allowed unattended requests per day 1-4. RecurringIndicator: type: boolean description: | Indicates if the consent is for recurring access or for one time access to the account data. **Note -** Default value is set to false, only for ASPSPs having implemented the CBI protocol. CombinedServiceIndicator: type: boolean default: false description: | If "true" indicates that a payment initiation service will be addressed in the same "session". OwnerName: type: boolean default: false description: | If true the Open Banking Service will ask the ASPSP for the Owername of the accounts. description: | Detailed consent options, not available for all ASPSPs. If a detailed option is not available the Open Banking Service will fall back to the consent requested in the ‘Permission’ field. The Initiating Party is notified in the response. PostRegistrationRequest: type: object additionalProperties: false required: - Psus - RegistrationId properties: RegistrationId: type: string description: '' example: '67831' Psus: type: array items: type: object additionalProperties: false description: '' required: - PsuId properties: PsuId: description: | This field can be filled with an ID from the Initiating Party which refers to the PSU. type: string example: unique_psu_id_23858 RefreshsPerDay: type: integer description: "Amount of iterations per day for PSU's data retrieval. Can be set up to 4." default: 1 minimum: 1 maximum: 4 Parameter: $ref: '#/components/schemas/Parameter' PostRegistrationResponse: type: object additionalProperties: false properties: RegistrationStatus: $ref: '#/components/schemas/RegistrationStatusEnum' FinaliseRegistration: $ref: '#/components/schemas/Link' InitialisationRequest: type: object additionalProperties: false properties: PsuData: $ref: '#/components/schemas/PsuData' Description: type: string description: | This information will be shown on the IS pages to PSU InitialisationResponse: type: object additionalProperties: false properties: RedirectUrl: $ref: '#/components/schemas/Link' PutRegistrationRequest: type: object additionalProperties: false properties: PsuId: description: | This field can be filled with an ID from the Initiating Party which refers to the PSU. type: string example: unique_psu_id_23858 RegistrationStatus: $ref: '#/components/schemas/RegistrationStatusEnum' Accounts: type: array items: type: object additionalProperties: false required: - AccountId properties: AccountId: type: string example: "AccountId-6253" GetRegistrationResponse: type: object additionalProperties: false required: - ProductType - Status - Psus properties: ProductType: $ref: '#/components/schemas/ProductType' RegistrationStatus: $ref: '#/components/schemas/RegistrationStatusEnum' Psus: type: array items: type: object additionalProperties: false description: '' required: - PsuId properties: PsuId: description: | This field can be filled with an ID from the Initiating Party which refers to the PSU. type: string example: unique_psu_id_23858 Accounts: type: array items: $ref: '#/components/schemas/AccountDetails' GetRegistrationResponseStatus: type: object additionalProperties: false required: - ProductType - Status - Psus properties: ProductType: $ref: '#/components/schemas/ProductType' RegistrationStatus: $ref: '#/components/schemas/RegistrationStatusEnum' UseCaseStatus: description: | Status indicating the progress of processing in the Open Banking platform for a given use case. Credit Scoring: - REGISTRATION_CREATED : A registration is created, waiting for consent sessions to be finalized. - REGISTRATION_FINALISED : All PSUs in the registrations have completed their consent flow, data collection will start. - DATA_COLLECTION_DONE : AIS data has been retrieved for all PSUs in the registration and has been sent for processing. - DATA_COLLECTION_ERROR : An error happened during the data collection, the processing will not happen. - ANALYSIS_FINALISED : The Credit Insight processing module has given feedback regarding the processing, report results will / have been sent to the InitiatingParty endpoint. type: string Parameter: $ref: '#/components/schemas/Parameter' Psus: type: array items: type: object additionalProperties: false description: '' required: - PsuId properties: PsuId: description: | This field can be filled with an ID from the Initiating Party which refers to the PSU. type: string example: unique_psu_id_23858 Consents: type: array items: $ref: '#/components/schemas/Consent' Amount: pattern: ^\\d{1,13}\\.\\d{1,5}$ type: string description: | Amount of the payment. The decimal separator is a dot. A zero amount is considered a positive amount. EquivalentAmount: type: object additionalProperties: false properties: Amount: $ref: '#/components/schemas/Amount' Currency: $ref: '#/components/schemas/Currency' CurrencyOfTransfer: $ref: '#/components/schemas/Currency' Currency: pattern: '[A-Z]{3,3}' type: string description: | ISO 4217 currency code. CurrencyExchange: type: object additionalProperties: false properties: SourceCurrency: pattern: '[A-Z]{3,3}' type: string description: | Currency from which an amount is to be converted in a currency conversion. ISO 4217 currency codes. TargetCurrency: pattern: '[A-Z]{3,3}' type: string description: | Currency into which an amount is to be converted in a currency conversion. ISO 4217 currency codes. UnitCurrency: pattern: '[A-Z]{3,3}' type: string description: | Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP. ISO 4217 currency codes. ExchangeRate: type: string description: | Factor used to convert an amount from one currency into another . This reflects the price at which one currency was bought with another currency. ContractIdentification: maxLength: 35 type: string description: | Unique identification to unambiguously identify the foreign exchange contract QuotationDate: type: string description: | Date and time at which an exchange rate is quoted. format: date-time PermittedAccountReference: required: - AccountReference type: object additionalProperties: false properties: AccountReference: maxLength: 1020 minLength: 1 type: string description: | Identification of the account number (IBAN). Currency: $ref: '#/components/schemas/Currency' description: | ## Permitted account reference field usage This field enables the Initiating party to request consent for accounts, balances or transactions for a restricted list of account rerferences only. This kind of permission detail information must be supported e.g. for the Berlin Group API. Account: required: - AccountId - Currency type: object additionalProperties: false properties: AccountId: maxLength: 70 minLength: 1 type: string description: | This is the account Id generated by the Open Banking Service. It should be used in subsequent api calls to refer to this account. BIC: pattern: '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' type: string description: | BIC Currency: $ref: '#/components/schemas/Currency' Name: maxLength: 35 minLength: 1 type: string description: | Name of the account. OwnerName: maxLength: 70 minLength: 1 type: string description: | Name of the legal account owner. DisplayName: maxLength: 70 minLength: 1 type: string description: | Additional name of the account. AccountNumber: maxLength: 70 minLength: 1 type: string description: | The number which identifies the account, provided by the ASPSP. Known by the PSU. This will mostly be an IBAN, but other types are possible see AccountNumberType field. OtherAccountNumber: maxLength: 70 minLength: 1 type: string AccountNumberType: type: string description: | ISO 20022 Account Number Type, which is the name of the identification scheme. enum: - IBAN - BBAN - MSISDN - SortCodeAccountNumber - BANK - COID - SREN - SRET - NIDN - OAUT - CPAN AccountType: $ref: '#/components/schemas/AccountType' AccountNumberTypeIssuer: maxLength: 35 minLength: 1 type: string description: | Entity that assigns the identification. this could a country code or any organisation name or identifier that can be recognized by both parties according to ISO20022. SubType: maxLength: 140 minLength: 1 type: string description: | Since Open Banking UK V2.0. Specifies the type of account. Values: 'CACC' Checking account'. Details: maxLength: 140 minLength: 1 type: string description: | Specifications that might be provided by the ASPSP. * Characteristics of the account * Characteristics of the relevant card. LinkedAccount: maxLength: 70 minLength: 1 type: string description: | Case of a set of pending card transactions, the ASPSP will provide the Id of the relevant cash account the card is set up on. Usage: maxLength: 35 minLength: 1 type: string description: | Indications how the account is being used. For example business or personal. Values - 'ORGA' professional account, 'PRIV' private personal account'. Product: maxLength: 35 minLength: 1 type: string description: | Product Name of the Bank for this account, proprietary definition. For example: Girokonto, Fremdwahrungskonto, Multi currency account.' PsuRole: maxLength: 70 minLength: 1 type: string description: | Relationship between the PSU and the account: account holder, Co-account holder, Attorney. AccountType: type: object additionalProperties: false properties: Name: type: string description: | Account type, in a coded form. ISO 20022 ExternalCashAccountType1Code. enum: - CACC - CASH - CHAR - CISH - COMM - CPAC - LLSV - LOAN - MGLD - MOMA - NREX - ODFT - ONDP - OTHR - SACC - SLRY - SVGS - TAXE - TRAN - TRAS Proprietary: maxLength: 70 minLength: 1 type: string description: | Proprietary account type as some schemes may define it. Values which could not be mapped to the ISO standard. ProprietaryOrigin: maxLength: 70 minLength: 1 type: string description: | Indicates the origin of the proprietary field. This could help to interpret the value. description: | An object describing the account type. It contains the sub field "Name", which is filled only, if the account type is one of the ISO 20022 ExternalCashAccountType1Code values. If the account type provided by the ASPSP is not an ISO type, the sub field "Proprietary" is filled with this non ISO type name and the sub field "ProprietaryOrigin" is filled with the name of the ASPSP application. Balance: required: - Amount - BalanceType - CreditDebitIndicator - Currency type: object additionalProperties: false properties: BalanceName: maxLength: 70 minLength: 1 type: string description: | Label of the balance. Amount: $ref: '#/components/schemas/Amount' Currency: $ref: '#/components/schemas/Currency' BalanceType: $ref: '#/components/schemas/BalanceType' CreditDebitIndicator: $ref: '#/components/schemas/CreditDebitIndicator' LastCommitedTransaction: maxLength: 35 minLength: 1 type: string description: | entryReference of the last committed transaction to support the Initiating Party in identifying whether all PSU transactions are already known. CreditLine: type: array items: $ref: '#/components/schemas/CreditLine' Date: type: string description: | Indicates the date of the balance. Date in ISO 8601 format yyyy -MM-dd. LastChangeDateTime: type: string description: | Timestamp of the last change of the balance amount. This data element might be used to indicate e.g. with the expected or booked balance that no action is known on the account, which is not yet booked. format: date-time BalanceType: type: object additionalProperties: false properties: Name: type: string description: | ISO 20022 Balance Type Code. enum: - CLAV - CLBD - FWAV - INFO - ITAV - ITBD - OPAV - OPBD - PRCD - XPCD Proprietary: maxLength: 70 minLength: 1 type: string description: | Proprietary balance type as some schemes may define it. ProprietaryOrigin: maxLength: 70 minLength: 1 type: string description: | The application this proprietary balance type was originated from. Transactions: required: - Amount - BookingDateTime - CreditDebitIndicator - Currency - Status type: object additionalProperties: false properties: TransactionId: maxLength: 70 minLength: 1 type: string description: | Unique identification, as assigned by the first instructing agent, to unambiguously identify the transaction that is passed on, unchanged, throughout the entire interbank chain. Not provided by all ASPSPs. The transaction identification can be used for reconciliation, tracking or to link tasks relating to the transaction on the interbank level. Amount: $ref: '#/components/schemas/Amount' Currency: $ref: '#/components/schemas/Currency' CreditDebitIndicator: $ref: '#/components/schemas/CreditDebitIndicator' Status: type: string description: | Type of transaction. enum: - BOOK - PDNG - INFO - FUTR - OTHR BookingDateTime: type: string description: | Booking date of the transaction on the account. format: date-time ExecutionDateTime: type: string description: | PSU Account transaction execution date. format: date-time ValueDateTime: type: string description: | Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit entry. format: date-time TransactionDate: type: string description: | Indicates the date of the transaction. Date in ISO format yyyy -MM-dd. RemittanceInformationUnstructured: maxLength: 500 minLength: 1 type: string description: | Unstructured remittance information. AddressLine: maxLength: 70 minLength: 1 type: string description: | Information that locates and identifies a specific address, as defined by postal services, that is presented in free format text. BankTransactionCode: $ref: '#/components/schemas/BankTransactionCode' MerchantDetail: $ref: '#/components/schemas/MerchantDetail' CreditorAgent: $ref: '#/components/schemas/CreditorAgent' CreditorAccount: $ref: '#/components/schemas/CreditorAccount' DebtorAgent: $ref: '#/components/schemas/DebtorAgent' DebtorAccount: $ref: '#/components/schemas/DebtorAccount' PurposeCode: type: string description: | Specifies the external purpose code in the format of character string with a maximum length of 4 characters. ISO 20022 ExternalPurpose1Code. RemittanceInformationStructured: $ref: '#/components/schemas/RemittanceInformationStructured' EquivalentAmount: $ref: '#/components/schemas/EquivalentAmount' References: $ref: '#/components/schemas/References' RelatedParties: $ref: '#/components/schemas/RelatedParties' CurrencyExchange: type: array description: | Set of elements used to provide details on the currency exchange. items: $ref: '#/components/schemas/CurrencyExchange' CategoryId: type: string description: | Identification of the category associated with the transaction. This field is reserved for future use and will only be filled if an extended service is contracted. CreditDebitIndicator: type: string description: | ISO 20022 Debit Credit Code. Indicates if the amount is credit (positive) or debit (negative). enum: - CRDT - DBIT Domain: type: object additionalProperties: false properties: DomainCode: type: string description: | ExternalBankTransactionDomain1Code. FamilyCode: type: string description: | Identify the type of underlying transaction. Specifies the family within a domain. ExternalBankTransactionFamily1Code. SubCode: type: string description: | Identify the type of underlying transaction. Specifies the sub-product family within a specific family. ExternalBankTransactionSubFamily1Code. Proprietary: type: object additionalProperties: false properties: Code: maxLength: 35 minLength: 1 type: string description: | Proprietary bank transaction code to identify the underlying transaction. Issuer: maxLength: 35 minLength: 1 type: string description: | Identification of the issuer of the proprietary bank transaction code. BankTransactionCode: type: object additionalProperties: false properties: Domain: $ref: '#/components/schemas/Domain' Proprietary: $ref: '#/components/schemas/Proprietary' CreditLine: required: - Amount - Currency - Included - Type type: object additionalProperties: false properties: Amount: $ref: '#/components/schemas/Amount' Currency: $ref: '#/components/schemas/Currency' Type: type: string description: | Limit type, in a coded form. enum: - Pre-Agreed - Emergency - Temporary - Available - Credit Included: type: boolean description: | Indicates whether or not the credit line is included in the balance of the account. MerchantDetail: type: object additionalProperties: false properties: MerchantName: maxLength: 350 minLength: 1 type: string description: | Name of the merchant. MerchantCategoryCode: maxLength: 4 minLength: 3 type: string description: | Category code conform to ISO 18245, related to the type of services or goods the merchant provides for the transaction. RelatedParties: type: object additionalProperties: false properties: CreditorId: type: string description: | Identification of Creditors, e.g. a SEPA Creditor ID. UltimateCreditor: type: string description: | Ultimate party to which an amount of money is due. UltimateDebtor: type: string description: | Ultimate party that owes an amount of money to the (ultimate) creditor. CreditorAccount: type: object additionalProperties: false properties: Identification: maxLength: 34 minLength: 1 type: string description: | Creditor identification assigned by an institution to identify an account. This identification is known by the account owner. SchemeName: type: string description: | Name of the creditor identification scheme, in a coded form as published in an external list. enum: - IBAN - PAN - SortCodeAccountNumber - BBAN - Paym BIC: type: string description: | BIC Name: maxLength: 70 minLength: 1 type: string description: | Name of the creditor account, as assigned by the account servicing institution, in agreement with the account owner in order to provide an additional means of identification of the account. SecondaryId: maxLength: 34 minLength: 1 type: string description: | This is secondary identification of the creditor account, as assigned by the account servicing institution. Currency: type: string description: | Currency of the account CreditorAgent: type: object additionalProperties: false properties: SchemeName: type: string description: | Name of the creditor agent identification scheme, in a coded form as published in an external list. enum: - BICFI Identification: maxLength: 35 minLength: 1 type: string description: | Unique and unambiguous creditor agent identification of a financial institution or a branch of a financial institution. DebtorAccount: type: object additionalProperties: false properties: Identification: maxLength: 34 minLength: 1 type: string description: | Debtor identification assigned by an institution to identify an account. This identification is known by the account owner. SchemeName: type: string description: | Name of the debtor identification scheme, in a coded form as published in an external list. enum: - IBAN - PAN - SortCodeAccountNumber - BBAN - Paym BIC: type: string description: | BIC Name: maxLength: 70 minLength: 1 type: string description: | Name of the debtor account, as assigned by the account servicing institution, in agreement with the account owner in order to provide an additional means of identification of the account. SecondaryId: maxLength: 34 minLength: 1 type: string description: | This is secondary identification of the debtor account, as assigned by the account servicing institution. Currency: type: string description: | Currency of the account. DebtorAgent: type: object additionalProperties: false properties: SchemeName: type: string description: | Name of the debtor agent identification scheme, in a coded form as published in an external list. enum: - BICFI Identification: maxLength: 35 minLength: 1 type: string description: | Unique and unambiguous debtor agent identification of a financial institution or a branch of a financial institution. AuthStatusEnum: description: | This data element is containing information about the status of the SCA method applied. The following codes are defined for this data type. * 'Received': An authorisation or cancellation-authorisation resource has been created successfully. * 'PsuIdentified': The PSU related to the authorisation or cancellation-authorisation resource has been identified. * 'PsuAuthenticated': The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. * 'ScaMethodSelected': The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of 'received'. * 'Started': The addressed SCA routine has been started. * 'Finalised': The SCA routine has been finalised successfully. * 'Failed': The SCA routine failed * 'Exempted': SCA was exempted for the related transaction, the related authorisation is successful. * 'Unconfirmed': SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. type: string enum: - "Received" - "PsuIdentified" - "PsuAuthenticated" - "ScaMethodSelected" - "Started" - "Finalised" - "Failed" - "Exempted" - "Unconfirmed" ConsentStatusEnum: description: | Status of the Account Information Service consent. * 'TimeoutAtTpp': This status can only occur in combination with the Bank Selection Interface (UseAuthorisationLandingPages = true). It's set if the Bank Selection Interface concludes that the consent cannot be completed because of a timeout. It's a final state. type: string enum: - Open - Pending - Rejected - Authorised - Expired - Revoked - Error - Inactive - RevokedAtTpp - TimeoutAtTpp - PartiallyAuthorised PermissionEnum: type: string description: | ## Permission field usage This field captures permissions on the level of * Accounts - all account information * Balances - balance information for all accounts (requires ReadAccounts) * Transactions - all transaction information enum: - Accounts - Balances - Transactions AuthorisationRequiredData: type: object additionalProperties: false description: | The data required for PSU authentication and transaction authorisation properties: PsuCredentials: type: array description: | List of credentials the PSU has on the ASPSP's system. The PSU has to provide the CredentialValue for each of these (Username & Password). items: $ref: '#/components/schemas/PsuCredentials' ScaMethods: type: array description: | Array of available ScaMethods. items: $ref: '#/components/schemas/ScaMethods' ChosenScaMethod: $ref: '#/components/schemas/ScaMethods' ChallengeData: $ref: '#/components/schemas/ScaChallengeData' ScaMethods: required: - AuthenticationMethodId - AuthenticationType type: object additionalProperties: false properties: AuthenticationType: type: string example: SMS_OTP description: | Type of the SCA authentication method. The following methods are commonly seen coming from the ASPSP: - SMS_OTP: The PSU will receive a One Time Password via SMS - CHIP_OTP: The PSU will be presented with a picture or text to create a One Time Password using their bank card - PHOTO_OTP: The PSU will be presented with a picture to create a One Time Password - PUSH_OTP: The PSU will receive a One Time Password via push notification on their mobile device - SMTP_OTP: The PSU will receive a One Time Password via email AuthenticationMethodId: type: string description: | An identification provided by the ASPSP for the later identification of the authentication method selection. Version: type: string description: | Depending on the AuthenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP's documentation. Name: type: string description: | This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like "SMS OTP on phone +49160 xxxxx 28". This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available. Explanation: type: string description: | Detailed information about the SCA method, meant for the PSU. ScaChallengeData: type: object additionalProperties: false properties: AdditionalInformation: type: string description: | Additional Information for the PSU describing the method. Data: type: array description: | A collection of strings as challenge data. items: type: string Image: type: string description: | Image in base64 encoding. ImageLink: type: string description: | URL of image. OtpFormat: type: string description: | The OTP format. OtpMaxLength: type: integer description: | The maximum length for the OTP. format: int32 description: | Structure to represent challenge data. PsuAuthCredentials: required: - CredentialId - CredentialValue type: object additionalProperties: false properties: CredentialId: type: string description: | CredentialId as retrieved in the response of the previous request. CredentialValue: type: string description: | Value of the credential. PsuData: type: object additionalProperties: false properties: AspspId: minLength: 1 type: string description: | The Id of the ASPSP. The Open Banking Service uses this information to route the consent and accounts information requests. AspspProductCode: type: string description: | This is describing the ProductCode as defined by the ASPSP. AspspPsuId: type: string example: PSU-xyz-12345 description: | PSU’s Id at ASPSP. Allows the unique identification of the PSU at the ASPSP. AspspCustomerId: type: string example: PSU-abc-12345 description: | PSU’s second Id at ASPSP. Required for some ASPSPs AspspPsuIdType: type: string description: | Type of the Aspsp PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. AspspPsuCorporateId: type: string description: | Identification of a Corporate in the Online Channels. AspspPsuCorporateIdType: type: string description: | This is describing the type of the identification needed by the ASPSP to identify the PSUCorporate-ID content. Country: type: string minLength: 2 maxLength: 2 pattern: '[A-Z]{2,2}' example: FR description: It is used to select a preferred country that is pre-selected on the bank selection page. PsuDataIdentification: type: object additionalProperties: false properties: AspspPsuId: type: string example: PSU-xyz-12345 description: | PSU’s Id at ASPSP. Allows the unique identification of the PSU at the ASPSP. AspspCustomerId: type: string example: PSU-abc-12345 description: | PSU’s second Id at ASPSP. Required for some ASPSPs AspspPsuIdType: type: string description: | Type of the Aspsp PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. AspspPsuCorporateId: type: string description: | Identification of a Corporate in the Online Channels. AspspPsuCorporateIdType: type: string description: | This is describing the type of the identification needed by the ASPSP to identify the PSUCorporate-ID content. PsuCredentials: required: - CredentialsDetails type: object additionalProperties: false properties: AspspProductCode: type: string description: | Product Identification. Used to contextualize the credentials to be provided by the PSU. CredentialsDetails: type: array description: | Credentials Details items: $ref: '#/components/schemas/CredentialDetails' description: | PSU Credentials on the ASPSP system. CredentialDetails: required: - IsSecret - LabelList type: object additionalProperties: false properties: IsSecret: type: string description: | Binary identification of the transparancy of the provided credentials by the PSU. Can have 2 values, * true * false Can be provided by ASPSP. If not provided by the ASPSP then by default, * true, if the CredentialId=ewl-password * false, if CredentialId=ewl-user-id CredentialId: type: string description: | Credential detail identification of the PSU credential at the bank (provided by CBI if approach is Embedded). If not provided by the ASPSP, then default values should be, * ewl-user-id, when IsSecret=false * ewl-password, when IsSecret=true LabelList: type: array description: | The list of the labels to show to the PSU. They are internationalized. items: $ref: '#/components/schemas/CredentialLabel' description: | Credentials Details CredentialLabel: required: - Label - Language type: object additionalProperties: false properties: Label: type: string description: | The label associated to the credentials to show to the PSU. Language: type: string description: | Label internationalization. It specifies the language of the label. The default value is EN. References: type: object additionalProperties: false properties: EndToEndId: type: string description: | Unique identification, as assigned by the Initiating Party, to unambiguously identify the transaction. This identification is passed on, unchanged, throughout the entire end-to end chain . Usage The end-to-end identification can be used for reconciliation or to link tasks relating to the transaction. It can be included in several messages related to the transaction. MandateId: type: string description: | Identification of Mandates, e.g. a SEPA Mandate ID. ChequeNumber: type: string description: | Identification of a Cheque. StatementReference: type: array description: | Can contains many statementReferences for OB UK. items: maxLength: 35 minLength: 1 type: string TransactionReference: type: string description: | Unique reference for the transaction. This reference is optionally populated, and may as an example be the FPID in the Faster Payments context. RemittanceInformationStructured: required: - Reference type: object additionalProperties: false properties: Reference: maxLength: 140 minLength: 1 type: string description: | The actual structured remittance information e.g. RF18539007547034. Type: maxLength: 35 minLength: 1 type: string description: | The type of the structured information e.g. SCOR. Issuer: maxLength: 35 minLength: 1 type: string description: | Identification of the issuer of the reference document type e.g. ISO. InitiationResponseLinks: description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'PreAuthenticationForEmbedded': In case of an embedded pre-authentication required by the ASPSP, the Initiating Party has to use this link. * 'RedirectUrl': In case of an Redirect approach, the Initiating Party has to use this link to redirect the PSU’s browser session. * 'PostAuthorisationForExplicit': In case the ASPSP requires explicit start of authorization e.g. for multiple authorizations. * 'PostIdentificationForDecoupled': In case of a Decoupled approach, the Initiating Party has to use this link to post the PSU username. * 'PostAuthorisationForEmbedded': In case of an embedded approach, the Initiating Party has to use this link to post the PSU credentials. * 'SelectAuthenticationMethod': In case of an embedded approach, the Initiating Party has to use this link to post the credentials. * 'AuthorizeTransaction': In case of an embedded approach, the Initiating Party has to authorize the transaction (consent) by providing the SCA OneTimePassword. * 'GetConsentStatus': Endpoint to be called for retrieving the consent status. type: object additionalProperties: false properties: PreAuthenticationForEmbedded: $ref: '#/components/schemas/Link' RedirectUrl: $ref: '#/components/schemas/Link' PostAuthorisationForExplicit: $ref: '#/components/schemas/Link' PostIdentificationForDecoupled: $ref: '#/components/schemas/Link' PostAuthorisationForEmbedded: $ref: '#/components/schemas/Link' SelectAuthenticationMethod: $ref: '#/components/schemas/Link' AuthorizeTransaction: $ref: '#/components/schemas/Link' GetConsentStatus: $ref: '#/components/schemas/Link' AuthorisationResponseLinks: type: object additionalProperties: false description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'RedirectUrl': In case of an Redirect approach, the Initiating Party has to use this link to redirect the PSU’s browser session. * 'PutAuthorisationForEmbedded': In case of an embedded approach, the Initiating Party has to use this link to post the PSU credentials. * 'SelectAuthenticationMethod': In case of an embedded approach, the Initiating Party has to use this link to post the credentials. * 'AuthorizeTransaction': In case of an embedded approach, the Initiating Party has to authorize the transaction (consent) by providing the SCA OneTimePassword. * 'GetConsentStatus': Endpoint to be called for retrieving the consent status. properties: RedirectUrl: $ref: '#/components/schemas/Link' PutAuthorisationForEmbedded: $ref: '#/components/schemas/Link' SelectAuthenticationMethod: $ref: '#/components/schemas/Link' AuthorizeTransaction: $ref: '#/components/schemas/Link' GetConsentStatus: $ref: '#/components/schemas/Link' ConsentStatusLinks: type: object additionalProperties: false description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'RedirectUrl': In case of an Redirect approach, the Initiating Party has to use this link to redirect the PSU’s browser session. * 'PostIdentificationForDecoupled': In case of a Decoupled approach, the Initiating Party has to use this link to post the PSU username. * 'PostAuthorisationForEmbedded': In case of an embedded approach, the Initiating Party has to use this link to post the PSU credentials. * 'SelectAuthenticationMethod': In case of an embedded approach, the Initiating Party has to use this link to post the credentials. * 'AuthorizeTransaction': In case of an embedded approach, the Initiating Party has to authorize the transaction (consent) by providing the SCA OneTimePassword. * 'GetConsentStatus': Endpoint to be called for retrieving the consent status. properties: RedirectUrl: $ref: '#/components/schemas/Link' PostAuthorisationForExplicit: $ref: '#/components/schemas/Link' PostIdentificationForDecoupled: $ref: '#/components/schemas/Link' PostAuthorisationForEmbedded: $ref: '#/components/schemas/Link' PutAuthorisationForEmbedded: $ref: '#/components/schemas/Link' SelectAuthenticationMethod: $ref: '#/components/schemas/Link' AuthorizeTransaction: $ref: '#/components/schemas/Link' GetConsentStatus: $ref: '#/components/schemas/Link' PaginationLinks: required: - Self type: object additionalProperties: false properties: Self: $ref: '#/components/schemas/Link' First: $ref: '#/components/schemas/Link' Last: $ref: '#/components/schemas/Link' Next: $ref: '#/components/schemas/Link' Prev: $ref: '#/components/schemas/Link' description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'Self': The endpoint to this page. * 'First': In case of paginated response, endpoint for the first page * 'Last': In case of paginated response, endpoint for the last page. * 'Next': In case of paginated response, endpoint for the next page. * 'Prev': In case of paginated response, endpoint for the previous page. discriminator: propertyName: classType AccountLinks: allOf: - $ref: '#/components/schemas/PaginationLinks' - type: object additionalProperties: false properties: Account: type: array items: $ref: '#/components/schemas/AccountItemLink' description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'Self': The endpoint to this page. * 'First': In case of paginated response, endpoint for the first page * 'Last': In case of paginated response, endpoint for the last page. * 'Next': In case of paginated response, endpoint for the next page. * 'Prev': In case of paginated response, endpoint for the previous page. * 'Account->Balances': Endpoint for GET balances of that account. * 'Account->Transactions': Endpoint for GET transactions of that account. AccountItemLink: required: - AccountId type: object additionalProperties: false properties: AccountId: maxLength: 40 minLength: 1 type: string description: | A unique and immutable identifier used to identify the account resource. Balances: $ref: '#/components/schemas/Link' Transactions: $ref: '#/components/schemas/Link' BalanceLinks: allOf: - $ref: '#/components/schemas/PaginationLinks' - type: object additionalProperties: false properties: Transactions: $ref: '#/components/schemas/Link' description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'Self': The endpoint to this page. * 'First': In case of paginated response, endpoint for the first page * 'Last': In case of paginated response, endpoint for the last page. * 'Next': In case of paginated response, endpoint for the next page. * 'Prev': In case of paginated response, endpoint for the previous page. * 'Transactions': Endpoint for the transactions for this account. TransactionLinks: allOf: - $ref: '#/components/schemas/PaginationLinks' - type: object additionalProperties: false properties: Download: $ref: '#/components/schemas/Link' Balances: $ref: '#/components/schemas/Link' description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'Self': The endpoint to this page. * 'First': In case of paginated response, endpoint for the first page * 'Last': In case of paginated response, endpoint for the last page. * 'Next': In case of paginated response, endpoint for the next page. * 'Prev': In case of paginated response, endpoint for the previous page. * 'Download': In case of unknown number of transactions in non-paginated response this link is provided to retrieve the transactions as a stream for download in the same JSON structure.. * 'Balances': Endpoint for the balances for this account. Links: type: object additionalProperties: false description: | A list of hyperlinks to be recognized by the Initiating Party. The actual hyperlinks used in the response depend on the dynamical decisions on authorization approach for example. Remark - All links are full links. * 'GetConsentStatus': Endpoint to be called for retrieving the consent status. properties: GetConsentStatus: $ref: '#/components/schemas/Link' Link: required: - Href type: object additionalProperties: false properties: Href: maxLength: 1024 minLength: 1 type: string Parameter: type: array items: $ref: '#/components/schemas/Param' Param: type: object additionalProperties: false description: key value pairs for additional parameter properties: Key: type: string Value: type: string Meta: type: object additionalProperties: false properties: TotalPages: type: integer format: int32 description: | Number of pages in case of a paginated response. Error: required: - Code - Message type: object additionalProperties: false properties: Code: pattern: '[0-9]{1,3}' type: string Message: maxLength: 140 minLength: 1 type: string Details: type: string Link: $ref: '#/components/schemas/Link' description: | |HTTP Status|Code |Description |-----------|-----|--------------------------------------- |400 |001 |Bad client request | |002 |The message does not comply the schema definition | |101 |The client or merchant is unknown | |102 |The client or merchant is inactive | |122 |The PSU consent is not valid | |133 |A conditional field is missing | |136 |Consent could not be found |401 |003 |Invalid signature | |021 |Unauthorized | |121 |The PSU consent does not exist | |123 |The PSU consent is expired | |131 |A one-off consent is required - but could not be found | |154 |Invalid digest |403 |007 |Initiating Party is not authorized | |017 |Initiating Party Token is expired | |119 |A PSU subscription is present, but inactive |404 |104 |Aspsp is unknown | |106 |The psu is unknown | |110 |Resource could not be found | |114 |The account is unknown | |150 |No pre-authentication found |410 |117 |The aspsp pagination resource timed out |415 |158 |Unsupported media type |500 |004 |An internal error occurred | |116 |The aspsp responded with an error | |152 |Ivalid response from ASPSP |502 |012 |Aspsp did not authorize |503 |016 |Request limit of the ASPSP server exceeded ProductType: type: string description: | The type of the product the registration is created for enum: - DataAggregation - DataAggregationWithEnrichment - CreditScoring - AccountAuthorisation RegistrationStatusEnum: type: string description: | The status of the requested registration enum: - Created - Pending - Finalised Consent: type: object additionalProperties: false description: '' required: - ConsentId properties: ConsentId: type: string description: '' example: '1234567' ConsentStatus: $ref: '#/components/schemas/ConsentStatusEnum' ValidUntil: type: string format: 'date-time' example: "2022-09-25T08:15:00.856Z" AspspId: type: string description: '' example: '121' Accounts: type: array items: $ref: '#/components/schemas/AccountDetails' AccountDetails: type: object additionalProperties: false description: '' required: - AccountId properties: AccountId: type: string description: 'This is the account Id generated by the Open Banking Service.' example: 'AccountId-6879' Identification: type: string description: 'Unambiguous identification for the account between the account owner and the account servicer.' example: 'DE44123412341234123400' Currency: type: string description: 'Identification of the currency in which the account is held.' example: 'EUR' SchemeName: type: string description: 'Name of the identification scheme.' example: 'IBAN' OwnerName: maxLength: 70 minLength: 1 type: string description: | Name of the legal account owner. headers: X-Request-ID: required: true description: | UUID for unique request identification. schema: type: string maxLength: 36 minLength: 1 example: abcdef2e-3000-4000-88cc-ae40e3b113d7 MessageCreateDateTime: required: true schema: type: string format: date-time example: "2022-09-25T08:15:00.856Z" description: | The message create date time. ISO 8601 DateTime. AspspScaApproach: description: | Indicates whether a decoupled flow is used by the ASPSP to continue the Strong Customer Authentication. This field only returns the values 'Decoupled' or 'SuspectedDecoupled'. Other possible flow options are communicated within the Links section of the response. schema: type: string parameters: AppRedirectPreferred: name: AppRedirectPreferred in: header schema: type: boolean default: false description: | If set to 'true' the Open Banking Service will try to steer the flow towards an App redirect for the authentication of the PSU and authorization of the consent. This can potentially improve the user journey as the banking application may use biometrics for SCA and skip the identification process if the user is already logged in. NOTE that, depending on the implementation of the ASPSP, it may so happen that the flows breaks if the user does not have the banking application installed on their mobile device. PsuId: name: psuId in: path description: | This field can be filled with an ID from the Initiating Party which refers to the PSU. required: true schema: type: string example: unique_psu_id_23858 RegistrationId: name: registrationId in: path schema: type: string required: true description: | Registration ID is the source ID, which is being created to link the PSUs under the same ProductType InitiatingPartyReturnUrl: name: InitiatingPartyReturnUrl in: header description: | The callback URL for the redirection back to the Initiating Party after authorization. schema: maxLength: 4000 minLength: 1 type: string example: https://www.example.org InitiatingPartyNotificationUrl: name: InitiatingPartyNotificationUrl in: header description: | The URL which will be used for notification service requests. The Open Banking Service supports two ways in which this field can be filled: * **Option A)** with an URL ending on /v2 or /v3, indicating the version of the Notification API implemented by the Initiating Party. In this case the URL called for notifications will be extended with /notification/status by the Open Banking Service. The 'NotificationVersion' field MUST NOT be filled. * **Option B)** with a full URL. The version information MUST BE provided in the 'NotificationVersion' field. In this case the provided URL will not be extended, and used as-is. examples: Option A: value: https://www.example.org/myendpoint/v3 Option B: value: https://www.example.org/myendpoint/notification schema: maxLength: 4000 minLength: 1 type: string NotificationVersion: name: NotificationVersion in: header description: | The version which shall be used for notification service requests. The version is either v2 or v3. If the NotificationVersion is given: - The URLs for notification endpoints must be provided as full URLs. - No endpoint specific extension will be added when calling out for notifications. See the description of InitiatingPartyNotificationUrl for more information. example: v3 schema: type: string UseAuthorisationLandingPages: name: UseAuthorisationLandingPages in: header schema: type: boolean default: false description: | If true, the Bank Selection Interface provided by Open Banking Service will be used to request required information from the PSU directly. Locale: name: Locale in: header schema: type: string description: | 2-digit ISO-639 code for the language in which the Bank Selection Interface is displayed. For special languages can be used 5-digit code like nl-BE, where first is ISO-639 langauge code and the second is ISO-3166 country code. If not set, the language of the Bank Selection Interface is taken over from the end user’s browser configuration or the system configuration of the Bank Selection Interface server. AspspId: name: aspspId in: path description: | ASPSP ID. required: true schema: type: string example: 20101 Recurring: name: recurring in: query description: | Indicates if the consent is for recurring access or for one time access to the account data. **Note -** Default value is set to false, only for ASPSPs having implemented the CBI protocol. schema: type: boolean AspspPsuId: name: AspspPsuId in: header description: | PSU’s Id at ASPSP. Allows the unique identification of the PSU at the ASPSP. schema: maxLength: 36 minLength: 1 type: string example: PSU-12345 AspspPsuIdType: name: AspspPsuIdType in: header description: | Type of the Aspsp PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. schema: type: string AspspPsuCorporateId: name: AspspPsuCorporateId in: header description: | Identification of a Corporate in the Online Channels. schema: type: string AspspPsuCorporateIdType: name: AspspPsuCorporateIdType in: header description: | This is describing the type of the identification needed by the ASPSP to identify the PSUCorporate-ID type. schema: type: string AspspProductCode: name: AspspProductCode in: header description: | This is describing the ProductCode as defined by the ASPSP. schema: type: string LastLogin: name: LastLogin in: header description: | PSU Session information. The time when the PSU last logged in with the TPP. schema: type: string format: date-time PsuIpAddress: name: PsuIpAddress in: header description: | PSU Session information. The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP . It shall be contained if and only if this request was actively initiated by the PSU. schema: maxLength: 35 minLength: 1 type: string PsuIpPort: name: PsuIpPort in: header description: | PSU Session information. The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. schema: maxLength: 5 minLength: 1 type: string HttpMethod: name: HttpMethod in: header description: | PSU Session information. HTTP method used at the PSU-TPP interface. Available values - GET, POST, PUT, DELETE. schema: maxLength: 6 minLength: 3 type: string HttpHeaderUserAgent: name: HttpHeaderUserAgent in: header description: | PSU Session information. The forwarded Agent header field of the HTTP request between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string HttpHeaderReferer: name: HttpHeaderReferer in: header description: | PSU Session information. schema: maxLength: 500 minLength: 1 type: string HttpHeaderAccept: name: HttpHeaderAccept in: header description: | PSU Session information. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string HttpHeaderAcceptCharset: name: HttpHeaderAcceptCharset in: header description: | PSU Session information. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string HttpHeaderAcceptEncoding: name: HttpHeaderAcceptEncoding in: header description: | PSU Session information. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string HttpHeaderAcceptLanguage: name: HttpHeaderAcceptLanguage in: header description: | PSU Session information. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string DeviceId: name: DeviceId in: header description: | UUID (Universally Unique Identifier) for a device, which is used by the PSU. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. schema: maxLength: 500 minLength: 1 type: string GeoLocation: name: GeoLocation in: header description: | The forwarded Geo Location of the corresponding http request between PSU and TPP. schema: maxLength: 500 minLength: 1 type: string UseImplicitPreAuthCombined: name: UseImplicitPreAuthCombined in: header description: | If set to 'true' and supported by the ASPSP, the Open Banking Service will request combined pre-authentication for both AIS and PIS. In use cases where AIS data retrieval is followed by a payment initiation for the same PSU-ASPSP combination, this can streamline the process by reducing the authentication steps required for the PSU to a single step. schema: type: boolean default: false X-Request-ID: name: X-Request-ID in: header description: | UUID for unique request identification. required: true schema: maxLength: 36 minLength: 1 type: string example: 2e12d0e7-c06e-420f-a6c2-e738037abef6 MessageCreateDateTime: name: MessageCreateDateTime in: header description: | The message create date time. ISO 8601 DateTime. required: true schema: type: string format: date-time example: "2022-09-25T08:15:00.856Z" ConsentId: name: consentId in: path description: | Id of the consent as received in the response to POST consents. required: true schema: maxLength: 1024 minLength: 1 type: string example: 48651 AuthorisationId: name: authorisationId in: path description: | Id of the authorization as received in the response to the previous request in the corresponding Link. required: true schema: maxLength: 1024 minLength: 1 type: string example: aid-4846 Page: name: page in: query description: | Used to retrieve a specific page in case the result is paginated. The value can be first, last, prev, next or a numerical value to request for a dedicated result page. schema: type: string TotalPages: name: totalPages in: query required: false schema: type: integer description: Used to limit the number of total pages retrieved by one request, if the result is paginated by the ASPSP. AccountId: name: accountId in: path description: | Id of the account of the PSU as retrieved form the GET accounts response. required: true schema: type: string AccountIdQueryParam: name: accountId in: query description: | The account id for which we must retrieved the balances. It could be given to restrict to transactions of given account. If not given, all stored transactions are responded. schema: type: string DateFrom: name: dateFrom in: query description: | Date and time. All transactions on this date are included in the result. If no time is filled it will be set to 00:00. If the ASPSP doesn’t support time, the time part is omitted. schema: type: string DateTo: name: dateTo in: query description: | Date and time, transactions up to this date are included. So transaction on this date are not included in the result. schema: type: string Dl: name: dl in: query description: Download ID as given in the download link of GET transactions. required: true schema: type: string example: 54339b88a4394d089aeacc8aece1625b responses: 400: description: | Bad Request headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 401: description: | Missing or wrong IP Token headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 403: description: | Expired IP Token headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 404: description: | Not Found, resource at TPP not found headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 410: description: | Pagination resource timed out. headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 415: description: | Unsupported Media Type headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 500: description: | Internal Server Error headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 502: description: | Bad Gateway, connection to ASPSP failed or token to the ASPSP missing. headers: X-Request-ID: $ref: '#/components/headers/X-Request-ID' MessageCreateDateTime: $ref: '#/components/headers/MessageCreateDateTime' content: application/json: schema: $ref: '#/components/schemas/Error' 503: description: | Service Unavailable, too many request to the ASPSP. headers: X-Request-ID: description: | UUID for unique request identification. schema: type: string MessageCreateDateTime: description: | The message create date time. ISO 8601 DateTime. schema: type: string format: date-time content: application/json: schema: $ref: '#/components/schemas/Error' 511: description: | Network Authentication Required, authentication to ASPSP failed . headers: X-Request-ID: description: | UUID for unique request identification. schema: type: string MessageCreateDateTime: description: | The message create date time. ISO 8601 DateTime. schema: type: string format: date-time content: application/json: schema: $ref: '#/components/schemas/Error'