#PROFOS eBanking PSD2 - API **Version** 1.0 [**Terms of Service**]() # APIs ## /accounts ### GET <a id="getAccounts">Reads a list of bank accounts, with balances where required. It is assumed that a consent ofthe PSU to this access is already given and stored on the ASPSP system.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>yes</td> <td> Shall be contained since &#x27;Establish Consent Transaction&#x27; was performed via this API before. </td> <td>string </td> </tr> <tr> <th>withBalance</th> <td>query</td> <td>no</td> <td> If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP </td> <td>boolean </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/AccountResponse">AccountResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /accounts/{account-id} ### GET <a id="getAccountDetails">Reads details about an account, with balances where required. It is assumed that a consentof the PSU to this access is already given and stored on the ASPSP system. The addresseddetails of this account depends then on the stored consent addressed by consentId</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>yes</td> <td> Shall be contained since &#x27;Establish Consent Transaction&#x27; was performed via this API before. </td> <td>string </td> </tr> <tr> <th>account-id</th> <td>path</td> <td>yes</td> <td> This identification is denoting the addressed account. The account-id is retrieved by using a &quot;Read Account List&quot; call.The account-id is the &quot;resourceId&quot; attribute of the account structure. </td> <td>string </td> </tr> <tr> <th>withBalance</th> <td>query</td> <td>no</td> <td> If contained, this function reads the details of the addressed account including the booking balance, if granted by the PSU </td> <td>boolean </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AccountResponse">AccountResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /accounts/{account-id}/balances ### GET <a id="getAccountBalances">Reads account data from a given account addressed by account-id</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>yes</td> <td> Shall be contained since &#x27;Establish Consent Transaction&#x27; was performed via this API before. </td> <td>string </td> </tr> <tr> <th>account-id</th> <td>path</td> <td>yes</td> <td> This identification is denoting the addressed account. The account-id is retrieved by using a &quot;Read Account List&quot; call.The account-id is the &quot;resourceId&quot; attribute of the account structure. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/AccountBalanceResponse">AccountBalanceResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /accounts/{account-id}/transactions ### GET <a id="getTransactions">Reads account data from a given account addressed by account-id</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>yes</td> <td> Shall be contained since &#x27;Establish Consent Transaction&#x27; was performed via this API before. </td> <td>string </td> </tr> <tr> <th>account-id</th> <td>path</td> <td>yes</td> <td> This identification is denoting the addressed account. The account-id is retrieved by using a &quot;Read Account List&quot; call.The account-id is the &quot;resourceId&quot; attribute of the account structure. </td> <td>string </td> </tr> <tr> <th>dateFrom</th> <td>query</td> <td>no</td> <td> Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required. </td> <td>string </td> </tr> <tr> <th>dateTo</th> <td>query</td> <td>no</td> <td> End date (inclusive the data dateTo) of the transaction list, default is now if not given. </td> <td>string </td> </tr> <tr> <th>entryReferenceFrom</th> <td>query</td> <td>no</td> <td> Not supported. </td> <td>string </td> </tr> <tr> <th>bookingStatus</th> <td>query</td> <td>yes</td> <td> Permitted codes are &quot;booked&quot;, &quot;pending&quot; and &quot;both&quot; </td> <td>string </td> </tr> <tr> <th>deltaList</th> <td>query</td> <td>no</td> <td> Not supported. </td> <td>boolean </td> </tr> <tr> <th>withBalance</th> <td>query</td> <td>no</td> <td> If contained, this function reads the list of transactions including the booking balance, if granted by the PSU in the related consent and available by the ASPSP </td> <td>boolean </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/AccountTransactionResponse">AccountTransactionResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /consents ### POST <a id="createConsent">Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because atm only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Consent data </td> <td> <a href="#/definitions/Consent">Consent</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/ConsentCreateResponse">ConsentCreateResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /consents/{consentId} ### GET <a id="getConsent">Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/ConsentDetailResponse">ConsentDetailResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### DELETE <a id="deleteConsent">Deletes a given consent.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /consents/{consentId}/authorisations ### GET <a id="getAuthorizations">Will deliver an array of resource identifications of all generated authorisation sub-resources.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Starts an authorisation process in for establishing account information consent data on the server.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /consents/{consentId}/authorisations/{authorisationId} ### GET <a id="getAuthorizationStatus">Checks the SCA status of a authorisation sub-resource.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Consent authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /consents/{consentId}/status ### GET <a id="getConsentStatus">Can check the status of an account information consent resource.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>consentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding consent object as returned by an Account Information Consent Request (POST /consents). </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /funds-confirmations ### POST <a id="getFundsConfirmations">Creates a confirmation of funds request at the ASPSP.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>yes</td> <td> The Consent-ID, which was provided after the customer signed the PIIS Consent Agreement. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> The payment data to be checked. </td> <td> <a href="#/definitions/FundsConfirmations">FundsConfirmations</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers ### POST <a id="createPayment">Creates a sepa payment initiation request at the ASPSP.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Content-Type</th> <td>header</td> <td>yes</td> <td> only &quot;application/json&quot; supported </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>no</td> <td> This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the &quot;consentId&quot; of the related AIS consent, which was performed prior to this payment initiation. With the consentId, the given payment data can be validated. </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because at the moment only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>TPP-RejectionNoFundsPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! If it equals &quot;true&quot; then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals &quot;false&quot; then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter may be ignored by the ASPSP </td> <td>string </td> </tr> <tr> <th>TPPNotificationURI</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP, cp. also the extended service definition in [XS2ARSNS] </td> <td>string </td> </tr> <tr> <th>TPPNotificationContentPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> The payment data to be transported. </td> <td> <a href="#/definitions/InternationalPayment">InternationalPayment</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/PaymentCreateResponse">PaymentCreateResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId} ### GET <a id="getPaymentDetails">Read the details of an initiated payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### DELETE <a id="deletePayment">Cancels the addressed payment with resource identification paymentId ifnapplicable to the payment-service, payment-product and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day). The response to this DELETE command will tell the TPP whether the* access method was rejected (HTTP-STATUS &gt; 400) * access method was successful (HTTP-STATUS = 204, or * access method is generally applicable, but further authorisation processes are needed (HTTP-STATUS = 202).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because atm only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/PaymentDeleteResponse">PaymentDeleteResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId}/authorisations ### GET <a id="getAuthorisations">Read a list of all authorisation subresources IDs which have been created.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Create an authorisation subresource and start the authorisation process, might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the transaction.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId}/authorisations/{authorisationId} ### GET <a id="getAuthorisationStatus">Read the SCA status of the authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId}/cancellation-authorisations ### GET <a id="getCancellationAuthorisations">Retrieve a list of all created cancellation authorisation subresources.If the POST command on this endpoint is supported, then also this GET method needs to be supported.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startCancellationAuthorisation">Starts the authorisation of the cancellation of the addressed payment with resource identificationpaymentId if mandated by the ASPSP (i.e. the DELETE access method is not sufficient) and if applicable to the payment-service, and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId}/cancellation-authorisations/{authorisationId} ### GET <a id="getCancellationAuthorisationStatus">Read the SCA status of the cancellation authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmCancellationAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/cross-border-credit-transfers/{paymentId}/status ### GET <a id="getPaymentStatus">Read the transaction status of the payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers ### POST <a id="createPayment">Creates a sepa payment initiation request at the ASPSP.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Content-Type</th> <td>header</td> <td>yes</td> <td> only &quot;application/json&quot; supported </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>no</td> <td> This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the &quot;consentId&quot; of the related AIS consent, which was performed prior to this payment initiation. With the consentId, the given payment data can be validated. </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because at the moment only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>TPP-RejectionNoFundsPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! If it equals &quot;true&quot; then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals &quot;false&quot; then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter may be ignored by the ASPSP </td> <td>string </td> </tr> <tr> <th>TPPNotificationURI</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP, cp. also the extended service definition in [XS2ARSNS] </td> <td>string </td> </tr> <tr> <th>TPPNotificationContentPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> The payment data to be transported. </td> <td> <a href="#/definitions/SepaPayment">SepaPayment</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/PaymentCreateResponse">PaymentCreateResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId} ### GET <a id="getPaymentDetails">Read the details of an initiated payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### DELETE <a id="deletePayment">Cancels the addressed payment with resource identification paymentId ifnapplicable to the payment-service, payment-product and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day). The response to this DELETE command will tell the TPP whether the* access method was rejected (HTTP-STATUS &gt; 400) * access method was successful (HTTP-STATUS = 204, or * access method is generally applicable, but further authorisation processes are needed (HTTP-STATUS = 202).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because atm only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/PaymentDeleteResponse">PaymentDeleteResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId}/authorisations ### GET <a id="getAuthorisations">Read a list of all authorisation subresources IDs which have been created.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Create an authorisation subresource and start the authorisation process, might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the transaction.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId}/authorisations/{authorisationId} ### GET <a id="getAuthorisationStatus">Read the SCA status of the authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId}/cancellation-authorisations ### GET <a id="getCancellationAuthorisations">Retrieve a list of all created cancellation authorisation subresources.If the POST command on this endpoint is supported, then also this GET method needs to be supported.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startCancellationAuthorisation">Starts the authorisation of the cancellation of the addressed payment with resource identificationpaymentId if mandated by the ASPSP (i.e. the DELETE access method is not sufficient) and if applicable to the payment-service, and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId}/cancellation-authorisations/{authorisationId} ### GET <a id="getCancellationAuthorisationStatus">Read the SCA status of the cancellation authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmCancellationAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /payments/sepa-credit-transfers/{paymentId}/status ### GET <a id="getPaymentStatus">Read the transaction status of the payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers ### POST <a id="createPayment">Creates a cross border credit transfer periodic payment initiation request at the ASPSP.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Content-Type</th> <td>header</td> <td>yes</td> <td> only &quot;application/json&quot; supported </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>no</td> <td> This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the &quot;consentId&quot; of the related AIS consent, which was performed prior to this payment initiation. With the consentId, the given payment data can be validated. </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because at the moment only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>TPP-RejectionNoFundsPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! If it equals &quot;true&quot; then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals &quot;false&quot; then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter may be ignored by the ASPSP </td> <td>string </td> </tr> <tr> <th>TPPNotificationURI</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP, cp. also the extended service definition in [XS2ARSNS] </td> <td>string </td> </tr> <tr> <th>TPPNotificationContentPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> The payment data to be transported. </td> <td> <a href="#/definitions/InternationalPeriodicPayment">InternationalPeriodicPayment</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/PaymentCreateResponse">PaymentCreateResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId} ### GET <a id="getPaymentDetails">Read the details of an initiated payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### DELETE <a id="deletePayment">Cancels the addressed payment with resource identification paymentId ifnapplicable to the payment-service, payment-product and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day). The response to this DELETE command will tell the TPP whether the* access method was rejected (HTTP-STATUS &gt; 400) * access method was successful (HTTP-STATUS = 204, or * access method is generally applicable, but further authorisation processes are needed (HTTP-STATUS = 202).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because atm only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/PaymentDeleteResponse">PaymentDeleteResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId}/authorisations ### GET <a id="getAuthorisations">Read a list of all authorisation subresources IDs which have been created.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Create an authorisation subresource and start the authorisation process, might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the transaction.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId}/authorisations/{authorisationId} ### GET <a id="getAuthorisationStatus">Read the SCA status of the authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId}/cancellation-authorisations ### GET <a id="getCancellationAuthorisations">Retrieve a list of all created cancellation authorisation subresources.If the POST command on this endpoint is supported, then also this GET method needs to be supported.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startCancellationAuthorisation">Starts the authorisation of the cancellation of the addressed payment with resource identificationpaymentId if mandated by the ASPSP (i.e. the DELETE access method is not sufficient) and if applicable to the payment-service, and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId}/cancellation-authorisations/{authorisationId} ### GET <a id="getCancellationAuthorisationStatus">Read the SCA status of the cancellation authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmCancellationAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/cross-border-credit-transfers/{paymentId}/status ### GET <a id="getPaymentStatus">Read the transaction status of the payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers ### POST <a id="createPayment">Creates a sepa peroidc payment initiation request at the ASPSP.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Content-Type</th> <td>header</td> <td>yes</td> <td> only &quot;application/json&quot; supported </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>no</td> <td> This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the &quot;consentId&quot; of the related AIS consent, which was performed prior to this payment initiation. With the consentId, the given payment data can be validated. </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because at the moment only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>TPP-RejectionNoFundsPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! If it equals &quot;true&quot; then the TPP prefers a rejection of the payment initiation in case the ASPSP is providing an integrated confirmation of funds request an the result of this is that not sufficient funds are available. If it equals &quot;false&quot; then the TPP prefers that the ASPSP is dealing with the payment initiation like in the ASPSPs online channel, potentially waiting for a certain time period for funds to arrive to initiate the payment. This parameter may be ignored by the ASPSP </td> <td>string </td> </tr> <tr> <th>TPPNotificationURI</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP, cp. also the extended service definition in [XS2ARSNS] </td> <td>string </td> </tr> <tr> <th>TPPNotificationContentPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> The payment data to be transported. </td> <td> <a href="#/definitions/SepaPeriodicPayment">SepaPeriodicPayment</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href="#/definitions/PaymentCreateResponse">PaymentCreateResponse</a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId} ### GET <a id="getPaymentDetails">Read the details of an initiated payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### DELETE <a id="deletePayment">Cancels the addressed payment with resource identification paymentId ifnapplicable to the payment-service, payment-product and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day). The response to this DELETE command will tell the TPP whether the* access method was rejected (HTTP-STATUS &gt; 400) * access method was successful (HTTP-STATUS = 204, or * access method is generally applicable, but further authorisation processes are needed (HTTP-STATUS = 202).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because atm only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/PaymentDeleteResponse">PaymentDeleteResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId}/authorisations ### GET <a id="getAuthorisations">Read a list of all authorisation subresources IDs which have been created.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Create an authorisation subresource and start the authorisation process, might in addition transmit authentication and authorisation related data. This method is iterated n times for a n times SCA authorisation in a corporate context, each creating an own authorisation sub-endpoint for the corresponding PSU authorising the transaction.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId}/authorisations/{authorisationId} ### GET <a id="getAuthorisationStatus">Read the SCA status of the authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId}/cancellation-authorisations ### GET <a id="getCancellationAuthorisations">Retrieve a list of all created cancellation authorisation subresources.If the POST command on this endpoint is supported, then also this GET method needs to be supported.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startCancellationAuthorisation">Starts the authorisation of the cancellation of the addressed payment with resource identificationpaymentId if mandated by the ASPSP (i.e. the DELETE access method is not sufficient) and if applicable to the payment-service, and received in product related timelines (e.g. before end of business day for scheduled payments of the last business day before the scheduled execution day).</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId}/cancellation-authorisations/{authorisationId} ### GET <a id="getCancellationAuthorisationStatus">Read the SCA status of the cancellation authorisation.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmCancellationAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /periodic-payments/sepa-credit-transfers/{paymentId}/status ### GET <a id="getPaymentStatus">Read the transaction status of the payment.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>paymentId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding payment initiation object as returned by an Payment Initiation Request. </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /signing-baskets ### POST <a id="createSigningBasket">Generates a signing basket.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>Consent-ID</th> <td>header</td> <td>no</td> <td> This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the &quot;consentId&quot; of the related AIS consent, which was performed prior to this payment initiation. With the consentId, the given payment data can be validated. </td> <td>string </td> </tr> <tr> <th>TPP-RedirectPreferred</th> <td>header</td> <td>no</td> <td> Not in use, because at the moment only REDIRECT Approach is supported </td> <td>string </td> </tr> <tr> <th>TPP-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect. It is recommended to always use this header field. </td> <td>string </td> </tr> <tr> <th>TPP-Nok-Redirect-URI</th> <td>header</td> <td>no</td> <td> URI of the TPP, where the transaction flow shall be redirected to after a Redirect, in case of an invalid authorization. </td> <td>string </td> </tr> <tr> <th>TPP-ExplicitAuthorisationPreferred</th> <td>header</td> <td>no</td> <td> If it equals &quot;true&quot;, the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals &quot;false&quot; or if the parameter is not used, there is no preference of the TPP </td> <td>string </td> </tr> <tr> <th>TPPNotificationURI</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent. This header field may by ignored by the ASPSP, cp. also the extended service definition in [XS2ARSNS] </td> <td>string </td> </tr> <tr> <th>TPPNotificationContentPreferred</th> <td>header</td> <td>no</td> <td> NOT SUPPORTED!! </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Signing Basket data to be transported. </td> <td> <a href="#/definitions/SigningBasket">SigningBasket</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/SigningBasketResponse">SigningBasketResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /signing-baskets/{basketId} ### GET <a id="getSigningBasket">Returns the content of an signing basket object.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/SigningBasketDetailResponse">SigningBasketDetailResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /signing-baskets/{basketId}/authorisations ### GET <a id="getAuthorizations">Will deliver an array of resource identifications of all generated authorisation sub-resources.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | Array[<a href=""></a>]| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### POST <a id="startAuthorization">Starts the authorisation process for all transactions contained in the related signing basket.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>yes</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>yes</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorizationResponse">AuthorizationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /signing-baskets/{basketId}/authorisations/{authorisationId} ### GET <a id="getAuthorizationStatus">Checks the SCA status of a authorisation sub-resource.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Signing-Basket authorisation sub-resource </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ### PUT <a id="confirmAuthorisation">This request is used, when in the preceding response the hyperlink of type &#x27;confirmation&#x27; was contained and if a redirection authentication method has been applied. Before the call can be submitted by the TPP, an authorization code, respectively a confirmation code needs to be retrieved by the TPP after the SCA processing in a redirect to the ASPSP authentication server. </a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>Authorization</th> <td>header</td> <td>no</td> <td> Not in use </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> <tr> <th>authorisationId</th> <td>path</td> <td>yes</td> <td> Resource identifciation of the related Payment authorisation sub-resource </td> <td>string </td> </tr> <tr> <th>body</th> <td>body</td> <td>yes</td> <td> Confirmation data </td> <td> <a href="#/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | <a href="#/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a>| | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | ## /signing-baskets/{basketId}/status ### GET <a id="getSigningBasketStatus">Returns the status of the signing basket object.</a> #### Request **Content-Type: ** application/json ##### Parameters <table border="1"> <tr> <th>Name</th> <th>Located in</th> <th>Required</th> <th>Description</th> <th>Schema</th> </tr> <tr> <th>X-Request-ID</th> <td>header</td> <td>yes</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>Digest</th> <td>header</td> <td>yes</td> <td> Is contained if and only if the &quot;Signature&quot; element is contained in the header of the request. </td> <td>string </td> </tr> <tr> <th>Signature</th> <td>header</td> <td>yes</td> <td> A signature of the request by the TPP on application level. This might be mandated by ASPSP. Example: keyId=&quot;SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE&quot;,algorithm=&quot;rsa-sha256&quot;, headers=&quot;Digest X-Request-ID PSU-ID TPP-Redirect-URI Date&quot;, signature=&quot;Base64(RSA-SHA256(signing string)) </td> <td>string </td> </tr> <tr> <th>TPP-Signature-Certificate</th> <td>header</td> <td>yes</td> <td> The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. </td> <td>string </td> </tr> <tr> <th>PSU-ID</th> <td>header</td> <td>no</td> <td> Client ID of the PSU in the ASPSP client interface. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Address</th> <td>header</td> <td>no</td> <td> The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. </td> <td>string </td> </tr> <tr> <th>PSU-ID-Type</th> <td>header</td> <td>no</td> <td> Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-Corporate-ID-Type</th> <td>header</td> <td>no</td> <td> Only used in a corporate context. </td> <td>string </td> </tr> <tr> <th>PSU-IP-Port</th> <td>header</td> <td>no</td> <td> The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Charset</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Encoding</th> <td>header</td> <td>no</td> <td> The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Accept-Language</th> <td>header</td> <td>no</td> <td> ID (UUID) of the request, unique to the call, as determined by the initiating party. </td> <td>string </td> </tr> <tr> <th>PSU-User-Agent</th> <td>header</td> <td>no</td> <td> The forwarded Agent header field of the HTTP request between PSU and TPP, if available. </td> <td>string </td> </tr> <tr> <th>PSU-Http-Method</th> <td>header</td> <td>no</td> <td> HTTP method used at the PSU TPP interface, if available. Valid values are:&lt;br/&gt;- GET&lt;br/&gt;-POST&lt;br/&gt;-PUT&lt;br/&gt;-PATCH&lt;br/&gt;-DELETE </td> <td>string </td> </tr> <tr> <th>PSU-Device-ID</th> <td>header</td> <td>no</td> <td> UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. </td> <td>string </td> </tr> <tr> <th>PSU-Geo-Location</th> <td>header</td> <td>no</td> <td> The forwarded Geo Location of the corresponding http request between PSU and TPP if available. </td> <td>string </td> </tr> <tr> <th>basketId</th> <td>path</td> <td>yes</td> <td> ID of the corresponding signing basket object </td> <td>string </td> </tr> </table> #### Response **Content-Type: ** application/json | Status Code | Reason | Response Model | |-------------|-------------|----------------| | 200 | successful operation | | | 400 | Bad Request | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 401 | Unauthorized | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 403 | Forbidden | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 404 | Not Found | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 405 | Method Not Allowed | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 406 | Not Acceptable | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 429 | Too Many Requests | Array[<a href="#/definitions/TppMessage">TppMessage</a>]| | 500 | Internal Server Error | - | # Definitions ## <a name="/definitions/AccountAccess">AccountAccess</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>accounts</td> <td> array[<a href="#/definitions/AccountReference">AccountReference</a>] </td> <td>optional</td> <td>Is asking for detailed account information. If the array is empty, the TPP is asking for an accessible account list. Please note that a "transactions" or "balances" access right also gives access to the generic /accounts endpoints, i.e. is implicitly supporting also the "accounts" access. Optionally, the sub-attributes "accounts", "balances" and "transactions" only carry an empty array. In this case all the consent is requested for all accounts with full access.</td> <td></td> </tr> <tr> <td>balances</td> <td> array[<a href="#/definitions/AccountReference">AccountReference</a>] </td> <td>optional</td> <td>Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts or transactions shall be empty, if used.</td> <td></td> </tr> <tr> <td>transactions</td> <td> array[<a href="#/definitions/AccountReference">AccountReference</a>] </td> <td>optional</td> <td>Is asking for transactions of the addressed accounts. If the array is empty, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty,also the arrays for accounts or balances shall be empty, if used.</td> <td></td> </tr> <tr> <td>additionalInformationAccess</td> <td> <a href="#/definitions/ConsentAdditionalInformationAccess">ConsentAdditionalInformationAccess</a> </td> <td>optional</td> <td>Is asking for additional information as added within this structured object. The usage of this data element requires at least one of the entries "accounts", "transactions" or "balances" also to be contained in the object. If detailed accounts are referenced, it is required in addition that any account addressed within the additionalInformation attribute is also addressed by at least one of the attributes "accounts", "transactions" or "balances".Not supported!</td> <td></td> </tr> <tr> <td>availableAccounts</td> <td> string </td> <td>optional</td> <td>The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The value "allAccountsWithOwnerName" is not supported!</td> <td></td> </tr> <tr> <td>availableAccountsWithBalance</td> <td> string </td> <td>optional</td> <td>The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The value "allAccountsWithOwnerName" is not supported!</td> <td></td> </tr> <tr> <td>allPsd2</td> <td> string </td> <td>optional</td> <td>The values "allAccounts" and "allAccountsWithOwnerName" are admitted. The value "allAccountsWithOwnerName" is not supported!</td> <td></td> </tr> </table> ## <a name="/definitions/AccountBalanceResponse">AccountBalanceResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>account</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>optional</td> <td>Identifier of the addressed account.</td> <td></td> </tr> <tr> <td>balances</td> <td> array[<a href="#/definitions/Balance">Balance</a>] </td> <td>required</td> <td>A list of balances regarding this account, e.g.the current balance, the last booked balance.</td> <td></td> </tr> </table> ## <a name="/definitions/AccountReference">AccountReference</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>iban</td> <td> string </td> <td>optional</td> <td>IBAN</td> <td></td> </tr> <tr> <td>bban</td> <td> string </td> <td>optional</td> <td>BBAN</td> <td></td> </tr> <tr> <td>pan</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>maskedPan</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>msisdn</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>currency</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> </table> ## <a name="/definitions/AccountReport">AccountReport</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>booked</td> <td> array[<a href="#/definitions/AccountTransaction">AccountTransaction</a>] </td> <td>required</td> <td>Booked transactions.</td> <td></td> </tr> <tr> <td>pending</td> <td> array[<a href="#/definitions/AccountTransaction">AccountTransaction</a>] </td> <td>optional</td> <td>Pending transactions.</td> <td></td> </tr> <tr> <td>information</td> <td> array[<a href="#/definitions/AccountTransaction">AccountTransaction</a>] </td> <td>optional</td> <td>Active standing order information.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td>Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "transactions" These links are only supported, when the corresponding consent has been already granted.</td> <td></td> </tr> </table> ## <a name="/definitions/AccountResponse">AccountResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>resourceId</td> <td> string </td> <td>optional</td> <td>This is the data element to be used in the path when retrieving data from a dedicated account. This shall be filled, if addressable resource are created by the ASPSP on the accounts endpoint.</td> <td></td> </tr> <tr> <td>iban</td> <td> string </td> <td>optional</td> <td>IBAN of an account</td> <td></td> </tr> <tr> <td>bban</td> <td> string </td> <td>optional</td> <td>BBAN of an account</td> <td></td> </tr> <tr> <td>msisdn</td> <td> string </td> <td>optional</td> <td>An alias to access a payment account via a registered mobile phone number</td> <td></td> </tr> <tr> <td>currency</td> <td> string </td> <td>required</td> <td>Account currency in ISO 4217 Alpha 3 currency code.</td> <td></td> </tr> <tr> <td>ownerName</td> <td> string </td> <td>optional</td> <td>Name of the legal account owner. If there is more than one owner, then e.g. two names might be noted here. For a corporate account, the corporate name is used for this attribute.</td> <td></td> </tr> <tr> <td>name</td> <td> string </td> <td>optional</td> <td>Name of the account given by the bank or the PSU in Online-Banking.</td> <td></td> </tr> <tr> <td>product</td> <td> string </td> <td>optional</td> <td>Product Name of the Bank for this account, proprietary definition.</td> <td></td> </tr> <tr> <td>cashAccountType</td> <td> string </td> <td>optional</td> <td>ExternalCashAccountType1Code from ISO 20022</td> <td></td> </tr> <tr> <td>displayName</td> <td> string </td> <td>optional</td> <td>Name of the account as defined by the PSU within online channels.</td> <td></td> </tr> <tr> <td>status</td> <td> string </td> <td>optional</td> <td>Account status. The value is one of the following:<br/>- "enabled": account is available<br/>- "deleted": account is terminated<br/>- "blocked": account is blocked e.g. for legal reasons<br/><br/>If this field is not used, than the account is available in the sense of this specification.</td> <td></td> </tr> <tr> <td>bic</td> <td> string </td> <td>optional</td> <td>The BIC associated to the account.</td> <td></td> </tr> <tr> <td>linkedAccounts</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>usage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>details</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>balances</td> <td> array[<a href="#/definitions/Balance">Balance</a>] </td> <td>optional</td> <td>Account balances, if request parameter "withBalance" is set to true</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>optional</td> <td>Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "transactions". These links are only supported, when the corresponding consent has been already granted.</td> <td></td> </tr> </table> ## <a name="/definitions/AccountTransaction">AccountTransaction</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>transactionId</td> <td> string </td> <td>optional</td> <td>Can be used as access-ID in the API, where more details on an transaction is offered. If this data attribute is provided this shows that the AIS can get access on more details about this transaction using the GET Transaction Details Request</td> <td></td> </tr> <tr> <td>entryReference</td> <td> string </td> <td>optional</td> <td>Is the identification of the transaction as used e.g. for reference for deltafunction on application level. The same identification as for example used within camt.05x messages.</td> <td></td> </tr> <tr> <td>endToEndId</td> <td> string </td> <td>optional</td> <td>Unique end to end identity.</td> <td></td> </tr> <tr> <td>mandateId</td> <td> string </td> <td>optional</td> <td>Identification of Mandates, e.g. a SEPA Mandate ID.</td> <td></td> </tr> <tr> <td>checkId</td> <td> string </td> <td>optional</td> <td>Identification of a Cheque</td> <td></td> </tr> <tr> <td>creditorId</td> <td> string </td> <td>optional</td> <td>Identification of Creditors, e.g. a SEPA Creditor ID.</td> <td></td> </tr> <tr> <td>bookingDate</td> <td> string (date-time) </td> <td>optional</td> <td>The Date when an entry is posted to an account on the ASPSPs books.</td> <td></td> </tr> <tr> <td>valueDate</td> <td> string (date-time) </td> <td>optional</td> <td>The Date at which assets become available to the account owner in case of a credit</td> <td></td> </tr> <tr> <td>transactionAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Transaction amount.</td> <td></td> </tr> <tr> <td>currencyExchange</td> <td> array[<a href="#/definitions/ExchangeRate">ExchangeRate</a>] </td> <td>optional</td> <td>Exchange Rates.</td> <td></td> </tr> <tr> <td>creditorName</td> <td> string </td> <td>optional</td> <td>Name of the creditor if a "Debited" transaction.</td> <td></td> </tr> <tr> <td>creditorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>optional</td> <td>Creditor Account.</td> <td></td> </tr> <tr> <td>creditorAgent</td> <td> string </td> <td>optional</td> <td>Creditor Account BIC.</td> <td></td> </tr> <tr> <td>ultimateCreditor</td> <td> string </td> <td>optional</td> <td>Ultimate Creditor.</td> <td></td> </tr> <tr> <td>debtorName</td> <td> string </td> <td>optional</td> <td>Name of the debtor if a "Credited" transaction.</td> <td></td> </tr> <tr> <td>debtorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>optional</td> <td>Debtor Account.</td> <td></td> </tr> <tr> <td>debtorAgent</td> <td> string </td> <td>optional</td> <td>Debtor Account BIC.</td> <td></td> </tr> <tr> <td>ultimateDebtor</td> <td> string </td> <td>optional</td> <td>Ultimate Debtor.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructured</td> <td> string </td> <td>optional</td> <td>Reference in unstructured remittance reference structure.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructuredArray</td> <td> array[string] </td> <td>optional</td> <td>Reference in unstructured remittance reference structure as array</td> <td></td> </tr> <tr> <td>remittanceInformationStructured</td> <td> <a href="#/definitions/Remittance">Remittance</a> </td> <td>optional</td> <td>Reference as contained in the structured remittance reference structure (without the surrounding XML structure).</td> <td></td> </tr> <tr> <td>remittanceInformationStructuredArray</td> <td> array[<a href="#/definitions/Remittance">Remittance</a>] </td> <td>optional</td> <td>Reference as contained in the structured remittance reference structure (without the surrounding XML structure) as array</td> <td></td> </tr> <tr> <td>additionalInformation</td> <td> string </td> <td>optional</td> <td>Might be used by the ASPSP to transport additional transaction related information to the PSU</td> <td></td> </tr> <tr> <td>additionalInformationStructured</td> <td> <a href="#/definitions/StructedAdditionalInformation">StructedAdditionalInformation</a> </td> <td>optional</td> <td>Is used if and only if the bookingStatus entry equals 'information'. Every active standing order related to the dedicated payment account result into one entry</td> <td></td> </tr> <tr> <td>purposeCode</td> <td> string </td> <td>optional</td> <td>Purpose Code.</td> <td></td> </tr> <tr> <td>bankTransactionCode</td> <td> string </td> <td>optional</td> <td>Bank transaction code as used by the ASPSP and using the sub elements of this structured code defined by ISO20022.</td> <td></td> </tr> <tr> <td>proprietaryBankTransactionCode</td> <td> string </td> <td>optional</td> <td>proprietary bank transaction code as used within a community or within an ASPSP e.g. for MT94x based transaction reports.</td> <td></td> </tr> <tr> <td>balanceAfterTransaction</td> <td> <a href="#/definitions/Balance">Balance</a> </td> <td>optional</td> <td>This is the balance after this transaction. Recommended balance type is interimBooked.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>optional</td> <td>The following links could be used here: <br/>- "transactionDetails": for retrieving details of a transaction</td> <td></td> </tr> </table> ## <a name="/definitions/AccountTransactionResponse">AccountTransactionResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>account</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>optional</td> <td>Identifier of the addressed account.</td> <td></td> </tr> <tr> <td>transactions</td> <td> <a href="#/definitions/AccountReport">AccountReport</a> </td> <td>optional</td> <td>JSON based account report.</td> <td></td> </tr> <tr> <td>balances</td> <td> array[<a href="#/definitions/Balance">Balance</a>] </td> <td>optional</td> <td>A list of balances regarding this account, which might be restricted to the current balance.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>optional</td> <td>A list of hyperlinks to be recognised by the TPP.<br/> - "download": NOT IN USE. a link to a resource, where the transaction report might be downloaded from in case where transaction reports have a huge size. Remark: This feature shall only be used where camt-data is requested which has a huge size.</td> <td></td> </tr> </table> ## <a name="/definitions/Address">Address</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>street</td> <td> string </td> <td>optional</td> <td>Street.</td> <td></td> </tr> <tr> <td>buildingNumber</td> <td> string </td> <td>optional</td> <td>Building Number.</td> <td></td> </tr> <tr> <td>city</td> <td> string </td> <td>optional</td> <td>City.</td> <td></td> </tr> <tr> <td>postalCode</td> <td> string </td> <td>optional</td> <td>Postal Code.</td> <td></td> </tr> <tr> <td>country</td> <td> string </td> <td>optional</td> <td>Country.</td> <td></td> </tr> </table> ## <a name="/definitions/Amount">Amount</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>amount</td> <td> number </td> <td>required</td> <td>The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot.\nExample: Valid representations for EUR with up to two decimals are: 1) 1056 2) 5768.2 3) -1.50 4) 5877.78</td> <td></td> </tr> <tr> <td>currency</td> <td> string </td> <td>required</td> <td>ISO 4217 Alpha 3 currency code.</td> <td></td> </tr> </table> ## <a name="/definitions/AuthenticationObject">AuthenticationObject</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>authenticationType</td> <td> string </td> <td>required</td> <td>Type of the authentication method.<br/><br/>Allowed Values: <br/>- "SMS_OTP": An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel.<br/>- "CHIP_OTP": NOT IN USE. An SCA method, where an OTP is generated by a chip card.<br/>- "PHOTO_OTP": NOT IN USE. An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU.<br/>- "PUSH_OTP": NOT IN USE. An OTP is pushed to a dedicated authentication APP and displayed to the PSU.</td> <td></td> </tr> <tr> <td>authenticationVersion</td> <td> string </td> <td>optional</td> <td>Depending on the authenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation.</td> <td></td> </tr> <tr> <td>authenticationMethodId</td> <td> string </td> <td>required</td> <td>An identification provided by the ASPSP for the later identification of the authentication method selection.</td> <td></td> </tr> <tr> <td>name</td> <td> string </td> <td>optional</td> <td>This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like "SMS OTP on phone +49160 xxxxx 28".This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.</td> <td></td> </tr> <tr> <td>explanation</td> <td> string </td> <td>optional</td> <td>Detailed information about the SCA method for the PSU.</td> <td></td> </tr> </table> ## <a name="/definitions/AuthorisationConfirmation">AuthorisationConfirmation</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>confirmationCode</td> <td> string </td> <td>required</td> <td>Confirmation Code as retrieved by the TPP from the redirect based SCA process.</td> <td></td> </tr> </table> ## <a name="/definitions/AuthorisationConfirmationResponse">AuthorisationConfirmationResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaStatus</td> <td> string </td> <td>required</td> <td>Confirmation Code as retrieved by the TPP from the redirect based SCA process.</td> <td></td> </tr> <tr> <td>links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td>status: The link to retrieve the status of the corresponding transaction resource.</td> <td></td> </tr> </table> ## <a name="/definitions/AuthorizationResponse">AuthorizationResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaMethods</td> <td> array[<a href="#/definitions/AuthenticationObject">AuthenticationObject</a>] </td> <td>optional</td> <td>Not supported! Only authenticationType "SMS_OTP" supported!</td> <td></td> </tr> <tr> <td>chosenScaMethod</td> <td> <a href="#/definitions/AuthenticationObject">AuthenticationObject</a> </td> <td>optional</td> <td>Not supported! Only REDIRECT SCA Approach is supported!</td> <td></td> </tr> <tr> <td>challengeData</td> <td> <a href="#/definitions/ChallengeData">ChallengeData</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>psuMessage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>scaStatus</td> <td> string </td> <td>required</td> <td>This data element is containing information about the status of the SCA method applied. Possible Values: <br/>- "received": An authorisation or cancellation-authorisation resource has been created successfully.<br/>- "psuIdentified": The PSU related to the authorisation or cancellation-authorisation resource has been identified.<br/>- "psuAuthenticated": The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token.<br/>- "scaMethodSelected": The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of "received".<br/>- "started": The addressed SCA routine has been started.<br/>- "finalised": he SCA routine has been finalised successfully.<br/>- "failed": The SCA routine failed.<br/>- "exempted": SCA was exempted for the related transaction, the related authorisation is successful<br/></td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td> A list of hyperlinks to be recognised by the TPP. <br/> Type of links admitted in this response: <br/> -"scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.<br/> -"status":The link to retrieve the transaction status of the payment initiation.<br/> -"scaStatus": The link to retrieve the scaStatus of the corresponding authorisation subresource. This link is only contained, if an authorisation sub-resource has been already created.</td> <td></td> </tr> </table> ## <a name="/definitions/Balance">Balance</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>balanceAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Balance amount.</td> <td></td> </tr> <tr> <td>balanceType</td> <td> string </td> <td>required</td> <td>Balance type. <br/><br/>Allowed Values:<br/>- "closingBooked": Balance of the account at the end of the pre-agreed account reporting period.It is the sum of the opening booked balance at the beginning of the period and all entries bookedto the account during the pre-agreed account reporting period.For card-accounts, this is composed of - invoiced, but not yet paid entries.<br/><br/>- "expected": Balance composed of booked entries and pending items known at the time of calculation,which projects the end of day balance if everything is booked on the account and no other entry is posted.For card accounts, this is composed of- invoiced, but not yet paid entries,- not yet invoiced but already booked entries and- pending items (not yet booked)<br/><br/>- "authorised": NOT IN USE. The expected balance together with the value of a pre-approved credit line the ASPSP makes permanently available to the user.<br/><br/># "openingBooked": NOT IN USE. Book balance of the account at the beginning of the account reporting period.It always equals the closing book balance from the previous report.<br/><br/>- "interimAvailable": NOT IN USE. Available balance calculated in the course of the account servicer's business day,at the time specified, and subject to further changes during the business day.The interim balance is calculated on the basis of booked credit and debit items during the calculationtime/period specified.For card-accounts, this is composed of- invoiced, but not yet paid entries,- not yet invoiced but already booked entries<br/><br/>- "interimBooked": Balance calculated in the course of the account servicer's business day, at the time specified, and subject to further changes during the business day. The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period specified.- "forwardAvailable": NOT IN USE. Forward available balance of money that is at the disposal of the account owner on the date specified.<br/><br/>- "nonInvoiced": NOT IN USE. Only for card accounts, to be checked yet.<br/><br/>- "available": NOT IN USE.</td> <td></td> </tr> <tr> <td>referenceDate</td> <td> string (date-time) </td> <td>optional</td> <td>Reference date of the balance.</td> <td></td> </tr> <tr> <td>lastChangeDateTime</td> <td> string (date-time) </td> <td>optional</td> <td>This data element might be used to indicate e.g. with the expected or booked balance that no action is known on the account, which is not yet booked.</td> <td></td> </tr> <tr> <td>lastCommittedTransaction</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> </table> ## <a name="/definitions/ChallengeData">ChallengeData</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>image</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>data</td> <td> string </td> <td>optional</td> <td>String challenge data.</td> <td></td> </tr> <tr> <td>imageLink</td> <td> string </td> <td>optional</td> <td> A link where the ASPSP will provides the challenge image for the TPP.</td> <td></td> </tr> <tr> <td>otpMaxLength</td> <td> integer (int32) </td> <td>optional</td> <td>The maximal length for the OTP to be typed in by the PSU.</td> <td></td> </tr> <tr> <td>otpFormat</td> <td> string </td> <td>optional</td> <td>The format type of the OTP to be typed in. The admitted values are "characters" or "integer".</td> <td></td> </tr> <tr> <td>additionalInformation</td> <td> string </td> <td>optional</td> <td>Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU.</td> <td></td> </tr> </table> ## <a name="/definitions/Consent">Consent</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>access</td> <td> <a href="#/definitions/AccountAccess">AccountAccess</a> </td> <td>required</td> <td>Requested access services.</td> <td></td> </tr> <tr> <td>recurringIndicator</td> <td> boolean </td> <td>required</td> <td>"true", if the consent is for recurring access to the account datafalse", if the consent is for one access to the account data.</td> <td></td> </tr> <tr> <td>validUntil</td> <td> string (date-time) </td> <td>required</td> <td>This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the adjusted date.</td> <td></td> </tr> <tr> <td>frequencyPerDay</td> <td> integer (int32) </td> <td>required</td> <td>This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".</td> <td></td> </tr> <tr> <td>combinedServiceIndicator</td> <td> boolean </td> <td>required</td> <td>If "true" indicates that a payment initiation service will be addressed in the same "session".</td> <td></td> </tr> </table> ## <a name="/definitions/ConsentAdditionalInformationAccess">ConsentAdditionalInformationAccess</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>ownerName</td> <td> array[<a href="#/definitions/AccountReference">AccountReference</a>] </td> <td>optional</td> <td>Is asking for account owner name of the accounts referenced within. If the array is empty in the request, the TPP is asking for the account owner name of all accessible accounts. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts, balances or transactions shall be empty, if used. The ASPSP will indicate in the consent resource after a successful authorisation, whether the ownerName consent can be accepted by providing the accounts on which the ownerName will be delivered. This array can be empty.</td> <td></td> </tr> </table> ## <a name="/definitions/ConsentCreateResponse">ConsentCreateResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaMethods</td> <td> array[<a href="#/definitions/AuthenticationObject">AuthenticationObject</a>] </td> <td>optional</td> <td>Not supported! Only authenticationType "SMS_OTP" supported!</td> <td></td> </tr> <tr> <td>chosenScaMethod</td> <td> <a href="#/definitions/AuthenticationObject">AuthenticationObject</a> </td> <td>optional</td> <td>Not supported! Only REDIRECT SCA Approach is supported!</td> <td></td> </tr> <tr> <td>challengeData</td> <td> <a href="#/definitions/ChallengeData">ChallengeData</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>psuMessage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>consentStatus</td> <td> string </td> <td>required</td> <td>Status of the consent resource. Possible values:<br/>- "received": The consent data have been received and are technically correct. The data is not authorised yet.<br/>- "rejected": The consent data have been rejected e.g. since no successful authorisation has taken place.<br/>- "valid": The consent is accepted and valid for GET account data calls and others as specified in the consent object.<br/>- "revokedByPsu": The consent has been revoked by the PSU towards the ASPSP.<br/>- "expired": The consent expired.<br/>- "terminatedByTpp": The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource</td> <td></td> </tr> <tr> <td>consentId</td> <td> string </td> <td>required</td> <td>Identification of the consent resource as it is used in the API structure</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td> A list of hyperlinks to be recognised by the TPP. <br/> Type of links admitted in this response: <br/> -"scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.<br/> -"status":The link to retrieve the transaction status of the payment initiation.<br/> -"scaStatus": The link to retrieve the scaStatus of the corresponding authorisation subresource. This link is only contained, if an authorisation sub-resource has been already created.</td> <td></td> </tr> </table> ## <a name="/definitions/ConsentDetailResponse">ConsentDetailResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>access</td> <td> <a href="#/definitions/AccountAccess">AccountAccess</a> </td> <td>required</td> <td>Requested access services.</td> <td></td> </tr> <tr> <td>recurringIndicator</td> <td> boolean </td> <td>required</td> <td>"true", if the consent is for recurring access to the account data "false", if the consent is for one access to the account data.</td> <td></td> </tr> <tr> <td>validUntil</td> <td> string (date-time) </td> <td>required</td> <td>This parameter is requesting a valid until date for the requested consent.This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the adjusted date.</td> <td></td> </tr> <tr> <td>frequencyPerDay</td> <td> integer (int32) </td> <td>required</td> <td>This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".</td> <td></td> </tr> <tr> <td>lastActionDate</td> <td> string (date-time) </td> <td>required</td> <td>This date is containing the date of the last action on the consent object either through the XS2A interface or the PSU/ASPSP interface having an impact on the status.</td> <td></td> </tr> <tr> <td>consentStatus</td> <td> string </td> <td>required</td> <td>Status of the consent resource. Possible values:<br/>- "received": The consent data have been received and are technically correct. The data is not authorised yet.<br/>- "rejected": The consent data have been rejected e.g. since no successful authorisation has taken place.<br/>- "valid": The consent is accepted and valid for GET account data calls and others as specified in the consent object.<br/>- "revokedByPsu": The consent has been revoked by the PSU towards the ASPSP.<br/>- "expired": The consent expired.<br/>- "terminatedByTpp": The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource</td> <td></td> </tr> </table> ## <a name="/definitions/ExchangeRate">ExchangeRate</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>currencyFrom</td> <td> string </td> <td>required</td> <td>Currency code from.</td> <td></td> </tr> <tr> <td>rateFrom</td> <td> string </td> <td>required</td> <td>Rate from.</td> <td></td> </tr> <tr> <td>currencyTo</td> <td> string </td> <td>required</td> <td>Currency code to.</td> <td></td> </tr> <tr> <td>rateTo</td> <td> string </td> <td>required</td> <td>Rate to.</td> <td></td> </tr> <tr> <td>rateDate</td> <td> string (date-time) </td> <td>required</td> <td>Rate date</td> <td></td> </tr> <tr> <td>rateContract</td> <td> string </td> <td>optional</td> <td>Rate contract</td> <td></td> </tr> </table> ## <a name="/definitions/FundsConfirmations">FundsConfirmations</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>cardNumber</td> <td> string </td> <td>optional</td> <td>Card Number of the card issued by the PIISP. Should be delivered if available.</td> <td></td> </tr> <tr> <td>account</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>Not Supported! PSU’s account number.</td> <td></td> </tr> <tr> <td>payee</td> <td> string </td> <td>optional</td> <td>The merchant where the card is accepted as an information to the PSU.</td> <td></td> </tr> <tr> <td>instructedAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Not Supported! Transaction amount to be checked within the funds check mechanism.</td> <td></td> </tr> </table> ## <a name="/definitions/InternationalPayment">InternationalPayment</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>endToEndIdentification</td> <td> string </td> <td>optional</td> <td>End to end identification.</td> <td></td> </tr> <tr> <td>instructionIdentification</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>debtorName</td> <td> string </td> <td>optional</td> <td>The debtor name. Only available in GET Payment Response.</td> <td></td> </tr> <tr> <td>debtorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The debtor account.</td> <td></td> </tr> <tr> <td>creditorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The creditor account.</td> <td></td> </tr> <tr> <td>creditorName</td> <td> string </td> <td>required</td> <td>The creditor name.</td> <td></td> </tr> <tr> <td>creditorAgentBic</td> <td> string </td> <td>optional</td> <td>The creditor agent BIC.</td> <td></td> </tr> <tr> <td>creditorAgentCode</td> <td> string </td> <td>optional</td> <td>The creditor agent code.</td> <td></td> </tr> <tr> <td>creditorAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>The creditor address</td> <td></td> </tr> <tr> <td>instructedAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>The instructed amount.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructured</td> <td> string </td> <td>optional</td> <td>Unstructured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructuredArray</td> <td> array[string] </td> <td>optional</td> <td>Unstructured remittance information as array.</td> <td></td> </tr> <tr> <td>ultimateDebtor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>ultimateCreditor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>chargesType</td> <td> string </td> <td>optional</td> <td>Type of charges.</td> <td></td> </tr> <tr> <td>liablePayerName</td> <td> string </td> <td>optional</td> <td>Liable payer name</td> <td></td> </tr> <tr> <td>liablePayerAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>Liable payer address</td> <td></td> </tr> <tr> <td>requestedExecutionDate</td> <td> string (date-time) </td> <td>optional</td> <td>Requested execution ISO date.</td> <td></td> </tr> <tr> <td>requestedExecutionTime</td> <td> string (date-time) </td> <td>optional</td> <td>Requested execution ISODateTime.</td> <td></td> </tr> </table> ## <a name="/definitions/InternationalPeriodicPayment">InternationalPeriodicPayment</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>endToEndIdentification</td> <td> string </td> <td>optional</td> <td>End to end identification.</td> <td></td> </tr> <tr> <td>instructionIdentification</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>debtorName</td> <td> string </td> <td>optional</td> <td>The debtor name. Only available in GET Payment Response.</td> <td></td> </tr> <tr> <td>debtorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The debtor account.</td> <td></td> </tr> <tr> <td>creditorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The creditor account.</td> <td></td> </tr> <tr> <td>creditorName</td> <td> string </td> <td>required</td> <td>The creditor name.</td> <td></td> </tr> <tr> <td>creditorAgentBic</td> <td> string </td> <td>optional</td> <td>The creditor agent BIC.</td> <td></td> </tr> <tr> <td>creditorAgentCode</td> <td> string </td> <td>optional</td> <td>The creditor agent code.</td> <td></td> </tr> <tr> <td>creditorAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>The creditor address</td> <td></td> </tr> <tr> <td>instructedAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>The instructed amount.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructured</td> <td> string </td> <td>optional</td> <td>Unstructured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructuredArray</td> <td> array[string] </td> <td>optional</td> <td>Unstructured remittance information as array.</td> <td></td> </tr> <tr> <td>ultimateDebtor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>ultimateCreditor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>chargesType</td> <td> string </td> <td>optional</td> <td>Type of charges.</td> <td></td> </tr> <tr> <td>liablePayerName</td> <td> string </td> <td>optional</td> <td>Liable payer name</td> <td></td> </tr> <tr> <td>liablePayerAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>Liable payer address</td> <td></td> </tr> <tr> <td>startDate</td> <td> string (date-time) </td> <td>optional</td> <td>The first applicable day of execution starting from this date is the first payment. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>endDate</td> <td> string (date-time) </td> <td>optional</td> <td>The last applicable day of execution. If not given, it is an infinite standing order. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>executionRule</td> <td> string </td> <td>optional</td> <td>Execution rule with "latest" or "earliest" as values. Not supported!</td> <td></td> </tr> <tr> <td>withinAMonthFlag</td> <td> boolean </td> <td>optional</td> <td>This element is only used in case of frequency equals 'monthly' If this element equals false it has no effect. If this element equals true, then the execution rule is overruled if the day of execution would fall into a different month using the execution rule. Not supported!</td> <td></td> </tr> <tr> <td>frequency</td> <td> string </td> <td>required</td> <td>Frequency of the recurring payment resulting from this standing order</td> <td></td> </tr> <tr> <td>monthsOfExecution</td> <td> array[string] </td> <td>optional</td> <td>The format is following the regular expression d{1,2}. The array is restricted to 11 entries. The values contained In the array entries shall all be different and the maximum value of one entry is 12. This attribute is contained if and only if the frequency equals 'MonthlyVariable'.</td> <td></td> </tr> <tr> <td>multiplicator</td> <td> integer (int32) </td> <td>required</td> <td>This is multiplying the given frequency resulting the exact frequency, e.g. Frequency=weekly and multiplicator=3 means every 3 weeks. Not supported!</td> <td></td> </tr> <tr> <td>dayOfExecution</td> <td> integer (int32) </td> <td>required</td> <td>"31" is ultimo. The format is following the regular expression d{1,2}. Example: The first day is addressed by '1'</td> <td></td> </tr> <tr> <td>limitAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Amount limit for fund skimming, e.g. skim all funds above this limit to savings account, i.e. typically a specific periodic payments with fixed remaining amount rather than fixed transaction amount. Amount may be zero as well as below zero, i.e. negative. Constraints: transactionAmount needs to be zero and bankTransactionCode needs to specify PMNT-MCOP-OTHR for fund skimming</td> <td></td> </tr> </table> ## <a name="/definitions/Link">Link</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>href</td> <td> string </td> <td>required</td> <td>Href of link</td> <td></td> </tr> </table> ## <a name="/definitions/LinkInformation">LinkInformation</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaRedirect</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to an ASPSP site where SCA is performed within the Redirect SCA approach.</td> <td></td> </tr> <tr> <td>scaOAuth</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>startAuthorisation</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started. No specific data is needed for this process start.</td> <td></td> </tr> <tr> <td>confirmation</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Might be added by the ASPSP if either the 'scaRedirect' or 'scaOAuth' hyperlink is returned in the same response message. This hyperlink defines the URL to the resource which needs to be updated with 1) a confirmation code as retrieved after the plain redirect authentication process with the ASPSP authenticationserver or 2) an access token as retrieved by submitting an authorization code after the integrated OAuth based authentication process with the ASPSP authentication server. </td> <td></td> </tr> <tr> <td>startAuthorisationWithPsuIdentification</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>updatePsuIdentification</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>startAuthorisationWithProprietaryData</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>updateProprietaryData</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>updatePsuAuthentication</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>startAuthorisationWithTransactionAuthorisation</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>selectAuthenticationMethod</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>authoriseTransaction</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>self</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation.</td> <td></td> </tr> <tr> <td>status</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to retrieve the status of the transaction resource..</td> <td></td> </tr> <tr> <td>scaStatus</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource.</td> <td></td> </tr> <tr> <td>account</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to the resource providing the details of one account.</td> <td></td> </tr> <tr> <td>balances</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to the resource providing the balance of a dedicated account.</td> <td></td> </tr> <tr> <td>transactions</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to the resource providing the transaction history of a dedicated account</td> <td></td> </tr> <tr> <td>transactionDetails</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>A link to the resource providing details of a dedicated transaction.</td> <td></td> </tr> <tr> <td>first</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Navigation link for paginated account reports.</td> <td></td> </tr> <tr> <td>next</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Navigation link for paginated account reports.</td> <td></td> </tr> <tr> <td>previous</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Navigation link for paginated account reports.</td> <td></td> </tr> <tr> <td>last</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Navigation link for paginated account reports.</td> <td></td> </tr> <tr> <td>download</td> <td> <a href="#/definitions/Link">Link</a> </td> <td>optional</td> <td>Download link for huge AIS data packages.</td> <td></td> </tr> </table> ## <a name="/definitions/PaymentCreateResponse">PaymentCreateResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaMethods</td> <td> array[<a href="#/definitions/AuthenticationObject">AuthenticationObject</a>] </td> <td>optional</td> <td>Not supported! Only authenticationType "SMS_OTP" supported!</td> <td></td> </tr> <tr> <td>chosenScaMethod</td> <td> <a href="#/definitions/AuthenticationObject">AuthenticationObject</a> </td> <td>optional</td> <td>Not supported! Only REDIRECT SCA Approach is supported!</td> <td></td> </tr> <tr> <td>challengeData</td> <td> <a href="#/definitions/ChallengeData">ChallengeData</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>psuMessage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>transactionStatus</td> <td> string </td> <td>required</td> <td>ExternalPaymentTransactionStatus1Code from ISO 20022. Values: <br/>- "ACCP": AcceptedCustomerProfile<br/>- "ACSC": AcceptedSettlementCompleted<br/>- "ACSP": AcceptedSettlementInProcess<br/>- "ACTC": AcceptedTechnicalValidation<br/>- "ACWC": AcceptedWithChange<br/>- "ACWP": AcceptedWithoutPosting<br/>- "RCVD": Received<br/>- "PDNG": Pending<br/>- "RJCT": Rejected<br/>- "CANC": Cancelled<br/><br/>In this Response the transaction status is either RCVD, if successfull or RJCT, if not successfull.</td> <td></td> </tr> <tr> <td>paymentId</td> <td> string </td> <td>required</td> <td>resource identification of the generated payment initiation resource.</td> <td></td> </tr> <tr> <td>transactionFees</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>optional</td> <td>Can be used by the ASPSP to transport transaction fees relevant for the underlying payments.</td> <td></td> </tr> <tr> <td>transactionFeeIndicator</td> <td> boolean </td> <td>optional</td> <td>If equals “true”, the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals "false", the transaction will not involve additional specific transaction costs to the PSU.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td> A list of hyperlinks to be recognised by the TPP. <br/> Type of links admitted in this response: <br/> -"scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.<br/> -"status":The link to retrieve the transaction status of the payment initiation.<br/> -"scaStatus": The link to retrieve the scaStatus of the corresponding authorisation subresource. This link is only contained, if an authorisation sub-resource has been already created.</td> <td></td> </tr> </table> ## <a name="/definitions/PaymentDeleteResponse">PaymentDeleteResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaMethods</td> <td> array[<a href="#/definitions/AuthenticationObject">AuthenticationObject</a>] </td> <td>optional</td> <td>Not supported! Only authenticationType "SMS_OTP" supported!</td> <td></td> </tr> <tr> <td>chosenScaMethod</td> <td> <a href="#/definitions/AuthenticationObject">AuthenticationObject</a> </td> <td>optional</td> <td>Not supported! Only REDIRECT SCA Approach is supported!</td> <td></td> </tr> <tr> <td>challengeData</td> <td> <a href="#/definitions/ChallengeData">ChallengeData</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>psuMessage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>transactionStatus</td> <td> string </td> <td>required</td> <td>ExternalPaymentTransactionStatus1Code from ISO 20022. Values: <br/>- "ACCP": AcceptedCustomerProfile<br/>- "ACSC": AcceptedSettlementCompleted<br/>- "ACSP": AcceptedSettlementInProcess<br/>- "ACTC": AcceptedTechnicalValidation<br/>- "ACWC": AcceptedWithChange<br/>- "ACWP": AcceptedWithoutPosting<br/>- "RCVD": Received<br/>- "PDNG": Pending<br/>- "RJCT": Rejected<br/>- "CANC": Cancelled<br/><br/>In this Response the transaction status is either ACTC, if a authorisation is required or CANC, if the payment was successfully deleted.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td> A list of hyperlinks to be recognised by the TPP. <br/> Type of links admitted in this response: <br/> -"scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.<br/> -"status":The link to retrieve the transaction status of the payment initiation.<br/> -"scaStatus": The link to retrieve the scaStatus of the corresponding authorisation subresource. This link is only contained, if an authorisation sub-resource has been already created.</td> <td></td> </tr> </table> ## <a name="/definitions/Remittance">Remittance</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>reference</td> <td> string </td> <td>optional</td> <td>Reference.</td> <td></td> </tr> <tr> <td>referenceType</td> <td> string </td> <td>optional</td> <td>Reference Type.</td> <td></td> </tr> <tr> <td>referenceIssuer</td> <td> string </td> <td>optional</td> <td>Reference Issuer.</td> <td></td> </tr> </table> ## <a name="/definitions/SepaPayment">SepaPayment</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>endToEndIdentification</td> <td> string </td> <td>optional</td> <td>End to end identification.</td> <td></td> </tr> <tr> <td>instructionIdentification</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>debtorName</td> <td> string </td> <td>optional</td> <td>The debtor name. Only available in GET Payment Response.</td> <td></td> </tr> <tr> <td>debtorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The debtor account.</td> <td></td> </tr> <tr> <td>creditorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The creditor account.</td> <td></td> </tr> <tr> <td>creditorName</td> <td> string </td> <td>required</td> <td>The creditor name.</td> <td></td> </tr> <tr> <td>creditorAgent</td> <td> string </td> <td>optional</td> <td>The creditor agent BIC.</td> <td></td> </tr> <tr> <td>creditorAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>The creditor address</td> <td></td> </tr> <tr> <td>instructedAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>The instructed amount.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructured</td> <td> string </td> <td>optional</td> <td>Unstructured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructuredArray</td> <td> array[string] </td> <td>optional</td> <td>Unstructured remittance information as array.</td> <td></td> </tr> <tr> <td>remittanceInformationStructured</td> <td> <a href="#/definitions/Remittance">Remittance</a> </td> <td>optional</td> <td>Structured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationStructuredArray</td> <td> array[<a href="#/definitions/Remittance">Remittance</a>] </td> <td>optional</td> <td>Structured remittance information as array</td> <td></td> </tr> <tr> <td>ultimateDebtor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>ultimateCreditor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>requestedExecutionDate</td> <td> string (date-time) </td> <td>optional</td> <td>Requested execution ISO date.</td> <td></td> </tr> <tr> <td>requestedExecutionTime</td> <td> string (date-time) </td> <td>optional</td> <td>Requested execution ISODateTime.</td> <td></td> </tr> </table> ## <a name="/definitions/SepaPeriodicPayment">SepaPeriodicPayment</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>endToEndIdentification</td> <td> string </td> <td>optional</td> <td>End to end identification.</td> <td></td> </tr> <tr> <td>instructionIdentification</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>debtorName</td> <td> string </td> <td>optional</td> <td>The debtor name. Only available in GET Payment Response.</td> <td></td> </tr> <tr> <td>debtorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The debtor account.</td> <td></td> </tr> <tr> <td>creditorAccount</td> <td> <a href="#/definitions/AccountReference">AccountReference</a> </td> <td>required</td> <td>The creditor account.</td> <td></td> </tr> <tr> <td>creditorName</td> <td> string </td> <td>required</td> <td>The creditor name.</td> <td></td> </tr> <tr> <td>creditorAgent</td> <td> string </td> <td>optional</td> <td>The creditor agent BIC.</td> <td></td> </tr> <tr> <td>creditorAddress</td> <td> <a href="#/definitions/Address">Address</a> </td> <td>optional</td> <td>The creditor address</td> <td></td> </tr> <tr> <td>instructedAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>The instructed amount.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructured</td> <td> string </td> <td>optional</td> <td>Unstructured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationUnstructuredArray</td> <td> array[string] </td> <td>optional</td> <td>Unstructured remittance information as array.</td> <td></td> </tr> <tr> <td>remittanceInformationStructured</td> <td> <a href="#/definitions/Remittance">Remittance</a> </td> <td>optional</td> <td>Structured remittance information.</td> <td></td> </tr> <tr> <td>remittanceInformationStructuredArray</td> <td> array[<a href="#/definitions/Remittance">Remittance</a>] </td> <td>optional</td> <td>Structured remittance information as array</td> <td></td> </tr> <tr> <td>ultimateDebtor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>ultimateCreditor</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>startDate</td> <td> string (date-time) </td> <td>optional</td> <td>The first applicable day of execution starting from this date is the first payment. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>endDate</td> <td> string (date-time) </td> <td>optional</td> <td>The last applicable day of execution. If not given, it is an infinite standing order. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>executionRule</td> <td> string </td> <td>optional</td> <td>Execution rule with "latest" or "earliest" as values.</td> <td></td> </tr> <tr> <td>withinAMonthFlag</td> <td> boolean </td> <td>optional</td> <td>This element is only used in case of frequency equals 'monthly' If this element equals false it has no effect. If this element equals true, then the execution rule is overruled if the day of execution would fall into a different month using the execution rule. Not supported!</td> <td></td> </tr> <tr> <td>frequency</td> <td> string </td> <td>required</td> <td>Frequency of the recurring payment resulting from this standing order</td> <td></td> </tr> <tr> <td>monthsOfExecution</td> <td> array[string] </td> <td>optional</td> <td>The format is following the regular expression d{1,2}. The array is restricted to 11 entries. The values contained In the array entries shall all be different and the maximum value of one entry is 12. This attribute is contained if and only if the frequency equals 'MonthlyVariable'.</td> <td></td> </tr> <tr> <td>multiplicator</td> <td> integer (int32) </td> <td>required</td> <td>This is multiplying the given frequency resulting the exact frequency, e.g. Frequency=weekly and multiplicator=3 means every 3 weeks. Not supported!</td> <td></td> </tr> <tr> <td>dayOfExecution</td> <td> integer (int32) </td> <td>required</td> <td>"31" is ultimo.</td> <td></td> </tr> <tr> <td>limitAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Amount limit for fund skimming, e.g. skim all funds above this limit to savings account, i.e. typically a specific periodic payments with fixed remaining amount rather than fixed transaction amount. Amount may be zero as well as below zero, i.e. negative. Constraints: transactionAmount needs to be zero and bankTransactionCode needs to specify PMNT-MCOP-OTHR for fund skimming</td> <td></td> </tr> </table> ## <a name="/definitions/SigningBasket">SigningBasket</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>paymentIds</td> <td> array[string] </td> <td>required</td> <td>An array of paymentIds.</td> <td></td> </tr> <tr> <td>consentIds</td> <td> array[string] </td> <td>required</td> <td>An array of cosentIds.</td> <td></td> </tr> </table> ## <a name="/definitions/SigningBasketDetailResponse">SigningBasketDetailResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>payments</td> <td> array[string] </td> <td>optional</td> <td>payment initiations which shall be authorised through this signing basket.</td> <td></td> </tr> <tr> <td>consents</td> <td> array[string] </td> <td>optional</td> <td>consent objects which shall be authorised through this signing basket.</td> <td></td> </tr> <tr> <td>transactionStatus</td> <td> string </td> <td>required</td> <td>ExternalPaymentTransactionStatus1Code from ISO 20022. Values: <br/>- "ACCP": AcceptedCustomerProfile<br/>- "ACSC": AcceptedSettlementCompleted<br/>- "ACSP": AcceptedSettlementInProcess<br/>- "ACTC": AcceptedTechnicalValidation<br/>- "ACWC": AcceptedWithChange<br/>- "ACWP": AcceptedWithoutPosting<br/>- "RCVD": Received<br/>- "PDNG": Pending<br/>- "RJCT": Rejected<br/>- "CANC": Cancelled<br/><br/>In this Response the transaction status is either RCVD, ACTC or RJCT.</td> <td></td> </tr> </table> ## <a name="/definitions/SigningBasketResponse">SigningBasketResponse</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>scaMethods</td> <td> array[<a href="#/definitions/AuthenticationObject">AuthenticationObject</a>] </td> <td>optional</td> <td>Not supported! Only authenticationType "SMS_OTP" supported!</td> <td></td> </tr> <tr> <td>chosenScaMethod</td> <td> <a href="#/definitions/AuthenticationObject">AuthenticationObject</a> </td> <td>optional</td> <td>Not supported! Only REDIRECT SCA Approach is supported!</td> <td></td> </tr> <tr> <td>challengeData</td> <td> <a href="#/definitions/ChallengeData">ChallengeData</a> </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>psuMessage</td> <td> string </td> <td>optional</td> <td>Not supported.</td> <td></td> </tr> <tr> <td>transactionStatus</td> <td> string </td> <td>optional</td> <td>ExternalPaymentTransactionStatus1Code from ISO 20022. Values: <br/>- "ACCP": AcceptedCustomerProfile<br/>- "ACSC": AcceptedSettlementCompleted<br/>- "ACSP": AcceptedSettlementInProcess<br/>- "ACTC": AcceptedTechnicalValidation<br/>- "ACWC": AcceptedWithChange<br/>- "ACWP": AcceptedWithoutPosting<br/>- "RCVD": Received<br/>- "PDNG": Pending<br/>- "RJCT": Rejected<br/>- "CANC": Cancelled<br/><br/>In this Response the transaction status is either RCVD, if successfull or RJCT, if not successfull.</td> <td></td> </tr> <tr> <td>basketId</td> <td> string </td> <td>optional</td> <td>resource identification of the generated signing basket resource.</td> <td></td> </tr> <tr> <td>_links</td> <td> <a href="#/definitions/LinkInformation">LinkInformation</a> </td> <td>required</td> <td> A list of hyperlinks to be recognised by the TPP. <br/> Type of links admitted in this response: <br/> -"scaRedirect": In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser.<br/> -"status":The link to retrieve the transaction status of the payment initiation.<br/> -"scaStatus": The link to retrieve the scaStatus of the corresponding authorisation subresource. This link is only contained, if an authorisation sub-resource has been already created.</td> <td></td> </tr> </table> ## <a name="/definitions/StandingOrderDetails">StandingOrderDetails</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>startDate</td> <td> string (date-time) </td> <td>optional</td> <td>The first applicable day of execution starting from this date is the first payment. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>endDate</td> <td> string (date-time) </td> <td>optional</td> <td>The last applicable day of execution. If not given, it is an infinite standing order. Pattern: "yyyy-MM-dd"</td> <td></td> </tr> <tr> <td>executionRule</td> <td> string </td> <td>optional</td> <td>Execution rule with "latest" or "earliest" as values. Not supported!</td> <td></td> </tr> <tr> <td>withinAMonthFlag</td> <td> boolean </td> <td>optional</td> <td>This element is only used in case of frequency equals 'monthly' If this element equals false it has no effect. If this element equals true, then the execution rule is overruled if the day of execution would fall into a different month using the execution rule. Not supported!</td> <td></td> </tr> <tr> <td>frequency</td> <td> string </td> <td>required</td> <td>Frequency of the recurring payment resulting from this standing order</td> <td></td> </tr> <tr> <td>monthsOfExecution</td> <td> array[string] </td> <td>optional</td> <td>The format is following the regular expression d{1,2}. The array is restricted to 11 entries. The values contained In the array entries shall all be different and the maximum value of one entry is 12. This attribute is contained if and only if the frequency equals 'MonthlyVariable'.</td> <td></td> </tr> <tr> <td>multiplicator</td> <td> integer (int32) </td> <td>required</td> <td>This is multiplying the given frequency resulting the exact frequency, e.g. Frequency=weekly and multiplicator=3 means every 3 weeks. Not supported!</td> <td></td> </tr> <tr> <td>dayOfExecution</td> <td> integer (int32) </td> <td>required</td> <td>"31" is ultimo. The format is following the regular expression d{1,2}. Example: The first day is addressed by '1'</td> <td></td> </tr> <tr> <td>limitAmount</td> <td> <a href="#/definitions/Amount">Amount</a> </td> <td>required</td> <td>Amount limit for fund skimming, e.g. skim all funds above this limit to savings account, i.e. typically a specific periodic payments with fixed remaining amount rather than fixed transaction amount. Amount may be zero as well as below zero, i.e. negative. Constraints: transactionAmount needs to be zero and bankTransactionCode needs to specify PMNT-MCOP-OTHR for fund skimming</td> <td></td> </tr> </table> ## <a name="/definitions/StructedAdditionalInformation">StructedAdditionalInformation</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>standingOrderdetails</td> <td> <a href="#/definitions/StandingOrderDetails">StandingOrderDetails</a> </td> <td>optional</td> <td>Details of underlying standing orders.</td> <td></td> </tr> </table> ## <a name="/definitions/TppMessage">TppMessage</a> <table border="1"> <tr> <th>name</th> <th>type</th> <th>required</th> <th>description</th> <th>example</th> </tr> <tr> <td>category</td> <td> string </td> <td>optional</td> <td>Error of the category. Values: <br/>- ERROR<br/>- WARNING</td> <td></td> </tr> <tr> <td>code</td> <td> string </td> <td>optional</td> <td>Errorcodes:<br/><br/>- CERTIFICATE_INVALID: The contents of the signature/corporate seal certificate are not matching PSD2 general PSD2 or attribute requirements<br/>- CERTIFICATE_EXPIRED: Signature/corporate seal certificate is expired<br/>- CERTIFICATE_BLOCKED: Signature/corporate seal certificate has been blocked by the ASPSP.<br/>- CERTIFICATE_REVOKED: Signature/corporate seal certificate has been revoked by QSTP<br/>- CERTIFICATE_MISSING: Signature/corporate seal certificate was not available in the request but is mandated for the corresponding.<br/>- SIGNATURE_INVALID: Application layer eIDAS Signature for TPP authentication is not correct.<br/>- SIGNATURE_MISSING: Application layer eIDAS Signature for TPP authentication is mandated by the ASPSP but is missing.<br/>- FORMAT_ERROR: Format of certain request fields are not matching the XS2A requirements. An explicit path to the corresponding field might be added in the return message<br/>- PARAMETER_NOT_SUPPORTED: The parameter is not supported by the API provider. This code should only be used for parameters that are described as "optional if supported by API provider<br/>- PSU_CREDENTIALS_INVALID:The PSU-ID cannot be matched by the addressed ASPSP or is blocked, or a password resp. OTP was not correct. Additional information might be added.<br/>- SERVICE_INVALID: The addressed service is not valid for the addressed resources or the submitted data.<br/>- SERVICE_BLOCKED: This service is not reachable for the addressed PSU due to a channel independent blocking by the ASPSP. Additional information might be given by the ASPSP.<br/>- CORPORATE_ID_INVALID: The PSU-Corporate-ID cannot be matched by the addressed ASPSP.<br/>- CONSENT_UNKNOWN: The Consent-ID cannot be matched by the ASPSP relative to the TPP.<br/>- CONSENT_INVALID: The consent was created by this TPP but is not valid for the addressed service/resource. Or the consent definition is not complete or invalid. In case of being not complete, the bank is not supporting a completion of the consent towards the PSU. Additional information will be provided.<br/>- CONSENT_EXPIRED: The consent was created by this TPP but has expired and needs to be renewed.<br/>- TOKEN_UNKNOWN: The OAuth2 token cannot be matched by the ASPSP relative to the TPP.<br/>- TOKEN_INVALID: The OAuth2 token is associated to the TPP but is not valid for the addressed service/resource.<br/>- TOKEN_EXPIRED: The OAuth2 token is associated to the TPP but has expired and needs to be renewed.<br/>- RESOURCE_UNKNOWN: The addressed resource is unknown relative to the TPP.<br/>- RESOURCE_EXPIRED: The addressed resource is associated with the TPP but has expired, not addressable anymore.<br/>- TIMESTAMP_INVALID: Timestamp not in accepted time period.<br/>- PERIOD_INVALID: Requested time period out of bound.<br/>- SCA_METHOD_UNKNOWN: Addressed SCA method in the Authentication Method Select Request is unknown or cannot be matched by the ASPSP with the PSU.<br/>- PRODUCT_INVALID: The OAuth2 token is associated to the TPP but is not valid for the addressed service/resource.<br/>- PRODUCT_UNKNOWN: The addressed payment product is not available for the PSU.<br/>- PAYMENT_FAILED: The payment initiation POST request failed during the initial process. Additional information may be provided by the ASPSP.<br/>- REQUIRED_KID_MISSING: The payment initiation has failed due to a missing KID. This is a specific message code for the Norwegian market, where ASPSP can require the payer to transmit the KID.<br/>- EXECUTION_DATE_INVALID: The requested execution date is not a valid execution date for the ASPSP.<br/>- SESSIONS_NOT_SUPPORTED: The combined service flag may not be used with this ASPSP.<br/>- ACCESS_EXCEEDED: The access on the account has been exceeding the consented multiplicity per day.<br/>- REQUESTED_FORMATS_INVALID: The requested formats in the Accept header entry are not matching the formats offered by the ASPSP.<br/></td> <td></td> </tr> <tr> <td>text</td> <td> string </td> <td>optional</td> <td>Error message.</td> <td></td> </tr> </table>