psd2.yaml

openapi: 3.0.0
tags:
    - name: accounts
      description: 'Listing of accounts'
    - name: consents
      description: 'Managing consents'
    - name: funds
      description: 'Check funds'
    - name: payments
      description: 'Initiate payments'
info:
  version: 0.0.3
  title: OpenPSD NextGen PSD2 
  description: PSD2 API based on the Berlin Group specification 1.1 for NextGen PSD2 (May 11 2018)
  contact:
    name: OpenPSD
    email: webmaster@openpsd.org
    url: http://openpsd.org
  termsOfService: http://openpsd.org/
  license:
    name: Berlin Group specification is published under the Creative Commons Attribution-NoDerivatives 4.0 International Public License
    url: https://creativecommons.org/licenses/by-nd/4.0/
servers:
  - url: '{protocol}://api.openpsd.org/psd2/v1'
    variables:
      protocol:
        enum:
          - https
        default: https
    description: Sandbox  
components:
  schemas:
    consentId:
      type: string
      description: 'Identification of the consent resource as it is used in the API structure. Shall be contained, if a consent resource was generated.'
      example: 'qwer3456tzui7890'
    frequency:
      type: string
      enum:
        - Daily
        - Weekly
        - EveryTwoWeeks
        - Monthly
        - EveryTwoMonths
        - Quarterly
        - SemiAnnual
        - Annual
    transactionFeeIndicator:
      type: boolean
    scaStatus:
      type: string
      description: This data element is containing information about the status of the SCA method applied. This is free text but might be coded in a future version of the specification.
    scaAuthenticationData:
      type: string
      description: SCA authentication data, depending on the chosen authentication method. If the data is binary, then it is base64 encoded.
    psuMessage:
      type: string
      description: 'Text to be displayed to the PSU'
    paymentId:
      type: string
      description: 'resource identification of the generated payment initiation resource.'
    HrefType:
      type: string
    Authorization:
      type: string
      example: 'Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkX25vZGVzIjoiZmRhYWU1ODYtYWE1NS00MzJjLTQxODEtYjRiYzY2MDljNzQ2IiwiZXhwIjoxNTU4NTMyMTI0LCJvd25lciI6IjViMDQxYzljNDVmOTJlMGExNzdlOThjYyJ9.uif9dlFO8qEQGrLh9bThtT4H_sUeL43nfx0PL-RTgd5KL9WaO5TADLPIgBu02h2I39jRRb978ZYiv2xseAK8xpR13vz8cQUjIX0FpLnrKomfvl_nyzefVkcUH_DrNGkcPZswoVNFbfeUWER1c8I0fUudVsnxHExRJ_S-Lq1vWCSDChy89Vm_bliYdt8DppyELaBadFPqxeRRkn-szpr8sAvDgbb-OccT3LsiylkqJ5g4BWqj9qLpBO4xkzSTLjdKvgipRcNwv_dKOcwF3OI90TAaX1aEm856Zg1hBLrYnae1oceBfRYl7rjtDQo3S_R0j5pLhb7Kd-ErHec6nyaoOQ'
    ConsentStatus:
      type: string
      enum:
        - received
        - rejected
        - valid
        - revokedByPsu
        - expired
        - terminatedByTpp
      description: 'authentication status of the consent'
      example: 'received'
    Currency:
      type: string
      pattern: '^[A-Z]{3}$'
      description: ISO 4217 Alpha 3 currency code
      maxLength: 3
      example: 'EUR'
    ExchangeRate:
      type: object
      required:
        - currencyFrom
        - rateFrom
        - currencyTo
        - rateTo
        - rateDate
      properties:
        currencyFrom:
          $ref: '#/components/schemas/Currency'
        rateFrom:
          type: string
        currencyTo:
          $ref: '#/components/schemas/Currency'
        rateTo:
          type: string
        rateDate:
          type: string
          format: date
          example: '2017-10-30'
        rateContract:
          type: string
    PSUData:
      type: object
      properties:
        password:
          type: string
          example: 'very42secret%'
    Address:
      type: object
      required:
        - country
      properties:
        street:
          type: string
          maxLength: 70
        buildingNumber:
          type: string
        city:
          type: string
        postalCode:
          type: string
        country:
          type: string
    Remittance:
      type: object
      required:
        - reference
      properties:
        reference:
          type: string
          maxLength: 35
        referenceType:
          type: string
          maxLength: 35
        referenceIssuer:
          type: string
          maxLength: 35
    Amount:
      type: object
      required:
        - currency
        - amount
      properties:
        currency:
          $ref: '#/components/schemas/Currency'
        amount:
          type: string
          description: 'The amount given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures. Negative amounts are signed by minus. The decimal separator is a dot.'
          example: '123.42'
    AccountReference:
      type: object
      description: 'This type is containing any account identification which can be used on payload-level to address specific accounts. The ASPSP will document which account reference type it will support. Exactly one of the attributes defined as "conditional" shall be used.'
      properties:
        iban:
          type: string
          pattern: '^[A-Z]{2}[0-9]{2}[A-Z0-9]{1-30}$'
          description: 'This data element can be used in the body of the Consent Request Message for retrieving account access consent from this payment account.'
          example: 'DE89370400440532013000'
        bban:
          type: string
          format: bban
          description: This data element can be used in the body of the Consent Request Message for retrieving account access consent from this account. This data elements is used for payment accounts which have no IBAN.
        pan:
          type: string
          maxLength: 35
          description: 'Primary Account Number (PAN) of a card, can be tokenized by the ASPSP due to PCI DSS requirements. This data element can be used in the body of the Consent Request Message for retrieving account access consent from this card.'
        maskedPan:
          type: string
          maxLength: 35
          description: 'Primary Account Number (PAN) of a card, can be tokenized by the ASPSP due to PCI DSS requirements. This data element can be used in the body of the Consent Request Message for retrieving account access consent from this card.'
        msisdn:
          type: string
          maxLength: 35
          description: An alias to access a payment account via a registered mobile phone number. This alias might be needed e.g. in the payment initiation service. The support of this alias must be explicitly documented by the ASPSP for the corresponding API Calls.
        currency:
          $ref: '#/components/schemas/Currency'
    AccountAccess:
      type: object
      properties:
        accounts:
          type: array
          items:
            $ref: '#/components/schemas/AccountReference'
          description: 'Is asking for detailed account information. If the array is empty, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorization dialogue.'
        balances:
          type: array
          items:
            $ref: '#/components/schemas/AccountReference'
          description: 'Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue'
        transactions:
          type: array
          items:
            $ref: '#/components/schemas/AccountReference'
          description: 'Is asking for transactions of the addressed accounts. If the array is empty, the TPP is asking for the transactions of all accessible account lists. This may be restricted in a PSU/ASPSP authorization dialogue'
        availableAccounts:
          type: string
          enum:
            - allAccounts
            - allAccountsWithBalances
          description: 'Optional if supported by API provide. Only the values "allAccounts" or "allAccountsWithBalances" is admitted.'
        allPsd2:
          type: string
          enum:
            - allAccounts
          description: 'Optional if supported by API provide. Only the value "allAccounts" is admitted.'
          example: 'allAccounts'
    AccountDetails:
      type: object
      required:
        - currency
      properties:
        resourceid:
          type: string
          maxLength: 35
          description: This is the data element to be used in the path when retrieving data from a dedicated account.
        iban:
          type: string
          format: iban
          description: 'This data element can be used in the body of the Consent Request Message for retrieving account access consent from this payment account.'
          example: 'DE89370400440532013000'
        bban:
          type: string
          format: bban
          description: This data element can be used in the body of the Consent Request Message for retrieving account access consent from this account. This data elements is used for payment accounts which have no IBAN.
        pan:
          type: string
          maxLength: 35
          description: 'Primary Account Number (PAN) of a card, can be tokenized by the ASPSP due to PCI DSS requirements. This data element can be used in the body of the Consent Request Message for retrieving account access consent from this card.'
        maskedPan:
          type: string
          maxLength: 35
          description: 'Primary Account Number (PAN) of a card, can be tokenized by the ASPSP due to PCI DSS requirements. This data element can be used in the body of the Consent Request Message for retrieving account access consent from this card.'
        msisdn:
          type: string
          maxLength: 35
          description: An alias to access a payment account via a registered mobile phone number. This alias might be needed e.g. in the payment initiation service. The support of this alias must be explicitly documented by the ASPSP for the corresponding API Calls.
        currency:
          $ref: '#/components/schemas/Currency'
        name:
          type: string
          maxLength: 35
          description: Name given by the bank or the PSU in OnlineBanking.
        product:
          type: string
          maxLength: 35
          description: Product Name of the Bank for this account, proprietary definition
        cashAccountType:
          type: string
          description: ExternalCashAccountType1Code from ISO 20022
        bic:
          type: string
          pattern: '([a-zA-Z]{4})([a-zA-Z]{2})(([2-9a-zA-Z]{1})([0-9a-np-zA-NP-Z]{1}))((([0-9a-wy-zA-WY-Z]{1})([0-9a-zA-Z]{2}))|([xX]{3})|)'
          description: The BIC associated to the account.
          format: bicfi
        linkedAccounts:
          type: string
          maxLength: 70
          description: Case of a set of pending card transactions, the APSP will provide the relevant cash account the card is set up on.
        usage:
          type: string
          maxLength: 140
          description: 'Specifies the usage of the account - PRIV: private personal account - ORGA: professional account'
          example: 'PRIV'
        details:
          type: string
          maxLength: 140
          description: 'Specifications that might be provided by the ASPSP - characteristics of the account - characteristics of the relevant card'
        balances:
          type: array
          items:
            $ref: '#/components/schemas/Balance'
        _links:
          $ref: '#/components/schemas/Links'
          description: 'Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "transactions"'
    AccountReport:
      type: object
      required:
        - booked
        - _links
      properties:
        booked:
          type: array
          items:
            $ref: '#/components/schemas/Transaction'
        pending:
          type: array
          items:
            $ref: '#/components/schemas/Transaction'
        _links:
          $ref: '#/components/schemas/Links'
          description: 'The following links might be used within this context, account link (mandatory), first_page_link (optional), second_page_link (optional), current_page_ link (optional), last_page_link (optional)'
    Balance:
      type: object
      required:
        - balanceAmount
        - balanceType
      properties:
        balanceAmount:
          $ref: '#/components/schemas/Amount'
        balanceType:
          type: string
          enum:
            - closingBooked
            - expected
            - authorised
            - openingBooked
            - interimAvailable
            - forwardAvailable
          example: 'interimAvailable'
        lastChangeDateTime:
          type: string
          format: date-time
        referenceDate:
          type: string
          format: date
          example: '2017-10-30'
        lastCommittedTransaction:
          type: string
          maxLength: 35
    TransactionStatus:
      type: string
      enum:
       - ACCP
       - ACSC 
       - ACSP 
       - ACTC 
       - ACWC
       - ACWP
       - RCVD
       - PDNG
       - RJCT
      example: 'ACTC'
    Transaction:
      type: object
      required:
        - transactionAmount
      properties:
        transactionId:
          type: string
          description: 'Can be used as access-id in the API, where more details on an transaction is offered.'
        entryReference:
          type: string
          description: 'Is the identification of the transaction as used e.g. for reference for deltafunction on application level. The same identification as for example used within camt.05x messages'
          maxLength: 35
        endToEndId:
          type: string
          description: Unique end to end identity.
          maxLength: 35
        mandateId:
          type: string
          description: Identification of a Cheque.
          maxLength: 35
          example: 'Mandate-2018-04-20-1234'
        creditorId:
          type: string
          description: Identification of Creditors, e.g. a SEPA Creditor ID
          maxLength: 35
        bookingDate:
          type: string
          format: date
          description: The Date when an entry is posted to an account on the ASPSPs books.
          example: '2017-10-30'
        valueDate:
          type: string
          format: date
          description: The Date at which assets become available to the account owner in case of a credit
          example: '2017-10-30'
        transactionAmount:
          $ref: '#/components/schemas/Amount'
        exchangeRates:
          type: array
          items:
            $ref: '#/components/schemas/ExchangeRate'
        creditorName:
          type: string
          description: Identification of Creditors, e.g. a SEPA Creditor ID
          maxLength: 70
        creditorAccount:
          $ref: '#/components/schemas/AccountReference'
        ultimateCreditor:
          type: string
          maxLength: 70
        debtorName:
          type: string
          description: Name of the debtor if a "Credited" transaction
          maxLength: 70
        debtorAccount:
          $ref: '#/components/schemas/AccountReference'
        ultimateDebtor:
          type: string
          maxLength: 70
        remittanceInformationStructured:
          type: string
          maxLength: 140
          description: Reference to be transported in the field.
        puposeCode:
          type: string
        bankTransactionCode:
          type: string
          description: Bank transaction code as used by the ASPSP and using the sub elements of this structured code defined by ISO20022
        proprietaryBankTransactionCode:
          type: string
          maxLength: 35
          description: 'proprietary bank transaction code as used within a community or within an ASPSP e.g. for MT94x based transaction reports'
          example: 'PMNT-RCVD-ESDD'
        _links:
          $ref: '#/components/schemas/Links'
          description: 'The following links could be used here: transactionDetails for retrieving details of a transaction.'
    Links:
      type: object
      properties:
        scaRedirect:
          $ref: '#/components/schemas/HrefType'
          description: 'A link to an ASPSP site where SCA is performed within the Redirect SCA approach.'
        scaOAuth:
          $ref: '#/components/schemas/HrefType'
          description: The link refers to a JSON document specifying the OAuth details of the ASPSP’s authorisation server. JSON document follows the definition given in https://tools.ietf.org/html/draft-ietf-oauth- discovery.
        updatePsuIdentification:
          $ref: '#/components/schemas/HrefType'
          description: 'The link to the payment initiation or account information resource, which needs to be updated by the psu identification if not delivered yet.'
        updateProprietaryData:
          $ref: '#/components/schemas/HrefType'
          description: The link to the payment initiation or account information resource, which needs to be updated by the proprietary data.
        updatePsuAuthentication:
          $ref: '#/components/schemas/HrefType'
          description: 'The link to the payment initiation or account information resource, which needs to be updated by a psu password and eventually the psu identification if not delivered yet.'
        selectAuthenticationMethod:
          $ref: '#/components/schemas/HrefType'
          description: 'This is a link to a resource, where the TPP can select the applicable second factor authentication methods for the PSU, if there were several available authentication methods.'
        authoriseTransaction:
          $ref: '#/components/schemas/HrefType'
          description: 'The link to the payment initiation or consent resource, where the "Transaction Authorization"Request" is sent to. This is the link to the resource which will authorize the payment or the consent by checking the SCA authentication data within the Embedded SCA approach.'
        self:
          $ref: '#/components/schemas/HrefType'
          description: The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation.
        status:
          type: string
          description: Status of the resource.
        account:
          $ref: '#/components/schemas/HrefType'
          description: A link to the resource providing the details of one account
        balances:
          $ref: '#/components/schemas/HrefType'
          description: A link to the resource providing the balance of a dedicated account.
        transactions:
          $ref: '#/components/schemas/HrefType'
          description: A link to the resource providing the transaction history of a dediated amount.
        transactionsDetails:
          $ref: '#/components/schemas/HrefType'
          description: A link to the resource providing details of a dedicated transaction.
        first:
          $ref: '#/components/schemas/HrefType'
          description: Navigation link for paginated account reports.
        next:
          $ref: '#/components/schemas/HrefType'
          description: Navigation link for paginated account reports.
        previous:
          $ref: '#/components/schemas/HrefType'
          description: Navigation link for paginated account reports.
        last:
          $ref: '#/components/schemas/HrefType'
          description: Navigation link for paginated account reports.
        download:
          $ref: '#/components/schemas/HrefType'
          description: Download link for huge AIS data packages.
    Authentication:
      type: object
      required:
        - authenticationType
        - authenticationMethodId
      properties:
        authenticationType:
          type: string
          enum:
            - SMS_OTP
            - CHIP_OTP
            - PHOTO_OTP
            - PUSH_OTP
        authenticationVersion:
          type: string
          description: 'Depending on the "authenticationType". This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation.'
        authenticationMethodId:
          type: string
          maxLength: 35
          description: 'An identification provided by the ASPSP for the later identification of the authentication method selection.'
        name:
          type: string
          description: 'This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like "SMS OTP on phone +49160 xxxxx 28". This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.'
        explanation:
          type: string
          description: 'detailed information about the sca method for the PSU.'
    Challenge:
      type: object
      properties:
        image:
          type: string
          description: 'PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method.'
        data:
          type: string
          description: 'String challenge data'
        imageLink:
          type: string
          description: 'A link where the ASPSP will provides the challenge image for the TPP.'
        otpMaxLength:
          type: integer
          description: 'The maximal length for the OTP to be typed in by the PSU.'
        otpFormat:
          type: string
          description: 'The format type of the OTP to be typed in. The admitted values are "characters" or "integer".'
          enum:
            - characters
            - integer
        additionalInformation:
          type: string
          description: 'Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen sca method'
    MessageCode:
      type: string
      enum:
        # ServiceUnspecificHTTPErrorCodes 
        - CERTIFICATE_INVALID
        - CERTIFICATE_EXPIRED
        - CERTIFICATE_BLOCKED
        - CERTIFICATE_REVOKED
        - CERTIFICATE_MISSING
        - SIGNATURE_INVALID
        - SIGNATURE_MISSING
        - FORMAT_ERROR
        - PARAMETER_NOT_SUPPORTED
        - PSU_CREDENTIALS_INVALID
        - SERVICE_INVALID
        - SERVICE_BLOCKED
        - CORPORATE_ID_INVALID
        - CONSENT_UNKNOWN
        - CONSENT_INVALID
        - CONSENT_EXPIRED
        - TOKEN_UNKNOWN
        - TOKEN_INVALID
        - TOKEN_EXPIRED
        - RESOURCE_UNKNOWN
        - RESOURCE_EXPIRED
        - TIMESTAMP_INVALID
        - PERIOD_INVALID
        - SCA_METHOD_UNKNOWN
        # PISSpecificHTTPErrorCodes
        - PRODUCT_INVALID
        - PRODUCT_UNKNOWN
        - PAYMENT_FAILED
        - REQUIRED_KID_MISSING
        - EXECUTION_DATE_INVALID
        # AISSpecificHTTPErrorCodes
        - SESSIONS_NOT_SUPPORTED
        - ACCESS_EXCEEDED
        - REQUESTED_FORMATS_INVALID
        # PIISSpecificErrorCodes
        - CARD_INVALID
        - NO_PIIS_ACTIVATION
      example: TOKEN_INVALID
    TppMessage:
      type: object
      required:
        - category
        - code
        - text
      properties:
        category:
          type: string
          enum:
            - WARNING
            - ERROR
          example: 'ERROR'
        code:
          $ref: '#/components/schemas/MessageCode'
        text:
          type: string
          maxLength: 512
          example: 'additional text information of the ASPSP up to 512 characters'
        path:
          type: string
    recurringIndicator:
      type: boolean
      description: '"true" if the consent is for recurring access to the account data "false", if the consent is for one access to the account data'
    CreateConsentsRequest:
      type: object
      required:
        - access
        - recurringIndicator
        - validUntil
        - frequencyPerDay
        - combinedServiceIndicator
      properties:
        access:
          $ref: '#/components/schemas/AccountAccess'
        recurringIndicator:
          $ref: '#/components/schemas/recurringIndicator'
        validUntil:
          type: string
          format: date
          description: 'This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the adjusted date.'
          example: '2017-10-30'
        frequencyPerDay:
          type: integer
          description: 'This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".'
          example: 1
        combinedServiceIndicator:
          type: boolean
          description: 'If "true" indicates that a payment initiation service will be addressed in the same "session", cp. Section 8.'
    CreateConsentsResponse:
      type: object
      required:
        - consentStatus
        - _links
      properties:
        consentStatus:
          $ref: '#/components/schemas/ConsentStatus'
        consentId:
          $ref: '#/components/schemas/consentId'
        scaMethods:
          type: array
          items:
            $ref: '#/components/schemas/Authentication'
        chosenScaMethod:
          $ref: '#/components/schemas/Authentication'
        challengeData:
          $ref: '#/components/schemas/Challenge'
        _links:
          $ref: '#/components/schemas/Links'
        psuMessage:
          $ref: '#/components/schemas/psuMessage'
    SinglePaymentInitiationRequest:
      type: object
    BulkPaymentInitiationRequest:
      type: object
    PeriodicPaymentInitiationRequest:
      type: object
      required:
        - startDate
      properties:
        startDate:
          type: string
          format: date
          example: '2017-10-30'
        executionRule:
          type: string
          enum: [following, preceeding]
        endDate:
          type: string
          format: date
          example: '2018-10-30'
        frequency:
          $ref: '#/components/schemas/frequency'
        dayOfExecution:
          type: integer
          minimum: 1
          maximum: 31
    UpdatePSUDataAuthenticationRequest:
      type: object
      properties:
        psuData:
          $ref: '#/components/schemas/PSUData'
    UpdatePSUDataAuthenticationResponse:
      type: object
      required:
        - transactionStatus
      properties:
        chosenScaMethod:
          $ref: '#/components/schemas/Authentication'
        challengeData:
          $ref: '#/components/schemas/Challenge'
        scaMethods:
          type: array
          items:
            $ref: '#/components/schemas/Authentication'
        _links:
          $ref: '#/components/schemas/Links'
        transactionStatus:
          $ref: '#/components/schemas/TransactionStatus'
        consentStatus:
          $ref: '#/components/schemas/ConsentStatus'
        psuMessage:
          $ref: '#/components/schemas/psuMessage'
    UpdatePSUDataSelectAuthenticationRequest:
      type: object
      required:
        - authenticationMethodId
      properties:
        authenticationMethodId:
          type: string
    UpdatePSUDataSelectAuthenticationResponse:
      type: object
      required:
        - transactionStatus
      properties:
        chosenScaMethod:
          $ref: '#/components/schemas/Authentication'
        challengeData:
          $ref: '#/components/schemas/Challenge'
        _links:
          $ref: '#/components/schemas/Links'
        transactionStatus:
          $ref: '#/components/schemas/TransactionStatus'
        consentStatus:
          $ref: '#/components/schemas/ConsentStatus'
        psuMessage:
          $ref: '#/components/schemas/psuMessage'
    UpdatePSUDataIdentificationResponse:
      type: object
      required:
        - transactionStatus
      properties:
        transactionStatus:
          $ref: '#/components/schemas/TransactionStatus'
        consentStatus:
          $ref: '#/components/schemas/ConsentStatus'
        psuMessage:
          $ref: '#/components/schemas/psuMessage'
    UpdatePSUDataTransactionAuthorisationRequest:
      type: object
      required:
        - scaAuthenticationData
      properties:
        scaAuthenticationData:
          $ref: '#/components/schemas/scaAuthenticationData'
    UpdatePSUDataTransactionAuthorisationResponse:
      type: object
      required:
        - transactionStatus
      properties:
        transactionStatus:
          $ref: '#/components/schemas/TransactionStatus'
        consentStatus:
          $ref: '#/components/schemas/ConsentStatus'
  # Reusable path, query, header and cookie parameters
  parameters:
    Content-Type:
      name: Content-Type
      in: header
      description: 'Content-Type'
      required: true
      schema:
        type: string
        enum:
          - application/json
          - application/xml
          - application/text
      example: 'application/json'
    account-id:
      name: account-id
      in: path
      description: 'This identification is denoting the addressed account. The account-id is retrieved by using a "Read Account List" call. The account-id is the "resourceId" attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.'
      required: true
      schema:
        type: string
    transaction-id:
      name: transaction-id
      in: path
      description: Transaction ID
      required: true
      schema:
        type: integer
      example: 1234570
    resourceId:
      name: resourceId
      in: path
      description: This identification is given by the attribute resourceId of the corresponding entry of a transaction list.
      required: true
      schema:
        type: string
        maxLength: 35
      example: '3dc3d5b3-7023-4848-9853-f5400a64e80f'
    consentId:
      name: consentId
      in: path
      description: ID of the corresponding consent object as returned by an Account Information Consent Request
      required: true
      schema:
        type: string
      example: 'qwer3456tzui7890'
    payment-product:
      name: payment-product
      in: path
      description: The addressed payment product endpoint, e.g. for SEPA Credit Transfers (SCT). The ASPSP will publish which of the payment products/endpoints will be supported.
      required: true
      schema:
        type: string
        enum:
          - sepa-credit-transfers
          - instant-sepa-credit-transfers
          - target-2-payments
          - cross-border-credit-transfers
      example: 'sepa-credit-transfers'
    payment-service:
      name: payment-service
      in: path
      description: 'The payment service to use.'
      required: true
      schema:
        type: string
        enum:
          - payments
          - bulk-payments
          - periodic-payments
      example: 'payments'
    paymentId:
      name: paymentId
      in: path
      description: payment Id
      required: true
      schema:
       type: string
      example: '1234-wertiq-983'
    withBalance:
      name: withBalance
      in: query
      description: 'If contained, this function reads the list of accessible payment accounts including the booking balance, if granted by the PSU in the related consent and available by the ASPSP. This parameter might be ignored by the ASPSP.'
      required: false
      schema:
        type: boolean
    X-Request-ID:
      name: X-Request-ID
      in: header
      description: 'ID of the request, unique to the call, as determined by the initiating party.'
      required: true
      schema:
        type: string
        format: uuid
      example: '123e4567-e89b-12d3-a456-426655440000'
    Consent-ID:
      name: Consent-ID
      in: header
      description: 'Shall be contained since "Establish Consent Transaction" was performed via this API before.'
      required: true
      schema:
        type: string
      example: 'qwer3456tzui7890'
    Authorization:
      name: Authorization
      in: header
      description: 'Is contained only, if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in the related consent authorisation.'
      required: false
      schema:
        type: string
      example: 'Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGxvd2VkX25vZGVzIjoiZmRhYWU1ODYtYWE1NS00MzJjLTQxODEtYjRiYzY2MDljNzQ2IiwiZXhwIjoxNTU4NTMyMTI0LCJvd25lciI6IjViMDQxYzljNDVmOTJlMGExNzdlOThjYyJ9.uif9dlFO8qEQGrLh9bThtT4H_sUeL43nfx0PL-RTgd5KL9WaO5TADLPIgBu02h2I39jRRb978ZYiv2xseAK8xpR13vz8cQUjIX0FpLnrKomfvl_nyzefVkcUH_DrNGkcPZswoVNFbfeUWER1c8I0fUudVsnxHExRJ_S-Lq1vWCSDChy89Vm_bliYdt8DppyELaBadFPqxeRRkn-szpr8sAvDgbb-OccT3LsiylkqJ5g4BWqj9qLpBO4xkzSTLjdKvgipRcNwv_dKOcwF3OI90TAaX1aEm856Zg1hBLrYnae1oceBfRYl7rjtDQo3S_R0j5pLhb7Kd-ErHec6nyaoOQ'
    Digest:
      name: Digest
      in: header
      description: 'Is contained if and only if the "Signature" element is contained in the header of the request.'
      required: false
      schema:
        type: string
      example: 'SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A='
    Signature:
      name: Signature
      in: header
      description: 'A signature of the request by the TPP on application level. This might be mandated by ASPSP.'
      required: false
      schema:
        type: string
      example: 'keyId="SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D- Trust%20GmbH,C=DE",algorithm="rsa-sha256",headers="Digest X-Request-ID PSU-ID TPP-Redirect-URI Date",signature="Base64(RSA-SHA256(signing string))"'
    dateFrom:
      name: dateFrom
      in: query
      description: 'Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required'
      example: '2017-10-30'
      required: false
      schema:
        type: string
        format: date
    dateTo:
      name: dateTo
      in: query
      description: 'End date (inclusive the data dateTo) of the transaction list, default is now if not given.'
      required: false
      example: '2017-10-30'
      schema:
        type: string
        format: date
    entryReferenceFrom:
      name: entryReferenceFrom
      in: query
      description: 'This data attribute is indicating that the AISP is in favour to get all transactions after the transaction with identification entryReferenceFrom alternatively to the above defined period. This is a implementation of a delta access. If this data element is contained, the entries "dateFrom" and "dateTo" might be ignored by the ASPSP if a delta report is supported.'
      required: false
      schema:
        type: string
    bookingStatus:
      name: bookingStatus
      in: query
      description: 'Permitted codes are "booked", "pending" and "both "booked" shall be supported by the ASPSP. To support the "pending" and "both" feature is optional for the ASPSP, Error code if not supported in the online banking frontend'
      required: true
      schema:
        type: string
      example: 'booked'
    PSU-ID:
      name: PSU-ID
      in: header
      description: Might be mandated in the ASPSP's documentation, if OAuth is not chosen as Pre-Step.
      required: false
      schema:
        type: string
      example: 'PSU-1234'
    PSU-ID-Type:
      name: PSU-ID-Type
      in: header
      description: Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
      required: false
      schema:
        type: string
    PSU-Corporate-ID:
      name: PSU-Corporate-ID
      in: header
      description: Might be mandated in the ASPSP's documentation. Only used in a corporate context.
      required: false
      schema:
        type: string
    PSU-Corporate-ID-Type:
      name: PSU-Corporate-ID-Type
      in: header
      description: Might be mandated in the ASPSPs documentation. Only used in a corporate context.
      required: false
      schema:
        type: string
    PSU-IP-Address:
      name: PSU-IP-Address
      in: header
      description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
      required: true
      schema:
        type: string
      example: '172.25.77.8'
    PSU-IP-Port:
      name: PSU-IP-Port
      in: header
      description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
      required: false
      schema:
        type: string
      example: '9988'
    PSU-Accept:
      name: PSU-Accept
      in: header
      description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
      required: false
      schema:
        type: string
    PSU-Accept-Charset:
      name: PSU-Accept-Charset
      in: header
      description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
      required: false
      schema:
        type: string
    PSU-Accept-Encoding:
      name: PSU-Accept-Encoding
      in: header
      description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
      required: false
      schema:
        type: string
    PSU-Accept-Language:
      name: PSU-Accept-Language
      in: header
      description: The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
      required: false
      schema:
        type: string
    PSU-User-Agent:
      name: PSU-User-Agent
      in: header
      description: The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
      required: false
      schema:
        type: string
    PSU-Http-Method:
      name: PSU-Http-Method
      in: header
      description: HTTP method used at the PSU - TPP interface, if available.
      required: false
      schema:
        type: string
        enum: [GET, POST, PUT, DELETE, PATCH]
    PSU-Device-ID:
      name: PSU-Device-ID
      in: header
      description: UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
      required: false
      schema:
        type: string
    PSU-Geo-Location:
      name: PSU-Geo-Location
      in: header
      description: The forwarded Geo Location of the corresponding HTTP request between PSU and TPP if available.
      required: false
      schema:
        type: string
    deltaList:
      name: deltaList
      in: query
      description: 'This data attribute is indicating that the AISP is in favour to get all transactions after the last report access for this PSU on the addressed account. This is another implementation of a delta access-report. This delta indicator might be rejected by the ASPSP if this function is not supported.'
      required: false
      schema:
        type: boolean
    TPP-Redirect-Preferred:
      name: TPP-Redirect-Preferred
      in: header
      description: 'If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.'
      required: false
      schema:
        type: boolean
    TPP-Redirect-URI:
      name: TPP-Redirect-URI
      in: header
      description: 'URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandatory for the SCA OAuth Approach.'
      required: false
      schema:
        type: string
    TPP-Nok-Redirect-URI:
      name: TPP-Nok-Redirect-URI
      in: header
      description: 'If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.'
      required: false
      schema:
        type: string
    TPP-Signature-Certificate:
      name: TPP-Signature-Certificate
      in: header
      description: 'The certificate used for signing the request, in base64 encoding. It shall be contained if a signature is used, see above.'
      required: false
      schema:
        type: string
      example: 'VFBQJ3NfZUlEQVNfQ2VydGlmaWNhdGU='
    Accept: 
      name: Accept
      in: header
      description: 'The TPP can indicate the formats of account reports supported together with a priorisation following the HTTP header definition.'
      required: false
      schema:
        type: string
        enum:
          - xml
          - JSON
          - text
      example: JSON
  # Security scheme definition (see Authentication)
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-openpsd-key
  # Reusable request bodies
  # requestBodies:
  # Reusable responses, such as 401 Unauthorized or 400 Bad Request
  responses:
    '400BadRequest':
      description: Validation error occurred. This code will cover malformed syntax in request or incorrect data in payload.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '401Unauthorized':
      description: The TPP or the PSU is not correctly authorized to perform the request. Retry the request with correct authentication information.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '403Forbidden':
      description: Returned if the resource that was referenced in the path exists but cannot be accessed by the TPP or the PSU. This code should only be used for non-sensitive id references as it will reveal that the resource exists even though it cannot be accessed.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '404NotFound':
      description: Returned if the resource that was referenced in the path does not exist or cannot be referenced by the TPP or the PSU. When in doubt if a specific id in the path is sensitive or not, use the HTTP response code 404 instead of the HTTP response code 403.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '405MethodNotAllowed':
      description: This code is only sent when the HTTP method (PUT, POST, DELETE, GET etc.) is not supported on a specific endpoint. It has nothing to do with the consent, payment or account information data model.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '406NotAcceptable':
      description: The ASPSP cannot generate the content that the TPP specified in the Accept header.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '408RequestTimeout':
      description: The server is still working correctly, but an individual request has timed out.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '415UnsupportedMedia':
      description: The TPP has supplied a media type which the ASPSP does not support.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '429TooManyRequests':
      description: The TPP has exceeded the number of requests allowed by the consent or by the RTS.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '500InternalServerError':
      description: Internal server error occurred.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    '503ServiceUnavailable':
      description: The ASPSP server is currently unavailable. Generally, this is a temporary state.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
    default:
      description: Unexpected Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TppMessage'
  # Reusable response headers
  headers:
    Content-Type:
      required: true
      schema:
        type: string
        enum:
          - application/json
          - application/xml
          - application/text
        example: 'application/json'
      description: 'Possible values are application/json, application/xml or application/text'
    Location:
      required: true
      schema:
        type: string
      description: 'Location of the created resource.'
      example: 'https://www.testbank.com/psd2/v1/payments/sepa-credit-transfers/1234-wertiq-983'
    X-Request-ID:
      required: true
      schema:
        type: string
        format: UUID
        example: '123e4567-e89b-12d3-a456-426655440000'
      description: 'ID of the request, unique to the call, as determined by the initiating party.'
    ASPSP-SCA-Approach:
      required: false
      schema:
        type: string
        enum:
          - EMBEDDED
          - DECOUPLED
          - REDIRECT
        example: 'DECOUPLED'
      description: 'Possible values are: EMBEDDED / DECOUPLED / REDIRECT. OAuth will be subsumed by the value REDIRECT'
  # Reusable examples
  #examples:
  # Reusable links
  #links:
  # Reusable callbacks
  #callbacks:
paths:
  '/accounts':
    get:
      tags:
        - accounts
      summary: list of accounts
      description: 'Reads a list of bank accounts, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId, respectively the OAuth2 access token.'
      operationId: getAccounts
      parameters:
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/withBalance"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - accounts
                properties:
                  accounts:
                    type: array
                    items:
                      $ref: '#/components/schemas/AccountDetails'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '406':
          $ref: '#/components/responses/406NotAcceptable'
        '429':
          $ref: '#/components/responses/429TooManyRequests'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/accounts/{account-id}':
    get:
      tags:
        - accounts
      summary: account details
      description: 'Reads a list of bank accounts, with balances where required. It is assumed that a consent of the PSU to this access is already given and stored on the ASPSP system. The addressed list of accounts depends then on the PSU ID and the stored consent addressed by consentId, respectively the OAuth2 access token.'
      operationId: getAccountbyId
      parameters:
        - $ref: "#/components/parameters/account-id"
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/withBalance"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - account
                properties:
                  account:
                    $ref: '#/components/schemas/AccountDetails'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '406':
          $ref: '#/components/responses/406NotAcceptable'
        '429':
          $ref: '#/components/responses/429TooManyRequests'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/accounts/{account-id}/balances':
    get:
      tags:
        - accounts
      summary: balances for account
      description: Reads the balance list for a given account.
      operationId: getBalanceForAccountByAccountId
      parameters:
        - $ref: "#/components/parameters/account-id"
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - balances
                properties:
                  account:
                    $ref: '#/components/schemas/AccountReference'
                  balances:
                    type: array
                    items:
                      $ref: '#/components/schemas/Balance'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '406':
          $ref: '#/components/responses/406NotAcceptable'
        '429':
          $ref: '#/components/responses/429TooManyRequests'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/accounts/{account-id}/transactions':
    get:
      tags:
        - accounts
      summary: transactions for account
      description: 'Reads a transaction list For a given account, additional parameters are e.g. the attributes "date_from" and "date_to". If the attribute "withbalance" is used, the ASPSP will add balances to the transaction list. The latter might be provided by the ASPSP anyhow, if transaction lists without balances are not supported.'
      operationId: getTransactionsForAccountByAccountId
      parameters:
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
        - $ref: '#/components/parameters/account-id'
        - $ref: '#/components/parameters/dateFrom'
        - $ref: '#/components/parameters/dateTo'
        - $ref: '#/components/parameters/entryReferenceFrom'
        - $ref: '#/components/parameters/bookingStatus'
        - $ref: '#/components/parameters/deltaList'
        - $ref: '#/components/parameters/Accept'
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            Content-Type:
              $ref: '#/components/headers/Content-Type'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                properties:
                  account:
                    $ref: '#/components/schemas/AccountReference'
                  transactions:
                    $ref: '#/components/schemas/AccountReport'
                  _links:
                    $ref: '#/components/schemas/Links'
                  balances:
                    type: array
                    items:
                      $ref: '#/components/schemas/Balance'
            application/xml:
              schema:
                type: object
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '406':
          $ref: '#/components/responses/406NotAcceptable'
        '429':
          $ref: '#/components/responses/429TooManyRequests'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/accounts/{account-id}/transactions/{resourceId}':
    get:
      tags:
        - accounts
      summary: transaction details for transaction of an account
      description: Reads transaction details of an addressed transaction.
      operationId: getTransactionByTransactionIdForAccountByAccountId
      parameters:
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
        - $ref: '#/components/parameters/resourceId'
        - $ref: '#/components/parameters/account-id'
      responses:
        '200':
          description: OK
          headers:
            Content-Type:
              $ref: '#/components/headers/Content-Type'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                properties:
                  transactionsDetails:
                    $ref: '#/components/schemas/Transaction'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '406':
          $ref: '#/components/responses/406NotAcceptable'
        '429':
          $ref: '#/components/responses/429TooManyRequests'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/consents':
    post:
      tags:
        - consents
      summary: create a consent
      description: 'Creates a consent resource, defining access rights to dedicated accounts of a given PSU-ID. These accounts must be addressed explicitly in the method as parameters.'
      operationId: createConsent
      parameters:
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/PSU-ID"
        - $ref: "#/components/parameters/PSU-ID-Type"
        - $ref: "#/components/parameters/PSU-Corporate-ID"
        - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
        - $ref: "#/components/parameters/PSU-IP-Address"
        - $ref: "#/components/parameters/PSU-IP-Port"
        - $ref: "#/components/parameters/PSU-Accept"
        - $ref: "#/components/parameters/PSU-Accept-Charset"
        - $ref: "#/components/parameters/PSU-Accept-Encoding"
        - $ref: "#/components/parameters/PSU-Accept-Language"
        - $ref: "#/components/parameters/PSU-User-Agent"
        - $ref: "#/components/parameters/PSU-Http-Method"
        - $ref: "#/components/parameters/PSU-Device-ID"
        - $ref: "#/components/parameters/PSU-Geo-Location"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/TPP-Redirect-Preferred"
        - $ref: "#/components/parameters/TPP-Redirect-URI"
        - $ref: "#/components/parameters/TPP-Nok-Redirect-URI"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateConsentsRequest'
      responses:
        '201':
          description: Consent Request was correctly performed.
          headers:
            Location:
              $ref: '#/components/headers/Location'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
            ASPSP-SCA-Approach:
              $ref: '#/components/headers/ASPSP-SCA-Approach'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateConsentsResponse'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/consents/{consentId}':
    get:
      tags:
        - consents
      summary: get consent details
      operationId: getConsent
      description: 'Reads the exact definition of the given consent resource {consentId}'
      parameters:
        - $ref: '#/components/parameters/consentId'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - access
                  - recurringIndicator
                  - validUntil
                  - frequencyPerDay
                  - lastActionDate
                  - consentStatus
                properties:
                  access:
                    $ref: "#/components/schemas/AccountAccess"
                  recurringIndicator:
                    $ref: "#/components/schemas/recurringIndicator"
                  validUntil:
                    type: string
                    format: date
                  frequencyPerDay:
                    type: integer
                  lastActionDate:
                    type: string
                    format: date
                  consentStatus:
                    $ref: "#/components/schemas/ConsentStatus"
                  scaStatus:
                    $ref: "#/components/schemas/scaStatus"               
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '500':
          $ref: '#/components/responses/500InternalServerError'
    put:
      tags:
        - consents
      summary: update consent
      operationId: updateConsent
      description: 'Updates data on the consent resource, authorises a consent within the Embedded SCA Approach where needed.'
      parameters:
        - $ref: "#/components/parameters/consentId"
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/PSU-ID"
        - $ref: "#/components/parameters/PSU-ID-Type"
        - $ref: "#/components/parameters/PSU-Corporate-ID"
        - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
        - $ref: "#/components/parameters/PSU-IP-Address"
        - $ref: "#/components/parameters/PSU-IP-Port"
        - $ref: "#/components/parameters/PSU-Accept"
        - $ref: "#/components/parameters/PSU-Accept-Charset"
        - $ref: "#/components/parameters/PSU-Accept-Encoding"
        - $ref: "#/components/parameters/PSU-Accept-Language"
        - $ref: "#/components/parameters/PSU-User-Agent"
        - $ref: "#/components/parameters/PSU-Http-Method"
        - $ref: "#/components/parameters/PSU-Device-ID"
        - $ref: "#/components/parameters/PSU-Geo-Location"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      requestBody:
        required: false
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/UpdatePSUDataAuthenticationRequest'
                - $ref: '#/components/schemas/UpdatePSUDataSelectAuthenticationRequest'
                - $ref: '#/components/schemas/UpdatePSUDataTransactionAuthorisationRequest'
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/UpdatePSUDataAuthenticationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataSelectAuthenticationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataIdentificationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataTransactionAuthorisationResponse'
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
            ASPSP-SCA-Approach:
              $ref: '#/components/headers/ASPSP-SCA-Approach'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '500':
          $ref: '#/components/responses/500InternalServerError'
    delete:
      tags:
        - consents
      summary: delete consent
      description: Deletes a created consent with ID.
      operationId: deleteConsent
      parameters:
        - $ref: "#/components/parameters/consentId"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/X-Request-ID"
      security:
        - ApiKeyAuth: []
      responses:
        '204':
          description: Consent resource was successfully deleted.
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/consents/{consentId}/status':
    get:
      tags:
        - consents
      summary: get status of a consent
      operationId: getStatusForConsentById
      description: Reads the transaction status of the addressed consent resource.
      parameters:
        - $ref: '#/components/parameters/consentId'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: 'Transaction status'
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - consentStatus
                properties:
                  consentStatus:
                    $ref: '#/components/schemas/ConsentStatus'
                  scaStatus:
                    $ref: '#/components/schemas/scaStatus'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/{payment-service}/{payment-product}':
    post:
      tags:
        - payments
      summary: creates a payment
      description: 'Creates a payment initiation resource addressable under {paymentId} with all data relevant for the corresponding payment product. This is the first step in the API to initiate the related payment.'
      operationId: createPayment
      parameters:
        - $ref: '#/components/parameters/payment-service'
        - $ref: '#/components/parameters/payment-product'
        - $ref: '#/components/parameters/Content-Type'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/PSU-ID"
        - $ref: "#/components/parameters/PSU-ID-Type"
        - $ref: "#/components/parameters/PSU-Corporate-ID"
        - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
        - $ref: "#/components/parameters/PSU-IP-Address"
        - $ref: "#/components/parameters/PSU-IP-Port"
        - $ref: "#/components/parameters/PSU-Accept"
        - $ref: "#/components/parameters/PSU-Accept-Charset"
        - $ref: "#/components/parameters/PSU-Accept-Encoding"
        - $ref: "#/components/parameters/PSU-Accept-Language"
        - $ref: "#/components/parameters/PSU-User-Agent"
        - $ref: "#/components/parameters/PSU-Http-Method"
        - $ref: "#/components/parameters/PSU-Device-ID"
        - $ref: "#/components/parameters/PSU-Geo-Location"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/TPP-Redirect-Preferred"
        - $ref: "#/components/parameters/TPP-Redirect-URI"
        - $ref: "#/components/parameters/TPP-Nok-Redirect-URI"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/SinglePaymentInitiationRequest'
                - $ref: '#/components/schemas/BulkPaymentInitiationRequest'
                - $ref: '#/components/schemas/PeriodicPaymentInitiationRequest'
          application/xml:
            schema:
              oneOf:
                - $ref: '#/components/schemas/SinglePaymentInitiationRequest'
                - $ref: '#/components/schemas/BulkPaymentInitiationRequest'
                - $ref: '#/components/schemas/PeriodicPaymentInitiationRequest'
      responses:
        '201':
          description: OK
          content:
            application/json:
              schema:
                type: object
                required:
                  - transactionStatus
                  - paymentId
                  - _links
                properties:
                  transactionStatus:
                    $ref: '#/components/schemas/TransactionStatus'
                  paymentId:
                    $ref: '#/components/schemas/paymentId'
                  transactionFees:
                    $ref: '#/components/schemas/Amount'
                  transactionFeeIndicator:
                    $ref: '#/components/schemas/transactionFeeIndicator'
                  scaMethods:
                    type: array
                    items:
                      $ref: '#/components/schemas/Authentication'
                  chosenScaMethod:
                    $ref: '#/components/schemas/Authentication'
                  challengeData:
                    $ref: '#/components/schemas/Challenge'
                  _links:
                    $ref: '#/components/schemas/Links'
                  psuMessage:
                    $ref: '#/components/schemas/psuMessage'
                  tppMessages:
                    type: array
                    items:
                      $ref: '#/components/schemas/TppMessage'
            application/xml:
              schema:
                type: object
                required:
                  - transactionStatus
                  - paymentId
                  - _links
                properties:
                  transactionStatus:
                    $ref: '#/components/schemas/TransactionStatus'
                  paymentId:
                    $ref: '#/components/schemas/paymentId'
                  transactionFees:
                    $ref: '#/components/schemas/Amount'
                  transactionFeeIndicator:
                    type: boolean
                    description: 'If equals "true", the transaction will involve specific transaction cost as shown by the ASPSP in their public price list or as agreed between ASPSP and PSU. If equals "false", the transaction will not involve additional specific transaction costs to the PSU.'
                  scaMethods:
                    type: array
                    items:
                      $ref: '#/components/schemas/Authentication'
                  chosenScaMethod:
                    $ref: '#/components/schemas/Authentication'
                  challengeData:
                    $ref: '#/components/schemas/Challenge'
                  _links:
                    $ref: '#/components/schemas/Links'
                  psuMessage:
                    $ref: '#/components/schemas/psuMessage'
                  tppMessages:
                    type: array
                    items:
                      $ref: '#/components/schemas/TppMessage'
          headers:
            Location:
              $ref: '#/components/headers/Location'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
            ASPSP-SCA-Approach:
              $ref: '#/components/headers/ASPSP-SCA-Approach'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/{payment-service}/{payment-product}/{paymentId}':
    put:
      tags:
        - payments
      summary: update payment 
      operationId: updatePayment
      description: 'Updates data on the payment resource if needed. It may authorise a payment within the Embedded SCA Approach where needed.'
      parameters:
        - $ref: '#/components/parameters/payment-service'
        - $ref: '#/components/parameters/payment-product'
        - $ref: '#/components/parameters/paymentId'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/PSU-ID"
        - $ref: "#/components/parameters/PSU-ID-Type"
        - $ref: "#/components/parameters/PSU-Corporate-ID"
        - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
        - $ref: "#/components/parameters/PSU-IP-Address"
        - $ref: "#/components/parameters/PSU-IP-Port"
        - $ref: "#/components/parameters/PSU-Accept"
        - $ref: "#/components/parameters/PSU-Accept-Charset"
        - $ref: "#/components/parameters/PSU-Accept-Encoding"
        - $ref: "#/components/parameters/PSU-Accept-Language"
        - $ref: "#/components/parameters/PSU-User-Agent"
        - $ref: "#/components/parameters/PSU-Http-Method"
        - $ref: "#/components/parameters/PSU-Device-ID"
        - $ref: "#/components/parameters/PSU-Geo-Location"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      requestBody:
        required: false
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/UpdatePSUDataAuthenticationRequest'
                - $ref: '#/components/schemas/UpdatePSUDataSelectAuthenticationRequest'
                - $ref: '#/components/schemas/UpdatePSUDataTransactionAuthorisationRequest'
      responses:
        '201':
          description: Created
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/UpdatePSUDataAuthenticationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataSelectAuthenticationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataIdentificationResponse'
                  - $ref: '#/components/schemas/UpdatePSUDataTransactionAuthorisationResponse'
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
            ASPSP-SCA-Approach:
              $ref: '#/components/headers/ASPSP-SCA-Approach'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '500':
          $ref: '#/components/responses/500InternalServerError'
    get:
      tags:
        - payments
      summary: get payment details
      operationId: getPayment
      description: Reads the details of an initiated payment.
      parameters:
        - $ref: '#/components/parameters/payment-service'
        - $ref: '#/components/parameters/payment-product'
        - $ref: '#/components/parameters/paymentId'
        - $ref: '#/components/parameters/Content-Type'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/PSU-ID"
        - $ref: "#/components/parameters/PSU-ID-Type"
        - $ref: "#/components/parameters/PSU-Corporate-ID"
        - $ref: "#/components/parameters/PSU-Corporate-ID-Type"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Consent-ID"
        - $ref: "#/components/parameters/PSU-IP-Address"
        - $ref: "#/components/parameters/TPP-Redirect-Preferred"
        - $ref: "#/components/parameters/TPP-Redirect-URI"
        - $ref: "#/components/parameters/TPP-Nok-Redirect-URI"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
            application/xml:
              schema:
                type: object
          headers:
            Location:
              $ref: '#/components/headers/Location'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
            ASPSP-SCA-Approach:
              $ref: '#/components/headers/ASPSP-SCA-Approach'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/{payment-service}/{payment-product}/{paymentId}/status':
    get:
      tags:
        - payments
      summary: get the status of a payment
      operationId: getPaymentStatus
      description: Reads the transaction status of the payment
      parameters:
        - $ref: '#/components/parameters/payment-service'
        - $ref: '#/components/parameters/payment-product'
        - $ref: '#/components/parameters/paymentId'
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Authorization"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      security:
        - ApiKeyAuth: []
      responses:
        '200':
          description: OK
          headers:
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                properties:
                  transactionStatus:
                    $ref: '#/components/schemas/TransactionStatus'
                  scaStatus:
                    $ref: '#/components/schemas/scaStatus'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '500':
          $ref: '#/components/responses/500InternalServerError'
  '/funds-confirmations':
    post:
      tags:
        - funds
      summary: check funds
      operationId: createFundsConfirmationRequest
      description: 'Checks whether funds are available for a payment transaction on an account linked with a given tuple cardissuer/cardnumber, or an IBAN and TPP respectively'
      security:
        - ApiKeyAuth: []
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              required:
                - account
                - instructedAmount
              properties:
                cardNumber:
                  type: string
                account:
                  $ref: "#/components/schemas/AccountReference"
                payee:
                  type: string
                  maxLength: 70
                instructedAmount:
                  $ref: "#/components/schemas/Amount"
      parameters:
        - $ref: "#/components/parameters/X-Request-ID"
        - $ref: "#/components/parameters/Digest"
        - $ref: "#/components/parameters/Signature"
        - $ref: "#/components/parameters/TPP-Signature-Certificate"
      responses:
        '200':
          description: OK
          headers:
            Location:
              $ref: '#/components/headers/Location'
            X-Request-ID:
              $ref: '#/components/headers/X-Request-ID'
          content:
            application/json:
              schema:
                type: object
                required:
                  - fundsAvaiable
                properties:
                  fundsAvaiable:
                    type: boolean
                    description: 'Equals "true" if sufficient funds are available at the time of the request, "false" otherwise.'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorized'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '405':
          $ref: '#/components/responses/405MethodNotAllowed'
        '500':
          $ref: '#/components/responses/500InternalServerError'