diff --git a/README.md b/README.md index 84d85e91..7ae21b4c 100644 --- a/README.md +++ b/README.md @@ -43,3 +43,17 @@ npm run start ``` +### Updating the OpenApi (Swagger) Spec + +We use `multi-file-swagger` to make our swagger files more manageable. + +After making changes to the `.yaml` files in `./src/interface/`, update the `swagger.json` file like so: + +```bash +./node_modules/.bin/multi-file-swagger ./src/interface/template.yaml > src/interface/swagger.json +``` + +> Note: We will likely want to move to swagger 3.0 at some point, and once we do, we will be able to use the [common api snippets](https://github.com/mojaloop/api-snippets) library to factor out common Mojaloop snippets. +> Keep track of [#352 - Update to OpenAPI v3](https://app.zenhub.com/workspaces/pisp-5e8457b05580fb04a7fd4878/issues/mojaloop/mojaloop/352) + + diff --git a/package-lock.json b/package-lock.json index a2be98ac..676655c8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2922,6 +2922,12 @@ "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-5.0.0.tgz", "integrity": "sha512-KWTu6ZMVk9sxlDJQh2YH1UOnfDP8O8TpxUxgQG/vKASoSnEjK9aVuOueFaPcQEYQ5fyNXNTOYwYw3099RYebWg==" }, + "binary-extensions": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.0.0.tgz", + "integrity": "sha512-Phlt0plgpIIBOGTT/ehfFnbNlfsDEiqmzE2KRXoX1bLIlir4X/MR+zSyBEkL05ffWgnRSf/DXv+WrUAVr93/ow==", + "dev": true + }, "bindings": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz", @@ -3302,6 +3308,22 @@ "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==", "dev": true }, + "chokidar": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.4.0.tgz", + "integrity": "sha512-aXAaho2VJtisB/1fg1+3nlLJqGOuewTzQpd/Tz0yTg2R0e4IGtshYvtjowyEumcBv2z+y4+kc75Mz7j5xJskcQ==", + "dev": true, + "requires": { + "anymatch": "~3.1.1", + "braces": "~3.0.2", + "fsevents": "~2.1.2", + "glob-parent": "~5.1.0", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.4.0" + } + }, "chownr": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", @@ -4157,6 +4179,12 @@ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" }, + "cookiejar": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.2.tgz", + "integrity": "sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA==", + "dev": true + }, "copy-descriptor": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/copy-descriptor/-/copy-descriptor-0.1.1.tgz", @@ -5757,6 +5785,12 @@ "resolved": "https://registry.npmjs.org/format-util/-/format-util-1.0.5.tgz", "integrity": "sha512-varLbTj0e0yVyRpqQhuWV+8hlePAgaoFRhNFj50BNjEIrw1/DphHSObtqwskVCPWNgzwPoQrZAbfa/SBiicNeg==" }, + "formidable": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz", + "integrity": "sha512-V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q==", + "dev": true + }, "fragment-cache": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz", @@ -6576,6 +6610,15 @@ "integrity": "sha512-jpSvDPV4Cq/bgtpndIWbI5hmYxhQGHPC4d4cqBPb4DLniCfhJokdXhwhaDuLBGLQdvvRum/UiX6ECVIPvDXqdg==", "dev": true }, + "graphlib": { + "version": "2.1.8", + "resolved": "https://registry.npmjs.org/graphlib/-/graphlib-2.1.8.tgz", + "integrity": "sha512-jcLLfkpoVGmH7/InMC/1hIvOPSUh38oJtGhvrOFGzioE1DZ+0YW16RgmOJhHiuWTvGiJQ9Z1Ik43JvkRPRvE+A==", + "dev": true, + "requires": { + "lodash": "^4.17.15" + } + }, "growly": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/growly/-/growly-1.3.0.tgz", @@ -7482,6 +7525,12 @@ "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", "dev": true }, + "ignore-by-default": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz", + "integrity": "sha1-SMptcvbGo68Aqa1K5odr44ieKwk=", + "dev": true + }, "ignore-walk": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/ignore-walk/-/ignore-walk-3.0.3.tgz", @@ -7711,6 +7760,15 @@ "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=", "dev": true }, + "is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "requires": { + "binary-extensions": "^2.0.0" + } + }, "is-buffer": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", @@ -10930,6 +10988,30 @@ "jju": "^1.1.0" } }, + "json-refs": { + "version": "3.0.15", + "resolved": "https://registry.npmjs.org/json-refs/-/json-refs-3.0.15.tgz", + "integrity": "sha512-0vOQd9eLNBL18EGl5yYaO44GhixmImes2wiYn9Z3sag3QnehWrYWlB9AFtMxCL2Bj3fyxgDYkxGFEU/chlYssw==", + "dev": true, + "requires": { + "commander": "~4.1.1", + "graphlib": "^2.1.8", + "js-yaml": "^3.13.1", + "lodash": "^4.17.15", + "native-promise-only": "^0.8.1", + "path-loader": "^1.0.10", + "slash": "^3.0.0", + "uri-js": "^4.2.2" + }, + "dependencies": { + "commander": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", + "dev": true + } + } + }, "json-schema": { "version": "0.2.3", "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz", @@ -11869,6 +11951,12 @@ "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", "dev": true }, + "methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=", + "dev": true + }, "micromatch": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz", @@ -11879,6 +11967,12 @@ "picomatch": "^2.0.5" } }, + "mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "dev": true + }, "mime-db": { "version": "1.44.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", @@ -12138,6 +12232,25 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, + "multi-file-swagger": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/multi-file-swagger/-/multi-file-swagger-2.3.0.tgz", + "integrity": "sha512-kiGLOSzovuYddOePdYicu/jkIjvlNgvq/bP/0C0+oiPBIuiJWLS1vXPvnU2OowRQPi/Hxnp0HuRI5/7s7qu8Qg==", + "dev": true, + "requires": { + "commander": "^2.19.0", + "js-yaml": "^3.12.2", + "json-refs": "^3.0.12" + }, + "dependencies": { + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + } + } + }, "mustache": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/mustache/-/mustache-4.0.1.tgz", @@ -12173,6 +12286,12 @@ "to-regex": "^3.0.1" } }, + "native-promise-only": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/native-promise-only/-/native-promise-only-0.8.1.tgz", + "integrity": "sha1-IKMYwwy0X3H+et+/eyHJnBRy7xE=", + "dev": true + }, "natural-compare": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", @@ -12379,6 +12498,41 @@ } } }, + "nodemon": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-2.0.4.tgz", + "integrity": "sha512-Ltced+hIfTmaS28Zjv1BM552oQ3dbwPqI4+zI0SLgq+wpJhSyqgYude/aZa/3i31VCQWMfXJVxvu86abcam3uQ==", + "dev": true, + "requires": { + "chokidar": "^3.2.2", + "debug": "^3.2.6", + "ignore-by-default": "^1.0.1", + "minimatch": "^3.0.4", + "pstree.remy": "^1.1.7", + "semver": "^5.7.1", + "supports-color": "^5.5.0", + "touch": "^3.1.0", + "undefsafe": "^2.0.2", + "update-notifier": "^4.0.0" + }, + "dependencies": { + "debug": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", + "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + } + } + }, "nopt": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz", @@ -13207,6 +13361,16 @@ "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=", "dev": true }, + "path-loader": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/path-loader/-/path-loader-1.0.10.tgz", + "integrity": "sha512-CMP0v6S6z8PHeJ6NFVyVJm6WyJjIwFvyz2b0n2/4bKdS/0uZa/9sKUlYZzubrn3zuDRU0zIuEDX9DZYQ2ZI8TA==", + "dev": true, + "requires": { + "native-promise-only": "^0.8.1", + "superagent": "^3.8.3" + } + }, "path-parse": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz", @@ -13447,6 +13611,12 @@ "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==" }, + "pstree.remy": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz", + "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==", + "dev": true + }, "pump": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", @@ -13637,6 +13807,15 @@ "once": "^1.3.0" } }, + "readdirp": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.4.0.tgz", + "integrity": "sha512-0xe001vZBnJEK+uKcj8qOhyAKPzIT+gStxWr3LCB0DwcXR5NZJ3IaC+yGnHCYzB/S7ov3m3EEbZI2zeNvX+hGQ==", + "dev": true, + "requires": { + "picomatch": "^2.2.1" + } + }, "realpath-native": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-1.1.0.tgz", @@ -15138,6 +15317,35 @@ "integrity": "sha512-e6/d0eBu7gHtdCqFt0xJr642LdToM5/cN4Qb9DbHjVx1CP5RyeM+zH7pbecEmDv/lBqb0QH+6Uqq75rxFPkM0w==", "dev": true }, + "superagent": { + "version": "3.8.3", + "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz", + "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==", + "dev": true, + "requires": { + "component-emitter": "^1.2.0", + "cookiejar": "^2.1.0", + "debug": "^3.1.0", + "extend": "^3.0.0", + "form-data": "^2.3.1", + "formidable": "^1.2.0", + "methods": "^1.1.1", + "mime": "^1.4.1", + "qs": "^6.5.1", + "readable-stream": "^2.3.5" + }, + "dependencies": { + "debug": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", + "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + } + } + }, "supports-color": { "version": "5.5.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", @@ -15438,6 +15646,26 @@ "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==" }, + "touch": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/touch/-/touch-3.1.0.tgz", + "integrity": "sha512-WBx8Uy5TLtOSRtIq+M03/sKDrXCLHxwDcquSP2c43Le03/9serjQBIztjRz6FkJez9D/hleyAXTBGLwwZUw9lA==", + "dev": true, + "requires": { + "nopt": "~1.0.10" + }, + "dependencies": { + "nopt": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-1.0.10.tgz", + "integrity": "sha1-bd0hvSoxQXuScn3Vhfim83YI6+4=", + "dev": true, + "requires": { + "abbrev": "1" + } + } + } + }, "tough-cookie": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-3.0.1.tgz", @@ -15613,6 +15841,32 @@ } } }, + "undefsafe": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.3.tgz", + "integrity": "sha512-nrXZwwXrD/T/JXeygJqdCO6NZZ1L66HrxM/Z7mIq2oPanoN0F1nLx3lwJMu6AwJY69hdixaFQOuoYsMjE5/C2A==", + "dev": true, + "requires": { + "debug": "^2.2.0" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, "union-value": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz", diff --git a/package.json b/package.json index 9a6ed7a5..2d3ace6a 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "release": "standard-version", "standard": "echo '\\033[1;33m This project uses eslint instead of standard. Use `npm run lint` instead.'", "start": "ts-node -P ./tsconfig.json ./src/cli.ts", + "dev": "nodemon --watch 'src/**/*.ts' --exec 'ts-node' src/cli.ts", "test": "npm run test:unit", "test:bdd": "jest --config './jest.bdd.config.js' --testMatch '**/test/step-definitions/**/*.step.ts'", "test:coverage": "jest --coverage --coverageThreshold='{}'", @@ -80,6 +81,8 @@ "jest-cucumber": "^2.0.11", "jest-junit": "10.0.0", "lint-staged": "^10.2.3", + "multi-file-swagger": "^2.3.0", + "nodemon": "^2.0.4", "npm-audit-resolver": "2.2.0", "npm-check-updates": "6.0.0", "source-map-support": "0.5.12", diff --git a/src/interface/definitions.yaml b/src/interface/definitions.yaml new file mode 100644 index 00000000..d8543ba6 --- /dev/null +++ b/src/interface/definitions.yaml @@ -0,0 +1,296 @@ +## Auth-Service Specific Definitions: +AccountAddress: + title: AccountAddress + type: string + description: Unique routable address which is DFSP specific. + pattern: ^([0-9A-Za-z_~\-\.]+[0-9A-Za-z_~\-])$ + minLength: 1 + maxLength: 1023 + +AccountId: + type: string + description: > + A long-lived account identifier provided by the DFSP + this MUST NOT be Bank Account Number or anything that + may expose a User's private bank account information + +AuthScopesEnum: + title: AuthScopesEnum + type: string + enum: + - accounts.getBalance + - accounts.transfer + description: | + The scopes requested for a ConsentRequest + - "accounts.getBalance" - Get the balance of a given account + - "accounts.transfer" - initiate a transfer from an account + +Consent: + title: Consent + type: object + description: Data model for the complex type Consent + properties: + id: + allOf: + - $ref: '#/definitions/CorrelationId' + description: > + Common ID between the PISP and FSP for the Consent object + decided by the DFSP who creates the Consent + + This field is REQUIRED for POST /consent + requestId: + allOf: + - $ref: '#/definitions/CorrelationId' + description: > + The id of the ConsentRequest that was used to initiate the + creation of this Consent + participantId: + $ref: '#/definitions/FspId' + initiatorId: + allOf: + - $ref: '#/definitions/FspId' + description: PISP identifier who uses this Consent + scopes: + type: array + items: + $ref: '#/definitions/Scope' + credential: + $ref: '#/definitions/Credential' + +Credential: + title: Credential + type: object + description: > + A credential used to allow a user to prove their identity and access to an account with a DFSP + properties: + id: + type: string + description: The id of a Credential + type: + $ref: '#/definitions/CredentialTypeEnum' + status: + $ref: '#/definitions/CredentialStatusEnum' + challenge: + $ref: '#/definitions/CredentialChallenge' + payload: + type: string + description: Base64 encoded bytes - The public key of the Public/Private keypair + required: + - id + - type + - status + + # TODO: update me to be an empty body! +GenerateChallengeRequest: + title: GenerateChallengeRequest + type: object + description: > + A credential used to allow a user to prove their identity and access to an account with a DFSP + properties: + type: + $ref: '#/definitions/CredentialTypeEnum' + required: + - type + +CredentialChallenge: + title: CredentialChallenge + type: object + description: > + The challenge issued by a DFSP that must be answered by the PISP + properties: + payload: + type: string + description: Base64 encoded binary of the challenge that must be answered by the PISP + signature: + type: string + description: Base64 enoded binary string or result of the payload signed by the PISP using the private key + required: + - payload + +CredentialStatusEnum: + title: CredentialStatus + type: string + enum: + - PENDING + - ACTIVE + description: | + The status of the Credential's creation + - "PENDING" - The PISP has requested a challenge, or the challenge has initialized but not yet answered by the PISP + - "ACTIVE" - The Credential is valid, and ready to be used by the PISP + +CredentialTypeEnum: + title: CredentialTypeEnum + type: string + enum: + - FIDO + description: | + The type of the Credential + - "FIDO" - A FIDO public/private keypair + +Scope: + title: Scope + type: object + description: Scope + Account Identifier mapping for a Consent + properties: + scope: + $ref: '#/definitions/AuthScopesEnum' + accountId: + $ref: '#/definitions/AccountId' + required: + - scope + - accountId + +ThirdPartyAuthorizationRequest: + title: ThirdPartyAuthorizationRequest + type: object + description: The Request object for verifying an authorization + # TODO: finish me!!! + properties: + challenge: + type: string + description: The original Challenge Object as a JSON string + required: + - challenge + + +# TODO: +# replace with references to api-snippets, once api-snippets has Swagger 2.0 support +BinaryString: + description: 'The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.' + pattern: '^[A-Za-z0-9-_]+[=]{0,2}$' + type: string +BinaryString32: + description: 'The API data type BinaryString32 is a fixed size version of the API data type BinaryString, where the raw underlying data is always of 32 bytes. The data type BinaryString32 should not use a padding character as the size of the underlying data is fixed.' + pattern: '^[A-Za-z0-9-_]{43}$' + type: string +CorrelationId: + title: CorrelationId + description: 'Identifier that correlates all messages of the same sequence. The API data type UUID (Universally Unique Identifier) is a JSON String in canonical format, conforming to RFC 4122, that is restricted by a regular expression for interoperability reasons. An UUID is always 36 characters long, 32 hexadecimal symbols and 4 dashes (‘-‘).' + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$' + type: string +Date: + title: Date + description: 'The API data type Date is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. This format, as specified in ISO 8601, contains a date only. A more readable version of the format is yyyy-MM-dd. Examples - "1982-05-23", "1987-08-05”' + pattern: '^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$' + type: string +DateTime: + title: DateTime + description: 'The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to ISO 8601, expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples - "2016-05-24T08:38:08.699-04:00", "2016-05-24T08:38:08.699Z" (where Z indicates Zulu time zone, same as UTC).' + pattern: '^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:(\.\d{3}))(?:Z|[+-][01]\d:[0-5]\d)$' + type: string +ErrorCode: + title: ErrorCode + description: 'The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represents the specific error.' + pattern: '^[1-9]\d{3}$' + type: string +ErrorDescription: + title: ErrorDescription + description: Error description string. + maxLength: 128 + minLength: 1 + type: string +ExtensionKey: + title: ExtensionKey + description: Extension key. + maxLength: 32 + minLength: 1 + type: string +ExtensionValue: + title: ExtensionValue + description: Extension value. + maxLength: 128 + minLength: 1 + type: string +FspId: + title: FspId + description: FSP identifier. + maxLength: 32 + minLength: 1 + type: string +Integer: + title: Integer + description: The API data type Integer is a JSON String consisting of digits only. Negative numbers and leading zeroes are not allowed. The data type is always limited to a specific number of digits. + pattern: '^[1-9]\d*$' + type: string +ErrorInformation: + title: ErrorInformation + description: Data model for the complex type ErrorInformation. + required: + - errorCode + - errorDescription + type: object + properties: + errorCode: + description: Specific error number. + type: string + errorDescription: + description: Error description string. + type: string + extensionList: + $ref: '#/definitions/ExtensionList' + description: 'Optional list of extensions, specific to deployment.' +ErrorInformationObject: + title: ErrorInformationObject + description: Data model for the complex type object that contains ErrorInformation. + required: + - errorInformation + type: object + properties: + errorInformation: + $ref: '#/definitions/ErrorInformation' +ErrorInformationResponse: + title: ErrorInformationResponse + description: Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses. + type: object + properties: + errorInformation: + $ref: '#/definitions/ErrorInformation' +Extension: + title: Extension + description: Data model for the complex type Extension + required: + - key + - value + type: object + properties: + key: + description: Extension key. + type: string + value: + description: Extension value. + type: string +ExtensionList: + title: ExtensionList + description: Data model for the complex type ExtensionList + required: + - extension + type: object + properties: + extension: + description: Number of Extension elements + maxItems: 16 + minItems: 1 + type: array + items: + $ref: '#/definitions/Extension' +Status: + title: Status + description: Data model for the api status. + type: object + properties: + status: + description: 'The return status, usually "OK"' + type: string + uptime: + description: The amount of time in seconds that the server has been up for. + type: number + startTime: + description: The UTC time that the server started up + type: string + versionNumber: + description: Current version of the API + type: string + services: + description: An list of the statuses of services that the API requires + type: array + items: {} \ No newline at end of file diff --git a/src/interface/parameters.yaml b/src/interface/parameters.yaml new file mode 100644 index 00000000..135d6194 --- /dev/null +++ b/src/interface/parameters.yaml @@ -0,0 +1,87 @@ +Accept: + name: accept + description: The Accept header field indicates the version of the API the client would like the server to use. + in: header + required: true + type: string +Content-Length: + name: content-length + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. Note - The API supports a maximum size of 5242880 bytes (5 Megabytes) + in: header + required: false + type: integer +Content-Type: + name: content-type + description: The Content-Type header indicates the specific version of the API used to send the payload body. + in: header + required: true + type: string +Date: + name: date + description: The Date header field indicates the date when the request was sent. + in: header + required: true + type: string +X-Forwarded-For: + name: x-forwarded-for + description: 'The X-Forwarded-For header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple X-Forwarded-For values as in the example shown here should be expected and supported by implementers of the API. Note - An alternative to X-Forwarded-For is defined in RFC 7239. However, to this point RFC 7239 is less-used and supported than X-Forwarded-For.' + in: header + required: false + type: string +FSPIOP-Source: + name: fspiop-source + description: The FSPIOP-Source header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field FSPIOP-Signature). + in: header + required: true + type: string +FSPIOP-Destination: + name: fspiop-destination + description: 'The FSPIOP-Destination header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field should be set by the original sender of the request (if known), so that any entities between the client and the server do not need to parse the payload for routing purposes.' + in: header + required: false + type: string +FSPIOP-Originator: + name: fspiop-originator + description: The FSPIOP-Originator header field is a non-HTTP standard field used by the API for HTTP header based routing and verification of requests originated from PISP participant. The field should be set by the original PISP sender of the request (if known) to clearly identify that PISP is request's originator + in: header + required: false + type: string +FSPIOP-Encryption: + name: fspiop-encryption + description: The FSPIOP-Encryption header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request. + in: header + required: false + type: string +FSPIOP-Signature: + name: fspiop-signature + description: The FSPIOP-Signature header field is a non-HTTP standard field used by the API for applying an end-to-end request signature. + in: header + required: false + type: string +FSPIOP-URI: + name: fspiop-uri + description: 'The FSPIOP-URI header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information see API Signature document.' + in: header + required: false + type: string +FSPIOP-HTTP-Method: + name: fspiop-http-method + description: 'The FSPIOP-HTTP-Method header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information see API Signature document.' + in: header + required: false + type: string +ID: + name: ID + in: path + required: true + type: string +Type: + name: Type + in: path + required: true + type: string +SubId: + name: SubId + in: path + required: true + type: string \ No newline at end of file diff --git a/src/interface/responses.yaml b/src/interface/responses.yaml new file mode 100644 index 00000000..9f3cb193 --- /dev/null +++ b/src/interface/responses.yaml @@ -0,0 +1,103 @@ +ResponseHealth200: + description: OK + schema: + $ref: '#/definitions/Status' +ResponseHello200: + description: example hello-word response + schema: + type: object + properties: + hello: + type: string +Response200: + description: OK +Response202: + description: Accepted +ErrorResponse400: + description: 'Bad Request - The application cannot process the request; for example, due to malformed syntax or the payload exceeded size restrictions.' + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse401: + description: Unauthorized - The request requires authentication in order to be processed. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse403: + description: Forbidden - The request was denied and will be denied in the future. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse404: + description: Not Found - The resource specified in the URI was not found. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse405: + description: Method Not Allowed - An unsupported HTTP method for the request was used. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse406: + description: Not acceptable - The server is not capable of generating content according to the Accept headers sent in the request. Used in the API to indicate that the server does not support the version that the client is requesting. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse501: + description: Not Implemented - The server does not support the requested service. The client should not retry. + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' +ErrorResponse503: + description: 'Service Unavailable - The server is currently unavailable to accept any new service requests. This should be a temporary state, and the client should retry within a reasonable time frame.' + headers: + Content-Length: + description: The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. + type: integer + Content-Type: + description: The Content-Type header indicates the specific version of the API used to send the payload body. + type: string + schema: + $ref: '#/definitions/ErrorInformationResponse' diff --git a/src/interface/swagger.json b/src/interface/swagger.json index f4d4c43b..54c912bb 100644 --- a/src/interface/swagger.json +++ b/src/interface/swagger.json @@ -1,2054 +1,1194 @@ { - "swagger": "2.0", - "info": { - "title": "Transaction Requests related parts of Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)", - "version": "1.0", - "description": "Based on API Definition.docx updated on 2018-03-13 Version 1.0. Note - The API supports a maximum size of 65536 bytes (64 Kilobytes) in the HTTP header.", - "license": { - "name": "Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)" - } + "swagger": "2.0", + "info": { + "title": "Mojaloop Auth-Service API", + "version": "0.1.0", + "description": "An API a central auth service in Mojaloop, concerned with creating \\nand managing Consents and validating thirdparty transactions", + "license": { + "name": "Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version)" + } + }, + "basePath": "/", + "schemes": [ + "http" + ], + "produces": [ + "application/json" + ], + "paths": { + "/health": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "health" + ], + "responses": { + "200": { + "$ref": "#/responses/ResponseHealth200" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + }, + "operationId": "HealthGet", + "summary": "Get Server", + "description": "The HTTP request GET /health is used to return the current status of the API." + } }, - "basePath": "/", - "schemes": [ - "http" - ], - "produces": [ - "application/json" - ], - "paths": { - "/health": { - "get": { - "produces": [ - "application/json" - ], - "tags": [ - "health" - ], - "responses": { - "200": { - "$ref": "#/responses/ResponseHealth200" - }, - "400": { - "$ref": "#/responses/ErrorResponse400" - }, - "401": { - "$ref": "#/responses/ErrorResponse401" - }, - "403": { - "$ref": "#/responses/ErrorResponse403" - }, - "404": { - "$ref": "#/responses/ErrorResponse404" - }, - "405": { - "$ref": "#/responses/ErrorResponse405" - }, - "406": { - "$ref": "#/responses/ErrorResponse406" - }, - "501": { - "$ref": "#/responses/ErrorResponse501" - }, - "503": { - "$ref": "#/responses/ErrorResponse503" - } - }, - "operationId": "HealthGet", - "summary": "Get Server", - "description": "The HTTP request GET /health is used to return the current status of the API." - } - }, - "/metrics": { - "get": { - "produces": [ - "application/json" - ], - "tags": [ - "metrics" - ], - "responses": { - "200": { - "$ref": "#/responses/ResponseHealth200" - }, - "400": { - "$ref": "#/responses/ErrorResponse400" - }, - "401": { - "$ref": "#/responses/ErrorResponse401" - }, - "403": { - "$ref": "#/responses/ErrorResponse403" - }, - "404": { - "$ref": "#/responses/ErrorResponse404" - }, - "405": { - "$ref": "#/responses/ErrorResponse405" - }, - "406": { - "$ref": "#/responses/ErrorResponse406" - }, - "501": { - "$ref": "#/responses/ErrorResponse501" - }, - "503": { - "$ref": "#/responses/ErrorResponse503" - } - }, - "operationId": "MetricsGet", - "summary": "Prometheus metrics endpoint", - "description": "The HTTP request GET /metrics is used to return metrics for the API." - } - }, - "/hello": { - "get": { - "produces": [ - "application/json" - ], - "tags": [ - "metrics" - ], - "responses": { - "200": { - "$ref": "#/responses/ResponseHealth200" - }, - "400": { - "$ref": "#/responses/ErrorResponse400" - }, - "401": { - "$ref": "#/responses/ErrorResponse401" - }, - "403": { - "$ref": "#/responses/ErrorResponse403" - }, - "404": { - "$ref": "#/responses/ErrorResponse404" - }, - "405": { - "$ref": "#/responses/ErrorResponse405" - }, - "406": { - "$ref": "#/responses/ErrorResponse406" - }, - "501": { - "$ref": "#/responses/ErrorResponse501" - }, - "503": { - "$ref": "#/responses/ErrorResponse503" - } - }, - "operationId": "HelloGet", - "summary": "example get", - "description": "The HTTP request GET /hello is used to return some example json." - } - } + "/metrics": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "metrics" + ], + "responses": { + "200": { + "$ref": "#/responses/ResponseHealth200" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + }, + "operationId": "MetricsGet", + "summary": "Prometheus metrics endpoint", + "description": "The HTTP request GET /metrics is used to return metrics for the API." + } }, - "definitions": { - "Amount": { - "title": "Amount", - "description": "The API data type Amount is a JSON String in a canonical format that is restricted by a regular expression for interoperability reasons. This pattern does not allow any trailing zeroes at all, but allows an amount without a minor currency unit. It also only allows four digits in the minor currency unit; a negative value is not allowed. Using more than 18 digits in the major currency unit is not allowed.", - "pattern": "^([0]|([1-9][0-9]{0,17}))([.][0-9]{0,3}[1-9])?$", - "type": "string" - }, - "AmountType": { - "title": "AmountType", - "description": "Below are the allowed values for the enumeration AmountType - SEND Amount the Payer would like to send, that is, the amount that should be withdrawn from the Payer account including any fees. - RECEIVE Amount the Payer would like the Payee to receive, that is, the amount that should be sent to the receiver exclusive fees.", - "enum": [ - "SEND", - "RECEIVE" - ], - "type": "string" - }, - "AuthenticationType": { - "title": "AuthenticationTypeEnum", - "description": "Below are the allowed values for the enumeration AuthenticationType. - OTP One-time password generated by the Payer FSP. - QRCODE QR code used as One Time Password., - U2F (Universal 2nd Factor) is used when authentication is done by FIDO", - "enum": [ - "OTP", - "QRCODE", - "U2F" - ], - "type": "string" - }, - "AuthenticationValue": { - "title": "AuthenticationValue", - "description": "Contains the authentication value. The format depends on the authentication type used in the AuthenticationInfo complex type.", - "pattern": "^\\d{3,10}$|^\\S{1,64}$", - "type": "string" - }, - "AuthorizationResponse": { - "title": "AuthorizationResponse", - "description": "Below are the allowed values for the enumeration - ENTERED Consumer entered the authentication value. - REJECTED Consumer rejected the transaction. - RESEND Consumer requested to resend the authentication value.", - "enum": [ - "ENTERED", - "REJECTED", - "RESEND" - ], - "type": "string" - }, - "BalanceOfPayments": { - "title": "BalanceOfPayments", - "description": "(BopCode) The API data type BopCode is a JSON String of 3 characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. https://www.imf.org/external/np/sta/bopcode/", - "pattern": "^[1-9]\\d{2}$", - "type": "string" - }, - "BinaryString": { - "description": "The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.", - "pattern": "^[A-Za-z0-9-_]+[=]{0,2}$", - "type": "string" - }, - "BinaryString32": { - "description": "The API data type BinaryString32 is a fixed size version of the API data type BinaryString, where the raw underlying data is always of 32 bytes. The data type BinaryString32 should not use a padding character as the size of the underlying data is fixed.", - "pattern": "^[A-Za-z0-9-_]{43}$", - "type": "string" - }, - "BulkTransferState": { - "title": "BulkTransactionStateEnum", - "description": "Below are the allowed values for the enumeration - RECEIVED Payee FSP has received the bulk transfer from the Payer FSP. - PENDING Payee FSP has validated the bulk transfer. - ACCEPTED Payee FSP has accepted to process the bulk transfer. - PROCESSING Payee FSP has started to transfer fund to the Payees. - COMPLETED Payee FSP has completed transfer of funds to the Payees. - REJECTED Payee FSP has rejected to process the bulk transfer.", - "enum": [ - "RECEIVED", - "PENDING", - "ACCEPTED", - "PROCESSING", - "COMPLETED", - "REJECTED" - ], - "type": "string" - }, - "Code": { - "title": "Code", - "description": "Any code/token returned by the Payee FSP (TokenCode Type).", - "pattern": "^[0-9a-zA-Z]{4,32}$", - "type": "string" - }, - "CorrelationId": { - "title": "CorrelationId", - "description": "Identifier that correlates all messages of the same sequence. The API data type UUID (Universally Unique Identifier) is a JSON String in canonical format, conforming to RFC 4122, that is restricted by a regular expression for interoperability reasons. An UUID is always 36 characters long, 32 hexadecimal symbols and 4 dashes (‘-‘).", - "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$", - "type": "string" - }, - "Currency": { - "title": "CurrencyEnum", - "description": "The currency codes defined in ISO 4217 as three-letter alphabetic codes are used as the standard naming representation for currencies.", - "maxLength": 3, - "minLength": 3, - "enum": [ - "AED", - "AFN", - "ALL", - "AMD", - "ANG", - "AOA", - "ARS", - "AUD", - "AWG", - "AZN", - "BAM", - "BBD", - "BDT", - "BGN", - "BHD", - "BIF", - "BMD", - "BND", - "BOB", - "BRL", - "BSD", - "BTN", - "BWP", - "BYN", - "BZD", - "CAD", - "CDF", - "CHF", - "CLP", - "CNY", - "COP", - "CRC", - "CUC", - "CUP", - "CVE", - "CZK", - "DJF", - "DKK", - "DOP", - "DZD", - "EGP", - "ERN", - "ETB", - "EUR", - "FJD", - "FKP", - "GBP", - "GEL", - "GGP", - "GHS", - "GIP", - "GMD", - "GNF", - "GTQ", - "GYD", - "HKD", - "HNL", - "HRK", - "HTG", - "HUF", - "IDR", - "ILS", - "IMP", - "INR", - "IQD", - "IRR", - "ISK", - "JEP", - "JMD", - "JOD", - "JPY", - "KES", - "KGS", - "KHR", - "KMF", - "KPW", - "KRW", - "KWD", - "KYD", - "KZT", - "LAK", - "LBP", - "LKR", - "LRD", - "LSL", - "LYD", - "MAD", - "MDL", - "MGA", - "MKD", - "MMK", - "MNT", - "MOP", - "MRO", - "MUR", - "MVR", - "MWK", - "MXN", - "MYR", - "MZN", - "NAD", - "NGN", - "NIO", - "NOK", - "NPR", - "NZD", - "OMR", - "PAB", - "PEN", - "PGK", - "PHP", - "PKR", - "PLN", - "PYG", - "QAR", - "RON", - "RSD", - "RUB", - "RWF", - "SAR", - "SBD", - "SCR", - "SDG", - "SEK", - "SGD", - "SHP", - "SLL", - "SOS", - "SPL", - "SRD", - "STD", - "SVC", - "SYP", - "SZL", - "THB", - "TJS", - "TMT", - "TND", - "TOP", - "TRY", - "TTD", - "TVD", - "TWD", - "TZS", - "UAH", - "UGX", - "USD", - "UYU", - "UZS", - "VEF", - "VND", - "VUV", - "WST", - "XAF", - "XCD", - "XDR", - "XOF", - "XPF", - "YER", - "ZAR", - "ZMW", - "ZWD" - ], - "type": "string" - }, - "Date": { - "title": "Date", - "description": "The API data type Date is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. This format, as specified in ISO 8601, contains a date only. A more readable version of the format is yyyy-MM-dd. Examples - \"1982-05-23\", \"1987-08-05”", - "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$", - "type": "string" - }, - "DateOfBirth": { - "title": "DateofBirth (type Date)", - "description": "Date of Birth of the Party.", - "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$", - "type": "string" - }, - "DateTime": { - "title": "DateTime", - "description": "The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to ISO 8601, expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples - \"2016-05-24T08:38:08.699-04:00\", \"2016-05-24T08:38:08.699Z\" (where Z indicates Zulu time zone, same as UTC).", - "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\\d|2[0-3]):[0-5]\\d:[0-5]\\d(?:(\\.\\d{3}))(?:Z|[+-][01]\\d:[0-5]\\d)$", - "type": "string" - }, - "ErrorCode": { - "title": "ErrorCode", - "description": "The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represents the specific error.", - "pattern": "^[1-9]\\d{3}$", - "type": "string" - }, - "ErrorDescription": { - "title": "ErrorDescription", - "description": "Error description string.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "ExtensionKey": { - "title": "ExtensionKey", - "description": "Extension key.", - "maxLength": 32, - "minLength": 1, - "type": "string" - }, - "ExtensionValue": { - "title": "ExtensionValue", - "description": "Extension value.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "FirstName": { - "title": "FirstName", - "description": "First name of the Party (Name Type).", - "maxLength": 128, - "minLength": 1, - "pattern": "^(?!\\s*$)[\\w .,'-]{1,128}$", - "type": "string" - }, - "FspId": { - "title": "FspId", - "description": "FSP identifier.", - "maxLength": 32, - "minLength": 1, - "type": "string" - }, - "IlpCondition": { - "title": "IlpCondition", - "description": "Condition that must be attached to the transfer by the Payer.", - "maxLength": 48, - "pattern": "^[A-Za-z0-9-_]{43}$", - "type": "string" - }, - "IlpFulfilment": { - "title": "IlpFulfilment", - "description": "Fulfilment that must be attached to the transfer by the Payee.", - "maxLength": 48, - "pattern": "^[A-Za-z0-9-_]{43}$", - "type": "string" - }, - "IlpPacket": { - "title": "IlpPacket", - "description": "Information for recipient (transport layer information).", - "maxLength": 32768, - "minLength": 1, - "pattern": "^[A-Za-z0-9-_]+[=]{0,2}$", - "type": "string" - }, - "Integer": { - "title": "Integer", - "description": "The API data type Integer is a JSON String consisting of digits only. Negative numbers and leading zeroes are not allowed. The data type is always limited to a specific number of digits.", - "pattern": "^[1-9]\\d*$", - "type": "string" - }, - "LastName": { - "title": "LastName", - "description": "Last name of the Party (Name Type).", - "maxLength": 128, - "minLength": 1, - "pattern": "^(?!\\s*$)[\\w .,'-]{1,128}$", - "type": "string" - }, - "Latitude": { - "title": "Latitude", - "description": "The API data type Latitude is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons.", - "pattern": "^(\\+|-)?(?:90(?:(?:\\.0{1,6})?)|(?:[0-9]|[1-8][0-9])(?:(?:\\.[0-9]{1,6})?))$", - "type": "string" - }, - "Longitude": { - "title": "Longitude", - "description": "The API data type Longitude is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons.", - "pattern": "^(\\+|-)?(?:180(?:(?:\\.0{1,6})?)|(?:[0-9]|[1-9][0-9]|1[0-7][0-9])(?:(?:\\.[0-9]{1,6})?))$", - "type": "string" - }, - "MerchantClassificationCode": { - "title": "MerchantClassificationCode", - "description": "A limited set of pre-defined numbers. This list would be a limited set of numbers identifying a set of popular merchant types like School Fees, Pubs and Restaurants, Groceries, etc.", - "pattern": "^[\\d]{1,4}$", - "type": "string" - }, - "MiddleName": { - "title": "MiddleName", - "description": "Middle name of the Party (Name Type).", - "maxLength": 128, - "minLength": 1, - "pattern": "^(?!\\s*$)[\\w .,'-]{1,128}$", - "type": "string" - }, - "Name": { - "title": "Name", - "description": "The API data type Name is a JSON String, restricted by a regular expression to avoid characters which are generally not used in a name. Regular Expression - The regular expression for restricting the Name type is \"^(?!\\s*$)[\\w .,'-]{1,128}$\". The restriction does not allow a string consisting of whitespace only, all Unicode characters are allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) and space characters ( ). Note - In some programming languages, Unicode support must be specifically enabled. For example, if Java is used the flag UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters.", - "pattern": "^(?!\\s*$)[\\w .,'-]{1,128}$", - "type": "string" - }, - "Note": { - "title": "Note", - "description": "Memo assigned to transaction", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "OtpValue": { - "title": "OtpValue", - "description": "The API data type OtpValue is a JSON String of 3 to 10 characters, consisting of digits only. Negative numbers are not allowed. One or more leading zeros are allowed.", - "pattern": "^\\d{3,10}$", - "type": "string" - }, - "PartyIdentifier": { - "title": "PartyIdentifier", - "description": "Identifier of the Party.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "PartyIdType": { - "title": "PartyIdTypeEnum", - "description": "Below are the allowed values for the enumeration - MSISDN An MSISDN (Mobile Station International Subscriber Directory Number, that is, the phone number) is used as reference to a participant. The MSISDN identifier should be in international format according to the ITU-T E.164 standard. Optionally, the MSISDN may be prefixed by a single plus sign, indicating the international prefix. - EMAIL An email is used as reference to a participant. The format of the email should be according to the informational RFC 3696. - PERSONAL_ID A personal identifier is used as reference to a participant. Examples of personal identification are passport number, birth certificate number, and national registration number. The identifier number is added in the PartyIdentifier element. The personal identifier type is added in the PartySubIdOrType element. - BUSINESS A specific Business (for example, an organization or a company) is used as reference to a participant. The BUSINESS identifier can be in any format. To make a transaction connected to a specific username or bill number in a Business, the PartySubIdOrType element should be used. - DEVICE A specific device (for example, a POS or ATM) ID connected to a specific business or organization is used as reference to a Party. For referencing a specific device under a specific business or organization, use the PartySubIdOrType element. - ACCOUNT_ID A bank account number or FSP account ID should be used as reference to a participant. The ACCOUNT_ID identifier can be in any format, as formats can greatly differ depending on country and FSP. - IBAN A bank account number or FSP account ID is used as reference to a participant. The IBAN identifier can consist of up to 34 alphanumeric characters and should be entered without whitespace. - ALIAS An alias is used as reference to a participant. The alias should be created in the FSP as an alternative reference to an account owner. Another example of an alias is a username in the FSP system. The ALIAS identifier can be in any format. It is also possible to use the PartySubIdOrType element for identifying an account under an Alias defined by the PartyIdentifier.", - "enum": [ - "MSISDN", - "EMAIL", - "PERSONAL_ID", - "BUSINESS", - "DEVICE", - "ACCOUNT_ID", - "IBAN", - "ALIAS" - ], - "type": "string" - }, - "PartyName": { - "title": "PartyName", - "description": "Name of the Party. Could be a real name or a nickname.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "PartySubIdOrType": { - "title": "PartySubIdOrType", - "description": "Either a sub-identifier of a PartyIdentifier, or a sub-type of the PartyIdType, normally a PersonalIdentifierType.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "PersonalIdentifierType": { - "title": "PersonalIdentifierType", - "description": "Below are the allowed values for the enumeration - PASSPORT A passport number is used as reference to a Party. - NATIONAL_REGISTRATION A national registration number is used as reference to a Party. - DRIVING_LICENSE A driving license is used as reference to a Party. - ALIEN_REGISTRATION An alien registration number is used as reference to a Party. - NATIONAL_ID_CARD A national ID card number is used as reference to a Party. - EMPLOYER_ID A tax identification number is used as reference to a Party. - TAX_ID_NUMBER A tax identification number is used as reference to a Party. - SENIOR_CITIZENS_CARD A senior citizens card number is used as reference to a Party. - MARRIAGE_CERTIFICATE A marriage certificate number is used as reference to a Party. - HEALTH_CARD A health card number is used as reference to a Party. - VOTERS_ID A voter’s identification number is used as reference to a Party. - UNITED_NATIONS An UN (United Nations) number is used as reference to a Party. - OTHER_ID Any other type of identification type number is used as reference to a Party.", - "enum": [ - "PASSPORT", - "NATIONAL_REGISTRATION", - "DRIVING_LICENSE", - "ALIEN_REGISTRATION", - "NATIONAL_ID_CARD", - "EMPLOYER_ID", - "TAX_ID_NUMBER", - "SENIOR_CITIZENS_CARD", - "MARRIAGE_CERTIFICATE", - "HEALTH_CARD", - "VOTERS_ID", - "UNITED_NATIONS", - "OTHER_ID" - ], - "type": "string" - }, - "QRCODE": { - "title": "QRCODE", - "description": "QR code used as One Time Password.", - "maxLength": 64, - "minLength": 1, - "type": "string" - }, - "RefundReason": { - "title": "RefundReason", - "description": "Reason for the refund.", - "maxLength": 128, - "minLength": 1, - "type": "string" - }, - "TokenCode": { - "title": "TokenCode", - "description": "The API data type TokenCode is a JSON String between 4 and 32 characters, consisting of digits or upper or lowercase characters from a to z.", - "pattern": "^[0-9a-zA-Z]{4,32}$", - "type": "string" - }, - "TransactionInitiator": { - "title": "TransactionInitiatorEnum", - "description": "Below are the allowed values for the enumeration - PAYER Sender of funds is initiating the transaction. The account to send from is either owned by the Payer or is connected to the Payer in some way. - PAYEE Recipient of the funds is initiating the transaction by sending a transaction request. The Payer must approve the transaction, either automatically by a pre-generated OTP or by pre-approval of the Payee, or by manually approving in his or her own Device.", - "enum": [ - "PAYER", - "PAYEE" - ], - "type": "string" - }, - "TransactionInitiatorType": { - "title": "TransactionInitiatorTypeEnum", - "description": "Below are the allowed values for the enumeration - CONSUMER Consumer is the initiator of the transaction. - AGENT Agent is the initiator of the transaction. - BUSINESS Business is the initiator of the transaction. - DEVICE Device is the initiator of the transaction.", - "enum": [ - "CONSUMER", - "AGENT", - "BUSINESS", - "DEVICE" - ], - "type": "string" - }, - "TransactionRequestState": { - "title": "TransactionRequestStateEnum", - "description": "Below are the allowed values for the enumeration - RECEIVED Payer FSP has received the transaction from the Payee FSP. - PENDING Payer FSP has sent the transaction request to the Payer. - ACCEPTED Payer has approved the transaction. - REJECTED Payer has rejected the transaction.", - "enum": [ - "RECEIVED", - "PENDING", - "ACCEPTED", - "REJECTED" - ], - "type": "string" - }, - "TransactionScenario": { - "title": "TransactionScenarioEnum", - "description": "Below are the allowed values for the enumeration - DEPOSIT Used for performing a Cash-In (deposit) transaction. In a normal scenario, electronic funds are transferred from a Business account to a Consumer account, and physical cash is given from the Consumer to the Business User. - WITHDRAWAL Used for performing a Cash-Out (withdrawal) transaction. In a normal scenario, electronic funds are transferred from a Consumer’s account to a Business account, and physical cash is given from the Business User to the Consumer. - TRANSFER Used for performing a P2P (Peer to Peer, or Consumer to Consumer) transaction. - PAYMENT Usually used for performing a transaction from a Consumer to a Merchant or Organization, but could also be for a B2B (Business to Business) payment. The transaction could be online for a purchase in an Internet store, in a physical store where both the Consumer and Business User are present, a bill payment, a donation, and so on. - REFUND Used for performing a refund of transaction.", - "enum": [ - "DEPOSIT", - "WITHDRAWAL", - "TRANSFER", - "PAYMENT", - "REFUND" - ], - "type": "string" - }, - "TransactionState": { - "title": "TransactionStateEnum", - "description": "Below are the allowed values for the enumeration - RECEIVED Payee FSP has received the transaction from the Payer FSP. - PENDING Payee FSP has validated the transaction. - COMPLETED Payee FSP has successfully performed the transaction. - REJECTED Payee FSP has failed to perform the transaction.", - "enum": [ - "RECEIVED", - "PENDING", - "COMPLETED", - "REJECTED" - ], - "type": "string" - }, - "TransactionSubScenario": { - "title": "TransactionSubScenario", - "description": "Possible sub-scenario, defined locally within the scheme (UndefinedEnum Type).", - "pattern": "^[A-Z_]{1,32}$", - "type": "string" - }, - "TransferState": { - "title": "TransferStateEnum", - "description": "Below are the allowed values for the enumeration - RECEIVED Next ledger has received the transfer. - RESERVED Next ledger has reserved the transfer. - COMMITTED Next ledger has successfully performed the transfer. - ABORTED Next ledger has aborted the transfer due a rejection or failure to perform the transfer.", - "enum": [ - "RECEIVED", - "RESERVED", - "COMMITTED", - "ABORTED" - ], - "type": "string" - }, - "UndefinedEnum": { - "title": "UndefinedEnum", - "description": "The API data type UndefinedEnum is a JSON String consisting of 1 to 32 uppercase characters including an underscore character (_).", - "pattern": "^[A-Z_]{1,32}$", - "type": "string" - }, - "AuthenticationInfo": { - "title": "AuthenticationInfo", - "description": "Data model for the complex type AuthenticationInfo", - "required": [ - "authentication", - "authenticationValue" - ], - "type": "object", - "properties": { - "authentication": { - "type": "string" - }, - "authenticationValue": { - "type": "string" - } - } - }, - "AuthorizationsIDPutResponse": { - "title": "AuthorizationsIDPutResponse", - "description": "PUT /authorizations/{ID} object", - "required": [ - "responseType" - ], - "type": "object", - "properties": { - "authenticationInfo": { - "$ref": "#/definitions/AuthenticationInfo", - "description": "OTP or QR Code if entered, otherwise empty." - }, - "responseType": { - "description": "Enum containing response information; if the customer entered the authentication value, rejected the transaction, or requested a resend of the authentication value.", - "type": "string" - } - } - }, - "BulkQuotesPostRequest": { - "title": "BulkQuotesPostRequest", - "description": "POST /bulkQuotes object", - "required": [ - "bulkQuoteId", - "payer", - "individualQuotes" - ], - "type": "object", - "properties": { - "bulkQuoteId": { - "description": "Common ID between the FSPs for the bulk quote object, decided by the Payer FSP. The ID should be reused for resends of the same bulk quote. A new ID should be generated for each new bulk quote.", - "type": "string" - }, - "payer": { - "$ref": "#/definitions/Party", - "description": "Information about the Payer in the proposed financial transaction." - }, - "geoCode": { - "$ref": "#/definitions/GeoCode", - "description": "Longitude and Latitude of the initiating Party. Can be used to detect fraud." - }, - "expiration": { - "description": "Expiration is optional to let the Payee FSP know when a quote no longer needs to be returned.", - "type": "string" - }, - "individualQuotes": { - "description": "List of quotes elements.", - "maxItems": 1000, - "minItems": 1, - "type": "array", - "items": { - "$ref": "#/definitions/IndividualQuote" - } - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "BulkQuotesIDPutResponse": { - "title": "BulkQuotesIDPutResponse", - "description": "PUT /bulkQuotes/{ID} object", - "required": [ - "expiration" - ], - "type": "object", - "properties": { - "individualQuoteResults": { - "description": "Fees for each individual transaction, if any of them are charged per transaction.", - "maxItems": 1000, - "type": "array", - "items": { - "$ref": "#/definitions/IndividualQuoteResult" - } - }, - "expiration": { - "description": "Date and time until when the quotation is valid and can be honored when used in the subsequent transaction request.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "BulkTransfersPostRequest": { - "title": "BulkTransfersPostRequest", - "description": "POST /bulkTransfers object", - "required": [ - "bulkTransferId", - "bulkQuoteId", - "payerFsp", - "payeeFsp", - "individualTransfers", - "expiration" - ], - "type": "object", - "properties": { - "bulkTransferId": { - "description": "Common ID between the FSPs and the optional Switch for the bulk transfer object, decided by the Payer FSP. The ID should be reused for resends of the same bulk transfer. A new ID should be generated for each new bulk transfer.", - "type": "string" - }, - "bulkQuoteId": { - "description": "ID of the related bulk quote.", - "type": "string" - }, - "payerFsp": { - "description": "Payer FSP identifier.", - "type": "string" - }, - "payeeFsp": { - "description": "Payee FSP identifier.", - "type": "string" - }, - "individualTransfers": { - "description": "List of IndividualTransfer elements.", - "maxItems": 1000, - "minItems": 1, - "type": "array", - "items": { - "$ref": "#/definitions/IndividualTransfer" - } - }, - "expiration": { - "description": "Expiration time of the transfers.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "BulkTransfersIDPutResponse": { - "title": "BulkTransfersIDPutResponse", - "description": "PUT /bulkTransfers/{ID} object", - "required": [ - "bulkTransferState" - ], - "type": "object", - "properties": { - "completedTimestamp": { - "description": "Time and date when the bulk transaction was completed.", - "type": "string" - }, - "individualTransferResults": { - "description": "List of IndividualTransferResult elements.", - "maxItems": 1000, - "type": "array", - "items": { - "$ref": "#/definitions/IndividualTransferResult" - } - }, - "bulkTransferState": { - "description": "The state of the bulk transfer.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "ErrorInformation": { - "title": "ErrorInformation", - "description": "Data model for the complex type ErrorInformation.", - "required": [ - "errorCode", - "errorDescription" - ], - "type": "object", - "properties": { - "errorCode": { - "description": "Specific error number.", - "type": "string" - }, - "errorDescription": { - "description": "Error description string.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional list of extensions, specific to deployment." - } - } - }, - "ErrorInformationObject": { - "title": "ErrorInformationObject", - "description": "Data model for the complex type object that contains ErrorInformation.", - "required": [ - "errorInformation" - ], - "type": "object", - "properties": { - "errorInformation": { - "$ref": "#/definitions/ErrorInformation" - } - } - }, - "ErrorInformationResponse": { - "title": "ErrorInformationResponse", - "description": "Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.", - "type": "object", - "properties": { - "errorInformation": { - "$ref": "#/definitions/ErrorInformation" - } - } - }, - "Extension": { - "title": "Extension", - "description": "Data model for the complex type Extension", - "required": [ - "key", - "value" - ], - "type": "object", - "properties": { - "key": { - "description": "Extension key.", - "type": "string" - }, - "value": { - "description": "Extension value.", - "type": "string" - } - } - }, - "ExtensionList": { - "title": "ExtensionList", - "description": "Data model for the complex type ExtensionList", - "required": [ - "extension" - ], - "type": "object", - "properties": { - "extension": { - "description": "Number of Extension elements", - "maxItems": 16, - "minItems": 1, - "type": "array", - "items": { - "$ref": "#/definitions/Extension" - } - } - } - }, - "GeoCode": { - "title": "GeoCode", - "description": "Data model for the complex type GeoCode. Indicates the geographic location from where the transaction was initiated.", - "required": [ - "latitude", - "longitude" - ], - "type": "object", - "properties": { - "latitude": { - "description": "Latitude of the Party.", - "type": "string" - }, - "longitude": { - "description": "Longitude of the Party.", - "type": "string" - } - } - }, - "IndividualQuote": { - "title": "IndividualQuote", - "description": "Data model for the complex type IndividualQuote.", - "required": [ - "quoteId", - "transactionId", - "payee", - "amountType", - "amount", - "transactionType" - ], - "type": "object", - "properties": { - "quoteId": { - "description": "Identifies quote message.", - "type": "string" - }, - "transactionId": { - "description": "Identifies transaction message.", - "type": "string" - }, - "payee": { - "$ref": "#/definitions/Party", - "description": "Information about the Payee in the proposed financial transaction." - }, - "amountType": { - "description": "SEND for sendAmount, RECEIVE for receiveAmount.", - "type": "string" - }, - "amount": { - "$ref": "#/definitions/Money", - "description": "Depending on amountType - If SEND - The amount the Payer would like to send, that is, the amount that should be withdrawn from the Payer account including any fees. The amount is updated by each participating entity in the transaction. If RECEIVE - The amount the Payee should receive, that is, the amount that should be sent to the receiver exclusive any fees. The amount is not updated by any of the participating entities." - }, - "fees": { - "$ref": "#/definitions/Money", - "description": "The fees in the transaction. The fees element should be empty if fees should be non-disclosed. The fees element should be non-empty if fees should be disclosed." - }, - "transactionType": { - "$ref": "#/definitions/TransactionType", - "description": "Type of transaction that the quote is requested for." - }, - "note": { - "description": "Memo that will be attached to the transaction.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "IndividualQuoteResult": { - "title": "IndividualQuoteResult", - "description": "Data model for the complex type IndividualQuoteResult.", - "required": [ - "quoteId" - ], - "type": "object", - "properties": { - "quoteId": { - "description": "Identifies quote message.", - "type": "string" - }, - "payee": { - "$ref": "#/definitions/Party", - "description": "Information about the Payee in the proposed financial transaction." - }, - "transferAmount": { - "$ref": "#/definitions/Money", - "description": "Amount that the Payee FSP should receive." - }, - "payeeReceiveAmount": { - "$ref": "#/definitions/Money", - "description": "Amount that the Payee should receive in the end-to-end transaction. Optional as the Payee FSP might not want to disclose any optional Payee fees." - }, - "payeeFspFee": { - "$ref": "#/definitions/Money", - "description": "Payee FSP’s part of the transaction fee." - }, - "payeeFspCommission": { - "$ref": "#/definitions/Money", - "description": "Transaction commission from the Payee FSP" - }, - "ilpPacket": { - "description": "The ILP Packet that must be attached to the transfer by the Payer.", - "type": "string" - }, - "condition": { - "description": "The condition that must be attached to the transfer by the Payer.", - "type": "string" - }, - "errorInformation": { - "$ref": "#/definitions/ErrorInformation", - "description": "Error code, category description. Note - receiveAmount, payeeFspFee, payeeFspCommission, expiration, ilpPacket, condition should not be set if errorInformation is set." - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "IndividualTransfer": { - "title": "IndividualTransfer", - "description": "Data model for the complex type IndividualTransfer.", - "required": [ - "transferId", - "transferAmount", - "ilpPacket", - "condition" - ], - "type": "object", - "properties": { - "transferId": { - "description": "Identifies messages related to the same /transfers sequence.", - "type": "string" - }, - "transferAmount": { - "$ref": "#/definitions/Money", - "description": "Transaction amount to be sent." - }, - "ilpPacket": { - "description": "ILP Packet containing the amount delivered to the Payee and the ILP Address of the Payee and any other end-to-end data.", - "type": "string" - }, - "condition": { - "description": "Condition that must be fulfilled to commit the transfer.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "IndividualTransferResult": { - "title": "IndividualTransferResult", - "description": "Data model for the complex type IndividualTransferResult.", - "required": [ - "transferId" - ], - "type": "object", - "properties": { - "transferId": { - "description": "Identifies messages related to the same /transfers sequence.", - "type": "string" - }, - "fulfilment": { - "description": "Fulfilment of the condition specified with the transaction. Note - Either fulfilment or errorInformation should be set, not both.", - "type": "string" - }, - "errorInformation": { - "$ref": "#/definitions/ErrorInformation", - "description": "If transfer is REJECTED, error information may be provided. Note - Either fulfilment or errorInformation should be set, not both." - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } - }, - "InitiatorId": { - "title": "InitiatorId", - "description": "Information identifying PISP in the proposed financial transaction.", - "type": "string" - }, - "Money": { - "title": "Money", - "description": "Data model for the complex type Money.", - "required": [ - "currency", - "amount" - ], - "type": "object", - "properties": { - "currency": { - "description": "Currency of the amount.", - "type": "string" - }, - "amount": { - "description": "Amount of Money.", - "type": "string" - } - } - }, - "ParticipantsTypeIDSubIDPostRequest": { - "title": "ParticipantsTypeIDSubIDPostRequest", - "description": "POST /participants/{Type}/{ID}/{SubId}, /participants/{Type}/{ID} object", - "required": [ - "fspId" - ], - "type": "object", - "properties": { - "fspId": { - "description": "FSP Identifier that the Party belongs to.", - "type": "string" - }, - "currency": { - "description": "Indicate that the provided Currency is supported by the Party.", - "type": "string" - } - } - }, - "ParticipantsTypeIDPutResponse": { - "title": "ParticipantsTypeIDPutResponse", - "description": "PUT /participants/{Type}/{ID}/{SubId}, /participants/{Type}/{ID} object", - "type": "object", - "properties": { - "fspId": { - "description": "FSP Identifier that the Party belongs to.", - "type": "string" - } - } - }, - "ParticipantsIDPutResponse": { - "title": "ParticipantsIDPutResponse", - "description": "PUT /participants/{ID} object", - "required": [ - "partyList" - ], - "type": "object", - "properties": { - "partyList": { - "description": "List of PartyResult elements that were either created or failed to be created.", - "maxItems": 10000, - "minItems": 1, - "type": "array", - "items": { - "$ref": "#/definitions/PartyResult" - } - }, - "currency": { - "description": "Indicate that the provided Currency was set to be supported by each successfully added PartyIdInfo.", - "type": "string" - } + "/hello": { + "get": { + "produces": [ + "application/json" + ], + "tags": [ + "metrics" + ], + "responses": { + "200": { + "$ref": "#/responses/ResponseHealth200" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + }, + "operationId": "HelloGet", + "summary": "example get", + "description": "The HTTP request GET /hello is used to return some example json." + } + }, + "/consents": { + "post": { + "description": "The HTTP request `POST /consents` is used to create a consent object. \n\n- Called by `DFSP` after the succesful creation and validation of a consentRequest.\n", + "summary": "CreateConsent", + "tags": [ + "consent" + ], + "operationId": "CreateConsent", + "produces": [ + "application/json" + ], + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/Consent" } - }, - "ParticipantsPostRequest": { - "title": "ParticipantsPostRequest", - "description": "POST /participants object", - "required": [ - "requestId", - "partyList" + }, + { + "$ref": "#/parameters/Content-Length" + }, + { + "$ref": "#/parameters/Content-Type" + }, + { + "$ref": "#/parameters/Date" + }, + { + "$ref": "#/parameters/X-Forwarded-For" + }, + { + "$ref": "#/parameters/FSPIOP-Source" + }, + { + "$ref": "#/parameters/FSPIOP-Destination" + }, + { + "$ref": "#/parameters/FSPIOP-Encryption" + }, + { + "$ref": "#/parameters/FSPIOP-Signature" + }, + { + "$ref": "#/parameters/FSPIOP-URI" + }, + { + "$ref": "#/parameters/FSPIOP-HTTP-Method" + } + ], + "x-examples": { + "application/json": { + "id": "123", + "requestId": "456", + "initiatorId": "pispa", + "participantId": "dfspa", + "scopes": [ + { + "scope": "account.balanceInquiry", + "accountId": "dfspa.alice.1234" + }, + { + "scope": "account.sendTransfer", + "accountId": "dfspa.alice.1234" + }, + { + "scope": "account.sendTransfer", + "accountId": "dfspa.alice.5678" + } ], - "type": "object", - "properties": { - "requestId": { - "description": "The ID of the request, decided by the client. Used for identification of the callback from the server.", - "type": "string" - }, - "partyList": { - "description": "List of PartyIdInfo elements that the client would like to update or create FSP information about.", - "maxItems": 10000, - "minItems": 1, - "type": "array", - "items": { - "$ref": "#/definitions/PartyIdInfo" - } - }, - "currency": { - "description": "Indicate that the provided Currency is supported by each PartyIdInfo in the list.", - "type": "string" - } - } + "credential": null + } + }, + "responses": { + "202": { + "$ref": "#/responses/Response202" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + } + } + }, + "/consents/{ID}": { + "parameters": [ + { + "$ref": "#/parameters/ID" }, - "Party": { - "title": "Party", - "description": "Data model for the complex type Party.", - "required": [ - "partyIdInfo" - ], - "type": "object", - "properties": { - "partyIdInfo": { - "$ref": "#/definitions/PartyIdInfo", - "description": "Party Id type, id, sub ID or type, and FSP Id." - }, - "merchantClassificationCode": { - "description": "Used in the context of Payee Information, where the Payee happens to be a merchant accepting merchant payments.", - "type": "string" - }, - "name": { - "description": "Display name of the Party, could be a real name or a nick name.", - "type": "string" - }, - "personalInfo": { - "$ref": "#/definitions/PartyPersonalInfo", - "description": "Personal information used to verify identity of Party such as first, middle, last name and date of birth." - } - } + { + "$ref": "#/parameters/Content-Type" }, - "PartyComplexName": { - "title": "PartyComplexName", - "description": "Data model for the complex type PartyComplexName.", - "type": "object", - "properties": { - "firstName": { - "description": "Party’s first name.", - "type": "string" - }, - "middleName": { - "description": "Party’s middle name.", - "type": "string" - }, - "lastName": { - "description": "Party’s last name.", - "type": "string" - } - } + { + "$ref": "#/parameters/Date" }, - "PartyIdInfo": { - "title": "PartyIdInfo", - "description": "Data model for the complex type PartyIdInfo.", - "required": [ - "partyIdType", - "partyIdentifier" - ], - "type": "object", - "properties": { - "partyIdType": { - "description": "Type of the identifier.", - "type": "string" - }, - "partyIdentifier": { - "description": "An identifier for the Party.", - "type": "string" - }, - "partySubIdOrType": { - "description": "A sub-identifier or sub-type for the Party.", - "type": "string" - }, - "fspId": { - "description": "FSP ID (if known)", - "type": "string" - } - } + { + "$ref": "#/parameters/X-Forwarded-For" }, - "PartiesTypeIDPutResponse": { - "title": "PartiesTypeIDPutResponse", - "description": "PUT /parties/{Type}/{ID} object", - "required": [ - "party" - ], - "type": "object", - "properties": { - "party": { - "$ref": "#/definitions/Party", - "description": "Information regarding the requested Party." - } - } + { + "$ref": "#/parameters/FSPIOP-Source" }, - "PartyPersonalInfo": { - "title": "PartyPersonalInfo", - "description": "Data model for the complex type PartyPersonalInfo.", - "type": "object", - "properties": { - "complexName": { - "$ref": "#/definitions/PartyComplexName", - "description": "First, middle and last name for the Party." - }, - "dateOfBirth": { - "description": "Date of birth for the Party.", - "type": "string" - } - } + { + "$ref": "#/parameters/FSPIOP-Destination" }, - "PartyResult": { - "title": "PartyResult", - "description": "Data model for the complex type PartyResult.", - "required": [ - "partyId" - ], - "type": "object", - "properties": { - "partyId": { - "$ref": "#/definitions/PartyIdInfo", - "description": "Party Id type, id, sub ID or type, and FSP Id." - }, - "errorInformation": { - "$ref": "#/definitions/ErrorInformation", - "description": "If the Party failed to be added, error information should be provided. Otherwise, this parameter should be empty to indicate success." - } - } + { + "$ref": "#/parameters/FSPIOP-Encryption" }, - "PayerKeyHandle": { - "title": "PayerKeyHandle", - "description": "Information identifying registered U2F key with payer FSP.", - "type": "string" + { + "$ref": "#/parameters/FSPIOP-Signature" }, - "QuotesPostRequest": { - "title": "QuotesPostRequest", - "description": "POST /quotes object", - "required": [ - "quoteId", - "transactionId", - "payee", - "payer", - "amountType", - "amount", - "transactionType" - ], - "type": "object", - "properties": { - "quoteId": { - "description": "Common ID between the FSPs for the quote object, decided by the Payer FSP. The ID should be reused for resends of the same quote for a transaction. A new ID should be generated for each new quote for a transaction.", - "type": "string" - }, - "transactionId": { - "description": "Common ID (decided by the Payer FSP) between the FSPs for the future transaction object. The actual transaction will be created as part of a successful transfer process. The ID should be reused for resends of the same quote for a transaction. A new ID should be generated for each new quote for a transaction.", - "type": "string" - }, - "transactionRequestId": { - "description": "Identifies an optional previously-sent transaction request.", - "type": "string" - }, - "payee": { - "$ref": "#/definitions/Party", - "description": "Information about the Payee in the proposed financial transaction." - }, - "payer": { - "$ref": "#/definitions/Party", - "description": "Information about the Payer in the proposed financial transaction." - }, - "amountType": { - "description": "SEND for send amount, RECEIVE for receive amount.", - "type": "string" - }, - "amount": { - "$ref": "#/definitions/Money", - "description": "Depending on amountType. If SEND - The amount the Payer would like to send, that is, the amount that should be withdrawn from the Payer account including any fees. The amount is updated by each participating entity in the transaction. If RECEIVE - The amount the Payee should receive, that is, the amount that should be sent to the receiver exclusive any fees. The amount is not updated by any of the participating entities." - }, - "fees": { - "$ref": "#/definitions/Money", - "description": "The fees in the transaction. The fees element should be empty if fees should be non-disclosed. The fees element should be non-empty if fees should be disclosed." - }, - "transactionType": { - "$ref": "#/definitions/TransactionType", - "description": "Type of transaction for which the quote is requested." - }, - "geoCode": { - "$ref": "#/definitions/GeoCode", - "description": "Longitude and Latitude of the initiating Party. Can be used to detect fraud." - }, - "note": { - "description": "A memo that will be attached to the transaction.", - "type": "string" - }, - "expiration": { - "description": "Expiration is optional. It can be set to get a quick failure in case the peer FSP takes too long to respond. Also, it may be beneficial for Consumer, Agent, and Merchant to know that their request has a time limit.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } + { + "$ref": "#/parameters/FSPIOP-URI" }, - "QuotesIDPutResponse": { - "title": "QuotesIDPutResponse", - "description": "PUT /quotes/{ID} object", - "required": [ - "transferAmount", - "expiration", - "ilpPacket", - "condition" - ], - "type": "object", - "properties": { - "transferAmount": { - "$ref": "#/definitions/Money", - "description": "The amount of money that the Payee FSP should receive." - }, - "payeeReceiveAmount": { - "$ref": "#/definitions/Money", - "description": "The amount of Money that the Payee should receive in the end-to-end transaction. Optional as the Payee FSP might not want to disclose any optional Payee fees." - }, - "payeeFspFee": { - "$ref": "#/definitions/Money", - "description": "Payee FSP’s part of the transaction fee." - }, - "payeeFspCommission": { - "$ref": "#/definitions/Money", - "description": "Transaction commission from the Payee FSP." - }, - "expiration": { - "description": "Date and time until when the quotation is valid and can be honored when used in the subsequent transaction.", - "type": "string" - }, - "geoCode": { - "$ref": "#/definitions/GeoCode", - "description": "Longitude and Latitude of the Payee. Can be used to detect fraud." - }, - "ilpPacket": { - "description": "The ILP Packet that must be attached to the transfer by the Payer.", - "type": "string" - }, - "condition": { - "description": "The condition that must be attached to the transfer by the Payer.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } + { + "$ref": "#/parameters/FSPIOP-HTTP-Method" + } + ], + "get": { + "description": "The HTTP request `GET /consents/{ID}` is used to get information regarding a consent object created or requested earlier. The `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`.\n", + "summary": "GetConsent", + "tags": [ + "consent" + ], + "operationId": "GetConsent", + "parameters": [ + { + "$ref": "#/parameters/Accept" + } + ], + "responses": { + "202": { + "$ref": "#/responses/Response202" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + } + }, + "put": { + "description": "The HTTP request `PUT /consents/{ID}` is used to update a specified consent object. \nThe `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`.\n\n- Called by a `auth-service` to add the credential details\n\n- Called by a `PISP` to add a signature of the challenge\n", + "summary": "UpdateConsent", + "tags": [ + "consent" + ], + "operationId": "UpdateConsent", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/Consent" } - }, - "Refund": { - "title": "Refund", - "description": "Data model for the complex type Refund.", - "required": [ - "originalTransactionId" + }, + { + "$ref": "#/parameters/Content-Length" + } + ], + "x-examples": { + "application/json": { + "requestId": "456", + "initiatorId": "dfspa", + "participantId": "pispa", + "scopes": [ + { + "scope": "account.balanceInquiry", + "accountId": "dfspa.alice.1234" + }, + { + "scope": "account.sendTransfer", + "accountId": "dfspa.alice.1234" + }, + { + "scope": "account.sendTransfer", + "accountId": "dfspa.alice.5678" + } ], - "type": "object", - "properties": { - "originalTransactionId": { - "description": "Reference to the original transaction ID that is requested to be refunded.", - "type": "string" - }, - "refundReason": { - "description": "Free text indicating the reason for the refund.", - "type": "string" - } + "credential": { + "id": "5678", + "credentialType": "FIDO", + "credentialStatus": "ACTIVE", + "challenge": { + "payload": "base64(...)", + "signature": "base64(...)" + }, + "payload": "base64(...)" } - }, - "Status": { - "title": "Status", - "description": "Data model for the api status.", - "type": "object", - "properties": { - "status": { - "description": "The return status, usually \"OK\"", - "type": "string" - }, - "uptime": { - "description": "The amount of time in seconds that the server has been up for.", - "type": "number" - }, - "startTime": { - "description": "The UTC time that the server started up", - "type": "string" - }, - "versionNumber": { - "description": "Current version of the API", - "type": "string" - }, - "services": { - "description": "An list of the statuses of services that the API requires", - "type": "array", - "items": {} - } + } + }, + "responses": { + "202": { + "$ref": "#/responses/Response202" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + } + } + }, + "/consents/{ID}/generateChallenge": { + "post": { + "description": "The HTTP request `POST /consents/{ID}/generateChallenge` is used to create a credential for the given Consent object. \nThe `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`.\n\n- Called by a `PISP` to request a challenge from the `auth-service`, which will be returned to the PISP via `PUT /consents/{ID}`\n", + "summary": "GenerateChallengeRequest", + "tags": [ + "consent" + ], + "operationId": "GenerateChallengeRequest", + "parameters": [ + { + "$ref": "#/parameters/ID" + }, + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/GenerateChallengeRequest" } - }, - "Transaction": { - "title": "Transaction", - "description": "Data model for the complex type Transaction. The Transaction type is used to carry end-to-end data between the Payer FSP and the Payee FSP in the ILP Packet. Both the transactionId and the quoteId in the data model are decided by the Payer FSP in the POST /quotes.", - "required": [ - "transactionId", - "quoteId", - "payee", - "payer", - "amount", - "transactionType" - ], - "type": "object", - "properties": { - "transactionId": { - "description": "ID of the transaction, the ID is decided by the Payer FSP during the creation of the quote.", - "type": "string" - }, - "quoteId": { - "description": "ID of the quote, the ID is decided by the Payer FSP during the creation of the quote.", - "type": "string" - }, - "payee": { - "$ref": "#/definitions/Party", - "description": "Information about the Payee in the proposed financial transaction." - }, - "payer": { - "$ref": "#/definitions/Party", - "description": "Information about the Payer in the proposed financial transaction." - }, - "amount": { - "$ref": "#/definitions/Money", - "description": "Transaction amount to be sent." - }, - "transactionType": { - "$ref": "#/definitions/TransactionType", - "description": "Type of the transaction." - }, - "note": { - "description": "Memo associated to the transaction, intended to the Payee.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } + }, + { + "$ref": "#/parameters/Content-Length" + }, + { + "$ref": "#/parameters/Content-Type" + }, + { + "$ref": "#/parameters/Date" + }, + { + "$ref": "#/parameters/X-Forwarded-For" + }, + { + "$ref": "#/parameters/FSPIOP-Source" + }, + { + "$ref": "#/parameters/FSPIOP-Destination" + }, + { + "$ref": "#/parameters/FSPIOP-Encryption" + }, + { + "$ref": "#/parameters/FSPIOP-Signature" + }, + { + "$ref": "#/parameters/FSPIOP-URI" + }, + { + "$ref": "#/parameters/FSPIOP-HTTP-Method" + } + ], + "x-examples": { + "application/json": {} + }, + "responses": { + "202": { + "$ref": "#/responses/Response202" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + } + } + }, + "/thirdPartyRequests/transactions/{ID}/authorizations": { + "post": { + "description": "The HTTP request `POST /thirdPartyRequests/transactions/{id}/authorizations` is called by\nthe DFSP to check that a ThirdPartyRequest is valid\n", + "summary": "ThirdpartyAuthorizationRequest", + "tags": [ + "thirdPartyRequests" + ], + "operationId": "VerifyThirdPartyAuthorization", + "parameters": [ + { + "$ref": "#/parameters/ID" + }, + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/ThirdPartyAuthorizationRequest" } - }, - "TransactionRequestsIDPutResponse": { - "title": "TransactionRequestsIDPutResponse", - "description": "PUT /transactionRequests/{ID} object", - "required": [ - "transactionRequestState" - ], - "type": "object", - "properties": { - "transactionId": { - "description": "Identifies a related transaction (if a transaction has been created).", - "type": "string" - }, - "transactionRequestState": { - "description": "State of the transaction request.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } + }, + { + "$ref": "#/parameters/Accept" + }, + { + "$ref": "#/parameters/Content-Length" + }, + { + "$ref": "#/parameters/Content-Type" + }, + { + "$ref": "#/parameters/Date" + }, + { + "$ref": "#/parameters/X-Forwarded-For" + }, + { + "$ref": "#/parameters/FSPIOP-Source" + }, + { + "$ref": "#/parameters/FSPIOP-Destination" + }, + { + "$ref": "#/parameters/FSPIOP-Encryption" + }, + { + "$ref": "#/parameters/FSPIOP-Signature" + }, + { + "$ref": "#/parameters/FSPIOP-URI" + }, + { + "$ref": "#/parameters/FSPIOP-HTTP-Method" + } + ], + "x-examples": { + "application/json": { + "challenge": "", + "value": "", + "consentId": "111", + "sourceAccountId": "dfspa.1111-2222", + "status": "PENDING" + } + }, + "responses": { + "202": { + "$ref": "#/responses/Response202" + }, + "400": { + "$ref": "#/responses/ErrorResponse400" + }, + "401": { + "$ref": "#/responses/ErrorResponse401" + }, + "403": { + "$ref": "#/responses/ErrorResponse403" + }, + "404": { + "$ref": "#/responses/ErrorResponse404" + }, + "405": { + "$ref": "#/responses/ErrorResponse405" + }, + "406": { + "$ref": "#/responses/ErrorResponse406" + }, + "501": { + "$ref": "#/responses/ErrorResponse501" + }, + "503": { + "$ref": "#/responses/ErrorResponse503" + } + } + } + } + }, + "definitions": { + "AccountAddress": { + "title": "AccountAddress", + "type": "string", + "description": "Unique routable address which is DFSP specific.", + "pattern": "^([0-9A-Za-z_~\\-\\.]+[0-9A-Za-z_~\\-])$", + "minLength": 1, + "maxLength": 1023 + }, + "AccountId": { + "type": "string", + "description": "A long-lived account identifier provided by the DFSP this MUST NOT be Bank Account Number or anything that may expose a User's private bank account information\n" + }, + "AuthScopesEnum": { + "title": "AuthScopesEnum", + "type": "string", + "enum": [ + "accounts.getBalance", + "accounts.transfer" + ], + "description": "The scopes requested for a ConsentRequest\n- \"accounts.getBalance\" - Get the balance of a given account\n- \"accounts.transfer\" - initiate a transfer from an account\n" + }, + "Consent": { + "title": "Consent", + "type": "object", + "description": "Data model for the complex type Consent", + "properties": { + "id": { + "allOf": [ + { + "$ref": "#/definitions/CorrelationId" } + ], + "description": "Common ID between the PISP and FSP for the Consent object decided by the DFSP who creates the Consent\nThis field is REQUIRED for POST /consent\n" }, - "TransactionsIDPutResponse": { - "title": "TransactionsIDPutResponse", - "description": "PUT /transactions/{ID} object", - "required": [ - "transactionState" - ], - "type": "object", - "properties": { - "completedTimestamp": { - "description": "Time and date when the transaction was completed.", - "type": "string" - }, - "transactionState": { - "description": "State of the transaction.", - "type": "string" - }, - "code": { - "description": "Optional redemption information provided to Payer after transaction has been completed.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } + "requestId": { + "allOf": [ + { + "$ref": "#/definitions/CorrelationId" } + ], + "description": "The id of the ConsentRequest that was used to initiate the creation of this Consent\n" }, - "TransactionType": { - "title": "TransactionType", - "description": "Data model for the complex type TransactionType.", - "required": [ - "scenario", - "initiator", - "initiatorType" - ], - "type": "object", - "properties": { - "scenario": { - "description": "Deposit, withdrawal, refund, …", - "type": "string" - }, - "subScenario": { - "description": "Possible sub-scenario, defined locally within the scheme.", - "type": "string" - }, - "initiator": { - "description": "Who is initiating the transaction - Payer or Payee", - "type": "string" - }, - "initiatorType": { - "description": "Consumer, agent, business, …", - "type": "string" - }, - "refundInfo": { - "$ref": "#/definitions/Refund", - "description": "Extra information specific to a refund scenario. Should only be populated if scenario is REFUND" - }, - "balanceOfPayments": { - "description": "Balance of Payments code.", - "type": "string" - } - } + "participantId": { + "$ref": "#/definitions/FspId" }, - "TransfersPostRequest": { - "title": "TransfersPostRequest", - "description": "POST /transfers Request object", - "required": [ - "transferId", - "payeeFsp", - "payerFsp", - "amount", - "ilpPacket", - "condition", - "expiration" - ], - "type": "object", - "properties": { - "transferId": { - "description": "The common ID between the FSPs and the optional Switch for the transfer object, decided by the Payer FSP. The ID should be reused for resends of the same transfer. A new ID should be generated for each new transfer.", - "type": "string" - }, - "payeeFsp": { - "description": "Payee FSP in the proposed financial transaction.", - "type": "string" - }, - "payerFsp": { - "description": "Payer FSP in the proposed financial transaction.", - "type": "string" - }, - "amount": { - "$ref": "#/definitions/Money", - "description": "The transfer amount to be sent." - }, - "ilpPacket": { - "description": "The ILP Packet containing the amount delivered to the Payee and the ILP Address of the Payee and any other end-to-end data.", - "type": "string" - }, - "condition": { - "description": "The condition that must be fulfilled to commit the transfer.", - "type": "string" - }, - "expiration": { - "description": "Expiration can be set to get a quick failure expiration of the transfer. The transfer should be rolled back if no fulfilment is delivered before this time.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } + "initiatorId": { + "allOf": [ + { + "$ref": "#/definitions/FspId" } + ], + "description": "PISP identifier who uses this Consent" }, - "TransactionRequestsPostRequest": { - "title": "TransactionRequestsPostRequest", - "description": "POST /transactionRequests object", - "required": [ - "transactionRequestId", - "payee", - "payer", - "amount", - "transactionType" - ], - "type": "object", - "properties": { - "transactionRequestId": { - "description": "Common ID between the FSPs for the transaction request object, decided by the Payee FSP. The ID should be reused for resends of the same transaction request. A new ID should be generated for each new transaction request.", - "type": "string" - }, - "payee": { - "$ref": "#/definitions/Party", - "description": "Information about the Payee in the proposed financial transaction." - }, - "payer": { - "$ref": "#/definitions/PartyIdInfo", - "description": "Information about the Payer type, id, sub-type/id, FSP Id in the proposed financial transaction." - }, - "initiatorId": { - "$ref": "#/definitions/InitiatorId", - "description": "Information identifying PISP in the proposed financial transaction." - }, - "payerKeyHandle": { - "$ref": "#/definitions/PayerKeyHandle", - "description": "Information identifying registered U2F key with payer FSP." - }, - "amount": { - "$ref": "#/definitions/Money", - "description": "Requested amount to be transferred from the Payer to Payee." - }, - "transactionType": { - "$ref": "#/definitions/TransactionType", - "description": "Type of transaction." - }, - "note": { - "description": "Reason for the transaction request, intended to the Payer.", - "type": "string" - }, - "geoCode": { - "$ref": "#/definitions/GeoCode", - "description": "Longitude and Latitude of the initiating Party. Can be used to detect fraud." - }, - "authenticationType": { - "description": "OTP or QR or U2F Code, otherwise empty.", - "$ref": "#/definitions/AuthenticationType" - }, - "expiration": { - "description": "Can be set to get a quick failure in case the peer FSP takes too long to respond. Also, it may be beneficial for Consumer, Agent, Merchant to know that their request has a time limit.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } + "scopes": { + "type": "array", + "items": { + "$ref": "#/definitions/Scope" + } }, - "TransfersIDPutResponse": { - "title": "TransfersIDPutResponse", - "description": "PUT /transfers/{ID} object", - "required": [ - "transferState" - ], - "type": "object", - "properties": { - "fulfilment": { - "description": "Fulfilment of the condition specified with the transaction. Mandatory if transfer has completed successfully.", - "type": "string" - }, - "completedTimestamp": { - "description": "Time and date when the transaction was completed.", - "type": "string" - }, - "transferState": { - "description": "State of the transfer.", - "type": "string" - }, - "extensionList": { - "$ref": "#/definitions/ExtensionList", - "description": "Optional extension, specific to deployment." - } - } + "credential": { + "$ref": "#/definitions/Credential" } + } }, - "parameters": { - "Accept": { - "name": "accept", - "description": "The Accept header field indicates the version of the API the client would like the server to use.", - "in": "header", - "required": true, - "type": "string" - }, + "Credential": { + "title": "Credential", + "type": "object", + "description": "A credential used to allow a user to prove their identity and access to an account with a DFSP\n", + "properties": { + "id": { + "type": "string", + "description": "The id of a Credential" + }, + "type": { + "$ref": "#/definitions/CredentialTypeEnum" + }, + "status": { + "$ref": "#/definitions/CredentialStatusEnum" + }, + "challenge": { + "$ref": "#/definitions/CredentialChallenge" + }, + "payload": { + "type": "string", + "description": "Base64 encoded bytes - The public key of the Public/Private keypair" + } + }, + "required": [ + "id", + "type", + "status" + ] + }, + "GenerateChallengeRequest": { + "title": "GenerateChallengeRequest", + "type": "object", + "description": "A credential used to allow a user to prove their identity and access to an account with a DFSP\n", + "properties": { + "type": { + "$ref": "#/definitions/CredentialTypeEnum" + } + }, + "required": [ + "type" + ] + }, + "CredentialChallenge": { + "title": "CredentialChallenge", + "type": "object", + "description": "The challenge issued by a DFSP that must be answered by the PISP\n", + "properties": { + "payload": { + "type": "string", + "description": "Base64 encoded binary of the challenge that must be answered by the PISP" + }, + "signature": { + "type": "string", + "description": "Base64 enoded binary string or result of the payload signed by the PISP using the private key" + } + }, + "required": [ + "payload" + ] + }, + "CredentialStatusEnum": { + "title": "CredentialStatus", + "type": "string", + "enum": [ + "PENDING", + "ACTIVE" + ], + "description": "The status of the Credential's creation\n- \"PENDING\" - The PISP has requested a challenge, or the challenge has initialized but not yet answered by the PISP\n- \"ACTIVE\" - The Credential is valid, and ready to be used by the PISP\n" + }, + "CredentialTypeEnum": { + "title": "CredentialTypeEnum", + "type": "string", + "enum": [ + "FIDO" + ], + "description": "The type of the Credential\n- \"FIDO\" - A FIDO public/private keypair\n" + }, + "Scope": { + "title": "Scope", + "type": "object", + "description": "Scope + Account Identifier mapping for a Consent", + "properties": { + "scope": { + "$ref": "#/definitions/AuthScopesEnum" + }, + "accountId": { + "$ref": "#/definitions/AccountId" + } + }, + "required": [ + "scope", + "accountId" + ] + }, + "ThirdPartyAuthorizationRequest": { + "title": "ThirdPartyAuthorizationRequest", + "type": "object", + "description": "The Request object for verifying an authorization", + "properties": { + "challenge": { + "type": "string", + "description": "The original Challenge Object as a JSON string" + } + }, + "required": [ + "challenge" + ] + }, + "BinaryString": { + "description": "The API data type BinaryString is a JSON String. The string is a base64url encoding of a string of raw bytes, where padding (character ‘=’) is added at the end of the data if needed to ensure that the string is a multiple of 4 characters. The length restriction indicates the allowed number of characters.", + "pattern": "^[A-Za-z0-9-_]+[=]{0,2}$", + "type": "string" + }, + "BinaryString32": { + "description": "The API data type BinaryString32 is a fixed size version of the API data type BinaryString, where the raw underlying data is always of 32 bytes. The data type BinaryString32 should not use a padding character as the size of the underlying data is fixed.", + "pattern": "^[A-Za-z0-9-_]{43}$", + "type": "string" + }, + "CorrelationId": { + "title": "CorrelationId", + "description": "Identifier that correlates all messages of the same sequence. The API data type UUID (Universally Unique Identifier) is a JSON String in canonical format, conforming to RFC 4122, that is restricted by a regular expression for interoperability reasons. An UUID is always 36 characters long, 32 hexadecimal symbols and 4 dashes (‘-‘).", + "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$", + "type": "string" + }, + "Date": { + "title": "Date", + "description": "The API data type Date is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. This format, as specified in ISO 8601, contains a date only. A more readable version of the format is yyyy-MM-dd. Examples - \"1982-05-23\", \"1987-08-05”", + "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$", + "type": "string" + }, + "DateTime": { + "title": "DateTime", + "description": "The API data type DateTime is a JSON String in a lexical format that is restricted by a regular expression for interoperability reasons. The format is according to ISO 8601, expressed in a combined date, time and time zone format. A more readable version of the format is yyyy-MM-ddTHH:mm:ss.SSS[-HH:MM]. Examples - \"2016-05-24T08:38:08.699-04:00\", \"2016-05-24T08:38:08.699Z\" (where Z indicates Zulu time zone, same as UTC).", + "pattern": "^(?:[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\\d|2[0-3]):[0-5]\\d:[0-5]\\d(?:(\\.\\d{3}))(?:Z|[+-][01]\\d:[0-5]\\d)$", + "type": "string" + }, + "ErrorCode": { + "title": "ErrorCode", + "description": "The API data type ErrorCode is a JSON String of four characters, consisting of digits only. Negative numbers are not allowed. A leading zero is not allowed. Each error code in the API is a four-digit number, for example, 1234, where the first number (1 in the example) represents the high-level error category, the second number (2 in the example) represents the low-level error category, and the last two numbers (34 in the example) represents the specific error.", + "pattern": "^[1-9]\\d{3}$", + "type": "string" + }, + "ErrorDescription": { + "title": "ErrorDescription", + "description": "Error description string.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "ExtensionKey": { + "title": "ExtensionKey", + "description": "Extension key.", + "maxLength": 32, + "minLength": 1, + "type": "string" + }, + "ExtensionValue": { + "title": "ExtensionValue", + "description": "Extension value.", + "maxLength": 128, + "minLength": 1, + "type": "string" + }, + "FspId": { + "title": "FspId", + "description": "FSP identifier.", + "maxLength": 32, + "minLength": 1, + "type": "string" + }, + "Integer": { + "title": "Integer", + "description": "The API data type Integer is a JSON String consisting of digits only. Negative numbers and leading zeroes are not allowed. The data type is always limited to a specific number of digits.", + "pattern": "^[1-9]\\d*$", + "type": "string" + }, + "ErrorInformation": { + "title": "ErrorInformation", + "description": "Data model for the complex type ErrorInformation.", + "required": [ + "errorCode", + "errorDescription" + ], + "type": "object", + "properties": { + "errorCode": { + "description": "Specific error number.", + "type": "string" + }, + "errorDescription": { + "description": "Error description string.", + "type": "string" + }, + "extensionList": { + "$ref": "#/definitions/ExtensionList", + "description": "Optional list of extensions, specific to deployment." + } + } + }, + "ErrorInformationObject": { + "title": "ErrorInformationObject", + "description": "Data model for the complex type object that contains ErrorInformation.", + "required": [ + "errorInformation" + ], + "type": "object", + "properties": { + "errorInformation": { + "$ref": "#/definitions/ErrorInformation" + } + } + }, + "ErrorInformationResponse": { + "title": "ErrorInformationResponse", + "description": "Data model for the complex type object that contains an optional element ErrorInformation used along with 4xx and 5xx responses.", + "type": "object", + "properties": { + "errorInformation": { + "$ref": "#/definitions/ErrorInformation" + } + } + }, + "Extension": { + "title": "Extension", + "description": "Data model for the complex type Extension", + "required": [ + "key", + "value" + ], + "type": "object", + "properties": { + "key": { + "description": "Extension key.", + "type": "string" + }, + "value": { + "description": "Extension value.", + "type": "string" + } + } + }, + "ExtensionList": { + "title": "ExtensionList", + "description": "Data model for the complex type ExtensionList", + "required": [ + "extension" + ], + "type": "object", + "properties": { + "extension": { + "description": "Number of Extension elements", + "maxItems": 16, + "minItems": 1, + "type": "array", + "items": { + "$ref": "#/definitions/Extension" + } + } + } + }, + "Status": { + "title": "Status", + "description": "Data model for the api status.", + "type": "object", + "properties": { + "status": { + "description": "The return status, usually \"OK\"", + "type": "string" + }, + "uptime": { + "description": "The amount of time in seconds that the server has been up for.", + "type": "number" + }, + "startTime": { + "description": "The UTC time that the server started up", + "type": "string" + }, + "versionNumber": { + "description": "Current version of the API", + "type": "string" + }, + "services": { + "description": "An list of the statuses of services that the API requires", + "type": "array", + "items": {} + } + } + } + }, + "parameters": { + "Accept": { + "name": "accept", + "description": "The Accept header field indicates the version of the API the client would like the server to use.", + "in": "header", + "required": true, + "type": "string" + }, + "Content-Length": { + "name": "content-length", + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. Note - The API supports a maximum size of 5242880 bytes (5 Megabytes)", + "in": "header", + "required": false, + "type": "integer" + }, + "Content-Type": { + "name": "content-type", + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "in": "header", + "required": true, + "type": "string" + }, + "Date": { + "name": "date", + "description": "The Date header field indicates the date when the request was sent.", + "in": "header", + "required": true, + "type": "string" + }, + "X-Forwarded-For": { + "name": "x-forwarded-for", + "description": "The X-Forwarded-For header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple X-Forwarded-For values as in the example shown here should be expected and supported by implementers of the API. Note - An alternative to X-Forwarded-For is defined in RFC 7239. However, to this point RFC 7239 is less-used and supported than X-Forwarded-For.", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-Source": { + "name": "fspiop-source", + "description": "The FSPIOP-Source header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field FSPIOP-Signature).", + "in": "header", + "required": true, + "type": "string" + }, + "FSPIOP-Destination": { + "name": "fspiop-destination", + "description": "The FSPIOP-Destination header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field should be set by the original sender of the request (if known), so that any entities between the client and the server do not need to parse the payload for routing purposes.", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-Originator": { + "name": "fspiop-originator", + "description": "The FSPIOP-Originator header field is a non-HTTP standard field used by the API for HTTP header based routing and verification of requests originated from PISP participant. The field should be set by the original PISP sender of the request (if known) to clearly identify that PISP is request's originator", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-Encryption": { + "name": "fspiop-encryption", + "description": "The FSPIOP-Encryption header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-Signature": { + "name": "fspiop-signature", + "description": "The FSPIOP-Signature header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-URI": { + "name": "fspiop-uri", + "description": "The FSPIOP-URI header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information see API Signature document.", + "in": "header", + "required": false, + "type": "string" + }, + "FSPIOP-HTTP-Method": { + "name": "fspiop-http-method", + "description": "The FSPIOP-HTTP-Method header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information see API Signature document.", + "in": "header", + "required": false, + "type": "string" + }, + "ID": { + "name": "ID", + "in": "path", + "required": true, + "type": "string" + }, + "Type": { + "name": "Type", + "in": "path", + "required": true, + "type": "string" + }, + "SubId": { + "name": "SubId", + "in": "path", + "required": true, + "type": "string" + } + }, + "responses": { + "ResponseHealth200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Status" + } + }, + "ResponseHello200": { + "description": "example hello-word response", + "schema": { + "type": "object", + "properties": { + "hello": { + "type": "string" + } + } + } + }, + "Response200": { + "description": "OK" + }, + "Response202": { + "description": "Accepted" + }, + "ErrorResponse400": { + "description": "Bad Request - The application cannot process the request; for example, due to malformed syntax or the payload exceeded size restrictions.", + "headers": { "Content-Length": { - "name": "content-length", - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body. Note - The API supports a maximum size of 5242880 bytes (5 Megabytes)", - "in": "header", - "required": false, - "type": "integer" + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, "Content-Type": { - "name": "content-type", - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "in": "header", - "required": true, - "type": "string" - }, - "Date": { - "name": "date", - "description": "The Date header field indicates the date when the request was sent.", - "in": "header", - "required": true, - "type": "string" - }, - "X-Forwarded-For": { - "name": "x-forwarded-for", - "description": "The X-Forwarded-For header field is an unofficially accepted standard used for informational purposes of the originating client IP address, as a request might pass multiple proxies, firewalls, and so on. Multiple X-Forwarded-For values as in the example shown here should be expected and supported by implementers of the API. Note - An alternative to X-Forwarded-For is defined in RFC 7239. However, to this point RFC 7239 is less-used and supported than X-Forwarded-For.", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-Source": { - "name": "fspiop-source", - "description": "The FSPIOP-Source header field is a non-HTTP standard field used by the API for identifying the sender of the HTTP request. The field should be set by the original sender of the request. Required for routing and signature verification (see header field FSPIOP-Signature).", - "in": "header", - "required": true, - "type": "string" - }, - "FSPIOP-Destination": { - "name": "fspiop-destination", - "description": "The FSPIOP-Destination header field is a non-HTTP standard field used by the API for HTTP header based routing of requests and responses to the destination. The field should be set by the original sender of the request (if known), so that any entities between the client and the server do not need to parse the payload for routing purposes.", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-Originator": { - "name": "fspiop-originator", - "description": "The FSPIOP-Originator header field is a non-HTTP standard field used by the API for HTTP header based routing and verification of requests originated from PISP participant. The field should be set by the original PISP sender of the request (if known) to clearly identify that PISP is request's originator", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-Encryption": { - "name": "fspiop-encryption", - "description": "The FSPIOP-Encryption header field is a non-HTTP standard field used by the API for applying end-to-end encryption of the request.", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-Signature": { - "name": "fspiop-signature", - "description": "The FSPIOP-Signature header field is a non-HTTP standard field used by the API for applying an end-to-end request signature.", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-URI": { - "name": "fspiop-uri", - "description": "The FSPIOP-URI header field is a non-HTTP standard field used by the API for signature verification, should contain the service URI. Required if signature verification is used, for more information see API Signature document.", - "in": "header", - "required": false, - "type": "string" - }, - "FSPIOP-HTTP-Method": { - "name": "fspiop-http-method", - "description": "The FSPIOP-HTTP-Method header field is a non-HTTP standard field used by the API for signature verification, should contain the service HTTP method. Required if signature verification is used, for more information see API Signature document.", - "in": "header", - "required": false, - "type": "string" - }, - "ID": { - "name": "ID", - "in": "path", - "required": true, - "type": "string" - }, - "Type": { - "name": "Type", - "in": "path", - "required": true, - "type": "string" - }, - "SubId": { - "name": "SubId", - "in": "path", - "required": true, - "type": "string" + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } }, - "responses": { - "ResponseHealth200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/Status" - } - }, - "ResponseHello200": { - "description": "example hello-word response", - "schema": { - "type": "object", - "properties": { - "hello": { - "type": "string" - } - } - - } - }, - "Response200": { - "description": "OK" - }, - "Response202": { - "description": "Accepted" - }, - "ErrorResponse400": { - "description": "Bad Request - The application cannot process the request; for example, due to malformed syntax or the payload exceeded size restrictions.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "ErrorResponse401": { + "description": "Unauthorized - The request requires authentication in order to be processed.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse401": { - "description": "Unauthorized - The request requires authentication in order to be processed.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse403": { + "description": "Forbidden - The request was denied and will be denied in the future.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse403": { - "description": "Forbidden - The request was denied and will be denied in the future.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse404": { + "description": "Not Found - The resource specified in the URI was not found.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse404": { - "description": "Not Found - The resource specified in the URI was not found.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse405": { + "description": "Method Not Allowed - An unsupported HTTP method for the request was used.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse405": { - "description": "Method Not Allowed - An unsupported HTTP method for the request was used.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse406": { + "description": "Not acceptable - The server is not capable of generating content according to the Accept headers sent in the request. Used in the API to indicate that the server does not support the version that the client is requesting.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse406": { - "description": "Not acceptable - The server is not capable of generating content according to the Accept headers sent in the request. Used in the API to indicate that the server does not support the version that the client is requesting.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse501": { + "description": "Not Implemented - The server does not support the requested service. The client should not retry.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse501": { - "description": "Not Implemented - The server does not support the requested service. The client should not retry.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } + }, + "ErrorResponse503": { + "description": "Service Unavailable - The server is currently unavailable to accept any new service requests. This should be a temporary state, and the client should retry within a reasonable time frame.", + "headers": { + "Content-Length": { + "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", + "type": "integer" }, - "ErrorResponse503": { - "description": "Service Unavailable - The server is currently unavailable to accept any new service requests. This should be a temporary state, and the client should retry within a reasonable time frame.", - "headers": { - "Content-Length": { - "description": "The Content-Length header field indicates the anticipated size of the payload body. Only sent if there is a body.", - "type": "integer" - }, - "Content-Type": { - "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", - "type": "string" - } - }, - "schema": { - "$ref": "#/definitions/ErrorInformationResponse" - } + "Content-Type": { + "description": "The Content-Type header indicates the specific version of the API used to send the payload body.", + "type": "string" } + }, + "schema": { + "$ref": "#/definitions/ErrorInformationResponse" + } } -} \ No newline at end of file + } +} diff --git a/src/interface/template.yaml b/src/interface/template.yaml new file mode 100644 index 00000000..8552e758 --- /dev/null +++ b/src/interface/template.yaml @@ -0,0 +1,391 @@ +swagger: '2.0' +info: + title: Mojaloop Auth-Service API + version: '0.1.0' + description: An API a central auth service in Mojaloop, concerned with creating \nand managing Consents and validating thirdparty transactions + license: + name: Open API for FSP Interoperability (FSPIOP) (Implementation Friendly Version) +basePath: / +schemes: + - http +produces: + - application/json +paths: + /health: + get: + produces: + - application/json + tags: + - health + responses: + '200': + $ref: '#/responses/ResponseHealth200' + '400': + $ref: '#/responses/ErrorResponse400' + '401': + $ref: '#/responses/ErrorResponse401' + '403': + $ref: '#/responses/ErrorResponse403' + '404': + $ref: '#/responses/ErrorResponse404' + '405': + $ref: '#/responses/ErrorResponse405' + '406': + $ref: '#/responses/ErrorResponse406' + '501': + $ref: '#/responses/ErrorResponse501' + '503': + $ref: '#/responses/ErrorResponse503' + operationId: HealthGet + summary: Get Server + description: The HTTP request GET /health is used to return the current status of the API. + /metrics: + get: + produces: + - application/json + tags: + - metrics + responses: + '200': + $ref: '#/responses/ResponseHealth200' + '400': + $ref: '#/responses/ErrorResponse400' + '401': + $ref: '#/responses/ErrorResponse401' + '403': + $ref: '#/responses/ErrorResponse403' + '404': + $ref: '#/responses/ErrorResponse404' + '405': + $ref: '#/responses/ErrorResponse405' + '406': + $ref: '#/responses/ErrorResponse406' + '501': + $ref: '#/responses/ErrorResponse501' + '503': + $ref: '#/responses/ErrorResponse503' + operationId: MetricsGet + summary: Prometheus metrics endpoint + description: The HTTP request GET /metrics is used to return metrics for the API. + /hello: + get: + produces: + - application/json + tags: + - metrics + responses: + '200': + $ref: '#/responses/ResponseHealth200' + '400': + $ref: '#/responses/ErrorResponse400' + '401': + $ref: '#/responses/ErrorResponse401' + '403': + $ref: '#/responses/ErrorResponse403' + '404': + $ref: '#/responses/ErrorResponse404' + '405': + $ref: '#/responses/ErrorResponse405' + '406': + $ref: '#/responses/ErrorResponse406' + '501': + $ref: '#/responses/ErrorResponse501' + '503': + $ref: '#/responses/ErrorResponse503' + operationId: HelloGet + summary: example get + description: The HTTP request GET /hello is used to return some example json. + + /consents: + post: + description: | + The HTTP request `POST /consents` is used to create a consent object. + + - Called by `DFSP` after the succesful creation and validation of a consentRequest. + summary: CreateConsent + tags: + - consent + operationId: CreateConsent + produces: + - application/json + parameters: + - name: body + in: body + schema: + $ref: '#/definitions/Consent' + # Headers + - $ref: '#/parameters/Content-Length' + - $ref: '#/parameters/Content-Type' + - $ref: '#/parameters/Date' + - $ref: '#/parameters/X-Forwarded-For' + - $ref: '#/parameters/FSPIOP-Source' + - $ref: '#/parameters/FSPIOP-Destination' + - $ref: '#/parameters/FSPIOP-Encryption' + - $ref: '#/parameters/FSPIOP-Signature' + - $ref: '#/parameters/FSPIOP-URI' + - $ref: '#/parameters/FSPIOP-HTTP-Method' + x-examples: + application/json: + id: '123' + requestId: '456' + initiatorId: 'pispa' + participantId: 'dfspa' + scopes: + - scope: 'account.balanceInquiry' + accountId: 'dfspa.alice.1234' + - scope: 'account.sendTransfer' + accountId: 'dfspa.alice.1234' + - scope: 'account.sendTransfer' + accountId: 'dfspa.alice.5678' + credential: null + responses: + 202: + $ref: '#/responses/Response202' + 400: + $ref: '#/responses/ErrorResponse400' + 401: + $ref: '#/responses/ErrorResponse401' + 403: + $ref: '#/responses/ErrorResponse403' + 404: + $ref: '#/responses/ErrorResponse404' + 405: + $ref: '#/responses/ErrorResponse405' + 406: + $ref: '#/responses/ErrorResponse406' + 501: + $ref: '#/responses/ErrorResponse501' + 503: + $ref: '#/responses/ErrorResponse503' + + + /consents/{ID}: + parameters: + #Path + - $ref: '#/parameters/ID' + #Headers + - $ref: '#/parameters/Content-Type' + - $ref: '#/parameters/Date' + - $ref: '#/parameters/X-Forwarded-For' + - $ref: '#/parameters/FSPIOP-Source' + - $ref: '#/parameters/FSPIOP-Destination' + - $ref: '#/parameters/FSPIOP-Encryption' + - $ref: '#/parameters/FSPIOP-Signature' + - $ref: '#/parameters/FSPIOP-URI' + - $ref: '#/parameters/FSPIOP-HTTP-Method' + get: + description: > + The HTTP request `GET /consents/{ID}` is used to get information regarding a consent object created or requested earlier. + The `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`. + summary: GetConsent + tags: + - consent + operationId: GetConsent + parameters: + #Headers + - $ref: '#/parameters/Accept' + responses: + 202: + $ref: '#/responses/Response202' + 400: + $ref: '#/responses/ErrorResponse400' + 401: + $ref: '#/responses/ErrorResponse401' + 403: + $ref: '#/responses/ErrorResponse403' + 404: + $ref: '#/responses/ErrorResponse404' + 405: + $ref: '#/responses/ErrorResponse405' + 406: + $ref: '#/responses/ErrorResponse406' + 501: + $ref: '#/responses/ErrorResponse501' + 503: + $ref: '#/responses/ErrorResponse503' + + put: + description: | + The HTTP request `PUT /consents/{ID}` is used to update a specified consent object. + The `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`. + + - Called by a `auth-service` to add the credential details + + - Called by a `PISP` to add a signature of the challenge + summary: UpdateConsent + tags: + - consent + operationId: UpdateConsent + parameters: + #Body + - name: body + in: body + # TODO: change me to UpdateConsentRequest + schema: + $ref: '#/definitions/Consent' + #Headers + - $ref: '#/parameters/Content-Length' + x-examples: + application/json: + requestId: '456' + initiatorId: 'dfspa' + participantId: 'pispa' + scopes: + - scope: 'account.balanceInquiry' + accountId: 'dfspa.alice.1234' + - scope: 'account.sendTransfer' + accountId: 'dfspa.alice.1234' + - scope: 'account.sendTransfer' + accountId: 'dfspa.alice.5678' + credential: + id: '5678' + credentialType: 'FIDO' + credentialStatus: 'ACTIVE' + challenge: + payload: 'base64(...)' + signature: 'base64(...)' + payload: 'base64(...)' + responses: + 202: + $ref: '#/responses/Response202' + 400: + $ref: '#/responses/ErrorResponse400' + 401: + $ref: '#/responses/ErrorResponse401' + 403: + $ref: '#/responses/ErrorResponse403' + 404: + $ref: '#/responses/ErrorResponse404' + 405: + $ref: '#/responses/ErrorResponse405' + 406: + $ref: '#/responses/ErrorResponse406' + 501: + $ref: '#/responses/ErrorResponse501' + 503: + $ref: '#/responses/ErrorResponse503' + + /consents/{ID}/generateChallenge: + post: + description: | + The HTTP request `POST /consents/{ID}/generateChallenge` is used to create a credential for the given Consent object. + The `{ID}` in the URI should contain the `{ID}` that was used in the `POST /consents`. + + - Called by a `PISP` to request a challenge from the `auth-service`, which will be returned to the PISP via `PUT /consents/{ID}` + summary: GenerateChallengeRequest + tags: + - consent + operationId: GenerateChallengeRequest + parameters: + #Path + - $ref: '#/parameters/ID' + #Body + - name: body + in: body + schema: + $ref: '#/definitions/GenerateChallengeRequest' + #Headers + - $ref: '#/parameters/Content-Length' + - $ref: '#/parameters/Content-Type' + - $ref: '#/parameters/Date' + - $ref: '#/parameters/X-Forwarded-For' + - $ref: '#/parameters/FSPIOP-Source' + - $ref: '#/parameters/FSPIOP-Destination' + - $ref: '#/parameters/FSPIOP-Encryption' + - $ref: '#/parameters/FSPIOP-Signature' + - $ref: '#/parameters/FSPIOP-URI' + - $ref: '#/parameters/FSPIOP-HTTP-Method' + x-examples: + application/json: + { + + } + responses: + 202: + $ref: '#/responses/Response202' + 400: + $ref: '#/responses/ErrorResponse400' + 401: + $ref: '#/responses/ErrorResponse401' + 403: + $ref: '#/responses/ErrorResponse403' + 404: + $ref: '#/responses/ErrorResponse404' + 405: + $ref: '#/responses/ErrorResponse405' + 406: + $ref: '#/responses/ErrorResponse406' + 501: + $ref: '#/responses/ErrorResponse501' + 503: + $ref: '#/responses/ErrorResponse503' + + #thirdPartyRequests + /thirdPartyRequests/transactions/{ID}/authorizations: + post: + description: | + The HTTP request `POST /thirdPartyRequests/transactions/{id}/authorizations` is called by + the DFSP to check that a ThirdPartyRequest is valid + + summary: ThirdpartyAuthorizationRequest + tags: + - thirdPartyRequests + operationId: VerifyThirdPartyAuthorization + parameters: + #Path + - $ref: '#/parameters/ID' + #Body + - name: body + in: body + schema: + $ref: '#/definitions/ThirdPartyAuthorizationRequest' + #Headers + - $ref: '#/parameters/Accept' + - $ref: '#/parameters/Content-Length' + - $ref: '#/parameters/Content-Type' + - $ref: '#/parameters/Date' + - $ref: '#/parameters/X-Forwarded-For' + - $ref: '#/parameters/FSPIOP-Source' + - $ref: '#/parameters/FSPIOP-Destination' + - $ref: '#/parameters/FSPIOP-Encryption' + - $ref: '#/parameters/FSPIOP-Signature' + - $ref: '#/parameters/FSPIOP-URI' + - $ref: '#/parameters/FSPIOP-HTTP-Method' + x-examples: + application/json: + { + #from ""PUT /quotes/456"" callback + challenge: "", + #from `PUT /authorizations/123` callback: `.authenticationInfo.authenticationValue.pinValue` + value: "", + #from `thirdpartyRequests/transactions` body + consentId: "111", + sourceAccountId: "dfspa.1111-2222", + status: "PENDING" + } + responses: + 202: + $ref: '#/responses/Response202' + 400: + $ref: '#/responses/ErrorResponse400' + 401: + $ref: '#/responses/ErrorResponse401' + 403: + $ref: '#/responses/ErrorResponse403' + 404: + $ref: '#/responses/ErrorResponse404' + 405: + $ref: '#/responses/ErrorResponse405' + 406: + $ref: '#/responses/ErrorResponse406' + 501: + $ref: '#/responses/ErrorResponse501' + 503: + $ref: '#/responses/ErrorResponse503' + +definitions: + $ref: ./src/interface/definitions.yaml +parameters: + $ref: ./src/interface/parameters.yaml +responses: + $ref: ./src/interface/responses.yaml diff --git a/src/server/plugins/swagger.ts b/src/server/plugins/swagger.ts index de3a5ce2..c7556443 100644 --- a/src/server/plugins/swagger.ts +++ b/src/server/plugins/swagger.ts @@ -30,7 +30,7 @@ export default { plugin: HapiSwagger, options: { info: { - title: 'Event Sidecar Swagger Documentation', + title: 'Auth-Service OpenAPI Documentation', version: Config.PACKAGE.version } }