{"swagger":"2.0","info":{"title":"Open Bank Project API","description":"An Open Source API for Banks. (c) TESOBE GmbH. 2011 - 2024. Licensed under the AGPL and commercial licences.","contact":{"name":"TESOBE GmbH. / Open Bank Project","url":"https://openbankproject.com","email":"contact@tesobe.com"},"version":"v5.0.0"},"host":"api3.openbankproject.com","basePath":"/","schemes":["http","https"],"securityDefinitions":{"directLogin":{"type":"apiKey","description":"https://github.com/OpenBankProject/OBP-API/wiki/Direct-Login","in":"header","name":"Authorization"},"gatewayLogin":{"type":"apiKey","description":"https://github.com/OpenBankProject/OBP-API/wiki/Gateway-Login","in":"header","name":"Authorization"}},"security":[{"directLogin":[],"gatewayLogin":[]}],"paths":{"/obp/v5.0.0/banks/{BANK_ID}/consents/{CONSENT_ID}":{"put":{"tags":["Consent","Account Information Service (AIS)"],"summary":"Update Consent Status","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"
This endpoint is used to update the Status of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
","operationId":"updateConsentStatus","parameters":[{"in":"body","name":"body","description":"PutConsentStatusJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PutConsentStatusJsonV400"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/consents/{CONSENT_ID}/challenge":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Answer Consent Challenge","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
This endpoint is used to confirm a Consent previously created.
The User must supply a code that was sent out of band (OOB) for example via an SMS.
Authentication is Mandatory
","operationId":"answerConsentChallenge","parameters":[{"in":"body","name":"body","description":"PostConsentChallengeJsonV310 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostConsentChallengeJsonV310"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/consents/{CONSENT_ID}/user-update-request":{"put":{"tags":["Consent","Account Information Service (AIS)"],"summary":"Add User to a Consent","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint is used to add the User of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
","operationId":"addConsentUser","parameters":[{"in":"body","name":"body","description":"PutConsentUserJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PutConsentUserJsonV400"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/my/consent-infos":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consents Info","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consents that the current User created.
Authentication is Mandatory
","operationId":"getConsentInfos","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentInfosJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/my/consents":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consents","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consents that the current User created.
Authentication is Mandatory
","operationId":"getConsents","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentsJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/my/consents/{CONSENT_ID}/revoke":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Revoke Consent","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Revoke Consent for current user specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
Please note that this endpoint only supports the case:: "The user explicitly wishes to revoke the application’s access"
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
","operationId":"revokeConsent","parameters":[{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/banks/{BANK_ID}/my/consents/EMAIL":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent (EMAIL)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Client Authentication (mandatory)
It is used when applications request an access token to access their own resources, not on behalf of a user.
The client needs to authenticate themselves for this request.
In case of public client we use client_id and private kew to obtain access token, otherwise we use client_id and client_secret.
The obtained access token is used in the HTTP Bearer auth header of our request.
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
Authentication is Optional
","operationId":"createConsentRequest","parameters":[{"in":"body","name":"body","description":"PostConsentRequestJsonV500 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostConsentRequestJsonV500"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentRequestResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorBankNotFound"}}}}},"/obp/v5.0.0/consumer/consent-requests/CONSENT_REQUEST_ID":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consent Request","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Authentication is Optional
","operationId":"getConsentRequest","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentRequestResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorBankNotFound"}}}}},"/obp/v5.0.0/consumer/consent-requests/CONSENT_REQUEST_ID/EMAIL/consents":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent By CONSENT_REQUEST_ID (EMAIL)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
","operationId":"createConsentByConsentRequestIdEmail","parameters":[],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/consumer/consent-requests/CONSENT_REQUEST_ID/SMS/consents":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent By CONSENT_REQUEST_ID (SMS)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
","operationId":"createConsentByConsentRequestIdSms","parameters":[],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.0.0/consumer/consent-requests/CONSENT_REQUEST_ID/consents":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consent By Consent Request Id","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consent By consent request id.
Authentication is Mandatory
","operationId":"getConsentByConsentRequestId","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}}},"definitions":{"ErrorUserNotLoggedIn":{"properties":{"message":{"type":"string","example":"OBP-20001: User not logged in. Authentication is required!"}}},"ErrorBankNotFound":{"properties":{"message":{"type":"string","example":"OBP-30001: Bank not found. Please specify a valid value for BANK_ID."}}},"ConsentInfoJsonV400":{"required":["created_by_user_id","api_version","last_usage_date","status","consumer_id","api_standard","consent_id","last_action_date"],"properties":{"created_by_user_id":{"type":"string","example":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1"},"api_version":{"type":"string","example":"v1.3"},"last_usage_date":{"type":"string","example":"2021-04-08T09:12:27Z"},"status":{"type":"string","example":"INITIATED"},"consumer_id":{"type":"string","example":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"},"api_standard":{"type":"string","example":"Berlin Group"},"consent_id":{"type":"string","example":"9d429899-24f5-42c8-8565-943ffa6a7945"},"last_action_date":{"type":"string","example":"2020-01-27"}}},"ConsentJsonV500":{"required":["consent_id","jwt","status"],"properties":{"consent_id":{"type":"string","example":"9d429899-24f5-42c8-8565-943ffa6a7945"},"jwt":{"type":"string","example":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4"},"status":{"type":"string","example":"INITIATED"},"consent_request_id":{"type":"string","example":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"}}},"AccountRoutingJsonV121":{"required":["scheme","address"],"properties":{"scheme":{"type":"string","example":"AccountNumber"},"address":{"type":"string","example":"4930396"}}},"PostConsentPhoneJsonV310":{"required":["phone_number","everything","views","entitlements"],"properties":{"phone_number":{"type":"string","example":"+44 07972 444 876"},"time_to_live":{"type":"integer","format":"int64","example":"3600"},"everything":{"type":"boolean","example":"false"},"consumer_id":{"type":"string"},"valid_from":{"type":"string","format":"date","example":"2024-03-29T00:00:36Z"},"views":{"type":"array","items":{"$ref":"#/definitions/PostConsentViewJsonV310"}},"entitlements":{"type":"array","items":{"$ref":"#/definitions/PostConsentEntitlementJsonV310"}}}},"ConsentJsonV400":{"required":["api_version","jwt","status","api_standard","consent_id"],"properties":{"api_version":{"type":"string","example":"v1.3"},"jwt":{"type":"string","example":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4"},"status":{"type":"string","example":"INITIATED"},"api_standard":{"type":"string","example":"Berlin Group"},"consent_id":{"type":"string","example":"9d429899-24f5-42c8-8565-943ffa6a7945"}}},"ConsentsJsonV400":{"required":["consents"],"properties":{"consents":{"type":"array","items":{"$ref":"#/definitions/ConsentJsonV400"}}}},"ConsentRequestResponseJson":{"required":["consent_request_id","payload","consumer_id"],"properties":{"consent_request_id":{"type":"string","example":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"},"payload":{"type":"object","properties":{"everything":{"type":"boolean","example":"false"},"account_access":{"type":"array","items":{"type":"object","properties":{"account_routing":{"type":"object","properties":{"scheme":{"type":"string","example":"AccountNumber"},"address":{"type":"string","example":"4930396"}},"required":["scheme","address"]},"view_id":{"type":"string","example":"owner"}},"required":["account_routing","view_id"]}},"phone_number":{"type":"string","example":"+44 07972 444 876"},"valid_from":{"type":"string","example":"2022-06-14T12:42:00Z"},"time_to_live":{"type":"integer","format":"int32","example":"3600"}},"required":["everything","account_access","phone_number","valid_from","time_to_live"]},"consumer_id":{"type":"string","example":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"}}},"ConsentJsonV310":{"required":["consent_id","jwt","status"],"properties":{"consent_id":{"type":"string","example":"9d429899-24f5-42c8-8565-943ffa6a7945"},"jwt":{"type":"string","example":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4"},"status":{"type":"string","example":"INITIATED"}}},"PostConsentEmailJsonV310":{"required":["email","everything","views","entitlements"],"properties":{"time_to_live":{"type":"integer","format":"int64","example":"3600"},"email":{"type":"string","example":"felixsmith@example.com"},"everything":{"type":"boolean","example":"false"},"consumer_id":{"type":"string","example":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"},"valid_from":{"type":"string","format":"date","example":"2024-03-29T00:00:36Z"},"views":{"type":"array","items":{"$ref":"#/definitions/PostConsentViewJsonV310"}},"entitlements":{"type":"array","items":{"$ref":"#/definitions/PostConsentEntitlementJsonV310"}}}},"ConsentInfosJsonV400":{"required":["consents"],"properties":{"consents":{"type":"array","items":{"$ref":"#/definitions/ConsentInfoJsonV400"}}}},"PostConsentRequestJsonV500":{"required":["account_access","everything"],"properties":{"phone_number":{"type":"string","example":"+44 07972 444 876"},"time_to_live":{"type":"integer","format":"int64","example":"3600"},"email":{"type":"string","example":"felixsmith@example.com"},"account_access":{"type":"array","items":{"$ref":"#/definitions/AccountAccessV500"}},"everything":{"type":"boolean","example":"false"},"consumer_id":{"type":"string","example":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"},"valid_from":{"type":"string","format":"date","example":"2024-03-29T00:00:36Z"},"entitlements":{"type":"array","items":{"$ref":"#/definitions/PostConsentEntitlementJsonV310"}}}},"PostConsentViewJsonV310":{"required":["bank_id","account_id","view_id"],"properties":{"bank_id":{"type":"string","example":"gh.29.uk"},"account_id":{"type":"string","example":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"},"view_id":{"type":"string","example":"owner"}}},"PostConsentEntitlementJsonV310":{"required":["bank_id","role_name"],"properties":{"bank_id":{"type":"string","example":"gh.29.uk"},"role_name":{"type":"string","example":"CanGetCustomer"}}},"AccountAccessV500":{"required":["account_routing","view_id"],"properties":{"account_routing":{"$ref":"#/definitions/AccountRoutingJsonV121"},"view_id":{"type":"string","example":"owner"}}},"PutConsentUserJsonV400":{"required":["user_id"],"properties":{"user_id":{"type":"string","example":"ed7a7c01-db37-45cc-ba12-0ae8891c195c"}}},"PostConsentChallengeJsonV310":{"required":["answer"],"properties":{"answer":{"type":"string","example":"12345678"}}},"PutConsentStatusJsonV400":{"required":["status"],"properties":{"status":{"type":"string","example":"AUTHORISED"}}},"ConsentChallengeJsonV310":{"required":["consent_id","jwt","status"],"properties":{"consent_id":{"type":"string","example":"9d429899-24f5-42c8-8565-943ffa6a7945"},"jwt":{"type":"string","example":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4"},"status":{"type":"string","example":"AUTHORISED"}}}}}