From 4ee282b75604b00848e48285c8b3e7b3171c833a Mon Sep 17 00:00:00 2001 From: malshanisenarathne Date: Fri, 6 Dec 2024 15:26:11 +0530 Subject: [PATCH 1/6] Add API Creation/Key manager creation and user creation step --- .../CreateCustomKeyManagerTest.groovy | 60 + .../PublishAndSubscribeApiTest.groovy | 64 + .../cds/preexecution/UserCreationTest.groovy | 97 + .../APIConfigurationService.groovy | 130 + .../RESTApiAccessTokenGeneration.groovy | 100 + .../RESTApiPublishRequestBuilder.groovy | 365 + .../RESTApiUserCreationRequestBuilder.groovy | 198 + .../RESTKeyManagerRequestBuilder.groovy | 242 + .../api-config-provisioning.yaml | 47 + .../apis/ArrangementRevocation/README.md | 6 + .../cdr-arrangement-mgt-api.yaml | 101 + .../apis/CDSAdminAPIs/1.28.0/README.md | 6 + .../cds-admin-api-insequence-1.28.0.xml | 28 + .../consumer-data-standards-admin-1.28.0.yaml | 3524 +++++++ .../apis/CDSBanking/1.25.0/README.md | 8 + .../1.25.0/cds-api-insequence-1.25.0.xml | 29 + .../consumer-data-standards-1.25.0.yaml | 9059 +++++++++++++++++ .../DynamicClientRegistration/0.2/README.md | 6 + .../0.2/au-dcr-insequence-0.2.xml | 27 + .../0.2/au-dcr-swagger.yaml | 581 ++ .../test-grid-job/deployment.properties | 34 + 21 files changed, 14712 insertions(+) create mode 100644 integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/CreateCustomKeyManagerTest.groovy create mode 100644 integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/PublishAndSubscribeApiTest.groovy create mode 100644 integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/UserCreationTest.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/APIConfigurationService.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiAccessTokenGeneration.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiPublishRequestBuilder.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiUserCreationRequestBuilder.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTKeyManagerRequestBuilder.groovy create mode 100644 integration-test-suite/cds-toolkit-test-framework/src/main/resources/provisioningFiles/api-config-provisioning.yaml create mode 100644 integration-test-suite/test-artifacts/apis/ArrangementRevocation/README.md create mode 100644 integration-test-suite/test-artifacts/apis/ArrangementRevocation/cdr-arrangement-mgt-api.yaml create mode 100644 integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/README.md create mode 100644 integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/cds-admin-api-insequence-1.28.0.xml create mode 100644 integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/consumer-data-standards-admin-1.28.0.yaml create mode 100644 integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/README.md create mode 100644 integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/cds-api-insequence-1.25.0.xml create mode 100644 integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/consumer-data-standards-1.25.0.yaml create mode 100644 integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/README.md create mode 100644 integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-insequence-0.2.xml create mode 100644 integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-swagger.yaml create mode 100644 integration-test-suite/test-grid-job/deployment.properties diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/CreateCustomKeyManagerTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/CreateCustomKeyManagerTest.groovy new file mode 100644 index 000000000..b39eeb037 --- /dev/null +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/CreateCustomKeyManagerTest.groovy @@ -0,0 +1,60 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.preexecution + +import org.testng.annotations.BeforeClass +import org.testng.annotations.Test +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.request_builder.RESTKeyManagerRequestBuilder +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder + +import java.util.logging.Logger + +/** + * Test class to contain steps to create OB Custom Key Manager. + */ +class CreateCustomKeyManagerTest { + + AUConfigurationService auConfiguration = new AUConfigurationService() + + Logger log = Logger.getLogger(CreateCustomKeyManagerTest.class.toString()) + String gatewayUrl = auConfiguration.getServerGatewayURL() + String accessToken + + @BeforeClass (alwaysRun = true) + void checkProvisioning() { + AURestAsRequestBuilder.init() + } + + /** + * Steps to Create OB Key Manager. + */ + @Test (groups = "SmokeTest") + void "Create OB KeyManager"() { + RESTKeyManagerRequestBuilder keyManagerGeneration = new RESTKeyManagerRequestBuilder() + keyManagerGeneration.createDCRApplication() + accessToken = keyManagerGeneration.obtainAccessToken() + keyManagerGeneration.getResidentKeyManager(accessToken) + keyManagerGeneration.disableResidentKeyManager(accessToken) + //Adding sleep to fix an intermittent issue related to loading of key manager configurations. + sleep(5000) + keyManagerGeneration.addKeyManager(accessToken) + sleep(5000) + } +} diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/PublishAndSubscribeApiTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/PublishAndSubscribeApiTest.groovy new file mode 100644 index 000000000..cb0d15927 --- /dev/null +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/PublishAndSubscribeApiTest.groovy @@ -0,0 +1,64 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.preexecution + +import org.testng.SkipException +import org.testng.annotations.BeforeClass +import org.testng.annotations.Test +import org.wso2.cds.test.framework.AUTest +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.request_builder.RESTApiAccessTokenGeneration +import org.wso2.cds.test.framework.request_builder.RESTApiPublishRequestBuilder +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder + +import java.util.logging.Logger + +/** + * Test class to contain Api Publishing and Subscribing scenarios + */ +class PublishAndSubscribeApiTest extends AUTest{ + + AUConfigurationService auConfiguration = new AUConfigurationService() + Logger log = Logger.getLogger(PublishAndSubscribeApiTest.class.toString()) + String gatewayUrl = auConfiguration.getServerGatewayURL() + String accessToken + List apiIDs + + @BeforeClass (alwaysRun = true) + void checkProvisioning() { + AURestAsRequestBuilder.init() + if (!auConfiguration.isProvisioning()) { + throw new SkipException("Skipping API provisioning because the config set to false.") + } + } + + @Test (groups = "SmokeTest") + void "Publish Api"() { + RESTApiAccessTokenGeneration accessTokenGeneration = new RESTApiAccessTokenGeneration() + accessTokenGeneration.createDCRApplication() + accessToken = accessTokenGeneration.obtainAccessToken() + + RESTApiPublishRequestBuilder requestBuilder = new RESTApiPublishRequestBuilder() + apiIDs = requestBuilder.createAPIs(accessToken) + requestBuilder.addPolicy(accessToken, apiIDs) + requestBuilder.createRevision(accessToken, apiIDs) + requestBuilder.deployRevision(accessToken, apiIDs) + requestBuilder.publishAPI(accessToken, apiIDs) + } +} diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/UserCreationTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/UserCreationTest.groovy new file mode 100644 index 000000000..b22d097c0 --- /dev/null +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/preexecution/UserCreationTest.groovy @@ -0,0 +1,97 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.preexecution + +import com.nimbusds.oauth2.sdk.http.HTTPResponse +import org.testng.Assert +import org.testng.annotations.Test +import org.wso2.cds.test.framework.AUTest +import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.request_builder.RESTApiUserCreationRequestBuilder + +import org.wso2.cds.test.framework.utility.AUTestUtil + +import java.util.logging.Logger + +/** + * Test class to contain steps to create Test Users. + */ +class UserCreationTest extends AUTest { + + String userId + String roleId + String userName + String password + String roleName + RESTApiUserCreationRequestBuilder restApiUserCreationRequestBuilder + Logger log = Logger.getLogger(UserCreationTest.class.toString()) + List> userInfoList + + @Test (groups = "SmokeTest") + void "Create PSU"() { + + userInfoList = new ArrayList<>() + + for (int i = 0; i < 5; i++) { + + auConfiguration.setPsuNumber(i) + userName = auConfiguration.getUserPSUName() + password = auConfiguration.getUserPSUPWD() + + restApiUserCreationRequestBuilder = new RESTApiUserCreationRequestBuilder() + + if (!userName.equalsIgnoreCase(auConfiguration.getUserKeyManagerAdminName())) { + def createUserResponse = restApiUserCreationRequestBuilder.createUser(userName, password) + Assert.assertEquals(createUserResponse.statusCode(), HTTPResponse.SC_CREATED) + userId = AUTestUtil.parseResponseBody(createUserResponse, "id") + Assert.assertNotNull(userId) + } else { + userId = restApiUserCreationRequestBuilder.getAdminUserId() + } + + Map userInfo = new HashMap<>() + userInfo.put("UserId", userId) + userInfo.put("Username", userName) + userInfoList.add(userInfo) + } + } + + @Test (dependsOnMethods = ["Create PSU"], groups = "SmokeTest") + void "Assign Subscriber Role to the user"() { + + if (!userName.equalsIgnoreCase(auConfiguration.getUserKeyManagerAdminName())) { + roleName = AUConstants.SUBSCRIBER_ROLE + + //Get Internal/subscriber role Id + roleId = restApiUserCreationRequestBuilder.getRoleId(roleName) + + //Assign subscriber role to the created user + def response = restApiUserCreationRequestBuilder.assignUserRoles(roleName, roleId, userInfoList) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + + //Verify Assigned User Role + def responseUserRole = restApiUserCreationRequestBuilder.getUserDetails(userId) + + Assert.assertEquals(responseUserRole.statusCode(), HTTPResponse.SC_OK) + Assert.assertTrue(AUTestUtil.parseResponseBody(responseUserRole, "roles[0].value") + .contains(roleId)) + } + } +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/APIConfigurationService.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/APIConfigurationService.groovy new file mode 100644 index 000000000..40b26edb7 --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/APIConfigurationService.groovy @@ -0,0 +1,130 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.test.framework.configuration + +import org.wso2.bfsi.test.framework.exception.TestFrameworkException +import org.wso2.cds.test.framework.constant.AUConfigConstants +import org.wso2.openbanking.test.framework.configuration.OBConfigurationService +import org.wso2.openbanking.test.framework.constant.OBConfigConstants +import org.yaml.snakeyaml.Yaml + +/** + * Class for provide configuration data to the API publishing steps. + */ +class APIConfigurationService extends OBConfigurationService { + + public Map>> readProvisioningConfigs() { + + InputStream input = new FileInputStream(new File(getProvisionFilePath())) + Yaml yaml = new Yaml() + Map>> lstYamlConfigs = (Map>>) yaml.load(input) + + return lstYamlConfigs + } + + /** + * Get API File Path. + */ + ArrayList getApiFilePath() { + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiFilePaths = lstYamlConfigs.get("apis").getAt("apiFilePath") + return apiFilePaths + } + + /** + * Get In Sequence File Path. + */ + public ArrayList getSequenceFilePath() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList sequenceFilePaths = lstYamlConfigs.get("apis").getAt("sequenceFilePath") + return sequenceFilePaths + } + + /** + * Get API Name. + */ + public ArrayList getApiName() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("apiName") + return apiProperty + } + + /** + * Get API Context. + */ + public ArrayList getApiContext() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("context") + return apiProperty + } + + /** + * Get API Properties. + */ + public ArrayList getApiProperty() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("apiProperty") + return apiProperty + } + + /** + * Get API Endpoint Type. + */ + public ArrayList getApiEndpointType() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("endpointType") + return apiProperty + } + + /** + * Get Schema Validation Enabled Property. + */ + public ArrayList getEnableSchemaValidation() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("enableSchemaValidation") + return apiProperty + } + + /** + * Get Sandbox Endpoint. + */ + public ArrayList getSandboxEndpoint() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("sandbox_endpoints") + return apiProperty + } + + /** + * Get Production Endpoint. + */ + public ArrayList getProductionEndpoint() { + + Map>> lstYamlConfigs = readProvisioningConfigs() + ArrayList apiProperty = lstYamlConfigs.get("apis").getAt("production_endpoints") + return apiProperty + } +} + diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiAccessTokenGeneration.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiAccessTokenGeneration.groovy new file mode 100644 index 000000000..31398d301 --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiAccessTokenGeneration.groovy @@ -0,0 +1,100 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.test.framework.request_builder + +import com.nimbusds.oauth2.sdk.http.HTTPResponse +import org.testng.Assert +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder +import org.wso2.cds.test.framework.utility.AUTestUtil + +import java.nio.charset.Charset + +/** + * Class contains REST Api implementation for token generation to invoke publisher and dev portal APIs. + */ +class RESTApiAccessTokenGeneration { + + private AUConfigurationService auConfiguration + String clientId + String clientSecret + + RESTApiAccessTokenGeneration() { + auConfiguration = new AUConfigurationService() + } + + /** + * Create DCR application to invoke publisher and dev portal. + */ + void createDCRApplication() { + URI dcrEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + AUConstants.REST_API_CLIENT_REGISTRATION_ENDPOINT) + def response = AURestAsRequestBuilder.buildRequest() + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + generateBasicHeader(auConfiguration.getUserPublisherName(), auConfiguration.getUserPublisherPWD())) + .body(getDCRPayload()) + .post(dcrEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + clientId = AUTestUtil.parseResponseBody(response, "clientId") + clientSecret = AUTestUtil.parseResponseBody(response, "clientSecret") + } + + /** + * Obtain access token to invoke publisher and dev portal. + */ + String obtainAccessToken() { + URI tokenEndpoint = new URI("${auConfiguration.getServerGatewayURL()}/oauth2/token") + def response = AURestAsRequestBuilder.buildRequest() + .param(AUConstants.GRANT_TYPE_KEY, AUConstants.CLIENT_CREDENTIALS) + .param(AUConstants.SCOPE_KEY, "apim:api_view apim:api_create apim:api_publish apim:subscription_view " + + "apim:subscribe apim:api_key apim:app_manage apim:mediation_policy_create " + + "apim:mediation_policy_view apim:mediation_policy_manage") + .param(AUConstants.CLIENT_ID, clientId) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + generateBasicHeader(clientId, clientSecret)) + .post(tokenEndpoint.toString()) + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + return AUTestUtil.parseResponseBody(response, AUConstants.ACCESS_TOKEN) + } + + /** + * Generate Basic Header. + */ + static String generateBasicHeader(String username, String password) { + String authToken = "${username}:${password}" + return "Basic ${Base64.encoder.encodeToString(authToken.getBytes(Charset.defaultCharset()))}" + } + + /** + * Get DCR payload. + */ + static String getDCRPayload() { + return """ + { + "callbackUrl":"www.google.lk", + "clientName":"rest_api_publisher", + "owner":"admin@wso2.com", + "grantType":"client_credentials password refresh_token", + "saasApp":true + } + """.stripIndent() + } +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiPublishRequestBuilder.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiPublishRequestBuilder.groovy new file mode 100644 index 000000000..12c4f4f07 --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiPublishRequestBuilder.groovy @@ -0,0 +1,365 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.test.framework.request_builder + +import com.google.gson.JsonArray +import com.google.gson.JsonObject +import com.google.gson.JsonParser +import com.nimbusds.oauth2.sdk.http.HTTPResponse +import org.testng.Assert +import org.wso2.cds.test.framework.configuration.APIConfigurationService +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder +import org.wso2.cds.test.framework.utility.AUTestUtil + +/** + * Class contains REST Api implementation for publisher. + */ +class RESTApiPublishRequestBuilder { + + private static APIConfigurationService apiConfiguration + private static AUConfigurationService auConfiguration + + String baseURL = AUConstants.REST_API_PUBLISHER_ENDPOINT + List mediationPolicyID = new ArrayList<>() + List revisionID = new ArrayList<>() + + RESTApiPublishRequestBuilder() { + auConfiguration = new AUConfigurationService() + apiConfiguration = new APIConfigurationService() + } + + /** + * Create APIs by referring the api-config-provisioning.yaml. + * @param accessToken + * @return apiIDs + */ + List createAPIs(String accessToken) { + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + "import-openapi") + ArrayList apiFilePaths = apiConfiguration.getApiFilePath() + List apiIDs = new ArrayList() + def apis = apiFilePaths.size() + for (int i = 0; i < apis; i++) { + + if (apiConfiguration.getApiEndpointType()[i] == "http") { + + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_MULTIPART) + .multiPart("file", new File(apiFilePaths[i])) + .multiPart("additionalProperties", getAdditionalProperties(apiConfiguration.getApiName()[i], + apiConfiguration.getApiProperty()[i]["ob-api-version"].toString(), + apiConfiguration.getApiContext()[i], apiConfiguration.getApiEndpointType()[i], + apiConfiguration.getEnableSchemaValidation()[i], apiConfiguration.getSandboxEndpoint()[i], + apiConfiguration.getProductionEndpoint()[i])) + .post apiEndpoint.toString() + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + Assert.assertEquals(AUTestUtil.parseResponseBody(response, "name"), apiConfiguration.getApiName()[i]) + apiIDs.add(AUTestUtil.parseResponseBody(response, "id")) + + } else { + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_MULTIPART) + .multiPart("file", new File(apiFilePaths[i])) + .multiPart("additionalProperties", getAdditionalProperties(apiConfiguration.getApiName()[i], + apiConfiguration.getApiProperty()[i]["ob-api-version"].toString(), + apiConfiguration.getApiContext()[i], apiConfiguration.getApiEndpointType()[i], + apiConfiguration.getEnableSchemaValidation()[i])) + .post apiEndpoint.toString() + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + Assert.assertEquals(AUTestUtil.parseResponseBody(response, "name"), apiConfiguration.getApiName()[i]) + apiIDs.add(AUTestUtil.parseResponseBody(response, "id")) + } + } + return apiIDs + } + + /** + * Create mediation policy by referring the api-config-provisioning.yaml. + * @param accessToken + */ + void createRevision(String accessToken, List apiIDs) { + for (int i = 0; i < apiIDs.size(); i++) { + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + apiIDs.get(i) + "/revisions") + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .body(getCreateRevisionPayload("revision1")) + .post(apiEndpoint) + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + revisionID.add(AUTestUtil.parseResponseBody(response, "id")) + + } + } + + /** + * Deploy revision by referring the api-config-provisioning.yaml. + * @param accessToken + */ + void deployRevision(String accessToken, List apiIDs) { + for (int i = 0; i < apiIDs.size(); i++) { + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + apiIDs.get(i) + "/deploy-revision") + String apimHostname = apiEndpoint.getHost(); + apimHostname = apimHostname.startsWith("www.") ? apimHostname.substring(4) : apimHostname; + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .queryParam("revisionId", revisionID.get(i)) + .body(getDeployRevisionPayload(apimHostname, revisionID.get(i))) + .post(apiEndpoint) + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + } + } + + /** + * Publish API. + * @param accessToken + * @param apiIDs + */ + void publishAPI(String accessToken, List apiIDs) { + for (int i = 0; i < apiIDs.size(); i++) { + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + "change-lifecycle") + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .queryParam("apiId", apiIDs.get(i)) + .queryParam("action", "Publish") + .post(apiEndpoint) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + } + } + + /** + * Get mediation policy. + * @param id + * @param name + * @return mediation policy + */ + static List getMediationPolicy(id, name) { + Map property = new HashMap() + property.put("id", id) + property.put("name", name) + property.put("type", "in") + List policy = new ArrayList() + policy.add(property) + return policy + } + + /** + * Get additional properties. + * @param api_name + * @param api_version + * @param api_context + * @param api_endpoint_type + * @param isSchemaEnabled + * @param sandbox_endpoints + * @param production_endpoints + * @return additional properties + */ + static String getAdditionalProperties(String api_name, String api_version, String api_context, String api_endpoint_type, + String isSchemaEnabled, String sandbox_endpoints = "default", + String production_endpoints = "default") { + + + if (!api_endpoint_type.equalsIgnoreCase("default")) { + if(api_name.contains("ConsumerDataStandards")){ + sandbox_endpoints = "${auConfiguration.getServerGatewayURL()}" + "${sandbox_endpoints}" + production_endpoints = "${auConfiguration.getServerGatewayURL()}" + "${production_endpoints}" + } else { + sandbox_endpoints = "${auConfiguration.getServerAuthorisationServerURL()}" + "${sandbox_endpoints}" + production_endpoints = "${auConfiguration.getServerAuthorisationServerURL()}" + "${production_endpoints}" + } + } + + return """ + { + "name": "$api_name", + "version": "$api_version", + "context": "$api_context", + "enableSchemaValidation": $isSchemaEnabled, + "policies": [ + "Unlimited" + ], + "apiThrottlingPolicy": "Unlimited", + "endpointConfig": { + "endpoint_type": "$api_endpoint_type", + "sandbox_endpoints": { + "url": "$sandbox_endpoints" + }, + "production_endpoints": { + "url": "$production_endpoints" + } + } + } + """.stripIndent() + } + + /** + * Get create revision payload. + * @param description + * @return create revision payload + */ + static String getCreateRevisionPayload(String description) { + return """ + { + "description": "$description" + } + """.stripIndent() + } + + /** + * Get deploy revision payload. + * @param apimHostname + * @return deploy revision payload + */ + static String getDeployRevisionPayload(String apimHostname, String revisionId){ + return """ + [{ + "revisionUuid": "$revisionId", + "name": "Production and Sandbox", + "vhost": "$apimHostname", + "displayOnDevportal": true + }] + """.stripIndent() + } + + /** + * Add policy by referring the api-config-provisioning.yaml + * @param accessToken + * @return + */ + void addPolicy(String accessToken, List apiIDs) { + + ArrayList sequenceFilePaths = apiConfiguration.getSequenceFilePath() + + ArrayList apiNames = apiConfiguration.getApiName() + def sequences = sequenceFilePaths.size() + for (int i = 0; i < sequences; i++) { + def t = sequenceFilePaths[i] + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + apiIDs.get(i) + + "/operation-policies") + + if (!sequenceFilePaths[i].equals("")) { + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_MULTIPART) + .multiPart("synapsePolicyDefinitionFile", new File(sequenceFilePaths[i])) + .multiPart("policySpecFile", + getPolicySpecFileDefinition(apiNames.get(i), "1.0").toString()) + .post(apiEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + // Updating the API resources with operation policies. + updateAPIWithPolicy(apiIDs.get(i), apiNames.get(i), + AUTestUtil.parseResponseBody(response, "id"), accessToken) + } + } + } + + /** + * Update API with the created policy + * @param apiId + * @param apiName + * @param policyId + * @param accessToken + */ + private void updateAPIWithPolicy(String apiId, String apiName, String policyId, String accessToken) { + + URI apiEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + apiId) + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .get(apiEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + + JsonObject responseJSONObject = JsonParser.parseString(response.getBody().asString()) as JsonObject + JsonArray operations = responseJSONObject.get("operations").getAsJsonArray() + JsonArray modifiedOperationsList = new JsonArray() + for (int operationCount = 0; operationCount < operations.size(); operationCount++) { + JsonObject currentOperation = operations.get(operationCount) as JsonObject + JsonObject operationPolicies = currentOperation.get("operationPolicies") as JsonObject; + JsonArray policy = getRequestOperationPolicy(apiName, policyId, "1.0") + operationPolicies.add("request", policy) + operations.get(operationCount).add("operationPolicies", operationPolicies) + modifiedOperationsList.add(operations.get(operationCount)) + } + operations = modifiedOperationsList + responseJSONObject.add("operations", operations) + + def updatedResponse = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .body(responseJSONObject.toString()) + .put(apiEndpoint) + Assert.assertEquals(updatedResponse.statusCode(), HTTPResponse.SC_OK) + } + + /** + * This method will return the policy spec file definition for given inputs. + * @param apiName api name + * @param version api version + * @return + */ + private static JsonObject getPolicySpecFileDefinition(String apiName, String version) { + + JsonObject policySpecObject = new JsonObject(); + policySpecObject.addProperty("category", "Mediation") + policySpecObject.addProperty("name", apiName) + policySpecObject.addProperty("displayName", apiName) + policySpecObject.addProperty("version", version) + policySpecObject.addProperty("description", apiName) + JsonArray applicableFlows = new JsonArray(); + applicableFlows.add("request") + applicableFlows.add("response") + applicableFlows.add("fault") + policySpecObject.add("applicableFlows", applicableFlows) + JsonArray supportedApiTypes = new JsonArray(); + supportedApiTypes.add("HTTP") + policySpecObject.add("supportedApiTypes", supportedApiTypes) + JsonArray supportedGateways = new JsonArray(); + supportedGateways.add("Synapse") + policySpecObject.add("supportedGateways", supportedGateways) + JsonArray policyAttributes = new JsonArray(); + policySpecObject.add("policyAttributes", policyAttributes) + return policySpecObject; + } + + /** + * This method will return the operation policy json for the given inputs. + * @param policyName policy name + * @param policyId policy id + * @param policyVersion policy version + * @return + */ + private static JsonArray getRequestOperationPolicy(String policyName, String policyId, String policyVersion) { + + JsonArray request = new JsonArray(); + JsonObject policyObject = new JsonObject(); + policyObject.addProperty("policyName", policyName) + policyObject.addProperty("policyId", policyId) + policyObject.addProperty("policyVersion", policyVersion) + request.add(policyObject) + return request; + } +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiUserCreationRequestBuilder.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiUserCreationRequestBuilder.groovy new file mode 100644 index 000000000..cd53c3d72 --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTApiUserCreationRequestBuilder.groovy @@ -0,0 +1,198 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.test.framework.request_builder + +import io.restassured.RestAssured +import io.restassured.config.EncoderConfig +import io.restassured.config.RestAssuredConfig +import io.restassured.http.Header +import io.restassured.response.Response +import org.apache.http.client.methods.HttpPut +import org.apache.http.entity.StringEntity +import org.apache.http.impl.client.CloseableHttpClient +import org.apache.http.impl.client.HttpClients +import org.apache.http.message.BasicHeader +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder +import org.wso2.cds.test.framework.utility.AUTestUtil + +import javax.swing.text.Document +import javax.xml.parsers.DocumentBuilder +import javax.xml.parsers.DocumentBuilderFactory +import java.nio.charset.Charset + +/** + * SCIM2 Rest API request builder for User Creation. + */ +class RESTApiUserCreationRequestBuilder { + + private AUConfigurationService auConfiguration = new AUConfigurationService() + String baseURL = AUConstants.REST_API_SCIM2_ENDPOINT + Response createUserResponse + Response roleGroupResponse + Response responseUserDetails + + def authToken = "${auConfiguration.getUserKeyManagerAdminName()}:${auConfiguration.getUserKeyManagerAdminPWD()}" + String basicHeader = "Basic ${Base64.encoder.encodeToString(authToken.getBytes(Charset.defaultCharset()))}" + + Response createUser(String userName, String password) { + + URI scim2Url = new URI("${auConfiguration.getServerAuthorisationServerURL()}" + baseURL + "/Users") + def payload = getUserCreationPayload(userName, password) + + createUserResponse = AURestAsRequestBuilder.buildRequest() + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .accept(AUConstants.CONTENT_TYPE_APPLICATION_SCIM_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, basicHeader) + .body(payload) + .post(scim2Url.toString()) + + return createUserResponse + } + + String getRoleId(String roleName) { + + URI scim2Url = new URI("${auConfiguration.getServerAuthorisationServerURL()}" + baseURL + "/Roles") + + String roleNameSubString = roleName.split("/")[1] + + def roleGroupResponse = AURestAsRequestBuilder.buildRequest() + .accept(AUConstants.CONTENT_TYPE_APPLICATION_SCIM_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, basicHeader) + .queryParam("filter", "displayName eq $roleNameSubString") + .get(scim2Url.toString()) + + def roleId = AUTestUtil.parseResponseBody(roleGroupResponse, "Resources[0].id") + + return roleId + } + + Response assignUserRoles(String roleName, String roleId, List> userInfoList) { + + URI scim2Url = new URI("${auConfiguration.getServerAuthorisationServerURL()}" + baseURL + "/Groups/$roleId") + def payload = defaultUserRolesPayload(roleName, userInfoList) + + roleGroupResponse = RestAssured.given() + .config(RestAssuredConfig.newConfig() + .encoderConfig(EncoderConfig.encoderConfig().appendDefaultContentCharsetToContentTypeIfUndefined(false))) // Prevent charset appending + .relaxedHTTPSValidation() + .header("Content-Type", "application/scim+json") + .header("Accept", "application/scim+json") + .header(AUConstants.AUTHORIZATION_HEADER_KEY, basicHeader) + .body(payload) + .put(scim2Url.toString()) + + return roleGroupResponse + + } + + Response getUserDetails(String userId) { + + URI scim2Url = new URI("${auConfiguration.getServerAuthorisationServerURL()}" + baseURL + "/Users/$userId") + + responseUserDetails = AURestAsRequestBuilder.buildRequest() + .accept(AUConstants.CONTENT_TYPE_APPLICATION_SCIM_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, basicHeader) + .queryParam("attributes", "roles") + .get(scim2Url.toString()) + + return responseUserDetails + } + + String getUserCreationPayload(String userName, String password) { + + String defaultUserCreationPayload = """ + { + "schemas": [], + "name": { + "givenName": "psu", + "familyName": "psu" + }, + "userName": "${userName}", + "password": "${password}", + "emails": [ + { + "type": "home", + "value": "${userName}", + "primary": true + }, + { + "type": "work", + "value": "${userName}" + } + ], + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { + "employeeNumber": "1234", + "manager": { + "value": "${userName}" + } + } + } + """.stripIndent() + + return defaultUserCreationPayload + + } + + String defaultUserRolesPayload(String roleName, List> userInfoList) { + + StringBuilder membersArray = new StringBuilder() + for (Map userInfo : userInfoList) { + String userId = userInfo.get("UserId") + String userName = userInfo.get("Username") + + // Add each user to the members array (in JSON format) + if (membersArray.length() > 0) { + membersArray.append(",\n") // Add a comma to separate members + } + + membersArray.append(" {\n") + .append(" \"value\": \"").append(userId).append("\",\n") + .append(" \"display\": \"").append(userName).append("\"\n") + .append(" }") + } + + String payload = """ + { + "displayName":"$roleName", + "members": [ + """ + membersArray.toString() + """ + ] + } + """.stripIndent() + + return payload + } + + String getAdminUserId() { + + URI scim2Url = new URI("${auConfiguration.getServerAuthorisationServerURL()}" + baseURL + "/Users") + + def roleGroupResponse = AURestAsRequestBuilder.buildRequest() + .accept(AUConstants.CONTENT_TYPE_APPLICATION_SCIM_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, basicHeader) + .queryParam("filter", "userName eq ${auConfiguration.getUserKeyManagerAdminName()}") + .get(scim2Url.toString()) + + def userId = AUTestUtil.parseResponseBody(roleGroupResponse, "Resources[0].id") + + return userId + } +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTKeyManagerRequestBuilder.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTKeyManagerRequestBuilder.groovy new file mode 100644 index 000000000..1a72ef6e6 --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/RESTKeyManagerRequestBuilder.groovy @@ -0,0 +1,242 @@ +/** + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.cds.test.framework.request_builder + +import com.nimbusds.oauth2.sdk.http.HTTPResponse +import org.testng.Assert +import org.wso2.cds.test.framework.configuration.APIConfigurationService +import org.wso2.cds.test.framework.configuration.AUConfigurationService +import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.utility.AURestAsRequestBuilder +import org.wso2.cds.test.framework.utility.AUTestUtil + +import java.nio.charset.Charset + +/** + * Generate Custom Key Manager. + */ +class RESTKeyManagerRequestBuilder { + + private static APIConfigurationService apiConfiguration + private static AUConfigurationService auConfiguration + + String clientId + String clientSecret + String baseURL = AUConstants.REST_API_ADMIN_ENDPOINT + String keyManagerId + String residentKeyMangerId + + RESTKeyManagerRequestBuilder() { + auConfiguration = new AUConfigurationService() + apiConfiguration = new APIConfigurationService() + } + + /** + * Create rest_api_admin service provider. + */ + void createDCRApplication() { + URI dcrEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + AUConstants.REST_API_CLIENT_REGISTRATION_ENDPOINT) + def response = AURestAsRequestBuilder.buildRequest() + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + generateBasicHeader(auConfiguration.getUserPublisherName(), auConfiguration.getUserPublisherPWD())) + .body(getDCRPayload()) + .post(dcrEndpoint.toString()) + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + clientId = AUTestUtil.parseResponseBody(response, "clientId") + clientSecret = AUTestUtil.parseResponseBody(response, "clientSecret") + } + + /** + * Generate Application Access Token. + * @return + */ + String obtainAccessToken() { + URI tokenEndpoint = new URI("${auConfiguration.getServerGatewayURL()}/oauth2/token") + def response = AURestAsRequestBuilder.buildRequest() + .param(AUConstants.GRANT_TYPE_KEY, AUConstants.PASSWORD_GRANT) + .param(AUConstants.SCOPE_KEY, "openid apim:admin apim:tier_view apim:tier_manage apim:bl_view" + + "apim:bl_manage apim:mediation_policy_view apim:mediation_policy_create apim:app_owner_change" + + "apim:app_import_export apim:api_import_export apim:api_product_import_export apim:environment_manage" + + "apim:environment_read apim:monetization_usage_publish apim:api_workflow_approve apim:bot_data" + + "apim:tenantInfo apim:tenant_theme_manage apim:admin_operations apim:admin_settings " + + "apim:admin_alert_manage apim:api_workflow_view apim:scope_manage apim:role_manage") + .param(AUConstants.USER_NAME, auConfiguration.getUserKeyManagerAdminName()) + .param(AUConstants.PASSWORD, auConfiguration.getUserKeyManagerAdminPWD()) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, + generateBasicHeader(clientId, clientSecret)) + .post(tokenEndpoint.toString()) + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + return AUTestUtil.parseResponseBody(response, AUConstants.ACCESS_TOKEN) + } + + /** + * Generate Basic Header. + * @param username + * @param password + * @return + */ + static String generateBasicHeader(String username, String password) { + String authToken = "${username}:${password}" + return "Basic ${Base64.encoder.encodeToString(authToken.getBytes(Charset.defaultCharset()))}" + } + + /** + * Get Application Payload. + * @return + */ + static String getDCRPayload() { + return """ + { + "callbackUrl":"www.google.lk", + "clientName":"rest_api_admin", + "owner":"admin@wso2.com", + "grantType":"client_credentials password refresh_token", + "saasApp":true + } + """.stripIndent() + } + + /** + * Add Custom Key Manager. + * @param accessToken + */ + void addKeyManager(String accessToken){ + + URI keyManagerEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + "key-managers") + def response = AURestAsRequestBuilder.buildRequest() + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .body(getKeyManagerPayload()) + .post(keyManagerEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_CREATED) + keyManagerId = AUTestUtil.parseResponseBody(response, "id") + } + + /** + * Get Key Manager Payload. + * @return + */ + static String getKeyManagerPayload() { + + String isServerUrl = auConfiguration.getServerAuthorisationServerURL() + + return """ + { + "name": "OBKM", + "displayName": "OBKM", + "type": "ObKeyManager", + "description": "This is a custom key manager for Open Banking", + "wellKnownEndpoint": "${isServerUrl}/oauth2/token/.well-known/openid-configuration", + "introspectionEndpoint": "${isServerUrl}/oauth2/introspect", + "clientRegistrationEndpoint": "${isServerUrl}/keymanager-operations/dcr/register", + "tokenEndpoint": "${isServerUrl}/oauth2/token", + "displayTokenEndpoint": "${isServerUrl}/oauth2/token", + "revokeEndpoint": "${isServerUrl}/oauth2/revoke", + "displayRevokeEndpoint": "${isServerUrl}/oauth2/revoke", + "userInfoEndpoint": "${isServerUrl}/oauth2/userinfo?schema=openid", + "authorizeEndpoint": "${isServerUrl}/oauth2/authorize", + "certificates": { + "type": "JWKS", + "value": "${isServerUrl}/oauth2/jwks" + }, + "issuer": "${isServerUrl}/oauth2/token", + "scopeManagementEndpoint": "${isServerUrl}/api/identity/oauth2/v1.0/scopes", + "availableGrantTypes": [ + "client_credentials", "refresh_token", "password", "authorization_code" + ], + "enableTokenGeneration": true, + "enableTokenEncryption": false, + "enableTokenHashing": false, + "enableMapOAuthConsumerApps": true, + "enableOAuthAppCreation": true, + "enableSelfValidationJWT": true, + "claimMapping": [ + { + "remoteClaim": "http://idp.org/username", + "localClaim": "http://wso2.org/username" + } + ], + "consumerKeyClaim": "azp", + "scopesClaim": "scope", + "tokenValidation": [ + { + "id": 0, + "enable": false, + "type": "JWT", + "value": {} + } + ], + "enabled": true, + "additionalProperties": { + "self_validate_jwt": true, + "Username": "${auConfiguration.getUserKeyManagerAdminName()}", + "Password": "${auConfiguration.getUserKeyManagerAdminPWD()}" + } + } + """.stripIndent() + } + + /** + * Get resident key manager information to disable it after adding the ob key manager. + * @param accessToken + */ + void getResidentKeyManager(String accessToken) { + + URI keyManagerEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + "key-managers") + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .get(keyManagerEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + residentKeyMangerId = AUTestUtil.parseResponseBody(response, "list.id").replaceAll("[\\[\\]]", "") + + } + + /** + * Disable the resident key manager after adding the OBKeyManager. + * @param accessToken + */ + void disableResidentKeyManager(String accessToken) { + + URI keyManagerEndpoint = new URI("${auConfiguration.getServerGatewayURL()}" + baseURL + "key-managers/" + residentKeyMangerId) + def response = AURestAsRequestBuilder.buildRequest() + .contentType(AUConstants.CONTENT_TYPE_APPLICATION_JSON) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, AUConstants.AUTHORIZATION_BEARER_TAG + accessToken) + .body(getResidentKeyManagerUpdatePayload()) + .put(keyManagerEndpoint.toString()) + + Assert.assertEquals(response.statusCode(), HTTPResponse.SC_OK) + } + + /** + * Get Resident Key Manager Update Payload. + * @return + */ + static String getResidentKeyManagerUpdatePayload() { + return """ + { + "name": "Resident Key Manager", + "type": "default", + "enabled": false + } + """.stripIndent() + } +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/resources/provisioningFiles/api-config-provisioning.yaml b/integration-test-suite/cds-toolkit-test-framework/src/main/resources/provisioningFiles/api-config-provisioning.yaml new file mode 100644 index 000000000..8545cdd2f --- /dev/null +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/resources/provisioningFiles/api-config-provisioning.yaml @@ -0,0 +1,47 @@ +apis: + - apiFilePath: '../test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-swagger.yaml' + sequenceFilePath: '../test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-insequence-0.2.xml' + apiProperty: + check-api-resource: '/register' + check-dynamic-sequence: 'au-dcr-insequence' + ob-api-version: '0.2' + endpointType: 'http' + sandbox_endpoints: '/api/openbanking/dynamic-client-registration' + production_endpoints: '/api/openbanking/dynamic-client-registration' + apiName: 'CDRDynamicClientRegistrationAPI' + context: '/open-banking/{version}' + enableSchemaValidation: 'false' + - apiFilePath: '../test-artifacts/apis/CDSBanking/1.25.0/consumer-data-standards-1.25.0.yaml' + sequenceFilePath: '../test-artifacts/apis/CDSBanking/1.25.0/cds-api-insequence-1.25.0.xml' + apiProperty: + check-api-resource: '/banking/accounts' + check-dynamic-sequence: 'cds-api-insequence' + ob-api-version: 'v1' + endpointType: 'http' + sandbox_endpoints: '/api/openbanking/cds/backend/services' + production_endpoints: '/api/openbanking/cds/backend/services' + apiName: 'ConsumerDataStandards' + context: '/cds-au/{version}' + enableSchemaValidation: 'true' + - apiFilePath: '../test-artifacts/apis/CDSAdminAPIs/1.28.0/consumer-data-standards-admin-1.28.0.yaml' + sequenceFilePath: '../test-artifacts/apis/CDSAdminAPIs/1.28.0/cds-admin-api-insequence-1.28.0.xml' + apiProperty: + check-api-resource: '/register/metadata' + check-dynamic-sequence: 'cds-admin-api-insequence' + ob-api-version: 'v1' + endpointType: 'default' + apiName: 'ConsumerDataStandardsAdminAPI' + context: '/cds-au/{version}/admin' + enableSchemaValidation: 'false' + - apiFilePath: '../test-artifacts/apis/ArrangementRevocation/cdr-arrangement-mgt-api.yaml' + sequenceFilePath: '' + apiProperty: + check-api-resource: '/revoke' + check-dynamic-sequence: '' + ob-api-version: '1.0.0' + endpointType: 'http' + sandbox_endpoints: '/api/openbanking/cds-arrangement-revocation/arrangements' + production_endpoints: '/api/openbanking/cds-arrangement-revocation/arrangements' + apiName: 'CDRArrangementManagementAPI' + context: '/arrangements/{version}' + enableSchemaValidation: 'false' diff --git a/integration-test-suite/test-artifacts/apis/ArrangementRevocation/README.md b/integration-test-suite/test-artifacts/apis/ArrangementRevocation/README.md new file mode 100644 index 000000000..c31d60744 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/ArrangementRevocation/README.md @@ -0,0 +1,6 @@ + +## CDS Arrangement Revocation API - v1.0.0

+1. **Configure the following endpoint URL**
+Endpoint URL +Production- https://localhost:9446/api/openbanking/cds-arrangement-revocation/arrangements +Sandbox- https://localhost:9446/api/openbanking/cds-arrangement-revocation/arrangements \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/apis/ArrangementRevocation/cdr-arrangement-mgt-api.yaml b/integration-test-suite/test-artifacts/apis/ArrangementRevocation/cdr-arrangement-mgt-api.yaml new file mode 100644 index 000000000..06c2220de --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/ArrangementRevocation/cdr-arrangement-mgt-api.yaml @@ -0,0 +1,101 @@ +swagger: '2.0' +info: + title: CDR Arrangement Management API + description: Data Holder's CDR Arrangement Management API + version: '1.0.0' +basePath: /arrangements/{version} +schemes: + - https +paths: + '/revoke': + post: + summary: Revoke a sharing arrangement between the data holder and the data recepient + tags: + - CDR Arrangement + consumes: + - application/x-www-form-urlencoded + produces: + - application/json + parameters: + - name: client_id + in: formData + description: Client ID + required: false + type: string + - name: client_assertion_type + in: formData + description: Client Assertion Type + required: true + type: string + enum: ["urn:ietf:params:oauth:client-assertion-type:jwt-bearer"] + - name: client_assertion + in: formData + description: Client Assertion + required: true + type: string + - name: cdr_arrangement_id + in: formData + description: CDR Arrangement ID to be revoked + required: true + type: string + responses: + '204': + description: The sharing arrangement has been revoked successfully + '400': + $ref: '#/responses/400Error' + '403': + $ref: '#/responses/403Error' + '422': + $ref: '#/responses/422Error' + x-auth-type: None + x-throttling-tier: Unlimited + + +responses: + 400Error: + description: "Request failed due to client authentication failure" + + 403Error: + description: "Request failed due to client is not authorized to perform the management" + + 422Error: + description: 'Request failed due to client submitted an invalid arrangement identifier or the identifier could not be found' + + +x-wso2-auth-header: "Authorization" +x-wso2-cors: + corsConfigurationEnabled: false + accessControlAllowOrigins: + - "*" + accessControlAllowCredentials: false + accessControlAllowHeaders: + - "authorization" + - "Access-Control-Allow-Origin" + - "Content-Type" + - "SOAPAction" + - "apikey" + accessControlAllowMethods: + - "GET" + - "PUT" + - "POST" + - "DELETE" + - "PATCH" + - "OPTIONS" +x-wso2-production-endpoints: "#/x-wso2-endpoints/productionEndpoint" +x-wso2-sandbox-endpoints: "#/x-wso2-endpoints/sandboxEndpoint" +x-wso2-endpoints: + - productionEndpoint: + urls: + - "https://localhost:9446/cdr-arrangement-management/arrangements/revoke" + - sandboxEndpoint: + urls: + - "https://localhost:9446/cdr-arrangement-management/arrangements/revoke" +x-wso2-basePath: "/arrangements/1.0.0" +x-wso2-request-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +x-wso2-response-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +x-wso2-transports: + - "http" + - "https" +x-wso2-response-cache: + enabled: false + cacheTimeoutInSeconds: 300 diff --git a/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/README.md b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/README.md new file mode 100644 index 000000000..bb4c068d4 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/README.md @@ -0,0 +1,6 @@ +## Consumer Data Standards Administration API

+1. **Add context as `/cds-au/{version}/admin`** + +2. **Select the Dynamic endpoint in the API Configurations -> Endpoints section of the publisher**
+ +3. **Add the insequence to the inflow to message mediation**
diff --git a/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/cds-admin-api-insequence-1.28.0.xml b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/cds-admin-api-insequence-1.28.0.xml new file mode 100644 index 000000000..8746149e1 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/cds-admin-api-insequence-1.28.0.xml @@ -0,0 +1,28 @@ + + + + + +
+
+ + + + + +
+ + +
+ + + + diff --git a/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/consumer-data-standards-admin-1.28.0.yaml b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/consumer-data-standards-admin-1.28.0.yaml new file mode 100644 index 000000000..d7417eb15 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSAdminAPIs/1.28.0/consumer-data-standards-admin-1.28.0.yaml @@ -0,0 +1,3524 @@ +openapi: 3.0.3 +info: + contact: + email: contact@consumerdatastandards.gov.au + name: Consumer Data Standards Administration End Points + url: https://consumerdatastandards.gov.au + description: Data Holder Consumer Data Standards Administration End Points created + by the Data Standards Body (DSB), with the Data Standards Chair as the decision + maker + license: + name: MIT License + url: https://opensource.org/licenses/MIT + title: ConsumerDataStandardsAdminAPI + version: v1 +servers: +- url: https://data.holder.com.au/cds-au/v1 +paths: + /register/metadata: + post: + description: Indicate that a critical update to the metadata for Accredited + Data Recipients has been made and should be obtained + operationId: metadataUpdate + parameters: + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder should respond with a 406 Not Acceptable. See [HTTP + Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder should respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RequestMetaDataUpdate' + required: true + responses: + "200": + content: + application/json: + schema: {} + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ summary: Metadata Update + tags: + - Admin + - Register + x-scopes: + - admin:metadata:update + x-restricted-access: REGISTER + x-version: "1" + x-auth-type: None + x-throttling-tier: Unlimited + x-codegen-request-body-name: action + /metrics: + get: + description: |- + This end point allows the ACCC to obtain operational statistics from the Data Holder (at the Data Holder Brand level) on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime. + + This end point is not required to be implemented by the Australian Energy Market Operator, the Australian Energy Regulator or the Department of State administered by the Minister of Victoria administering the National Electricity (Victoria) Act 2005 (Vic). + + NOTE: This version **MUST** be implemented by **May 13th 2024** + + Obsolete versions: [v1](includes/obsolete/get-metrics-v1.html) [v2](includes/obsolete/get-metrics-v2.html). + + Deprecated versions: + + - [v3](includes/obsolete/get-metrics-v3.html) - Implementation not required for Data Holders going live on, or after, 1st November 2023. Other Data Holders **MAY** retire this version from the earlier of **13th May 2024** or from the time the ACCC announce that they no longer call this version + - [v4](includes/obsolete/get-metrics-v4.html) - This version, or v5, **MUST** be implemented by **November 1st 2023** + + If the Data Holder supports private_key_jwt client authentication they MUST validate the scope. + operationId: getMetrics + parameters: + - description: The period of metrics to be requested. Values can be CURRENT + (meaning metrics for current period, dependent on the metric type), HISTORIC + (meaning metrics for previous period, depending on the metric type) or ALL. + If absent the default is ALL. + explode: true + in: query + name: period + required: false + schema: + default: ALL + enum: + - CURRENT + - HISTORIC + - ALL + type: string + style: form + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder should respond with a 406 Not Acceptable. See [HTTP + Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder should respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseMetricsListV5' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ summary: Get Metrics + tags: + - Admin + - Metrics + x-scopes: + - admin:metrics.basic:read + x-restricted-access: REGISTER + x-version: "5" + x-auth-type: None + x-throttling-tier: Unlimited +components: + parameters: + RequestHeader_x-v: + description: Version of the API end point requested by the client. Must be set + to a positive integer. The data holder should respond with the highest supported + version between [x-min-v](#request-headers) and [x-v](#request-headers). If + the value of [x-min-v](#request-headers) is equal to or higher than the value + of [x-v](#request-headers) then the [x-min-v](#request-headers) header should + be treated as absent. If all versions requested are not supported then the + data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + RequestHeader_x-min-v: + description: Minimum version of the API end point requested by the client. Must + be set to a positive integer if provided. The data holder should respond with + the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If all versions requested are not supported then the data holder should respond + with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + schemas: + RequestMetaDataUpdate: + example: + data: + action: REFRESH + meta: '{}' + properties: + data: + $ref: '#/components/schemas/RequestMetaDataUpdate_data' + meta: + type: object + required: + - data + type: object + ResponseMetricsListV5: + example: + data: + rejections: + authenticated: + previousDays: + - 4 + - 4 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + peakTps: + authenticated: + previousDays: + - 4.652396432933246 + - 4.652396432933246 + currentDay: 0.10263654006109402 + unauthenticated: + previousDays: + - 6.519180951018382 + - 6.519180951018382 + currentDay: 7.058770351582356 + aggregate: + previousDays: + - 0.8851374739011653 + - 0.8851374739011653 + currentDay: 7.143538047012306 + averageTps: + authenticated: + previousDays: + - 3.0937452626664474 + - 3.0937452626664474 + currentDay: 3.353193347011243 + unauthenticated: + previousDays: + - 6.704019297950036 + - 6.704019297950036 + currentDay: 5.944895607614016 + aggregate: + previousDays: + - 6.878052220127876 + - 6.878052220127876 + currentDay: 6.778324963048013 + secondaryHolder: + rejections: + previousDays: + - 0 + - 0 + currentDay: 9 + errors: + previousDays: + - 7 + - 7 + currentDay: 4 + availability: + authenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + unauthenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + aggregate: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + averageResponse: + unattended: + previousDays: + - 9.369310271410669 + - 9.369310271410669 + currentDay: 9.965781217890562 + secondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + highPriority: + previousDays: + - 1.1730742509559433 + - 1.1730742509559433 + currentDay: 7.457744773683766 + largePayload: + previousDays: + - 8.762042012749001 + - 8.762042012749001 + currentDay: 6.683562403749608 + unauthenticated: + previousDays: + - 6.84685269835264 + - 6.84685269835264 + currentDay: 1.4894159098541704 + lowPriority: + previousDays: + - 5.025004791520295 + - 5.025004791520295 + currentDay: 4.965218492984954 + largeSecondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + invocations: + unattended: + previousDays: + - 9 + - 9 + currentDay: 7 + secondary: + previousDays: + - 7 + - 7 + currentDay: 4 + highPriority: + previousDays: + - 5 + - 5 + currentDay: 1 + largePayload: + previousDays: + - 2 + - 2 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + lowPriority: + previousDays: + - 2 + - 2 + currentDay: 5 + largeSecondary: + previousDays: + - 1 + - 1 + currentDay: 1 + requestTime: requestTime + performance: + unattended: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + secondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + highPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + largePayload: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + unauthenticated: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + lowPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + aggregate: + previousDays: + - previousDays + - previousDays + currentDay: currentDay + largeSecondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + sessionCount: + previousDays: + - 2 + - 2 + currentDay: 1 + recipientCount: 1 + authorisations: + abandonedConsentFlowCount: + previousDays: + - 9 + - 9 + currentDay: 3 + newAuthorisationCount: + previousDays: + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + currentDay: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + abandonmentsByStage: + preAuthorisation: + previousDays: + - 3 + - 3 + currentDay: 3 + rejected: + previousDays: + - 5 + - 5 + currentDay: 9 + preAccountSelection: + previousDays: + - 7 + - 7 + currentDay: 8 + preIdentification: + previousDays: + - 0 + - 0 + currentDay: 8 + failedTokenExchange: + previousDays: + - 0 + - 0 + currentDay: 7 + preAuthentication: + previousDays: + - 5 + - 5 + currentDay: 5 + amendedAuthorisationCount: + previousDays: + - nonIndividual: 6 + individual: 8 + - nonIndividual: 6 + individual: 8 + currentDay: + nonIndividual: 1 + individual: 2 + activeAuthorisationCount: + nonIndividual: 0 + individual: 9 + expiredAuthorisationCount: + previousDays: + - nonIndividual: 1 + individual: 9 + - nonIndividual: 1 + individual: 9 + currentDay: + nonIndividual: 8 + individual: 4 + revokedAuthorisationCount: + previousDays: + - nonIndividual: 0 + individual: 3 + - nonIndividual: 0 + individual: 3 + currentDay: + nonIndividual: 4 + individual: 8 + errors: + authenticated: + previousDays: + - key: 5 + - key: 5 + currentDay: + key: 7 + unauthenticated: + previousDays: + - key: 3 + - key: 3 + currentDay: + key: 3 + aggregate: + previousDays: + - 7 + - 7 + currentDay: 8 + customerCount: 4 + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/ResponseMetricsListV5_data' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + AvailabilityMetricsV2: + description: Availability metrics + example: + authenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + unauthenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + aggregate: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + properties: + aggregate: + $ref: '#/components/schemas/AvailabilityMetricsV2_aggregate' + unauthenticated: + $ref: '#/components/schemas/AvailabilityMetricsV2_unauthenticated' + authenticated: + $ref: '#/components/schemas/AvailabilityMetricsV2_authenticated' + required: + - aggregate + - authenticated + - unauthenticated + type: object + PerformanceMetricsV3: + description: Percentage of calls within the performance thresholds in each performance + tier over time + example: + unattended: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + secondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + highPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + largePayload: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + unauthenticated: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + lowPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + aggregate: + previousDays: + - previousDays + - previousDays + currentDay: currentDay + largeSecondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + aggregate: + $ref: '#/components/schemas/PerformanceMetricsV3_aggregate' + highPriority: + $ref: '#/components/schemas/PerformanceMetricsV3_highPriority' + largePayload: + $ref: '#/components/schemas/PerformanceMetricsV3_largePayload' + lowPriority: + $ref: '#/components/schemas/PerformanceMetricsV3_lowPriority' + unattended: + $ref: '#/components/schemas/PerformanceMetricsV3_unattended' + unauthenticated: + $ref: '#/components/schemas/PerformanceMetricsV3_unauthenticated' + secondary: + $ref: '#/components/schemas/PerformanceMetricsV3_secondary' + largeSecondary: + $ref: '#/components/schemas/PerformanceMetricsV3_largeSecondary' + required: + - highPriority + - largePayload + - lowPriority + - unattended + - unauthenticated + type: object + x-conditional: + - secondary + - largeSecondary + InvocationMetricsV3: + description: Number of API calls in each performance tier over time + example: + unattended: + previousDays: + - 9 + - 9 + currentDay: 7 + secondary: + previousDays: + - 7 + - 7 + currentDay: 4 + highPriority: + previousDays: + - 5 + - 5 + currentDay: 1 + largePayload: + previousDays: + - 2 + - 2 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + lowPriority: + previousDays: + - 2 + - 2 + currentDay: 5 + largeSecondary: + previousDays: + - 1 + - 1 + currentDay: 1 + properties: + unauthenticated: + $ref: '#/components/schemas/InvocationMetricsV3_unauthenticated' + highPriority: + $ref: '#/components/schemas/InvocationMetricsV3_highPriority' + lowPriority: + $ref: '#/components/schemas/InvocationMetricsV3_lowPriority' + unattended: + $ref: '#/components/schemas/InvocationMetricsV3_unattended' + largePayload: + $ref: '#/components/schemas/InvocationMetricsV3_largePayload' + secondary: + $ref: '#/components/schemas/InvocationMetricsV3_secondary' + largeSecondary: + $ref: '#/components/schemas/InvocationMetricsV3_largeSecondary' + required: + - highPriority + - largePayload + - lowPriority + - unattended + - unauthenticated + type: object + x-conditional: + - secondary + - largeSecondary + AverageResponseMetricsV2: + description: Average response time in seconds, at millisecond resolution, within + each performance tier + example: + unattended: + previousDays: + - 9.369310271410669 + - 9.369310271410669 + currentDay: 9.965781217890562 + secondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + highPriority: + previousDays: + - 1.1730742509559433 + - 1.1730742509559433 + currentDay: 7.457744773683766 + largePayload: + previousDays: + - 8.762042012749001 + - 8.762042012749001 + currentDay: 6.683562403749608 + unauthenticated: + previousDays: + - 6.84685269835264 + - 6.84685269835264 + currentDay: 1.4894159098541704 + lowPriority: + previousDays: + - 5.025004791520295 + - 5.025004791520295 + currentDay: 4.965218492984954 + largeSecondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + properties: + unauthenticated: + $ref: '#/components/schemas/AverageResponseMetricsV2_unauthenticated' + highPriority: + $ref: '#/components/schemas/AverageResponseMetricsV2_highPriority' + lowPriority: + $ref: '#/components/schemas/AverageResponseMetricsV2_lowPriority' + unattended: + $ref: '#/components/schemas/AverageResponseMetricsV2_unattended' + largePayload: + $ref: '#/components/schemas/AverageResponseMetricsV2_largePayload' + secondary: + $ref: '#/components/schemas/AverageResponseMetricsV2_secondary' + largeSecondary: + $ref: '#/components/schemas/AverageResponseMetricsV2_largeSecondary' + required: + - highPriority + - largePayload + - lowPriority + - unattended + - unauthenticated + type: object + x-conditional: + - secondary + - largeSecondary + SessionCountMetricsV2: + description: Session counts over time. Note that a session is defined as the + provisioning of an Access Token. + example: + previousDays: + - 2 + - 2 + currentDay: 1 + properties: + currentDay: + description: Session count for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Session count for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageTPSMetricsV2: + description: Average transactions per second over time + example: + authenticated: + previousDays: + - 3.0937452626664474 + - 3.0937452626664474 + currentDay: 3.353193347011243 + unauthenticated: + previousDays: + - 6.704019297950036 + - 6.704019297950036 + currentDay: 5.944895607614016 + aggregate: + previousDays: + - 6.878052220127876 + - 6.878052220127876 + currentDay: 6.778324963048013 + properties: + aggregate: + $ref: '#/components/schemas/AverageTPSMetricsV2_aggregate' + unauthenticated: + $ref: '#/components/schemas/AverageTPSMetricsV2_unauthenticated' + authenticated: + $ref: '#/components/schemas/AverageTPSMetricsV2_authenticated' + required: + - aggregate + - authenticated + - unauthenticated + type: object + PeakTPSMetricsV2: + description: Peak transactions per second over time + example: + authenticated: + previousDays: + - 4.652396432933246 + - 4.652396432933246 + currentDay: 0.10263654006109402 + unauthenticated: + previousDays: + - 6.519180951018382 + - 6.519180951018382 + currentDay: 7.058770351582356 + aggregate: + previousDays: + - 0.8851374739011653 + - 0.8851374739011653 + currentDay: 7.143538047012306 + properties: + aggregate: + $ref: '#/components/schemas/PeakTPSMetricsV2_aggregate' + unauthenticated: + $ref: '#/components/schemas/PeakTPSMetricsV2_unauthenticated' + authenticated: + $ref: '#/components/schemas/PeakTPSMetricsV2_authenticated' + required: + - aggregate + - authenticated + - unauthenticated + type: object + ErrorMetricsV2: + description: Number of calls resulting in error due to server execution over + time + example: + authenticated: + previousDays: + - key: 5 + - key: 5 + currentDay: + key: 7 + unauthenticated: + previousDays: + - key: 3 + - key: 3 + currentDay: + key: 3 + aggregate: + previousDays: + - 7 + - 7 + currentDay: 8 + properties: + aggregate: + $ref: '#/components/schemas/ErrorMetricsV2_aggregate' + unauthenticated: + $ref: '#/components/schemas/ErrorMetricsV2_unauthenticated' + authenticated: + $ref: '#/components/schemas/ErrorMetricsV2_authenticated' + required: + - aggregate + - authenticated + - unauthenticated + type: object + RejectionMetricsV3: + description: Number of calls rejected due to traffic thresholds over time + example: + authenticated: + previousDays: + - 4 + - 4 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + properties: + authenticated: + $ref: '#/components/schemas/RejectionMetricsV3_authenticated' + unauthenticated: + $ref: '#/components/schemas/RejectionMetricsV3_unauthenticated' + required: + - authenticated + - unauthenticated + type: object + SecondaryHolderMetricsV2: + description: Errors and rejections received by the primary data holder from + the secondary data holder. Mandatory for data holders designated for a Shared + Responsibility Data Request data cluster + example: + rejections: + previousDays: + - 0 + - 0 + currentDay: 9 + errors: + previousDays: + - 7 + - 7 + currentDay: 4 + properties: + errors: + $ref: '#/components/schemas/SecondaryHolderMetricsV2_errors' + rejections: + $ref: '#/components/schemas/SecondaryHolderMetricsV2_rejections' + required: + - errors + - rejections + type: object + AuthorisationMetricsV2: + description: Authorisation counts for the data holder + example: + abandonedConsentFlowCount: + previousDays: + - 9 + - 9 + currentDay: 3 + newAuthorisationCount: + previousDays: + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + currentDay: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + abandonmentsByStage: + preAuthorisation: + previousDays: + - 3 + - 3 + currentDay: 3 + rejected: + previousDays: + - 5 + - 5 + currentDay: 9 + preAccountSelection: + previousDays: + - 7 + - 7 + currentDay: 8 + preIdentification: + previousDays: + - 0 + - 0 + currentDay: 8 + failedTokenExchange: + previousDays: + - 0 + - 0 + currentDay: 7 + preAuthentication: + previousDays: + - 5 + - 5 + currentDay: 5 + amendedAuthorisationCount: + previousDays: + - nonIndividual: 6 + individual: 8 + - nonIndividual: 6 + individual: 8 + currentDay: + nonIndividual: 1 + individual: 2 + activeAuthorisationCount: + nonIndividual: 0 + individual: 9 + expiredAuthorisationCount: + previousDays: + - nonIndividual: 1 + individual: 9 + - nonIndividual: 1 + individual: 9 + currentDay: + nonIndividual: 8 + individual: 4 + revokedAuthorisationCount: + previousDays: + - nonIndividual: 0 + individual: 3 + - nonIndividual: 0 + individual: 3 + currentDay: + nonIndividual: 4 + individual: 8 + properties: + activeAuthorisationCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_activeAuthorisationCount' + newAuthorisationCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount' + revokedAuthorisationCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_revokedAuthorisationCount' + amendedAuthorisationCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_amendedAuthorisationCount' + expiredAuthorisationCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_expiredAuthorisationCount' + abandonedConsentFlowCount: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonedConsentFlowCount' + abandonmentsByStage: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage' + required: + - abandonedConsentFlowCount + - abandonmentsByStage + - activeAuthorisationCount + - amendedAuthorisationCount + - expiredAuthorisationCount + - newAuthorisationCount + - revokedAuthorisationCount + type: object + Links: + example: + self: self + properties: + self: + description: Fully qualified link to this API call + type: string + x-cds-type: URIString + required: + - self + type: object + Meta: + type: object + MetaError: + description: Additional data for customised error codes + properties: + urn: + description: The CDR error code URN which the application-specific error + code extends. Mandatory if the error `code` is an application-specific + error rather than a standardised error code. + type: string + type: object + x-conditional: + - urn + ResponseErrorListV2: + properties: + errors: + items: + $ref: '#/components/schemas/ResponseErrorListV2_errors' + type: array + required: + - errors + type: object + x-conditional: + - meta + RequestMetaDataUpdate_data: + example: + action: REFRESH + properties: + action: + default: REFRESH + description: The action to take for the meta data. At the moment the only + option is REFRESH which requires the data holder to call the ACCC to refresh + meta data as soon as practicable + enum: + - REFRESH + type: string + required: + - action + type: object + ResponseMetricsListV5_data: + example: + rejections: + authenticated: + previousDays: + - 4 + - 4 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + peakTps: + authenticated: + previousDays: + - 4.652396432933246 + - 4.652396432933246 + currentDay: 0.10263654006109402 + unauthenticated: + previousDays: + - 6.519180951018382 + - 6.519180951018382 + currentDay: 7.058770351582356 + aggregate: + previousDays: + - 0.8851374739011653 + - 0.8851374739011653 + currentDay: 7.143538047012306 + averageTps: + authenticated: + previousDays: + - 3.0937452626664474 + - 3.0937452626664474 + currentDay: 3.353193347011243 + unauthenticated: + previousDays: + - 6.704019297950036 + - 6.704019297950036 + currentDay: 5.944895607614016 + aggregate: + previousDays: + - 6.878052220127876 + - 6.878052220127876 + currentDay: 6.778324963048013 + secondaryHolder: + rejections: + previousDays: + - 0 + - 0 + currentDay: 9 + errors: + previousDays: + - 7 + - 7 + currentDay: 4 + availability: + authenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + unauthenticated: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + aggregate: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + averageResponse: + unattended: + previousDays: + - 9.369310271410669 + - 9.369310271410669 + currentDay: 9.965781217890562 + secondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + highPriority: + previousDays: + - 1.1730742509559433 + - 1.1730742509559433 + currentDay: 7.457744773683766 + largePayload: + previousDays: + - 8.762042012749001 + - 8.762042012749001 + currentDay: 6.683562403749608 + unauthenticated: + previousDays: + - 6.84685269835264 + - 6.84685269835264 + currentDay: 1.4894159098541704 + lowPriority: + previousDays: + - 5.025004791520295 + - 5.025004791520295 + currentDay: 4.965218492984954 + largeSecondary: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + invocations: + unattended: + previousDays: + - 9 + - 9 + currentDay: 7 + secondary: + previousDays: + - 7 + - 7 + currentDay: 4 + highPriority: + previousDays: + - 5 + - 5 + currentDay: 1 + largePayload: + previousDays: + - 2 + - 2 + currentDay: 3 + unauthenticated: + previousDays: + - 6 + - 6 + currentDay: 0 + lowPriority: + previousDays: + - 2 + - 2 + currentDay: 5 + largeSecondary: + previousDays: + - 1 + - 1 + currentDay: 1 + requestTime: requestTime + performance: + unattended: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + secondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + highPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + largePayload: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + unauthenticated: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + lowPriority: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + aggregate: + previousDays: + - previousDays + - previousDays + currentDay: currentDay + largeSecondary: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + sessionCount: + previousDays: + - 2 + - 2 + currentDay: 1 + recipientCount: 1 + authorisations: + abandonedConsentFlowCount: + previousDays: + - 9 + - 9 + currentDay: 3 + newAuthorisationCount: + previousDays: + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + currentDay: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + abandonmentsByStage: + preAuthorisation: + previousDays: + - 3 + - 3 + currentDay: 3 + rejected: + previousDays: + - 5 + - 5 + currentDay: 9 + preAccountSelection: + previousDays: + - 7 + - 7 + currentDay: 8 + preIdentification: + previousDays: + - 0 + - 0 + currentDay: 8 + failedTokenExchange: + previousDays: + - 0 + - 0 + currentDay: 7 + preAuthentication: + previousDays: + - 5 + - 5 + currentDay: 5 + amendedAuthorisationCount: + previousDays: + - nonIndividual: 6 + individual: 8 + - nonIndividual: 6 + individual: 8 + currentDay: + nonIndividual: 1 + individual: 2 + activeAuthorisationCount: + nonIndividual: 0 + individual: 9 + expiredAuthorisationCount: + previousDays: + - nonIndividual: 1 + individual: 9 + - nonIndividual: 1 + individual: 9 + currentDay: + nonIndividual: 8 + individual: 4 + revokedAuthorisationCount: + previousDays: + - nonIndividual: 0 + individual: 3 + - nonIndividual: 0 + individual: 3 + currentDay: + nonIndividual: 4 + individual: 8 + errors: + authenticated: + previousDays: + - key: 5 + - key: 5 + currentDay: + key: 7 + unauthenticated: + previousDays: + - key: 3 + - key: 3 + currentDay: + key: 3 + aggregate: + previousDays: + - 7 + - 7 + currentDay: 8 + customerCount: 4 + properties: + requestTime: + description: The date and time that the metrics in this payload were requested. + type: string + x-cds-type: DateTimeString + availability: + $ref: '#/components/schemas/AvailabilityMetricsV2' + performance: + $ref: '#/components/schemas/PerformanceMetricsV3' + invocations: + $ref: '#/components/schemas/InvocationMetricsV3' + averageResponse: + $ref: '#/components/schemas/AverageResponseMetricsV2' + sessionCount: + $ref: '#/components/schemas/SessionCountMetricsV2' + averageTps: + $ref: '#/components/schemas/AverageTPSMetricsV2' + peakTps: + $ref: '#/components/schemas/PeakTPSMetricsV2' + errors: + $ref: '#/components/schemas/ErrorMetricsV2' + rejections: + $ref: '#/components/schemas/RejectionMetricsV3' + customerCount: + description: Number of customers with active authorisations at the time + of the call + type: integer + x-cds-type: NaturalNumber + recipientCount: + description: Number of Data Recipient Software Products with active authorisations + at the time of the call + type: integer + x-cds-type: NaturalNumber + secondaryHolder: + $ref: '#/components/schemas/SecondaryHolderMetricsV2' + authorisations: + $ref: '#/components/schemas/AuthorisationMetricsV2' + required: + - authorisations + - availability + - averageResponse + - averageTps + - customerCount + - errors + - invocations + - peakTps + - performance + - recipientCount + - rejections + - requestTime + - sessionCount + type: object + x-conditional: + - secondaryHolder + AvailabilityMetricsV2_aggregate: + description: Aggregated availability metrics + example: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + properties: + currentMonth: + description: Percentage availability of the CDR platform so far for the + current calendar month. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + previousMonths: + description: Percentage availability of the CDR platform for previous calendar + months. The first element indicates the last month and so on. A maximum + of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%. + Values must be a positive or zero + items: + type: string + x-cds-type: RateString + type: array + type: object + x-conditional: + - currentMonth + - previousMonths + AvailabilityMetricsV2_unauthenticated: + description: Availability metrics for the unauthenticated aspects of the CDR + regime + example: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + properties: + currentMonth: + description: Percentage availability of the CDR platform so far for the + current calendar month. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + previousMonths: + description: Percentage availability of the CDR platform for previous calendar + months. The first element indicates the last month and so on. A maximum + of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%. + Values must be a positive or zero + items: + type: string + x-cds-type: RateString + type: array + type: object + x-conditional: + - currentMonth + - previousMonths + AvailabilityMetricsV2_authenticated: + description: Availability metrics for the authenticated aspects of the CDR regime + example: + previousMonths: + - previousMonths + - previousMonths + currentMonth: currentMonth + properties: + currentMonth: + description: Percentage availability of the CDR platform so far for the + current calendar month. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + previousMonths: + description: Percentage availability of the CDR platform for previous calendar + months. The first element indicates the last month and so on. A maximum + of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%. + Values must be a positive or zero + items: + type: string + x-cds-type: RateString + type: array + type: object + x-conditional: + - currentMonth + - previousMonths + PerformanceMetricsV3_aggregate: + description: Percentage of calls within Primary Data Holder performance thresholds. + Note that Secondary Data Holder performance MUST be excluded from this + metric. + example: + previousDays: + - previousDays + - previousDays + currentDay: currentDay + properties: + currentDay: + description: Percentage of calls within the performance threshold for the + current day. 0.0 means 0%. 1.0 means 100%. Must be a positive value or + zero + type: string + x-cds-type: RateString + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + type: string + x-cds-type: RateString + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_highPriority: + description: Percentage of high priority calls within the performance thresholds + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_largePayload: + description: Percentage of large payload calls within the performance thresholds + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_lowPriority: + description: Percentage of low priority calls within the performance thresholds + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_unattended: + description: Percentage of unattended calls within the performance thresholds + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_unauthenticated: + description: Percentage of unauthenticated calls within the performance thresholds + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_secondary_primary: + description: Percentage of Shared Responsibility calls within the performance + thresholds for the primary data holder + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_secondary_secondary: + description: Percentage of Shared Responsibility calls within the performance + thresholds for the secondary data holder + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_secondary: + description: Percentage of Shared Responsibility calls within the performance + thresholds. Mandatory for data holders designated for a Shared Responsibility + Data Request data cluster + example: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + primary: + $ref: '#/components/schemas/PerformanceMetricsV3_secondary_primary' + secondary: + $ref: '#/components/schemas/PerformanceMetricsV3_secondary_secondary' + required: + - primary + - secondary + type: object + PerformanceMetricsV3_largeSecondary_primary: + description: Percentage of large Shared Responsibility calls within the performance + thresholds for the secondary data holder + example: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + currentDay: + description: Array of contiguous hourly metrics for the current day. Each + element represents a 1 hour period starting from 12am-1am. Timezone for + determining 12am must be consistent but is at the discretion of the Data + Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + previousDays: + description: Percentage of calls within the performance threshold for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available. 0.0 means 0%. 1.0 means 100%. Values + must be a positive or zero + items: + description: Array of contiguous hourly metrics for the specified day. Each + element represents a 1 hour period starting from 12am-1am. Timezone + for determining 12am must be consistent but is at the discretion of + the Data Holder + items: + description: Percentage of calls within the performance threshold for + the specified hour. 0.0 means 0%. 1.0 means 100%. Must be a positive + value or zero + type: string + x-cds-type: RateString + type: array + type: array + type: object + x-conditional: + - currentDay + - previousDays + PerformanceMetricsV3_largeSecondary: + description: Percentage of large Shared Responsibility calls within the performance + thresholds. Mandatory for data holders designated for a Shared Responsibility + Data Request data cluster + example: + secondary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + primary: + previousDays: + - - previousDays + - previousDays + - - previousDays + - previousDays + currentDay: + - currentDay + - currentDay + properties: + primary: + $ref: '#/components/schemas/PerformanceMetricsV3_largeSecondary_primary' + secondary: + $ref: '#/components/schemas/PerformanceMetricsV3_largeSecondary_primary' + required: + - primary + - secondary + type: object + InvocationMetricsV3_unauthenticated: + description: API call counts for the unauthenticated tier + example: + previousDays: + - 6 + - 6 + currentDay: 0 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_highPriority: + description: API call counts for the high priority tier + example: + previousDays: + - 5 + - 5 + currentDay: 1 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_lowPriority: + description: API call counts for the low priority tier + example: + previousDays: + - 2 + - 2 + currentDay: 5 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_unattended: + description: API call counts for the unattended tier + example: + previousDays: + - 9 + - 9 + currentDay: 7 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_largePayload: + description: API call counts for the large payload tier + example: + previousDays: + - 2 + - 2 + currentDay: 3 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_secondary: + description: API call counts for the Shared Responsibility Data Requests tier. Mandatory + for data holders designated for a Shared Responsibility Data Request data + cluster + example: + previousDays: + - 7 + - 7 + currentDay: 4 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + InvocationMetricsV3_largeSecondary: + description: API call counts for the large Shared Responsibility Data Requests + tier. Mandatory for data holders designated for a Shared Responsibility Data + Request data cluster + example: + previousDays: + - 1 + - 1 + currentDay: 1 + properties: + currentDay: + description: API call counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: API call counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_unauthenticated: + description: Average response time for the unauthenticated tier + example: + previousDays: + - 6.84685269835264 + - 6.84685269835264 + currentDay: 1.4894159098541704 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_highPriority: + description: Average response time for the high priority tier + example: + previousDays: + - 1.1730742509559433 + - 1.1730742509559433 + currentDay: 7.457744773683766 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_lowPriority: + description: Average response time for the low priority tier + example: + previousDays: + - 5.025004791520295 + - 5.025004791520295 + currentDay: 4.965218492984954 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_unattended: + description: Average response time for the unattended tier + example: + previousDays: + - 9.369310271410669 + - 9.369310271410669 + currentDay: 9.965781217890562 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_largePayload: + description: Average response time for the large payload tier + example: + previousDays: + - 8.762042012749001 + - 8.762042012749001 + currentDay: 6.683562403749608 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_secondary_primary: + description: Average response time as measured for the primary data holder + example: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_secondary_secondary: + description: Average response time as measured for the secondary data holder + example: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + properties: + currentDay: + description: Average response time for current day + type: number + previousDays: + description: Average response time for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageResponseMetricsV2_secondary: + description: Average response time for the secondary tier. Mandatory for data + holders designated for a Shared Responsibility Data Request data cluster + example: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + properties: + primary: + $ref: '#/components/schemas/AverageResponseMetricsV2_secondary_primary' + secondary: + $ref: '#/components/schemas/AverageResponseMetricsV2_secondary_secondary' + required: + - primary + - secondary + type: object + AverageResponseMetricsV2_largeSecondary: + description: Average response time for the large payload tier. Mandatory for + data holders designated for a Shared Responsibility Data Request data cluster + example: + secondary: + previousDays: + - 6.965117697638846 + - 6.965117697638846 + currentDay: 3.5571952270680973 + primary: + previousDays: + - 6.438423552598547 + - 6.438423552598547 + currentDay: 9.018348186070783 + properties: + primary: + $ref: '#/components/schemas/AverageResponseMetricsV2_secondary_primary' + secondary: + $ref: '#/components/schemas/AverageResponseMetricsV2_secondary_secondary' + required: + - primary + - secondary + type: object + AverageTPSMetricsV2_aggregate: + description: Aggregate average transactions per second over time for all endpoints + example: + previousDays: + - 6.878052220127876 + - 6.878052220127876 + currentDay: 6.778324963048013 + properties: + currentDay: + description: Average TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Average TPS for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available. + Values must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageTPSMetricsV2_unauthenticated: + description: Average transactions per second over time for unauthenticated endpoints + example: + previousDays: + - 6.704019297950036 + - 6.704019297950036 + currentDay: 5.944895607614016 + properties: + currentDay: + description: Average TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Average TPS for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available. + Values must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + AverageTPSMetricsV2_authenticated: + description: Average transactions per second over time for authenticated endpoints + example: + previousDays: + - 3.0937452626664474 + - 3.0937452626664474 + currentDay: 3.353193347011243 + properties: + currentDay: + description: Average TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Average TPS for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available. + Values must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + PeakTPSMetricsV2_aggregate: + description: Aggregate peak transactions per second over time for all endpoints + example: + previousDays: + - 0.8851374739011653 + - 0.8851374739011653 + currentDay: 7.143538047012306 + properties: + currentDay: + description: Peak TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Peak TPS for previous days. The first element indicates yesterday + and so on. A maximum of seven entries is required if available. Values + must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + PeakTPSMetricsV2_unauthenticated: + description: Peak transactions per second over time for unauthenticated endpoints + example: + previousDays: + - 6.519180951018382 + - 6.519180951018382 + currentDay: 7.058770351582356 + properties: + currentDay: + description: Peak TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Peak TPS for previous days. The first element indicates yesterday + and so on. A maximum of seven entries is required if available. Values + must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + PeakTPSMetricsV2_authenticated: + description: Peak transactions per second over time for authenticated endpoints + example: + previousDays: + - 4.652396432933246 + - 4.652396432933246 + currentDay: 0.10263654006109402 + properties: + currentDay: + description: Peak TPS for current day. Must be a positive value or zero + type: number + previousDays: + description: Peak TPS for previous days. The first element indicates yesterday + and so on. A maximum of seven entries is required if available. Values + must be a positive or zero + items: + type: number + type: array + type: object + x-conditional: + - currentDay + - previousDays + ErrorMetricsV2_aggregate: + description: Aggregate number of calls resulting in error due to server execution + over time for all endpoints + example: + previousDays: + - 7 + - 7 + currentDay: 8 + properties: + currentDay: + description: Error counts for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Error counts for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + ErrorMetricsV2_unauthenticated: + description: Number of calls resulting in error due to server execution over + time for unauthenticated endpoints + example: + previousDays: + - key: 3 + - key: 3 + currentDay: + key: 3 + properties: + currentDay: + additionalProperties: + description: Number of errors for a specific HTTP error code. Note that + the property name must be 3 digits represent the HTTP error code the + error is for + type: integer + x-cds-type: NaturalNumber + description: Error counts, by HTTP error code, for current day + properties: + "500": + description: Number of errors for HTTP error code 500. Note that this + field is an example of a single entry due to the lack of OAS support + for the JSON Schema `patternProperties` syntax. See the `additionalProperties` + field in this schema for the generic property structure for error + code counts + type: integer + x-cds-type: NaturalNumber + type: object + previousDays: + description: Error counts, by HTTP error code, for previous days. The first + element indicates yesterday and so on. A maximum of seven entries is required + if available + items: + additionalProperties: + description: Number of errors for a specific HTTP error code. Note + that the property name must be 3 digits represent the HTTP error code + the error is for + type: integer + x-cds-type: NaturalNumber + properties: + "500": + description: Number of errors for HTTP error code 500. Note that + this field is an example of a single entry due to the lack of OAS + support JSON Schema `patternProperties` syntax. See the `additionalProperties` + field in this schema for the generic property structure for error + code counts + type: integer + x-cds-type: NaturalNumber + type: object + type: array + type: object + x-conditional: + - currentDay + - previousDays + ErrorMetricsV2_authenticated: + description: Number of calls resulting in error due to server execution over + time for authenticated endpoints + example: + previousDays: + - key: 5 + - key: 5 + currentDay: + key: 7 + properties: + currentDay: + additionalProperties: + description: Number of errors for a specific HTTP error code. Note that + the property name must be 3 digits represent the HTTP error code the + error is for + type: integer + x-cds-type: NaturalNumber + description: Error counts, by HTTP error code, for current day + properties: + "500": + description: Number of errors for HTTP error code 500. Note that this + field is an example of a single entry due to the lack of OAS support + for the JSON Schema `patternProperties` syntax. See the `additionalProperties` + field in this schema for the generic property structure for error + code counts + type: integer + x-cds-type: NaturalNumber + type: object + previousDays: + description: Error counts, by HTTP error code, for previous days. The first + element indicates yesterday and so on. A maximum of seven entries is required + if available + items: + additionalProperties: + description: Number of errors for a specific HTTP error code. Note + that the property name must be 3 digits represent the HTTP error code + the error is for + type: integer + x-cds-type: NaturalNumber + properties: + "500": + description: Number of errors for HTTP error code 500. Note that + this field is an example of a single entry due to the lack of OAS + support JSON Schema `patternProperties` syntax. See the `additionalProperties` + field in this schema for the generic property structure for error + code counts + type: integer + x-cds-type: NaturalNumber + type: object + type: array + type: object + x-conditional: + - currentDay + - previousDays + RejectionMetricsV3_authenticated: + description: Rejection counts for all authenticated end points + example: + previousDays: + - 4 + - 4 + currentDay: 3 + properties: + currentDay: + description: Number of calls rejected for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of calls rejected for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + RejectionMetricsV3_unauthenticated: + description: Rejection counts for all unauthenticated end points + example: + previousDays: + - 6 + - 6 + currentDay: 0 + properties: + currentDay: + description: Number of calls rejected for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of calls rejected for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available. + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + SecondaryHolderMetricsV2_errors: + description: Number of calls resulting in error due to server execution over + time + example: + previousDays: + - 7 + - 7 + currentDay: 4 + properties: + currentDay: + description: Number of errors for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of errors for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + SecondaryHolderMetricsV2_rejections: + description: Number of calls rejected due to traffic thresholds over time + example: + previousDays: + - 0 + - 0 + currentDay: 9 + properties: + currentDay: + description: Number of rejections for current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of rejections for previous days. The first element indicates + yesterday and so on. A maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_activeAuthorisationCount: + description: The number of active ongoing authorisations + example: + nonIndividual: 0 + individual: 9 + properties: + individual: + description: Active ongoing authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Active ongoing authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_newAuthorisationCount_currentDay_onceOff: + description: New authorisation count for once-off authorisations + example: + nonIndividual: 5 + individual: 7 + properties: + individual: + description: New authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: New authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_newAuthorisationCount_currentDay_ongoing: + description: New authorisation count for ongoing authorisations + example: + nonIndividual: 6 + individual: 4 + properties: + individual: + description: New authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: New authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_newAuthorisationCount_currentDay: + description: Number of new authorisations for the current day + example: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + properties: + onceOff: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_currentDay_onceOff' + ongoing: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_currentDay_ongoing' + required: + - onceOff + - ongoing + type: object + AuthorisationMetricsV2_newAuthorisationCount_previousDays: + example: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + properties: + onceOff: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_currentDay_onceOff' + ongoing: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_currentDay_ongoing' + required: + - onceOff + - ongoing + type: object + AuthorisationMetricsV2_newAuthorisationCount: + description: The number of new authorisations + example: + previousDays: + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + - ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + currentDay: + ongoing: + nonIndividual: 6 + individual: 4 + onceOff: + nonIndividual: 5 + individual: 7 + properties: + currentDay: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_currentDay' + previousDays: + description: Number of new authorisations for previous days. The first element + indicates yesterday and so on. A maximum of seven entries is required + if available + items: + $ref: '#/components/schemas/AuthorisationMetricsV2_newAuthorisationCount_previousDays' + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_revokedAuthorisationCount_currentDay: + description: Number of revoked authorisations for the current day + example: + nonIndividual: 4 + individual: 8 + properties: + individual: + description: Revoked authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Revoked authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_revokedAuthorisationCount_previousDays: + example: + nonIndividual: 0 + individual: 3 + properties: + individual: + description: Revoked authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Revoked authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_revokedAuthorisationCount: + description: The number of revoked authorisations + example: + previousDays: + - nonIndividual: 0 + individual: 3 + - nonIndividual: 0 + individual: 3 + currentDay: + nonIndividual: 4 + individual: 8 + properties: + currentDay: + $ref: '#/components/schemas/AuthorisationMetricsV2_revokedAuthorisationCount_currentDay' + previousDays: + description: Number of revoked authorisations for previous days. The first + element indicates yesterday and so on. A maximum of seven entries is required + if available + items: + $ref: '#/components/schemas/AuthorisationMetricsV2_revokedAuthorisationCount_previousDays' + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_amendedAuthorisationCount_currentDay: + description: Number of amended authorisations for the current day + example: + nonIndividual: 1 + individual: 2 + properties: + individual: + description: Amended authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Amended authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_amendedAuthorisationCount_previousDays: + example: + nonIndividual: 6 + individual: 8 + properties: + individual: + description: Amended authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Amended authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_amendedAuthorisationCount: + description: The number of amended ongoing authorisations + example: + previousDays: + - nonIndividual: 6 + individual: 8 + - nonIndividual: 6 + individual: 8 + currentDay: + nonIndividual: 1 + individual: 2 + properties: + currentDay: + $ref: '#/components/schemas/AuthorisationMetricsV2_amendedAuthorisationCount_currentDay' + previousDays: + description: Number of amended authorisations for previous days. The first + element indicates yesterday and so on. A maximum of seven entries is required + if available + items: + $ref: '#/components/schemas/AuthorisationMetricsV2_amendedAuthorisationCount_previousDays' + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_expiredAuthorisationCount_currentDay: + description: Number of expired authorisations for the current day + example: + nonIndividual: 8 + individual: 4 + properties: + individual: + description: Expired authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Expired authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_expiredAuthorisationCount_previousDays: + example: + nonIndividual: 1 + individual: 9 + properties: + individual: + description: Expired authorisation count for individual customers + type: integer + x-cds-type: NaturalNumber + nonIndividual: + description: Expired authorisation count for non-individual customers + type: integer + x-cds-type: NaturalNumber + required: + - individual + - nonIndividual + type: object + AuthorisationMetricsV2_expiredAuthorisationCount: + description: The number of expired ongoing authorisations + example: + previousDays: + - nonIndividual: 1 + individual: 9 + - nonIndividual: 1 + individual: 9 + currentDay: + nonIndividual: 8 + individual: 4 + properties: + currentDay: + $ref: '#/components/schemas/AuthorisationMetricsV2_expiredAuthorisationCount_currentDay' + previousDays: + description: Number of expired authorisations for previous days. The first + element indicates yesterday and so on. A maximum of seven entries is required + if available + items: + $ref: '#/components/schemas/AuthorisationMetricsV2_expiredAuthorisationCount_previousDays' + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonedConsentFlowCount: + description: The number of consents flows that were not successfully authorised + example: + previousDays: + - 9 + - 9 + currentDay: 3 + properties: + currentDay: + description: Number of consents flows that were not successfully authorised + for the current day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of consents flows that were not successfully authorised + for previous days. The first element indicates yesterday and so on. A + maximum of seven entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_preIdentification: + description: The number of authorisations that commenced with the data holder + but the customer did not successfully identify their profile or user ID + example: + previousDays: + - 0 + - 0 + currentDay: 8 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_preAuthentication: + description: The number of authorisations where the customer identified themselves + (ie. they successfully identify the customer profile to use for the authorisation) + but failed to provide a valid OTP or equivalent + example: + previousDays: + - 5 + - 5 + currentDay: 5 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_preAccountSelection: + description: The number of authorisations where the customer successfully authenticated + with a valid OTP or equivalent but abandoned the process before selecting + accounts + example: + previousDays: + - 7 + - 7 + currentDay: 8 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_preAuthorisation: + description: The number of authorisations where the customer has passed the + account selection step but abandoned the process before approving or rejecting + the consent being requested + example: + previousDays: + - 3 + - 3 + currentDay: 3 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_rejected: + description: The number of authorisations where the customer actively rejected + the authorisation rather than abandoning the process + example: + previousDays: + - 5 + - 5 + currentDay: 9 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage_failedTokenExchange: + description: The number of authorisations that completed the interactive flow + with the consumer authorising the consent, but the ADR failed to - or was + unable to - obtain a refresh or access token using the authorisation code + example: + previousDays: + - 0 + - 0 + currentDay: 7 + properties: + currentDay: + description: Number of abandoned consent flows for this stage for the current + day + type: integer + x-cds-type: NaturalNumber + previousDays: + description: Number of abandoned consent flows for this stage for previous + days. The first element indicates yesterday and so on. A maximum of seven + entries is required if available + items: + type: integer + x-cds-type: NaturalNumber + type: array + type: object + x-conditional: + - currentDay + - previousDays + AuthorisationMetricsV2_abandonmentsByStage: + description: Customer abandonment count per stage of the consent flow. Note + that the aggregated abandonment count for all stages for a period should equal + the count in `abandonedConsentFlowCount` for the same period (ie. each abandoned + consent should assigned to one, and only one, stage) + example: + preAuthorisation: + previousDays: + - 3 + - 3 + currentDay: 3 + rejected: + previousDays: + - 5 + - 5 + currentDay: 9 + preAccountSelection: + previousDays: + - 7 + - 7 + currentDay: 8 + preIdentification: + previousDays: + - 0 + - 0 + currentDay: 8 + failedTokenExchange: + previousDays: + - 0 + - 0 + currentDay: 7 + preAuthentication: + previousDays: + - 5 + - 5 + currentDay: 5 + properties: + preIdentification: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_preIdentification' + preAuthentication: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_preAuthentication' + preAccountSelection: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_preAccountSelection' + preAuthorisation: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_preAuthorisation' + rejected: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_rejected' + failedTokenExchange: + $ref: '#/components/schemas/AuthorisationMetricsV2_abandonmentsByStage_failedTokenExchange' + required: + - failedTokenExchange + - preAccountSelection + - preAuthentication + - preAuthorisation + - preIdentification + - rejected + type: object + ResponseErrorListV2_errors: + properties: + code: + description: The code of the error encountered. Where the error is specific + to the respondent, an application-specific error code, expressed as a + string value. If the error is application-specific, the URN code that + the specific error extends must be provided in the meta object. Otherwise, + the value is the error code URN. + type: string + title: + description: A short, human-readable summary of the problem that MUST NOT + change from occurrence to occurrence of the problem represented by the + error code. + type: string + detail: + description: A human-readable explanation specific to this occurrence of + the problem. + type: string + meta: + $ref: '#/components/schemas/MetaError' + required: + - code + - detail + - title + type: object +x-wso2-auth-header: "Authorization" +x-wso2-cors: + corsConfigurationEnabled: false + accessControlAllowOrigins: + - "*" + accessControlAllowCredentials: false + accessControlAllowHeaders: + - "authorization" + - "Access-Control-Allow-Origin" + - "Content-Type" + - "SOAPAction" + - "apikey" + accessControlAllowMethods: + - "GET" + - "PUT" + - "POST" + - "DELETE" + - "PATCH" + - "OPTIONS" +x-wso2-production-endpoints: "#/x-wso2-endpoints/productionEndpoint" +x-wso2-sandbox-endpoints: "#/x-wso2-endpoints/sandboxEndpoint" +x-wso2-endpoints: + - productionEndpoint: + urls: + - "https://localhost:9443/api/openbanking/cds-admin-api/au100" + - sandboxEndpoint: + urls: + - "https://localhost:9443/api/openbanking/cds-admin-api/au100" +x-wso2-basePath: "/cds-au/v1/admin" +x-wso2-request-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +x-wso2-response-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +x-wso2-transports: + - "http" + - "https" +x-wso2-response-cache: + enabled: false + cacheTimeoutInSeconds: 300 diff --git a/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/README.md b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/README.md new file mode 100644 index 000000000..f986d392b --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/README.md @@ -0,0 +1,8 @@ +## Consumer Data Standards API - v1.25.0

+# Contains the OpenAPI definition for the Consumer Data Standards API and Consumer Data Standards Common API +1. **Configure the following endpoint URL**
+>Endpoint URL
--------------------
+Production- https://localhost:9443/api/openbanking/cds/backend/services +Sandbox- https://localhost:9443/api/openbanking/cds/backend/services +2. **Configure the following context**
+> Context : /cds-au/{version}
diff --git a/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/cds-api-insequence-1.25.0.xml b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/cds-api-insequence-1.25.0.xml new file mode 100644 index 000000000..9f1b62dad --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/cds-api-insequence-1.25.0.xml @@ -0,0 +1,29 @@ + + + + + + + +
+ + + + diff --git a/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/consumer-data-standards-1.25.0.yaml b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/consumer-data-standards-1.25.0.yaml new file mode 100644 index 000000000..69623719b --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/CDSBanking/1.25.0/consumer-data-standards-1.25.0.yaml @@ -0,0 +1,9059 @@ +openapi: 3.0.3 +info: + contact: + email: contact@consumerdatastandards.gov.au + name: Consumer Data Standards + url: https://consumerdatastandards.gov.au + description: Consumer Data Standards APIs created by the Data Standards Body (DSB), + with the Data Standards Chair as the decision maker to meet the needs of the Consumer + Data Right + license: + name: MIT License + url: https://opensource.org/licenses/MIT + title: ConsumerDataStandards + version: v1 #CDS v1.25.0 +servers: + - url: https://data.holder.com.au/cds-au/{version} +x-wso2-request-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +x-wso2-response-interceptor: java:com.wso2.finance.open.banking.mg.interceptor.OpenBankingInterceptor +paths: + /banking/accounts: + get: + description: |- + Obtain a list of accounts. + + Obsolete versions: [v1](includes/obsolete/get-accounts-v1.html) + operationId: listAccounts + parameters: + - description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. + If absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + - description: Used to filter results according to open/closed status. Values + can be OPEN, CLOSED or ALL. If absent then ALL is assumed + explode: true + in: query + name: open-status + required: false + schema: + default: ALL + enum: + - ALL + - CLOSED + - OPEN + type: string + style: form + - description: Filters accounts based on whether they are owned by the authorised + customer. True for owned accounts, false for unowned accounts and absent + for all accounts + explode: true + in: query + name: is-owned + required: false + schema: + type: boolean + x-cds-type: Boolean + style: form + x-cds-type: Boolean + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingAccountListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Accounts + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:accounts.basic:read" + - default: + - "bank:accounts.basic:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/balances: + get: + description: Obtain balances for multiple, filtered accounts + operationId: listBalancesBulk + parameters: + - description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. + If absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + - description: Used to filter results according to open/closed status. Values + can be OPEN, CLOSED or ALL. If absent then ALL is assumed + explode: true + in: query + name: open-status + required: false + schema: + default: ALL + enum: + - ALL + - CLOSED + - OPEN + type: string + style: form + - description: Filters accounts based on whether they are owned by the authorised + customer. True for owned accounts, false for unowned accounts and absent + for all accounts + explode: true + in: query + name: is-owned + required: false + schema: + type: boolean + x-cds-type: Boolean + style: form + x-cds-type: Boolean + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingAccountsBalanceList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Bulk Balances + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:accounts.basic:read" + - default: + - "bank:accounts.basic:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + post: + description: Obtain balances for a specified list of accounts + operationId: listBalancesSpecificAccounts + parameters: + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RequestAccountIds' + description: The list of account IDs to obtain balances for + required: true + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingAccountsBalanceList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
  • [422 - Unavailable + Banking Account](#error-422-authorisation-unavailable-banking-account)
  • [422 + - Invalid Banking Account](#error-422-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Balances For Specific Accounts + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:accounts.basic:read" + - default: + - "bank:accounts.basic:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + x-codegen-request-body-name: accountIds + /banking/accounts/{accountId}/balance: + get: + description: Obtain the balance for a single specified account + operationId: getBalance + parameters: + - description: ID of the specific account requested + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingAccountsBalanceById' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Account Balance + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:accounts.detail:read" + - default: + - "bank:accounts.detail:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/{accountId}: + get: + description: |- + Obtain detailed information on a single account. + + Obsolete versions: [v1](includes/obsolete/get-account-detail-v1.html), [v2](includes/obsolete/get-account-detail-v2.html) + operationId: getAccountDetail + parameters: + - description: A tokenised identifier for the account which is unique but not + shareable + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingAccountByIdV3' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Account Detail + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:accounts.detail:read" + - default: + - "bank:accounts.detail:read" + x-version: "3" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/{accountId}/transactions: + get: + description: |- + Obtain transactions for a specific account. + + Some general notes that apply to all end points that retrieve transactions: + + - Where multiple transactions are returned, transactions should be ordered according to effective date in descending order + - As the date and time for a transaction can alter depending on status and transaction type two separate date/times are included in the payload. There are still some scenarios where neither of these time stamps is available. For the purpose of filtering and ordering it is expected that the data holder will use the "effective" date/time which will be defined as: + - Posted date/time if available, then + - Execution date/time if available, then + - A reasonable date/time nominated by the data holder using internal data structures + - For transaction amounts it should be assumed that a negative value indicates a reduction of the available balance on the account while a positive value indicates an increase in the available balance on the account + - For aggregated transactions (ie. groups of sub transactions reported as a single entry for the account) only the aggregated information, with as much consistent information across the subsidiary transactions as possible, is required to be shared + operationId: getTransactions + parameters: + - description: ID of the account to get transactions for. Must have previously + been returned by one of the account list end points. + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Constrain the transaction history request to transactions with + effective time at or after this date/time. If absent defaults to newest-time + minus 90 days. Format is aligned to DateTimeString common type + explode: true + in: query + name: oldest-time + required: false + schema: + type: string + x-cds-type: DateTimeString + style: form + x-cds-type: DateTimeString + - description: Constrain the transaction history request to transactions with + effective time at or before this date/time. If absent defaults to today. Format + is aligned to DateTimeString common type + explode: true + in: query + name: newest-time + required: false + schema: + type: string + x-cds-type: DateTimeString + style: form + x-cds-type: DateTimeString + - description: Filter transactions to only transactions with amounts higher + or equal to than this amount + explode: true + in: query + name: min-amount + required: false + schema: + type: string + x-cds-type: AmountString + pattern: '^\-?\d{1,16}\.\d{2,}$' + style: form + x-cds-type: AmountString + - description: Filter transactions to only transactions with amounts less than + or equal to than this amount + explode: true + in: query + name: max-amount + required: false + schema: + type: string + x-cds-type: AmountString + pattern: '^\-?\d{1,16}\.\d{2,}$' + style: form + x-cds-type: AmountString + - description: Filter transactions to only transactions where this string value + is found as a substring of either the reference or description fields. Format + is arbitrary ASCII string. This parameter is optionally implemented by data + holders. If it is not implemented then a response should be provided as + normal without text filtering applied and an additional boolean field named + isQueryParamUnsupported should be included in the meta object and set to + true (whether the text parameter is supplied or not) + explode: true + in: query + name: text + required: false + schema: + type: string + style: form + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingTransactionList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
  • [400 - Invalid Date](#error-400-field-invalid-date-time)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Transactions For Account + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:transactions:read" + - default: + - "bank:transactions:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/{accountId}/transactions/{transactionId}: + get: + description: Obtain detailed information on a transaction for a specific account + operationId: getTransactionDetail + parameters: + - description: ID of the account to get transactions for. Must have previously + been returned by one of the account list end points + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: ID of the transaction obtained from a previous call to one of + the other transaction end points + explode: false + in: path + name: transactionId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingTransactionById' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Date](#error-400-field-invalid-date-time)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
  • [404 + - Unavailable Resource](#error-404-resource-unavailable)
  • [404 + - Invalid Resource](#error-404-resource-invalid)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Transaction Detail + tags: + - Banking + - Accounts + security: + - PSUOAuth2Security: + - "bank:transactions:read" + - default: + - "bank:transactions:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/{accountId}/direct-debits: + get: + description: Obtain direct debit authorisations for a specific account + operationId: listDirectDebits + parameters: + - description: ID of the account to get direct debit authorisations for. Must + have previously been returned by one of the account list end points. + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingDirectDebitAuthorisationList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Direct Debits For Account + tags: + - Banking + - Direct Debits + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/accounts/direct-debits: + get: + description: Obtain direct debit authorisations for multiple, filtered accounts + operationId: listDirectDebitsBulk + parameters: + - description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. + If absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + - description: Used to filter results according to open/closed status. Values + can be OPEN, CLOSED or ALL. If absent then ALL is assumed + explode: true + in: query + name: open-status + required: false + schema: + default: ALL + enum: + - ALL + - CLOSED + - OPEN + type: string + style: form + - description: Filters accounts based on whether they are owned by the authorised + customer. True for owned accounts, false for unowned accounts and absent + for all accounts + explode: true + in: query + name: is-owned + required: false + schema: + type: boolean + x-cds-type: Boolean + style: form + x-cds-type: Boolean + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingDirectDebitAuthorisationList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Bulk Direct Debits + tags: + - Banking + - Direct Debits + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + post: + description: Obtain direct debit authorisations for a specified list of accounts + operationId: listDirectDebitsSpecificAccounts + parameters: + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RequestAccountIds' + description: Array of specific accountIds to obtain authorisations for + required: true + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingDirectDebitAuthorisationList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
  • [422 - Unavailable + Banking Account](#error-422-authorisation-unavailable-banking-account)
  • [422 + - Invalid Banking Account](#error-422-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Direct Debits For Specific Accounts + tags: + - Banking + - Direct Debits + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + x-codegen-request-body-name: accountIds + /banking/accounts/{accountId}/payments/scheduled: + get: + description: |- + Obtain scheduled, outgoing payments for a specific account + + Obsolete versions: [v1](includes/obsolete/get-scheduled-payments-for-account-v1.html) + operationId: listScheduledPayments + parameters: + - description: ID of the account to get scheduled payments for. Must have previously + been returned by one of the account list end points. The account specified + is the source account for the payment + explode: false + in: path + name: accountId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingScheduledPaymentsListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Banking Account](#error-404-authorisation-unavailable-banking-account)
  • [404 + - Invalid Banking Account](#error-404-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Scheduled Payments for Account + tags: + - Banking + - Scheduled Payments + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "2" + /banking/payments/scheduled: + get: + description: |- + Obtain scheduled payments for multiple, filtered accounts that are the source of funds for the payments + + Obsolete versions: [v1](includes/obsolete/get-scheduled-payments-bulk-v1.html) + operationId: listScheduledPaymentsBulk + parameters: + - description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. + If absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + - description: Used to filter results according to open/closed status. Values + can be OPEN, CLOSED or ALL. If absent then ALL is assumed + explode: true + in: query + name: open-status + required: false + schema: + default: ALL + enum: + - ALL + - CLOSED + - OPEN + type: string + style: form + - description: Filters accounts based on whether they are owned by the authorised + customer. True for owned accounts, false for unowned accounts and absent + for all accounts + explode: true + in: query + name: is-owned + required: false + schema: + type: boolean + x-cds-type: Boolean + style: form + x-cds-type: Boolean + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingScheduledPaymentsListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Scheduled Payments Bulk + tags: + - Banking + - Scheduled Payments + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + post: + description: |- + Obtain scheduled payments for a specified list of accounts + + Obsolete versions: [v1](includes/obsolete/get-scheduled-payments-for-specific-accounts-v1.html) + operationId: listScheduledPaymentsSpecificAccounts + parameters: + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RequestAccountIds' + description: Array of specific accountIds to obtain scheduled payments for. The + accounts specified are the source of funds for the payments returned + required: true + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingScheduledPaymentsListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
  • [422 - Unavailable + Banking Account](#error-422-authorisation-unavailable-banking-account)
  • [422 + - Invalid Banking Account](#error-422-authorisation-invalid-banking-account)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Scheduled Payments For Specific Accounts + tags: + - Banking + - Scheduled Payments + security: + - PSUOAuth2Security: + - "bank:regular_payments:read" + - default: + - "bank:regular_payments:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + x-codegen-request-body-name: accountIds + /banking/payees: + get: + description: |- + Obtain a list of pre-registered payees. + + Obsolete versions: [v1](includes/obsolete/get-payees-v1.html) + operationId: listPayees + parameters: + - description: Filter on the payee type field. In addition to normal type field + values, ALL can be specified to retrieve all payees. If absent the assumed + value is ALL + explode: true + in: query + name: type + required: false + schema: + default: ALL + enum: + - ALL + - BILLER + - DIGITAL_WALLET + - DOMESTIC + - INTERNATIONAL + type: string + style: form + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingPayeeListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Payees + tags: + - Banking + - Payees + security: + - PSUOAuth2Security: + - "bank:payees:read" + - default: + - "bank:payees:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/payees/{payeeId}: + get: + description: |- + Obtain detailed information on a single payee. + + Note that the payee sub-structure should be selected to represent the payment destination only rather than any known characteristics of the payment recipient. + + Obsolete versions: [v1](includes/obsolete/get-payee-detail-v1.html) + operationId: getPayeeDetail + parameters: + - description: The ID used to locate the details of a particular payee + explode: false + in: path + name: payeeId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingPayeeByIdV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Page Size](#error-400-field-invalid-page-size)
  • [400 - Invalid + Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Resource](#error-404-resource-unavailable)
  • [404 + - Invalid Resource](#error-404-resource-invalid)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Payee Detail + tags: + - Banking + - Payees + security: + - PSUOAuth2Security: + - "bank:payees:read" + - default: + - "bank:payees:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + /banking/products: + get: + description: |- + Obtain a list of products that are currently openly offered to the market + + Note that the results returned by this end point are expected to be ordered in descending order according to ``lastUpdated``. + + ### Conventions + In the product reference payloads there are a number of recurring conventions that are explained here, in one place. + + #### Arrays Of Features + + In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows: + + - Each element in an array has the same structure so that clients can reliably interpret the payloads + - Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees. + - Each element has a field name [additionalValue](#productfeaturetypedoc). This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product. + - An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths. + - An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product. + - Depending on the type of data being represented there may be additional specific fields. + + #### URIs To More Information + + As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels. + + These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees. + + #### Linkage To Accounts + From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account. + + For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime. + + Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actually has been instantiated and created along with the associated decisions inherent in that process. + + #### Dates + It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter. + + In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely. + + Obsolete versions: [v1](includes/obsolete/get-products-v1.html) [v2](includes/obsolete/get-products-v2.html) + operationId: listProducts + parameters: + - description: Allows for the filtering of products based on whether the current + time is within the period of time defined as effective by the effectiveFrom + and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. + If absent defaults to 'CURRENT' + explode: true + in: query + name: effective + required: false + schema: + default: CURRENT + enum: + - ALL + - CURRENT + - FUTURE + type: string + style: form + - description: Only include products that have been updated after the specified + date and time. If absent defaults to include all products + explode: true + in: query + name: updated-since + required: false + schema: + type: string + format: date-time + x-cds-type: DateTimeString + style: form + x-cds-type: DateTimeString + - description: Filter results based on a specific brand + explode: true + in: query + name: brand + required: false + schema: + type: string + style: form + - description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. + If absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + - description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + minimum: 1 + maximum: 1000 + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingProductListV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
  • [400 - Invalid + Date](#error-400-field-invalid-date-time)
  • [400 - Invalid Page + Size](#error-400-field-invalid-page-size)
  • [400 - Invalid Version](#error-400-header-invalid-version)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ "422": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [422 + - Invalid Page](#error-422-field-invalid-page)
+ summary: Get Products + tags: + - Banking + - Products + security: + - default: [ ] + x-version: "3" + x-auth-type: None + x-throttling-tier: Unlimited + /banking/products/{productId}: + get: + description: |- + Obtain detailed information on a single product offered openly to the market. + + Obsolete versions: [v1](includes/obsolete/get-product-detail-v1.html) [v2](includes/obsolete/get-product-detail-v2.html) [v3](includes/obsolete/get-product-detail-v3.html) + operationId: getProductDetail + parameters: + - description: ID of the specific product requested + explode: false + in: path + name: productId + required: true + schema: + type: string + x-cds-type: ASCIIString + style: simple + x-cds-type: ASCIIString + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseBankingProductByIdV4' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ "404": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [404 + - Unavailable Resource](#error-404-resource-unavailable)
  • [404 + - Invalid Resource](#error-404-resource-invalid)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ summary: Get Product Detail + tags: + - Banking + - Products + security: + - default: [ ] + x-version: "4" + x-auth-type: None + x-throttling-tier: Unlimited + /common/customer: + get: + description: |- + Obtain basic information on the customer that has authorised the current session + + ### Conventions + In the customer payloads relevant conventions are explained here, in one place. + + #### Given Names + + `firstName` represents the first of a person's given names. + + `middleNames` represents a collection of given names if the person has more than one given name. + + Where a data holder holds a person's given names as a single string in source systems, it may not possible in some situations to reliably split these given names into their component first and middle names. In these situations, data holders MAY use the `firstName` field to return the single string of given names and an empty `middleNames` array. + + For example, a person whose given names are "John Paul Winston" but the data holder cannot determine what is the first name, can return `"firstName": "John Paul Winston"`. + operationId: getCustomer + parameters: + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseCommonCustomer' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Customer + tags: + - Common + - Customer + security: + - PSUOAuth2Security: + - "common:customer.basic:read" + - default: + - "common:customer.basic:read" + x-version: "1" + x-auth-type: Application User + x-throttling-tier: Unlimited + /common/customer/detail: + get: + description: |- + Obtain detailed information on the authorised customer within the current session. + + Obsolete versions: [v1](includes/obsolete/get-customer-detail-v1.html) + operationId: getCustomerDetail + parameters: + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + - description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + - description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + - description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + - description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer + present calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseCommonCustomerDetailV2' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - + headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + Invalid Field](#error-400-field-invalid)
  • [400 - Invalid Version](#error-400-header-invalid-version)
UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ headers: + x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation + id. If provided, the data holder must play back this value in the + x-fapi-interaction-id response header. If not provided a **[[RFC4122]](#nref-RFC4122)** + UUID value is required to be provided in the response header to track + the interaction. + explode: false + schema: + type: string + style: simple + summary: Get Customer Detail + tags: + - Common + - Customer + security: + - PSUOAuth2Security: + - "common:customer.detail:read" + - default: + - "common:customer.detail:read" + x-version: "2" + x-auth-type: Application User + x-throttling-tier: Unlimited + /discovery/status: + get: + description: Obtain a health check status for the implementation + operationId: getStatus + parameters: + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseCommonDiscoveryStatus' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ summary: Get Status + tags: + - Common + - Discovery + security: + - default: [ ] + x-version: "1" + x-auth-type: None + x-throttling-tier: Unlimited + /discovery/outages: + get: + description: Obtain a list of scheduled outages for the implementation + operationId: getOutages + parameters: + - description: Version of the API end point requested by the client. Must be + set to a positive integer. The data holder should respond with the highest + supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If the value of [x-min-v](#request-headers) is equal to or higher than the + value of [x-v](#request-headers) then the [x-min-v](#request-headers) header + should be treated as absent. If all versions requested are not supported + then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + - description: Minimum version of the API end point requested by the client. + Must be set to a positive integer if provided. The data holder should respond + with the highest supported version between [x-min-v](#request-headers) and + [x-v](#request-headers). If all versions requested are not supported then + the data holder must respond with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseDiscoveryOutagesList' + description: Success + headers: + x-v: + description: The [version](#response-headers) of the API end point that + the data holder has responded with. + explode: false + schema: + type: string + style: simple + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [400 + - Invalid Field](#error-400-field-invalid)
  • [400 - Missing Field](#error-400-field-missing)
  • [400 + - Invalid Version](#error-400-header-invalid-version)
+ "406": + content: + application/json: + schema: + $ref: '#/components/schemas/ResponseErrorListV2' + description: The following error codes MUST be supported:
  • [406 + - Unsupported Version](#error-406-header-unsupported-version)
+ summary: Get Outages + tags: + - Common + - Discovery + security: + - default: [ ] + x-version: "1" + x-auth-type: None + x-throttling-tier: Unlimited +components: + securitySchemes: + PSUOAuth2Security: + type: "oauth2" + description: "OAuth flow, it is required when the PSU needs to perform SCA with the Data Holder when an ADR wants to access an Data Holder resource owned by the PSU" + flows: + authorizationCode: + authorizationUrl: "https://authserver.example/authorization" + tokenUrl: "https://authserver.example/token" + scopes: + bank:accounts.basic:read: "Basic Bank Account Data : This scope would allow for the third party to access basic + information of the customer’s accounts. Includes simple account information including balance. Does not include account identifiers, product information or transaction data." + bank:transactions:read: "Bank Transaction Data : This scope would allow the third party to access transaction + data for accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Basic Bank Account Data scope is also authorised.\nIncludes all account transaction data." + bank:payees:read: "Bank Payee Data : This scope allows access to payee information stored by the customer + .\nIncludes payee information such as billers, international beneficiaries and domestic payees." + bank:accounts.detail:read: "Detailed Bank Account Data : This scope would allow for the third party to access + detailed information of the customer’s accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Bank Account Data scope is also authorised.\nIncludes basic account information plus account identifiers and product information. Does not include transaction data." + bank:regular_payments:read: "Bank Regular Payments : The scope would allow the third party to access regular + payments. Includes Direct Debits and Scheduled Payments." + common:customer.basic:read: "Basic Customer Data : The scope would allow the third party to access personally + identifiable information about the customer. For retail customers this would be information about the customer themselves. For business customers it would imply the name of specific user but also information about the business.\nIncludes name and occupation for individuals or name, business numbers and industry code for organisations" + common:customer.detail:read: "Detailed Customer Data : The scope would allow the third party to access more + detailed information about the customer. Includes the data available with the Basic Customer Data scope plus contact details.\nIncludes basic data plus phone, email and address information." + x-scopes-bindings: + bank:regular_payments:read: "Internal/subscriber" + bank:accounts.detail:read: "Internal/subscriber" + bank:payees:read: "Internal/subscriber" + bank:transactions:read: "Internal/subscriber" + bank:accounts.basic:read: "Internal/subscriber" + common:customer.detail:read: "Internal/subscriber" + common:customer.basic:read: "Internal/subscriber" + x-wso2-security: + apim: + description: "This scope will group the AccountAPI related operations." + x-wso2-scopes: + - name: "bank:regular_payments:read" + key: "bank:regular_payments:read" + roles: "Internal/subscriber" + - name: "bank:accounts.detail:read" + key: "bank:accounts.detail:read" + roles: "Internal/subscriber" + - name: "bank:payees:read" + key: "bank:payees:read" + roles: "Internal/subscriber" + - name: "bank:transactions:read" + key: "bank:transactions:read" + roles: "Internal/subscriber" + - name: "bank:accounts.basic:read" + key: "bank:accounts.basic:read" + roles: "Internal/subscriber" + - name: "common:customer.detail:read" + key: "common:customer.detail:read" + roles: "Internal/subscriber" + - name: "common:customer.basic:read" + key: "common:customer.basic:read" + roles: "Internal/subscriber" + default: + type: "oauth2" + flows: + authorizationCode: + authorizationUrl: 'https://authserver.example/authorization' + tokenUrl: 'https://authserver.example/token' + scopes: + bank:accounts.basic:read: "Basic Bank Account Data : This scope would allow for the third party to access basic + information of the customer’s accounts. Includes simple account information including balance. Does not include account identifiers, product information or transaction data." + bank:transactions:read: "Bank Transaction Data : This scope would allow the third party to access transaction + data for accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Basic Bank Account Data scope is also authorised.\nIncludes all account transaction data." + bank:payees:read: "Bank Payee Data : This scope allows access to payee information stored by the customer + .\nIncludes payee information such as billers, international beneficiaries and domestic payees." + bank:accounts.detail:read: "Detailed Bank Account Data : This scope would allow for the third party to access + detailed information of the customer’s accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Bank Account Data scope is also authorised.\nIncludes basic account information plus account identifiers and product information. Does not include transaction data." + bank:regular_payments:read: "Bank Regular Payments : The scope would allow the third party to access regular + payments. Includes Direct Debits and Scheduled Payments." + common:customer.basic:read: "Basic Customer Data : The scope would allow the third party to access personally + identifiable information about the customer. For retail customers this would be information about the customer themselves. For business customers it would imply the name of specific user but also information about the business.\nIncludes name and occupation for individuals or name, business numbers and industry code for organisations" + common:customer.detail:read: "Detailed Customer Data : The scope would allow the third party to access more + detailed information about the customer. Includes the data available with the Basic Customer Data scope plus contact details.\nIncludes basic data plus phone, email and address information." + x-scopes-bindings: + bank:regular_payments:read: "Internal/subscriber" + bank:accounts.detail:read: "Internal/subscriber" + bank:payees:read: "Internal/subscriber" + bank:transactions:read: "Internal/subscriber" + bank:accounts.basic:read: "Internal/subscriber" + common:customer.detail:read: "Internal/subscriber" + common:customer.basic:read: "Internal/subscriber" + description: >- + Default OAuth flow + parameters: + RequestHeader_x-v: + description: Version of the API end point requested by the client. Must be set + to a positive integer. The data holder should respond with the highest supported + version between [x-min-v](#request-headers) and [x-v](#request-headers). If + the value of [x-min-v](#request-headers) is equal to or higher than the value + of [x-v](#request-headers) then the [x-min-v](#request-headers) header should + be treated as absent. If all versions requested are not supported then the + data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers) + explode: false + in: header + name: x-v + required: true + schema: + type: string + style: simple + RequestHeader_x-min-v: + description: Minimum version of the API end point requested by the client. Must + be set to a positive integer if provided. The data holder should respond with + the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). + If all versions requested are not supported then the data holder must respond + with a 406 Not Acceptable. + explode: false + in: header + name: x-min-v + required: false + schema: + type: string + style: simple + RequestHeader_x-fapi-interaction-id: + description: An **[[RFC4122]](#nref-RFC4122)** UUID used as a correlation id. + If provided, the data holder must play back this value in the x-fapi-interaction-id + response header. If not provided a **[[RFC4122]](#nref-RFC4122)** UUID value + is required to be provided in the response header to track the interaction. + explode: false + in: header + name: x-fapi-interaction-id + required: false + schema: + type: string + style: simple + RequestHeader_x-fapi-auth-date: + description: The time when the customer last logged in to the Data Recipient + Software Product as described in **[[FAPI-1.0-Baseline]](#nref-FAPI-1-0-Baseline)**. Required + for all resource calls (customer present and unattended). Not required for + unauthenticated calls. + explode: false + in: header + name: x-fapi-auth-date + required: false + schema: + type: string + x-conditional: true + style: simple + x-conditional: true + RequestHeader_x-fapi-customer-ip-address: + description: The customer's original IP address if the customer is currently + logged in to the Data Recipient Software Product. The presence of this header + indicates that the API is being called in a customer present context. Not + to be included for unauthenticated calls. + explode: false + in: header + name: x-fapi-customer-ip-address + required: false + schema: + type: string + style: simple + RequestHeader_x-cds-client-headers: + description: The customer's original standard http headers [Base64](#common-field-types) + encoded, including the original User Agent header, if the customer is currently + logged in to the Data Recipient Software Product. Mandatory for customer present + calls. Not required for unattended or unauthenticated calls. + explode: false + in: header + name: x-cds-client-headers + required: false + schema: + type: string + x-conditional: true + pattern: '^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$' + x-cds-type: Base64 + style: simple + x-conditional: true + x-cds-type: Base64 + ParamAccountOpenStatus: + description: Used to filter results according to open/closed status. Values + can be OPEN, CLOSED or ALL. If absent then ALL is assumed + explode: true + in: query + name: open-status + required: false + schema: + default: ALL + enum: + - ALL + - CLOSED + - OPEN + type: string + style: form + ParamProductCategory: + description: Used to filter results on the productCategory field applicable + to accounts. Any one of the valid values for this field can be supplied. If + absent then all accounts returned. + explode: true + in: query + name: product-category + required: false + schema: + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + style: form + ParamAccountIsOwned: + description: Filters accounts based on whether they are owned by the authorised + customer. True for owned accounts, false for unowned accounts and absent + for all accounts + explode: true + in: query + name: is-owned + required: false + schema: + type: boolean + x-cds-type: Boolean + style: form + x-cds-type: Boolean + ParamPage: + description: Page of results to request (standard pagination) + explode: true + in: query + name: page + required: false + schema: + default: 1 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + ParamPageSize: + description: Page size to request. Default is 25 (standard pagination) + explode: true + in: query + name: page-size + required: false + schema: + default: 25 + type: integer + x-cds-type: PositiveInteger + style: form + x-cds-type: PositiveInteger + ParamTransactionNewestTime: + description: Constrain the transaction history request to transactions with + effective time at or before this date/time. If absent defaults to today. Format + is aligned to DateTimeString common type + explode: true + in: query + name: newest-time + required: false + schema: + type: string + x-cds-type: DateTimeString + style: form + x-cds-type: DateTimeString + ParamTransactionOldestTime: + description: Constrain the transaction history request to transactions with + effective time at or after this date/time. If absent defaults to newest-time + minus 90 days. Format is aligned to DateTimeString common type + explode: true + in: query + name: oldest-time + required: false + schema: + type: string + x-cds-type: DateTimeString + style: form + x-cds-type: DateTimeString + ParamTransactionMinAmount: + description: Filter transactions to only transactions with amounts higher or + equal to than this amount + explode: true + in: query + name: min-amount + required: false + schema: + type: string + x-cds-type: AmountString + style: form + x-cds-type: AmountString + ParamTransactionMaxAmount: + description: Filter transactions to only transactions with amounts less than + or equal to than this amount + explode: true + in: query + name: max-amount + required: false + schema: + type: string + x-cds-type: AmountString + style: form + x-cds-type: AmountString + ParamTransactionText: + description: Filter transactions to only transactions where this string value + is found as a substring of either the reference or description fields. Format + is arbitrary ASCII string. This parameter is optionally implemented by data + holders. If it is not implemented then a response should be provided as normal + without text filtering applied and an additional boolean field named isQueryParamUnsupported + should be included in the meta object and set to true (whether the text parameter + is supplied or not) + explode: true + in: query + name: text + required: false + schema: + type: string + style: form + schemas: + RequestAccountIds: + example: + data: + accountIds: + - accountIds + - accountIds + meta: '{}' + properties: + data: + $ref: '#/components/schemas/RequestAccountIds_data' + meta: + type: object + required: + - data + type: object + ResponseBankingProductListV2: + example: + data: + products: + - additionalInformation: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + brandName: brandName + productId: productId + description: description + effectiveTo: effectiveTo + cardArt: + - imageUri: imageUri + title: title + - imageUri: imageUri + title: title + lastUpdated: lastUpdated + isTailored: true + name: name + applicationUri: applicationUri + effectiveFrom: effectiveFrom + brand: brand + - additionalInformation: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + brandName: brandName + productId: productId + description: description + effectiveTo: effectiveTo + cardArt: + - imageUri: imageUri + title: title + - imageUri: imageUri + title: title + lastUpdated: lastUpdated + isTailored: true + name: name + applicationUri: applicationUri + effectiveFrom: effectiveFrom + brand: brand + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingProductListV2_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + BankingProductV4: + example: + additionalInformation: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + brandName: brandName + productId: productId + description: description + effectiveTo: effectiveTo + cardArt: + - imageUri: imageUri + title: title + - imageUri: imageUri + title: title + lastUpdated: lastUpdated + isTailored: true + name: name + applicationUri: applicationUri + effectiveFrom: effectiveFrom + brand: brand + properties: + productId: + description: A data holder specific unique identifier for this product. + This identifier must be unique to a product but does not otherwise need + to adhere to ID permanence guidelines. + type: string + x-cds-type: ASCIIString + effectiveFrom: + description: The date and time from which this product is effective (ie. + is available for origination). Used to enable the articulation of products + to the regime before they are available for customers to originate + type: string + x-cds-type: DateTimeString + effectiveTo: + description: The date and time at which this product will be retired and + will no longer be offered. Used to enable the managed deprecation of + products + type: string + x-cds-type: DateTimeString + lastUpdated: + description: The last date and time that the information for this product + was changed (or the creation date for the product if it has never been + altered) + type: string + x-cds-type: DateTimeString + productCategory: + $ref: '#/components/schemas/BankingProductCategory' + name: + description: The display name of the product + type: string + description: + description: A description of the product + type: string + brand: + description: A label of the brand for the product. Able to be used for filtering. + For data holders with single brands this value is still required + type: string + brandName: + description: An optional display name of the brand + type: string + applicationUri: + description: A link to an application web page where this product can be + applied for. + type: string + x-cds-type: URIString + isTailored: + description: Indicates whether the product is specifically tailored to a + circumstance. In this case fees and prices are significantly negotiated + depending on context. While all products are open to a degree of tailoring + this flag indicates that tailoring is expected and thus that the provision + of specific fees and rates is not applicable + type: boolean + x-cds-type: Boolean + additionalInformation: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2' + cardArt: + description: An array of card art images + items: + $ref: '#/components/schemas/BankingProductV4_cardArt' + type: array + required: + - brand + - description + - isTailored + - lastUpdated + - name + - productCategory + - productId + type: object + BankingProductAdditionalInformationV2: + description: Object that contains links to additional information on specific + topics + example: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + properties: + overviewUri: + description: General overview of the product. Mandatory if `additionalOverviewUris` + includes one or more supporting documents. + type: string + x-cds-type: URIString + termsUri: + description: Terms and conditions for the product. Mandatory if `additionalTermsUris` + includes one or more supporting documents. + type: string + x-cds-type: URIString + eligibilityUri: + description: Eligibility rules and criteria for the product. Mandatory if + `additionalEligibilityUris` includes one or more supporting documents. + type: string + x-cds-type: URIString + feesAndPricingUri: + description: Description of fees, pricing, discounts, exemptions and bonuses + for the product. Mandatory if `additionalFeesAndPricingUris` includes + one or more supporting documents. + type: string + x-cds-type: URIString + bundleUri: + description: Description of a bundle that this product can be part of. Mandatory + if `additionalBundleUris` includes one or more supporting documents. + type: string + x-cds-type: URIString + additionalOverviewUris: + description: An array of additional general overviews for the product or + features of the product, if applicable. To be treated as secondary documents + to the `overviewUri`. Only to be used if there is a primary `overviewUri`. + items: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2_additionalInformationUris' + type: array + additionalTermsUris: + description: An array of additional terms and conditions for the product, + if applicable. To be treated as secondary documents to the `termsUri`. + Only to be used if there is a primary `termsUri`. + items: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2_additionalInformationUris' + type: array + additionalEligibilityUris: + description: An array of additional eligibility rules and criteria for the + product, if applicable. To be treated as secondary documents to the `eligibilityUri`. + Only to be used if there is a primary `eligibilityUri`. + items: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2_additionalInformationUris' + type: array + additionalFeesAndPricingUris: + description: An array of additional fees, pricing, discounts, exemptions + and bonuses for the product, if applicable. To be treated as secondary + documents to the `feesAndPricingUri`. Only to be used if there is a primary + `feesAndPricingUri`. + items: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2_additionalInformationUris' + type: array + additionalBundleUris: + description: An array of additional bundles for the product, if applicable. + To be treated as secondary documents to the `bundleUri`. Only to be used + if there is a primary `bundleUri`. + items: + $ref: '#/components/schemas/BankingProductAdditionalInformationV2_additionalInformationUris' + type: array + type: object + x-conditional: + - overviewUri + - termsUri + - eligibilityUri + - feesAndPricingUri + - bundleUri + BankingProductAdditionalInformationV2_additionalInformationUris: + example: + additionalInfoUri: additionalInfoUri + description: description + properties: + description: + description: Display text providing more information about the document + URI + type: string + additionalInfoUri: + description: The URI describing the additional information + type: string + x-cds-type: URIString + required: + - additionalInfoUri + type: object + ResponseBankingProductByIdV4: + example: + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/BankingProductDetailV4' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + BankingProductDetailV4: + allOf: + - $ref: '#/components/schemas/BankingProductV4' + - $ref: '#/components/schemas/BankingProductDetailV4_allOf' + BankingProductBundle: + properties: + name: + description: Name of the bundle + type: string + description: + description: Description of the bundle + type: string + additionalInfo: + description: Display text providing more information on the bundle + type: string + additionalInfoUri: + description: Link to a web page with more information on the bundle criteria + and benefits + type: string + x-cds-type: URIString + productIds: + description: Array of product IDs for products included in the bundle that + are available via the product end points. Note that this array is not + intended to represent a comprehensive model of the products included in + the bundle and some products available for the bundle may not be available + via the product reference end points + items: + type: string + x-cds-type: ASCIIString + type: array + required: + - description + - name + type: object + BankingProductFeatureV2: + properties: + featureType: + description: The type of feature described + enum: + - ADDITIONAL_CARDS + - BALANCE_TRANSFERS + - BILL_PAYMENT + - BONUS_REWARDS + - CARD_ACCESS + - CASHBACK_OFFER + - COMPLEMENTARY_PRODUCT_DISCOUNTS + - DIGITAL_BANKING + - DIGITAL_WALLET + - DONATE_INTEREST + - EXTRA_REPAYMENTS + - FRAUD_PROTECTION + - FREE_TXNS + - FREE_TXNS_ALLOWANCE + - GUARANTOR + - INSURANCE + - INSTALMENT_PLAN + - INTEREST_FREE + - INTEREST_FREE_TRANSFERS + - LOYALTY_PROGRAM + - NOTIFICATIONS + - NPP_ENABLED + - NPP_PAYID + - OFFSET + - OTHER + - OVERDRAFT + - REDRAW + - RELATIONSHIP_MANAGEMENT + - UNLIMITED_TXNS + type: string + additionalValue: + description: Generic field containing additional information relevant to + the [featureType](#tocSproductfeaturetypedoc) specified. Whether mandatory + or not is dependent on the value of the [featureType.](#tocSproductfeaturetypedoc) + type: string + additionalInfo: + description: Display text providing more information on the feature. Mandatory + if the [feature type](#tocSproductfeaturetypedoc) is set to OTHER + type: string + additionalInfoUri: + description: Link to a web page with more information on this feature + type: string + x-cds-type: URIString + required: + - featureType + type: object + x-conditional: + - additionalValue + - additionalInfo + BankingProductConstraint: + properties: + constraintType: + description: The type of constraint described. See the next section for + an overview of valid values and their meaning + enum: + - MAX_BALANCE + - MAX_LIMIT + - MIN_BALANCE + - MIN_LIMIT + - OPENING_BALANCE + type: string + additionalValue: + description: Generic field containing additional information relevant to + the [constraintType](#tocSproductconstrainttypedoc) specified. Whether + mandatory or not is dependent on the value of [constraintType](#tocSproductconstrainttypedoc) + type: string + additionalInfo: + description: Display text providing more information the constraint + type: string + additionalInfoUri: + description: Link to a web page with more information on the constraint + type: string + x-cds-type: URIString + required: + - constraintType + type: object + x-conditional: + - additionalValue + BankingProductEligibility: + properties: + eligibilityType: + description: The type of eligibility criteria described. See the next section + for an overview of valid values and their meaning + enum: + - BUSINESS + - EMPLOYMENT_STATUS + - MAX_AGE + - MIN_AGE + - MIN_INCOME + - MIN_TURNOVER + - NATURAL_PERSON + - OTHER + - PENSION_RECIPIENT + - RESIDENCY_STATUS + - STAFF + - STUDENT + type: string + additionalValue: + description: Generic field containing additional information relevant to + the [eligibilityType](#tocSproducteligibilitytypedoc) specified. Whether + mandatory or not is dependent on the value of [eligibilityType](#tocSproducteligibilitytypedoc) + type: string + additionalInfo: + description: Display text providing more information on the [eligibility](#tocSproducteligibilitytypedoc) + criteria. Mandatory if the field is set to OTHER + type: string + additionalInfoUri: + description: Link to a web page with more information on this eligibility + criteria + type: string + x-cds-type: URIString + required: + - eligibilityType + type: object + x-conditional: + - additionalValue + - additionalInfo + BankingProductFee: + properties: + name: + description: Name of the fee + type: string + feeType: + description: The type of fee + enum: + - DEPOSIT + - EVENT + - EXIT + - PAYMENT + - PERIODIC + - PURCHASE + - TRANSACTION + - UPFRONT + - VARIABLE + - WITHDRAWAL + type: string + amount: + description: The amount charged for the fee. One of amount, balanceRate, + transactionRate and accruedRate is mandatory unless the *feeType* "VARIABLE" + is supplied + type: string + x-cds-type: AmountString + balanceRate: + description: A fee rate calculated based on a proportion of the balance. + One of amount, balanceRate, transactionRate and accruedRate is mandatory + unless the *feeType* "VARIABLE" is supplied. + type: string + x-cds-type: RateString + transactionRate: + description: A fee rate calculated based on a proportion of a transaction. + One of amount, balanceRate, transactionRate and accruedRate is mandatory + unless the *feeType* "VARIABLE" is supplied + type: string + x-cds-type: RateString + accruedRate: + description: A fee rate calculated based on a proportion of the calculated + interest accrued on the account. One of amount, balanceRate, transactionRate + and accruedRate is mandatory unless the *feeType* "VARIABLE" is supplied + type: string + x-cds-type: RateString + accrualFrequency: + description: The indicative frequency with which the fee is calculated on + the account. Only applies if balanceRate or accruedRate is also present. + Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + currency: + description: The currency the fee will be charged in. Assumes AUD if absent + type: string + x-cds-type: CurrencyString + additionalValue: + description: Generic field containing additional information relevant to + the [feeType](#tocSproductfeetypedoc) specified. Whether mandatory or + not is dependent on the value of [feeType](#tocSproductfeetypedoc) + type: string + additionalInfo: + description: Display text providing more information on the fee + type: string + additionalInfoUri: + description: Link to a web page with more information on this fee + type: string + x-cds-type: URIString + discounts: + description: An optional list of discounts to this fee that may be available + items: + $ref: '#/components/schemas/BankingProductDiscount' + type: array + required: + - feeType + - name + type: object + x-conditional: + - additionalValue + - amount + - balanceRate + - transactionRate + - accruedRate + BankingProductDiscount: + properties: + description: + description: Description of the discount + type: string + discountType: + description: The type of discount. See the next section for an overview + of valid values and their meaning + enum: + - BALANCE + - DEPOSITS + - ELIGIBILITY_ONLY + - FEE_CAP + - PAYMENTS + type: string + amount: + description: Dollar value of the discount. One of amount, balanceRate, transactionRate, + accruedRate and feeRate is mandatory. + type: string + x-cds-type: AmountString + balanceRate: + description: A discount rate calculated based on a proportion of the balance. + Note that the currency of the fee discount is expected to be the same + as the currency of the fee itself. One of amount, balanceRate, transactionRate, + accruedRate and feeRate is mandatory. Unless noted in additionalInfo, + assumes the application and calculation frequency are the same as the + corresponding fee + type: string + x-cds-type: RateString + transactionRate: + description: A discount rate calculated based on a proportion of a transaction. + Note that the currency of the fee discount is expected to be the same + as the currency of the fee itself. One of amount, balanceRate, transactionRate, + accruedRate and feeRate is mandatory + type: string + x-cds-type: RateString + accruedRate: + description: A discount rate calculated based on a proportion of the calculated + interest accrued on the account. Note that the currency of the fee discount + is expected to be the same as the currency of the fee itself. One of amount, + balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless + noted in additionalInfo, assumes the application and calculation frequency + are the same as the corresponding fee + type: string + x-cds-type: RateString + feeRate: + description: A discount rate calculated based on a proportion of the fee + to which this discount is attached. Note that the currency of the fee + discount is expected to be the same as the currency of the fee itself. + One of amount, balanceRate, transactionRate, accruedRate and feeRate is + mandatory. Unless noted in additionalInfo, assumes the application and + calculation frequency are the same as the corresponding fee + type: string + x-cds-type: RateString + additionalValue: + description: Generic field containing additional information relevant to + the [discountType](#tocSproductdiscounttypedoc) specified. Whether mandatory + or not is dependent on the value of [discountType](#tocSproductdiscounttypedoc) + type: string + additionalInfo: + description: Display text providing more information on the discount + type: string + additionalInfoUri: + description: Link to a web page with more information on this discount + type: string + x-cds-type: URIString + eligibility: + description: Eligibility constraints that apply to this discount. Mandatory + if ``discountType`` is ``ELIGIBILITY_ONLY``. + items: + $ref: '#/components/schemas/BankingProductDiscountEligibility' + type: array + required: + - description + - discountType + type: object + x-conditional: + - accruedRate + - additionalValue + - amount + - balanceRate + - eligibility + - feeRate + - transactionRate + BankingProductDiscountEligibility: + properties: + discountEligibilityType: + description: The type of the specific eligibility constraint for a discount + enum: + - BUSINESS + - EMPLOYMENT_STATUS + - INTRODUCTORY + - MAX_AGE + - MIN_AGE + - MIN_INCOME + - MIN_TURNOVER + - NATURAL_PERSON + - OTHER + - PENSION_RECIPIENT + - RESIDENCY_STATUS + - STAFF + - STUDENT + type: string + additionalValue: + description: Generic field containing additional information relevant to + the [discountEligibilityType](#tocSproductdiscounteligibilitydoc) specified. + Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc) + type: string + additionalInfo: + description: Display text providing more information on this eligibility + constraint. Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc) + type: string + additionalInfoUri: + description: Link to a web page with more information on this eligibility + constraint + type: string + x-cds-type: URIString + required: + - discountEligibilityType + type: object + x-conditional: + - additionalInfo + - additionalValue + BankingProductDepositRate: + properties: + depositRateType: + description: The type of rate (base, bonus, etc). See the next section for + an overview of valid values and their meaning + enum: + - BONUS + - BUNDLE_BONUS + - FIXED + - FLOATING + - INTRODUCTORY + - MARKET_LINKED + - VARIABLE + type: string + rate: + description: The rate to be applied + type: string + x-cds-type: RateString + calculationFrequency: + description: The period after which the rate is applied to the balance to + calculate the amount due for the period. Calculation of the amount is + often daily (as balances may change) but accumulated until the total amount + is 'applied' to the account (see applicationFrequency). Formatted according + to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + applicationFrequency: + description: The period after which the calculated amount(s) (see calculationFrequency) + are 'applied' (i.e. debited or credited) to the account. Formatted according + to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + tiers: + description: Rate tiers applicable for this rate + items: + $ref: '#/components/schemas/BankingProductRateTierV3' + type: array + additionalValue: + description: Generic field containing additional information relevant to + the [depositRateType](#tocSproductdepositratetypedoc) specified. Whether + mandatory or not is dependent on the value of [depositRateType](#tocSproductdepositratetypedoc) + type: string + additionalInfo: + description: Display text providing more information on the rate + type: string + additionalInfoUri: + description: Link to a web page with more information on this rate + type: string + x-cds-type: URIString + required: + - depositRateType + - rate + type: object + x-conditional: + - additionalValue + BankingProductLendingRateV2: + properties: + lendingRateType: + description: The type of rate (fixed, variable, etc). See the next section + for an overview of valid values and their meaning + enum: + - BUNDLE_DISCOUNT_FIXED + - BUNDLE_DISCOUNT_VARIABLE + - CASH_ADVANCE + - DISCOUNT + - FIXED + - FLOATING + - INTRODUCTORY + - MARKET_LINKED + - PENALTY + - PURCHASE + - VARIABLE + type: string + rate: + description: The rate to be applied + type: string + x-cds-type: RateString + comparisonRate: + description: A comparison rate equivalent for this rate + type: string + x-cds-type: RateString + calculationFrequency: + description: The period after which the rate is applied to the balance to + calculate the amount due for the period. Calculation of the amount is + often daily (as balances may change) but accumulated until the total amount + is 'applied' to the account (see applicationFrequency). Formatted according + to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + applicationFrequency: + description: The period after which the calculated amount(s) (see calculationFrequency) + are 'applied' (i.e. debited or credited) to the account. Formatted according + to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + interestPaymentDue: + description: When loan payments are due to be paid within each period. The + investment benefit of earlier payments affect the rate that can be offered + enum: + - IN_ADVANCE + - IN_ARREARS + type: string + repaymentType: + description: Options in place for repayments. If absent, the lending rate + is applicable to all repayment types + enum: + - INTEREST_ONLY + - PRINCIPAL_AND_INTEREST + type: string + loanPurpose: + description: The reason for taking out the loan. If absent, the lending + rate is applicable to all loan purposes + enum: + - INVESTMENT + - OWNER_OCCUPIED + type: string + tiers: + description: Rate tiers applicable for this rate + items: + $ref: '#/components/schemas/BankingProductRateTierV3' + type: array + additionalValue: + description: Generic field containing additional information relevant to + the [lendingRateType](#tocSproductlendingratetypedoc) specified. Whether + mandatory or not is dependent on the value of [lendingRateType](#tocSproductlendingratetypedoc) + type: string + additionalInfo: + description: Display text providing more information on the rate. + type: string + additionalInfoUri: + description: Link to a web page with more information on this rate + type: string + x-cds-type: URIString + required: + - lendingRateType + - rate + type: object + x-conditional: + - additionalValue + BankingProductRateTierV3: + description: Defines the criteria and conditions for which a rate applies + properties: + name: + description: A display name for the tier + type: string + unitOfMeasure: + description: The unit of measure that applies to the tierValueMinimum and + tierValueMaximum values e.g. a **DOLLAR** amount. **PERCENT** (in the + case of loan-to-value ratio or LVR). Tier term period representing a discrete + number of **MONTH**'s or **DAY**'s (in the case of term deposit tiers) + enum: + - DAY + - DOLLAR + - MONTH + - PERCENT + type: string + minimumValue: + description: The number of tierUnitOfMeasure units that form the lower bound + of the tier. The tier should be inclusive of this value + type: number + x-cds-type: Number + maximumValue: + description: 'The number of tierUnitOfMeasure units that form the upper + bound of the tier or band. For a tier with a discrete value (as opposed + to a range of values e.g. 1 month) this must be the same as tierValueMinimum. + Where this is the same as the tierValueMinimum value of the next-higher + tier the referenced tier should be exclusive of this value. For example + a term deposit of 2 months falls into the upper tier of the following + tiers: (1 – 2 months, 2 – 3 months). If absent the tier''s range has no + upper bound.' + type: number + x-cds-type: Number + rateApplicationMethod: + description: The method used to calculate the amount to be applied using + one or more tiers. A single rate may be applied to the entire balance + or each applicable tier rate is applied to the portion of the balance + that falls into that tier (referred to as 'bands' or 'steps') + enum: + - PER_TIER + - WHOLE_BALANCE + type: string + applicabilityConditions: + $ref: '#/components/schemas/BankingProductRateCondition' + additionalInfo: + description: Display text providing more information on the rate tier. + type: string + additionalInfoUri: + description: Link to a web page with more information on this rate tier + type: string + x-cds-type: URIString + required: + - minimumValue + - name + - unitOfMeasure + type: object + BankingProductRateCondition: + description: Defines a condition for the applicability of a tiered rate + properties: + additionalInfo: + description: Display text providing more information on the condition + type: string + additionalInfoUri: + description: Link to a web page with more information on this condition + type: string + x-cds-type: URIString + type: object + ResponseBankingAccountListV2: + example: + data: + accounts: + - accountId: accountId + maskedNumber: maskedNumber + openStatus: OPEN + displayName: displayName + isOwned: true + nickname: nickname + creationDate: creationDate + productName: productName + accountOwnership: UNKNOWN + - accountId: accountId + maskedNumber: maskedNumber + openStatus: OPEN + displayName: displayName + isOwned: true + nickname: nickname + creationDate: creationDate + productName: productName + accountOwnership: UNKNOWN + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingAccountListV2_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + BankingAccountV2: + example: + accountId: accountId + maskedNumber: maskedNumber + openStatus: OPEN + displayName: displayName + isOwned: true + nickname: nickname + creationDate: creationDate + productName: productName + accountOwnership: UNKNOWN + properties: + accountId: + description: A unique ID of the account adhering to the standards for ID + permanence + type: string + x-cds-type: ASCIIString + creationDate: + description: Date that the account was created (if known) + type: string + x-cds-type: DateString + displayName: + description: The display name of the account as defined by the bank. This + should not incorporate account numbers or PANs. If it does the values + should be masked according to the rules of the MaskedAccountString common + type. + type: string + nickname: + description: A customer supplied nick name for the account + type: string + openStatus: + default: OPEN + description: Open or closed status for the account. If not present then + OPEN is assumed + enum: + - CLOSED + - OPEN + type: string + isOwned: + default: true + description: Flag indicating that the customer associated with the authorisation + is an owner of the account. Does not indicate sole ownership, however. + If not present then 'true' is assumed + type: boolean + x-cds-type: Boolean + accountOwnership: + description: Value indicating the number of customers that have ownership + of the account, according to the data holder's definition of account ownership. + Does not indicate that all account owners are eligible consumers + enum: + - UNKNOWN + - ONE_PARTY + - TWO_PARTY + - MANY_PARTY + - OTHER + type: string + maskedNumber: + description: A masked version of the account. Whether BSB/Account Number, + Credit Card PAN or another number + type: string + x-cds-type: MaskedAccountString + productCategory: + $ref: '#/components/schemas/BankingProductCategory' + productName: + description: The unique identifier of the account as defined by the data + holder (akin to model number for the account) + type: string + required: + - accountId + - accountOwnership + - displayName + - maskedNumber + - productCategory + - productName + type: object + ResponseBankingAccountByIdV3: + example: + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/BankingAccountDetailV3' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + BankingAccountDetailV3: + allOf: + - $ref: '#/components/schemas/BankingAccountV2' + - $ref: '#/components/schemas/BankingAccountDetailV3_allOf' + BankingTermDepositAccount: + properties: + lodgementDate: + description: The lodgement date of the original deposit + type: string + x-cds-type: DateString + maturityDate: + description: Maturity date for the term deposit + type: string + x-cds-type: DateString + maturityAmount: + description: Amount to be paid upon maturity. If absent it implies the amount + to paid is variable and cannot currently be calculated + type: string + x-cds-type: AmountString + maturityCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + maturityInstructions: + description: Current instructions on action to be taken at maturity. This + includes default actions that may be specified in the terms and conditions + for the product e.g. roll-over to the same term and frequency of interest + payments + enum: + - HOLD_ON_MATURITY + - PAID_OUT_AT_MATURITY + - ROLLED_OVER + type: string + required: + - lodgementDate + - maturityDate + - maturityInstructions + type: object + BankingCreditCardAccount: + properties: + minPaymentAmount: + description: The minimum payment amount due for the next card payment + type: string + x-cds-type: AmountString + paymentDueAmount: + description: The amount due for the next card payment + type: string + x-cds-type: AmountString + paymentCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + paymentDueDate: + description: Date that the next payment for the card is due + type: string + x-cds-type: DateString + required: + - minPaymentAmount + - paymentDueAmount + - paymentDueDate + type: object + BankingLoanAccountV2: + properties: + originalStartDate: + description: Optional original start date for the loan + type: string + x-cds-type: DateString + originalLoanAmount: + description: Optional original loan value + type: string + x-cds-type: AmountString + originalLoanCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + loanEndDate: + description: Date that the loan is due to be repaid in full + type: string + x-cds-type: DateString + nextInstalmentDate: + description: Next date that an instalment is required + type: string + x-cds-type: DateString + minInstalmentAmount: + description: Minimum amount of next instalment + type: string + x-cds-type: AmountString + minInstalmentCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + maxRedraw: + description: Maximum amount of funds that can be redrawn. If not present + redraw is not available even if the feature exists for the account + type: string + x-cds-type: AmountString + maxRedrawCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + minRedraw: + description: Minimum redraw amount + type: string + x-cds-type: AmountString + minRedrawCurrency: + description: If absent assumes AUD + type: string + x-cds-type: CurrencyString + offsetAccountEnabled: + description: Set to true if one or more offset accounts are configured for + this loan account + type: boolean + x-cds-type: Boolean + offsetAccountIds: + description: The accountIDs of the configured offset accounts attached to + this loan. Only offset accounts that can be accessed under the current + authorisation should be included. It is expected behaviour that offsetAccountEnabled + is set to true but the offsetAccountIds field is absent or empty. This + represents a situation where an offset account exists but details can + not be accessed under the current authorisation + items: + type: string + x-cds-type: ASCIIString + type: array + repaymentType: + default: PRINCIPAL_AND_INTEREST + description: Options in place for repayments. If absent defaults to PRINCIPAL_AND_INTEREST + enum: + - INTEREST_ONLY + - PRINCIPAL_AND_INTEREST + type: string + repaymentFrequency: + description: The expected or required repayment frequency. Formatted according + to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) + type: string + x-cds-type: ExternalRef + type: object + ResponseBankingTransactionList: + example: + data: + transactions: + - postingDateTime: postingDateTime + amount: amount + apcaNumber: apcaNumber + isDetailAvailable: true + description: description + type: DIRECT_DEBIT + billerName: billerName + executionDateTime: executionDateTime + transactionId: transactionId + merchantName: merchantName + billerCode: billerCode + reference: reference + accountId: accountId + merchantCategoryCode: merchantCategoryCode + valueDateTime: valueDateTime + currency: currency + crn: crn + status: PENDING + - postingDateTime: postingDateTime + amount: amount + apcaNumber: apcaNumber + isDetailAvailable: true + description: description + type: DIRECT_DEBIT + billerName: billerName + executionDateTime: executionDateTime + transactionId: transactionId + merchantName: merchantName + billerCode: billerCode + reference: reference + accountId: accountId + merchantCategoryCode: merchantCategoryCode + valueDateTime: valueDateTime + currency: currency + crn: crn + status: PENDING + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingTransactionList_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + BankingTransaction: + example: + postingDateTime: postingDateTime + amount: amount + apcaNumber: apcaNumber + isDetailAvailable: true + description: description + type: DIRECT_DEBIT + billerName: billerName + executionDateTime: executionDateTime + transactionId: transactionId + merchantName: merchantName + billerCode: billerCode + reference: reference + accountId: accountId + merchantCategoryCode: merchantCategoryCode + valueDateTime: valueDateTime + currency: currency + crn: crn + status: PENDING + properties: + accountId: + description: ID of the account for which transactions are provided + type: string + x-cds-type: ASCIIString + transactionId: + description: A unique ID of the transaction adhering to the standards for + ID permanence. This is mandatory (through hashing if necessary) unless + there are specific and justifiable technical reasons why a transaction + cannot be uniquely identified for a particular account type. It is mandatory + if `isDetailAvailable` is set to true. + type: string + x-cds-type: ASCIIString + isDetailAvailable: + description: True if extended information is available using the transaction + detail end point. False if extended data is not available + type: boolean + x-cds-type: Boolean + type: + description: The type of the transaction + enum: + - DIRECT_DEBIT + - FEE + - INTEREST_CHARGED + - INTEREST_PAID + - OTHER + - PAYMENT + - TRANSFER_INCOMING + - TRANSFER_OUTGOING + type: string + status: + description: Status of the transaction whether pending or posted. Note that + there is currently no provision in the standards to guarantee the ability + to correlate a pending transaction with an associated posted transaction + enum: + - PENDING + - POSTED + type: string + description: + description: The transaction description as applied by the financial institution + type: string + postingDateTime: + description: The time the transaction was posted. This field is Mandatory + if the transaction has status POSTED. This is the time that appears on + a standard statement + type: string + x-cds-type: DateTimeString + valueDateTime: + description: Date and time at which assets become available to the account + owner in case of a credit entry, or cease to be available to the account + owner in case of a debit transaction entry + type: string + x-cds-type: DateTimeString + executionDateTime: + description: The time the transaction was executed by the originating customer, + if available + type: string + x-cds-type: DateTimeString + amount: + description: The value of the transaction. Negative values mean money was + outgoing from the account + type: string + x-cds-type: AmountString + currency: + description: The currency for the transaction amount. AUD assumed if not + present + type: string + x-cds-type: CurrencyString + reference: + description: The reference for the transaction provided by the originating + institution. Empty string if no data provided + type: string + merchantName: + description: Name of the merchant for an outgoing payment to a merchant + type: string + merchantCategoryCode: + description: The merchant category code (or MCC) for an outgoing payment + to a merchant + type: string + billerCode: + description: BPAY Biller Code for the transaction (if available) + type: string + billerName: + description: Name of the BPAY biller for the transaction (if available) + type: string + crn: + description: BPAY CRN for the transaction (if available).
Where the + CRN contains sensitive information, it should be masked in line with how + the Data Holder currently displays account identifiers in their existing + online banking channels. If the contents of the CRN match the format of + a Credit Card PAN they should be masked according to the rules applicable + for MaskedPANString. If the contents are otherwise sensitive, then it + should be masked using the rules applicable for the MaskedAccountString + common type. + type: string + apcaNumber: + description: 6 Digit APCA number for the initiating institution. The field + is fixed-width and padded with leading zeros if applicable. + type: string + required: + - accountId + - amount + - description + - isDetailAvailable + - reference + - status + - type + type: object + x-conditional: + - transactionId + - postingDateTime + - crn + ResponseBankingTransactionById: + example: + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/BankingTransactionDetail' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + BankingTransactionDetail: + allOf: + - $ref: '#/components/schemas/BankingTransaction' + - $ref: '#/components/schemas/BankingTransactionDetail_allOf' + ResponseBankingAccountsBalanceList: + example: + data: + balances: + - accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + - accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingAccountsBalanceList_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + ResponseBankingAccountsBalanceById: + example: + data: + accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/BankingBalance' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + BankingBalance: + example: + accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + properties: + accountId: + description: A unique ID of the account adhering to the standards for ID + permanence + type: string + x-cds-type: ASCIIString + currentBalance: + description: The balance of the account at this time. Should align to the + balance available via other channels such as Internet Banking. Assumed + to be negative if the customer has money owing + type: string + x-cds-type: AmountString + availableBalance: + description: Balance representing the amount of funds available for transfer. + Assumed to be zero or positive + type: string + x-cds-type: AmountString + creditLimit: + description: Object representing the maximum amount of credit that is available + for this account. Assumed to be zero if absent + type: string + x-cds-type: AmountString + amortisedLimit: + description: Object representing the available limit amortised according + to payment schedule. Assumed to be zero if absent + type: string + x-cds-type: AmountString + currency: + description: The currency for the balance amounts. If absent assumed to + be AUD + type: string + x-cds-type: CurrencyString + purses: + description: Optional array of balances for the account in other currencies. + Included to support accounts that support multi-currency purses such as + Travel Cards + items: + $ref: '#/components/schemas/BankingBalancePurse' + type: array + required: + - accountId + - availableBalance + - currentBalance + type: object + BankingBalancePurse: + example: + amount: amount + currency: currency + properties: + amount: + description: The balance available for this additional currency purse + type: string + x-cds-type: AmountString + currency: + description: The currency for the purse + type: string + x-cds-type: CurrencyString + required: + - amount + type: object + ResponseBankingPayeeListV2: + example: + data: + payees: + - nickname: nickname + description: description + payeeId: payeeId + type: BILLER + creationDate: creationDate + - nickname: nickname + description: description + payeeId: payeeId + type: BILLER + creationDate: creationDate + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingPayeeListV2_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + ResponseBankingPayeeByIdV2: + example: + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/BankingPayeeDetailV2' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + BankingPayeeV2: + example: + nickname: nickname + description: description + payeeId: payeeId + type: BILLER + creationDate: creationDate + properties: + payeeId: + description: ID of the payee adhering to the rules of ID permanence + type: string + x-cds-type: ASCIIString + nickname: + description: The short display name of the payee as provided by the customer. + Where a customer has not provided a nickname, a display name derived by + the bank for the payee consistent with existing digital banking channels + type: string + description: + description: A description of the payee provided by the customer + type: string + type: + description: The type of payee.
DOMESTIC means a registered payee for + domestic payments including NPP.
INTERNATIONAL means a registered + payee for international payments.
BILLER means a registered payee + for BPAY.
DIGITAL_WALLET means a registered payee for a bank's digital + wallet + enum: + - BILLER + - DIGITAL_WALLET + - DOMESTIC + - INTERNATIONAL + type: string + creationDate: + description: The date the payee was created by the customer + type: string + x-cds-type: DateString + required: + - nickname + - payeeId + - type + type: object + BankingPayeeDetailV2: + allOf: + - $ref: '#/components/schemas/BankingPayeeV2' + - $ref: '#/components/schemas/BankingPayeeDetailV2_allOf' + BankingDomesticPayee: + example: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + properties: + payeeAccountUType: + description: 'Type of account object included. Valid values are: **account** + A standard Australian account defined by BSB/Account Number. **card** + A credit or charge card to pay to (note that PANs are masked). **payId** + A PayID recognised by NPP' + enum: + - account + - card + - payId + type: string + account: + $ref: '#/components/schemas/BankingDomesticPayeeAccount' + card: + $ref: '#/components/schemas/BankingDomesticPayeeCard' + payId: + $ref: '#/components/schemas/BankingDomesticPayeePayId' + required: + - payeeAccountUType + type: object + x-conditional: + - account + - card + - payId + BankingDomesticPayeeAccount: + example: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + properties: + accountName: + description: Name of the account to pay to + type: string + bsb: + description: BSB of the account to pay to + type: string + accountNumber: + description: Number of the account to pay to + type: string + required: + - accountNumber + - bsb + type: object + BankingDomesticPayeeCard: + example: + cardNumber: cardNumber + properties: + cardNumber: + description: Name of the account to pay to + type: string + x-cds-type: MaskedPANString + required: + - cardNumber + type: object + BankingDomesticPayeePayId: + example: + identifier: identifier + name: name + type: ABN + properties: + name: + description: The name assigned to the PayID by the owner of the PayID + type: string + identifier: + description: The identifier of the PayID (dependent on type) + type: string + type: + description: The type of the PayID + enum: + - ABN + - EMAIL + - ORG_IDENTIFIER + - TELEPHONE + type: string + required: + - identifier + - type + type: object + BankingBillerPayee: + example: + billerName: billerName + crn: crn + billerCode: billerCode + properties: + billerCode: + description: BPAY Biller Code of the Biller + type: string + crn: + description: BPAY CRN of the Biller (if available).
Where the CRN contains + sensitive information, it should be masked in line with how the Data Holder + currently displays account identifiers in their existing online banking + channels. If the contents of the CRN match the format of a Credit Card + PAN they should be masked according to the rules applicable for MaskedPANString. + If the contents are otherwise sensitive, then it should be masked using + the rules applicable for the MaskedAccountString common type. + type: string + billerName: + description: Name of the Biller + type: string + required: + - billerCode + - billerName + type: object + x-conditional: + - crn + BankingInternationalPayee: + example: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + properties: + beneficiaryDetails: + $ref: '#/components/schemas/BankingInternationalPayee_beneficiaryDetails' + bankDetails: + $ref: '#/components/schemas/BankingInternationalPayee_bankDetails' + required: + - bankDetails + - beneficiaryDetails + type: object + BankingDigitalWalletPayee: + example: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + properties: + name: + description: The display name of the wallet as given by the customer, else + a default value defined by the data holder + type: string + identifier: + description: The identifier of the digital wallet (dependent on type) + type: string + type: + description: The type of the digital wallet identifier + enum: + - EMAIL + - CONTACT_NAME + - TELEPHONE + type: string + provider: + description: The provider of the digital wallet + enum: + - PAYPAL_AU + - OTHER + type: string + required: + - identifier + - name + - provider + - type + type: object + ResponseBankingDirectDebitAuthorisationList: + example: + data: + directDebitAuthorisations: + - lastDebitAmount: lastDebitAmount + accountId: accountId + lastDebitDateTime: lastDebitDateTime + authorisedEntity: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + - lastDebitAmount: lastDebitAmount + accountId: accountId + lastDebitDateTime: lastDebitDateTime + authorisedEntity: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingDirectDebitAuthorisationList_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + BankingDirectDebit: + example: + lastDebitAmount: lastDebitAmount + accountId: accountId + lastDebitDateTime: lastDebitDateTime + authorisedEntity: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + properties: + accountId: + description: A unique ID of the account adhering to the standards for ID + permanence. + type: string + x-cds-type: ASCIIString + authorisedEntity: + $ref: '#/components/schemas/BankingAuthorisedEntity' + lastDebitDateTime: + description: The date and time of the last debit executed under this authorisation + type: string + x-cds-type: DateTimeString + lastDebitAmount: + description: The amount of the last debit executed under this authorisation + type: string + x-cds-type: AmountString + required: + - accountId + - authorisedEntity + type: object + BankingAuthorisedEntity: + example: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + properties: + description: + description: Description of the authorised entity derived from previously + executed direct debits + type: string + financialInstitution: + description: Name of the financial institution through which the direct + debit will be executed. Is required unless the payment is made via a credit + card scheme + type: string + abn: + description: Australian Business Number for the authorised entity + type: string + acn: + description: Australian Company Number for the authorised entity + type: string + arbn: + description: Australian Registered Body Number for the authorised entity + type: string + type: object + x-conditional: + - financialInstitution + ResponseBankingScheduledPaymentsListV2: + example: + data: + scheduledPayments: + - recurrence: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + scheduledPaymentId: scheduledPaymentId + payeeReference: payeeReference + payerReference: payerReference + nickname: nickname + from: + accountId: accountId + paymentSet: + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + status: ACTIVE + - recurrence: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + scheduledPaymentId: scheduledPaymentId + payeeReference: payeeReference + payerReference: payerReference + nickname: nickname + from: + accountId: accountId + paymentSet: + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + status: ACTIVE + meta: + totalRecords: 0 + totalPages: 6 + links: + next: next + last: last + prev: prev + self: self + first: first + properties: + data: + $ref: '#/components/schemas/ResponseBankingScheduledPaymentsListV2_data' + links: + $ref: '#/components/schemas/LinksPaginated' + meta: + $ref: '#/components/schemas/MetaPaginated' + required: + - data + - links + - meta + type: object + BankingScheduledPaymentV2: + example: + recurrence: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + scheduledPaymentId: scheduledPaymentId + payeeReference: payeeReference + payerReference: payerReference + nickname: nickname + from: + accountId: accountId + paymentSet: + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + status: ACTIVE + properties: + scheduledPaymentId: + description: A unique ID of the scheduled payment adhering to the standards + for ID permanence + type: string + x-cds-type: ASCIIString + nickname: + description: The short display name of the scheduled payment as provided + by the customer if provided. Where a customer has not provided a nickname, + a display name derived by the bank for the scheduled payment should be + provided that is consistent with existing digital banking channels + type: string + payerReference: + description: The reference for the transaction that will be used by the + originating institution for the purposes of constructing a statement narrative + on the payer’s account. Empty string if no data provided + type: string + payeeReference: + description: The reference for the transaction, if applicable, that will + be provided by the originating institution for all payments in the payment + set. Empty string if no data provided + type: string + status: + description: Indicates whether the schedule is currently active. The value + SKIP is equivalent to ACTIVE except that the customer has requested the + next normal occurrence to be skipped. + enum: + - ACTIVE + - INACTIVE + - SKIP + type: string + from: + $ref: '#/components/schemas/BankingScheduledPaymentFrom' + paymentSet: + items: + $ref: '#/components/schemas/BankingScheduledPaymentSetV2' + type: array + recurrence: + $ref: '#/components/schemas/BankingScheduledPaymentRecurrence' + required: + - from + - payerReference + - paymentSet + - recurrence + - scheduledPaymentId + - status + type: object + x-conditional: + - payeeReference + BankingScheduledPaymentSetV2: + description: The set of payment amounts and destination accounts for this payment + accommodating multi-part payments. A single entry indicates a simple payment + with one destination account. Must have at least one entry + example: + isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + properties: + to: + $ref: '#/components/schemas/BankingScheduledPaymentToV2' + isAmountCalculated: + description: Flag indicating whether the amount of the payment is calculated + based on the context of the event. For instance a payment to reduce the + balance of a credit card to zero. If absent then false is assumed + type: boolean + x-cds-type: Boolean + amount: + description: The amount of the next payment if known. Mandatory unless the + isAmountCalculated field is set to true. Must be zero or positive if present + type: string + x-cds-type: AmountString + currency: + description: The currency for the payment. AUD assumed if not present + type: string + x-cds-type: CurrencyString + required: + - to + type: object + x-conditional: + - amount + BankingScheduledPaymentToV2: + description: Object containing details of the destination of the payment. Used + to specify a variety of payment destination types + example: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + properties: + toUType: + description: The type of object provided that specifies the destination + of the funds for the payment. + enum: + - accountId + - biller + - digitalWallet + - domestic + - international + - payeeId + type: string + accountId: + description: Present if toUType is set to accountId. Indicates that the + payment is to another account that is accessible under the current consent + type: string + x-cds-type: ASCIIString + payeeId: + description: Present if toUType is set to payeeId. Indicates that the payment + is to registered payee that can be accessed using the payee end point. + If the Bank Payees scope has not been consented to then a payeeId should + not be provided and the full payee details should be provided instead + type: string + x-cds-type: ASCIIString + nickname: + description: The short display name of the payee as provided by the customer + unless toUType is set to payeeId. Where a customer has not provided a + nickname, a display name derived by the bank for payee should be provided + that is consistent with existing digital banking channels + type: string + payeeReference: + description: The reference for the transaction, if applicable, that will + be provided by the originating institution for the specific payment. If + not empty, it overrides the value provided at the BankingScheduledPayment + level. + type: string + digitalWallet: + $ref: '#/components/schemas/BankingDigitalWalletPayee' + domestic: + $ref: '#/components/schemas/BankingDomesticPayee' + biller: + $ref: '#/components/schemas/BankingBillerPayee' + international: + $ref: '#/components/schemas/BankingInternationalPayee' + required: + - toUType + type: object + x-conditional: + - accountId + - payeeId + - digitalWallet + - domestic + - biller + - international + - nickname + - payeeReference + BankingScheduledPaymentFrom: + description: Object containing details of the source of the payment. Currently + only specifies an account ID but provided as an object to facilitate future + extensibility and consistency with the to object + example: + accountId: accountId + properties: + accountId: + description: ID of the account that is the source of funds for the payment + type: string + x-cds-type: ASCIIString + required: + - accountId + type: object + BankingScheduledPaymentRecurrence: + description: Object containing the detail of the schedule for the payment + example: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + properties: + nextPaymentDate: + description: The date of the next payment under the recurrence schedule + type: string + x-cds-type: DateString + recurrenceUType: + description: The type of recurrence used to define the schedule + enum: + - eventBased + - intervalSchedule + - lastWeekDay + - onceOff + type: string + onceOff: + $ref: '#/components/schemas/BankingScheduledPaymentRecurrenceOnceOff' + intervalSchedule: + $ref: '#/components/schemas/BankingScheduledPaymentRecurrenceIntervalSchedule' + lastWeekDay: + $ref: '#/components/schemas/BankingScheduledPaymentRecurrenceLastWeekday' + eventBased: + $ref: '#/components/schemas/BankingScheduledPaymentRecurrenceEventBased' + required: + - recurrenceUType + type: object + x-conditional: + - onceOff + - intervalSchedule + - lastWeekDay + - eventBased + BankingScheduledPaymentRecurrenceOnceOff: + description: Indicates that the payment is a once off payment on a specific + future date. Mandatory if recurrenceUType is set to onceOff + example: + paymentDate: paymentDate + properties: + paymentDate: + description: The scheduled date for the once off payment + type: string + x-cds-type: DateString + required: + - paymentDate + type: object + BankingScheduledPaymentRecurrenceIntervalSchedule: + description: Indicates that the schedule of payments is defined by a series + of intervals. Mandatory if recurrenceUType is set to intervalSchedule + example: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + properties: + finalPaymentDate: + description: The limit date after which no more payments should be made + using this schedule. If both finalPaymentDate and paymentsRemaining are + present then payments will stop according to the most constraining value. + If neither field is present the payments will continue indefinitely + type: string + x-cds-type: DateString + paymentsRemaining: + description: Indicates the number of payments remaining in the schedule. + If both finalPaymentDate and paymentsRemaining are present then payments + will stop according to the most constraining value, If neither field is + present the payments will continue indefinitely + example: 1 + type: integer + x-cds-type: PositiveInteger + nonBusinessDayTreatment: + default: "ON" + description: Enumerated field giving the treatment where a scheduled payment + date is not a business day. If absent assumed to be ON.
**AFTER** + - If a scheduled payment date is a non-business day the payment will be + made on the first business day after the scheduled payment date.
**BEFORE** + - If a scheduled payment date is a non-business day the payment will be + made on the first business day before the scheduled payment date.
**ON** + - If a scheduled payment date is a non-business day the payment will be + made on that day regardless.
**ONLY** - Payments only occur on business + days. If a scheduled payment date is a non-business day the payment will + be ignored + enum: + - AFTER + - BEFORE + - "ON" + - ONLY + type: string + intervals: + description: An array of interval objects defining the payment schedule. Each + entry in the array is additive, in that it adds payments to the overall + payment schedule. If multiple intervals result in a payment on the same + day then only one payment will be made. Must have at least one entry + items: + $ref: '#/components/schemas/BankingScheduledPaymentInterval' + type: array + required: + - intervals + type: object + BankingScheduledPaymentInterval: + example: + interval: interval + dayInInterval: dayInInterval + properties: + interval: + description: An interval for the payment. Formatted according to [ISO 8601 + Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes + recurrence syntax) with components less than a day in length ignored. + This duration defines the period between payments starting with nextPaymentDate + type: string + x-cds-type: ExternalRef + dayInInterval: + description: Uses an interval to define the ordinal day within the interval + defined by the interval field on which the payment occurs. If the resulting + duration is 0 days in length or larger than the number of days in the + interval then the payment will occur on the last day of the interval. + A duration of 1 day indicates the first day of the interval. If absent + the assumed value is P1D. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) + (excludes recurrence syntax) with components less than a day in length + ignored. The first day of a week is considered to be Monday. + type: string + x-cds-type: ExternalRef + required: + - interval + type: object + BankingScheduledPaymentRecurrenceLastWeekday: + description: Indicates that the schedule of payments is defined according to + the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType + is set to lastWeekDay + example: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + properties: + finalPaymentDate: + description: The limit date after which no more payments should be made + using this schedule. If both finalPaymentDate and paymentsRemaining are + present then payments will stop according to the most constraining value. + If neither field is present the payments will continue indefinitely + type: string + x-cds-type: DateString + paymentsRemaining: + description: Indicates the number of payments remaining in the schedule. + If both finalPaymentDate and paymentsRemaining are present then payments + will stop according to the most constraining value. If neither field is + present the payments will continue indefinitely + example: 1 + type: integer + x-cds-type: PositiveInteger + interval: + description: The interval for the payment. Formatted according to [ISO 8601 + Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes + recurrence syntax) with components less than a day in length ignored. + This duration defines the period between payments starting with nextPaymentDate + type: string + x-cds-type: ExternalRef + lastWeekDay: + description: The weekDay specified. The payment will occur on the last occurrence + of this weekday in the interval. + enum: + - FRI + - MON + - SAT + - SUN + - THU + - TUE + - WED + type: string + nonBusinessDayTreatment: + default: "ON" + description: Enumerated field giving the treatment where a scheduled payment + date is not a business day. If absent assumed to be ON.
**AFTER** + - If a scheduled payment date is a non-business day the payment will be + made on the first business day after the scheduled payment date.
**BEFORE** + - If a scheduled payment date is a non-business day the payment will be + made on the first business day before the scheduled payment date.
**ON** + - If a scheduled payment date is a non-business day the payment will be + made on that day regardless.
**ONLY** - Payments only occur on business + days. If a scheduled payment date is a non-business day the payment will + be ignored + enum: + - AFTER + - BEFORE + - "ON" + - ONLY + type: string + required: + - interval + - lastWeekDay + type: object + BankingScheduledPaymentRecurrenceEventBased: + description: Indicates that the schedule of payments is defined according to + an external event that cannot be predetermined. Mandatory if recurrenceUType + is set to eventBased + example: + description: description + properties: + description: + description: Description of the event and conditions that will result in + the payment. Expected to be formatted for display to a customer + type: string + required: + - description + type: object + ResponseCommonDiscoveryStatus: + example: + data: + updateTime: updateTime + explanation: explanation + expectedResolutionTime: expectedResolutionTime + detectionTime: detectionTime + status: OK + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/ResponseCommonDiscoveryStatus_data' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + ResponseDiscoveryOutagesList: + example: + data: + outages: + - duration: duration + outageTime: outageTime + isPartial: true + explanation: explanation + - duration: duration + outageTime: outageTime + isPartial: true + explanation: explanation + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/ResponseDiscoveryOutagesList_data' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + DiscoveryOutage: + example: + duration: duration + outageTime: outageTime + isPartial: true + explanation: explanation + properties: + outageTime: + description: Date and time that the outage is scheduled to begin + type: string + x-cds-type: DateTimeString + duration: + description: Planned duration of the outage. Formatted according to [ISO + 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes + recurrence syntax) + type: string + x-cds-type: ExternalRef + isPartial: + description: Flag that indicates, if present and set to true, that the outage + is only partial meaning that only a subset of normally available end points + will be affected by the outage + type: boolean + x-cds-type: Boolean + explanation: + description: Provides an explanation of the current outage that can be displayed + to an end customer + type: string + required: + - duration + - explanation + - outageTime + type: object + ResponseCommonCustomer: + example: + data: + person: + middleNames: + - middleNames + - middleNames + firstName: firstName + lastName: lastName + occupationCode: occupationCode + prefix: prefix + occupationCodeVersion: ANZSCO_1220.0_2013_V1.2 + suffix: suffix + lastUpdateTime: lastUpdateTime + organisation: + agentRole: agentRole + agentLastName: agentLastName + industryCodeVersion: ANZSIC_1292.0_2006_V2.0 + establishmentDate: establishmentDate + businessName: businessName + registeredCountry: registeredCountry + abn: abn + acn: acn + industryCode: industryCode + organisationType: COMPANY + legalName: legalName + isACNCRegistered: true + agentFirstName: agentFirstName + shortName: shortName + lastUpdateTime: lastUpdateTime + customerUType: organisation + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/ResponseCommonCustomer_data' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + ResponseCommonCustomerDetailV2: + example: + data: + customerUType: organisation + meta: '{}' + links: + self: self + properties: + data: + $ref: '#/components/schemas/ResponseCommonCustomerDetailV2_data' + links: + $ref: '#/components/schemas/Links' + meta: + type: object + required: + - data + - links + type: object + CommonPerson: + example: + middleNames: + - middleNames + - middleNames + firstName: firstName + lastName: lastName + occupationCode: occupationCode + prefix: prefix + occupationCodeVersion: ANZSCO_1220.0_2013_V1.2 + suffix: suffix + lastUpdateTime: lastUpdateTime + properties: + lastUpdateTime: + description: The date and time that this record was last updated by the + customer. If no update has occurred then this date should reflect the + initial creation date for the data + type: string + x-cds-type: DateTimeString + firstName: + description: For people with single names this field need not be present. + The single name should be in the lastName field. Where a data holder cannot + determine first and middle names from a collection of given names, a single + string representing all given names MAY be provided. + type: string + lastName: + description: For people with single names the single name should be in this + field + type: string + middleNames: + description: Field is mandatory but array may be empty + items: + type: string + type: array + prefix: + description: Also known as title or salutation. The prefix to the name + (e.g. Mr, Mrs, Ms, Miss, Sir, etc) + type: string + suffix: + description: Used for a trailing suffix to the name (e.g. Jr) + type: string + occupationCode: + description: Value is a valid **[[ANZSCO]](#iref-ANZSCO)** Standard Occupation + classification code. If the occupation code held by the data holder is + not one of the supported **[[ANZSCO]](#iref-ANZSCO)** versions, then it + must not be supplied. + type: string + x-cds-type: ExternalRef + occupationCodeVersion: + default: ANZSCO_1220.0_2013_V1.2 + description: The applicable **[[ANZSCO]](#iref-ANZSCO)** release version + of the occupation code provided. Mandatory if an ``occupationCode`` is + supplied. If ``occupationCode`` is supplied but ``occupationCodeVersion`` + is absent, default is ``ANZSCO_1220.0_2013_V1.2`` + enum: + - ANZSCO_1220.0_2006_V1.0 + - ANZSCO_1220.0_2006_V1.1 + - ANZSCO_1220.0_2013_V1.2 + - ANZSCO_1220.0_2013_V1.3 + type: string + required: + - lastName + - middleNames + type: object + x-conditional: + - occupationCodeVersion + CommonPersonDetailV2: + allOf: + - $ref: '#/components/schemas/CommonPerson' + - $ref: '#/components/schemas/CommonPersonDetailV2_allOf' + CommonOrganisation: + example: + agentRole: agentRole + agentLastName: agentLastName + industryCodeVersion: ANZSIC_1292.0_2006_V2.0 + establishmentDate: establishmentDate + businessName: businessName + registeredCountry: registeredCountry + abn: abn + acn: acn + industryCode: industryCode + organisationType: COMPANY + legalName: legalName + isACNCRegistered: true + agentFirstName: agentFirstName + shortName: shortName + lastUpdateTime: lastUpdateTime + properties: + lastUpdateTime: + description: The date and time that this record was last updated by the + customer. If no update has occurred then this date should reflect the + initial creation date for the data + type: string + x-cds-type: DateTimeString + agentFirstName: + description: The first name of the individual providing access on behalf + of the organisation. For people with single names this field need not + be present. The single name should be in the lastName field + type: string + agentLastName: + description: The last name of the individual providing access on behalf + of the organisation. For people with single names the single name should + be in this field + type: string + agentRole: + description: The role of the individual identified as the agent who is providing + authorisation. Expected to be used for display. Default to Unspecified + if the role is not known + type: string + businessName: + description: Name of the organisation + type: string + legalName: + description: Legal name, if different to the business name + type: string + shortName: + description: Short name used for communication, if different to the business + name + type: string + abn: + description: Australian Business Number for the organisation + type: string + acn: + description: Australian Company Number for the organisation. Required only + if an ACN is applicable for the organisation type + type: string + isACNCRegistered: + description: True if registered with the ACNC. False if not. Absent or + null if not confirmed. + type: boolean + x-cds-type: Boolean + industryCode: + description: A valid [ANZSIC](http://www.abs.gov.au/ANZSIC) code for the + organisation. If the industry code held by the data holder is not one + of the supported [ANZSIC](http://www.abs.gov.au/ANZSIC) versions, then + it must not be supplied. + type: string + x-cds-type: ExternalRef + industryCodeVersion: + default: ANZSIC_1292.0_2006_V2.0 + description: The applicable [ANZSIC](http://www.abs.gov.au/ANZSIC) release + version of the industry code provided. Should only be supplied if ``industryCode`` + is also supplied. If ``industryCode`` is supplied but ``industryCodeVersion`` + is absent, default is ``ANZSIC_1292.0_2006_V2.0`` + enum: + - ANZSIC_1292.0_2006_V1.0 + - ANZSIC_1292.0_2006_V2.0 + type: string + organisationType: + description: Legal organisation type + enum: + - COMPANY + - GOVERNMENT_ENTITY + - OTHER + - PARTNERSHIP + - SOLE_TRADER + - TRUST + type: string + registeredCountry: + description: Enumeration with values from [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) + country codes. Assumed to be AUS if absent + type: string + x-cds-type: ExternalRef + establishmentDate: + description: The date the organisation described was established + type: string + x-cds-type: DateString + required: + - agentLastName + - agentRole + - businessName + - organisationType + type: object + x-conditional: + - industryCodeVersion + CommonOrganisationDetailV2: + allOf: + - $ref: '#/components/schemas/CommonOrganisation' + - $ref: '#/components/schemas/CommonOrganisationDetailV2_allOf' + CommonPhoneNumber: + properties: + isPreferred: + description: May be true for one and only one entry to indicate the preferred + phone number. Assumed to be 'false' if not present + type: boolean + x-cds-type: Boolean + purpose: + description: The purpose of the number as specified by the customer + enum: + - HOME + - INTERNATIONAL + - MOBILE + - OTHER + - UNSPECIFIED + - WORK + type: string + countryCode: + description: If absent, assumed to be Australia (+61). The + should be included + type: string + areaCode: + description: Required for non Mobile Phones, if field is present and refers + to Australian code - the leading 0 should be omitted. + type: string + number: + description: The actual phone number, with leading zeros as appropriate + type: string + extension: + description: An extension number (if applicable) + type: string + fullNumber: + description: Fully formatted phone number with country code, area code, + number and extension incorporated. Formatted according to section 5.1.4. + of **[[RFC3966]](#iref-RFC3966)** + type: string + x-cds-type: ExternalRef + required: + - fullNumber + - number + - purpose + type: object + x-conditional: + - areaCode + CommonEmailAddress: + properties: + isPreferred: + description: May be true for one and only one email record in the collection. + Denotes the default email address + type: boolean + x-cds-type: Boolean + purpose: + description: The purpose for the email, as specified by the customer (Enumeration) + enum: + - HOME + - OTHER + - UNSPECIFIED + - WORK + type: string + address: + description: A correctly formatted email address, as defined by the addr-spec + format in **[[RFC5322]](#nref-RFC5322)** + type: string + x-cds-type: ExternalRef + required: + - address + - purpose + type: object + CommonPhysicalAddressWithPurpose: + allOf: + - $ref: '#/components/schemas/CommonPhysicalAddress' + - $ref: '#/components/schemas/CommonPhysicalAddressWithPurpose_allOf' + CommonPhysicalAddress: + properties: + addressUType: + description: The type of address object present + enum: + - paf + - simple + type: string + simple: + $ref: '#/components/schemas/CommonSimpleAddress' + paf: + $ref: '#/components/schemas/CommonPAFAddress' + required: + - addressUType + type: object + x-conditional: + - simple + - paf + CommonSimpleAddress: + properties: + mailingName: + description: Name of the individual or business formatted for inclusion + in an address used for physical mail + type: string + addressLine1: + description: First line of the standard address object + type: string + addressLine2: + description: Second line of the standard address object + type: string + addressLine3: + description: Third line of the standard address object + type: string + postcode: + description: Mandatory for Australian addresses + type: string + city: + description: Name of the city or locality + type: string + state: + description: Free text if the country is not Australia. If country is Australia + then must be one of the values defined by the [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf) + in the PAF file format. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT + type: string + country: + default: AUS + description: A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) + country code. Australia (AUS) is assumed if country is not present. + type: string + x-cds-type: ExternalRef + required: + - addressLine1 + - city + - state + type: object + x-conditional: + - postcode + CommonPAFAddress: + description: Australian address formatted according to the file format defined + by the [PAF file format](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf) + properties: + dpid: + description: Unique identifier for an address as defined by Australia Post. Also + known as Delivery Point Identifier + type: string + thoroughfareNumber1: + description: Thoroughfare number for a property (first number in a property + ranged address) + type: integer + x-cds-type: PositiveInteger + thoroughfareNumber1Suffix: + description: Suffix for the thoroughfare number. Only relevant is thoroughfareNumber1 + is populated + type: string + thoroughfareNumber2: + description: Second thoroughfare number (only used if the property has a + ranged address eg 23-25) + type: integer + x-cds-type: PositiveInteger + thoroughfareNumber2Suffix: + description: Suffix for the second thoroughfare number. Only relevant is + thoroughfareNumber2 is populated + type: string + flatUnitType: + description: Type of flat or unit for the address + type: string + flatUnitNumber: + description: Unit number (including suffix, if applicable) + type: string + floorLevelType: + description: Type of floor or level for the address + type: string + floorLevelNumber: + description: Floor or level number (including alpha characters) + type: string + lotNumber: + description: Allotment number for the address + type: string + buildingName1: + description: Building/Property name 1 + type: string + buildingName2: + description: Building/Property name 2 + type: string + streetName: + description: The name of the street + type: string + streetType: + description: The street type. Valid enumeration defined by Australia Post + PAF code file + type: string + streetSuffix: + description: The street type suffix. Valid enumeration defined by Australia + Post PAF code file + type: string + postalDeliveryType: + description: Postal delivery type. (eg. PO BOX). Valid enumeration defined + by Australia Post PAF code file + type: string + postalDeliveryNumber: + description: Postal delivery number if the address is a postal delivery + type + type: integer + x-cds-type: PositiveInteger + postalDeliveryNumberPrefix: + description: Postal delivery number prefix related to the postal delivery + number + type: string + postalDeliveryNumberSuffix: + description: Postal delivery number suffix related to the postal delivery + number + type: string + localityName: + description: Full name of locality + type: string + postcode: + description: Postcode for the locality + type: string + state: + description: State in which the address belongs. Valid enumeration defined + by Australia Post PAF code file [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf). + NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT + type: string + required: + - localityName + - postcode + - state + type: object + ResponseCommonDiscoveryStatus_data: + example: + updateTime: updateTime + explanation: explanation + expectedResolutionTime: expectedResolutionTime + detectionTime: detectionTime + status: OK + properties: + status: + description: Enumeration with values. OK (implementation is fully functional). + PARTIAL_FAILURE (one or more end points are unexpectedly unavailable). + UNAVAILABLE (the full implementation is unexpectedly unavailable). SCHEDULED_OUTAGE + (an advertised outage is in effect) + enum: + - OK + - PARTIAL_FAILURE + - SCHEDULED_OUTAGE + - UNAVAILABLE + type: string + explanation: + description: Provides an explanation of the current outage that can be displayed + to an end customer. Mandatory if the status property is any value other + than OK + type: string + detectionTime: + description: The date and time that the current outage was detected. Should + only be present if the status property is PARTIAL_FAILURE or UNAVAILABLE + type: string + x-cds-type: DateTimeString + expectedResolutionTime: + description: The date and time that full service is expected to resume (if + known). Should not be present if the status property has a value of OK. + type: string + x-cds-type: DateTimeString + updateTime: + description: The date and time that this status was last updated by the + Data Holder. + type: string + x-cds-type: DateTimeString + required: + - status + - updateTime + type: object + x-conditional: + - explanation + ResponseDiscoveryOutagesList_data: + example: + outages: + - duration: duration + outageTime: outageTime + isPartial: true + explanation: explanation + - duration: duration + outageTime: outageTime + isPartial: true + explanation: explanation + properties: + outages: + description: List of scheduled outages. Property is mandatory but may contain + and empty list if no outages are scheduled + items: + $ref: '#/components/schemas/DiscoveryOutage' + type: array + required: + - outages + type: object + ResponseCommonCustomer_data: + example: + person: + middleNames: + - middleNames + - middleNames + firstName: firstName + lastName: lastName + occupationCode: occupationCode + prefix: prefix + occupationCodeVersion: ANZSCO_1220.0_2013_V1.2 + suffix: suffix + lastUpdateTime: lastUpdateTime + organisation: + agentRole: agentRole + agentLastName: agentLastName + industryCodeVersion: ANZSIC_1292.0_2006_V2.0 + establishmentDate: establishmentDate + businessName: businessName + registeredCountry: registeredCountry + abn: abn + acn: acn + industryCode: industryCode + organisationType: COMPANY + legalName: legalName + isACNCRegistered: true + agentFirstName: agentFirstName + shortName: shortName + lastUpdateTime: lastUpdateTime + customerUType: organisation + properties: + customerUType: + description: The type of customer object that is present + enum: + - organisation + - person + type: string + person: + $ref: '#/components/schemas/CommonPerson' + organisation: + $ref: '#/components/schemas/CommonOrganisation' + required: + - customerUType + type: object + x-conditional: + - person + - organisation + ResponseCommonCustomerDetailV2_data: + example: + customerUType: organisation + properties: + customerUType: + description: The type of customer object that is present + enum: + - organisation + - person + type: string + person: + $ref: '#/components/schemas/CommonPersonDetailV2' + organisation: + $ref: '#/components/schemas/CommonOrganisationDetailV2' + required: + - customerUType + type: object + x-conditional: + - person + - organisation + CommonPersonDetailV2_allOf: + properties: + phoneNumbers: + description: Array is mandatory but may be empty if no phone numbers are + held + items: + $ref: '#/components/schemas/CommonPhoneNumber' + type: array + emailAddresses: + description: May be empty + items: + $ref: '#/components/schemas/CommonEmailAddress' + type: array + physicalAddresses: + description: Array is mandatory but may be empty if no valid addresses are + held. One and only one address may have the purpose of REGISTERED. Zero + or one, and no more than one, record may have the purpose of MAIL. If + zero then the REGISTERED address is to be used for mail + items: + $ref: '#/components/schemas/CommonPhysicalAddressWithPurpose' + type: array + required: + - emailAddresses + - phoneNumbers + - physicalAddresses + type: object + CommonOrganisationDetailV2_allOf: + properties: + physicalAddresses: + description: Array is mandatory but may be empty if no valid addresses are + held. One and only one address may have the purpose of REGISTERED. Zero + or one, and no more than one, record may have the purpose of MAIL. If + zero then the REGISTERED address is to be used for mail + items: + $ref: '#/components/schemas/CommonPhysicalAddressWithPurpose' + type: array + required: + - physicalAddresses + type: object + CommonPhysicalAddressWithPurpose_allOf: + properties: + purpose: + description: Enumeration of values indicating the purpose of the physical + address + enum: + - MAIL + - OTHER + - PHYSICAL + - REGISTERED + - WORK + type: string + required: + - purpose + type: object + Links: + example: + self: self + properties: + self: + description: Fully qualified link that generated the current response document + type: string + x-cds-type: URIString + required: + - self + type: object + Meta: + type: object + LinksPaginated: + example: + next: next + last: last + prev: prev + self: self + first: first + properties: + self: + description: Fully qualified link that generated the current response document + type: string + x-cds-type: URIString + first: + description: URI to the first page of this set. Mandatory if this response + is not the first page + type: string + x-cds-type: URIString + prev: + description: URI to the previous page of this set. Mandatory if this response + is not the first page + type: string + x-cds-type: URIString + next: + description: URI to the next page of this set. Mandatory if this response + is not the last page + type: string + x-cds-type: URIString + last: + description: URI to the last page of this set. Mandatory if this response + is not the last page + type: string + x-cds-type: URIString + required: + - self + type: object + x-conditional: + - prev + - next + - first + - last + MetaPaginated: + example: + totalRecords: 0 + totalPages: 6 + properties: + totalRecords: + description: The total number of records in the full set. See [pagination](#pagination). + type: integer + x-cds-type: NaturalNumber + totalPages: + description: The total number of pages in the full set. See [pagination](#pagination). + type: integer + x-cds-type: NaturalNumber + required: + - totalPages + - totalRecords + type: object + MetaError: + description: Additional data for customised error codes + properties: + urn: + description: The CDR error code URN which the application-specific error + code extends. Mandatory if the error `code` is an application-specific + error rather than a standardised error code. + type: string + type: object + x-conditional: + - urn + ResponseErrorListV2: + properties: + errors: + items: + $ref: '#/components/schemas/ResponseErrorListV2_errors' + type: array + required: + - errors + type: object + x-conditional: + - meta + BankingProductCategory: + description: The category to which a product or account belongs. See [here](#product-categories) + for more details + enum: + - BUSINESS_LOANS + - CRED_AND_CHRG_CARDS + - LEASES + - MARGIN_LOANS + - OVERDRAFTS + - PERS_LOANS + - REGULATED_TRUST_ACCOUNTS + - RESIDENTIAL_MORTGAGES + - TERM_DEPOSITS + - TRADE_FINANCE + - TRANS_AND_SAVINGS_ACCOUNTS + - TRAVEL_CARDS + type: string + RequestAccountIds_data: + example: + accountIds: + - accountIds + - accountIds + properties: + accountIds: + items: + description: Array of specific accountIds to obtain authorisations for + type: string + x-cds-type: ASCIIString + type: array + required: + - accountIds + type: object + ResponseBankingProductListV2_data: + example: + products: + - additionalInformation: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + brandName: brandName + productId: productId + description: description + effectiveTo: effectiveTo + cardArt: + - imageUri: imageUri + title: title + - imageUri: imageUri + title: title + lastUpdated: lastUpdated + isTailored: true + name: name + applicationUri: applicationUri + effectiveFrom: effectiveFrom + brand: brand + - additionalInformation: + eligibilityUri: eligibilityUri + additionalFeesAndPricingUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalTermsUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + bundleUri: bundleUri + feesAndPricingUri: feesAndPricingUri + additionalBundleUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalEligibilityUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + additionalOverviewUris: + - additionalInfoUri: additionalInfoUri + description: description + - additionalInfoUri: additionalInfoUri + description: description + termsUri: termsUri + overviewUri: overviewUri + brandName: brandName + productId: productId + description: description + effectiveTo: effectiveTo + cardArt: + - imageUri: imageUri + title: title + - imageUri: imageUri + title: title + lastUpdated: lastUpdated + isTailored: true + name: name + applicationUri: applicationUri + effectiveFrom: effectiveFrom + brand: brand + properties: + products: + description: The list of products returned. If the filter results in an + empty set then this array may have no records + items: + $ref: '#/components/schemas/BankingProductV4' + type: array + required: + - products + type: object + BankingProductV4_cardArt: + example: + imageUri: imageUri + title: title + properties: + title: + description: Display label for the specific image + type: string + imageUri: + description: URI reference to a PNG, JPG or GIF image with proportions defined + by ISO 7810 ID-1 and width no greater than 512 pixels. The URI reference + may be a link or url-encoded data URI according to **[[RFC2397]](#nref-RFC2397)** + type: string + x-cds-type: URIString + required: + - imageUri + type: object + BankingProductDetailV4_allOf: + properties: + bundles: + description: An array of bundles that this product participates in. Each + bundle is described by free form information but also by a list of product + IDs of the other products that are included in the bundle. It is assumed + that the current product is included in the bundle also + items: + $ref: '#/components/schemas/BankingProductBundle' + type: array + features: + description: Array of features available for the product + items: + $ref: '#/components/schemas/BankingProductFeatureV2' + type: array + constraints: + description: Constraints on the application for or operation of the product + such as minimum balances or limit thresholds + items: + $ref: '#/components/schemas/BankingProductConstraint' + type: array + eligibility: + description: Eligibility criteria for the product + items: + $ref: '#/components/schemas/BankingProductEligibility' + type: array + fees: + description: Fees applicable for the product + items: + $ref: '#/components/schemas/BankingProductFee' + type: array + depositRates: + description: Interest rates available for deposits + items: + $ref: '#/components/schemas/BankingProductDepositRate' + type: array + lendingRates: + description: Interest rates charged against lending balances + items: + $ref: '#/components/schemas/BankingProductLendingRateV2' + type: array + type: object + ResponseBankingAccountListV2_data: + example: + accounts: + - accountId: accountId + maskedNumber: maskedNumber + openStatus: OPEN + displayName: displayName + isOwned: true + nickname: nickname + creationDate: creationDate + productName: productName + accountOwnership: UNKNOWN + - accountId: accountId + maskedNumber: maskedNumber + openStatus: OPEN + displayName: displayName + isOwned: true + nickname: nickname + creationDate: creationDate + productName: productName + accountOwnership: UNKNOWN + properties: + accounts: + description: The list of accounts returned. If the filter results in an + empty set then this array may have no records + items: + $ref: '#/components/schemas/BankingAccountV2' + type: array + required: + - accounts + type: object + BankingAccountDetailV3_allOf: + properties: + bsb: + description: The unmasked BSB for the account. Is expected to be formatted + as digits only with leading zeros included and no punctuation or spaces + type: string + accountNumber: + description: The unmasked account number for the account. Should not be + supplied if the account number is a PAN requiring PCI compliance. Is expected + to be formatted as digits only with leading zeros included and no punctuation + or spaces + type: string + bundleName: + description: Optional field to indicate if this account is part of a bundle + that is providing additional benefit for to the customer + type: string + specificAccountUType: + description: The type of structure to present account specific fields. + enum: + - creditCard + - loan + - termDeposit + type: string + termDeposit: + items: + $ref: '#/components/schemas/BankingTermDepositAccount' + type: array + creditCard: + $ref: '#/components/schemas/BankingCreditCardAccount' + loan: + $ref: '#/components/schemas/BankingLoanAccountV2' + depositRate: + description: current rate to calculate interest earned being applied to + deposit balances as it stands at the time of the API call + type: string + x-cds-type: RateString + lendingRate: + description: The current rate to calculate interest payable being applied + to lending balances as it stands at the time of the API call + type: string + x-cds-type: RateString + depositRates: + description: Fully described deposit rates for this account based on the + equivalent structure in Product Reference + items: + $ref: '#/components/schemas/BankingProductDepositRate' + type: array + lendingRates: + description: Fully described lending rates for this account based on the + equivalent structure in Product Reference + items: + $ref: '#/components/schemas/BankingProductLendingRateV2' + type: array + features: + description: Array of features of the account based on the equivalent structure + in Product Reference with the following additional field + items: + allOf: + - $ref: '#/components/schemas/BankingProductFeatureV2' + - properties: + isActivated: + default: true + description: True if the feature is already activated and false + if the feature is available for activation. Defaults to true if + absent. (note this is an additional field appended to the feature + object defined in the Product Reference payload) + type: boolean + x-cds-type: Boolean + type: object + type: object + type: array + fees: + description: Fees and charges applicable to the account based on the equivalent + structure in Product Reference + items: + $ref: '#/components/schemas/BankingProductFee' + type: array + addresses: + description: The addresses for the account to be used for correspondence + items: + $ref: '#/components/schemas/CommonPhysicalAddress' + type: array + type: object + x-conditional: + - termDeposit + - creditCard + - loan + ResponseBankingTransactionList_data: + example: + transactions: + - postingDateTime: postingDateTime + amount: amount + apcaNumber: apcaNumber + isDetailAvailable: true + description: description + type: DIRECT_DEBIT + billerName: billerName + executionDateTime: executionDateTime + transactionId: transactionId + merchantName: merchantName + billerCode: billerCode + reference: reference + accountId: accountId + merchantCategoryCode: merchantCategoryCode + valueDateTime: valueDateTime + currency: currency + crn: crn + status: PENDING + - postingDateTime: postingDateTime + amount: amount + apcaNumber: apcaNumber + isDetailAvailable: true + description: description + type: DIRECT_DEBIT + billerName: billerName + executionDateTime: executionDateTime + transactionId: transactionId + merchantName: merchantName + billerCode: billerCode + reference: reference + accountId: accountId + merchantCategoryCode: merchantCategoryCode + valueDateTime: valueDateTime + currency: currency + crn: crn + status: PENDING + properties: + transactions: + items: + $ref: '#/components/schemas/BankingTransaction' + type: array + required: + - transactions + type: object + BankingTransactionDetail_allOf_extendedData_x2p101Payload: + properties: + extendedDescription: + description: An extended string description. Required if the extensionUType + field is `x2p101Payload` + type: string + endToEndId: + description: An end to end ID for the payment created at initiation + type: string + purposeCode: + description: Purpose of the payment. Format is defined by NPP standards + for the x2p1.01 overlay service + type: string + type: object + x-conditional: + - extendedDescription + BankingTransactionDetail_allOf_extendedData: + properties: + payer: + description: Label of the originating payer. Mandatory for inbound payment + type: string + payee: + description: Label of the target PayID. Mandatory for an outbound payment. + The name assigned to the BSB/Account Number or PayID (by the owner of + the PayID) + type: string + extensionUType: + description: Optional extended data specific to transactions originated + via NPP + enum: + - x2p101Payload + type: string + x2p101Payload: + $ref: '#/components/schemas/BankingTransactionDetail_allOf_extendedData_x2p101Payload' + service: + description: 'Identifier of the applicable overlay service. Valid values + are: X2P1.01' + enum: + - X2P1.01 + type: string + required: + - service + type: object + x-conditional: + - payer + - payee + - x2p101Payload + BankingTransactionDetail_allOf: + properties: + extendedData: + $ref: '#/components/schemas/BankingTransactionDetail_allOf_extendedData' + required: + - extendedData + type: object + ResponseBankingAccountsBalanceList_data: + example: + balances: + - accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + - accountId: accountId + purses: + - amount: amount + currency: currency + - amount: amount + currency: currency + amortisedLimit: amortisedLimit + currentBalance: currentBalance + creditLimit: creditLimit + currency: currency + availableBalance: availableBalance + properties: + balances: + description: The list of balances returned + items: + $ref: '#/components/schemas/BankingBalance' + type: array + required: + - balances + type: object + ResponseBankingPayeeListV2_data: + example: + payees: + - nickname: nickname + description: description + payeeId: payeeId + type: BILLER + creationDate: creationDate + - nickname: nickname + description: description + payeeId: payeeId + type: BILLER + creationDate: creationDate + properties: + payees: + description: The list of payees returned + items: + $ref: '#/components/schemas/BankingPayeeV2' + type: array + required: + - payees + type: object + BankingPayeeDetailV2_allOf: + properties: + payeeUType: + description: Type of object included that describes the payee in detail + enum: + - biller + - digitalWallet + - domestic + - international + type: string + biller: + $ref: '#/components/schemas/BankingBillerPayee' + domestic: + $ref: '#/components/schemas/BankingDomesticPayee' + digitalWallet: + $ref: '#/components/schemas/BankingDigitalWalletPayee' + international: + $ref: '#/components/schemas/BankingInternationalPayee' + required: + - payeeUType + type: object + x-conditional: + - biller + - digitalWallet + - domestic + - international + BankingInternationalPayee_beneficiaryDetails: + example: + country: country + name: name + message: message + properties: + name: + description: Name of the beneficiary + type: string + country: + description: Country where the beneficiary resides. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) + country code + type: string + x-cds-type: ExternalRef + message: + description: Response message for the payment + type: string + required: + - country + type: object + BankingInternationalPayee_bankDetails_bankAddress: + example: + address: address + name: name + properties: + name: + description: Name of the recipient Bank + type: string + address: + description: Address of the recipient Bank + type: string + required: + - address + - name + type: object + BankingInternationalPayee_bankDetails: + example: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + properties: + country: + description: Country of the recipient institution. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) + country code + type: string + x-cds-type: ExternalRef + accountNumber: + description: Account Targeted for payment + type: string + bankAddress: + $ref: '#/components/schemas/BankingInternationalPayee_bankDetails_bankAddress' + beneficiaryBankBIC: + description: Swift bank code. Aligns with standard [ISO 9362](https://www.iso.org/standard/60390.html) + type: string + x-cds-type: ExternalRef + fedWireNumber: + description: Number for Fedwire payment (Federal Reserve Wire Network) + type: string + sortCode: + description: Sort code used for account identification in some jurisdictions + type: string + chipNumber: + description: Number for the Clearing House Interbank Payments System + type: string + routingNumber: + description: International bank routing number + type: string + legalEntityIdentifier: + description: The legal entity identifier (LEI) for the beneficiary. Aligns + with [ISO 17442](https://www.iso.org/standard/59771.html) + type: string + x-cds-type: ExternalRef + required: + - accountNumber + - country + type: object + ResponseBankingDirectDebitAuthorisationList_data: + example: + directDebitAuthorisations: + - lastDebitAmount: lastDebitAmount + accountId: accountId + lastDebitDateTime: lastDebitDateTime + authorisedEntity: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + - lastDebitAmount: lastDebitAmount + accountId: accountId + lastDebitDateTime: lastDebitDateTime + authorisedEntity: + arbn: arbn + description: description + financialInstitution: financialInstitution + abn: abn + acn: acn + properties: + directDebitAuthorisations: + description: The list of authorisations returned + items: + $ref: '#/components/schemas/BankingDirectDebit' + type: array + required: + - directDebitAuthorisations + type: object + ResponseBankingScheduledPaymentsListV2_data: + example: + scheduledPayments: + - recurrence: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + scheduledPaymentId: scheduledPaymentId + payeeReference: payeeReference + payerReference: payerReference + nickname: nickname + from: + accountId: accountId + paymentSet: + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + status: ACTIVE + - recurrence: + nextPaymentDate: nextPaymentDate + eventBased: + description: description + onceOff: + paymentDate: paymentDate + recurrenceUType: eventBased + intervalSchedule: + intervals: + - interval: interval + dayInInterval: dayInInterval + - interval: interval + dayInInterval: dayInInterval + paymentsRemaining: 1 + finalPaymentDate: finalPaymentDate + nonBusinessDayTreatment: "ON" + lastWeekDay: + paymentsRemaining: 1 + interval: interval + finalPaymentDate: finalPaymentDate + lastWeekDay: FRI + nonBusinessDayTreatment: "ON" + scheduledPaymentId: scheduledPaymentId + payeeReference: payeeReference + payerReference: payerReference + nickname: nickname + from: + accountId: accountId + paymentSet: + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + - isAmountCalculated: true + amount: amount + currency: currency + to: + domestic: + payeeAccountUType: account + payId: + identifier: identifier + name: name + type: ABN + account: + bsb: bsb + accountName: accountName + accountNumber: accountNumber + card: + cardNumber: cardNumber + accountId: accountId + biller: + billerName: billerName + crn: crn + billerCode: billerCode + digitalWallet: + identifier: identifier + provider: PAYPAL_AU + name: name + type: EMAIL + payeeReference: payeeReference + toUType: accountId + nickname: nickname + payeeId: payeeId + international: + bankDetails: + country: country + routingNumber: routingNumber + fedWireNumber: fedWireNumber + chipNumber: chipNumber + legalEntityIdentifier: legalEntityIdentifier + accountNumber: accountNumber + bankAddress: + address: address + name: name + sortCode: sortCode + beneficiaryBankBIC: beneficiaryBankBIC + beneficiaryDetails: + country: country + name: name + message: message + status: ACTIVE + properties: + scheduledPayments: + description: The list of scheduled payments to return + items: + $ref: '#/components/schemas/BankingScheduledPaymentV2' + type: array + required: + - scheduledPayments + type: object + ResponseErrorListV2_errors: + properties: + code: + description: The code of the error encountered. Where the error is specific + to the respondent, an application-specific error code, expressed as a + string value. If the error is application-specific, the URN code that + the specific error extends must be provided in the meta object. Otherwise, + the value is the error code URN. + type: string + title: + description: A short, human-readable summary of the problem that MUST NOT + change from occurrence to occurrence of the problem represented by the + error code. + type: string + detail: + description: A human-readable explanation specific to this occurrence of + the problem. + type: string + meta: + $ref: '#/components/schemas/MetaError' + required: + - code + - detail + - title + type: object +x-wso2-auth-header: "Authorization" +x-wso2-cors: + corsConfigurationEnabled: false + accessControlAllowOrigins: + - "*" + accessControlAllowCredentials: false + accessControlAllowHeaders: + - "authorization" + - "Access-Control-Allow-Origin" + - "Content-Type" + - "SOAPAction" + - "apikey" + accessControlAllowMethods: + - "GET" + - "PUT" + - "POST" + - "DELETE" + - "PATCH" + - "OPTIONS" +x-wso2-production-endpoints: "#/x-wso2-endpoints/productionEndpoint" +x-wso2-sandbox-endpoints: "#/x-wso2-endpoints/sandboxEndpoint" +x-wso2-endpoints: + - productionEndpoint: + urls: + - "https://localhost:9443/api/openbanking/backend-cds/services" + - sandboxEndpoint: + urls: + - "https://localhost:9443/api/openbanking/backend-cds/services" +x-wso2-basePath: "/cds-au/v1" +x-wso2-transports: + - "http" + - "https" +x-wso2-response-cache: + enabled: false + cacheTimeoutInSeconds: 300 diff --git a/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/README.md b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/README.md new file mode 100644 index 000000000..3ffa84f0b --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/README.md @@ -0,0 +1,6 @@ + +## CDS Dynamic Client Registration API - v0.2

+1. **Configure the following endpoint URL**
+Endpoint URL +Production- https://localhost:9446/api/openbanking/dynamic-client-registration +Sandbox- https://localhost:9446/api/openbanking/dynamic-client-registration \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-insequence-0.2.xml b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-insequence-0.2.xml new file mode 100644 index 000000000..a093c5813 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-insequence-0.2.xml @@ -0,0 +1,27 @@ + + + + +
+ + +
+
+ + diff --git a/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-swagger.yaml b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-swagger.yaml new file mode 100644 index 000000000..b70f17cb4 --- /dev/null +++ b/integration-test-suite/test-artifacts/apis/DynamicClientRegistration/0.2/au-dcr-swagger.yaml @@ -0,0 +1,581 @@ +swagger: '2.0' +info: + description: > + This specification defines the APIs for Data Holders exposing Dynamic Client + Registration endpoints + version: '0.2' + title: CDR Dynamic Client Registration API +basePath: '/open-banking/{version}' +schemes: + - https +consumes: + - application/jwt +produces: + - application/json +security: + - default: [] +paths: + /register: + post: + tags: + - Client Registration + summary: >- + Register a client using a CDR Register issued Software Statement + Assertion + parameters: + - in: body + name: ClientRegistrationRequest + description: >- + The registration request JWT, as defined in [Dynamic Client + Registration](https://cdr-register.github.io/register/#dynamic-client-registration), + to be used to register with a Data Holder + required: true + schema: + type: string + format: JWT + example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... + responses: + '201': + description: Client registration success + schema: + $ref: '#/definitions/RegistrationProperties' + '400': + description: Request failed due to client error + schema: + $ref: '#/definitions/RegistrationError' + security: + - default: [] + x-auth-type: None + x-throttling-tier: Unlimited + x-wso2-application-security: + security-types: + - oauth2 + optional: false + '/register/{ClientId}': + get: + tags: + - Client Registration + summary: Get a Client Registration for a given Client ID + parameters: + - name: ClientId + in: path + description: The client ID issued by the target Data Holder + required: true + type: string + - name: Authorization + in: header + description: >- + An Authorisation Token as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + required: true + type: string + responses: + '200': + description: Client registration retrieval success + schema: + $ref: '#/definitions/RegistrationProperties' + '401': + description: >- + Request failed due to unknown or invalid Client or invalid access + token + headers: + WWW-Authenticate: + type: string + description: >- + The Response Header Field as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + pattern: ^Bearer .* + '403': + description: >- + The client does not have permission to read, update or delete the + Client + security: + - TPPOAuth2Security: + - "cdr:registration" + - default: + - "cdr:registration" + x-auth-type: Application + x-throttling-tier: Unlimited + x-wso2-application-security: + security-types: + - oauth2 + optional: false + put: + tags: + - Client Registration + summary: Update a Client Registration for a given Client ID + parameters: + - name: ClientId + in: path + description: The client ID issued by the target Data Holder + required: true + type: string + - in: body + name: ClientRegistrationRequest + description: >- + The registration request JWT, as defined in [Dynamic Client + Registration](https://cdr-register.github.io/register/#dynamic-client-registration), + to be used to register with a Data Holder + required: true + schema: + type: string + format: JWT + example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... + - name: Authorization + in: header + description: >- + An Authorisation Token as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + required: true + type: string + responses: + '200': + description: Client registration update success + schema: + $ref: '#/definitions/RegistrationProperties' + '400': + description: Request failed due to client error + schema: + $ref: '#/definitions/RegistrationError' + '401': + description: >- + Request failed due to unknown or invalid Client or invalid access + token + headers: + WWW-Authenticate: + type: string + description: >- + The Response Header Field as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + pattern: ^Bearer .* + '403': + description: >- + The client does not have permission to read, update or delete the + Client + security: + - TPPOAuth2Security: + - "cdr:registration" + - default: + - "cdr:registration" + x-auth-type: Application + x-throttling-tier: Unlimited + x-wso2-application-security: + security-types: + - oauth2 + optional: false + delete: + tags: + - Client Registration + summary: Delete a Client Registration for a given Client ID + parameters: + - name: ClientId + in: path + description: The client ID issued by the target Data Holder + required: true + type: string + - name: Authorization + in: header + description: >- + An Authorisation Token as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + required: true + type: string + responses: + '204': + description: Client deleted + '401': + description: >- + Request failed due to unknown or invalid Client or invalid access + token + headers: + WWW-Authenticate: + type: string + description: >- + The Response Header Field as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + pattern: ^Bearer .* + '403': + description: >- + The client does not have permission to read, update or delete the + Client + '405': + description: Method Not Allowed. The requested method is unsupported + security: + - TPPOAuth2Security: + - "cdr:registration" + - default: + - "cdr:registration" + x-auth-type: Application + x-throttling-tier: Unlimited + x-wso2-application-security: + security-types: + - oauth2 + optional: false +securityDefinitions: + TPPOAuth2Security: + description: >- + TPP client credential authorisation flow with the ASPSP. No scopes defined + as per specification + type: oauth2 + tokenUrl: 'https://authserver.example/token' + flow: application + scopes: + cdr:registration: Ability to call registration endpoint + x-scopes-bindings: + cdr:registration: Internal/subscriber + default: + type: oauth2 + authorizationUrl: 'https://test.com' + flow: implicit + scopes: + cdr:registration: Ability to call registration endpoint + x-scopes-bindings: + cdr:registration: Internal/subscriber +definitions: + RegistrationProperties: + type: object + required: + - client_description + - client_id + - client_name + - client_uri + - grant_types + - id_token_encrypted_response_alg + - id_token_encrypted_response_enc + - jwks_uri + - logo_uri + - org_id + - org_name + - redirect_uris + - response_types + - scope + - software_id + - software_statement + - token_endpoint_auth_method + - token_endpoint_auth_signing_alg + properties: + client_id: + type: string + example: 35a5a70b-5b8d-41f4-9cbd-96cfbc15c58a + description: Data Holder issued client identifier string + client_id_issued_at: + type: integer + format: int32 + example: 1571808167 + description: >- + Time at which the client identifier was issued expressed as seconds + since 1970-01-01T00:00:00Z as measured in UTC + client_name: + type: string + example: Mock Software + description: >- + Human-readable string name of the software product to be presented to + the end-user during authorization + client_description: + type: string + example: A mock software product + description: >- + Human-readable string name of the software product description to be + presented to the end user during authorization + client_uri: + type: string + example: 'https://www.mockcompany.com.au' + description: URL string of a web page providing information about the client + org_id: + type: string + example: 3B0B0A7B-3E7B-4A2C-9497-E357A71D07C8 + description: >- + A unique identifier string assigned by the CDR Register that + identifies the Accredited Data Recipient Brand + org_name: + type: string + example: Mock Company Inc. + description: >- + Human-readable string name of the Accredited Data Recipient to be + presented to the end user during authorization + redirect_uris: + type: array + example: + - 'https://www.mockcompany.com.au/redirects/redirect1' + - 'https://www.mockcompany.com.au/redirects/redirect2' + description: >- + Array of redirection URI strings for use in redirect-based flows. If + used, redirect_uris MUST match or be a subset of the redirect_uris as + defined in the SSA + items: + type: string + format: uri + logo_uri: + type: string + example: 'https://www.mockcompany.com.au/logos/logo1.png' + description: >- + URL string that references a logo for the client. If present, the + server SHOULD display this image to the end-user during approval + tos_uri: + type: string + example: 'https://www.mockcompany.com.au/tos.html' + description: >- + URL string that points to a human-readable terms of service document + for the Software Product + policy_uri: + type: string + example: 'https://www.mockcompany.com.au/policy.html' + description: >- + URL string that points to a human-readable policy document for the + Software Product + jwks_uri: + type: string + example: 'https://www.mockcompany.com.au/jwks' + description: >- + URL string referencing the client JSON Web Key (JWK) Set [RFC7517] + document, which contains the client public keys + revocation_uri: + type: string + example: 'https://www.mockcompany.com.au/revocation' + description: >- + URI string that references the location of the Software Product + consent revocation endpoint + recipient_base_uri: + type: string + example: 'https://www.mockcompany.com.au' + description: >- + Base URI for the Consumer Data Standard Data Recipient endpoints. This + should be the base to provide reference to all other [Data Recipient + Endpoints](https://consumerdatastandardsaustralia.github.io/standards/#end-points) + token_endpoint_auth_method: + type: string + description: The requested authentication method for the token endpoint + enum: + - private_key_jwt + token_endpoint_auth_signing_alg: + type: string + description: The algorithm used for signing the JWT + enum: + - PS256 + - ES256 + grant_types: + type: array + description: >- + Array of OAuth 2.0 grant type strings that the client can use at the + token endpoint + items: + type: string + enum: + - client_credentials + - authorization_code + - refresh_token + response_types: + type: array + description: >- + Array of the OAuth 2.0 response type strings that the client can use + at the authorization endpoint. + items: + type: string + enum: + - code id_token + application_type: + type: string + description: >- + Kind of the application. The only supported application type will be + `web` + enum: + - web + id_token_signed_response_alg: + type: string + description: Algorithm with which an id_token is to be signed + enum: + - PS256 + - ES256 + id_token_encrypted_response_alg: + type: string + example: RSA-OAEP + description: JWE `alg` algorithm with which an id_token is to be encrypted + id_token_encrypted_response_enc: + type: string + example: A256GCM + description: JWE `enc` algorithm with which an id_token is to be encrypted + request_object_signing_alg: + type: string + description: >- + Algorithm which the ADR expects to sign the request object if a + request object will be part of the authorization request sent to the + Data Holder + enum: + - PS256 + - ES256 + software_statement: + type: string + format: JWT + description: >- + The Software Statement Assertion, as defined in [Dynamic Client + Registration](https://cdr-register.github.io/register/#dynamic-client-registration) + software_id: + type: string + example: 740C368F-ECF9-4D29-A2EA-0514A66B0CDE + description: >- + String representing a unique identifier assigned by the ACCC Register + and used by registration endpoints to identify the software product to + be dynamically registered.

The "software_id" will remain the + same for the lifetime of the product, across multiple updates and + versions + scope: + type: string + example: >- + bank:accounts.basic:read bank:accounts.detail:read + bank:transactions:read bank:payees:read bank:regular_payments:read + common:customer.basic:read common:customer.detail:read + description: >- + String containing a space-separated list of scope values that the + client can use when requesting access tokens. + ClientRegistration: + allOf: + - type: object + required: + - aud + - exp + - iat + - iss + - jti + properties: + iss: + type: string + example: CDR Software Product ID + description: >- + Contains the identifier for the ADR Software Product + (SoftwareProductId) as defined in the CDR Register + iat: + type: integer + format: int32 + example: 1571808167 + description: >- + The time at which the request was issued by the Data Recipient + expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC + exp: + type: integer + format: int32 + example: 2147483646 + description: >- + The time at which the request expires expressed as seconds since + 1970-01-01T00:00:00Z as measured in UTC + jti: + type: string + example: 37747cd1c10545699f754adf28b73e31 + description: 'Unique identifier for the JWT, used to prevent replay of the token' + aud: + type: string + example: 'https://secure.api.dataholder.com/issuer' + description: > + 'Contains the DH issuer value as described in the [OIDC Discovery + Document](https://consumerdatastandardsaustralia.github.io/standards/#end-points)'' + - $ref: '#/definitions/RegistrationProperties' + RegistrationError: + type: object + required: + - error + properties: + error: + type: string + description: >- + Predefined error code as described in [section 3.3 OIDC Dynamic Client + Registration](https://openid.net/specs/openid-connect-registration-1_0.html) + enum: + - invalid_redirect_uri + - invalid_client_metadata + - invalid_software_statement + - unapproved_software_statement + error_description: + type: string + description: Additional text description of the error for debugging. + x-wso2-auth-header: Authorization +parameters: + Authorization: + name: Authorization + in: header + description: >- + An Authorisation Token as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + required: true + type: string + ClientId: + name: ClientId + in: path + description: The client ID issued by the target Data Holder + required: true + type: string + ClientRegistrationRequest: + in: body + name: ClientRegistrationRequest + description: >- + The registration request JWT, as defined in [Dynamic Client + Registration](https://cdr-register.github.io/register/#dynamic-client-registration), + to be used to register with a Data Holder + required: true + schema: + type: string + format: JWT + example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... +responses: + 400Error: + description: Request failed due to client error + schema: + $ref: '#/definitions/RegistrationError' + 401Error: + description: Request failed due to unknown or invalid Client or invalid access token + headers: + WWW-Authenticate: + type: string + description: >- + The Response Header Field as per + [RFC6750](https://tools.ietf.org/html/rfc6750) + pattern: ^Bearer .* + 403Error: + description: 'The client does not have permission to read, update or delete the Client' + 405Error: + description: Method Not Allowed. The requested method is unsupported +x-wso2-endpoints: + - productionEndpoint: + urls: + - >- + https://localhost:9443/api/openbanking/dynamic-client-registration/common + - sandboxEndpoint: + urls: + - >- + https://localhost:9443/api/openbanking/dynamic-client-registration/common +x-wso2-auth-header: Authorization +x-wso2-cors: + corsConfigurationEnabled: false + accessControlAllowOrigins: + - '*' + accessControlAllowCredentials: false + accessControlAllowHeaders: + - authorization + - Access-Control-Allow-Origin + - Content-Type + - SOAPAction + - apikey + accessControlAllowMethods: + - GET + - PUT + - POST + - DELETE + - PATCH + - OPTIONS +x-wso2-production-endpoints: + urls: + - 'https://localhost:9443/api/openbanking/dynamic-client-registration/common' + type: http +x-wso2-sandbox-endpoints: + urls: + - 'https://localhost:9443/api/openbanking/dynamic-client-registration/common' + type: http +x-wso2-basePath: /open-banking/0.2 +x-wso2-transports: + - http + - https +x-wso2-application-security: + security-types: + - oauth2 + optional: false +x-wso2-response-cache: + enabled: false + cacheTimeoutInSeconds: 300 diff --git a/integration-test-suite/test-grid-job/deployment.properties b/integration-test-suite/test-grid-job/deployment.properties new file mode 100644 index 000000000..e00cf23b8 --- /dev/null +++ b/integration-test-suite/test-grid-job/deployment.properties @@ -0,0 +1,34 @@ +# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +ApimHostname=ob-am +IamHostname=ob-iam +BiHostname=ob-bi +BrowserAutomation.HeadlessEnabled=true +ApiVersion=1.3.0 +DbType=mysql +DBServerHost=localhost +DBUsername=root +DBPassword=p@ssw0rd +DBDriverClass=com.mysql.jdbc.Driver +#Following configuration is required only for Oracle DB +OracleDBSID=xe +#Value Should be mac or linux +OSName=mac +ApimServerPath=/Users/malshanisenarathne/Documents/CDS_Toolkit/MigrationNew/OB2_AM/wso2am-4.2.0 +#Value should be Smoke or Functional +TestType=Functional + From 1cf3378b4c3d9d8f912f166d6cb4b2bce717a845 Mon Sep 17 00:00:00 2001 From: malshanisenarathne Date: Fri, 6 Dec 2024 15:31:58 +0530 Subject: [PATCH 2/6] Test methods and artifacts required for test flow automation process --- .../CommonTppOnboardingStep.groovy | 1 + .../AUConfigurationService.groovy | 21 ++++++++++++- .../constant/AUConfigConstants.groovy | 3 ++ .../framework/constant/AUConstants.groovy | 18 +++++++---- .../framework/constant/AUPageObjects.groovy | 24 +++++++++++++++ .../AURegistrationRequestBuilder.groovy | 5 +++- .../resources/TestConfigurationExample.xml | 15 +++++----- .../AU/sample-client-resources-2/self_ssa.txt | 1 + .../AU/sample-client-resources-2/ssa.txt | 2 +- .../ssa_differentHostNames.txt | 1 + .../ssa_localhost.txt | 1 + .../ssa_withoutRedirectUrl.txt | 1 + .../signing-keystore/signing.key | 28 ----------------- .../signing-keystore/signing.pem | 30 ------------------- .../AU/sample-client-resources/ssa.txt | 2 +- 15 files changed, 79 insertions(+), 74 deletions(-) create mode 100644 integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/self_ssa.txt create mode 100644 integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_differentHostNames.txt create mode 100644 integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_localhost.txt create mode 100644 integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_withoutRedirectUrl.txt diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/tpponboarding/CommonTppOnboardingStep.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/tpponboarding/CommonTppOnboardingStep.groovy index b920f3f76..4826ce63f 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/tpponboarding/CommonTppOnboardingStep.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/tpponboarding/CommonTppOnboardingStep.groovy @@ -39,6 +39,7 @@ class CommonTppOnboardingStep extends AUTest{ @BeforeClass (alwaysRun = true) void "Delete Application if exists"() { + auConfiguration.setTppNumber(0) deleteApplicationIfExists() } diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/AUConfigurationService.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/AUConfigurationService.groovy index c5a1399ca..121f9c832 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/AUConfigurationService.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/configuration/AUConfigurationService.groovy @@ -296,5 +296,24 @@ class AUConfigurationService extends OBConfigurationService { String getOracleSid() { return configuration.get(AUConfigConstants.DATA_BASE_CONFIGURATION + "." + AUConfigConstants.ORACLE_DB_SID) } -} + /** + * Get Provisioning Enabled + */ + boolean isProvisioning() { + if (configuration.get(AUConfigConstants.PROVISIONING + "." + AUConfigConstants.PROVISIONING_ENABLED).equals("true")) { + return true + } else { + return false + } + } + + /** + * Get Provisioning File Path + */ + String getProvisionFilePath() { + return configuration.get(AUConfigConstants.PROVISIONING + "." + AUConfigConstants.PROVISIONING_FILE_PATH) + } + + +} diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConfigConstants.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConfigConstants.groovy index 0372921e6..848ab476f 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConfigConstants.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConfigConstants.groovy @@ -86,5 +86,8 @@ class AUConfigConstants { public static final String DB_PASSWORD = "DBPassword" public static final String DB_DRIVER_CLASS = "DBDriverClass" public static final String ORACLE_DB_SID = "OracleDBSID" + public static final String PROVISIONING = "Provisioning" + public static final String PROVISIONING_ENABLED = "Enabled" + public static final String PROVISIONING_FILE_PATH = "FilePath" } diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConstants.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConstants.groovy index 364f01eb8..38c1b7e9a 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConstants.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUConstants.groovy @@ -65,8 +65,8 @@ class AUConstants extends OBConstants { public static final String GET_STAT = "/admin/metrics" public static final String X_FAPI_FINANCIAL_ID = "x-fapi-financial-id" public static final String USERNAME = "admin@wso2.com" - public static final String PASSWORD = "wso2123" - public static final String ACCESS_TOKEN = "token" + public static final String ADMIN_PASSWORD = "wso2123" + public static final String ACCESS_TOKEN = "access_token" public static final String CONTENT = "application/x-www-form-urlencoded" public static final String CODE = "code" public static final String ERROR_INVALID_SOFTWARE_PRODUCT = "Invalid Software Product" @@ -75,7 +75,7 @@ class AUConstants extends OBConstants { public static final long SINGLE_ACCESS_CONSENT = 0 public static final long ONE_YEAR_DURATION = 31536200 public static final long NEGATIVE_DURATION = -3000 - public static final long AMENDED_SHARING_DURATION = 3000 + public static final long AMENDED_SHARING_DURATION = 150000 public static final long SHORT_SHARING_DURATION = 84600 static final long NEGATIVE_SHARING_DURATION = -3000 public static final long SHARING_DURATION_24H = 86400 @@ -487,7 +487,7 @@ class AUConstants extends OBConstants { public static final String ERROR_UNSUPPORTED_RESPONSE = "Unsupported response_type value. Only code response type is allowed." public static final String DCR_CLAIM_LEGAL_ENTITY_ID = "legal_entity_id" public static final String DCR_CLAIM_LEGAL_ENTITY_NAME = "legal_entity_name" - public static final String SAMPLE_LEGAL_ENTITY_ID = "TPP7" + public static final String SAMPLE_LEGAL_ENTITY_ID = "TPP2" public static final String SAMPLE_LEGAL_ENTITY_NAME = "Mock Company Pty Ltd." public static final String AlternateAccountId = "30080098763501" public static final CodeVerifier CODE_VERIFIER = new CodeVerifier() @@ -590,7 +590,7 @@ class AUConstants extends OBConstants { public static final String CALLBACK_MISMATCH = "Callback url mismatch" public static final String LOCALHOST = "localhost" - public static String REPORTING_DBNAME = "openbank_ob_reporting_statsdb" + public static String REPORTING_DBNAME = "mig_openbank_ob_reporting_statsdb" public static String UNAUTHENTICATED = "Unauthenticated" public static String HIGH_PRIORITY = "High Priority" public static String LOW_PRIORITY = "Low Priority" @@ -606,8 +606,16 @@ class AUConstants extends OBConstants { public static final String ERROR_CODE_INVALID_ARRANGEMENT = "urn:au-cds:error:cds-all:Authorisation/InvalidArrangement" public static final String INVALID_CONSENT_ARRANGEMENT = "Invalid Arrangement ID" public static TOKEN_ENDPOINT = "/oauth2/token" + public static final String REST_API_ADMIN_ENDPOINT = "/api/am/admin/v4/"; public static MESSAGE = "message" public static DESCRIPTION = "description" + public static REST_API_CLIENT_REGISTRATION_ENDPOINT = "/client-registration/v0.17/register" + public static final String REST_API_PUBLISHER_ENDPOINT = "/api/am/publisher/v4/apis/" + public static final String REST_API_STORE_ENDPOINT = "/api/am/store/v1/" + public static final String REST_API_SCIM2_ENDPOINT = "/scim2" + public static final String CONTENT_TYPE_APPLICATION_SCIM_JSON = "application/scim+json" + public static final String SUBSCRIBER_ROLE = "Internal/subscriber" + } diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUPageObjects.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUPageObjects.groovy index bebb38efa..c2f8579f4 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUPageObjects.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/constant/AUPageObjects.groovy @@ -217,4 +217,28 @@ class AUPageObjects { public static LBL_UNAVAILABLE_ACCOUNT = "//h4[contains(text(),'Accounts Unavailable To Share')]/following-sibling::div/" public static POPUP_UNAVAILABLE_ACCOUNTS = "//p[@id='UnavailableAccountPopover']" public static LBL_WHY_CANT_SHARE = "//h4[contains(text(),'Accounts Unavailable To Share')]/following-sibling::div/p[2]" + + static final String TXT_USERNAME = "//input[@id='txtUserName']" + static final String TXT_PASSWORD = "//input[@id='txtPassword']" + static final String BTN_SIGNIN = "//input[@value='Sign-in']" + + static final String LNK_SP_LIST = + "//li[text()='Service Providers']/following-sibling::li//a[contains(@href,'list_service_providers_menu')]" + static final String BTN_EDIT_SP = "//table[@id='ServiceProviders']/tbody/tr[1]/td[1]/following-sibling::td[2]/a[contains(@title,'Edit Service Providers')]" + static final String CHK_UPLOAD_SP_CERT = "//input[@id='choose_upload_certificate']" + static final String TXT_UPLOAD_CERT = "//textarea[@id='sp-certificate']" + static final String BTN_UPDATE = "//input[@value='Update']" + + static final String LNK_ADD_USER_AND_ROLE = "//a[contains(@href,'user_mgt_menu_add')]" + static final String LNK_ADD_NEW_USER = "//a[text()='Add New User']" + static final String LNK_ADD_NEW_ROLE = "//a[text()='Add New Role']" + + static final String TXT_NEW_USER_NAME = "//input[@name='username']" + static final String TXT_NEW_USER_PASSWORD = "//input[@name='password']" + static final String TXT_NEW_USER_CONFIRM_PASSWORD = "//input[@id='password-repeat']" + static final String BTN_NEXT = "//input[contains(@value,'Next')]" + static final String CHK_SUBSCRIBER_ROLE = "//input[@type='checkbox' and @value='Internal/subscriber']" + static final String BTN_FINISH = "//input[@value='Finish']" + static final String LBL_MESSAGE_BOX = "//div[@id='messagebox-info']/p" + static final String BTN_MESSAGEBOX_OK = "//div[@class='ui-dialog-buttonpane']/button[text()='OK']" } diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/AURegistrationRequestBuilder.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/AURegistrationRequestBuilder.groovy index 8b42cb6b6..0ddaaa489 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/AURegistrationRequestBuilder.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/request_builder/AURegistrationRequestBuilder.groovy @@ -227,7 +227,10 @@ class AURegistrationRequestBuilder extends OBRegistrationRequestBuilder { return regularClaims.addIssuer(getSoftwareID()).addSoftwareStatement(getSSA()) .removeKeyValue(AUConstants.RESPONSE_TYPES_KEY).addResponseType(ResponseType.CODE.toString()) .addIDTokenEncResponseAlg().addIDTokenEncResponseEnc() - .removeKeyValue(AUConstants.JTI_KEY).addJti(jti).getClaimsJsonAsString() + .addCustomValue(AUConstants.DCR_CLAIM_LEGAL_ENTITY_ID, AUConstants.SAMPLE_LEGAL_ENTITY_ID) + .addCustomValue(AUConstants.DCR_CLAIM_LEGAL_ENTITY_NAME, AUConstants.SAMPLE_LEGAL_ENTITY_NAME) + .removeKeyValue(AUConstants.JTI_KEY).addJti(jti) + .getClaimsJsonAsString() } String getClaimsWithUnsupportedTokenEndpointAuthMethod() { diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/resources/TestConfigurationExample.xml b/integration-test-suite/cds-toolkit-test-framework/src/main/resources/TestConfigurationExample.xml index b0c78a217..3fffbf61f 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/resources/TestConfigurationExample.xml +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/resources/TestConfigurationExample.xml @@ -118,7 +118,7 @@ - DCR.SoftwareId + AppConfig1.DCR.SoftwareId @@ -172,6 +172,7 @@ + AppConfig2.Transport.KeyStore.Location AppConfig2.Transport.KeyStore.Type @@ -189,14 +190,14 @@ - DCR.SoftwareId + AppConfig2.DCR.SoftwareId - AppConfig1.DCR.RedirectUri + AppConfig2.DCR.RedirectUri - AppConfig1.DCR.AlternateRedirectUri + AppConfig2.DCR.AlternateRedirectUri @@ -244,21 +245,21 @@ - psu1@wso2.com + psu@wso2.com wso2123 - nominatedUser1@wso2.com + nominatedUser2@wso2.com wso2123 - nominatedUser2@wso2.com + nominatedUser1@wso2.com wso2123 diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/self_ssa.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/self_ssa.txt new file mode 100644 index 000000000..5a2081fd5 --- /dev/null +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/self_ssa.txt @@ -0,0 +1 @@ +eyJhbGciOiJQUzI1NiIsImtpZCI6Inc3TkZlTU9EekNNT1plbl9XRUNBbEc5TjhnZyIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2MzAyOTY2MzksImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiIzQjBCMEE3Qi0zRTdCLTRBMkMtOTQ5Ny1FMzU3QTcxRDA3QzgiLCJvcmdfbmFtZSI6Ik1vY2sgQ29tcGFueSBJbmMuIiwiY2xpZW50X25hbWUiOiJNb2NrIFNvZnR3YXJlIDEiLCJjbGllbnRfZGVzY3JpcHRpb24iOiJBIG1vY2sgc29mdHdhcmUgcHJvZHVjdCBmb3IgdGVzdGluZyBTU0EiLCJjbGllbnRfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1IiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nb29nbGUuY29tL3JlZGlyZWN0cy9yZWRpcmVjdDEiLCJodHRwczovL3d3dy5nb29nbGUuY29tL3JlZGlyZWN0cy9yZWRpcmVjdDIiXSwibG9nb191cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvbG9nb3MvbG9nbzEucG5nIiwidG9zX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS90b3MuaHRtbCIsInBvbGljeV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvcG9saWN5Lmh0bWwiLCJqd2tzX3VyaSI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwicmV2b2NhdGlvbl91cmkiOiJodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2ltZXNoOTQvMzE3MmUyZTQ1NzU3Y2RhMDhlYzI3MjdmOTBiNzJjZWQvcmF3L2ZmMGQzZWFiZTRjZGRjZTQ3ZWVjMDIyOGY1OTIxNzUyMjNkZDkyYjIvd3NvMi1hdS1kY3ItZGVtby5qd2tzIiwicmVjaXBpZW50X2Jhc2VfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1Iiwic29mdHdhcmVfaWQiOiJvUTRLb2FhdnBPdW9FN3J2UXNaRU9WIiwic29mdHdhcmVfcm9sZXMiOiJkYXRhLXJlY2lwaWVudC1zb2Z0d2FyZS1wcm9kdWN0Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBiYW5rOmFjY291bnRzLmJhc2ljOnJlYWQgYmFuazphY2NvdW50cy5kZXRhaWw6cmVhZCBiYW5rOnRyYW5zYWN0aW9uczpyZWFkIGJhbms6cGF5ZWVzOnJlYWQgYmFuazpyZWd1bGFyX3BheW1lbnRzOnJlYWQgY29tbW9uOmN1c3RvbWVyLmJhc2ljOnJlYWQgY29tbW9uOmN1c3RvbWVyLmRldGFpbDpyZWFkIGNkcjpyZWdpc3RyYXRpb24ifQ.Q3ZlU6uxJX8crYHjHS-ZRaoDY5at62jMYNnwUhvp4fzPlffcZn4ItDgNlqw08uiNSLYy7f7q6JzV96lMGm8BqAJwab4eDVzRUQlfUcNss75_o4ts91uADAN3GaOrrtZ4L8BhZRBcqe-UvcWLy7JME9su26CvBHfDxHRymZe0aOi8zPbR9J7048nE9eYxjhBZC8nt-Su93Ar88htvz1u9l9gQJKsoCbtP1LbkvqVvHNOg_hC7g7AE4n_3uJNaqzvObv_eEasqrrvbVP_umakl1tB_6tCY0f_plRrQo9XsszAxwlfKsYcY1XrE89pd-h2Cn14aml_m0rQoEf3N0OHsjw \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa.txt index 2e3fa60f4..d3566cca4 100644 --- a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa.txt +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa.txt @@ -1 +1 @@ -eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAyIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDIiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9kZXNjcmlwdGlvbiI6IkEgbW9jayBzb2Z0d2FyZSBwcm9kdWN0IGZvciB0ZXN0aW5nIFNTQSIsImNsaWVudF91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSIsImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MiIsImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MyJdLCJsb2dvX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9sb2dvcy9sb2dvMS5wbmciLCJ0b3NfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L3Rvcy5odG1sIiwicG9saWN5X3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9wb2xpY3kuaHRtbCIsImp3a3NfdXJpIjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9qRlF1UTRlUWJOQ01TcWRDb2cyMW5GLmp3a3MiLCJyZXZvY2F0aW9uX3VyaSI6Imh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20vaW1lc2g5NC8zMTcyZTJlNDU3NTdjZGEwOGVjMjcyN2Y5MGI3MmNlZC9yYXcvZmYwZDNlYWJlNGNkZGNlNDdlZWMwMjI4ZjU5MjE3NTIyM2RkOTJiMi93c28yLWF1LWRjci1kZW1vLmp3a3MiLCJyZWNpcGllbnRfYmFzZV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJzb2Z0d2FyZV9pZCI6IlNQMiIsInNvZnR3YXJlX3JvbGVzIjoiZGF0YS1yZWNpcGllbnQtc29mdHdhcmUtcHJvZHVjdCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgYmFuazphY2NvdW50cy5iYXNpYzpyZWFkIGJhbms6YWNjb3VudHMuZGV0YWlsOnJlYWQgYmFuazp0cmFuc2FjdGlvbnM6cmVhZCBiYW5rOnBheWVlczpyZWFkIGJhbms6cmVndWxhcl9wYXltZW50czpyZWFkIGNvbW1vbjpjdXN0b21lci5iYXNpYzpyZWFkIGNvbW1vbjpjdXN0b21lci5kZXRhaWw6cmVhZCBjZHI6cmVnaXN0cmF0aW9uIn0.Log1HrX7lozIqQS_SWlAbVgGuloBwsF2YsTs67nWP1EZSZEFLgPF7TMW_WMBb4Ne3zo9Va6d_6HYdMkPQEcvbVW9FjBW_NB367Y-K9eoVASMkuZd1XVtgnaqDVCVJL_jGiprkNQ_Bc8eZLQvJ34uJOm9gTjrMZB9eF1v61_Zb6rmZeLXDOSp948WTDABtwghJNFHdor24t_xYT1V9KZDeASqByxNzb_mcNV8JRF07XEdbgKnTkofA7wHHoJxcxi6qG0x8310JPjJkiCQcmh7N2RXw4awOAPMZMFX_CCRY_bqCq2asgkbiGyUyyXQuuXkGNuCYEE5g31tvL_dfJSYLQ \ No newline at end of file +eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAzIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDMiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9uYW1lIjoiTW9jayBTb2Z0d2FyZSAxIiwiY2xpZW50X2Rlc2NyaXB0aW9uIjoiQSBtb2NrIHNvZnR3YXJlIHByb2R1Y3QgZm9yIHRlc3RpbmcgU1NBIiwiY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdSIsInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9yZWRpcmVjdHMvcmVkaXJlY3QxIiwiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9yZWRpcmVjdHMvcmVkaXJlY3QyIl0sImxvZ29fdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L2xvZ29zL2xvZ28xLnBuZyIsInRvc191cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvdG9zLmh0bWwiLCJwb2xpY3lfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L3BvbGljeS5odG1sIiwiandrc191cmkiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMUhRUXJaQUFYL2pGUXVRNGVRYk5DTVNxZENvZzIxbkYuandrcyIsInJldm9jYXRpb25fdXJpIjoiaHR0cHM6Ly9naXN0LmdpdGh1YnVzZXJjb250ZW50LmNvbS9pbWVzaDk0LzMxNzJlMmU0NTc1N2NkYTA4ZWMyNzI3ZjkwYjcyY2VkL3Jhdy9mZjBkM2VhYmU0Y2RkY2U0N2VlYzAyMjhmNTkyMTc1MjIzZGQ5MmIyL3dzbzItYXUtZGNyLWRlbW8uandrcyIsInJlY2lwaWVudF9iYXNlX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdSIsInNvZnR3YXJlX2lkIjoiU1AzIiwic29mdHdhcmVfcm9sZXMiOiJkYXRhLXJlY2lwaWVudC1zb2Z0d2FyZS1wcm9kdWN0Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBiYW5rOmFjY291bnRzLmJhc2ljOnJlYWQgYmFuazphY2NvdW50cy5kZXRhaWw6cmVhZCBiYW5rOnRyYW5zYWN0aW9uczpyZWFkIGJhbms6cGF5ZWVzOnJlYWQgYmFuazpyZWd1bGFyX3BheW1lbnRzOnJlYWQgY29tbW9uOmN1c3RvbWVyLmJhc2ljOnJlYWQgY29tbW9uOmN1c3RvbWVyLmRldGFpbDpyZWFkIGNkcjpyZWdpc3RyYXRpb24ifQ.PcFW2LxiB9m38kSzAhN2ct0D1FtgCJifi8IXlOZp4vwg9K2Anpzw8tEBBigdiIdvUB8uA8VspynJCx5LVFjGd7J85Eh-2Q8E4_cKprnmjhEAqNDAeX-v1k8Mf_WKKOZ3VOPFnCzZ0a8ASMkf6mknVppVdxK10vb1f-Nko3iCq5e1gFr2TrKvFIbgYTHEMfvFA48_qz3cxyGrkfM8srrixJCtRnvHCiNS7aeyySVkZX1nE_Y6Imdid6SoeJCNwQducygBLQWAacsRt3xJBMf5W6ob6o4zzObb4ctVnz_mX7ngLw9elO6DExlUgNwle_9yCpwG7WFUem0m7s3c-kMvUg \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_differentHostNames.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_differentHostNames.txt new file mode 100644 index 000000000..22fe215c1 --- /dev/null +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_differentHostNames.txt @@ -0,0 +1 @@ +eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAxIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDEiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9kZXNjcmlwdGlvbiI6IkEgbW9jayBzb2Z0d2FyZSBwcm9kdWN0IGZvciB0ZXN0aW5nIFNTQSIsImNsaWVudF91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvZGV2cG9ydGFsIiwiaHR0cHM6Ly9vYmFtOjk0NDMiXSwibG9nb191cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvbG9nb3MvbG9nbzEucG5nIiwidG9zX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS90b3MuaHRtbCIsInBvbGljeV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvcG9saWN5Lmh0bWwiLCJqd2tzX3VyaSI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvakZRdVE0ZVFiTkNNU3FkQ29nMjFuRi5qd2tzIiwicmV2b2NhdGlvbl91cmkiOiJodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2ltZXNoOTQvMzE3MmUyZTQ1NzU3Y2RhMDhlYzI3MjdmOTBiNzJjZWQvcmF3L2ZmMGQzZWFiZTRjZGRjZTQ3ZWVjMDIyOGY1OTIxNzUyMjNkZDkyYjIvd3NvMi1hdS1kY3ItZGVtby5qd2tzIiwicmVjaXBpZW50X2Jhc2VfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1Iiwic29mdHdhcmVfaWQiOiJTUDEiLCJzb2Z0d2FyZV9yb2xlcyI6ImRhdGEtcmVjaXBpZW50LXNvZnR3YXJlLXByb2R1Y3QiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGJhbms6YWNjb3VudHMuYmFzaWM6cmVhZCBiYW5rOmFjY291bnRzLmRldGFpbDpyZWFkIGJhbms6dHJhbnNhY3Rpb25zOnJlYWQgYmFuazpwYXllZXM6cmVhZCBiYW5rOnJlZ3VsYXJfcGF5bWVudHM6cmVhZCBjb21tb246Y3VzdG9tZXIuYmFzaWM6cmVhZCBjb21tb246Y3VzdG9tZXIuZGV0YWlsOnJlYWQgY2RyOnJlZ2lzdHJhdGlvbiJ9.R3VzlpqZ4cAYE9Q99to8BoPc9-JgJAjvUWEX1KdX8FDDqsMFPDv1nHMaS4Vn_lWURRnNoVD3R5tuuj38stpAFcCce35yYWHHWXL7-L5hda9yoMLD-Mc_rZl4_AMEFs3ACduoM8m4p0PUSh8NvcDiWJPNxwFTCxmp-D1pw75sX4SP6-lIQ3gKOFm4laxjcNGBubEG1ypIa73OpJpNuuGa5a-wUfqNO5Yf0sS3k_d69mGq-ROUz_A5hb-RethxNBn3dolV-Iz8xyOmdCEdrGZPn0w9Ii53g7vX61AGW_JS-o0MmrHAb5PFF1CTtc66wN83e_NkCC8tMRFC7-uEKrROSg \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_localhost.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_localhost.txt new file mode 100644 index 000000000..88fa1ee1a --- /dev/null +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_localhost.txt @@ -0,0 +1 @@ +eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAxIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDEiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9kZXNjcmlwdGlvbiI6IkEgbW9jayBzb2Z0d2FyZSBwcm9kdWN0IGZvciB0ZXN0aW5nIFNTQSIsImNsaWVudF91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvY2FyYm9uIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0My9hZG1pbiJdLCJsb2dvX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9sb2dvcy9sb2dvMS5wbmciLCJ0b3NfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L3Rvcy5odG1sIiwicG9saWN5X3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9wb2xpY3kuaHRtbCIsImp3a3NfdXJpIjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9qRlF1UTRlUWJOQ01TcWRDb2cyMW5GLmp3a3MiLCJyZXZvY2F0aW9uX3VyaSI6Imh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20vaW1lc2g5NC8zMTcyZTJlNDU3NTdjZGEwOGVjMjcyN2Y5MGI3MmNlZC9yYXcvZmYwZDNlYWJlNGNkZGNlNDdlZWMwMjI4ZjU5MjE3NTIyM2RkOTJiMi93c28yLWF1LWRjci1kZW1vLmp3a3MiLCJyZWNpcGllbnRfYmFzZV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJzb2Z0d2FyZV9pZCI6IlNQMSIsInNvZnR3YXJlX3JvbGVzIjoiZGF0YS1yZWNpcGllbnQtc29mdHdhcmUtcHJvZHVjdCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgYmFuazphY2NvdW50cy5iYXNpYzpyZWFkIGJhbms6YWNjb3VudHMuZGV0YWlsOnJlYWQgYmFuazp0cmFuc2FjdGlvbnM6cmVhZCBiYW5rOnBheWVlczpyZWFkIGJhbms6cmVndWxhcl9wYXltZW50czpyZWFkIGNvbW1vbjpjdXN0b21lci5iYXNpYzpyZWFkIGNvbW1vbjpjdXN0b21lci5kZXRhaWw6cmVhZCBjZHI6cmVnaXN0cmF0aW9uIn0.AXkzX0L8eDdJpwH-R3ZC6nGmY7KiC0pSTI7HCkwPVRLBw5g8cqULIjK37vQbMkyRTYSkFNU7XVsgZDRlQHIl_W66mo0G3anoTpzsjqWHRTOtQs0a36LYKdQZ-w1guNrNQ_rVHw8wNkQfSmcKM8CknEPOEIQg4o-wQz4LGGddE6ZJhKxcxFGgPZHY-RA8NK1zlMOmdQUFH-_3weZfbQbQU1JCjs8y9sQ05BWTzdozun7jFPOqhVTZ-xXRO77AVQIJxhuubidgofwITaIIetk-eEaLbYziNn8vGio_iafV2UwBJdBhk0wmPcANSJETt63WdRcgded1BZ92-JVoJG75zw \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_withoutRedirectUrl.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_withoutRedirectUrl.txt new file mode 100644 index 000000000..7cf81f7f2 --- /dev/null +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources-2/ssa_withoutRedirectUrl.txt @@ -0,0 +1 @@ +eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAxIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDEiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9kZXNjcmlwdGlvbiI6IkEgbW9jayBzb2Z0d2FyZSBwcm9kdWN0IGZvciB0ZXN0aW5nIFNTQSIsImNsaWVudF91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJsb2dvX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9sb2dvcy9sb2dvMS5wbmciLCJ0b3NfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L3Rvcy5odG1sIiwicG9saWN5X3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS9wb2xpY3kuaHRtbCIsImp3a3NfdXJpIjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9qRlF1UTRlUWJOQ01TcWRDb2cyMW5GLmp3a3MiLCJyZXZvY2F0aW9uX3VyaSI6Imh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20vaW1lc2g5NC8zMTcyZTJlNDU3NTdjZGEwOGVjMjcyN2Y5MGI3MmNlZC9yYXcvZmYwZDNlYWJlNGNkZGNlNDdlZWMwMjI4ZjU5MjE3NTIyM2RkOTJiMi93c28yLWF1LWRjci1kZW1vLmp3a3MiLCJyZWNpcGllbnRfYmFzZV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUiLCJzb2Z0d2FyZV9pZCI6IlNQMSIsInNvZnR3YXJlX3JvbGVzIjoiZGF0YS1yZWNpcGllbnQtc29mdHdhcmUtcHJvZHVjdCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgYmFuazphY2NvdW50cy5iYXNpYzpyZWFkIGJhbms6YWNjb3VudHMuZGV0YWlsOnJlYWQgYmFuazp0cmFuc2FjdGlvbnM6cmVhZCBiYW5rOnBheWVlczpyZWFkIGJhbms6cmVndWxhcl9wYXltZW50czpyZWFkIGNvbW1vbjpjdXN0b21lci5iYXNpYzpyZWFkIGNvbW1vbjpjdXN0b21lci5kZXRhaWw6cmVhZCBjZHI6cmVnaXN0cmF0aW9uIn0.ZdsXPQjxvnACo0_iTGck6lxPp2HatRs2is19jtgDedwTBLRwV1QWPaFm8P24_aNjFYcMKAhleCjJR1VOtkuouRxrpmUBrKXnCTRrSDEwbjTkyi4vDyKTbHqL1ldmDA3L64o9k-6HXIRbOkcZHNyAYU8C85iLddfvDJmPnJs1Uh54I_PTz2MsgEpWUk9-c3OEjJ6M9KuUtSgWVgM81AKpsV4oswc6rRQAaGoSsS_Ft9O7Mh8PJCbF9lzfKhFWQmt-cps8b6i3Oz4lxyWa8__kisb74wro6iWwPXmrK3KkvujG8jlzJW_-vgl4ywGMyRpmWXeyTKLig5Gv-MNC1_6Wwg \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.key b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.key index 1c497f458..e69de29bb 100644 --- a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.key +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.key @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCot+hw9Ka8dTd6 -X2nyXOqUjINItIzokK7flmehqYSlIQNia2wcVk72m19UO4Yn5eVG5ATpJ590gsqg -aZT0qpLGC3T0nJG9ie1FS4++ju0ZBC6BQ/r0q0PBVhJ/JV7+FIkvMpb5ayD2vPqV -bQMDriN/2BZqgdZXB4ASPBBCw1Fh10qdzoZHCo65u+rdbEM9LbJouWh2UdxV29HQ -AkDvnRmpCHq6s1JgHXHC7VrkiTE/m+3OyAw5vyEfzFe4qJdOMngZDpVq3iCjqh1N -ejyNzfz0jBLfeiQFCmf59FQtMeGB2gWA19u7H+Bsqbm4JpHHeCGxv/FxLh6tyJPO -KBKT+UBFAgMBAAECggEAAw2g9TpYMhzk7h//6NTpodqRHaW2zxafM4ijQ3ev4NUi -HIvZHwIo16mkJgAVw28ToR7LP/Tpm9AqHpEKkwrrMQ5QBYU31fhDBPgDF+26OLOs -q8YxKnBW/46xMv/YIjz45pPBy622oQB2gHHCljR2i/+7GB5VZKnMFYhkuvCR7nVR -bHaOdISM9fyzJBkUY5pVkCqvAdSQGoLKubAAuHN/wzVevowmCwOluED3+kliOhma -9UccRWlprTsWbMenIZKY8lJmiA0bOGrkyCVz23780bVB/gFpeCNsYjUrLwazAfbI -wKpsdgxOrVsaluaFWZ7TQtgSXvZWCtHfpvbz5yQOAQKBgQDMceH3gLpV5/uZdulI -84aVrXREkWN0AVCM1PHhtAocom/+Dvu+L1qNDtT2iPzH95gKhRwk4NA+ag4Ycns9 -HZkTQbwMOuybC7BvrLI0vnQfTkyiAjUownRJSgZfo7vYt7Ap88jgBhsGd4XmvEbO -SYwyCuXCeZvYLPhDT3MkrKgbhQKBgQDTQ6wJJYCva/FJ46huRL93tnfT6xFjyAwU -9UttYYRDrCANTyPPFTL6T1welRpUq8ZbitgI6FOrUCC/80X6hNcD8O8PWXcTS4oK -OEIzo5EOSB6yNeWwPaUd50i+iDD0W0K94dmj+DLjGJY8wA8yaLr2oWJW5GyAGhYm -AdBe/VfNwQKBgQC1jCeiVrChWpjFBaBRhNetkNMflI/hUs2J0gtdZzhXhzO2Qu3w -TDK38kTRDIKUvFxKczuzz+N8mUcdFIQ1mFP3krb/kU/MuwuZj5zMU5fguPI6J4W3 -RT5oWpDgWxCTeUK5bl+h+CoFixvf8q9Zvlv9kEnJcZ4f0IdBlorkNWIu1QKBgQCh -PZ344SGlQWpILbQobNoBYUd1e4yrLkxiVpD565qKF73iyosXCyP8PUOep8gP5Yaf -6YlWyxLIxoAoYGEBgg+lF2ctvOeP13CEukl0phsY3lxnQZGLgJEcEKDJoqJSbbCz -wcNdTRpxjxtjRGaU37AKekPW88IHx2EuIuZJCWzRQQKBgFE8vbLbSYxFIE1uhast -2/9WFblB2Mrxsr2HFMW7xwOPmeh7H2+zZ2ZS7rVls1jC6e25SgnPyF/FItPrNCmW -7EFzv73oRhMxGS6LImFQtTLqNAUl0Msmpheaxgcb6bM6Gns1co8bEykoaFRdhmHR -kcoyjehtpocckAWTrtW7gPcl ------END PRIVATE KEY----- diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.pem b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.pem index 0ebf69a67..e69de29bb 100644 --- a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.pem +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.pem @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFLTCCBBWgAwIBAgIEWcbiiDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJH -QjEUMBIGA1UEChMLT3BlbkJhbmtpbmcxLjAsBgNVBAMTJU9wZW5CYW5raW5nIFBy -ZS1Qcm9kdWN0aW9uIElzc3VpbmcgQ0EwHhcNMjMxMTE1MDUxMDA4WhcNMjQxMjE1 -MDU0MDA4WjBhMQswCQYDVQQGEwJHQjEUMBIGA1UEChMLT3BlbkJhbmtpbmcxGzAZ -BgNVBAsTEjAwMTU4MDAwMDFIUVFyWkFBWDEfMB0GA1UEAxMWakZRdVE0ZVFiTkNN -U3FkQ29nMjFuRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKi36HD0 -prx1N3pfafJc6pSMg0i0jOiQrt+WZ6GphKUhA2JrbBxWTvabX1Q7hifl5UbkBOkn -n3SCyqBplPSqksYLdPSckb2J7UVLj76O7RkELoFD+vSrQ8FWEn8lXv4UiS8ylvlr -IPa8+pVtAwOuI3/YFmqB1lcHgBI8EELDUWHXSp3OhkcKjrm76t1sQz0tsmi5aHZR -3FXb0dACQO+dGakIerqzUmAdccLtWuSJMT+b7c7IDDm/IR/MV7iol04yeBkOlWre -IKOqHU16PI3N/PSMEt96JAUKZ/n0VC0x4YHaBYDX27sf4Gypubgmkcd4IbG/8XEu -Hq3Ik84oEpP5QEUCAwEAAaOCAfkwggH1MA4GA1UdDwEB/wQEAwIGwDAVBgNVHSUE -DjAMBgorBgEEAYI3CgMMMIHgBgNVHSAEgdgwgdUwgdIGCysGAQQBqHWBBgFkMIHC -MCoGCCsGAQUFBwIBFh5odHRwOi8vb2IudHJ1c3Rpcy5jb20vcG9saWNpZXMwgZMG -CCsGAQUFBwICMIGGDIGDVXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY29uc3RpdHV0 -ZXMgYWNjZXB0YW5jZSBvZiB0aGUgT3BlbkJhbmtpbmcgUm9vdCBDQSBDZXJ0aWZp -Y2F0aW9uIFBvbGljaWVzIGFuZCBDZXJ0aWZpY2F0ZSBQcmFjdGljZSBTdGF0ZW1l -bnQwbQYIKwYBBQUHAQEEYTBfMCYGCCsGAQUFBzABhhpodHRwOi8vb2IudHJ1c3Rp -cy5jb20vb2NzcDA1BggrBgEFBQcwAoYpaHR0cDovL29iLnRydXN0aXMuY29tL29i -X3BwX2lzc3VpbmdjYS5jcnQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL29iLnRy -dXN0aXMuY29tL29iX3BwX2lzc3VpbmdjYS5jcmwwHwYDVR0jBBgwFoAUUHORxiFy -03f0/gASBoFceXluP1AwHQYDVR0OBBYEFKjCef/JxD+ND9eSb7hQlmEhSxUqMA0G -CSqGSIb3DQEBCwUAA4IBAQCnKH9FdLmJMruX2qfbrpT0qaV8bP7xa9UDRYSMsAWC -2kqCxs8CJmARt5+xsxBW6P65+mkLS2vXgQl7J8RTMiQVnHJvvNaldYnV6odsYOqv -v+vGib8Qe0gKWSjih+Gd1Ct4UQFtn6P3ph+6OBB0OieZb7DYXqPJrX5UlG7K2fQ4 -0MdFgBdeQZ3iNkXi43UIrQ5cF4cjYavmEFRmYeHya8AKfNCiWly15mNazW/X6SWf -7pz+yk/l+gBv0wm3QT7ANXGf8izgoh6T5fmixPXSbdn8RUIV0kXp2TRRZ+CYUWBP -Jc3PvRXiiEEo2eHLXfEHG2jzrt1iKnjk6hzuC1hUzK0t ------END CERTIFICATE----- \ No newline at end of file diff --git a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/ssa.txt b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/ssa.txt index 48aa9e401..0829c2075 100644 --- a/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/ssa.txt +++ b/integration-test-suite/test-artifacts/DynamicClientRegistration/AU/sample-client-resources/ssa.txt @@ -1 +1 @@ -eyJhbGciOiJQUzI1NiIsImtpZCI6ImgzWkNGMFZyemdYZ25IQ3FiSGJLWHp6ZmpUZyIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2MzAyOTY2MzksImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiIzQjBCMEE3Qi0zRTdCLTRBMkMtOTQ5Ny1FMzU3QTcxRDA3QzgiLCJvcmdfbmFtZSI6Ik1vY2sgQ29tcGFueSBJbmMuIiwiY2xpZW50X25hbWUiOiJNb2NrIFNvZnR3YXJlIDEiLCJsZWdhbF9lbnRpdHlfaWQiOiIzNDRGMEU4MDktQkRCRS00RjhFLUJEMzAtNUU2QzNDQjc4RDdCIiwibGVnYWxfZW50aXR5X25hbWUiOiJNb2NrIENvbXBhbnkgUHR5IEx0ZC4iLCJjbGllbnRfZGVzY3JpcHRpb24iOiJBIG1vY2sgc29mdHdhcmUgcHJvZHVjdCBmb3IgdGVzdGluZyBTU0EiLCJjbGllbnRfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1IiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczovL3d3dy5nb29nbGUuY29tL3JlZGlyZWN0cy9yZWRpcmVjdDEiLCJodHRwczovL3d3dy5nb29nbGUuY29tL3JlZGlyZWN0cy9yZWRpcmVjdDIiXSwibG9nb191cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvbG9nb3MvbG9nbzEucG5nIiwidG9zX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdS90b3MuaHRtbCIsInBvbGljeV91cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvcG9saWN5Lmh0bWwiLCJqd2tzX3VyaSI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwicmV2b2NhdGlvbl91cmkiOiJodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2ltZXNoOTQvMzE3MmUyZTQ1NzU3Y2RhMDhlYzI3MjdmOTBiNzJjZWQvcmF3L2ZmMGQzZWFiZTRjZGRjZTQ3ZWVjMDIyOGY1OTIxNzUyMjNkZDkyYjIvd3NvMi1hdS1kY3ItZGVtby5qd2tzIiwicmVjaXBpZW50X2Jhc2VfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1Iiwic29mdHdhcmVfaWQiOiJvUTRLb2FhdnBPdW9FN3J2UXNaRU9WIiwic29mdHdhcmVfcm9sZXMiOiJkYXRhLXJlY2lwaWVudC1zb2Z0d2FyZS1wcm9kdWN0Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBiYW5rOmFjY291bnRzLmJhc2ljOnJlYWQgYmFuazphY2NvdW50cy5kZXRhaWw6cmVhZCBiYW5rOnRyYW5zYWN0aW9uczpyZWFkIGJhbms6cGF5ZWVzOnJlYWQgYmFuazpyZWd1bGFyX3BheW1lbnRzOnJlYWQgY29tbW9uOmN1c3RvbWVyLmJhc2ljOnJlYWQgY29tbW9uOmN1c3RvbWVyLmRldGFpbDpyZWFkIGNkcjpyZWdpc3RyYXRpb24ifQ.XLpyMxg8xBUAvQGTOQRI9KX360Xufv3aD8SzsbZozZ8aQ__2P4H_DTzcxJToaeqBPC6qUI6pal1bSFBrrtBNfnZiIeLUI_wVTK1aSzeDVX6ynZx_mjr34q-FClzkVyC4hZcS8Wngs9iWwd8KlGntTDMCegG2Ac9FXc_FBrv-TyJIxnzGjxnCN5EfLNwZwGXP5ERENC5zsJRpEinVfqFCVTMs0bZ6CIiVYJGEKHI-zWNyIAkHQGnh17JV9-GnzjYqhvYnjFOvcVdMFRzr_9M9GCK_UJ1yZulB5FgiMiwLPWqR69ctu7GEHjpKxK6_UdxfQ_TDVj-8N85BKE5mmGUmXw \ No newline at end of file +eyJhbGciOiJQUzI1NiIsImtpZCI6IjdlSjhTX1pndmxZeEZBRlNnaFY5eE1KUk92ayJ9.eyJpc3MiOiJjZHItcmVnaXN0ZXIiLCJpYXQiOjE2NjU5Nzg5NjMsImV4cCI6MjE0NzQ4MzY0NiwianRpIjoiM2JjMjA1YTFlYmM5NDNmYmI2MjRiMTRmY2IyNDExOTYiLCJvcmdfaWQiOiJUUFAyIiwib3JnX25hbWUiOiJNb2NrIENvbXBhbnkgSW5jLiIsImxlZ2FsX2VudGl0eV9pZCI6IlRQUDIiLCJsZWdhbF9lbnRpdHlfbmFtZSI6Ik1vY2sgQ29tcGFueSBQdHkgTHRkLiIsImNsaWVudF9uYW1lIjoiTW9jayBTb2Z0d2FyZSAxIiwiY2xpZW50X2Rlc2NyaXB0aW9uIjoiQSBtb2NrIHNvZnR3YXJlIHByb2R1Y3QgZm9yIHRlc3RpbmcgU1NBIiwiY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdSIsInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9yZWRpcmVjdHMvcmVkaXJlY3QxIiwiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9yZWRpcmVjdHMvcmVkaXJlY3QyIl0sImxvZ29fdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L2xvZ29zL2xvZ28xLnBuZyIsInRvc191cmkiOiJodHRwczovL3d3dy5tb2NrY29tcGFueS5jb20uYXUvdG9zLmh0bWwiLCJwb2xpY3lfdXJpIjoiaHR0cHM6Ly93d3cubW9ja2NvbXBhbnkuY29tLmF1L3BvbGljeS5odG1sIiwiandrc191cmkiOiJodHRwczovL2tleXN0b3JlLm9wZW5iYW5raW5ndGVzdC5vcmcudWsvMDAxNTgwMDAwMUhRUXJaQUFYL2pGUXVRNGVRYk5DTVNxZENvZzIxbkYuandrcyIsInJldm9jYXRpb25fdXJpIjoiaHR0cHM6Ly9naXN0LmdpdGh1YnVzZXJjb250ZW50LmNvbS9pbWVzaDk0LzMxNzJlMmU0NTc1N2NkYTA4ZWMyNzI3ZjkwYjcyY2VkL3Jhdy9mZjBkM2VhYmU0Y2RkY2U0N2VlYzAyMjhmNTkyMTc1MjIzZGQ5MmIyL3dzbzItYXUtZGNyLWRlbW8uandrcyIsInJlY2lwaWVudF9iYXNlX3VyaSI6Imh0dHBzOi8vd3d3Lm1vY2tjb21wYW55LmNvbS5hdSIsInNvZnR3YXJlX2lkIjoiU1AyIiwic29mdHdhcmVfcm9sZXMiOiJkYXRhLXJlY2lwaWVudC1zb2Z0d2FyZS1wcm9kdWN0Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBiYW5rOmFjY291bnRzLmJhc2ljOnJlYWQgYmFuazphY2NvdW50cy5kZXRhaWw6cmVhZCBiYW5rOnRyYW5zYWN0aW9uczpyZWFkIGJhbms6cGF5ZWVzOnJlYWQgYmFuazpyZWd1bGFyX3BheW1lbnRzOnJlYWQgY29tbW9uOmN1c3RvbWVyLmJhc2ljOnJlYWQgY29tbW9uOmN1c3RvbWVyLmRldGFpbDpyZWFkIGNkcjpyZWdpc3RyYXRpb24ifQ.ooTOl12fLOrLMy21bXW6AGex8VK-8skDRYw8WaUIwZtze0A9qX6M1kx0iyqTloeudPEyb1pkyjT1Ij_j08WvUCQF54KO5NdwlxQA364BR0ZGqxsfYRvnDOf8jnWXXOJJuaGl3DlMSmkUZr1vd5a5i99DLIyWljoLvEP647CVS-AvoFRFXPGkN5G2PgSorO0oXmBCSYN2nllTBDz5cEdXGD-ILBNQquC2JWEiMlp-0id2ASTpgTjc2srty2nrQ-aldcA2EwlKvmc2QxYQ8xQK7-g66OX3ko4jgmi5rQwk-DOUQpfA6lqcmogTX6UNTQxUk-SUGPhKWbazRJnSBnaAjw \ No newline at end of file From 3b0a7cda98ab784df19589310dfa977fc20d3b54 Mon Sep 17 00:00:00 2001 From: malshanisenarathne Date: Fri, 6 Dec 2024 15:34:12 +0530 Subject: [PATCH 3/6] Test fixes for intermittent test failures --- ...etrievalRequestHeaderValidationTest.groovy | 2 +- ...untsRetrievalRequestValidationTests.groovy | 12 ++-- ...DynamicClientRegistrationCreateTest.groovy | 15 +++-- ...DynamicClientRegistrationDeleteTest.groovy | 6 ++ ...namicClientRegistrationRetrieveTest.groovy | 6 ++ ...DynamicClientRegistrationUpdateTest.groovy | 6 ++ .../MultiTppDcrEndpointTests.groovy | 18 +++++- ...tailsRetrievalHeaderValidationTests.groovy | 61 +++++++++++++------ .../CustomerDetailsRetrievalTest.groovy | 6 +- .../AuthorisationFlowTest.groovy | 6 +- .../test/bnr/ConsentAmendmentFlowTests.groovy | 12 ++-- .../bnr/ConsentAuthFlowValidationTests.groovy | 2 +- .../bnr/UserNominationManagementTests.groovy | 2 +- ...sclosureOptionManagementServiceTest.groovy | 2 +- ...CeasingSecondaryUserConsentFlowTest.groovy | 2 +- .../CeasingSecondaryUserManagementTest.groovy | 18 +++--- .../consent/AUBasicAuthAutomationStep.groovy | 3 +- 17 files changed, 118 insertions(+), 61 deletions(-) diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestHeaderValidationTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestHeaderValidationTest.groovy index d9e7a3bd6..5be3b852e 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestHeaderValidationTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestHeaderValidationTest.groovy @@ -389,7 +389,7 @@ class AccountsRetrievalRequestHeaderValidationTest extends AUTest { Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_TITLE), AUConstants .INVALID_FIELD) Assert.assertTrue(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_DETAIL).contains( - "Schema validation failed in the Request: Instance value (\"TRANS\") not found in enum")) + "Schema validation failed in the Request: Instance value (\"TANS\") not found in enum")) Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestValidationTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestValidationTests.groovy index 15dcdb7a7..811072413 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestValidationTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/accounts/AccountsRetrievalRequestValidationTests.groovy @@ -597,9 +597,12 @@ class AccountsRetrievalRequestValidationTests extends AUTest { "Invalid mutual TLS request. Client certificate is missing")) } - @Test + @Test (priority = 4) void "OB-1162_Invoke bulk balances POST without request body"() { + doConsentAuthorisation() + generateUserAccessToken() + def response = AURequestBuilder.buildBasicRequestWithCustomHeaders(userAccessToken, AUConstants.X_V_HEADER_BALANCES, clientHeader) .contentType(ContentType.JSON) @@ -769,8 +772,7 @@ class AccountsRetrievalRequestValidationTests extends AUTest { Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } - //TODO: Issue: https://github.com/wso2-enterprise/financial-open-banking/issues/8455 - @Test + @Test (priority = 4) void "CDS-680_Send token request with same authorisation code"() { //Generate user access token from auth code for the first time @@ -809,10 +811,8 @@ class AccountsRetrievalRequestValidationTests extends AUTest { .get(bulkAccountRequestUrl) Assert.assertEquals(responseSecondAttempt.statusCode(), AUConstants.STATUS_CODE_401) - Assert.assertEquals(AUTestUtil.parseResponseBody(responseSecondAttempt, AUConstants.MESSAGE), + Assert.assertEquals(AUTestUtil.parseResponseBody(responseSecondAttempt, AUConstants.ERROR_DESCRIPTION), AUConstants.INVALID_CREDENTIALS) - Assert.assertEquals(AUTestUtil.parseResponseBody(responseSecondAttempt, AUConstants.DESCRIPTION), - "Invalid Credentials. Make sure you have provided the correct security credentials") //Token introspection request def introspectResponse = AURequestBuilder.buildIntrospectionRequest(refreshToken.toString(), diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationCreateTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationCreateTest.groovy index 4beec2193..1d1e25b4b 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationCreateTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationCreateTest.groovy @@ -45,6 +45,7 @@ class DynamicClientRegistrationCreateTest extends AUTest{ @BeforeClass (alwaysRun = true) void "Delete Application if exists"() { + auConfiguration.setTppNumber(1) deleteApplicationIfExists(auConfiguration.getAppInfoClientID()) softwareId = "SP1" } @@ -414,7 +415,8 @@ class DynamicClientRegistrationCreateTest extends AUTest{ clientId = parseResponseBody(registrationResponse, AUConstants.CLIENT_ID) context.setAttribute(ContextConstants.CLIENT_ID,clientId) - deleteApplicationIfExists(context.getAttribute(ContextConstants.CLIENT_ID).toString()) + AUTestUtil.writeToConfigFile(clientId) + deleteApplicationIfExists(clientId) registrationResponse = AURegistrationRequestBuilder .buildRegistrationRequest(dcr.getAURegularClaims()) @@ -499,7 +501,7 @@ class DynamicClientRegistrationCreateTest extends AUTest{ AUConstants.INVALID_AUDIENCE_ERROR) } - @Test + @Test (priority = 2) void "CDS-1106_Create application without ApplicationType"() { deleteApplicationIfExists(auConfiguration.getAppInfoClientID()) @@ -515,7 +517,7 @@ class DynamicClientRegistrationCreateTest extends AUTest{ deleteApplicationIfExists(clientId) } - @Test + @Test (priority = 2) void "CDS-673_DCR registration request with localhost url in the SSA"(ITestContext context) { Path dcrArtifactsPath = Paths.get(auConfiguration.getAppDCRSSAPath()) @@ -533,7 +535,7 @@ class DynamicClientRegistrationCreateTest extends AUTest{ def appClientId = AUTestUtil.parseResponseBody(registrationResponse, AUConstants.CLIENT_ID) context.setAttribute(ContextConstants.CLIENT_ID,clientId) - AUTestUtil.writeToConfigFile(clientId) + AUTestUtil.writeToConfigFile(appClientId) Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_201) Assert.assertEquals(parseResponseBody(registrationResponse, "software_statement"), @@ -637,7 +639,7 @@ class DynamicClientRegistrationCreateTest extends AUTest{ } @Test (priority = 2) - void "CDS-476_Create application without ID_Token Response Type and verify id_token encryption not Mandatory"() { + void "CDS-476_Create application without ID_Token Response Type and verify id_token encryption not Mandatory"(ITestContext context) { deleteApplicationIfExists(auConfiguration.getAppInfoClientID()) AUConfigurationService auConfiguration = new AUConfigurationService() @@ -651,6 +653,9 @@ class DynamicClientRegistrationCreateTest extends AUTest{ Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_201) clientId = parseResponseBody(registrationResponse, AUConstants.CLIENT_ID) + context.setAttribute(ContextConstants.CLIENT_ID,clientId) + AUTestUtil.writeToConfigFile(clientId) + deleteApplicationIfExists(clientId) } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationDeleteTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationDeleteTest.groovy index 762f60a85..fc41d3b4f 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationDeleteTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationDeleteTest.groovy @@ -18,6 +18,7 @@ package org.wso2.cds.integration.test.clientRegistration +import org.testng.annotations.AfterClass import org.wso2.cds.test.framework.AUTest import org.wso2.cds.test.framework.configuration.AUConfigurationService import org.wso2.cds.test.framework.constant.AUConstants @@ -100,4 +101,9 @@ class DynamicClientRegistrationDeleteTest extends AUTest { Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_501) } + + @AfterClass + void "Clean up"() { + deleteApplicationIfExists(clientId) + } } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationRetrieveTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationRetrieveTest.groovy index c9c4a204c..279793ea8 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationRetrieveTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationRetrieveTest.groovy @@ -18,6 +18,7 @@ package org.wso2.cds.integration.test.clientRegistration +import org.testng.annotations.AfterClass import org.wso2.cds.test.framework.AUTest import org.wso2.cds.test.framework.constant.AUConstants import org.wso2.cds.test.framework.constant.ContextConstants @@ -77,4 +78,9 @@ class DynamicClientRegistrationRetrieveTest extends AUTest{ Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_200) } + + @AfterClass + void "Clean up"() { + deleteApplicationIfExists(clientId) + } } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationUpdateTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationUpdateTest.groovy index 74fbe7039..937255d38 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationUpdateTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/DynamicClientRegistrationUpdateTest.groovy @@ -17,6 +17,7 @@ */ package org.wso2.cds.integration.test.clientRegistration +import org.testng.annotations.AfterClass import org.wso2.cds.test.framework.AUTest import org.wso2.cds.test.framework.constant.AUAccountScope import org.wso2.cds.test.framework.constant.AUConstants @@ -236,4 +237,9 @@ class DynamicClientRegistrationUpdateTest extends AUTest{ Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_501) } + + @AfterClass + void "Clean up"() { + deleteApplicationIfExists(clientId) + } } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/MultiTppDcrEndpointTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/MultiTppDcrEndpointTests.groovy index 1ce564295..243e1f82d 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/MultiTppDcrEndpointTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/clientRegistration/MultiTppDcrEndpointTests.groovy @@ -19,7 +19,9 @@ package org.wso2.cds.integration.test.clientRegistration import org.wso2.cds.test.framework.AUTest +import org.wso2.cds.test.framework.configuration.AUConfigurationService import org.wso2.cds.test.framework.constant.AUConstants +import org.wso2.cds.test.framework.constant.ContextConstants import org.wso2.cds.test.framework.request_builder.AURegistrationRequestBuilder import org.wso2.cds.test.framework.request_builder.AURequestBuilder import org.wso2.cds.test.framework.utility.AUTestUtil @@ -37,10 +39,20 @@ class MultiTppDcrEndpointTests extends AUTest { void setup() { auConfiguration.setTppNumber(1) - //Register Second TPP. - def registrationResponse = tppRegistration() - clientId = AUTestUtil.parseResponseBody(registrationResponse, "client_id") + // Create Application for TPP2 + AURegistrationRequestBuilder dcr = new AURegistrationRequestBuilder() + AUConfigurationService auConfiguration = new AUConfigurationService() + + def registrationResponse = AURegistrationRequestBuilder + .buildRegistrationRequest(dcr.getAURegularClaims()) + .when() + .post(AUConstants.DCR_REGISTRATION_ENDPOINT) + Assert.assertEquals(registrationResponse.statusCode(), AUConstants.CREATED) + clientId = parseResponseBody(registrationResponse, "client_id") + + Assert.assertEquals(registrationResponse.statusCode(), AUConstants.STATUS_CODE_201) + AUTestUtil.writeToConfigFile(clientId) //Write Client Id of TPP2 to config file. AUTestUtil.writeToConfigFile(clientId) diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalHeaderValidationTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalHeaderValidationTests.groovy index 241034f32..c52156c75 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalHeaderValidationTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalHeaderValidationTests.groovy @@ -84,7 +84,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -96,7 +97,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_VERSION) @@ -112,7 +114,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_VERSION) @@ -128,7 +131,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_VERSION) @@ -145,7 +149,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_VERSION) @@ -162,7 +167,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_VERSION) @@ -185,7 +191,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -204,7 +211,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -223,7 +231,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -235,7 +244,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_406) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_UNSUPPORTED_VERSION) @@ -257,7 +267,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(response.getHeader(AUConstants.X_V_HEADER).toInteger(), AUConstants.X_V_HEADER_CUSTOMER) } @@ -283,7 +294,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) +// //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -303,7 +315,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_PERSON)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_ORGANIZATION)) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -315,7 +328,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_HEADER) @@ -327,7 +341,9 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { @Test void "TC0601018_Retrieve Customer info with invalid x-fapi-auth-date"() { - def response = AURequestBuilder.buildBasicRequest(userAccessToken, AUConstants.X_V_HEADER_CUSTOMER) + def response = AURestAsRequestBuilder.buildRequest() + .header(AUConstants.X_V_HEADER, AUConstants.X_V_HEADER_CUSTOMER) + .header(AUConstants.AUTHORIZATION_HEADER_KEY, "${AUConstants.AUTHORIZATION_BEARER_TAG}${userAccessToken}") .accept(AUConstants.ACCEPT) .header(AUConstants.X_FAPI_AUTH_DATE, "Sep 14") .baseUri(AUTestUtil.getBaseUrl(AUConstants.BASE_PATH_TYPE_CUSTOMER)) @@ -338,7 +354,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_HEADER) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_TITLE), AUConstants.INVALID_HEADER) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -355,7 +372,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_HEADER) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_TITLE), AUConstants.INVALID_HEADER) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -369,7 +387,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_CODE), AUConstants.ERROR_CODE_INVALID_FIELD) @@ -395,7 +414,8 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, "data.explanation")) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, "data.expectedResolutionTime")) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.LINKS_SELF)) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } @Test @@ -412,6 +432,7 @@ class CustomerDetailsRetrievalHeaderValidationTests extends AUTest { Assert.assertNotNull(AUTestUtil.parseResponseBody(response, "data.outages.outageTime")) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, "data.outages.duration")) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, "data.outages.isPartial")) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) } } diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalTest.groovy index 078a44944..7489a0c47 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/integration/test/common_api/CustomerDetailsRetrievalTest.groovy @@ -58,7 +58,8 @@ class CustomerDetailsRetrievalTest extends AUTest { .get("${AUConstants.BULK_CUSTOMER}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(response.getHeader(AUConstants.X_V_HEADER).toInteger(), AUConstants.X_V_HEADER_CUSTOMER) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_CUSTOMERUTYPE)) @@ -76,7 +77,8 @@ class CustomerDetailsRetrievalTest extends AUTest { .get("${AUConstants.CUSTOMER_DETAILS}") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) - Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/248 +// Assert.assertNotNull(response.getHeader(AUConstants.X_FAPI_INTERACTION_ID)) Assert.assertEquals(response.getHeader(AUConstants.X_V_HEADER).toInteger(), AUConstants.X_V_HEADER_CUSTOMER_DETAIL) Assert.assertNotNull(AUTestUtil.parseResponseBody(response, AUConstants.RESPONSE_DATA_CUSTOMERUTYPE)) diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/authorizationflow/AuthorisationFlowTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/authorizationflow/AuthorisationFlowTest.groovy index 435c6a473..cde3a485e 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/authorizationflow/AuthorisationFlowTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/authorizationflow/AuthorisationFlowTest.groovy @@ -307,7 +307,7 @@ class AuthorisationFlowTest extends AUTest { .execute() def authUrl = automation.currentUrl.get() - Assert.assertTrue(AUTestUtil.getDecodedUrl(authUrl).contains(AUConstants.CANCEL_ERROR_IN_ACCOUNTS_PAGE)) + Assert.assertTrue(AUTestUtil.getDecodedUrl(authUrl).contains(AUConstants.USER_SKIP_THE_CONSENT_FLOW)) String stateParam = authUrl.split("state=")[1] Assert.assertEquals(auAuthorisationBuilder.state.toString(), stateParam) } @@ -517,8 +517,8 @@ class AuthorisationFlowTest extends AUTest { Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR_DESCRIPTION), errorMessage) } - //Error - Not loading Profile Selection Page - @Test + //TODO: Issue: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/411 + @Test (enabled = false) void "OB-1253_Initiate authorisation consent flow only with openid and profile scopes"() { scopes = [ diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAmendmentFlowTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAmendmentFlowTests.groovy index ce84fd10b..f992f20c3 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAmendmentFlowTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAmendmentFlowTests.groovy @@ -89,7 +89,7 @@ class ConsentAmendmentFlowTests extends AUTest { //Consent Amendment scopes.remove(AUAccountScope.BANK_TRANSACTION_READ) - response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, + response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.AMENDED_SHARING_DURATION, true, cdrArrangementId) requestUri = AUTestUtil.parseResponseBody(response, AUConstants.REQUEST_URI) authoriseUrl = auAuthorisationBuilder.getAuthorizationRequest(requestUri.toURI()).toURI().toString() @@ -104,8 +104,7 @@ class ConsentAmendmentFlowTests extends AUTest { if (auConfiguration.getProfileSelectionEnabled()) { //Verify Account Selection Page - assert authWebDriver.isElementDisplayed(AUTestUtil.getBusinessAccount3CheckBox()) - authWebDriver.clickButtonXpath(AUTestUtil.getBusinessAccount3CheckBox()) + assert authWebDriver.isElementSelected(AUTestUtil.getBusinessAccount2CheckBox()) } else { assert authWebDriver.isElementDisplayed(AUTestUtil.getSingleAccountXPath()) @@ -122,7 +121,7 @@ class ConsentAmendmentFlowTests extends AUTest { response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, true, "") requestUri = AUTestUtil.parseResponseBody(response, AUConstants.REQUEST_URI) - doConsentAuthorisationViaRequestUriSingleAccount(scopes, requestUri.toURI(), null, AUAccountProfile.ORGANIZATION_A) + doConsentAuthorisationViaRequestUriSingleAccount(scopes, requestUri.toURI(), null, AUAccountProfile.ORGANIZATION_B) //Get Access Token AccessTokenResponse responseBody = getUserAccessTokenResponse(clientId) @@ -133,7 +132,7 @@ class ConsentAmendmentFlowTests extends AUTest { //Consent Amendment scopes.remove(AUAccountScope.BANK_TRANSACTION_READ) - response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, + response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.AMENDED_SHARING_DURATION, true, cdrArrangementId) requestUri = AUTestUtil.parseResponseBody(response, AUConstants.REQUEST_URI) authoriseUrl = auAuthorisationBuilder.getAuthorizationRequest(requestUri.toURI()).toURI().toString() @@ -169,6 +168,7 @@ class ConsentAmendmentFlowTests extends AUTest { void "CDS-514_Verify a Consent Amendment flow with a Business user account"() { //Consent Authorisation + auConfiguration.setPsuNumber(0) response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, true, "") requestUri = AUTestUtil.parseResponseBody(response, AUConstants.REQUEST_URI) @@ -195,7 +195,7 @@ class ConsentAmendmentFlowTests extends AUTest { //Consent Amendment scopes.remove(AUAccountScope.BANK_ACCOUNT_DETAIL_READ) - response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, + response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.AMENDED_SHARING_DURATION, true, cdrArrangementId) requestUri = AUTestUtil.parseResponseBody(response, AUConstants.REQUEST_URI) authoriseUrl = auAuthorisationBuilder.getAuthorizationRequest(requestUri.toURI()).toURI().toString() diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAuthFlowValidationTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAuthFlowValidationTests.groovy index 556df7fac..2efd6b802 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAuthFlowValidationTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/ConsentAuthFlowValidationTests.groovy @@ -476,7 +476,7 @@ class ConsentAuthFlowValidationTests extends AUTest{ @Test (priority = 1) void "CDS-541_Verify same user nominated for multiple accounts"() { - auConfiguration.setPsuNumber(2) + auConfiguration.setPsuNumber(3) //Get Authorisation URL response = auAuthorisationBuilder.doPushAuthorisationRequest(scopes, AUConstants.DEFAULT_SHARING_DURATION, true, "") diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/UserNominationManagementTests.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/UserNominationManagementTests.groovy index e79a0d1cb..05a6ca5ac 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/UserNominationManagementTests.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/bnr/UserNominationManagementTests.groovy @@ -302,7 +302,7 @@ class UserNominationManagementTests extends AUTest { Assert.assertEquals(deleteResponse.statusCode(), AUConstants.OK) } - @Test + @Test (priority = 1) void "CDS-600_Verify the Delete BU end point with NR who has REVOKE Permission"() { def shareableElements = AUTestUtil.getSharableAccountsList(getSharableBankAccounts()) diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/doms/DisclosureOptionManagementServiceTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/doms/DisclosureOptionManagementServiceTest.groovy index 6893d37f3..fe67e0490 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/doms/DisclosureOptionManagementServiceTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/doms/DisclosureOptionManagementServiceTest.groovy @@ -350,7 +350,7 @@ class DisclosureOptionManagementServiceTest extends AUTest { Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) } - @Test + @Test(priority = 2) void "CDS-650_Verify Consent amendment flow after changing DOMS status to no-sharing"() { //Consent Authorisation diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy index 508ab4f6e..ed4af0aa1 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy @@ -236,7 +236,7 @@ class CeasingSecondaryUserConsentFlowTest extends AUTest { void "CDS-647_Consent amendment after ceasing the secondary user sharing"() { //Active the sharing status for secondary account 1 - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Send Push Authorisation Request diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserManagementTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserManagementTest.groovy index be620feea..a06b0f41a 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserManagementTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserManagementTest.groovy @@ -74,7 +74,7 @@ class CeasingSecondaryUserManagementTest extends AUTest { @Test (groups = "SmokeTest", priority = 1) void "CDS-631_Block the sharing status for a legal entity"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.BLOCK_ENTITY) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.BLOCK_ENTITY) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Check Sharing Status @@ -86,7 +86,7 @@ class CeasingSecondaryUserManagementTest extends AUTest { @Test (priority = 1, dependsOnMethods = "CDS-631_Block the sharing status for a legal entity") void "CDS-632_Block an already blocked legal entity"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.BLOCK_ENTITY) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.BLOCK_ENTITY) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Check Sharing Status @@ -98,7 +98,7 @@ class CeasingSecondaryUserManagementTest extends AUTest { @Test (priority = 1, dependsOnMethods = "CDS-632_Block an already blocked legal entity") void "CDS-633_Unlock the sharing status for a legal entity"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Check Sharing Status @@ -123,7 +123,7 @@ class CeasingSecondaryUserManagementTest extends AUTest { @Test void "CDS-635_Block sharing status with incorrect status value"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, "Block_Entity") + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), "Block_Entity") Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_400) //TODO: Issue: https://github.com/wso2-enterprise/financial-open-banking/issues/8275 @@ -135,16 +135,16 @@ class CeasingSecondaryUserManagementTest extends AUTest { @Test void "CDS-639_Block sharing status for multiple user Ids"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.BLOCK_ENTITY, - true, "admin@wso2.com", accountID, altLegalEntityId, AUConstants.BLOCK_ENTITY) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.BLOCK_ENTITY, + true, "admin@wso2.com", accountID, altLegalEntityId.toLowerCase(), AUConstants.BLOCK_ENTITY) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) } @Test void "CDS-640_Blocking and activating sharing status for legal entities via same request"() { - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE, - true, userId, accountID, altLegalEntityId, AUConstants.BLOCK_ENTITY) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE, + true, userId, accountID, altLegalEntityId.toLowerCase(), AUConstants.BLOCK_ENTITY) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) } @@ -194,6 +194,4 @@ class CeasingSecondaryUserManagementTest extends AUTest { "Error occurred while updating the sharing status for a legal entity/entities.") Assert.assertEquals(AUTestUtil.parseResponseBody(response, AUConstants.ERROR), AUConstants.INVALID_REQUEST) } - - } diff --git a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/automation/consent/AUBasicAuthAutomationStep.groovy b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/automation/consent/AUBasicAuthAutomationStep.groovy index 70909bc3a..f36066cfc 100644 --- a/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/automation/consent/AUBasicAuthAutomationStep.groovy +++ b/integration-test-suite/cds-toolkit-test-framework/src/main/groovy/org/wso2/cds/test/framework/automation/consent/AUBasicAuthAutomationStep.groovy @@ -63,7 +63,8 @@ class AUBasicAuthAutomationStep implements BrowserAutomationStep { //Second Factor Authentication Step try{ if (driver.isElementDisplayed(AUPageObjects.AU_BTN_AUTHENTICATE)) { - driver.executeSMSOTP(AUPageObjects.AU_LBL_SMSOTP_AUTHENTICATOR, AUPageObjects.AU_TXT_OTP_CODE_ID, AUConstants.AU_OTP_CODE) + driver.executeSMSOTP(AUPageObjects.AU_LBL_SMSOTP_AUTHENTICATOR, AUPageObjects.AU_TXT_OTP_CODE_ID, + AUConstants.AU_OTP_CODE) driver.clickButtonXpath(AUPageObjects.AU_BTN_AUTHENTICATE) driver.waitTimeRange(30) } From 94b09494e731920536d4a283d56c73c6eca61735 Mon Sep 17 00:00:00 2001 From: malshanisenarathne Date: Fri, 6 Dec 2024 16:05:35 +0530 Subject: [PATCH 4/6] Automation script --- integration-test-suite/test-grid-job/test.sh | 213 +++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100755 integration-test-suite/test-grid-job/test.sh diff --git a/integration-test-suite/test-grid-job/test.sh b/integration-test-suite/test-grid-job/test.sh new file mode 100755 index 000000000..df5506e59 --- /dev/null +++ b/integration-test-suite/test-grid-job/test.sh @@ -0,0 +1,213 @@ +#!/bin/bash + +# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +set -o xtrace + +HOME=`pwd` +TEST_SCRIPT=test.sh +MVNSTATE=1 #This variable is read by the test-grid to determine success or failure of the build. (0=Successful) + +function usage() +{ + echo " + Usage bash test.sh --input-dir /workspace/data-bucket..... + Following are the expected input parameters. all of these are optional + --input-dir | -i : input directory for test.sh + --output-dir | -o : output directory for test.sh + " +} + +#=== FUNCTION ================================================================== +# NAME: get_prop +# DESCRIPTION: Retrieve specific property from deployment.properties file +# PARAMETER 1: property_value +#=============================================================================== +function get_prop { + local prop=$(grep -w "${1}" "${INPUT_DIR}/deployment.properties" | cut -d'=' -f2) + echo $prop +} + +optspec=":hiom-:" +while getopts "$optspec" optchar; do + case "${optchar}" in + -) + case "${OPTARG}" in + input-dir) + val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 )) + INPUT_DIR=$val + ;; + output-dir) + val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 )) + OUTPUT_DIR=$val + ;; + mvn-opts) + val="${!OPTIND}"; OPTIND=$(( $OPTIND + 1 )) + MAVEN_OPTS=$val + ;; + *) + usage + if [ "$OPTERR" = 1 ] && [ "${optspec:0:1}" != ":" ]; then + echo "Unknown option --${OPTARG}" >&2 + fi + ;; + esac;; + h) + usage + exit 2 + ;; + o) + OUTPUT_DIR=$val + ;; + m) + MVN_OPTS=$val + ;; + i) + INPUT_DIR=$val + ;; + *) + usage + if [ "$OPTERR" != 1 ] || [ "${optspec:0:1}" = ":" ]; then + echo "Non-option argument: '-${OPTARG}'" >&2 + fi + ;; + esac +done + +export DATA_BUCKET_LOCATION=${INPUT_DIR} + +cat ${INPUT_DIR}/deployment.properties + +echo "--- Go to reference-implementation-consumerdatastandards-au folder" +cd ../../ +SOURCE_HOME=`pwd` +APIS_HOME=${SOURCE_HOME}/toolkits/ob-apim/repository/resources/apis/consumerdatastandards.org.au +TEST_FRAMEWORK_HOME=${SOURCE_HOME}/integration-test-suite/cds-toolkit-test-framework +TEST_CONFIG_FILE=${TEST_FRAMEWORK_HOME}/src/main/resources/TestConfiguration.xml +TEST_ARTIFACTS=${SOURCE_HOME}/integration-test-suite/test-artifacts +API_VERSION="1.3.0" + +echo "Test Suite execution for API Version : CDS 1.3.0" + +#--------------set configs in test-config.xml-----------------# +cp ${TEST_FRAMEWORK_HOME}/src/main/resources/TestConfigurationExample.xml ${TEST_CONFIG_FILE} + +sed -i -e "s|Common.SolutionVersion|3.0.0|g" $TEST_CONFIG_FILE +sed -i -e "s|Common.ApiVersion|$(get_prop "ApiVersion")|g" $TEST_CONFIG_FILE +sed -i -e "s|Common.AccessTokenExpireTime|30|g" $TEST_CONFIG_FILE +sed -i -e "s|Common.TenantDomain|carbon.super|g" $TEST_CONFIG_FILE +sed -i -e "s|Common.SigningAlgorithm|PS256|g" $TEST_CONFIG_FILE +sed -i -e "s|Provisioning.Enabled|true|g" $TEST_CONFIG_FILE +sed -i -e "s|Provisioning.ProvisionFilePath|${TEST_FRAMEWORK_HOME}/src/main/resources/provisioningFiles/api-config-provisioning.yaml|g" $TEST_CONFIG_FILE + +#----------------set hostnames for sequences -----------# +#__replace hostname before deploy +sed -i -e "s|Server.BaseURL|https://$(get_prop "ApimHostname"):8243|g" $TEST_CONFIG_FILE +sed -i -e "s|Server.GatewayURL|https://$(get_prop "ApimHostname"):9443|g" $TEST_CONFIG_FILE +sed -i -e "s|Server.AuthorisationServerURL|https://$(get_prop "IamHostname"):9446|g" $TEST_CONFIG_FILE +sed -i -e "s|Server.SharableAccountsURL|http://$(get_prop "ApimHostname"):9763|g" $TEST_CONFIG_FILE + +# configs for application 1 +sed -i -e "s|AppConfig1.KeyStore.Location|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources/signing-keystore/signing.jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.KeyStore.Alias|tpp7-signing|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.KeyStore.Password|wso2carbon|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.KeyStore.DomainName|https://wso2.com|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.KeyStore.SigningKid|7eJ8S_ZgvlYxFAFSghV9xMJROvk|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Transport.MTLSEnabled|true|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Transport.KeyStore.Location|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources/transport-keystore/transport.jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Transport.KeyStore.Type|jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Transport.KeyStore.Password|wso2carbon|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.DCR.SSAPath|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources/ssa.txt|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.DCR.SoftwareId|SP2|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.DCR.RedirectUri|https://www.google.com/redirects/redirect1|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.DCR.AlternateRedirectUri|https://www.google.com/redirects/redirect2|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Application.ClientID|Application.ClientID|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig1.Application.RedirectURL|https://www.google.com/redirects/redirect1|g" $TEST_CONFIG_FILE + +# configs for application 2 +sed -i -e "s|AppConfig2.KeyStore.Location|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources-2/signing-keystore/signing.jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.KeyStore.Alias|tpp7-signing|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.KeyStore.Password|wso2carbon|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.KeyStore.DomainName|https://wso2.com|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.KeyStore.SigningKid|7eJ8S_ZgvlYxFAFSghV9xMJROvk|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Transport.MTLSEnabled|true|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Transport.KeyStore.Location|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources-2/transport-keystore/transport.jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Transport.KeyStore.Type|jks|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Transport.KeyStore.Password|wso2carbon|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.DCR.SSAPath|${TEST_ARTIFACTS}/DynamicClientRegistration/AU/sample-client-resources-2/ssa.txt|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.DCR.SoftwareId|SP3|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.DCR.RedirectUri|https://www.google.com/redirects/redirect1|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.DCR.AlternateRedirectUri|https://www.google.com/redirects/redirect2|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Application.ClientID|Application.ClientID|g" $TEST_CONFIG_FILE +sed -i -e "s|AppConfig2.Application.RedirectURL|https://www.google.com/redirects/redirect1|g" $TEST_CONFIG_FILE + +# Set client trust store +#TODO:If Remote Server, Need to copy the client-truststore.jks manually. +cp $(get_prop "ApimServerPath")/repository/resources/security/client-truststore.jks ${TEST_ARTIFACTS}/am-certs/ +sed -i -e "s|Transport.Truststore.Location|${TEST_ARTIFACTS}/am-certs/client-truststore.jks|g" $TEST_CONFIG_FILE + +sed -i -e "s|Transport.Truststore.Type|jks|g" $TEST_CONFIG_FILE +sed -i -e "s|Transport.Truststore.Password|wso2carbon|g" $TEST_CONFIG_FILE + +sed -i -e "s|BrowserAutomation.BrowserPreference|firefox|g" $TEST_CONFIG_FILE +sed -i -e "s|BrowserAutomation.HeadlessEnabled|$(get_prop "BrowserAutomation.HeadlessEnabled")|g" $TEST_CONFIG_FILE +if [ $(get_prop "OSName") == "mac" ]; then + sed -i -e "s|BrowserAutomation.WebDriverLocation|${TEST_ARTIFACTS}/selenium-libs/mac/geckodriver|g" $TEST_CONFIG_FILE +else + sed -i -e "s|BrowserAutomation.WebDriverLocation|${TEST_ARTIFACTS}/selenium-libs/ubuntu/geckodriver|g" $TEST_CONFIG_FILE +fi + +sed -i -e "s|ConsentApi.AudienceValue|https://$(get_prop "IamHostname"):9446/oauth2/token|g" $TEST_CONFIG_FILE +sed -i -e "s|ConsentApi.RevocationAudienceValue|https://$(get_prop "IamHostname"):9446/oauth2/revoke|g" $TEST_CONFIG_FILE + +#Test Related Additional Configurations +sed -i -e "s|AUMockCDRRegister.Enabled|false|g" $TEST_CONFIG_FILE +sed -i -e "s|IdPermanence.SecretKey|wso2|g" $TEST_CONFIG_FILE +sed -i -e "s|ProfileSelection.Enabled|true|g" $TEST_CONFIG_FILE + +# Database Configurations +sed -i -e "s|DataBaseConfiguration.DBType|$(get_prop "DbType")|g" $TEST_CONFIG_FILE +sed -i -e "s|DataBaseConfiguration.DBServerHost|$(get_prop "DBServerHost")|g" $TEST_CONFIG_FILE +sed -i -e "s|DataBaseConfiguration.DBUsername|$(get_prop "DBUsername")|g" $TEST_CONFIG_FILE +sed -i -e "s|DataBaseConfiguration.DBPassword|$(get_prop "DBPassword")|g" $TEST_CONFIG_FILE +sed -i -e "s|DataBaseConfiguration.DBDriverClass|$(get_prop "DBDriverClass")|g" $TEST_CONFIG_FILE +sed -i -e "s|DataBaseConfiguration.OracleDBSID|$(get_prop "OracleDBSID")|g" $TEST_CONFIG_FILE + +#--------------build the Base test framework-----------------# +git clone https://github.com/wso2/financial-services-accelerator.git +cd financial-services-accelerator/integration-test-framework +mvn clean install + +#--------------build the CDS Toolkit test Framework-----------------# +cd ${TEST_FRAMEWORK_HOME} +echo "${TEST_FRAMEWORK_HOME}/cds-toolkit-test-framework" +mvn clean install + +#--------------run the Test Suite-----------------# +cd ${TEST_FRAMEWORK_HOME}/../cds-toolkit-integration-test/ +if [ $(get_prop "TestType") == "Smoke" ]; then + SMOKE_TESTNG=${TEST_FRAMEWORK_HOME}/../cds-toolkit-integration-test/src/test/resources/testngSmokeTest.xml + mvn clean install -DgroupToRun=SmokeTest -Dsurefire.suiteXmlFiles=${SMOKE_TESTNG} -fae -B -f pom.xml + MVNSTATE=$((MVNSTATE+$?)) + mkdir -p ${OUTPUT_DIR}/scenarios/au-$API_VERSION + find . -name "surefire-reports" -exec cp --parents -r {} ${OUTPUT_DIR}/scenarios/ \; +else + mvn clean install -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -fae -B -f pom.xml + MVNSTATE=$((MVNSTATE+$?)) + mkdir -p ${OUTPUT_DIR}/scenarios/au-$API_VERSION + find . -name "surefire-reports" -exec cp --parents -r {} ${OUTPUT_DIR}/scenarios/ \; +fi From fed14b82945c46f79f252cb7816a7970535f6f5e Mon Sep 17 00:00:00 2001 From: malshanisenarathne Date: Fri, 6 Dec 2024 18:29:25 +0530 Subject: [PATCH 5/6] Adding Testng files --- ...CeasingSecondaryUserConsentFlowTest.groovy | 8 +- .../src/test/resources/testng.xml | 51 +++++++++-- .../src/test/resources/testngSmokeTest.xml | 88 ++++++++++++++++++- 3 files changed, 131 insertions(+), 16 deletions(-) diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy index ed4af0aa1..f148fb799 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/groovy/org/wso2/cds/keymanager/test/secondaryUser/CeasingSecondaryUserConsentFlowTest.groovy @@ -106,7 +106,7 @@ class CeasingSecondaryUserConsentFlowTest extends AUTest { void "CDS-644_Verify account is not listed under unavailable accounts once the legal entity is active by account owner"() { //Active the sharing status - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Send Push Authorisation Request @@ -163,7 +163,7 @@ class CeasingSecondaryUserConsentFlowTest extends AUTest { void "CDS-646_Retrieve accounts after activating the data sharing for legal entity"() { //Block the sharing status - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Account Retrieval @@ -185,7 +185,7 @@ class CeasingSecondaryUserConsentFlowTest extends AUTest { def updateResponse = updateSecondaryUserInstructionPermission(altAccountID, userId, AUConstants.ACTIVE) Assert.assertEquals(updateResponse.statusCode(), AUConstants.OK) - response = updateLegalEntityStatus(clientHeader, altAccountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, altAccountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Send Push Authorisation Request @@ -299,7 +299,7 @@ class CeasingSecondaryUserConsentFlowTest extends AUTest { void "CDS-649_Verify account is listed under unavailable accounts once the legal entity is restricted in consent amendment flow"() { //Active the sharing status for secondary account 1 - response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId, AUConstants.ACTIVE) + response = updateLegalEntityStatus(clientHeader, accountID, userId, legalEntityId.toLowerCase(), AUConstants.ACTIVE) Assert.assertEquals(response.statusCode(), AUConstants.STATUS_CODE_200) //Send Push Authorisation Request diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testng.xml b/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testng.xml index c2d40de96..14284345a 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testng.xml +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testng.xml @@ -19,30 +19,62 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + - + + + + + + + - + @@ -54,12 +86,12 @@ - + - + @@ -93,7 +125,6 @@ - @@ -163,7 +195,8 @@ - + + diff --git a/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testngSmokeTest.xml b/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testngSmokeTest.xml index 4436581da..24148a521 100644 --- a/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testngSmokeTest.xml +++ b/integration-test-suite/cds-toolkit-integration-test/src/test/resources/testngSmokeTest.xml @@ -19,7 +19,49 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -107,7 +188,7 @@ - +