openapi: 3.0.0 info: title: Mimun Yashir Layer7 OpenBanking Consent v1.7 and Loans v1.5 version: 1.0.0 servers: - url: https://apigw-test.5555.co.il - url: https://apigw.5555.co.il components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT oAuth: type: oauth2 flows: authorizationCode: authorizationUrl: 'https://apigw/openbanking/oauth/authorize' tokenUrl: 'https://apigw/openbanking/oauth/token' scopes: consent: 'Grants consent access' clientCertAuth: type: http scheme: bearer # Use a standard scheme description: "TPP Client certificate" x-mutualTLS: true paths: /openbanking/v1.7/consents: post: tags: - Consent summary: Create consent security: - clientCertAuth: [] requestBody: content: application/json: schema: type: object examples: example1: summary: Bank Offered consent value: access: accounts: [] balances: [] transactions: [] recurringIndicator: true validUntil: '2024-12-31' frequencyPerDay: 100 example2: summary: Bank Detailed consent value: access: accounts: [{ "other":{"identification":"123456789"} }, { "other":{"identification":"1122334455"} }] balances: [{ "other":{"identification":"123456789"} }, { "other":{"identification":"1122334455"} }] transactions: [{ "other":{"identification":"123456789"} }, { "other":{"identification":"1122334455"} }] recurringIndicator: true validUntil: '2024-12-31' frequencyPerDay: 100 parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: PSU-ID required: true in: header schema: type: string example: '{{PSU-ID}}' - name: PSU-ID-TYPE in: header required: true schema: type: string example: '{{PSU-ID-TYPE}}' - name: TPP-Notification-URI in: header required: true schema: type: string example: '{{TPP-Notification-URI}}' - name: TPP-Redirect-URI in: header schema: type: string example: '{{TPP-Redirect-URI}}' - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 responses: '200': description: Successful response with consent data content: application/json: example: | { "consentStatus": "received", "consentId": "1234-wertiq-983", "_links": { "self": { "href": "/v1.7/consents/1234-wertiq-983" }, "scaOAuth": { "href": "https://www.testbank.com/oauth/.well-known/oauth-authorization-server?consentId=1234-wertiq-983" } } } /openbanking/oauth/.well-known/oauth-authorization-server/: get: tags: - Autorization summary: Get authorize data parameters: - name: consentId in: query required: true schema: type: string example: 21e26361-ddda-448c-9ba7-15d82e6f9177 responses: '200': description: Successful response with authorization server metadata content: application/json: example: | { "issuer": "www.testbank.com", "authorization_endpoint": "https://www.testbank.com/oauth/authorize/4321-abcdef-321", "token_endpoint": "https://www.testbank.com/oauth/token", "response_types_supported": [ "code" ] } /openbanking/oauth/authorize/{consentId}: get: tags: - Autorization summary: GET authorize security: - clientCertAuth: [] parameters: - name: consentId in: path required: true schema: type: string description: The consent ID for authorization - name: response_type in: query required: true schema: type: string example: code - name: client_id in: query required: true schema: type: string example: '{{client_id}}' - name: scope in: query required: true schema: type: string example: ais:{{consentId}} - name: state in: query required: true schema: type: string example: mystate - name: redirect_uri in: query required: true schema: type: string example: https://AIPITestFintech.com/redirected - name: code_challenge in: query required: true schema: type: string example: kl0mpXDz5Qyu9rkl1XxCYpIzwPUI8zE5Cs_YB7ECwZk - name: code_challenge_method in: query required: true schema: type: string example: S256 responses: '200': description: Successful response with redirect location header content: application/json: {} /openbanking/oauth/authorize: post: tags: - Autorization summary: POST authorize security: - bearerAuth: [] requestBody: content: application/json: schema: type: object examples: example1: summary: Bank Offered consent value: consentType: "bankOffered" psuIdType: "private" consentID: '21e26361-ddda-448c-9ba7-15d82e6f9177' decision: "accept" access: accounts: - other: identification: "123456789" - other: identification: "123456789" balances: - other: identification: "123456789" - other: identification: "123456789" transactions: - other: identification: "123456789" - other: identification: "123456789" reason: "" example2: summary: Bank Detailed consent value: consentType: "detailed" psuIdType: "private" consentID: '21e26361-ddda-448c-9ba7-15d82e6f9177' decision: "accept" reason: "" parameters: - name: authorization in: header required: true schema: type: string example: '{{authorization}}' - name: X-Code in: header required: true schema: type: string example: '{{X-Code}}' responses: '200': description: Successful response content: application/json: {} /openbanking/oauth/token: post: tags: - Autorization summary: Get access token security: - oAuth: [] requestBody: content: application/x-www-form-urlencoded: schema: type: object properties: grant_type: type: string client_id: type: string scope: type: string redirect_uri: type: string code_verifier: type: string code: type: string refresh_token: type: string responses: '200': description: Successful response content: application/json: {} /openbanking/v1.5/loans: get: tags: - Loans summary: Get Loans list (by consentId) security: - oAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://fintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 141.13.100.12 - name: Consent-ID in: header required: true schema: type: string example: '{{consentId}}' responses: '200': description: Successful response content: application/json: {} /openbanking/v1.5/loans/{resourceId}: get: tags: - Loans summary: Get loan details (by resourceId) security: - oAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://fintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: Content-Type in: header required: true schema: type: string example: application/json - name: Consent-ID in: header required: true schema: type: string example: '{{consentId}}' - name: resourceId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /openbanking/v1.5/loans/{resourceId}/balances: get: tags: - Loans summary: Get loan balances (by resourceId) security: - oAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://fintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: Content-Type in: header required: true schema: type: string example: application/json - name: Consent-ID in: header required: true schema: type: string example: '{{consentId}}' - name: resourceId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /openbanking/v1.5/loans/{resourceId}/transactions: get: tags: - Loans summary: Get loan transactions (by resourceId) security: - oAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://fintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: Content-Type in: header required: true schema: type: string example: application/json - name: Consent-ID in: header required: true schema: type: string example: '{{consentId}}' - name: resourceId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /openbanking/v1.7/consents/{consentId}: delete: tags: - Consent summary: Delete consent security: - clientCertAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: PSU-ID in: header required: true schema: type: integer example: '336480876' - name: PSU-ID-Type in: header required: true schema: type: string example: id - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://AITestFintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} get: tags: - Consent summary: Get consent details security: - clientCertAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: PSU-ID in: header required: true schema: type: integer example: '336480876' - name: PSU-ID-Type in: header required: true schema: type: string example: id - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://AITestFintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /openbanking/v1.7/consents/{consentId}/status: get: tags: - Consent summary: Get consent status security: - clientCertAuth: [] parameters: - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: Digest in: header required: true schema: type: string example: '{{digest}}' - name: Signature in: header required: true schema: type: string example: '{{signature}}' - name: TPP-Signature-Certificate in: header required: true schema: type: string example: '{{TPP-Signature-Certificate}}' - name: PSU-ID in: header required: true schema: type: integer example: '336480876' - name: PSU-ID-Type in: header required: true schema: type: string example: id - name: TPP-Redirect-URI in: header required: true schema: type: string example: https://AITestFintech.com/redirected - name: PSU-IP-Address in: header required: true schema: type: string example: 1.1.1.1 - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /bo/consents/status/{consentId}: get: tags: - Backoffice summary: Backofiice GET consent status security: - bearerAuth: [] parameters: - name: Autorization in: header required: true schema: type: string example: 'Bearer {{$authorization_jwt}}' - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: requestingSystem in: header required: true schema: type: string example: web - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} put: tags: - Backoffice summary: Backofiice GET consent status update requestBody: content: {} security: - bearerAuth: [] parameters: - name: Autorization in: header required: true schema: type: string example: '{{$authorization_jwt}}' - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: requestingSystem in: header required: true schema: type: string example: web - name: consent-status in: query required: true schema: type: string example: suspendedByASPSP - name: reason in: query required: true schema: type: string example: UNAUTHORIZED_USER - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /bo/consents/bypsu/{PSU-ID}: get: tags: - Backoffice summary: Backofiice GET consent details by PSU-ID security: - bearerAuth: [] parameters: - name: Autorization in: header required: true schema: type: string example: '{{$authorization_jwt}}' - name: X-Request-ID in: header required: true schema: type: string example: '{{$guid}}' - name: requestingSystem in: header schema: type: string example: web - name: validOnly in: query required: true schema: type: boolean example: 'true' - name: PSU-ID in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {} /bo/consents/details/{consentId}: get: tags: - Backoffice summary: Backofiice GET consent details by ConsentId security: - bearerAuth: [] parameters: - name: X-Request-ID in: header schema: type: string example: '{{$guid}}' - name: requestingSystem in: header schema: type: string example: oz - name: consentId in: path schema: type: string required: true responses: '200': description: Successful response content: application/json: {}