--- swagger: "2.0" info: title: Confirmation of Funds API x-ibm-name: confirmation-of-funds-api version: 1.0.0 contact: name: psd2@rhbank.no license: name: Copyright © 2018-2019 SPAREBANK 1 RINGERIKE HADELAND. All rights reserved. url: https://psd2.rhbank.no/terms description: | [**Read the developer documentation before using this API** ](https://psd2.rhbank.no/portal-sandbox/documentation/) basePath: / tags: - name: funds-confirmation schemes: - https paths: /v1/funds-confirmations: post: tags: - funds-confirmation summary: Checks whether a given amount is currently available on a PSU account. description: "Will only return a simple \"yes\" or \"no\" answer.\nSee _XS2A Framework Implementation Guidelines, Section 10_ for additional details. \n" operationId: confirmFunds produces: - application/json;charset=utf-8 parameters: - in: body name: body description: payload required: true schema: $ref: '#/definitions/FundsConfirmation' - name: x-accept-fix in: header required: true type: string description: Set this to "amount-as-string", will make amounts be serialized as strings with the correct number of decimal points. Temporarily required , default serialization will be switched to string when all clients sends this header. x-example: amount-as-string - name: Accept in: header type: string required: false description: Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header. x-example: application/json - name: Accept-Charset in: header type: string required: false description: Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header. x-example: utf-8 - name: Accept-Encoding in: header required: false type: string description: Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header. x-example: deflate, gzip;q=1.0, *;q=0.5 - name: Accept-Language in: header description: Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header. required: false type: string x-example: en-US,en;q=0.7,nb;q=0.3 - name: Host in: header type: string required: false description: The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening. x-example: http://lbxp02vip.unix.cosng.net:20100/secesb/rest/era-psd2 - name: X-Request-ID in: header type: string required: true description: Request identifier, unique to the call, as determined by the TPP. x-example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19 - name: TPP-Session-ID in: header type: string required: true description: TPP session identifier. x-example: b29f79d9-12ea-462b-ad8a-8ad38b8c57b7 - name: TPP-Redirect-URI in: header type: string required: true description: URI of the TPP, where the transaction flow shalle be redirected to after a Redirect. x-example: http://httpbin.org/get - name: TPP-Signature-Certificate in: header type: string required: true description: The certificate used for signing the request in base64 encoding. x-example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k== - name: Signature in: header type: string required: true description: | HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework. - *keyId* must be formatted as `keyId="SN=XXX,CA=YYY"` where `XXX` is the serial number of the signing certificate in hexadecimal encoding and `YYY` is the ful Distinguished Name of the Certificate Authority having certificate - *algorithm* must identify the same algorithm for the signature as presented in the signing certificate and should be `rsa-sha256` - *headers* must contain `date`, `digest`, `x-request-id`, `psu-id`, `psu-corporate-id`, and `tpp-redirect-uri` when available - *signature* must be computed as `Base64(RSA-SHA256(signingString))` If any values in the signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the signature header according to RFC 2047 which means MIME encoding the signature. Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?= Example of this encoding: `=?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=` Java example of how to implement encoding: ``` if (charset.equals(StandardCharsets.UTF_8)) { signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8))); } ``` x-example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************" - name: PSU-ID in: header type: string format: UUID required: false description: The PSU identifier. x-example: 49ae0cfe-6b72-4310-81f5-ad4eef897fe3 - name: PSU-Corporate-ID in: header required: false type: string description: The PSU Corporate agreement identifier. x-example: aog5kNSbDNo2srEPAqsCGaR8LNCAfLVlKPzbwKZQJzI= - name: PSU-IP-Address in: header description: The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. required: false type: string x-example: 153.110.241.229 - name: PSU-IP-Port in: header description: The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. required: false type: string x-example: 443 - name: PSU-User-Agent in: header description: The forwarded value for the User-Agent header field between the PSU and TPP, if available. required: false type: string x-example: Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/63.0 - name: PSU-Accept in: header description: The forwarded value for the Accept header field between the PSU and TPP, if available. required: false type: string x-example: application/json - name: PSU-Accept-Charset in: header description: The forwarded value for the Accept-Charset header field between the PSU and TPP, if available. required: false type: string x-example: utf-8 - name: PSU-Accept-Encoding in: header description: The forwarded value for the Accept-Encoding header field between the PSU and TPP, if available. required: false type: string x-example: gzip, deflate, br - name: PSU-Accept-Language in: header description: The forwarded value for the Accept-Language header field between the PSU and TPP, if available. required: false type: string x-example: en-US,en;q=0.7,nb;q=0.3 - name: PSU-HTTP-Method in: header type: string required: false description: The forwarded value for the HTTP method used between the PSU and TPP, if available. x-example: GET - name: PSU-Device-ID in: header type: string format: UUID required: false description: The forwarded value of the device ID used by the PSU, if available. x-example: 35-67660-48540-8 - name: PSU-Geo-Location in: header description: The forwarded value of the Geo Location of the corresponding HTTP request between the PSU and TPP, if available. required: false type: string x-example: GEO:52.506931,13.144558 responses: 200: description: OK schema: $ref: '#/definitions/FundsConfirmation' 400: description: Bad Request schema: $ref: '#/definitions/Error' examples: FORMAT_ERROR: id: "5615873375" status: 400 system: ERA-PSD2 code: FORMAT_ERROR 401: description: Unauthorized schema: $ref: '#/definitions/Challenge' 404: description: Not Found schema: $ref: '#/definitions/Error' examples: RESOURCE_UNKNOWN: id: "5615873376" system: ERA-PSD2 status: 404 code: RESOURCE_UNKNOWN message: Account not found. 500: description: Internal Server Error schema: $ref: '#/definitions/Error' examples: SYSTEM_ERROR: id: "5615873378" system: ERA-PSD2 status: 500 code: SYSTEM_ERROR definitions: FundsConfirmation: type: object required: - account - instructedAmount properties: cardNumber: type: string description: Card Number of the card issued by the PIISP. example: EBC628959124 account: $ref: '#/definitions/AccountReference' payee: type: string description: The merchant where the card is accepted. minLength: 0 maxLength: 70 example: xxx instructedAmount: $ref: '#/definitions/Amount' AccountReference: type: object required: - currency properties: bban: type: string description: Identifier that uniquely identifies an individual account at a specific financial institution in a particular country and which includes a bank identifier of the financial institution servicing that account. minLength: 0 maxLength: 30 example: "95360573002" iban: type: string description: Expanded version of the basic bank account number (BBAN), structured as defined by ISO 13616-1:2007, intended for use internationally, which uniquely identifies an individual account at a specific financial institution, in a particular country. minLength: 0 maxLength: 34 example: NO0995360573002 currency: type: string description: ISO 4217 Alphabetic Currency Code. example: NOK enum: - AED - AFN - ALL - AMD - ANG - AOA - ARS - AUD - AWG - AZN - BAM - BBD - BDT - BGN - BHD - BIF - BMD - BND - BOB - BRL - BSD - BTN - BWP - BYR - BZD - CAD - CDF - CHF - CLP - CNY - COP - CRC - CUC - CUP - CVE - CZK - DJF - DKK - DOP - DZD - EGP - ERN - ETB - EUR - FJD - FKP - GBP - GEL - GGP - GHS - GIP - GMD - GNF - GTQ - GYD - HKD - HNL - HRK - HTG - HUF - IDR - ILS - IMP - INR - IQD - IRR - ISK - JEP - JMD - JOD - JPY - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LYD - MAD - MDL - MGA - MKD - MMK - MNT - MOP - MRO - MUR - MVR - MWK - MXN - MYR - MZN - NAD - NGN - NIO - NOK - NPR - NZD - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - RON - RSD - RUB - RWF - SAR - SBD - SCR - SDG - SEK - SGD - SHP - SLL - SOS - SPL - SRD - STD - SVC - SYP - SZL - THB - TJS - TMT - TND - TOP - TRY - TTD - TVD - TWD - TZS - UAH - UGX - USD - UYU - UZS - VEF - VND - VUV - WST - XAF - XCD - XDR - XOF - XPF - YER - ZAR - ZMW - ZWD Amount: type: object required: - amount - currency properties: amount: type: string description: Note that even though the contract sets a precision of 18 and a scale of 5, the provided fraction digits must adhere to the minor units as defined in ISO 4217 for the provided currency code. example: "100.26" currency: type: string description: ISO 4217 Alphabetic Currency Code. example: NOK enum: - AED - AFN - ALL - AMD - ANG - AOA - ARS - AUD - AWG - AZN - BAM - BBD - BDT - BGN - BHD - BIF - BMD - BND - BOB - BRL - BSD - BTN - BWP - BYR - BZD - CAD - CDF - CHF - CLP - CNY - COP - CRC - CUC - CUP - CVE - CZK - DJF - DKK - DOP - DZD - EGP - ERN - ETB - EUR - FJD - FKP - GBP - GEL - GGP - GHS - GIP - GMD - GNF - GTQ - GYD - HKD - HNL - HRK - HTG - HUF - IDR - ILS - IMP - INR - IQD - IRR - ISK - JEP - JMD - JOD - JPY - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LYD - MAD - MDL - MGA - MKD - MMK - MNT - MOP - MRO - MUR - MVR - MWK - MXN - MYR - MZN - NAD - NGN - NIO - NOK - NPR - NZD - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - RON - RSD - RUB - RWF - SAR - SBD - SCR - SDG - SEK - SGD - SHP - SLL - SOS - SPL - SRD - STD - SVC - SYP - SZL - THB - TJS - TMT - TND - TOP - TRY - TTD - TVD - TWD - TZS - UAH - UGX - USD - UYU - UZS - VEF - VND - VUV - WST - XAF - XCD - XDR - XOF - XPF - YER - ZAR - ZMW - ZWD Challenge: type: object properties: _links: type: object readOnly: true additionalProperties: $ref: '#/definitions/Link' example: _links: scaRedirect: href: https://psd2.rhbank.no/tap?route_secesb_id=1&flow=psd2&state=ca477daf-d824-4f0b-b405-6c8fc385dc0b&locale=no-NB, no; q=1.0 verbs: - GET Link: type: object required: - href - verbs properties: href: type: string example: https://psd2.rhbank.no/ verbs: type: array items: type: string enum: - GET - PUT - POST - DELETE example: GET Error: type: object properties: id: type: string example: "5884127160" system: type: string example: ERA-PSD2 status: type: number example: 400 code: type: string example: ERROR_CODE message: type: string example: error message appears here x-ibm-configuration: enforced: true testable: true phase: realized x-ibm-endpoints: - endpointUrl: https://psd2.rhbank.no/api-sandbox type: - production - development ...