openapi.yaml

openapi: 3.0.1
info:
  title: Adatree ADR Platform Consent API
  description: >-
    Consent Dashboard REST APIs. This allows ADR / consumers to perform CDR
    consumer authorization flow with Data Holders
  version: 1.3.0
  contact:
    name: Adatree
    email: engineering@adatree.com.au
  x-konfig-ignore:
    potential-incorrect-type: true
servers:
  - description: Server url
    url: https://cdr-insights-prod.api.adatree.com.au
tags:
  - name: Consent
  - name: Consent Authorization
  - name: Get consent events
  - name: Data Holders
  - name: Tokens
  - name: UseCase
paths:
  /consents:
    get:
      tags:
        - Consent
      summary: Get Consents
      operationId: Consent_getAllRecords
      security:
        - bearerAuth:
            - consumer:consents:read
            - consents:read
        - m2m:
            - consents:read
      description: Get all consent records for this consumer
      parameters:
        - description: >
            consumeId, please be kindly reminded of proper encoding as Id from
            some IDP could have special character like '|', which need be
            encoded as '%7c'. <br/>

            consumerId should only be used with machine token, otherwise it will
            be deemed BAD_REQUEST
          name: consumerId
          in: query
          example: auth0%7c5fbc585628421a006e83d95d
          required: false
          schema:
            type: string
        - $ref: '#/components/parameters/ParamConsentId'
        - $ref: '#/components/parameters/ParamCdrArrangementId'
        - name: status
          in: query
          required: false
          example: ACTIVE
          schema:
            type: string
            enum:
              - REQUESTED
              - ACTIVE
              - REVOKED
              - EXPIRED
        - name: accessFrequency
          in: query
          required: false
          example: ONCE_OFF
          schema:
            type: string
            enum:
              - ONCE_OFF
              - ONGOING
        - name: postUsageAction
          in: query
          required: false
          example: DELETION
          schema:
            type: string
            enum:
              - DELETION
              - DE_IDENTIFICATION
        - name: directMarketingAllowed
          in: query
          required: false
          example: false
          schema:
            type: boolean
        - description: UseCase ids
          name: useCases
          in: query
          required: false
          schema:
            type: array
            items:
              type: string
        - name: dataHolderBrandId
          in: query
          required: false
          example: 55b3299a-3e50-48a2-a190-cca263ccaba5
          schema:
            type: string
        - description: >-
            Constrain the consent with created time at or after this date/time.
            If absent defaults to newestCreated minus 90 days.  Format is
            aligned to DateTimeString common type
          name: oldestCreated
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '1997-01-12T15:43:00.121Z'
        - description: >-
            Constrain the consent with created time at or before this date/time.
            If absent defaults to today. Format is aligned to DateTimeString
            common type
          name: newestCreated
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '1997-01-12T15:43:00.121Z'
        - description: >-
            Constrain the consent with revoked time at or after this date/time.
            If absent defaults to newestRevoked minus 90 days.  Format is
            aligned to DateTimeString common type
          name: oldestRevoked
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '1997-01-12T15:43:00.121Z'
        - description: >-
            Constrain the consent with revoked time at or before this date/time.
            If absent defaults to today. Format is aligned to DateTimeString
            common type
          name: newestRevoked
          in: query
          required: false
          schema:
            type: string
            format: date-time
          example: '1997-01-12T15:43:00.121Z'
        - description: >-
            Constrain the consent with sharingEndDate time at or after this
            date/time. If absent defaults to newestSharingEndDate minus 90
            days.  Format is aligned to DateTimeString common type
          name: oldestSharingEndDate
          in: query
          required: false
          schema:
            type: string
            format: date-time
          example: '1997-01-12T15:43:00.121Z'
        - description: >-
            Constrain the consent with sharingEndDate time at or before this
            date/time. If absent defaults to today. Format is aligned to
            DateTimeString common type
          name: newestSharingEndDate
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '1997-01-12T15:43:00.121Z'
        - description: Constrain the consent by externalId
          name: externalId
          in: query
          required: false
          schema:
            type: string
          example: an-external-id
      responses:
        '200':
          description: successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentGetAllRecordsResponse'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '429':
          $ref: '#/components/responses/429RateLimited'
    post:
      tags:
        - Consent
      summary: Create Consent
      operationId: Consent_recordCreate
      security:
        - bearerAuth:
            - consumer:consents:write
            - consents:write
        - m2m:
            - consents:write
      description: Create a consent record for consumer
      parameters:
        - $ref: '#/components/parameters/HeaderConsumerUserAgent'
        - $ref: '#/components/parameters/HeaderConsumerIpAddress'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateConsent'
      responses:
        '200':
          description: successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentResponse'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '422':
          description: active consent exists for requested use case
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentResponse'
        '429':
          $ref: '#/components/responses/429RateLimited'
  /consents/{consentId}:
    get:
      tags:
        - Consent
      summary: Get Consent
      operationId: Consent_getRecord
      security:
        - bearerAuth:
            - consumer:consents:read
            - consents:read
        - m2m:
            - consents:read
      description: Retreive a single consent record for this consumer
      parameters:
        - name: consentId
          in: path
          required: true
          example: 148c9187-e52b-431f-9b24-7225e75ca2be
          schema:
            type: string
      responses:
        '200':
          description: successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentResponse'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '429':
          $ref: '#/components/responses/429RateLimited'
    patch:
      tags:
        - Consent
      summary: Update a consent's via dashboard or back channel
      operationId: Consent_updateViaDashboard
      security:
        - bearerAuth:
            - consumer:consents:write
            - consents:write
        - m2m:
            - consents:write
      description: >
        <ul><li>Update postUsageAction, directMarketing option or sharing end
        date when a dashboard token is received</li><br/>

        <li>Update externalId when a machine (backchannel) token is
        received</li></ul>
      parameters:
        - name: consentId
          in: path
          example: 148c9187-e52b-431f-9b24-7225e75ca2be
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ConsentUpdateViaDashboardRequest'
      responses:
        '200':
          description: consent successfully updated
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '429':
          $ref: '#/components/responses/429RateLimited'
    delete:
      tags:
        - Consent
      summary: Revoke Consent
      operationId: Consent_revokeRecord
      security:
        - bearerAuth:
            - consumer:consents:write
            - consents:write
        - m2m:
            - consents:write
      description: Revoke a single consent record for this consumer
      parameters:
        - name: consentId
          in: path
          example: 148c9187-e52b-431f-9b24-7225e75ca2be
          required: true
          schema:
            type: string
      responses:
        '200':
          description: default response
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '429':
          $ref: '#/components/responses/429RateLimited'
  /consents/{consentId}/authorization:
    get:
      tags:
        - Consent Authorization
      summary: Get Authorization Redirect URL for a Consent
      operationId: ConsentAuthorization_redirectUrl
      security:
        - bearerAuth:
            - consumer:consents:read
            - consents:read
        - m2m:
            - consents:read
      description: >-
        Get the authorization redirect URL to send the consumer to the data
        holder
      parameters:
        - name: consentId
          in: path
          required: true
          example: 148c9187-e52b-431f-9b24-7225e75ca2be
          schema:
            type: string
        - description: >-
            A state is generated by the consent user-agent (browser) and is used
            to bind the redirection response from a Data Holder with a user
            session as per
            https://openid.net/specs/openid-financial-api-part-1-1_0-final.html#public-client.
            It is sent in the authentication request, and is then also included
            redirect from the ADH to the ADR. This allows the ADR client
            application prevent CSRF attacks. Must be unique per authorization
            request.
          name: state
          in: query
          required: false
          schema:
            type: string
        - description: >-
            The URI to redirect to from the data holder when the consumer has
            finished data holder authentication. Must be from the list of
            redirect URIs configured at the ACCC register.
          name: redirectUri
          in: query
          required: false
          schema:
            type: string
      responses:
        '200':
          description: authorization link
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentAuthorization'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '404':
          $ref: '#/components/responses/404NotFound'
        '409':
          $ref: '#/components/responses/409Conflict'
        '429':
          $ref: '#/components/responses/429RateLimited'
  /consents/events:
    get:
      tags:
        - Get consent events
      summary: Retrieve consent events
      operationId: GetConsentEvents_list
      security:
        - bearerAuth:
            - consumer:consents:read
            - consents:read
        - m2m:
            - consents:read
      parameters:
        - description: >-
            Constrain the consent event result list with timestamp at or after
            this date/time. Format is aligned to DateTimeString common type
          name: oldest
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '2022-02-06T08:17:26Z'
        - description: >-
            Constrain the consent event result list with timestamp at or before
            this date/time. Format is aligned to DateTimeString common type
          name: newest
          in: query
          required: false
          schema:
            type: string
            format: date-time
            example: '2022-02-01T15:43:00.121Z'
        - $ref: '#/components/parameters/ParamConsentId'
        - $ref: '#/components/parameters/ParamPage'
        - $ref: '#/components/parameters/ParamPageSize'
      responses:
        '200':
          description: list of ConsentEvent with pagination
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentEventList'
        '400':
          $ref: '#/components/responses/400BadRequest'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '429':
          $ref: '#/components/responses/429RateLimited'
      callbacks:
        ConsentUpdated:
          $YourWebhookUrl:
            post:
              requestBody:
                content:
                  application/json:
                    schema:
                      $ref: '#/components/schemas/ConsentEvent'
              responses:
                '200':
                  description: Your server returns this code if it accepts the callback
  /software-products/{softwareProductId}/data-holders:
    get:
      tags:
        - Data Holders
      summary: Get Data Holders
      operationId: DataHolders_listAvailable
      security:
        - bearerAuth:
            - consumer:data-holders:read
            - data-holders:read
        - m2m:
            - data-holders:read
      description: Get the list of available data holders for a software product
      parameters:
        - description: >
            The identifier of the software product registered at the ACCC
            registry. <br/>

            The list of data holders returned is the list where dynamic client
            reigstration has been peformed at each data holder for this software
            product. <br/>

            The list of data holders for a use case can be restricted by
            management API at Use Case or Software Product level
          name: softwareProductId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DataHoldersListAvailableResponse'
  /tokens:
    post:
      tags:
        - Tokens
      summary: Create Tokens
      operationId: Tokens_establishDataAccess
      security:
        - bearerAuth:
            - consumer:tokens:write
            - consumer_tokens_write
            - tokens:write
            - tokens_write
        - m2m:
            - tokens:write
      description: >-
        Send the required parameters from the data holder to the ADR Platform
        backend to finish extablishing data access
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Authorization'
      responses:
        '200':
          description: default response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenCreatedResponse'
  /use-cases:
    get:
      tags:
        - UseCase
      summary: Get Use-cases
      operationId: UseCase_getAll
      security:
        - bearerAuth:
            - consumer:use-cases:read
            - use-cases:read
        - m2m:
            - use-cases:read
      description: >-
        Get all use-cases that have been configured. A use case is your reason
        for requesting consent from a consumer e.g. a home loan assessment, a
        budgeting app.
      parameters:
        - description: >-
            Combine scopes that can be combined according to the CDR Consumer
            Experience Standards
          name: combineScopes
          in: query
          required: false
          example: true
          schema:
            type: boolean
      responses:
        '200':
          description: successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UseCaseGetAllResponse'
        '401':
          $ref: '#/components/responses/401Unauthorised'
        '403':
          $ref: '#/components/responses/403Forbidden'
        '429':
          $ref: '#/components/responses/429RateLimited'
components:
  parameters:
    ParamPage:
      description: Page of results to request (standard pagination)
      name: page
      in: query
      schema:
        type: integer
        format: int32
        default: 1
        minimum: 1
        example: 1
    ParamPageSize:
      description: Page size to request. Default is 25 (standard pagination)
      name: page-size
      in: query
      schema:
        type: integer
        default: 25
        minimum: 1
        example: 25
    ParamConsentId:
      description: consent id
      name: consentId
      in: query
      required: false
      schema:
        type: string
        example: 148c9187-e52b-431f-9b24-7225e75ca2be
    ParamCdrArrangementId:
      description: cdr arrangement id
      name: cdrArrangementId
      in: query
      required: false
      schema:
        type: string
        example: 45db4977-b12f-42bf-808d-2680eb4bd366
    HeaderConsumerUserAgent:
      description: >-
        Mandatory for calls using a Machine token. The consumer's original User
        Agent header
      name: Adatree-Consumer-User-Agent
      in: header
      schema:
        type: string
        example: >-
          Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
          (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
    HeaderConsumerIpAddress:
      description: >-
        Mandatory for calls using a Machine token. The consumer's original IP
        address.
      name: Adatree-Consumer-Ip-Address
      in: header
      schema:
        type: string
        example: 127.0.0.1
  responses:
    401Unauthorised:
      description: Unauthorised
    403Forbidden:
      description: Forbidden
    404NotFound:
      description: The specified resource was not found.
    400BadRequest:
      description: Request is invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ResponseErrorList'
    409Conflict:
      description: Request cannot be processed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ResponseErrorList'
    429RateLimited:
      description: Ratelimit reached
    GenericError:
      description: An error occurred.
      content:
        application/json:
          schema:
            type: string
            example: something went wrong
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
    m2m:
      description: Machine to machine OAuth2 to access infosec token service
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: >-
            https://adatree-nonprod-adr.auth.ap-southeast-2.amazoncognito.com/oauth2/token
          scopes:
            authorizations:write: allow ADR to create a Authorisation Request for a consumer
            tokens:write: allow ADR to create or update Authorisation Request
  schemas:
    Authorization:
      type: object
      properties:
        code:
          description: >-
            Authorization code returned from the data holder that will be used
            as part of token request validation.
          type: string
          example: lFDNAS-JVITGzvba3yXfrPR8hWZlCKy6nutbzrmXKop56"
        state:
          description: >-
            The state is a parameter returned by the data holder that is used to
            prevent CSRF attacks. Must be unique per authorization request.
          type: string
          example: f99953a5-49a5-497c-91b6-4bd14cdace74
        id_token:
          description: >-
            ID Token value associated with the authenticated session that is
            returned from the data holder.
          type: string
          example: eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUl...
        response:
          description: >-
            response payload from the Dataholder after a successful consent
            using Auth Code Flow
          type: string
          example: eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUl...
    TokenCreatedResponse:
      type: object
      properties:
        activeConsentId:
          description: >-
            Identifier of the consent which has now been activated by the
            completion of the Authorization flow.
          type: string
        state:
          description: >-
            The state generated by the consent user-agent (browser) and used to
            bind the redirection response from a Data Holder with a user session
            as per
            https://openid.net/specs/openid-financial-api-part-1-1_0-final.html#public-client.
          type: string
    UseCaseDataHolder:
      required:
        - dataHolderBrandId
        - brandName
        - logoUri
      type: object
      properties:
        dataHolderBrandId:
          description: >-
            The identifier of the data holder you wish the consumer to
            authenticate with.
          type: string
          example: 7ff47a14-28bd-4b04-b216-67b367713a38
        brandName:
          description: >-
            The brand name of the data holder you wish the consumer to
            authenticate with.
          type: string
          example: Westpac
        logoUri:
          description: >-
            The logo URI of the data holder you wish the consumer to
            authenticate with.
          type: string
          example: https://www.westpac.com.au/logo
    ConsentUseCaseResponse:
      type: object
      properties:
        description:
          type: string
          example: Data will be used to assess your eligibility for a home loan.
        id:
          type: string
          example: HOME_LOAN
        name:
          type: string
          example: Home Loan Assessment
        notificationType:
          $ref: '#/components/schemas/NotificationType'
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/ConsentScopeResponse'
        consumerType:
          $ref: '#/components/schemas/ConsumerType'
        industries:
          description: list of industries this use-case applies to.
          type: array
          items:
            $ref: '#/components/schemas/Industry'
        accessFrequency:
          $ref: '#/components/schemas/AccessFrequency'
        customDataSchema:
          description: Stringified JSON Schema for customData
          type: string
          example:
            \"$schema\":\"https://json-schema.org/draft/2019-09/schema\": null
            \"type\":\"object\": null
            \"title\":\"custom data Schema\": null
            \"description\":\"JSON schema of customer data\": null
            \"purpose\":\"explain why custom data is needed\": null
            \"properties\":
              \"employerName\":
                \"type\":\"string\": null
                \"displayText\":\"Employer name\": null
                \"uiComponent\":
                  \"inputType\":\"text\": null
                \"rules\":
                  \"required\":\"Employer name is required\": null
    DataHolder:
      required:
        - brandName
        - dataHolderBrandId
        - logoUri
      type: object
      properties:
        dataHolderBrandId:
          description: >-
            The ideintifier of the data holder you wish the consumer to
            authenitcate with.
          type: string
          example: 7ff47a14-28bd-4b04-b216-67b367713a38
        brandName:
          description: >-
            The brand name of the data holder you wish the consumer to
            authenitcate with.
          type: string
          example: Westpac
        logoUri:
          description: >-
            The logo URI of the data holder you wish the consumer to
            authenitcate with.
          type: string
          example: https://www.westpac.com.au/logo
        industries:
          description: list of industries this data holder belongs to.
          type: array
          items:
            $ref: '#/components/schemas/Industry'
    UpdateConsentConsumer:
      type: object
      properties:
        postUsageAction:
          $ref: '#/components/schemas/PostUsageAction'
        directMarketingAllowed:
          type: boolean
          example: true
        sharingEndDate:
          description: >-
            new sharing end date, will be validated against sharing duration
            options defined in chosen Use Case
          type: string
          format: date-time
          example: '2023-04-19T15:43:00.121Z'
    UpdateConsentMachine:
      type: object
      properties:
        externalId:
          type: string
          example: external-id-by-adatree-customer
    CreateConsent:
      type: object
      required:
        - sharingEndDate
        - dataHolderBrandId
        - useCaseId
      properties:
        consumerEmail:
          description: >-
            this is required if chosen Use Case uses email as notification
            channel
          type: string
          example: consumer@example.com
        sharingEndDate:
          description: >-
            sharing end date, will be validated against sharing duration options
            defined in chosen Use Case
          type: string
          format: date-time
          example: '2023-04-19T15:43:00.121Z'
        dataHolderBrandId:
          type: string
          example: 55b3299a-3e50-48a2-a190-cca263ccaba5
        useCaseId:
          type: string
          example: HOME_LOAN
        postUsageAction:
          $ref: '#/components/schemas/PostUsageAction'
        directMarketingAllowed:
          type: boolean
          example: false
        externalId:
          description: >-
            Adatree's customer can supply an externalId when creating consents
            to associate with records in its own system
          type: string
          example: external-id-by-adatree-customer
        consumerId:
          description: >
            consumeId, please be kindly reminded of proper encoding as Id from
            some IDP could have special character like '|', which need be
            encoded as '%7c'. <br/>

            consumerId is required (and only accepted) for backchannel consent
            creation
          type: string
          example: auth0%7c5fbc585628421a006e83d95d
        grantee:
          $ref: '#/components/schemas/Grantee'
        customData:
          type: object
          example:
            employerName: Adatree
    ConsentAuthorization:
      description: Authorization link for a Consent
      type: object
      properties:
        uri:
          example: >-
            https://id.rab.sandbox.adatree.com.au/identity/authorization?response_type=code+id_token&client_id=abcdefg&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3A-asdfasdfuhlkjshdf_akjsldflasjd&scope=openid+bank%3Aaccounts.basic%3Aread+bank%3Aaccounts.detail%3Aread+bank%3Atransactions%3Aread+common%3Acustomer.basic%3Aread
          type: string
    ConsentResponse:
      type: object
      properties:
        version:
          type: integer
          format: int32
          example: 1
        created:
          type: string
          format: date-time
          example: '1997-01-12T15:43:00.121Z'
        revoked:
          type: string
          format: date-time
          example: '1997-01-12T15:43:00.121Z'
        lastNotificationSentAt:
          type: string
          format: date-time
          example: '1997-01-12T15:43:00.121Z'
        firstDataCollection:
          type: string
          format: date-time
          example: '2012-01-12T15:43:00.121Z'
        status:
          $ref: '#/components/schemas/Status'
        sharingEndDate:
          type: string
          format: date-time
          example: '2023-04-19T15:43:00.121Z'
        consumerEmail:
          type: string
          example: consumer@example.com
        dataHolderName:
          type: string
          example: ANZ
        dataHolderBrandId:
          type: string
          example: f632041c-d7c8-4679-a165-aa406cd62b13
        dataHolderLogoUri:
          type: string
          example: https://www.abank.com.au/logo
        useCase:
          $ref: '#/components/schemas/ConsentUseCaseResponse'
        postUsageAction:
          $ref: '#/components/schemas/PostUsageAction'
        consumerId:
          type: string
          example: abedfaas-asdfsf-4asdf-1465-sfsadf3413
        cdrArrangementId:
          type: string
          example: 86a5d068-447a-4765-95c2-6f5d85d9d658
        consentId:
          type: string
          example: 7c7853a6-5466-11eb-ae93-0242ac130002
        directMarketingAllowed:
          type: boolean
          example: false
        externalId:
          description: >-
            Adatree's customer can supply an externalId when creating consents
            to associate with records in its own system
          type: string
          example: external-id-by-adatree-customer
        grantee:
          $ref: '#/components/schemas/ConsentGrantee'
        serviceProvider:
          $ref: '#/components/schemas/ServiceProvider'
        customData:
          type: object
          example:
            employerName: Adatree
    ConsentScopeResponse:
      type: object
      properties:
        name:
          type: string
          example: Bank account name, type and balance
        id:
          type: string
          example: bank:accounts.basic:read
        purpose:
          type: string
          example: This will allow us to provide the best service of all kinds
        priority:
          type: integer
          example: 1
          format: int32
    ScopeResponse:
      type: object
      properties:
        description:
          type: string
          example: This will allow us to access basic information about your accounts
        name:
          type: string
          example: Bank account name, type and balance
        id:
          type: string
          example: bank:accounts.basic:read
        purpose:
          type: string
          example: This will allow us to provide best of kind service
        claims:
          type: array
          example:
            - Name of account
            - Type of account
            - Account balance
          items:
            type: string
        priority:
          type: integer
          example: 1
          format: int32
    ConsentEventData:
      properties:
        events:
          type: array
          items:
            $ref: '#/components/schemas/ConsentEvent'
    ConsentEvent:
      type: object
      required:
        - eventType
        - timestamp
        - cdrArrangementId
        - consumerId
        - consentId
        - postUsageAction
      properties:
        eventId:
          description: >-
            a UUID of the event that could be used for idempotent event
            processing
          type: string
          example: 32dd2e21-e7c8-44b1-b379-39e2ccd7a097
        eventType:
          description: >
            This identifies the different types of events through a consent's
            lifecycle. <br/>

            A consent becomes GRANTED after consumer consent with Data
            Holder<br/>

            it can be revoked by a consumer via ADR or Data Holder<br/>

            an ongoing consent will expire on (if it is not revoked prior to)
            sharing end date

            a once_off consent will expire within 24 hours after the consent is
            GRANTED

            Event DATA_COLLECTION_COMPLETED is published on completion of
            initial data collection
          type: string
          enum:
            - GRANTED
            - REVOKED
            - EXPIRED
            - DATA_COLLECTION_COMPLETED
        timestamp:
          type: string
          format: date-time
          example: '2022-01-20T15:00:00.999Z'
        cdrArrangementId:
          type: string
          example: 854d862c-5466-11eb-ae93-0242ac130002
        consentId:
          type: string
          example: 148c9187-e52b-431f-9b24-7225e75ca2be
        consumerId:
          type: string
          example: abedfaas-asdfsf-4asdf-1465-sfsadf3413
        postUsageAction:
          $ref: '#/components/schemas/PostUsageAction'
        externalId:
          type: string
          example: external-id-by-adatree-customer
        sharingEndDate:
          type: string
          format: date-time
        consumerEmail:
          type: string
          example: consumer@example.com
        grantee:
          $ref: '#/components/schemas/ConsentGrantee'
        customData:
          type: object
    LinksPaginated:
      type: object
      required:
        - self
      properties:
        self:
          description: >-
            Fully qualified link that generated the current response document.
            https://self.example.com.au will be converted to
            https://self.example.com.au?page=1&page-size=25
          type: string
          example: https://self.example.com.au?page=3&page-size=25
        first:
          description: >-
            URI to the first page of this set. Mandatory if this response is not
            the first page
          type: string
          example: https://self.example.com.au?page=1&page-size=25
        prev:
          description: >-
            URI to the previous page of this set. Mandatory if this response is
            not the first page
          type: string
          example: https://self.example.com.au?page=2&page-size=25
        next:
          description: >-
            URI to the next page of this set. Mandatory if this response is not
            the last page
          type: string
          example: https://self.example.com.au?page=4&page-size=25
        last:
          description: >-
            URI to the last page of this set. Mandatory if this response is not
            the last page
          type: string
          example: https://self.example.com.au?page=15&page-size=25
      x-conditional:
        - prev
        - next
        - first
        - last
    MetaPaginated:
      type: object
      required:
        - totalPages
        - totalRecords
      properties:
        totalPages:
          description: The total number of pages in the full set.
          type: integer
          example: 4
        totalRecords:
          description: The total number of records in the full set.
          type: integer
          example: 95
    ConsentEventList:
      type: object
      required:
        - data
        - links
        - meta
      properties:
        data:
          $ref: '#/components/schemas/ConsentEventData'
        links:
          $ref: '#/components/schemas/LinksPaginated'
        meta:
          $ref: '#/components/schemas/MetaPaginated'
    Grantee:
      description: >-
        a grantee that will access CDR data. Specific configuration is required
        to support Grantee.
      type: object
      properties:
        name:
          description: name of a consent grantee, only applicable using a Machine token
          type: string
          example: Bob the broker
        licenceNumber:
          description: >-
            ACL number of a consent grantee, only applicable using a Machine
            token
          type: string
          example: ACL001
        id:
          description: >-
            A grantee's UUID. When grantee id is supplied, name and
            licenceNumber must NOT be supplied. Applicable using a Machine token
            or a Consumer token
          type: string
          example: f6332cde-655b-4295-9665-7146a74be0f2
    ConsentGrantee:
      description: consent grantee that will access CDR data
      type: object
      required:
        - name
        - licenceNumber
      properties:
        name:
          description: grantee name
          type: string
          example: Bob the broker
        licenceNumber:
          description: ACL number of consent grantee
          type: string
          example: ACL001
        id:
          description: grantee id
          type: string
          example: 13245551-08e5-499c-bad5-ddd26c0ac261
    ServiceProvider:
      description: Grantee's service provider
      type: object
      properties:
        description:
          description: description of the service provider
          type: string
          example: the best service provider ever
        name:
          description: trusted adviser service provider name
          type: string
          example: a cool service provider
        uri:
          description: >-
            service provider's website or contact info (email, phone number &
            etc)
          type: string
          example: https://wicked.service/policy.html
    UseCaseResponse:
      type: object
      properties:
        description:
          type: string
          example: Data will be used to assess your eligibility for a home loan.
        id:
          type: string
          example: HOME_LOAN
        name:
          type: string
          example: Home Loan Assessment
        softwareProductId:
          type: string
          example: software product id
        priority:
          type: integer
          format: int32
          example: 1
        historicalCollectionPeriodInDays:
          type: integer
          format: int32
          example: 90
        notificationType:
          $ref: '#/components/schemas/NotificationType'
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/ScopeResponse'
        accessFrequency:
          $ref: '#/components/schemas/AccessFrequency'
        sharingDurations:
          description: >-
            default to ["CUSTOM"] for Ongoing consent; default to ["ONCE_OFF"]
            for Once_off consent if not supplied
          type: array
          items:
            $ref: '#/components/schemas/SharingDuration'
        dataHolders:
          description: list of data holders, can be configured via management API
          type: array
          items:
            $ref: '#/components/schemas/UseCaseDataHolder'
        features:
          description: list of features enabled for use-case
          type: array
          items:
            type: string
            example: DE_IDENTIFICATION
        industries:
          description: list of industries this use-case applies to.
          type: array
          items:
            $ref: '#/components/schemas/Industry'
        consumerType:
          $ref: '#/components/schemas/ConsumerType'
        osps:
          description: list of OSPs used to provide this use case.
          type: array
          items:
            $ref: '#/components/schemas/OutsourcedServiceProvider'
        customDataSchema:
          description: Stringified JSON Schema for customData
          type: string
          example:
            \"$schema\":\"https://json-schema.org/draft/2019-09/schema\": null
            \"type\":\"object\": null
            \"title\":\"custom data Schema\": null
            \"description\":\"JSON schema of customer data\": null
            \"purpose\":\"explain why custom data is needed\": null
            \"properties\":
              \"employerName\":
                \"type\":\"string\": null
                \"displayText\":\"Employer name\": null
                \"uiComponent\":
                  \"inputType\":\"text\": null
                \"rules\":
                  \"required\":\"Employer name is required\": null
    ResponseErrorList:
      type: object
      required:
        - errors
      properties:
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ResponseErrorListErrors'
    ResponseErrorListErrors:
      required:
        - code
        - detail
        - title
      properties:
        title:
          description: Title of invalid parameter or payload property
          type: string
          example: status
        code:
          description: Error code
          type: string
          example: '0001'
        detail:
          description: detailed error message
          type: string
          example: invalid status
        meta:
          description: Optional additional data for specific error types
          type: object
          properties: {}
    AccessFrequency:
      type: string
      example: ONCE_OFF
      enum:
        - ONCE_OFF
        - ONGOING
    NotificationType:
      type: string
      example: EMAIL
      enum:
        - EMAIL
        - SMS
    PostUsageAction:
      type: string
      example: DELETION
      enum:
        - DELETION
        - DE_IDENTIFICATION
    Status:
      type: string
      example: ACTIVE
      enum:
        - REQUESTED
        - ACTIVE
        - EXPIRED
        - REVOKED
    SharingDuration:
      description: >
        sharingDuration for Once_off consent can only be "ONCE_OFF" <br/>

        sharingDuration for Ongoing consent could be one of predefined sharing
        durations or "CUSTOM" <br/>

        "CUSTOM" (Ongoing consent) means a consumer is free to choose a
        sharingEndDate
      type: string
      example: ONE_YEAR
      enum:
        - ONE_DAY
        - ONE_WEEK
        - TWO_WEEKS
        - ONE_MONTH
        - THREE_MONTHS
        - SIX_MONTHS
        - NINE_MONTHS
        - ONE_YEAR
        - CUSTOM
        - ONCE_OFF
    ConsumerType:
      description: >
        consumer types that will be consenting to the various scopes (data
        clusters)
      type: string
      example: INDIVIDUAL
      enum:
        - ALL
        - INDIVIDUAL
        - ORGANISATION
        - ANY
    Industry:
      type: string
      example: ACTIVE
      enum:
        - BANKING
        - ENERGY
    OutsourcedServiceProvider:
      required:
        - providerName
        - serviceDescription
      type: object
      properties:
        providerName:
          description: The consumer facing name of the service provider.
          type: string
          example: Adatree
        serviceDescription:
          description: >-
            The consumer facing description of what the service provider does as
            part of supporting the use case.
          type: string
          example: >-
            Adatree's Data Recipient Platform is a turnkey SaaS solution
            providing CDR as a Service.
        accreditationId:
          description: >-
            The ACCC issued Accreditation ID if applicable. Normally only
            applied to OSPs for data collection e.g. Adatree.
          type: string
          example: ADRBNK000071
        cdrPolicyUri:
          description: >-
            The logo URI of the data holder you wish the consumer to
            authenticate with.
          type: string
          example: https://adatree.com.au/cdr-policy
    ConsentUpdateViaDashboardRequest:
      oneOf:
        - $ref: '#/components/schemas/UpdateConsentConsumer'
        - $ref: '#/components/schemas/UpdateConsentMachine'
    ConsentGetAllRecordsResponse:
      type: array
      items:
        $ref: '#/components/schemas/ConsentResponse'
    DataHoldersListAvailableResponse:
      type: array
      items:
        $ref: '#/components/schemas/DataHolder'
    UseCaseGetAllResponse:
      type: array
      items:
        $ref: '#/components/schemas/UseCaseResponse'