From 2c815be9a232bd7bbbc0636a3cd24ed044c5b6e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Marzec?= <2881004+eoln@users.noreply.github.com> Date: Mon, 10 May 2021 12:54:44 +0200 Subject: [PATCH] feat: 2108 validate thirdparty transaction request (#97) * feat(dfspTransactions): verify thridparty request transaction and proper scheme for verify authorization * postpone vulnerabilites * fix api.yaml * fix api.yaml --- src/audit-resolve.json | 314 ++++++++++++++++++++++- src/simulator/api.yaml | 566 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 866 insertions(+), 14 deletions(-) diff --git a/src/audit-resolve.json b/src/audit-resolve.json index 149476fb..3b07a41a 100644 --- a/src/audit-resolve.json +++ b/src/audit-resolve.json @@ -7,33 +7,33 @@ }, "1589|sqlite>sqlite3>node-pre-gyp>rc>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1589|00unidentified>sqlite>sqlite3>node-pre-gyp>rc>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1589|00unidentified>00unidentified>sqlite>sqlite3>node-pre-gyp>rc>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1589|ava>update-notifier>latest-version>package-json>registry-auth-token>rc>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1589|ava>update-notifier>latest-version>package-json>registry-url>rc>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1589|ava>update-notifier>is-installed-globally>global-dirs>ini": { "decision": "ignore", - "madeAt": 1617995554900, - "expiresAt": 1618600328607 + "madeAt": 1620638321689, + "expiresAt": 1623230315330 }, "1654|ava>yargs>y18n": { "decision": "fix", @@ -46,6 +46,296 @@ "1654|npm-audit-resolver>yargs-unparser>yargs>y18n": { "decision": "fix", "madeAt": 1617075431111 + }, + "1673|ava>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|eslint>inquirer>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|eslint>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|eslint>table>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|npm-audit-resolver>yargs-unparser>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/generator>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/generator>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/generator>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/generator>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/generator>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-module-imports>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/helper-member-expression-to-functions>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/helper-optimise-call-expression>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/helper-function-name>@babel/helper-get-function-arity>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/helper-function-name>@babel/helper-get-function-arity>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/helper-function-name>@babel/helper-get-function-arity>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/helper-function-name>@babel/helper-get-function-arity>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/helper-function-name>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/helper-function-name>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/helper-function-name>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/helper-function-name>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-simple-access>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/template>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/helper-function-name>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/helper-function-name>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/helper-function-name>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/helper-function-name>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/helper-split-export-declaration>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/helper-split-export-declaration>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/helper-split-export-declaration>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/helper-split-export-declaration>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-split-export-declaration>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-simple-access>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/types>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/generator>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>@babel/generator>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>@babel/generator>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>@babel/generator>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>@babel/generator>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>@babel/helper-replace-supers>@babel/traverse>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helpers>@babel/traverse>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/traverse>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/traverse>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>@babel/helper-module-transforms>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|nyc>istanbul-lib-instrument>@babel/core>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1673|tap-xunit>xmlbuilder>lodash": { + "decision": "ignore", + "madeAt": 1620638324097, + "expiresAt": 1623230315330 + }, + "1677|ava>read-pkg>normalize-package-data>hosted-git-info": { + "decision": "ignore", + "madeAt": 1620638325847, + "expiresAt": 1623230315330 + }, + "1677|eslint-plugin-import>read-pkg-up>read-pkg>normalize-package-data>hosted-git-info": { + "decision": "ignore", + "madeAt": 1620638325847, + "expiresAt": 1623230315330 } }, "rules": {}, diff --git a/src/simulator/api.yaml b/src/simulator/api.yaml index d596f3ea..08f95711 100644 --- a/src/simulator/api.yaml +++ b/src/simulator/api.yaml @@ -528,7 +528,7 @@ paths: content: application/json: schema: - type: object + $ref: '#/components/schemas/AuthorizationsIDPutResponse' responses: 200: description: 'post accepted' @@ -536,6 +536,11 @@ paths: application/json: schema: type: object + properties: + isValid: + type: boolean + required: + - isValid 400: description: 'invalid request' content: @@ -799,6 +804,40 @@ paths: schema: $ref: '#/components/schemas/errorResponse' + /validate-thirdparty-transaction-request: + post: + operationId: PostValidateThirdpartyTransactionRequest + summary: PostValidateThirdpartyTransactionRequest + description: | + The HTTP request `POST /validate-thirdparty-transaction-request` is used to validate ThirdpartyRequestTransaction + tags: + - ThirdpartyRequestTransaction + requestBody: + description: An incoming ThirdpartyTransactionRequest + content: + application/json: + schema: + $ref: '#/components/schemas/ThirdpartyRequestsTransactionsPostRequest' + responses: + 200: + description: Response containing validation details + content: + application/json: + schema: + $ref: '#/components/schemas/ValidateThirdpartyRequestsTransactionsPostResponse' + 400: + description: Malformed or missing required headers or parameters + content: + application/json: + schema: + $ref: '#/components/schemas/errorResponse' + 500: + description: An error occured processing the request + content: + application/json: + schema: + $ref: '#/components/schemas/errorResponse' + components: schemas: @@ -2138,6 +2177,16 @@ components: their login. errorInformation: $ref: '#/components/schemas/ErrorInformation' + ValidateThirdpartyRequestsTransactionsPostResponse: + title: ValidateThirdpartyRequestsTransactionsPostResponse + type: object + description: | + `POST /validate-thirdparty-transaction-request` response. + properties: + isValid: + type: boolean + required: + - isValid UserName: title: UserName type: string @@ -2188,4 +2237,517 @@ components: scopes: $ref: '#/components/schemas/ScopesIdResponse' required: - - scopes \ No newline at end of file + - scopes + TransactionScenario: + title: TransactionScenario + type: string + enum: + - DEPOSIT + - WITHDRAWAL + - TRANSFER + - PAYMENT + - REFUND + description: >- + Below are the allowed values for the enumeration. + + - DEPOSIT - Used for performing a Cash-In (deposit) transaction. In a + normal scenario, electronic funds are transferred from a Business + account to a Consumer account, and physical cash is given from the + Consumer to the Business User. + + - WITHDRAWAL - Used for performing a Cash-Out (withdrawal) transaction. + In a normal scenario, electronic funds are transferred from a Consumer’s + account to a Business account, and physical cash is given from the + Business User to the Consumer. + + - TRANSFER - Used for performing a P2P (Peer to Peer, or Consumer to + Consumer) transaction. + + - PAYMENT - Usually used for performing a transaction from a Consumer to + a Merchant or Organization, but could also be for a B2B (Business to + Business) payment. The transaction could be online for a purchase in an + Internet store, in a physical store where both the Consumer and Business + User are present, a bill payment, a donation, and so on. + + - REFUND - Used for performing a refund of transaction. + example: DEPOSIT + TransactionSubScenario: + title: TransactionSubScenario + type: string + pattern: '^[A-Z_]{1,32}$' + description: >- + Possible sub-scenario, defined locally within the scheme (UndefinedEnum + Type). + example: LOCALLY_DEFINED_SUBSCENARIO + TransactionInitiator: + title: TransactionInitiator + type: string + enum: + - PAYER + - PAYEE + description: >- + Below are the allowed values for the enumeration. + + - PAYER - Sender of funds is initiating the transaction. The account to + send from is either owned by the Payer or is connected to the Payer in + some way. + + - PAYEE - Recipient of the funds is initiating the transaction by + sending a transaction request. The Payer must approve the transaction, + either automatically by a pre-generated OTP or by pre-approval of the + Payee, or by manually approving in his or her own Device. + example: PAYEE + TransactionInitiatorType: + title: TransactionInitiatorType + type: string + enum: + - CONSUMER + - AGENT + - BUSINESS + - DEVICE + description: |- + Below are the allowed values for the enumeration. + - CONSUMER - Consumer is the initiator of the transaction. + - AGENT - Agent is the initiator of the transaction. + - BUSINESS - Business is the initiator of the transaction. + - DEVICE - Device is the initiator of the transaction. + example: CONSUMER + RefundReason: + title: RefundReason + type: string + minLength: 1 + maxLength: 128 + description: Reason for the refund. + example: Free text indicating reason for the refund. + Refund: + title: Refund + type: object + description: Data model for the complex type Refund. + properties: + originalTransactionId: + $ref: '#/components/schemas/CorrelationId' + refundReason: + $ref: '#/components/schemas/RefundReason' + required: + - originalTransactionId + BalanceOfPayments: + title: BalanceOfPayments + type: string + pattern: '^[1-9]\d{2}$' + description: >- + (BopCode) The API data type + [BopCode](https://www.imf.org/external/np/sta/bopcode/) is a JSON String + of 3 characters, consisting of digits only. Negative numbers are not + allowed. A leading zero is not allowed. + example: '123' + TransactionType: + title: TransactionType + type: object + description: Data model for the complex type TransactionType. + properties: + scenario: + $ref: '#/components/schemas/TransactionScenario' + subScenario: + $ref: '#/components/schemas/TransactionSubScenario' + initiator: + $ref: '#/components/schemas/TransactionInitiator' + initiatorType: + $ref: '#/components/schemas/TransactionInitiatorType' + refundInfo: + $ref: '#/components/schemas/Refund' + balanceOfPayments: + $ref: '#/components/schemas/BalanceOfPayments' + required: + - scenario + - initiator + - initiatorType + PartyName: + title: PartyName + type: string + minLength: 1 + maxLength: 128 + description: Name of the Party. Could be a real name or a nickname. + FirstName: + title: FirstName + type: string + minLength: 1 + maxLength: 128 + pattern: '^(?!\s*$)[\w .,''-]{1,128}$' + description: First name of the Party (Name Type). + example: Henrik + MiddleName: + title: MiddleName + type: string + minLength: 1 + maxLength: 128 + pattern: '^(?!\s*$)[\w .,''-]{1,128}$' + description: Middle name of the Party (Name Type). + example: Johannes + LastName: + title: LastName + type: string + minLength: 1 + maxLength: 128 + pattern: '^(?!\s*$)[\w .,''-]{1,128}$' + description: Last name of the Party (Name Type). + example: Karlsson + PartyComplexName: + title: PartyComplexName + type: object + description: Data model for the complex type PartyComplexName. + properties: + firstName: + $ref: '#/components/schemas/FirstName' + middleName: + $ref: '#/components/schemas/MiddleName' + lastName: + $ref: '#/components/schemas/LastName' + DateOfBirth: + title: DateofBirth (type Date) + type: string + pattern: >- + ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)$ + description: Date of Birth of the Party. + example: '1966-06-16' + PartyPersonalInfo: + title: PartyPersonalInfo + type: object + description: Data model for the complex type PartyPersonalInfo. + properties: + complexName: + $ref: '#/components/schemas/PartyComplexName' + dateOfBirth: + $ref: '#/components/schemas/DateOfBirth' + Party: + title: Party + type: object + description: Data model for the complex type Party. + properties: + accounts: + $ref: '#/components/schemas/AccountList' + partyIdInfo: + $ref: '#/components/schemas/PartyIdInfo' + merchantClassificationCode: + $ref: '#/components/schemas/MerchantClassificationCode' + name: + $ref: '#/components/schemas/PartyName' + personalInfo: + $ref: '#/components/schemas/PartyPersonalInfo' + required: + - partyIdInfo + PartyIdTypeTPLink: + title: PartyIdTypeTPLink + type: string + enum: + - THIRD_PARTY_LINK + description: > + This is a variant based on FSPIOP `PartyIdType` specification. + + This validation interface should be use by `POST + /thirdpartyRequests/transactions` + + - THIRD_PARTY_LINK - is the DFSP's internal reference which allows DFSP + to find out the corresponding consent + example: PERSONAL_ID + PartyIdInfoTPLink: + title: PartyIdInfo + type: object + description: Data model for the complex type PartyIdInfo. + properties: + partyIdType: + $ref: '#/components/schemas/PartyIdTypeTPLink' + partyIdentifier: + $ref: '#/components/schemas/PartyIdentifier' + partySubIdOrType: + $ref: '#/components/schemas/PartySubIdOrType' + fspId: + $ref: '#/components/schemas/FspId' + extensionList: + $ref: '#/components/schemas/ExtensionList' + required: + - partyIdType + - partyIdentifier + PartyIdType: + title: PartyIdType + type: string + enum: + - MSISDN + - EMAIL + - PERSONAL_ID + - BUSINESS + - DEVICE + - ACCOUNT_ID + - IBAN + - ALIAS + - CONSENT + - THIRD_PARTY_LINK + description: > + This is a variant based on FSPIOP `PartyIdType` specification. + + Main difference being the CONSENT and THIRD_PARTY_LINK enums. + + + Below are the allowed values for the enumeration. + + - MSISDN - An MSISDN (Mobile Station International Subscriber Directory + + Number, that is, the phone number) is used as reference to a + participant. + + The MSISDN identifier should be in international format according to the + + [ITU-T E.164 standard](https://www.itu.int/rec/T-REC-E.164/en). + + Optionally, the MSISDN may be prefixed by a single plus sign, indicating + the + + international prefix. + + - EMAIL - An email is used as reference to a + + participant. The format of the email should be according to the + informational + + [RFC 3696](https://tools.ietf.org/html/rfc3696). + + - PERSONAL_ID - A personal identifier is used as reference to a + participant. + + Examples of personal identification are passport number, birth + certificate + + number, and national registration number. The identifier number is added + in + + the PartyIdentifier element. The personal identifier type is added in + the + + PartySubIdOrType element. + + - BUSINESS - A specific Business (for example, an organization or a + company) + + is used as reference to a participant. The BUSINESS identifier can be in + any + + format. To make a transaction connected to a specific username or bill + number + + in a Business, the PartySubIdOrType element should be used. + + - DEVICE - A specific device (for example, a POS or ATM) ID connected to + a + + specific business or organization is used as reference to a Party. + + For referencing a specific device under a specific business or + organization, + + use the PartySubIdOrType element. + + - ACCOUNT_ID - A bank account number or FSP account ID should be used as + + reference to a participant. The ACCOUNT_ID identifier can be in any + format, + + as formats can greatly differ depending on country and FSP. + + - IBAN - A bank account number or FSP account ID is used as reference to + a + + participant. The IBAN identifier can consist of up to 34 alphanumeric + + characters and should be entered without whitespace. + + - ALIAS An alias is used as reference to a participant. The alias should + be + + created in the FSP as an alternative reference to an account owner. + + Another example of an alias is a username in the FSP system. + + The ALIAS identifier can be in any format. It is also possible to use + the + + PartySubIdOrType element for identifying an account under an Alias + defined + + by the PartyIdentifier. + + - CONSENT - TBD + + - THIRD_PARTY_LINK - TBD + example: PERSONAL_ID + PartyIdentifier: + title: PartyIdentifier + type: string + minLength: 1 + maxLength: 128 + description: Identifier of the Party. + example: '16135551212' + PartySubIdOrType: + title: PartySubIdOrType + type: string + minLength: 1 + maxLength: 128 + description: >- + Either a sub-identifier of a PartyIdentifier, or a sub-type of the + PartyIdType, normally a PersonalIdentifierType. + FspId: + title: FspId + type: string + minLength: 1 + maxLength: 32 + description: FSP identifier. + PartyIdInfo: + title: PartyIdInfo + type: object + description: Data model for the complex type PartyIdInfo. + properties: + partyIdType: + $ref: '#/components/schemas/PartyIdType' + partyIdentifier: + $ref: '#/components/schemas/PartyIdentifier' + partySubIdOrType: + $ref: '#/components/schemas/PartySubIdOrType' + fspId: + $ref: '#/components/schemas/FspId' + extensionList: + $ref: '#/components/schemas/ExtensionList' + required: + - partyIdType + - partyIdentifier + MerchantClassificationCode: + title: MerchantClassificationCode + type: string + pattern: '^[\d]{1,4}$' + description: >- + A limited set of pre-defined numbers. This list would be a limited set + of numbers identifying a set of popular merchant types like School Fees, + Pubs and Restaurants, Groceries, etc. + AmountType: + title: AmountType + type: string + enum: + - SEND + - RECEIVE + description: >- + Below are the allowed values for the enumeration AmountType. + + - SEND - Amount the Payer would like to send, that is, the amount that + should be withdrawn from the Payer account including any fees. + + - RECEIVE - Amount the Payer would like the Payee to receive, that is, + the amount that should be sent to the receiver exclusive of any fees. + example: RECEIVE + ThirdpartyRequestsTransactionsPostRequest: + title: ThirdpartyRequestsTransactionsPostRequest + type: object + description: The object sent in the POST /thirdpartyRequests/transactions request. + properties: + transactionRequestId: + allOf: + - $ref: '#/components/schemas/CorrelationId' + description: > + Common ID between the FSPs for the transaction request object. The + ID should be reused for resends of the same transaction request. A + new ID should be generated for each new transaction request. + payee: + allOf: + - $ref: '#/components/schemas/Party' + description: Information about the Payee in the proposed financial transaction. + payer: + allOf: + - $ref: '#/components/schemas/PartyIdInfoTPLink' + description: Information about the Payer in the proposed financial transaction. + amountType: + allOf: + - $ref: '#/components/schemas/AmountType' + description: 'SEND for sendAmount, RECEIVE for receiveAmount.' + amount: + allOf: + - $ref: '#/components/schemas/Money' + description: Requested amount to be transferred from the Payer to Payee. + transactionType: + allOf: + - $ref: '#/components/schemas/TransactionType' + description: Type of transaction. + expiration: + type: string + description: > + Date and time until when the transaction request is valid. It can be + set to get a quick failure in case the peer FSP takes too long to + respond. + example: '2016-05-24T08:38:08.699-04:00' + required: + - transactionRequestId + - payee + - payer + - amountType + - amount + - transactionType + - expiration + Name: + title: Name + type: string + pattern: '^(?!\s*$)[\w .,''-]{1,128}$' + description: >- + The API data type Name is a JSON String, restricted by a regular + expression to avoid characters which are generally not used in a name. + + + Regular Expression - The regular expression for restricting the Name + type is "^(?!\s*$)[\w .,'-]{1,128}$". The restriction does not allow a + string consisting of whitespace only, all Unicode characters are + allowed, as well as the period (.) (apostrophe (‘), dash (-), comma (,) + and space characters ( ). + + + **Note:** In some programming languages, Unicode support must be + specifically enabled. For example, if Java is used, the flag + UNICODE_CHARACTER_CLASS must be enabled to allow Unicode characters. + Account: + title: Account + type: object + description: Data model for the complex type Account. + properties: + address: + $ref: '#/components/schemas/AccountAddress' + currency: + $ref: '#/components/schemas/Currency' + description: + $ref: '#/components/schemas/Name' + required: + - currency + AccountList: + title: AccountList + type: object + description: Data model for the complex type AccountList. + properties: + account: + type: array + items: + $ref: '#/components/schemas/Account' + minItems: 1 + maxItems: 32 + description: Accounts associated with the Party. + required: + - account + AuthorizationsIDPutResponse: + title: AuthorizationsIDPutResponse + type: object + description: 'The object sent in the PUT /authorizations/{ID} callback.' + properties: + authenticationInfo: + $ref: '#/components/schemas/AuthenticationInfo' + description: 'OTP or QR Code if entered, otherwise empty.' + example: OTP + responseType: + $ref: '#/components/schemas/AuthorizationResponse' + description: >- + Enum containing response information; if the customer entered the + authentication value, rejected the transaction, or requested a + resend of the authentication value. + example: ENTERED + required: + - responseType \ No newline at end of file