Versions Compared

Old Version 8

changes.mady.by.user Chris Michael

Saved on

compared with

New Version 9

changes.mady.by.user Chris Michael

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents
maxLevel2
outlinetrue

...

Version

Date

Author

Comments

v1.0.0

 

Open Banking Read/Write API TeamPublished
Implementer's Draft v1.0.0

 

Open Banking Read/Write API TeamRenamed to Implementer's Draft. Client Registration section moved to OB Directory Specification
Implementer's Draft v1.0.1

 

Open Banking Read/Write API Team

Recreating document from up to date sub sections.

Clarifications to Implementation Guide

  • Enhanced Payments API Sequence Diagram to improve readability
  • Enhanced Accounts API Sequence Diagram to improve readability and add in the GET and DELETE flows for Account Requests
  • Removing the need to repeat the API scopes when the exchanging of an Authorization Code for an Access Token for Payments and Accounts API requests in the Sequence Diagram and example HTTP Requests
Implementer's Draft v1.1.0 Open Banking Read/Write API Team

Reflecting changes to the R/W API specifications for v1.1:

  • Updated Account Identification SchemeName and structure from BBAN to SortCodeAccountNumber
  • Corrected -00:00 timezone format to +00:00
  • Updated format for fields within Meta and Links sections to upper camel case
  • Corrected "AwaitingAuthentication" to "AwaitingAuthorisation” in non-normative example
  • Removed x-jws-signature headers from non-normative examples
    • Errata to add redirect_uri to header for the Request : Access Token Request using Authorization Code

Implementer's Draft v1.1.1


Open Banking Read/Write API Team

Reflecting errata updates resultant from live proving

  • Authorisation servers to provide a discovery endpoint over tls not ma-tls and via a browser acceptable root. TDA Decision 117

Removing duplicate references to FAPI Read Write or Read specifications.

Adding explicit line number references

Implementer's Draft v1.1.2
Open Banking Read/Write API Team

Reflecting errata updates resultant from live proving and errata issued from the OIDF Financial API Working Group


Info
titlePlease Note

The MASTER location for this profile is located here: https://bitbucket.org/openid/obuk/src/4630771db004da59992fb201641f5c4ff2c881f1/uk-openbanking-security-profile.md?at=master&fileviewer=file-view-default

Version Control is located here: https://bitbucket.org/openid/obuk/commits/all

Git Commit Reference: 05-02-18 - c2df242

All changes are tracked as GIT commits for 100% transparency and visibility. Ideally comments, issues and pull requests will raised against the OIDF git repository however comments raised below as comments or on feedback pages will be responded too and incorporated during a transition period.

UK Open Banking OIDC Security Profile

Bitbucket readme macro
path/uk-openbanking-security-profile.md
repoOBUK
useropenid
commit_hash1.1.2

Expand
titleCommit History

Bitbucket commits macro
repoOBUK
useropenid



This document is based on the OpenID Foundations Financial API Read+Write specification document, FAPI-RW, which in turn is based on the Read only specification document. The OpenBanking profile will further shape these two base profiles in some cases tightening restrictions and in others loosening requirements using keywords. Please see the introduction to FAPI-RW for a general introduction to the aims of this document.

...

1. The PISP can query for the status of a Payment-Submission by invoking the /payment-submissions using the known PaymentSubmissionId. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.

Request: payment-submissions/{PaymentSubmissionId}Response: payment-submissions


Code Block
themeMidnight
GET /payment-submissions/58923-001 HTTP/1.1
Authorization: Bearer SlAV32hkKG
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time: 2017-06-13T11:36:09
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json



Code Block
themeMidnight
HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "PaymentSubmissionId": "58923-001",
    "PaymentId": "58923",
    "Status": "AcceptedSettlementInProcess",
    "CreationDateTime": "2017-06-05T15:15:22+00:00"
  },
  "Links": {
    "Self": "https://api.alphabank.com/open-banking/v1.0/payment-submissions/58923-001"
  },
  "Meta": {}
}


2. A PISP can also optionally query for the status of a Payment resource by invoking /payments/{PaymentId}. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.

Account API Specification

...