Versions Compared

Old Version 6

changes.mady.by.user Chris Michael

Saved on

compared with

New Version Current

changes.mady.by.user Chris Michael

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
outlinetrue

...

  • shall support confidential clients;
  • shall not support public clients;
  • shall support user authentication at appropriate level as defined in PSD2 be that LoA 3 or 2 or other.
  • shall require the response_type values code or code id_token or code id_token token;
  • shall authenticate the confidential client at the Token Endpoint using one of the following methods:
    1. TLS mutual authentication [MTLS] https://tools.ietf.org/idhtml/draft-ietf-oauth-mtls-02.xml05; or (Recommended)
    2. client_secret_basic or client_secret_post provided the client identifier matches the client identifier bound to the underlying mutually authenticated TLS transport session; or (Allowed)
    3. JWS Client Assertion using the client_secret or a private key as specified in section 9 of [OIDC]; (Recommended)
  • shall issue an ID Token in the token response when openid was included in the requested scope as in Section 3.1.3.3 of OIDC with its sub value corresponding to the "Intent Ticket ID"  and optional acr value in ID Token.
  • may support refresh tokens.

...

1. The PISP can query for the status of a Payment-Submission by invoking the /payment-submissions using the known PaymentSubmissionId. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.

Request: payment-submissions/{PaymentSubmissionId}Response: payment-submissions


Code Block
themeMidnight
GET /payment-submissions/58923-001 HTTP/1.1
Authorization: Bearer SlAV32hkKG
x-fapi-financial-id: OB/2017/001
x-fapi-customer-last-logged-time: 2017-06-13T11:36:09
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json



Code Block
themeMidnight
HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "PaymentSubmissionId": "58923-001",
    "PaymentId": "58923",
    "Status": "AcceptedSettlementInProcess",
    "CreationDateTime": "2017-06-05T15:15:22+00:00"
  },
  "Links": {
    "Self": "https://api.alphabank.com/open-banking/v1.0/payment-submissions/58923-001"
  },
  "Meta": {}
}


2. A PISP can also optionally query for the status of a Payment resource by invoking /payments/{PaymentId}. This can use an existing access token with payments scope or the PISP can obtain a fresh access token by replaying the client credentials grant request as per Step 2 - Setup Single Payment Initiation.

Account API Specification

...