Callback URL API - v3.1.2
Version Control
Version | Date | Author | Comments |
---|---|---|---|
3.1.2-RC1 | OB R/W API Team | 3.1.2-RC1 Changes:
|
Overview
The Callback URL API Specification described here allows a TPP to:
- Register a callback URL with an ASPSP to receive event notifications.
- Optionally read, update or delete a registered callback URL.
Basics
Overview
The steps and sequence diagram below provide a general outline of a notification flow for all resources in the R/W APIs.
Steps
Step 1: Setup Event Notification Configuration
- This flow begins with a TPP creating a callback-url resource with an ASPSP.
- The callback URL must be specified at this stage.
Step 2: Event Notification Required
- When an event occurs on a resource that requires a notification, the ASPSP identifies the callback-url associated with the TPP owning the affected resource.
- The ASPSP sends the event notification to the callback URL, detailing the nature of the event and identifying the affected resource.
- The TPP initiates a client credential grant and retrieves the resource using the details contained in the event notification.
Step 3: Retrieve/Update/Delete Event Notification Configuration
- The TPP may optionally read/update/delete the callback-url resource.
Sequence Diagram
Callback URL
TPPs must register a URL for TPP hosted services to receive event notifications from an ASPSP. The URL must end with the Event Notification API specification version number, followed by ‘/event-notifications'.
For example:
Release Management
This section overviews the release management and versioning strategy for the Callback URL API.
Callback-URL Resource
TPPs must register for event-notification callbacks with the version of Event Notification API they have implemented. The version element of the Callback-URL resource is used for this purpose.
POST
- A TPP must only create a callback-url on one version
GET
- A TPP must not access a callback-url on an older version, via the CallbackUrlId for a callback-url created in a newer version.
- E.g., a callback-url created in v4, accessed via v3.
- An ASPSP must allow a callback-url resource to be accessed in a newer version.
- An ASPSP must ensure callback-url fields are unchanged when accessed in a different version.
PUT
- A TPP must not update a callback-url on an older version via a CallbackUrlId created in a newer version.
- E.g., A callback-url is created in v4, and a PUT request on v3.
- An ASPSP must support updating a callback-url from a previous version via a CallbackUrlId created in a newer version.
- E.g., A callback-url is created in v3, and a PUT request on v4.
DELETE
- A TPP must not delete a callback-url on an older version via a CallbackUrlId created in a newer version.
- E.g. A callback-url is created in v4, and request DELETE on v3.
- An ASPSP must support deleting a callback-url from a previous version via a CallbackUrlId created in a newer version.
- E.g., A callback-url is created in v3, and request DELETE on v4.
Callback-URL per TPP
An ASPSP will maintain at most, a single Callback-URL resource per TPP.
Endpoints
A TPP will set up and maintain its call back details (URL and version number) using the callback-url resource.
Resource | HTTP Operation | Endpoint | Mandatory ? | Scope | Grant Type | Message Signing | Idempotency Key | Request Object | Response Object |
---|---|---|---|---|---|---|---|---|---|
callback-url | POST | POST /callback-urls | Optional | accounts payments fundsconfirmations | Client Credentials | Signed Request Signed Response | No | OBCallbackUrl1 | OBCallbackUrlResponse1 |
callback-url | GET | GET /callback-urls | Mandatory (if resource POST implemented) | accounts payments fundsconfirmations | Client Credentials | Signed Response | No | n/a | OBCallbackUrlsResponse1 |
callback-url | PUT | PUT /callback-urls/{CallbackUrlId} | Mandatory (if resource POST implemented) | accounts payments fundsconfirmations | Client Credentials | Signed Request Signed Response | No | OBCallbackUrlResponse1 | OBCallbackUrlResponse1 |
callback-url | DELETE | DELETE /callback-urls/{CallbackUrlId} | Mandatory (if resource POST implemented) | accounts payments fundsconfirmations | Client Credentials | n/a | No | n/a | n/a |
POST /callback-urls
POST /callback-urls
The API endpoint allows the TPP to ask an ASPSP to create a new callback-url resource.
- The POST action allows the TPP to register a callback URL for an ASPSP to send event notifications to.
- The ASPSP creates the callback-url resource and responds with a unique CallbackUrlId to refer to the resource.
- An ASPSP must respond with a 409 error if a callback-url exists for that TPP.
GET /callback-urls
GET /callback-urls
The API endpoint allows the TPP to ask an ASPSP to retrieve its callback-url resource.
- The ASPSP retrieves the callback-url resource and responds with the resource.
PUT /callback-urls/{CallbackUrlId}
PUT /callback-urls/{CallbackUrlId}
The API endpoint allows the TPP to ask an ASPSP to update a callback-url resource.
- The PUT action allows the TPP to update a callback URL for an ASPSP to send event notifications to.
- The ASPSP updates the callback-url resource and responds with the updated resource.
DELETE /callback-urls/{CallbackUrlId}
DELETE /callback-urls/{CallbackUrlId}
The API endpoint allows the TPP to ask an ASPSP to delete a callback-url resource.
- The ASPSP deletes the callback-url resource.
Data Model
Callback Url - Request
The OBCallbackurl1 object will be used for the call to:
- POST /callback-urls
UML Diagram
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
OBCallbackUrl1 | OBCallbackUrl1 | OBCallbackUrl1 | ||||
Data | 1..1 | OBCallbackUrl1/Data | OBCallbackUrlData1 | |||
Url | 1..1 | OBCallbackUrl1/Data/Url | Callback URL for a TPP hosted service. Will be used by ASPSPs, in conjunction with the resource name, to construct a URL to send event notifications to. | xs:anyURI | ||
Version | 1..1 | OBCallbackUrl1/Data/Version | Version for the event notification. | Max10Text |
Callback Url - Response
The OBCallbackUrlResponse1 object will be used for a response to a call to:
- POST /callback-urls
- PUT /callback-urls/{CallbackUrlId}
The OBCallbackUrlResponse1 object will also be used for the call to:
- PUT /callback-urls
UML
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
OBCallbackUrlResponse1 | OBCallbackUrlResponse1 | OBCallbackUrlResponse1 | ||||
Data | 1..1 | OBCallbackUrlResponse1/Data | OBCallbackUrlResponseData1 | |||
CallbackUrlId | 1..1 | OBCallbackUrlResponse1/Data/CallbackUrlId | Unique identification as assigned by the ASPSP to uniquely identify the callback URL resource. | Max40Text | ||
Url | 1..1 | OBCallbackUrlResponse1/Data/Url | Callback URL for a TPP hosted service. Will be used by ASPSPs, in conjunction with the resource name, to construct a URL to send event notifications to. | xs:anyURI | ||
Version | 1..1 | OBCallbackUrlResponse1/Data/Version | Version for the event notification. | Max10Text |
Callback Urls - Response
The OBCallbackUrlsResponse1 object will be used for a response to a call to:
- GET /callback-urls
UML
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
OBCallbackUrlsResponse1 | OBCallbackUrlsResponse1 | OBCallbackUrlsResponse1 | ||||
Data | 1..1 | OBCallbackUrlsResponse1/Data | OBCallbackUrlsResponseData1 | |||
CallbackUrl | 0..n | OBCallbackUrlsResponse1/Data/CallbackUrl | OBCallbackUrlResponseData1 | |||
CallbackUrlId | 1..1 | OBCallbackUrlsResponse1/Data/CallbackUrl/CallbackUrlId | Unique identification as assigned by the ASPSP to uniquely identify the callback url resource. | Max40Text | ||
Url | 1..1 | OBCallbackUrlsResponse1/Data/CallbackUrl/Url | Callback URL for a TPP hosted service. Will be used by ASPSPs, in conjunction with the resource name, to construct a URL to send event notifications to. | xs:anyURI | ||
Version | 1..1 | OBCallbackUrlsResponse1/Data/CallbackUrl/Version | Version for the event notification. | Max10Text |
Usage Examples
Create Callback Url
POST /callback-urls
POST /callback-urls HTTP/1.1 Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA x-jws-signature: TGlmZSdzIGEgam91cm5leSBub3QgYSBkZXN0aW5hdGlvbiA=..T2ggZ29vZCBldmVuaW5nIG1yIHR5bGVyIGdvaW5nIGRvd24gPw== x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865 Content-Type: application/json Accept: application/json { "Data": { "Url": "https://tpp.com/open-banking/v3.1/event-notifications", "Version": "3.1" } }
POST /callback-urls response
HTTP/1.1 201 Created x-jws-signature: V2hhdCB3ZSBnb3QgaGVyZQ0K..aXMgZmFpbHVyZSB0byBjb21tdW5pY2F0ZQ0K x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865 Content-Type: application/json { "Data": { "CallbackUrlId": "CB-101", "Url": "https://tpp.com/open-banking/v3.1/event-notifications", "Version": "3.1" }, "Links": { "Self": "https://api.alphabank.com/open-banking/v3.1/callback-urls/CB-101" }, "Meta": {} }
Get Callback Urls
GET /callback-urls
GET /callback-urls HTTP/1.1 Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865 Accept: application/json
GET /callback-urls response
GET/1.1 200 OK x-jws-signature: V2hhdCB3ZSBnb3QgaGVyZQ0K..aXMgZmFpbHVyZSB0byBjb21tdW5pY2F0ZQ0K x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865 Content-Type: application/json { "Data": { "CallbackUrl": [{ "CallbackUrlId": "CB-101", "Url": "https://tpp.com/open-banking/v3.1/event-notifications", "Version": "3.1" }] }, "Links": { "Self": "https://api.alphabank.com/open-banking/v3.1/callback-urls/" }, "Meta": {} }
© Open Banking Limited 2019 | https://www.openbanking.org.uk/open-licence | https://www.openbanking.org.uk