Known issues with the latest versions of Open Banking specifications are detailed here. For each release, we have included a table that shows the issue and also any impact and/or mitigation.

This page is NOT concerned with issues relating to the implementation of the specifications (either by an ASPSP or a TPP) or for documentation and guides, but ONLY for the actual specifications. In many cases, these issues have already been fixed in a release candidate for the next version, which is available to all registered users in the Open Banking Collaboration Space.

To report any other issues, please log via the Open Banking Service Desk.

Read/Write v4.0

Ref_No	Status	Details	Impact/Mitigation	Fix in Version	Area	Reporter	Reported	Reported Service Desk Ticket Number (OBL access only)	Work Item Ticket Number (OBL Access Only)
v40_KI1	Open	Spec pages have OBCashAccountDebtor4 listed against Debtor and DebtorAccount in OBDomestic2 https://openbankinguk.github.io/read-write-api-site3/v4.0/resources-and-data-models/pisp/domestic-payment-consents.html#data-dictionary	In v3 the these objects contained the same fields and shared a base object (OBCashAccountDebtor4). In v4: DebtorAccount includes the new Proxy object Debtor includes the new LEI field. The initial release still referenced OBCashAccountDebtor4 for both these objects. We will address this in a future release, the swaggers contain in-line definitions for some objects so payloads are unaffected.	Specs in future release Swagger - update in future release (to remove in-line definitions) Internal External repo- no change	Specs	ASPSP	Jul 2024	00049617 00049681 00049811
v40_KI2	Closed	OBDomesticVRPInitiation and OBDomesticVRPInstruction contain CreditorAgent	CreditorAgent was removed in v319_KI9 and should not be present in VRP payloads.	Specs - updated 19th September 2024 Swagger - updated 19th September 2024 Internal External repo- no change	VRP	APSPS	Jul 2024	00049809
v40_KI3	Closed	The OBRemittanceInformation2/Unstructured data dictionary has the correct cardinality but the class column does not clearly indicate this is an array of Max140Text values. JSON examples show as a single entity rather than an array and Swagger has a length of 256 for the strings	OBRemittanceInformation2/Unstructured is an array of strings with Max140Text length each, as shown by the cardinality. The Data Dictionary class column will be updated in future release to further clarify this. JSON examples will be updated in a future release and swagger will be updated in due course	Specs - updated 19th September 2024 Swagger - updated 19th September 2024 Internal External repo- no change	Spec	APSPS	Jul 2024	00049781
v40_KI4	Closed	~~CreditorAgent is listed in the OBDomesticVRPInstruction data dictionary but is not present in the UML or swagger~~ Duplicate of v40_KI2	CreditorAgent was removed in v319_KI9 and should not be listed in the Data Dictionary	N/A	VRP	APSPS	Jul 2024	00049747
v40_KI5	Closed	VRP spec pages list OBCashAccountDebtorWithName length as Max70Text but swagger lists it as Max350Text ht tps://openbankinguk.github.io/read-write-api-site3/v4.0/resources-and-data-models/vrp/domestic-vrp-consents.html#obcashaccountdebtorwithname	Spec page is correct, swagger will be updated	Swagger - updated 19th September 2024 Internal External repo- no change	Swagger	TSP	Jul 2024	00049681
v40_KI6	Closed	OBWritePaymentDetails1 data dictionary is missing and UML shows wrong cardinality for Data and PaymentDetails. VRP Payment details have been rolled back to v3 schema with ISO20022 values but table still shows the v4 changes	The data dictionary will be restored. Swagger cardinality will be updated to show that Data is a singular mandatory field and PaymentStatus is an unbounded array of payment status details. VRP swagger will be updated to match correct schema UML diagrams will be updated when the spec pages are updated.	Specs - updated 19th September 2024 Swagger -updated 19th September 2024 Internal External repo- no change	PISP	TSP	Jul 2024	00049708
v40_KI7	Open	VRP & PISP Class name for the 'refund' object is misaligned between the data dictionary and swaggers The data dictionary assigns the refund object class as "OBDomesticRefundAccount1" and in the swaggers this is defined inline without a class (PISP) or as OBCashAccountDebtorWithName (VRP).	Object definitions in the swaggers are correct and class names will be aligned in a future release	Specs/Swaggers - aligned in a future release Internal External repo- no change	PISP & VRP	TSP	Jul 2024	00049811	CDRW-4609 - Getting issue details... STATUS
v40_KI8	Closed	Reference information missing from OBReadStandingOrder6 https://openbankinguk.github.io/read-write-api-site3/v4.0/resources-and-data-models/aisp/standing-orders.html#data-dictionary	This was replaced by RemittanceInformation but is missing from the payload. Data Dictionary, UML and swaggers will be updated to include this object	Specs - updated 19th September 2024 Swagger - updated 19th September 2024 Internal External repo- no change	AISP	ASPSP	Jul 2024	00050015
v40_KI9	Open	ExternalPaymentTransactionStatus1Code was originally listed in ISO_External_CodeSet, this has been moved to OB_Internal_CodeSet	Codeset name is unchanged and can be found in the OB file. Swaggers will be updated with the correct location. Spec pages will be updated in next release to reference updated file.	Spec pages - updated in next release Swaggers - updated updated 19th September 2024 Internal External repo in v4.0 onwards	PISP, VRP, AISP	Internal review	September 2024
v40_KI10	Open	PISP Standing Order payload requires frequency to be provided. This object is mandatory but is contained in an optional parent object.	The parent object, MandateRelatedInformation, will be mandatory in a future update.	Spec pages - next release Swaggers - updated 19th September 2024 Internal External repo- no change	PISP	ASPSP	September 2024
v40_KI11	Open	v4 File Payments status codes do not represent both the status of both file processing and subsequent payments within the file itself.	The codes will be rolled back to v3 alignment but with ISO 20022 values. This ensures file status and payment details payloads can be returned successfully as per v3 implementations. Spec page shows original codes from v4 release, participants should refer to the swagger file. File payments will be reviewed at TDA in due course to determine what changes, if any, are appropriate.	Spec pages - next release Swaggers - updated 19th September 2024 Internal External repo- no change	PISP	Interval Review	September 2024
v40_KI12	Closed	Codeset updates	Codeset listings have been updated on the GitHub repository. Change-log available here	Spec pages – primarily aligned on 19th September 2024 v40_KI9 will be addressed in a future release Swagger in refresh Internal External repo in v4.0 onwards	All	Internal Review	September 2024
v40_KI13	Closed	Swagger updates - a number of misalignments have been identified and addressed in the swagger files.	Updated swaggers have been issued, change-log available here	Swaggers updated 19th September 2024 Internal External repo- no change	All	Internal Review	September 2024
v40_KI14	Closed	Spec page updates	In TDA decisions 268 and 269 it was agreed to publish a refreshed set of pages addressing minor issues. The change log is available here	Spec Pages in refresh Internal External repo- no change	All	Internal Review	September 2024
v40_KI15	Open	`OBMultiAuthorisation1/Status` is listed as as using the `OBExternalStatus2Code` enum in the top level data dictionary	The correct enumeration is `OBInternalStatus2Code` - searching the codeset repo for `OBExternalStatus2Code` will return the correct enumeration.	Spec pages in a future update Swagger - no change required Internal External repo- no change	PISP	ASPSP	October 2024	00053089	CDRW-4672 - Getting issue details... STATUS
v40_KI16	Open	International Payments Multi Authorisation table lists `AWAU` instead of `AWAF` File Payments status table lists `AWAU` instead of `AWAF`	The correct value to return is AWAF	Spec pages - in a future update Swaggers - updated in due course Internal External repo- no change	PISP	ASPSP	October 2024	00053089	CDRW-4669 - Getting issue details... STATUS CDRW-4668 - Getting issue details... STATUS
v40_KI17	Open	`OBWritePaymentDetailsResponse1` listing should be called `OBWritePaymentDetails1` in both the heading and data dictionary	`OBWritePaymentDetailsResponse1` contains `OBWritePaymentDetails1` as part of the payload. UML and swagger files show correct class name	Spec pages - in aaddressed in v4.0 Swagger update 3 future update Swagger - no change required Internal External repo- no change	PISP	ASPSP	October 2024	N/A	CDRW-4673 - Getting issue details... STATUS
v40_KI18	Closed	`OBWriteDomesticResponse5` is missing the `RCVD` enum value in the swagger file	`RCVD` is listed on the spec pages and Codeset repository. Swagger will be updated in due course	Spec pages - no change Swagger - addressed in v4.0 Swagger update 3 Internal External repo- no change	PISP	ASPSP	October 2024	N/A	CDRW-4667 - Getting issue details... STATUS
v40_KI19	Open	`OBParty2/Phone` and `OBParty2/Mobile` data dictionary regex listing is missing the preceding slash. One of the JSON examples phone numbers on the page is missing the dash. Examples for `PhoneNumber_0` (Phone) and `PhoneNumber_1` (Mobile) in the OBParty2 swagger are missing the dash.	Correct regex is `\+[0-9]{1,3}-[0-9()+\-]{1,30}` Phone number examples should contain a dash: +44-5556541109	Spec pages - in a future update Swagger - addressed in v4.0 Swagger update 3 Internal External repo- no change	AISP	Internal Review	October 2024	N/A	CDRW-4671 - Getting issue details... STATUS
v40_KI20	Open	`OBReadTransaction6/Data/Transaction/BankTransactionCode/Code` uses `ExternalBankTransactionFamily1Code` which is defined as a 4 character code in ISO 20022 but JSON examples use the longer Code Names. `OBReadTransaction6/Data/Transaction/BankTransactionCode/SubCode` uses `ExternalBankTransactionSubFamily1Code` which is defined as a 4 character code in ISO 20022 but JSON examples use the longer Code Names.	Examples will be updated with correct codes	Spec pages - in a future update Internal External repo- no change	AISP	ASPSP	October 2024	/wiki/spaces/TDA/pages/975143249	CDRW-4657 - Getting issue details... STATUS
v40_KI21	Open	Balance Transfer example in reference page needs updating	Examples in that section will be reviewed and updated for a future release.	Spec pages - in a future update Internal External repo- no change	PISP	ASPSP	October 2024	00052502	CDRW-4658 - Getting issue details... STATUS
v40_KI22	Closed	File Payments payload is missing `UK.OBIE.PaymentInitiation.4.0` from the `FileType` enum	Swagger will be updated: `UK.OBIE.PaymentInitiation.4.0` will replace `UK.OBIE.PaymentInitiation.3.1`	Specs - no change Swagger - addressed in v4.0 Swagger update 3 Internal External repo- no change	PISP	ASPSP/Internal review	November 2024	00053447	CDRW-4675 - Getting issue details... STATUS
v40_KI23	Open	Item 2 of the Access Revocation description is misaligned to CEG wording: The status of the account-access-consent must be changed to CANC and the AISP must be allowed to request PSU to re-authenticate the same account-access-consent resource.	The text will be aligned to the language used in the CEG: The status of the account-access-consent should be changed to CANC. If the status of the consent is updated then an appropriate reason must be provided in StatusReason. The AISP must be allowed to request PSU to re-authenticate the same account-access-consent resource.	Specs - in a future updated Swagger/FCS - no change Internal External repo- no change	AISP	ASPSP	November 2024	00053437	CDRW-4693 - Getting issue details... STATUS
v40_KI24	Closed	File Payments swagger is missing `CreditorAgent` in the initiation block of `OBWriteFile2` and `UltimateDebtor` field reference points to the `UltimateCreditor` schema	`CreditorAgent` should be present in the the payload as it exists in the consent initiation block - note File Payments is currently under review. `UltimateDebtor` and `UltimateCreditor` object schemas are semantically identical apart from the field descriptions, swagger will be updated to point to the correct schema	Specs - UML diagram updated in next release Swagger - addressed in v4.0 Swagger update 3 FCS - in a future update Internal External repo- no change	PISP	Internal Review	November 2024	NA	CDRW-4694 - Getting issue details... STATUS CDRW-4695 - Getting issue details... STATUS
v40_KI25	Open	A number of deprecated enumeration values were removed from the `OBRisk/PaymentContextCode` field in v4 for both PIS and VRP. These values were deprecated in v3. In order to assist migration to v4 these codes will be reintroduced to the v4 swagger files so they can be returned for long lived consents. Note: ASPSPs are not required to, but may choose to make PIS ConsentIds accessible across versions as these are short-lived consents: https://openbankinguk.github.io/read-write-api-site3/v4.0/profiles/payment-initiation-api-profile.html#get	The following values will be reintroduced to the swagger and marked as deprecated: BillPayment EcommerceGoods EcommerceServices PartyToParty PispPayee Other Note: These values should not be accepted in a new v4 initiation request, they are only to be used for returning legacy v3 PIS & VRP data where relevant.	Specs - no change Swagger - in a future update FCS - swagger update only, no change to conformance tests. Internal External repo- no change	PIS/VRP	ASPSP	December 2024	00054409	CDRW-4698 - Getting issue details... STATUS
v40_KI26	Closed	Added 9 codesets 1100, 1161, 1162, 1163, 1165, 1166, 1177, 1178, 1180 under OBExternalStatusReason1Code in OB_Internal_Codeset.	To enable ASPSPs to provide FPS proprietary missing reason codes	Specs - no change Swagger - no change FCS - no change Internal External repo in v4.0 onwards	PIS	ASPSP	October 2024	N/A	CDRW-4722 - Getting issue details... STATUS
v40_KI27	Open	Added RJCT codeset under ExternalEntryStatus1Code in ISO_External_Codeset.	For backward compatibility with previous versions	Specs - no change Swagger - in a future update FCS - swagger update only, no change to conformance tests. Internal External repo in v4.0 onwards	AIS	ASPSP	December 2024	00054412 \| Case \| Salesforce	CDRW-4721 - Getting issue details... STATUS
v40_KI28	Open	`MandateRelatedInformation` is modelled on the ISO 20022 object and was introduced as a mandatory field in v4, replacing frequency information provided in v3. 2 issues have been identified: Standing Orders: Some ASPSPs support complex frequency patterns and are unable to represent these using ISO codes alone. Direct Debits: The `Frequency` object in `MandateRelatedInformation` is a mandatory component of the payload and contains another mandatory field named `Type`. ASPSPs must provided a value in the `Type` field but there is no ISO code available in the `OBFrequency6` codeset representing 'not known/not available'	The `Type` field will be updated to support the v3 patterns and the v4 ISO codes. Where a legacy value is used in this field, `PointInTime` and `CountPerPeriod` should not be present in the payload as they will contain no values. Refer to Optional Fields for examples of how optional fields with no values should be treated. Note: ISO codes are the preferred way to represent frequency information in v4 and legacy values are provided to support some ASPSPs who have this requirement. New 4 character codes will be added to the `OBFrequency6` codeset to support a wider range of frequencies and indicate when no frequency information is available (for Direct Debits): Please refer to ASPSP developer portals for further information on whether legacy values in the `Type` field are supported alongside additional information relevant to `MandateRelatedInformation` usage	Spec pages - updated in next release Swagger - updated in due course FCS - internal swagger updated in due course Internal External repo in v4.0 onwards	AIS/PIS	ASPSP	January 2025	N/A	CDRW-4662 - Getting issue details... STATUS
v40_KI29	Open	Some ASPSP used the optional `NumberOfPayments` field in v3 to calculate final payment dates for Standing Orders, this field was removed in v4. It has been reported that without `NumberOfPayments` being present and `FinalPaymentDateTime` not being submitted some ASPSPs do not have sufficient information to create a Standing Order.	`NumberOfPayments` will be restored to the Standing Order payload as an optional field in the same location as it was in the v3 schema: `OBReadStandingOrder6/Data/StandingOrder/NumberOfPayments` `OBDomesticStandingOrder3/NumberOfPayments` `OBInternationalStandingOrder4/NumberOfPayments` Please refer to ASPSP developer portals for further information on whether `NumberOfPayments` is available in their v4 implementation.	Spec pages - updated in next release Swagger - updated in due course FCS - internal swagger updated in due course Internal External repo- no change	AIS/PIS	ASPSP	January 2025	N/A	CDRW-4662 - Getting issue details... STATUS
v40_KI30	Open	It has been identified that some regex patterns in the YAML and JSON documents (referred to as the swagger files) have inconsistent escaping of the '\' character when the files are compared. Whilst this does not appear to impact implementations (these inconsistencies existed in v3) all regex pattens in the files will be reviewed and any updates to ensure alignment will be published in the next Swagger update cycle	No mitigations required at this time.	Spec pages - no change Swagger - updated in due course FCS - internal swagger updated in due course Internal External repo- no change	All	ASPSP	January 2025	0055203	CDRW-4726 - Getting issue details... STATUS
v40_KI31	Open	Removed the duplicate enteries of ExternalDocumentFormat1code from ISO_External_Codeset and OB_Internal_Codeset. These are : DPDF DXML SDSH WORD XSLT	Duplicate entries removed	Spec pages - no change Swagger - no change Internal External repo in 4.0 onwards	AIS	Internal Review	December 2024	N/A	CDRW-4724 - Getting issue details... STATUS
v40_KI32	Open	In the Payment Initiation swagger file the MultiAuthorisation enum contains `AWAU` instead of `AWAF` for the following payment types: Domestic Payments Domestic Standing Order Domestic Schedule Payments International Schedule International Standing Order	As per the spec pages, the correct enum value is `AWAF`	Spec pages - no change Swagger - in a future update FCS - In a future update (embedded swagger only, no change to tests)	PIS	ASPSP	Feb 2025	N/A	CDRW-4732 - Getting issue details... STATUS
v40_KI33	Open	`OBWriteInternational3/Data/Initiation/Creditor/Name` is incorrectly listed as 140 characters in the Payment Initiation swagger file.	The max length of this field is 350 characters. Please note: This issue is present in Swagger version 3.1.6 and later.	Spec pages - no change Swagger - in a future update FCS - In a future update (embedded swagger only, no change to tests)	PIS	ASPSP	March 2025	00056904	CDRW-4735 - Getting issue details... STATUS

Read/Write API v3.1.11

Ref_No	Status	Details	Impact/Mitigation	Fix in Version	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
v3111_KI1	Open	Add 'Wallet' under AccountSubtype https://openbankinguk.github.io/read-write-api-site3/v3.1.11/resources-and-data-models/aisp/Accounts.html#data-dictionary	It is an optional field but may be required to be populated where OBExternalAccountIdentification4Code is 'UK.OBIE.Wallet' .	Specs in a future release FCS and Swagger no changes	Specs	ASPSP	Jun-2023	Case 00036358	CDRW-4214 - Getting issue details... STATUS
v3111_KI2	Open	TDA decision 263 has rolled back v3110_KI4. This restores the incorrectly spelled ContractPresentInidicator to the VRP swagger. The Spec pages show the correct spelling in-line with the original KI fix.	Swagger uses ContractPresentInidicator as per 3.1.10, Spec pages show the fixed ContractPresentIndicator as per KI3110_KI4. The incorrect spelling from 3.1.10 should be used until addressed in a future release.	Swagger rolled back for 3.1.11. Spelling will be addressed for Specs and Swagger in a future release.	VRP	ASPSP	Jun-2023	Case 00037204	CDRW-4213 - Getting issue details... STATUS
v3111_KI3	Closed	Errata fix for v3110_KI9 being withdrawn, swagger update to match specs	Errata fix, response HTTP code updated to 201 in VRP funds-confirmation endpoint to match specs	FCS(v1.7.2), Swagger in v3.1.11 onwards Specs- No change	VRP	ASPSP	Jun-2023	N/A	REFAPP-1323 - Getting issue details... STATUS
v3111_KI4	Open	Swagger defines HTTP 409 error for VRP payments but is missing from the Payments API	Inconsistent error responses for the same issue, such as duplicate idempotency key being used, occurring on VRP and Payments API	Swagger in due course	PISP	ASPSP	August 2023	00038480	CDRW-4216 - Getting issue details... STATUS
v3111_KI5	Withdrawn	DebtorAccount in VRP OBDomesticVRPResponse is listed as being mandatory in the Spec data table but the UML and swagger do not match	Field is mandatory and should be returned, Specs will be updated in future release. Swagger and FCS will be updated in due course.	Specs in a future release FCS - Upcoming fix Swagger fixed in release 3	VRP	ASPSP	Sept-2023	00039566	CDRW-4215 - Getting issue details... STATUS
v3111_KI6	Closed	FCS is not sending VRPType in OBDomesticVRPRequest	Field is mandatory as of 3.1.11	Fixed in FCS v1.7.5	VRP	TPP	Sept-2023	00039718	REFAPP-1332 - Getting issue details... STATUS
v3111_KI7	Closed	UK.OBIE.Wallet is missing from OBExternalAccountIdentification4Code in the PISP, VRP and CBPII swagger files.	Swagger is not aligned to spec	Swagger fixed in release 3	PISP, VRP and CBPII	ASPSP	Sept-2023	00039883	CDRW-4217 - Getting issue details... STATUS
v3111_KI8	Open	In the Permission codes breakdown the descriptions for ReadTransactionDebits and ReadTransactionCredits are flipped.	ReadTransactionDebits should give access to debit transactions, ReadTransactionCredits should give access to credit transactions	Specs in future release. FCS & Swagger - no change	AISP	ASPSP	Oct 2023	00041280	CDRW-4219 - Getting issue details... STATUS
v3111_KI9	Open	PSUInteractionTypes references an enum named OBVRPInteractionTypes, the definition of this enum is missing from the VRP namespaced enumerations spec page.	Enumeration is listed in VRP swagger: InSession OffSession	Specs in future release. FCS & swagger - no change	Specs (VRP)	OBL	Nov 2023	N/A	CDRW-4221 - Getting issue details... STATUS
v3111_KI10	Open	The VRP specification advises that the PISP must populate the VRP payment submissions reference field with the same value as specified in the consent. This is causing valid VRP payments with a dynamic reference, such as "May 2023 Sweeping", to fail.	There are valid use-cases for VRPs to have a different reference to that of the consent and explicit matching of the reference field is not required. This will be addressed in a future release	Specs and Swagger in a future release FCS - may be included in a future release	VRP	TPP	Nov 2023	00037579	CDRW-4224 - Getting issue details... STATUS
v3111_KI11	Open	The payment consent contains a "ReadRefundAccount" field which requests that when a payment is made the refund account details are shared with the PISP. This account information is returned in the payment response payload in the 'Refund' block. The swagger files indicate that the refund account information should be shared in the consent response in the "Data.Debtor" which does not match the usage as described on the spec pages. Please refer to the Spec pages for correct usage: https://openbankinguk.github.io/read-write-api-site3/v3.1.11/resources-and-data-models/pisp/domestic-payment-consents.html#data-dictionary-2	The descriptions and information for refund information will be addressed to ensure consistency.	Specs and Swagger in a future release FCS - swagger files shipped with the FCS will be updated when the main swagger is updated	PISP	ASPSP	Jan 2024	00043858	CDRW-4226 - Getting issue details... STATUS
v3111_KI12	Open	This replaces v3111_KI5 which has been withdrawn DebtorAccount in VRP OBDomesticVRPResponse is listed as being mandatory in the Spec data table but the UML and swagger do not match	Field is not mandatory and does not need to be returned, Specs will be updated in future release.	Specs in a future release. Swagger updated in due course. FCS - no change	VRP	ASPSP	Feb 2024	00043788	CDRW-4228 - Getting issue details... STATUS
v3111_KI13	Open	VRP Swagger has an erroneous reference to CBPII in the OBVRPFundsConfirmationResponse "Reference" field: "Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction."	The correct text is: "Unique reference, as assigned by the PISP, to unambiguously refer to the request related to the payment transaction."	Specs no change Swagger & FCS (swagger) updated in due course	VRP	TPP	Feb 2024	00044831	CDRW-4230 - Getting issue details... STATUS REFAPP-1356 - Getting issue details... STATUS
v3111_KI14	Open	Several class types are swapped in the Statements data dictionary: OBReadStatement2/Data/Statement/StatementRate/Rate and OBReadStatement2/Data/Statement/StatementRate/Type OBReadStatement2/Data/Statement/StatementValue/Value and OBReadStatement2/Data/Statement/StatementValue/Type	OBReadStatement2/Data/Statement/StatementRate/Rate is Max40Text OBReadStatement2/Data/Statement/StatementRate/Type is OBExternalStatementRateType1Code OBReadStatement2/Data/Statement/StatementValue/Value is Max40Text OBReadStatement2/Data/Statement/StatementValue/Type is OBExternalStatementValueType1Code	Specs in next release Swagger & FCS no change	AISP	ASPSP	March 2024	00046375	CDRW-4257 - Getting issue details... STATUS

Read/Write API v3.1.10

Ref_No	Status	Details	Impact/Mitigation	Fix in Version	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
v3110_KI1	Closed	`VRPType` is missing in `OBDomesticVRPRequest` `2. Usage examples are not showing VRPType selected`	Errata fix to OBDomesticVRPRequest - UML Diagram and Table to add field VRPType (1..1) https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/vrp/domestic-vrps.html#obdomesticvrprequest Errata fix to usage examples to add VRPType in Data block https://openbankinguk.github.io/read-write-api-site3/v3.1.10/references/usage-examples/vrp-usage-examples.html#post-domestic-vrps	Specs, Swagger, FCS in v3.1.11	VRP	OBIE Internal review	May-2022	N/A	CDRW-4134 - Getting issue details... STATUS
v3110_KI2	Closed	Errata fix to change `VRPType` from string to array in usage examples for `domestic-vrp-consents`	Errata fix to usage examples https://openbankinguk.github.io/read-write-api-site3/v3.1.10/references/usage-examples/vrp-usage-examples.html#post-domestic-vrp-consents	Specs in v3.1.11 Swagger, FCS-No change	VRP	ASPSP	May-2022	Case 00022980	CDRW-4133 - Getting issue details... STATUS
v3110_KI3	Closed	Errata fix where the field is incorrectly named as `BeneficiaryPaymentDetailsPrepopulatedIndicator`	Errata fix to change field ~~`BeneficiaryPaymentDetailsPrepopulatedIndicator`~~ to `BeneficiaryPrepopulatedIndicator` https://openbankinguk.github.io/read-write-api-site3/v3.1.10/profiles/read-write-data-api-profile.html#json-error-response	Specs in v3.1.11 Swagger, FCS-No change	TRI	ASPSP	Apr-2022	Case - 00022753	CDRW-4152 - Getting issue details... STATUS
v3110_KI4	Closed	Errata fix where the field is incorrectly named as `ContractPresentInidicator`	Errata fix to change field ~~ContractPresentInidicator~~ to `ContractPresentIndicator` https://openbankinguk.github.io/read-write-api-site3/v3.1.10/profiles/payment-initiation-api-profile.html#obrisk1	Specs, Swagger, FCS in v3.1.11	TRI	ASPSP	June 2022	Case-00024791 Case-00025004	CDRW-4154 - Getting issue details... STATUS
v3110_KI5	Closed	Errata fix to regular expression pattern in the specs. One example below https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/aisp/Balances.html#data-dictionary	Errata fix to change pattern from ~~^\d{1,13}$\\|^\d{1,13}\.\d{1,5}$~~ to ^\d{1,13}$\|^\d{1,13}\.\d{1,5}$ for all of the below APIs Balances `OBReadBalance1/Data/Balance/Amount/Amount` `OBReadBalance1/Data/Balance/CreditLine/Amount/Amount` Transactions `OBReadTransaction6/Data/Transaction/Amount/Amount` `OBReadTransaction6/Data/Transaction/ChargeAmount/Amount` `OBReadTransaction6/Data/Transaction/CurrencyExchange/InstructedAmount/Amount` `OBReadTransaction6/Data/Transaction/Balance/Amount/Amount` Direct-debits `OBReadDirectDebit2/Data/DirectDebit/PreviousPaymentAmount/Amount` `https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/aisp/standing-orders.html` `OBReadStandingOrder6/Data/StandingOrder/FirstPaymentAmount/Amount` `OBReadStandingOrder6/Data/StandingOrder/NextPaymentAmount/Amount` `OBReadStandingOrder6/Data/StandingOrder/LastPaymentAmount/Amount` `OBReadStandingOrder6/Data/StandingOrder/FinalPaymentAmount/Amoun`t Scheduled-payments `OBReadScheduledPayment3/Data/ScheduledPayment/InstructedAmount/Amount` Statements `OBReadStatement2/Data/Statement/StatementBenefit/Amount/Amount` `OBReadStatement2/Data/Statement/StatementFee/Amount/Amount` `OBReadStatement2/Data/Statement/StatementInterest/Amount/Amount` `OBReadStatement2/Data/Statement/StatementAmount/Amount/Amount` Funds Confirmation OBFundsConfirmation1/Data/InstructedAmount/Amount OBFundsConfirmationResponse1/Data/InstructedAmount/Amount	Specs in v3.1.11 Swagger, FCS-No change	AIS	ASPSP	July 2022 Oct 2022	Case-00025529 & OB Internal review	CDRW-4155 - Getting issue details... STATUS
v3110_KI6	Closed	Add missing 409 in payload containing "UK.OBIE.Rules.ResourceAlreadyExists" in VRP		Swagger, FCS in v3.1.10 Specs-No change	VRP PIS	TPP	Jul-22	Case 00025699	CDRW-4156
v3110_KI7	Closed	Update usage examples of "GET /accounts/{AccountId}/balances" to fit OBReadBalance1 object definition.	Errata fix to usage examples → https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/aisp/Balances.html#get-account-balances-response-3 https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/aisp/Balances.html#get-account-balances-response-2 https://openbankinguk.github.io/read-write-api-site3/v3.1.10/resources-and-data-models/aisp/Balances.html#get-account-balances-response	Specs in v3.1.11 Swagger, FCS-No change	AIS	ASPSP	Jul-22		CDRW-4158
v3110_KI8	Closed	Add missing `OBVRPStatusReasonCode` enumeration under https://openbankinguk.github.io/read-write-api-site3/v3.1.10/references/namespaced-enumerations.html#variable-recurring-payments-namespaced-enumerations	Add `OBVRPStatusReasonCode` UK.OBIE.ExemptionNotApplied UK.OBIE.OtherReason Note: ASPSPs may define enumerations that are more appropriate and use the OtherReason only in scenarios where the actual reason cannot be determined or disclosed.	Specs in v3.1.11 Swagger, FCS-No change	VRP	TPP	Sep-22	Case-27439	CDRW-4165
v3110_KI9	Withdrawn	Update FCS test case: OB-301-VRP-100650 - Check VRP Funds Confirmation (POST /domestic-vrp-consents/{ConsentId}/funds-confirmation) Respond with status code 200 instead of 201. To align to PISP CoF	Response with status code 200	FCS(v1.7.1), Swagger in v3.1.10 onwards Specs- No change	VRP	ASPSP	Sep-22	Case 00027526	CDRW-4164 Since this is a POST request the response should be 201. Hence no change
v3110_KI10	Closed	Update FCS tool Add missing test cases for GET /accounts/{AccountId}/parties Update test cases GET "/party" - a condition from "optional" to "conditional" Add test case for Idempotency for AISP Add test case for validation - not specified FinalPaymentAmount (Standing orders – Domestic & International both) Add test case for Idempotency for PIS-VRP	In the case of Idempotency HTTP error code, 403 and 401 both will be accepted as acceptable return values based on	FCS in v1.7.2 Specs, Swagger- No change	AISP	ASPSP	Nov-22	/wiki/spaces/DIR/pages/2386591745 & OB internal review	REFAPP-1306 REFAPP-1310 REFAPP-1307 REFAPP-1309
v3110_KI11	Closed	Fix the DateTime query parameter ("fromStatementDateTime") to have milliseconds precision in the below FCS test scenarios: OB-301-STA-106200, OB-301-STA-106100.	Update From "~~2016-01-01T10:40:12.34.567Z~~" to "2016-01-01T10:40:12.34567Z"	FCS in v1.7.2 Specs, Swagger-No change	AISP	ASPSP	Jan-23	Case 00029516	REFAPP-1312
v3110_KI12	Closed	Fix the DateTime query parameter ("fromStatementDateTime") from <Date Extended and Time Basic> to <Date Basic and Time Basic> in the below FCS test scenario OB-301-STA-106000	Update From “~~2016-01-01T104012.345Z~~” to “20160101T104012.345Z”	FCS in v1.7.2 Specs, Swagger-No change	AISP	ASPSP	Feb-23	Case 00033038	REFAPP-1315
v3110_KI13	Closed	"UK.OBIE.Rules.FailsControlParameters" missing from OBErrorResponseError1Code enumeration	Add "UK.OBIE.Rules.FailsControlParameters" to list	Specs Swagger - no change FCS - no change	PISP	OBIE Internal review	Apr-23	OB internal review	CDRW-4196
v3110_KI14	Closed	Test cases OB-301-DOP-102000 and OB-301-DOP-101600 do not appear on the run list when adding the following endpoints to the discovery file in FCS: post /international-scheduled-payment-consents post /international-payment-consents	Impact: Unable to complete testing Mitigation: Under review	TBC	PISP	ASPSP	Apr-23	Case 00034668	REFAPP-1318

Dynamic Client Registration v3.3

Status	Details	Impact/Mitigation	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
Open	The enumeration for application_type has incorrect values	This will be fixed in a forthcoming release.	General	TPP	Aug-2020	OBSD-17624 - Getting issue details... STATUS	CDRW-3518 - Getting issue details... STATUS
Open	The endpoint should be GET not POST https://openbankinguk.github.io/dcr-docs-pub/v3.3/dynamic-client-registration.html#endpoints "POST /register/{ClientId}" should be "GET /register/{ClientId}"	This will be fixed in a forthcoming release.	General	TPP	Aug-2020	OBSD-17490 - Getting issue details... STATUS	CDRW-3519 - Getting issue details... STATUS

Status

Details

Impact/Mitigation

Area

Reporter

Reported

Service Desk Ticket Number

(OBIE access only)

Work Item Ticket Number

(OBIE Access Only)

Open

The enumeration for application_type has incorrect values

This will be fixed in a forthcoming release.

General

TPP

Aug-2020

OBSD-17624 - Getting issue details... STATUS

CDRW-3518 - Getting issue details... STATUS

Open

The endpoint should be GET not POST

https://openbankinguk.github.io/dcr-docs-pub/v3.3/dynamic-client-registration.html#endpoints

"POST /register/{ClientId}" should be "GET /register/{ClientId}"

This will be fixed in a forthcoming release.

General

TPP

Aug-2020

OBSD-17490 - Getting issue details... STATUS

CDRW-3519 - Getting issue details... STATUS

Read/Write API v3.1.9

Ref_No

Status

Details

Impact/Mitigation

Area

Reporter

Reported

Service Desk Ticket Number

(OBIE access only)

Work Item Ticket Number

(OBIE Access Only)

v319_KI1

Closed

For AISP: OBReadConsent1:

UML diagrams are incorrectly showing the Permissions field as 0..1 in version 3.1.7 onwards

Fix UML diagram in v3.1.8 and v3.1.7 to reflect Permissions 1..*

VRP

ASPSP

Oct-2021

OBSD-26532 - Getting issue details... STATUS

v319_KI2

Closed

UML diagram is incorrectly showing Instructed amount field as 0..1

Following objects will be fixed

VRP Domestic VRP Instruction,

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrps.html#obdomesticvrpinstruction

2. VRP Domestic VRP Request.

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrps.html#obdomesticvrprequest

3. VRP Domestic VRP Response

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrps.html#obdomesticvrpresponse

Fix UML diagram to reflect Instructed amount field as 1..1 in below objects
1. OBDomesticVRPInstruction
2. OBDomesticVRPRequest
3. OBDomesticVRPResponse
Update swagger

VRP

ASPSP

Sep-2021

OBSD-26140 - Getting issue details... STATUS

v319_KI3

Closed

Fix in section to remove 'Revoked' status

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#state-model-vrp-consents

Changes removed are ~~struck out~~ and added are in blue

Update state model diagram to remove the status.
Update below table under state model - vrp consents section

	Status	Status Description
1	AwaitingAuthorisation	The consent resource is awaiting PSU authorisation.
2	Rejected	The consent resource has been rejected.
3	Authorised	The consent resource has been successfully authorised.
4	~~Revoked~~	~~The consent resource has been revoked by the PSU, via ASPSP's online channel~~ .

3. Update swagger

VRP

ASPSP

Sep-2021

OBSD-26142 - Getting issue details... STATUS

v319_KI4

Closed

Fix in section to remove 'Revoked' status

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpconsentresponse

Changes removed are ~~struck out~~ and added are in blue

Name	Path	Definition	Type
Data (1..1)	Data
ConsentId (1..1)	Data. ConsentId	Unique identification as assigned by the ASPSP to uniquely identify the consent resource.	Max128Text
Data. ReadRefundAccount (0..1)	Data. ReadRefundAccount	Indicates whether the RefundAccount object should be included in the response	Yes No
CreationDateTime (1..1)	Data. CreationDateTime	Date and time at which the resource was created.	ISODateTime
Status (1..1)	Data. Status	Specifies the status of the resource in code form.	Authorised AwaitingAuthorisation Rejected ~~Revoked~~ ~~Expired~~
StatusUpdateDateTime (1..1)	Data. StatusUpdateDateTime	Date and time at which the resource status was updated.	ISODateTime
ControlParameters (1..1)	Data. ControlParameters	The control parameters under which this VRP must operate	OBDomesticVRPControlParameters
Initiation (1..1)	Data. Initiation	The parameters of the VRP consent that should remain unchanged for each payment under this VRP	OBDomesticVRPInitiation
DebtorAccount (0..1)	Data.DebtorAccount	The approved DebtorAccount that the payment can be made from. THhe value must be populated for GET responses once the consent is approved.	OBCashAccountDebtorWithName
Risk (1..1)	Risk	The consent payload is sent by the initiating party to the ASPSP. It is used to request a consent to move funds from the debtor account to a creditor.	OBRisk

v319_KI5

Closed

Fix to section - Consent revocation

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/profiles/vrp-profile.html#consent-revocation

A PSU may revoke consent for initiation of any future payment orders, by revoking the authorisation of VRP Consent, at any point in time.

The PSU may request the TPP to revoke the consent that it has authorised. If consent is revoked with the TPP:

The TPP must cease to initiate any future payment orders or Funds Confirmations using the VRP Consent.
The TPP must call the DELETE operation on the VRP Consent resource to indicate to the ASPSP that the PSU has revoked consent.

The PSU may revoke the VRP ~~Consent~~ access via ASPSP's online channel. If the ~~consent~~ access is revoked via ASPSP:

~~The ASPSP must immediately update the VRP Consent resource status to Revoked.~~
The ASPSP must fail any future payment order request using the ConsentId, ~~with the Status Revoked.~~
The ASPSP must make a Notification Event available for the TPP to poll/deliver Real-Time Event Notification for the event - consent-~~authorization~~-access-revoked.
The ASPSP must take the necessary action to revoke access e.g. by revoking/expiring the access token provided to the PISP.
The status of the domestic-vrp-consents must remain unchanged and the PISP must be allowed to request PSU to re-authenticate the same domestic-vrp-consents resource.
Upon successful re-authentication by PSU, an ASPSP may issue new authorization code and subsequently new access token to the PISP.

v319_KI5a

Closed

Fix to enums for event notifications related to revocation

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/references/namespaced-enumerations.html#obeventtype1code

Introduce a new enum UK.OBIE.Consent-Access-Revoked for access revoked at ASPSP keeping UK.OBIE.Consent-Authorization-Revoked for backward compatibility

Events

OBIE Internal review

Feb-2022

CDRW-4114 - Getting issue details... STATUS

v319_KI6

Closed

Fix to UML on Debtor Account

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpconsentresponse

Note: The field is marked as optional to address the scenario when a/c selection happens at ASPSP. The debtor account must be provided in the GET response after the PSU has selected the a/c at the ASPSP and the consent is approved.

Update UML diagram to make DebtorAccount block option in OBDomesticVRPConsentResponse block.

VRP

ASPSP

Sep-2021

OBSD-26403 - Getting issue details... STATUS

v319_KI7

Closed

Fix to UML and table

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpcontrolparameters

Fix to UML

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpconsentrequest

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpconsentresponse

Fix UML diagram & table (where relevant) to reflect MaximumIndividualAmount as 1..1 and PeriodicLimits field as 1..* in below objects
1. OBDomesticVRPControlParameters
2. OBDomesticVRPConsentRequest
3. OBDomesticVRPConsentResponse
Update swagger

VRP

ASPSP

Sep-2021

OBSD-26188 - Getting issue details... STATUS

v319_KI8

Closed

Clarification on Additional control parameters-

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/vrp-profile.html#payment-restrictions

Changes removed are ~~struck out~~ and added are in blue

Payment Restrictions

The standard provides a set of control parameters that may be specified as part of the VRP Consent. These control parameters set limits for the payment orders that can be created by the TPP for a given VRP.

In addition to the control parameters defined in this standard ASPSPs may implement additional control parameters, limits and restrictions for non-sweeping VRPs.

These restrictions should be documented on ASPSP's developer portal

VRP

ASPSP

Oct-2021

OBSD-26664 - Getting issue details... STATUS

v319_KI9

Closed

Change to remove CreditorAgent as it is not applicable to domestic payments and move PostalAddress block under OBDomesticVRPInstruction block as CreditorPostalAddress

2. Change to remove CreditorAgent from OBDomesticVRPInitiation as it is not applicable to domestic payments and move PostalAddress block under OBDomesticVRPInitiation block as CreditorPostalAddress

Update OBDomesticVRPInstruction to remove CreditorAgent block and move PostalAddress under OBDomesticVRPInstruction as CreditorPostalAddress
Update OBDomesticVRPInitiation to remove CreditorAgent block and move PostalAddress under OBDomesticVRPInitiation as CreditorPostalAddress

CreditorPostalAddress (0..1)

0..1

CreditorPostalAddress

Information that locates and identifies a specific address, as defined by postal services.

OBPostalAddress6

Change to UML
Change to Data dictionary table
Change to Swagger

VRP

ASPSP

Oct-2021

OBSD-26669 - Getting issue details... STATUS

v319_KI10

Closed

Change to make Reference field optional in CoF check as it is optional in the VRP consent request

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/vrp/domestic-vrp-consents.html#obvrpfundsconfirmationrequest

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/vrp/domestic-vrp-consents.html#obvrpfundsconfirmationresponse

Change 1) Update

OBVRPFundsConfirmationRequest to make Reference field optional

OBVRPFundsConfirmationResponse to make Reference field optional

Change to UML
Change to Data dictionary table
Change to Swagger

Change 2) Update

OBVRPFundsConfirmationRequest to make Data block mandatory

OBVRPFundsConfirmationResponse to make Data block mandatory

Change to UML
Change to Swagger

VRP

ASPSP

Oct-2021

Nov 2021

OBSD-27535 - Getting issue details... STATUS

v319_KI11

Closed

Amount object in examples to be corrected

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/vrp/domestic-vrp-consents.html#examples-of-periodic-limits

Fix to examples -Example 1, 2,3,4 to flatten Amount and currency

VRP

ASPSP

Nov 2021

OBSD-27653 - Getting issue details... STATUS

v319_KI12

Closed

Update scope of event notification to include payments

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/profiles/aggregated-polling-api-profile.html#scopes

Fix to include Payments in the scope of event notification

VRP

ASPSP

Nov 2021

OBSD-27921 - Getting issue details... STATUS

v319_KI13

Closed

Link to Event Notification is broken

Fix links in v319 and v318

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/event-notifications/domestic-vrp-consents.html

https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/event-notifications/domestic-vrp-consents.html

General

OB Internal

Jan 2022

v319_KI14

Closed

Errata fix to include this attribute for non-sweeping only and hence optional field for sweeping

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpcontrolparameters

Add an array PSUInteractionTypes to enable the PISP to capture 'Customer not in an active session' and 'Customer in an active session' at the consent level.

https://openbankinguk.github.io/read-write-api-site3/v3.1.9/resources-and-data-models/vrp/domestic-vrps.html#obdomesticvrprequest

Add PSUInteractionTypes to enable the PISP to specify the specific value from the PSUInteractionTypes defined at the consent level

Add missing attributes to capture PSUInteractionTypes as per VRP requirement

Change to UML
Change to Data dictionary table
Change to Swagger

//Consent
{ PSUInteractionTypes: ['InSession','OffSession'] }

//payment
{ PSUInteractionType: 'InSession' }

VRP

ASPSP

Jan 2022

OBSD-28494 - Getting issue details... STATUS

v319_KI15

Closed

Change resource group of VRP endpoints to existing PISP resource group

Changes to the Open API specification for VRP (update server URI path)
Changes to the URLs in usage examples
Changes to Functional Conformance Suite (FCS)
Changes to Model Bank

VRP

ASPSP

Jan 2022

/wiki/spaces/WOR/pages/2302083154

CDRW-4126 - Getting issue details... STATUS

Read/Write API v3.1.8

Status	Details	Impact/Mitigation	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
Fixed	For VRPs, the section on Events (https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/vrp-profile.html#event-notifications) states that In any such situation where an account linked to a`vrp-consent`can no longer be used, temporarily or permanently, to make payments, the ASPSP must inform the TPP using events.	The specification should be modified to read: In any such situation where an account linked to a `vrp-consent` can no longer be used, temporarily or permanently, to make payments, the ASPSP should inform the TPP using events.	VRP	ASPSP	Apr-2021	OBSD-25276 - Getting issue details... STATUS Reported in TDA	CDRW-3937 - Getting issue details... STATUS
Fixed	In the Domestic VRPs - v3.1.8 spec data model it says: Reference (0..1) RemittanceInformation. Reference Unique reference, as assigned by the creditor, to unambiguously refer to the payment transaction. The PISP must populate this with the same value as specified in the ControlParameters.Reference field of the consent. The field does not exist	Spec should be updated to read "The PISP must populate this with the same value as specified in the `Data.Initiation.RemittanceInformation.Reference`"	VRP	ASPSP	May-2021	OBSD-23244 - Getting issue details... STATUS
Fixed	Rejected code is not listed in https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/account-and-transaction-api-profile.html#static-enumerations for rejected	Code to be added	AIS	ASPSP	May-2021	OBSD-23512 - Getting issue details... STATUS
Fixed	The action to be taken for Access Revocation (See https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/account-and-transaction-api-profile.html#access-revocation) is not clear due to the use of the term "may"	Change the statement: A PSU may revoke AISP's access directly with the ASPSP, via the access dashboard. In such a situation: The ASPSPs may revoke/expire the access token provided to the AISP. to read: ... The ASPSP must take the necessary action to revoke access e.g. by revoking/expiring the access token provided to the AISP.	AIS	ASPSP	June-2021	OBSD-23823 - Getting issue details... STATUS
Fixed	The response object specified for the payment details endpoint is incorrect	Change the `Endpoints` table `Response Object` entry for payment-details OBDomesticVRPRequestDetailResponse to read OBDomesticVRPDetails	VRP	ASPSP	July-2021	OBSD-24689 - Getting issue details... STATUS
Fixed	Errata fixes to VRP example 2 and example 3 https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#examples-of-periodic-limits	Change Example 2 from to Change Example 3 from to	VRP	TPP	July-2021	OBSD-24907 - Getting issue details... STATUS	CDRW-4036 - Getting issue details... STATUS
Fixed	Errata fix to update resources and data models page for VRP - https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/	Update VRP Resources and Data Models page to include all VRP endpoints including resource compatibility with version 3.1.8 and 3.1.9	VRP	TPP	Aug-2021	OBSD-25460 - Getting issue details... STATUS OBSD-26172 - Getting issue details... STATUS
Fixed	Errata fix to update enumerations for VRP - https://openbankinguk.github.io/read-write-api-site3/v3.1.8/references/namespaced-enumerations.html		VRP	TPP ASPSP	Aug-2021 Jul-2021	OBSD-25446 - Getting issue details... STATUS OBSD-25088 - Getting issue details... STATUS
Fixed	Errata fix to update State model table to remove "Expired" status https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#state-model---vrp-consents		VRP	ASPSP	Aug-2021	OBSD-25600 - Getting issue details... STATUS
Fixed	Errata fix to update permissions in Transactions API https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/aisp/Transactions.html#permission-codes	Update Permissions section to include ReadTransactionsCredits and ReadTransactionsDebits	AISP	TPP	Aug-2021	OBSD-25715 - Getting issue details... STATUS
Fixed	Clarification on PeriodType=Fortnight PeriodAlignment=Calendar ValidToDateTime https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/domestic-vrp-consents.html#obdomesticvrpcontrolparameters	Clarification on the below combination - PeriodType=Fortnight PeriodAlignment=Calendar To refrain from implementing this combination, as the ISO calendar does not support or provide any guidance on when a fortnight should start. Clarification on time part in the consent - ValidFromDateTime ValidToDateTime The consent period starts and ends at midnight - effectively the time element of the date should be disregarded in computing the date range and pro-rating.	VRP	ASPSP	Aug-2021	OBSD-25599 - Getting issue details... STATUS

Read/Write API v3.1.7

Status	Details	Impact/Mitigation	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
Fixed	For file payments, the `OBWriteFileResponse3/Data/Debtor/Name` field only allows a single value. Guidance or changes are required for what should be done in situations where the file payments are made from multiple debtor accounts	To be confirmed following completion of FCA consultation on Debtor Name/Account fields	PIS	ASPSP	Mar-2021	OBSD-22139 - Getting issue details... STATUS

Status

Details

Impact/Mitigation

Area

Reporter

Reported

Service Desk Ticket Number

(OBIE access only)

Work Item Ticket Number

(OBIE Access Only)

Fixed

For file payments, the OBWriteFileResponse3/Data/Debtor/Name field only allows a single value.

Guidance or changes are required for what should be done in situations where the file payments are made from multiple debtor accounts

To be confirmed following completion of FCA consultation on Debtor Name/Account fields

PIS

ASPSP

Mar-2021

OBSD-22139 - Getting issue details... STATUS

Read/Write API v3.1.6

Status	Details	Impact/Mitigation	Area	Reporter	Reported	Service Desk Ticket Number (OBIE access only)	Work Item Ticket Number (OBIE Access Only)
Fixed	This property is documented to be a class of type ‘OBBranchAndFinancialInstitutionIdentification6’. This is incorrect and it should be ‘OBCashAccountCreditor3’.	Addressed in v3.17	PIS	TPP	Jun-2020	OBSD-16647 - Getting issue details... STATUS	CDRW-3428 - Getting issue details... STATUS
Fixed	In the Domestic-Standing-Orders section, the ‘OBDomesticStandingOrder3’ class includes the ‘CreditorAccount’ property. This property is documented to be a class of type ‘OBBranchAndFinancialInstitutionIdentification6’, although the fields documented beyond that (in CreditorAccount path) are not.	Addressed in v3.17	PIS	TPP	Jun-2020	OBSD-16647 - Getting issue details... STATUS	CDRW-3428 - Getting issue details... STATUS
Fixed	Transaction Identifier. A unique identifier for the transaction. ASPSPs may populate this field with the x-fapi-transaction-id of the api operation that lead to the change, or populate it with the same value as jti. This should read `x-fapi-interaction-id` instead of `x-fapi-transaction-id`	Addressed in v3.17	AIS	TBC	Jul-2020	OBSD-16818 - Getting issue details... STATUS	CDRW-3448 - Getting issue details... STATUS
Fixed	The `POST` endpoint is listed in the Endpoints table, but no further documentation is provided	Addressed in v3.17	PIS	TPP	Jul-2020	OBSD-16778 - Getting issue details... STATUS	CDRW-3449 - Getting issue details... STATUS
Fixed	Document styling an formatting issue	Addressed in v3.17	AIS	Internal	Jul-2020	OBSD-15322 - Getting issue details... STATUS	CDRW-3445 - Getting issue details... STATUS
Fixed	The Version History format for 3.1.5 and 3.1.6 is presented in different styles	Addressed in v3.17	General	Internal	Jul-2020	NA (Reported internally)	CDRW-3446 - Getting issue details... STATUS
Fixed	Additional examples to be added	Addressed in v3.17	General	ASPSP	Jul-2020	Reported by email	CDRW-3485 - Getting issue details... STATUS
Fixed	Incorrect field size for `ReferencePaymentId` field in SCA Support Data	Addressed in v3.17	PISP	ASPSP	Jul-2020	OBSD-17345 - Getting issue details... STATUS	CDRW-3500 - Getting issue details... STATUS
Fixed	Bank Transaction Code size field is not in sync between specifications and swagger	Addressed in v3.17	AISP	ASPSP	Jun-2020	OBSD-16489 - Getting issue details... STATUS	CDRW-3503 - Getting issue details... STATUS
Fixed	For the CASS status, "NotSwitched" is spelt incorrectly in one instance	Addressed in v3.17	AISP	ASPSP	Aug-2020	OBSD-17586 - Getting issue details... STATUS	CDRW-3517 - Getting issue details... STATUS
Fixed	Inconsistent description of "CreationDate"	Addressed in v3.17	PISP	ASPSP	Sep-2020	OBSD-18538 - Getting issue details... STATUS	CDRW-3679 - Getting issue details... STATUS
Fixed	Incorrect example for `CountrySubdivision`	Addressed in v3.17	PISP	ASPSP	Sep-2020	OBSD-18590 - Getting issue details... STATUS	CDRW-3682 - Getting issue details... STATUS

Read/Write API v3.1.5

Status	Ref	Type	Issue	Details	Impact/Mitigation
Fixed	OBSD-15311 - Getting issue details... STATUS	Errata	Incorrect multiplicity for `OBRisk1/DeliveryAddress/CountrySubDivision`	The occurence is specified as `0..2` instead of `0..1`	This will be fixed in v3.1.6
Fixed	NA	Clarification	Behaviour when a incorrectly formatted ISO Date is provided in a request is not clearly defined	Clarify that when an ASPSP receives a request with an incorrectly formatted date, it may respond with a status code of `400 Bad Request` and an error code of `UK.OBIE.Field.InvalidDate.`	This will be fixed in v3.1.6
Fixed	OBSD-12579 - Getting issue details... STATUS	Clarification	The `txn` claim for `OBEventNotification2` is optional in the SET standard, but mandatory in the OBIE standard.		Clarify the usage of the `txn` claim in the standard.

Status

Ref

Type

Issue

Details

Impact/Mitigation

Fixed

OBSD-15311 - Getting issue details... STATUS

Errata

Incorrect multiplicity for OBRisk1/DeliveryAddress/CountrySubDivision

The occurence is specified as 0..2 instead of 0..1

This will be fixed in v3.1.6

Fixed

Clarification

Behaviour when a incorrectly formatted ISO Date is provided in a request is not clearly defined

Clarify that when an ASPSP receives a request with an incorrectly formatted date, it may respond with a status code of 400 Bad Request and an error code of UK.OBIE.Field.InvalidDate.

This will be fixed in v3.1.6

Fixed OBSD-12579 - Getting issue details... STATUS Clarification The txn claim for OBEventNotification2 is optional in the SET standard, but mandatory in the OBIE standard. Clarify the usage of the txn claim in the standard.

Dynamic Client Registration v3.2

Status	Ref	Type	Issue	Details	Impact/Mitigation
Open		Minor Bug	The regex pattern for uuidv4 specified for the `jti` field is incorrect in the specification. As per the UUID specification (https://tools.ietf.org/html/rfc4122#section-3): `1The hexadecimal values "a" through "f" are output as lower case characters and are case insensitive on input.`		This has been fixed in the swagger file for v3.2. The specification will be corrected in the next version.

Status

Ref

Type

Issue

Details

Impact/Mitigation

Open

Minor Bug

The regex pattern for uuidv4 specified for the jti field is incorrect in the specification.

As per the UUID specification (https://tools.ietf.org/html/rfc4122#section-3):

1The hexadecimal values "a" through "f" are output as lower case characters and are case insensitive on input.

This has been fixed in the swagger file for v3.2.

The specification will be corrected in the next version.

Read/Write API Version 3.1.4

Status	Type	Issue	Details	Impact/Mitigation
Fixed	Minor Bug	Incorrect cardinality in `RefundAccount.Name`	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/788eb1f5261177a49e8afaee7f9e52a19c5bda52	Fixed in v3.1.5
Fixed	Minor Bug	`Amount` regular expression was incorrect	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/cfdba4047b9cbea9982051e9b821fc48adb916eb	Fixed in v3.1.5 Old regex will not accept amounts without a decimal point
Fixed	Minor Bug	Broken links in "Usage Examples" index file	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/e763fe34669c5968708504e7c9d3a9299ec1f27e	Cosmetic changes only. Fixed in Version 3.1.5
Fixed	Minor Bug	UML diagrams for International Payments used incorrect re-usable class versions	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/e763fe34669c5968708504e7c9d3a9299ec1f27e	Fixed in Version 3.1.5

Read/Write API Version 3.1.1 - 3.1.3

Status	Type	Issue	Details	Impact/Mitigation
Fixed	Errata	Improvements to Event Notifications	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/85addb6bd4ef06f78c600a28d4ef2be5c3a5ab1f	These have been fixed in Version 3.1.4
Fixed	Minor Bug	Inconsistencies in class and URL names.	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/ba4abc36b60b89da48b980586be2d72e0bdb9c35	These have been fixed in Version 3.1.4
Fixed	Minor Bug	Errors in markdown causing poor rendering on some environements	https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/c36a270434203b3727afed34a74e6567dd7d8163	Cosmetic changes only. These have been fixed in Version 3.1.4

Status

Ref

Type

Issue

Details

Impact/Mitigation

Fixed

Errata

Improvements to Event Notifications

https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/85addb6bd4ef06f78c600a28d4ef2be5c3a5ab1f

These have been fixed in Version 3.1.4

Fixed

Minor Bug

Inconsistencies in class and URL names.

https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/ba4abc36b60b89da48b980586be2d72e0bdb9c35

These have been fixed in Version 3.1.4

Fixed

Minor Bug

Errors in markdown causing poor rendering on some environements

https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/c36a270434203b3727afed34a74e6567dd7d8163

Cosmetic changes only.

These have been fixed in Version 3.1.4

DCR API Ver 3.1

Status	Ref	Type	Issue	Details	Impact/Mitigation
Fixed	OBSD-12892 - Getting issue details... STATUS	Minor Bug	software_id field length and pattern is not correct (^[0-9a-zA-Z]{1,18}$). It should be 22 characters( fixed in V3.2 onwards)	We're having issues with dynamic client registration. The validation for the "iss" field in the OBRegistrationRequest1 object (in DCR v3.1) is as follows: ^[0-9a-zA-Z]{1,18}$ The guidance for this is as follows: For SSAs issued by the OB Directory, this must be the software_id But the software_id issued in the OB directory is 22 characters in length so is not valid according to the spec. I've noticed the 3.2 registration spec does allow for this length, but most banks don't support this registration version yet. We can register with banks that don't validate this or banks that implement the 3.2 spec, but by the looks of our registration attempts Nationwide validates the length and doesn't implement the 3.2 spec. I'd imagine there are more banks in a similar position. How do you suggest working around this issue in the mean time?	banks must provide a workaround for. The customer must contact Nationwide directly for support. If he/she is not getting the required support, he/she should raise a new ticket complaining about Nationwide and OBIE Central Testing team will get involved. This has been fixed in V3.2

Status

Ref

Type

Issue

Details

Impact/Mitigation

Fixed

OBSD-12892 - Getting issue details... STATUS

Minor Bug

software_id field length and pattern is not correct (^[0-9a-zA-Z]{1,18}$). It should be 22 characters( fixed in V3.2 onwards)

We're having issues with dynamic client registration. The validation for the "iss" field in the OBRegistrationRequest1 object (in DCR v3.1) is as follows:

^[0-9a-zA-Z]{1,18}$

The guidance for this is as follows:

For SSAs issued by the OB Directory, this must be the software_id

But the software_id issued in the OB directory is 22 characters in length so is not valid according to the spec. I've noticed the 3.2 registration spec does allow for this length, but most banks don't support this registration version yet. We can register with banks that don't validate this or banks that implement the 3.2 spec, but by the looks of our registration attempts Nationwide validates the length and doesn't implement the 3.2 spec. I'd imagine there are more banks in a similar position. How do you suggest working around this issue in the mean time?

banks must provide a workaround for. The customer must contact Nationwide directly for support. If he/she is not getting the required support, he/she should raise a new ticket complaining about Nationwide and OBIE Central Testing team will get involved.

This has been fixed in V3.2

Read/Write API Ver 3.0

Status	Ref	Type	Issue	Details	Impact/Mitigation
Fixed	OBSD-4642 - Getting issue details... STATUS	Errata	R/W Spec Parent Page mentions application/json as the only permitted value for Content-Type		The swagger definitions for each of the APIs is correct. The statement will be corrected in v3.1 to be accurate.
Fixed		Minor Bug	v3.0-rc3 Swagger has incorrect length for Path field in the OBError1 object.	v3.0-rc3 Swagger has incorrect length for Path field in the OBError1 object. This should be Max500Text instead of Max40Text.	To be fixed in v3.0-rc4 of the Swagger spec.
Fixed		Minor Bug	The status model for the Domestic and International Payments (Immediate) does not contain a transition from `AcceptedSettlementInProcess` that handles error cases.	A transition from `AcceptedSettlementInProcess` to `Rejected` should be included on the status model diagram. This would bring it back in line with the current status model in v1.1	Amend the specification in v3.1 to include a transition from `AcceptedSettlementInProcess` to `Rejected.`
Fixed		Errata	v3 RC3 International Standing Orders page - Reusable Class UML Diagram is incorrect.	v3 RC3 International Standing Orders page. The Reusable Class describes OBInternationalStandingOrder1 but the UML diagram represents OBWriteInternationalStandingOrder1 (the consent request object).	UML DIagram for OBInternationalStandingOrder1 isn't provided in the specification. Amend the specification in V3.1 to include the correct UML Diagram.
Fixed	OBSD-4752 - Getting issue details... STATUS	Minor Bug	OBActiveCurrencyAndAmount_SimpleType in the specifications is missing the Pattern: '^\d{1,13}\.\d{1,5}$'.	Account, Payment and COF Data Dictionary in the specification does not have the pattern for OBActiveCurrencyAndAmount_SimpleType defined.	The swagger definition has the correct regex pattern. For Consistency of the specs with swagger, it will be fixed in V3.1 specification.
Fixed	OBSD-4787 - Getting issue details... STATUS	Minor Bug	"Meta" and "Links" tag in response are shown in examples but not in swagger.		To be fixed in v3.0-rc4 of the Swagger spec.
Fixed	OBSD-4786 - Getting issue details... STATUS	Minor Bug	Funds Confirmation Usage Examples missing meta element	Meta is a mandatory data element in the JSON response, but is missing in the example.	Specification and Swagger spec are accurate. Example will be fixed in V3.1 specification.
Fixed	OBSD-4785 - Getting issue details... STATUS	Errata	Typo on Products/PCA Data Model and Products/BCA Data Model pages	Fix gramattical error: FeaturesAndBenefits: Further analysis is required to check whether feature and benefits sections is needed ~~are not~~. Changes required in PCA Product Data Model & BCA Product Data Model.	Will be fixed in V3.1 specification.
Fixed	Raised by OB R/W API Team	Minor Bug	Incorrect type (length) for `DomesticStandingOrderId` and `InternationalStandingOrderId`.	Payment Order Ids for Standing Orders (`DomesticStandingOrderId` and `InternationalStandingOrderId`) is of the type Max128Text, while other Payment Order Ids are of type Max40Text.	The Ids should be standardised to Max40Text for consistenc This will be fixed in v3.0-rc4 of the Swagger spec. The specification will be updated in v3.1
Fixed	OBSD-2303 - Getting issue details... STATUS	Minor Bug	V3 Specification specifies that Error Codes in Authorisation flow must be aligned to OAuth Error codes.	Section 3.6 of the V3 RC3 specification incorrectly specifies following: ASPSPs must respond with error response in the OAuth/OIDC flow with mandatory alignment of error codes to those specified in RFC 6749 Section 4.1.2.1 However, ASPSPs may extend the error response codes to include OIDC error responses as well.	The sentence should read: It must be changed to the following, to include a reference to OIDC Error Codes: ASPSPs must respond with error response in the Authorisation flow with mandatory alignment of error codes to those specified in Section 3.1.2.6 Authentication Error Response of OIDC Core specification. This will be updated in v3.1
Fixed	Raised by OB R/W API Team	Minor Bug	Details for PUT operations are not provided in Request Headers and HTTP Status codes sections.	The R/W Ver 3.0 specifications introduced a PUT operation for ASPSP Event Notification specification. The Request Headers and HTTP Status Codes for PUT operations should be explicity defined.	The Request Headers for PUT operations are the same as those for POST operations. The HTTP Codes for PUT operations are the same as those for DELETE operations. The tables will be updated in v3.1 to reflect the above.
Fixed	Raised by OB R/W API Team	Errata	'Process for verifying a signature' mislabels Step 2 as Step 1.		It will be fixed in V3.1 specification.
Fixed	Raised by OB R/W API Team	Minor Bug	In The 'Steps' section on the Payments specification, the description for Step 4 should be generalised for redirect as well as decoupled journeys		It should be made clear that step 4 occurs when authorisation is complete. This would apply in both the redirect and decoupled flows. It will be fixed in V3.1 specification.
Fixed	CDRW-2373	Minor Bug	Incorrect Usage Examples	Self Links in Usage Examples don’t Contain Namespace	It will be fixed in V3.1 specification.
Fixed	CDRW-2372	Minor Bug	Incorrect Usage Examples	Missing idempotency key on Standing Order Examples	It will be fixed in V3.1 specification.
Fixed	CDRW-2583	Minor Bug	Incorrect Usage Examples	Incorrect Usage Example for Bulk Transactions	It will be fixed in V3.1 specification.
Fixed	CDRW-2408	Errata	Swagger files - ProductType field missing	The `ProductType` field was inadvertently left out of the swagger files for the product end-points	`ProductType` re-introduced. Will be fixed. v3.1
Fixed	CDRW-2423	Errata	Incorrect field size for `PurposeCode`	The `PurposeCode` field for international payments is of the incorrect length (35 chars rather than the ISO enum size of 4 chars)	It will be fixed in V3.1 specification.
Fixed	CDRW-2409	Minor Bug	Grammar Fix	Fixed multiple instances of poor grammar and lapses of typographical diligence.	It will fix be in v3.1 specification.
Fixed	CDRW-2582	Errata	Transaction permissions not specified	Transaction Permissions Errata (Debtor/Creditor Agent Inconsistency)	It will be fixed in V3.1 specification.
Fixed	CDRW-2585	Clarification	Common base-url for all resources	State that the base-url must be the same for all resources	It will be fixed in V3.1 specification.
Fixed	CDRW-2584	Clarification	Improve definition of CurrencyOfTransfer		It will be fixed in V3.1 specification.
Fixed	CDRW-2671	Errata	Incorrect data type for `iat` and `toe` claims	The `iat` and `toe` claims are specified as strings.These should be numeric (in keeping with the defintion of `iat` in the JWT RFC)	It will be fixed in V3.1 specification.
Open	OBSD-15311 - Getting issue details... STATUS	Errata	Incorrect multiplicity for `OBRisk1/DeliveryAddress/CountrySubDivision`	The occurence is specified as `0..2` instead of `0..1`	This will be fixed in v3.1.6

Read/Write API v1.1

References:

This version of the Read/Write API Specification will be supported by all CMA9 ASPSPs from 13 Jan 2018. The following table details known issues with this version of the specification.

Status	Ref	Type	Issue	Details	Impact/Mitigation
Closed	CDRW-928	Minor bug	Security Profile / Signing: Ensure we have got B64Enc v/s B64URLEnc.	In the security profile, step 3 "Form the payload to be signed " provides an example that Base64 encodes JOSE header and json. Similarly the signature that is computed in Step 4 of the documentation is highlighted in the example as Base64 encoded formatted. The RFC 7515 states that the header and json is encoded in Base64URL format and not Base64. The security profile should be updated to match RFC 7515.	ASPSPs and TPPs should be advised in the documentation to follow the RFC in this case. Fixed in v3
Closed	CDRW-929	Minor bug	Links format in swagger and example on Confluence doesn't match.	The Links object in the swagger contains fields with format as URI and this can be absolute URI but the examples on confluence take in values as relative URI The standard for sending links to the consumer should be absolute URI.	ASPSPs and TPPs should be advised in the documentation to use absolute URIs. Fixed
Open	TBC	Minor clarification	OB Security Profile has been incorrectly interpreted by an ASPSP.	Clarification to reflect that TPPs are NOT required to pass ACR values in either the requested acr_values string or inside the request object to address a possible mis-interpretation. This is a MAY and not a MUST as already stated in v1.1.0 of the specification.	No impact as long as ASPSPs and TPPs follow the existing spec. Wording will be made clearer/more explicit in next release. Security Profile Implementation Guide to be updated and published
Closed	TBC	Minor clarification	Security Profile: Clarity on use of MA-TLS with OIDC well-known end-point.	Clarification to reflect that an ASPSP's OIDC well-known end-point MUST NOT use TLS-MA. The end-point SHOULD use TLS.	No impact on ASPSPs and TPPs that have followed the existing specification. Wording will be improved and made more explicit in the next release. Fixed Security Profile 1.1.2
Closed	TBC	Minor bug	Directory: The mechanism that OB uses to calculate x5t does not meet specification.	Any participant attempting to check certificates fingerprints against the x5t parameter will find validation errors. As a result of this issue, the kid field for all JWK's in the OB stores do not confirmed to the published specification where OB committed to keeping the "kid" the same as the "x5t".	Potential impact on participants that rely on x5t being correct in order to accept a jwk as valid. Any participant that is following the OB specification and dynamically calculating the appropriate kid to use when creating JWT's will reject all messages from TPPs. OB will implement a workaround for effected participants at start of managed rollout, and implement a permanent fix and update the specifications asap after 13 Jan. Fixed
Closed	TBC	Minor clarification	Update Security Profile page in Confluence to align to version in Bitbucket	The master version of the Security Profile is held in Bitbucket. The Confluence page has not been kept up to date with changes to the master, and requires a cut-and-paste to align.	The differences are non-normative, and the master is linked in the Confluence page, but these changes should be reflected for completeness. All references are now link to the bitbucket. Fixed
Closed	TBC	Minor clarification	Security Profile: Clarity on the use of ciphers for the PSU facing Authorization end-point	Clarification to reflect that the ASPSP's are free to support a more expansive list of TLS Ciphers on the Authorization Server Endpoint than is explicitly supported by the FAPI Read Write Security Profile section 8.6	The differences are non TPP or ASPSP impacting as this clarification item is related to ASPSP → PSU communication link only. Will require collaboration with the OIDF FAPI Working Group. https://bitbucket.org/openid/fapi/issues/129/tls-cipher-restrictions-should-be-relaxed Fixed Security Profile 1.1.2
Closed	TBC	Medium Implementation bug	Directory Services: The x5t and x5t256 values of the JWKS files are being calculated incorrectly.	There's an implementation defect in the way the x5t and x5t256 values of the JWKS files are being calculated. As a result, any participant relying on these values to correlate to the corresponding certificate will not be able to match the two values. The x5c and x5u values are correct and do match the public keys in the JWK.	Only one participant so far has called this out as an impacting issue however a process has been put in place to address any JWKs manually that are utilised by a TPP. A code change will be delivered to correct this generation process as soon as possible and existing JWKS entries will be updated. Fixed
Closed	TBC	Minor specification issue	Open Banking Security Profile: The KID for each JWK in the JWKS store isn't being calculated in the way that was indicated.	The specification for KID calculation indicates that "OBIE will keep the KID's the same as the x5t". The implementation hasn't followed this intention. The way KID is currently being calculated is the SHA1 of the JWK instead of the SHA1 of the DER Encoded Certificate.	Open Banking will not change the way KIDs are calculated but will update the specifications to reference the way KID is being generated. Fixed in directory spec
Closed	TBC	Minor specification issue	Read/Write API Specifications: Beneficiaries endpoint does not cater for all international benficiaries	The current beneficiaries endpoint only allows for beneficiaries which have a sort code and account number or IBAN. Some international beneficiaries are identified by other local identification schemes.	Some ASPSPs will not be able to share all details for some international beneficiaries. The specification will be updated to cater for this in the next release, as a non-breaking change. Fixed
Open	TBC	Minor specification issue	Security profile: Spec not clear that query parameters in the authorize url should be url-encoded	The examples that are referred too were created as part of the “security profile implementation guide”. They don’t appear in the security profile in bit bucket. They should be updated / corrected to reflect url encoding as per oidc cores examples.	Some ASPSPs may mis-interpret the specification. The examples will be updated in due course to make things clearer. Security Profile Implementation Guide to be updated and published
Closed	CDRW-1206	Minor clarification	Inconsistency between Payments and Account specification should a ASPSP reject the request with a 403 if x-fapi-financial-id is invalid.	Accounts v1,1 seems to have dropped the following line from the spec inadvertently. "If the value does not match the expected value (based on the Client ID or network certificate of the caller, the ASPSP must reject the request with a 403 (Not Authorized) status code." This is in response to https://openbanking.atlassian.net/browse/OBSD-2643	Some ASPSP have already misinterpreted the specification and don't validate this header. Fixed

Read/Write API v2.0

References:

Read/Write Data API Specification - v2.0.0

This version of the Read/Write API Specification will be supported by all CMA9 ASPSPs from 7 September 2018 for CMA Order in-scope accounts. The following table details known issues with this version of the specification.

Status	Ref	Type	Issue	Details	Impact/Mitigation
Closed	OBSD-4103	Errata	OB Statements - Endpoint section specifies Filtering for wrong endpoints	Filtering word should be removed from the Endpoints table for: GET /accounts/{AccountId}/statements/{StatementId} (Row#2) GET /accounts/{AccountId}/statements/{StatementId}/transactions (Row#4)	Non-breaking change. The Swagger is correct for this issue, but the documentation has specified filtering on endpoints that should not apply filtering. Will be fixed in v2.1 Has been fixed in v3.0
Closed	TBC	Bug	OB Statements - filters missing in Swagger spec.	Filtering on statement dates is in the specification for: GET /accounts/{AccountId}/statements GET /statements However - these are missing from the Swagger spec.	Non-breaking change. TPPs may expect the ability to filter on dates to identify statements. However, this functionality is missing from the Swagger spec. Will be fixed in v2.1 Has been fixed in v3.0
Closed	TBC	Errata	Usage Guidance Errata	For Party Endpoint: Usage Examples for Account Owner and Authorised User - have been documented incorrectly.	Errata. Non-breaking change. Will be fixed in v2.1. Has been fixed in v3.0
Closed	TBC	Bug	Transactions Object Bug	Transactions object using the wrong currency exchange object. In v3, we have fixed this with the CurrencyExchange object replacing the EquivalentAmount object to describe currency exchange.	Breaking change to replace the CurrencyExchange object. ASPSPs cannot represent currency exchange information until this fix is applied. Will be fixed in v2.1 Has been fixed in v3.0
Closed	TBC	Errata	Address Code-LIst Errata	Updated ISO 20022 OBAddressTypeCode code from "DeliverTo" to "DeliveryTo"	Errata. Non-breaking change. Will be fixed in v2.1 Has been fixed in v3.0
Closed	TBC	Requested enhancements	Requested Enumerations for Use Cases	Enumeration definitions updated for: Balance/Type - InterimCleared, OpeningCleared, ClosingCleared StatementAmount/Type - PendingTransactionsBalance StatementFee/Type - ForeignCashTransaction CardInstrument/AuthorisationType - ConsumerDevice	Will not be included in v2.1 as fix. Has been fixed in v3.0
Closed	OBSD-3833	Bug	/party endpoint AddressLine - mismatch between spec and Swagger	AddressLine in Swagger is specified as a string. However - in the data dictionary is 0..5	Non-breaking change. Will be fixed in v2.1 Has been fixed in v3.0

Open Data API v2.1

References:

Open Data API Specifications v2.1.1

This version of the Open Data Specification will be supported by all CMA9 ASPSPs from 13 Jan 2018 and replaces v1.x. The following table details known issues with this version of the specification.

Status	Ref	Type	Issue	Details	Impact/Mitigation
Open	OD-803	Enhancement	Products: Need to split ServicingAccessChannel by individual services.	A request was made that AccessChannel be split in to:- I) SalesAccessChannel - channel(s) by which a product may be sold to a customer ii) ServicingAccessChannel - channel(s) by which an existing customer may obtain 1 or more services for a particular product.	Minor impact. Will be updated in v2.2.
Closed	OD-826	Minor bug	Regular Expressions (Regex), that are required to constrain values entered in to fields to a certain pattern, should be in the data dictionary as well as the Swagger.	Regex in Swagger is hard coded and there are a number of discrepancies (amount and rate fields) where these are limited to 2DP. They should be 3DP.	ASPSPs will only be able to specify amount and rates to 2 decimal places. Has been fixed in v2.2.0-rc1.
Closed	OD-845	Minor bug	OverdraftFeeApplicableRange section is a modelling error and should be removed from the PCA design.	OverdraftFeeApplicableRange doesn't appear in the Design at all but does appear in the swagger.	This is an optional field, so no impact. Has been fixed in v2.2.0-rc1.
Open	OD-855	Enhancement	PCA, BCA: Minimum Arranged Overdraft Amount.	Some banking products require an account holder to take an Arranged Overdraft of at least £x, or else a bank will not process an Arranged Overdraft request. This is potentially useful information. If, for example, an accountholder has an Arranged Overdraft of £100 currently, and a banking product that they're interested in taking requires a minimum Arranged Overdraft of £200, then they would not be able to switch their current account.	Minor impact. Will be updated in v2.2.
Closed	OD-856	Minor bug	All Notes fields should have a consistent cardinality 0..*	In some places cardinality is 0..1 and these should all be 0..n to allow multiple notes.	ASPSPs will have to combine notes into one field rather than separate fields. Has been fixed in v2.2.0-rc1
Closed	OD-857	Minor bug	The Max256Type datatype was not correctly generated in the Swagger files.	Swagger is a string but GFEG defines 256 characters. Swagger should be changes to 256.	No impact. Has been fixed in v2.2.0-rc1
Closed	OD-883	Minor bug	3 missing fee category codes.	FeeCategoryType1Code list is missing the following fields 'Auto', 'FX' , 'Investigation'	ASPSP can select other and chose one of these for now. No impact. Has been fixed in v2.2.0-rc1
Closed	OD-884	Bug	Fix the way that mandatory field restrictions are generated by the Swagger generation script.	Swagger contains required tag in the wrong place, which makes the Java Json Validator https://www.jsonschemavalidator.net/ fail.	ASPSPs cannot validate using Java Json Validator, but will have to use OB Json Validation tool instead. Has been fixed in v2.2.0-rc1
Open	OD-973	Minor bug	PCA, BCA, SMELoan and CCC amend spelling mistake in the codelist	There are a number of spelling mistakes in code lists (e.g. CoreProduct/ LoanApplicationFeeChargeType enumeration "NoLoanApplicationFee" is incorrectly spelt "NoLoanApplicatioFee" in swagger).	TPPs may see some values with spelling mistakes. Will be fixed in v2.2.
Open	OD-978	Enhancement	Enhance the Fee and charges Cap so that it can be linked with the any Fee Type.	Where there are tiered fees and charges, the current design only allows the ASPSP to use one cap across the tiers. ../OtherFeesAndCharges/FeeChargeCap unable to explicitly link to a ../OtherFeesAndCharges/FeeCharge Detail	ASPSPs can use notes field to specify complex caps. This item requires a decision as to whether it may be included in a future release.
Open	OD-979	Minor bug	Make the identification field optional for all section except Product ID	Some ID fields in PCA (e.g. <Product>MarketingState/Identification) are mandatory and should be optional to be consistent with BCA, SMELoans, CCC.	ASPSPs will have to populate with some value (e.g. 0). Will be fixed in v2.2.
Open	OD-980	Minor bug	Restriction on regular expression for Residency Included field should be removed.	For specifying the countries for which the PCA products are available/restricted to use the field ResidencyIncluded, current specification specifies it's DataType as OB_CodeMnemonic with a fixed length of 4. However, to correctly specify data values in this field, the correct DataType restriction should allow length of up to 4 and NOT fixed at 4. e.g. The value on this is expected to be 'UK' or 'EU', which would error out with the specification supplied.	ASPSPs will have to pad out the field (e.g. with spaces). Will be fixed in v2.2.
Open	OD-981	Minor bug	Check the possibility of changing the optional or mandatory fields as an array rather than objects.	For any fields where cardinality is 0..1, the swagger defines this as an object. For 1..1 and 1..n the swagged defines this as an array. Ideally these should all be arrays.	No impact. Will be fixed in v2.2.
Open	OD-986	Minor bug	Missing 'Other' code from Fee Type under overdraft fee charge details and cap section.	In PCA and BCA schema the FeeType Enum in the OverDraftFeesCharges of overdraftTierSet and OverDraftTierBand are missing the "Other" value in both OverdraftFeeChargeCap and OverdraftFeeChargeDetail.	ASPSPs can only specify fee types using the standard code list. Minor impact, as code lists are fairly comprehensive. Will be fixed in v2.2.
Open	OD-997	Enhancement	Add "Academic Term" in period code list.	The current code list options for: OpenBankingPCA/Brand/PCA/PCAMarketingState/StateTenurePeriod should be extended to include: AcademicTerm.	Some ASPSPs may have to use Monthly, Quarterly, Yearly for now. Minor impact. Will be updated in v2.2.
Open	OD-1010	Minor bug	Remove the example reference url link from the base of the API URI	Current URLs for V1.2 and the Swagger which implies a different configuration. Current example: https://openapi.nationwide.co.uk/open-banking/v1.2/atms Our assumption is we would just change the version number however Swagger suggests a new part of the URL is being added: “/reference-implementation/open-banking/v2.1”	ASPSPs should remove/replace 'reference-implementation' with their own URI. Minor impact. Will be fixed in 2.2.

OBErrorResponseError1Code enumeration

`OBDomesticVRPControlParameters`

`OBDomesticVRPConsentRequest`

`OBDomesticVRPConsentResponse`

Payment Restrictions

Read/Write API v1.1

Read/Write API v2.0

Open Data API v2.1

Browser not supported