Known Specification Issues
- Standards
- Kenny Marritt (Unlicensed)
- Peter.Stanley
Known issues with the latest versions of Open Banking specifications are detailed here. For each release, we have included a table that shows the issue and also any impact and/or mitigation.
This page is NOT concerned with issues relating to the implementation of the specifications (either by an ASPSP or a TPP) or for documentation and guides, but ONLY for the actual specifications. In many cases, these issues have already been fixed in a release candidate for the next version, which is available to all registered users in the Open Banking Collaboration Space.
To report any other issues, please log via the Open Banking Service Desk.
Ref_No | Status | Details | Impact/Mitigation | Fix in Version | Area | Reporter | Reported | Reported Service Desk Ticket Number (OBL access only) | Work Item Ticket Number (OBL Access Only) |
---|---|---|---|---|---|---|---|---|---|
v40_KI1 | Open | Spec pages have OBCashAccountDebtor4 listed against Debtor and DebtorAccount in OBDomestic2 | In v3 the these objects contained the same fields and shared a base object (OBCashAccountDebtor4). In v4:
The initial release still referenced OBCashAccountDebtor4 for both these objects. We will address this in a future release, the swaggers contain in-line definitions for some objects so payloads are unaffected. | Specs in future release Swagger - update in future release (to remove in-line definitions) | Specs | ASPSP | Jul 2024 | ||
v40_KI2 | Closed | OBDomesticVRPInitiation and OBDomesticVRPInstruction contain CreditorAgent | CreditorAgent was removed in v319_KI9 and should not be present in VRP payloads. | Specs - updated 19th September 2024 Swagger - updated 19th September 2024 | VRP | APSPS | Jul 2024 | 00049809 | |
v40_KI3 | Closed | The OBRemittanceInformation2/Unstructured data dictionary has the correct cardinality but the class column does not clearly indicate this is an array of Max140Text values. JSON examples show as a single entity rather than an array and Swagger has a length of 256 for the strings | OBRemittanceInformation2/Unstructured is an array of strings with Max140Text length each, as shown by the cardinality. The Data Dictionary class column will be updated in future release to further clarify this. JSON examples will be updated in a future release and swagger will be updated in due course | Specs - updated 19th September 2024 Swagger - updated 19th September 2024 | Spec | APSPS | Jul 2024 | 00049781 | |
v40_KI4 | Closed |
Duplicate of v40_KI2 | CreditorAgent was removed in v319_KI9 and should not be listed in the Data Dictionary | N/A | VRP | APSPS | Jul 2024 | 00049747 | |
v40_KI5 | Closed | VRP spec pages list OBCashAccountDebtorWithName length as Max70Text but swagger lists it as Max350Text https://openbankinguk.github.io/read-write-api-site3/v4.0/resources-and-data-models/vrp/domestic-vrp-consents.html#obcashaccountdebtorwithname | Spec page is correct, swagger will be updated | Swagger - updated 19th September 2024 | Swagger | TSP | Jul 2024 | 00049681 | |
v40_KI6 | Closed | OBWritePaymentDetails1 data dictionary is missing and UML shows wrong cardinality for Data and PaymentDetails. VRP Payment details have been rolled back to v3 schema with ISO20022 values but table still shows the v4 changes | The data dictionary will be restored. Swagger cardinality will be updated to show that Data is a singular mandatory field and PaymentStatus is an unbounded array of payment status details. VRP swagger will be updated to match correct schema UML diagrams will be updated when the spec pages are updated. | Specs - updated 19th September 2024 Swagger -updated 19th September 2024 | PISP | TSP | Jul 2024 | 00049708 | |
v40_KI7 | Open | VRP & PISP Class name for the 'refund' object is misaligned between the data dictionary and swaggers The data dictionary assigns the refund object class as "OBDomesticRefundAccount1" and in the swaggers this is defined inline without a class (PISP) or as OBCashAccountDebtorWithName (VRP). | Object definitions in the swaggers are correct and class names will be aligned in a future release | Specs/Swaggers - aligned in a future release | PISP & VRP | TSP | Jul 2024 | 00049811 | CDRW-4609 - Getting issue details... STATUS |
v40_KI8 | Closed | Reference information missing from OBReadStandingOrder6 | This was replaced by RemittanceInformation but is missing from the payload. Data Dictionary, UML and swaggers will be updated to include this object | Specs - updated 19th September 2024 Swagger - updated 19th September 2024 | AISP | ASPSP | Jul 2024 | 00050015 | |
v40_KI9 | Open | ExternalPaymentTransactionStatus1Code was originally listed in ISO_External_CodeSet, this has been moved to OB_Internal_CodeSet | Codeset name is unchanged and can be found in the OB file. Swaggers will be updated with the correct location. Spec pages will be updated in next release to reference updated file. | Spec pages - updated in next release Swaggers - updated updated 19th September 2024 | PISP, VRP, AISP | Internal review | September 2024 | ||
v40_KI10 | Open | PISP Standing Order payload requires frequency to be provided. This object is mandatory but is contained in an optional parent object. | The parent object, MandateRelatedInformation, will be mandatory in a future update. | Spec pages - next release Swaggers - updated 19th September 2024 | PISP | ASPSP | September 2024 | ||
v40_KI11 | Open | v4 File Payments status codes do not represent both the status of both file processing and subsequent payments within the file itself. | The codes will be rolled back to v3 alignment but with ISO 20022 values. This ensures file status and payment details payloads can be returned successfully as per v3 implementations. Spec page shows original codes from v4 release, participants should refer to the swagger file. File payments will be reviewed at TDA in due course to determine what changes, if any, are appropriate. | Spec pages - next release Swaggers - updated 19th September 2024 | PISP | Interval Review | September 2024 | ||
v40_KI12 | Closed | Codeset updates | Codeset listings have been updated on the GitHub repository. Change-log available here | Spec pages – primarily aligned on 19th September 2024 v40_KI9 will be addressed in a future release Swagger in refresh | All | Internal Review | September 2024 | ||
v40_KI13 | Closed | Swagger updates - a number of misalignments have been identified and addressed in the swagger files. | Updated swaggers have been issued, change-log available here | Swaggers updated 19th September 2024 | All | Internal Review | September 2024 | ||
v40_KI14 | Closed | Spec page updates | In TDA decisions 268 and 269 it was agreed to publish a refreshed set of pages addressing minor issues. The change log is available here | Spec Pages in refresh | All | Internal Review | September 2024 | ||
v40_KI15 | Open | OBMultiAuthorisation1/Status is listed as as using the OBExternalStatus2Code enum in the top level data dictionary | The correct enumeration is OBInternalStatus2Code - searching the codeset repo for OBExternalStatus2Code will return the correct enumeration. | Spec pages in a future update Swagger - no change required | PISP | ASPSP | October 2024 | 00053089 | CDRW-4672 - Getting issue details... STATUS |
v40_KI16 | Open | International Payments Multi Authorisation table lists File Payments status table lists | The correct value to return is AWAF | Spec pages - in a future update Swaggers - updated in due course | PISP | ASPSP | October 2024 | 00053089 | CDRW-4669 - Getting issue details... STATUS CDRW-4668 - Getting issue details... STATUS |
v40_KI17 | Open | OBWritePaymentDetailsResponse1 listing should be called OBWritePaymentDetails1 in both the heading and data dictionary |
| Spec pages - in a future update Swagger - no change required | PISP | ASPSP | October 2024 | N/A | CDRW-4673 - Getting issue details... STATUS |
v40_KI18 | Open | OBWriteDomesticResponse5 is missing the RCVD enum value in the swagger file | RCVD is listed on the spec pages and Codeset repository. Swagger will be updated in due course | Spec pages - no change Swagger - updated in due course. | PISP | ASPSP | October 2024 | N/A | CDRW-4667 - Getting issue details... STATUS |
v40_KI19 | Open |
One of the JSON examples phone numbers on the page is missing the dash. Examples for | Correct regex is Phone number examples should contain a dash: +44-5556541109 | Spec pages - in a future update Swagger - updated in due course. | AISP | Internal Review | October 2024 | N/A | CDRW-4671 - Getting issue details... STATUS |
v40_KI20 | Open |
| Examples will be updated with correct codes | Spec pages - in a future update | AISP | ASPSP | October 2024 | /wiki/spaces/TDA/pages/975143249 | CDRW-4657 - Getting issue details... STATUS |
v40_KI21 | Open | Balance Transfer example in reference page needs updating | Examples in that section will be reviewed and updated for a future release. | Spec pages - in a future update | PISP | ASPSP | October 2024 | 00052502 | CDRW-4658 - Getting issue details... STATUS |
v40_KI22 | Open | File Payments payload is missing UK.OBIE.PaymentInitiation.4.0 from the FileType enum | Swagger will be updated: | Specs - no change Swagger - updated in due course | PISP | ASPSP/Internal review | November 2024 | 00053447 | CDRW-4675 - Getting issue details... STATUS |
v40_KI23 | Open | Item 2 of the Access Revocation description is misaligned to CEG wording: The status of the account-access-consent must be changed to CANC and the AISP must be allowed to request PSU to re-authenticate the same account-access-consent resource. | The text will be aligned to the language used in the CEG: The status of the account-access-consent should be changed to CANC. If the status of the consent is updated then an appropriate reason must be provided in StatusReason. The AISP must be allowed to request PSU to re-authenticate the same account-access-consent resource. | Specs - in a future updated Swagger/FCS - no change | AISP | ASPSP | November 2024 | 00053437 | CDRW-4693 - Getting issue details... STATUS |
v40_KI24 | Open | File Payments swagger is missing |
| Specs - UML diagram updated in next release Swagger/FCS - in a future update | PISP | Internal Review | November 2024 | NA | CDRW-4694 - Getting issue details... STATUS CDRW-4695 - Getting issue details... STATUS |
Ref_No | Status | Details | Impact/Mitigation | Fix in Version | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|---|---|
v3111_KI1 | Open | Add 'Wallet' under AccountSubtype | It is an optional field but may be required to be populated where OBExternalAccountIdentification4Code is 'UK.OBIE.Wallet' . | Specs in a future release FCS and Swagger no changes | Specs | ASPSP | Jun-2023 | Case 00036358 | CDRW-4214 - Getting issue details... STATUS |
v3111_KI2 | Open | TDA decision 263 has rolled back v3110_KI4. This restores the incorrectly spelled ContractPresentInidicator to the VRP swagger. The Spec pages show the correct spelling in-line with the original KI fix. | Swagger uses ContractPresentInidicator as per 3.1.10, Spec pages show the fixed ContractPresentIndicator as per KI3110_KI4. The incorrect spelling from 3.1.10 should be used until addressed in a future release. | Swagger rolled back for 3.1.11. Spelling will be addressed for Specs and Swagger in a future release. | VRP | ASPSP | Jun-2023 | Case 00037204 | CDRW-4213 - Getting issue details... STATUS |
v3111_KI3 | Closed | Errata fix for v3110_KI9 being withdrawn, swagger update to match specs | Errata fix, response HTTP code updated to 201 in VRP funds-confirmation endpoint to match specs | FCS(v1.7.2), Swagger in v3.1.11 onwards Specs- No change | VRP | ASPSP | Jun-2023 | N/A | REFAPP-1323 - Getting issue details... STATUS |
v3111_KI4 | Open | Swagger defines HTTP 409 error for VRP payments but is missing from the Payments API | Inconsistent error responses for the same issue, such as duplicate idempotency key being used, occurring on VRP and Payments API | Swagger in due course | PISP | ASPSP | August 2023 | 00038480 | CDRW-4216 - Getting issue details... STATUS |
v3111_KI5 | Withdrawn | DebtorAccount in VRP OBDomesticVRPResponse is listed as being mandatory in the Spec data table but the UML and swagger do not match | Field is mandatory and should be returned, Specs will be updated in future release. Swagger and FCS will be updated in due course. | Specs in a future release FCS - Upcoming fix Swagger fixed in release 3 | VRP | ASPSP | Sept-2023 | 00039566 | CDRW-4215 - Getting issue details... STATUS |
v3111_KI6 | Closed | FCS is not sending VRPType in OBDomesticVRPRequest | Field is mandatory as of 3.1.11 | Fixed in FCS v1.7.5 | VRP | TPP | Sept-2023 | 00039718 | REFAPP-1332 - Getting issue details... STATUS |
v3111_KI7 | Closed | UK.OBIE.Wallet is missing from OBExternalAccountIdentification4Code in the PISP, VRP and CBPII swagger files. | Swagger is not aligned to spec | Swagger fixed in release 3 | PISP, VRP and CBPII | ASPSP | Sept-2023 | 00039883 | CDRW-4217 - Getting issue details... STATUS |
v3111_KI8 | Open | In the Permission codes breakdown the descriptions for ReadTransactionDebits and ReadTransactionCredits are flipped. | ReadTransactionDebits should give access to debit transactions, ReadTransactionCredits should give access to credit transactions | Specs in future release. FCS & Swagger - no change | AISP | ASPSP | Oct 2023 | 00041280 | CDRW-4219 - Getting issue details... STATUS |
v3111_KI9 | Open | PSUInteractionTypes references an enum named OBVRPInteractionTypes, the definition of this enum is missing from the VRP namespaced enumerations spec page. | Enumeration is listed in VRP swagger:
| Specs in future release. FCS & swagger - no change | Specs (VRP) | OBL | Nov 2023 | N/A | CDRW-4221 - Getting issue details... STATUS |
v3111_KI10 | Open | The VRP specification advises that the PISP must populate the VRP payment submissions reference field with the same value as specified in the consent. This is causing valid VRP payments with a dynamic reference, such as "May 2023 Sweeping", to fail. | There are valid use-cases for VRPs to have a different reference to that of the consent and explicit matching of the reference field is not required. This will be addressed in a future release | Specs and Swagger in a future release FCS - may be included in a future release | VRP | TPP | Nov 2023 | 00037579 | CDRW-4224 - Getting issue details... STATUS |
v3111_KI11 | Open | The payment consent contains a "ReadRefundAccount" field which requests that when a payment is made the refund account details are shared with the PISP. This account information is returned in the payment response payload in the 'Refund' block. The swagger files indicate that the refund account information should be shared in the consent response in the "Data.Debtor" which does not match the usage as described on the spec pages. Please refer to the Spec pages for correct usage: https://openbankinguk.github.io/read-write-api-site3/v3.1.11/resources-and-data-models/pisp/domestic-payment-consents.html#data-dictionary-2 | The descriptions and information for refund information will be addressed to ensure consistency. | Specs and Swagger in a future release FCS - swagger files shipped with the FCS will be updated when the main swagger is updated | PISP | ASPSP | Jan 2024 | 00043858 | CDRW-4226 - Getting issue details... STATUS |
v3111_KI12 | Open | This replaces v3111_KI5 which has been withdrawn DebtorAccount in VRP OBDomesticVRPResponse is listed as being mandatory in the Spec data table but the UML and swagger do not match | Field is not mandatory and does not need to be returned, Specs will be updated in future release. | Specs in a future release. Swagger updated in due course. FCS - no change | VRP | ASPSP | Feb 2024 | 00043788 | CDRW-4228 - Getting issue details... STATUS |
v3111_KI13 | Open | VRP Swagger has an erroneous reference to CBPII in the OBVRPFundsConfirmationResponse "Reference" field: "Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction." | The correct text is: "Unique reference, as assigned by the PISP, to unambiguously refer to the request related to the payment transaction." | Specs no change Swagger & FCS (swagger) updated in due course | VRP | TPP | Feb 2024 | 00044831 | CDRW-4230 - Getting issue details... STATUS REFAPP-1356 - Getting issue details... STATUS |
v3111_KI14 | Open | Several class types are swapped in the Statements data dictionary: OBReadStatement2/Data/Statement/StatementRate/Rate and OBReadStatement2/Data/Statement/StatementRate/Type OBReadStatement2/Data/Statement/StatementValue/Value and OBReadStatement2/Data/Statement/StatementValue/Type | OBReadStatement2/Data/Statement/StatementRate/Rate is Max40Text OBReadStatement2/Data/Statement/StatementRate/Type is OBExternalStatementRateType1Code OBReadStatement2/Data/Statement/StatementValue/Value is Max40Text OBReadStatement2/Data/Statement/StatementValue/Type is OBExternalStatementValueType1Code | Specs in next release Swagger & FCS no change | AISP | ASPSP | March 2024 | 00046375 | CDRW-4257 - Getting issue details... STATUS |
Ref_No | Status | Details | Impact/Mitigation | Fix in Version | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|---|---|
v3110_KI1 | Closed |
|
| Specs, Swagger, FCS in v3.1.11 | VRP | OBIE Internal review | May-2022 | N/A | CDRW-4134 - Getting issue details... STATUS |
v3110_KI2 | Closed | Errata fix to change | Errata fix to usage examples | Specs in v3.1.11 Swagger, FCS-No change | VRP | ASPSP | May-2022 | Case 00022980 | CDRW-4133 - Getting issue details... STATUS |
v3110_KI3 | Closed | Errata fix where the field is incorrectly named as
| Errata fix to change field | Specs in v3.1.11 Swagger, FCS-No change | TRI | ASPSP | Apr-2022 | Case - 00022753 | CDRW-4152 - Getting issue details... STATUS |
v3110_KI4 | Closed | Errata fix where the field is incorrectly named as | Errata fix to change field | Specs, Swagger, FCS in v3.1.11 | TRI | ASPSP | June 2022 | CDRW-4154 - Getting issue details... STATUS | |
v3110_KI5 | Closed | Errata fix to regular expression pattern in the specs. One example below | Errata fix to change pattern from
for all of the below APIs
| Specs in v3.1.11 Swagger, FCS-No change | AIS | ASPSP | July 2022 Oct 2022 | & OB Internal review | CDRW-4155 - Getting issue details... STATUS |
v3110_KI6 | Closed | Add missing 409 in payload containing "UK.OBIE.Rules.ResourceAlreadyExists" in VRP | Swagger, FCS in v3.1.10 Specs-No change | VRP PIS | TPP | Jul-22 | Case 00025699 | CDRW-4156 | |
v3110_KI7 | Closed | Update usage examples of "GET /accounts/{AccountId}/balances" to fit OBReadBalance1 object definition. | Errata fix to usage examples →
| Specs in v3.1.11 Swagger, FCS-No change | AIS | ASPSP | Jul-22 | ||
v3110_KI8 | Closed | Add missing | Add
Note: ASPSPs may define enumerations that are more appropriate and use the OtherReason only in scenarios where the actual reason cannot be determined or disclosed. | Specs in v3.1.11 Swagger, FCS-No change | VRP | TPP | Sep-22 | Case-27439 | CDRW-4165 |
v3110_KI9 | Withdrawn | Update FCS test case: OB-301-VRP-100650 - Check VRP Funds Confirmation (POST /domestic-vrp-consents/{ConsentId}/funds-confirmation) Respond with status code 200 instead of 201. To align to PISP CoF | Response with status code 200 | FCS(v1.7.1), Swagger in v3.1.10 onwards Specs- No change | VRP | ASPSP | Sep-22 | Case 00027526 | Since this is a POST request the response should be 201. Hence no change |
v3110_KI10 | Closed | Update FCS tool
| In the case of Idempotency HTTP error code, 403 and 401 both will be accepted as acceptable return values based on | FCS in v1.7.2 Specs, Swagger- No change | AISP | ASPSP | Nov-22 | /wiki/spaces/DIR/pages/2386591745 & OB internal review | |
v3110_KI11 | Closed | Fix the DateTime query parameter ("fromStatementDateTime") to have milliseconds precision in the below FCS test scenarios:
| Update From " | FCS in v1.7.2 Specs, Swagger-No change | AISP | ASPSP | Jan-23 | Case 00029516 | |
v3110_KI12 | Closed | Fix the DateTime query parameter ("fromStatementDateTime") from <Date Extended and Time Basic> to <Date Basic and Time Basic> in the below FCS test scenario
| Update From “ | FCS in v1.7.2 Specs, Swagger-No change | AISP | ASPSP | Feb-23 | Case | REFAPP-1315 |
v3110_KI13 | Closed | "UK.OBIE.Rules.FailsControlParameters" missing from OBErrorResponseError1Code enumeration | Add "UK.OBIE.Rules.FailsControlParameters" to list | Specs Swagger - no change FCS - no change | PISP | OBIE Internal review | Apr-23 | OB internal review | CDRW-4196 |
v3110_KI14 | Closed | Test cases OB-301-DOP-102000 and OB-301-DOP-101600 do not appear on the run list when adding the following endpoints to the discovery file in FCS:
| Impact: Unable to complete testing Mitigation: Under review | TBC | PISP | ASPSP | Apr-23 | Case 00034668 | REFAPP-1318 |
Status | Details | Impact/Mitigation | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|
Open | The enumeration for application_type has incorrect values | This will be fixed in a forthcoming release. | General | TPP | Aug-2020 | OBSD-17624 - Getting issue details... STATUS | CDRW-3518 - Getting issue details... STATUS |
Open | The endpoint should be GET not POST https://openbankinguk.github.io/dcr-docs-pub/v3.3/dynamic-client-registration.html#endpoints "POST /register/{ClientId}" should be "GET /register/{ClientId}" | This will be fixed in a forthcoming release. | General | TPP | Aug-2020 | OBSD-17490 - Getting issue details... STATUS | CDRW-3519 - Getting issue details... STATUS |
Ref_No | Status | Details | Impact/Mitigation | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) | ||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
v319_KI1 | Closed | For AISP: OBReadConsent1: UML diagrams are incorrectly showing the Permissions field as 0..1 in version 3.1.7 onwards |
| VRP | ASPSP | Oct-2021 | OBSD-26532 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI2 | Closed | UML diagram is incorrectly showing Following objects will be fixed
2. VRP Domestic VRP Request. 3. VRP Domestic VRP Response |
| VRP | ASPSP | Sep-2021 | OBSD-26140 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI3 | Closed | Fix in section to remove 'Revoked' status | Changes removed are
3. Update swagger | VRP | ASPSP | Sep-2021 | OBSD-26142 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI4 | Closed | Fix in section to remove 'Revoked' status | Changes removed are
| |||||||||||||||||||||||||||||||||||||||||||||||||
v319_KI5 | Closed | Fix to section - Consent revocation | A PSU may revoke consent for initiation of any future payment orders, by revoking the authorisation of VRP Consent, at any point in time. The PSU may request the TPP to revoke the consent that it has authorised. If consent is revoked with the TPP:
The PSU may revoke the VRP
| |||||||||||||||||||||||||||||||||||||||||||||||||
v319_KI5a | Closed | Fix to enums for event notifications related to revocation Introduce a new enum UK.OBIE.Consent-Access-Revoked for access revoked at ASPSP keeping UK.OBIE.Consent-Authorization-Revoked for backward compatibility | Events | OBIE Internal review | Feb-2022 | CDRW-4114 - Getting issue details... STATUS | ||||||||||||||||||||||||||||||||||||||||||||||
v319_KI6 | Closed | Fix to UML on Debtor Account Note: The field is marked as optional to address the scenario when a/c selection happens at ASPSP. The debtor account must be provided in the GET response after the PSU has selected the a/c at the ASPSP and the consent is approved. |
| VRP | ASPSP | Sep-2021 | OBSD-26403 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI7 | Closed | Fix to UML and table Fix to UML |
| VRP | ASPSP | Sep-2021 | OBSD-26188 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI8 | Closed | Clarification on Additional control parameters- | Changes removed are Payment RestrictionsThe standard provides a set of control parameters that may be specified as part of the VRP Consent. These control parameters set limits for the payment orders that can be created by the TPP for a given VRP. In addition to the control parameters defined in this standard ASPSPs may implement additional control parameters, limits and restrictions for non-sweeping VRPs. These restrictions should be documented on ASPSP's developer portal | VRP | ASPSP | Oct-2021 | OBSD-26664 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI9 | Closed |
2. Change to remove |
| VRP | ASPSP | Oct-2021 | OBSD-26669 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI10 | Closed | Change to make | Change 1) Update
Change 2) Update
| VRP | ASPSP | Oct-2021 & Nov 2021 | OBSD-27535 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI11 | Closed | Amount object in examples to be corrected | Fix to examples -Example 1, 2,3,4 to flatten Amount and currency | VRP | ASPSP | Nov 2021 | OBSD-27653 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI12 | Closed | Update scope of event notification to include payments | Fix to include Payments in the scope of event notification | VRP | ASPSP | Nov 2021 | OBSD-27921 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI13 | Closed | Link to Event Notification is broken | Fix links in v319 and v318 | General | OB Internal | Jan 2022 | ||||||||||||||||||||||||||||||||||||||||||||||
v319_KI14 | Closed | Errata fix to include this attribute for non-sweeping only and hence optional field for sweeping Add an array Add | Add missing attributes to capture
//Consent | VRP | ASPSP | Jan 2022 | OBSD-28494 - Getting issue details... STATUS | |||||||||||||||||||||||||||||||||||||||||||||
v319_KI15 | Closed | Change resource group of VRP endpoints to existing PISP resource group |
| VRP | ASPSP | Jan 2022 | /wiki/spaces/WOR/pages/2302083154 CDRW-4126 - Getting issue details... STATUS |
Status | Details | Impact/Mitigation | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|
Fixed | For VRPs, the section on Events (https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/vrp-profile.html#event-notifications) states that
| The specification should be modified to read:
| VRP | ASPSP | Apr-2021 | OBSD-25276 - Getting issue details... STATUS Reported in TDA | CDRW-3937 - Getting issue details... STATUS |
Fixed | In the Domestic VRPs - v3.1.8 spec data model it says: Reference (0..1) The field does not exist | Spec should be updated to read "The PISP must populate this with the same value as specified in the `Data.Initiation.RemittanceInformation.Reference`" | VRP | ASPSP | May-2021 | OBSD-23244 - Getting issue details... STATUS | |
Fixed | Rejected code is not listed in https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/account-and-transaction-api-profile.html#static-enumerations for rejected | Code to be added | AIS | ASPSP | May-2021 | OBSD-23512 - Getting issue details... STATUS | |
Fixed | The action to be taken for Access Revocation (See https://openbankinguk.github.io/read-write-api-site3/v3.1.8/profiles/account-and-transaction-api-profile.html#access-revocation) is not clear due to the use of the term "may" | Change the statement:
to read:
| AIS | ASPSP | June-2021 | OBSD-23823 - Getting issue details... STATUS | |
Fixed | The response object specified for the payment details endpoint is incorrect | Change the OBDomesticVRPRequestDetailResponse to read
| VRP | ASPSP | July-2021 | OBSD-24689 - Getting issue details... STATUS | |
Fixed | Errata fixes to VRP example 2 and example 3 | Change Example 2 from
Change Example 3 from
| VRP | TPP | July-2021 | OBSD-24907 - Getting issue details... STATUS | CDRW-4036 - Getting issue details... STATUS |
Fixed | Errata fix to update resources and data models page for VRP - https://openbankinguk.github.io/read-write-api-site3/v3.1.8/resources-and-data-models/vrp/ | Update VRP Resources and Data Models page to include all VRP endpoints including resource compatibility with version 3.1.8 and 3.1.9 | VRP | TPP | Aug-2021 | OBSD-25460 - Getting issue details... STATUS OBSD-26172 - Getting issue details... STATUS | |
Fixed | Errata fix to update enumerations for VRP - https://openbankinguk.github.io/read-write-api-site3/v3.1.8/references/namespaced-enumerations.html | VRP | TPP ASPSP | Aug-2021 Jul-2021 | OBSD-25446 - Getting issue details... STATUS OBSD-25088 - Getting issue details... STATUS | ||
Fixed | Errata fix to update State model table to remove "Expired" status | VRP | ASPSP | Aug-2021 | OBSD-25600 - Getting issue details... STATUS | ||
Fixed | Errata fix to update permissions in Transactions API | Update Permissions section to include ReadTransactionsCredits and ReadTransactionsDebits | AISP | TPP | Aug-2021 | OBSD-25715 - Getting issue details... STATUS | |
Fixed | Clarification on
| Clarification on the below combination -
To refrain from implementing this combination, as the ISO calendar does not support or provide any guidance on when a fortnight should start. Clarification on time part in the consent -
The consent period starts and ends at midnight - effectively the time element of the date should be disregarded in computing the date range and pro-rating. | VRP | ASPSP | Aug-2021 | OBSD-25599 - Getting issue details... STATUS |
Status | Details | Impact/Mitigation | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|
Fixed | For file payments, the Guidance or changes are required for what should be done in situations where the file payments are made from multiple debtor accounts | To be confirmed following completion of FCA consultation on Debtor Name/Account fields | PIS | ASPSP | Mar-2021 | OBSD-22139 - Getting issue details... STATUS |
Status | Details | Impact/Mitigation | Area | Reporter | Reported | Service Desk Ticket Number (OBIE access only) | Work Item Ticket Number (OBIE Access Only) |
---|---|---|---|---|---|---|---|
Fixed | This property is documented to be a class of type ‘OBBranchAndFinancialInstitutionIdentification6’. This is incorrect and it should be ‘OBCashAccountCreditor3’. | Addressed in v3.17 | PIS | TPP | Jun-2020 | OBSD-16647 - Getting issue details... STATUS | CDRW-3428 - Getting issue details... STATUS |
Fixed | In the Domestic-Standing-Orders section, the ‘OBDomesticStandingOrder3’ class includes the ‘CreditorAccount’ property. This property is documented to be a class of type ‘OBBranchAndFinancialInstitutionIdentification6’, although the fields documented beyond that (in CreditorAccount path) are not. | Addressed in v3.17 | PIS | TPP | Jun-2020 | OBSD-16647 - Getting issue details... STATUS | CDRW-3428 - Getting issue details... STATUS |
Fixed | Transaction Identifier. A unique identifier for the transaction. ASPSPs *may *populate this field with the x-fapi-transaction-id of the api operation that lead to the change, or populate it with the same value as jti. This should read | Addressed in v3.17 | AIS | TBC | Jul-2020 | OBSD-16818 - Getting issue details... STATUS | CDRW-3448 - Getting issue details... STATUS |
Fixed | The POST endpoint is listed in the Endpoints table, but no further documentation is provided | Addressed in v3.17 | PIS | TPP | Jul-2020 | OBSD-16778 - Getting issue details... STATUS | CDRW-3449 - Getting issue details... STATUS |
Fixed | Document styling an formatting issue | Addressed in v3.17 | AIS | Internal | Jul-2020 | OBSD-15322 - Getting issue details... STATUS | CDRW-3445 - Getting issue details... STATUS |
Fixed | The Version History format for 3.1.5 and 3.1.6 is presented in different styles | Addressed in v3.17 | General | Internal | Jul-2020 | NA (Reported internally) | CDRW-3446 - Getting issue details... STATUS |
Fixed | Additional examples to be added | Addressed in v3.17 | General | ASPSP | Jul-2020 | Reported by email | CDRW-3485 - Getting issue details... STATUS |
Fixed | Incorrect field size for ReferencePaymentId field in SCA Support Data | Addressed in v3.17 | PISP | ASPSP | Jul-2020 | OBSD-17345 - Getting issue details... STATUS | CDRW-3500 - Getting issue details... STATUS |
Fixed | Bank Transaction Code size field is not in sync between specifications and swagger | Addressed in v3.17 | AISP | ASPSP | Jun-2020 | OBSD-16489 - Getting issue details... STATUS | CDRW-3503 - Getting issue details... STATUS |
Fixed | For the CASS status, "NotSwitched" is spelt incorrectly in one instance | Addressed in v3.17 | AISP | ASPSP | Aug-2020 | OBSD-17586 - Getting issue details... STATUS | CDRW-3517 - Getting issue details... STATUS |
Fixed | Inconsistent description of "CreationDate" | Addressed in v3.17 | PISP | ASPSP | Sep-2020 | OBSD-18538 - Getting issue details... STATUS | CDRW-3679 - Getting issue details... STATUS |
Fixed | Incorrect example for CountrySubdivision | Addressed in v3.17 | PISP | ASPSP | Sep-2020 | OBSD-18590 - Getting issue details... STATUS | CDRW-3682 - Getting issue details... STATUS |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Fixed | OBSD-15311 - Getting issue details... STATUS | Errata | Incorrect multiplicity for | The occurence is specified as 0..2 instead of 0..1 | This will be fixed in v3.1.6 |
Fixed | NA | Clarification | Behaviour when a incorrectly formatted ISO Date is provided in a request is not clearly defined | Clarify that when an ASPSP receives a request with an incorrectly formatted date, it may respond with a status code of | This will be fixed in v3.1.6 |
Fixed | OBSD-12579 - Getting issue details... STATUS | Clarification | The txn claim for OBEventNotification2 is optional in the SET standard, but mandatory in the OBIE standard. | Clarify the usage of the txn claim in the standard. |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Open | Minor Bug | The regex pattern for uuidv4 specified for the As per the UUID specification (https://tools.ietf.org/html/rfc4122#section-3):
| This has been fixed in the swagger file for v3.2. The specification will be corrected in the next version. |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Fixed | Minor Bug | Incorrect cardinality in RefundAccount.Name | Fixed in v3.1.5 | ||
Fixed | Minor Bug | Amount regular expression was incorrect | https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/cfdba4047b9cbea9982051e9b821fc48adb916eb | Fixed in v3.1.5 Old regex will not accept amounts without a decimal point | |
Fixed | Minor Bug | Broken links in "Usage Examples" index file | https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/e763fe34669c5968708504e7c9d3a9299ec1f27e | Cosmetic changes only. Fixed in Version 3.1.5 | |
Fixed | Minor Bug | UML diagrams for International Payments used incorrect re-usable class versions | https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/e763fe34669c5968708504e7c9d3a9299ec1f27e | Fixed in Version 3.1.5 |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Fixed | Errata | Improvements to Event Notifications | These have been fixed in Version 3.1.4 | ||
Fixed | Minor Bug | Inconsistencies in class and URL names. | https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/ba4abc36b60b89da48b980586be2d72e0bdb9c35 | These have been fixed in Version 3.1.4 | |
Fixed | Minor Bug | Errors in markdown causing poor rendering on some environements | https://github.com/OpenBankingUK/read-write-api-docs-pub/commit/c36a270434203b3727afed34a74e6567dd7d8163 | Cosmetic changes only. These have been fixed in Version 3.1.4 |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Fixed | OBSD-12892 - Getting issue details... STATUS | Minor Bug | software_id field length and pattern is not correct (^[0-9a-zA-Z]{1,18}$). It should be 22 characters( fixed in V3.2 onwards) | We're having issues with dynamic client registration. The validation for the "iss" field in the OBRegistrationRequest1 object (in DCR v3.1) is as follows: ^[0-9a-zA-Z]{1,18}$ The guidance for this is as follows: For SSAs issued by the OB Directory, this must be the software_id But the software_id issued in the OB directory is 22 characters in length so is not valid according to the spec. I've noticed the 3.2 registration spec does allow for this length, but most banks don't support this registration version yet. We can register with banks that don't validate this or banks that implement the 3.2 spec, but by the looks of our registration attempts Nationwide validates the length and doesn't implement the 3.2 spec. I'd imagine there are more banks in a similar position. How do you suggest working around this issue in the mean time? | banks must provide a workaround for. The customer must contact Nationwide directly for support. If he/she is not getting the required support, he/she should raise a new ticket complaining about Nationwide and OBIE Central Testing team will get involved. This has been fixed in V3.2 |
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Fixed | OBSD-4642 - Getting issue details... STATUS | Errata | R/W Spec Parent Page mentions application/json as the only permitted value for Content-Type | The swagger definitions for each of the APIs is correct. The statement will be corrected in v3.1 to be accurate. | |
Fixed | Minor Bug | v3.0-rc3 Swagger has incorrect length for Path field in the OBError1 object. | v3.0-rc3 Swagger has incorrect length for Path field in the OBError1 object. This should be Max500Text instead of Max40Text. | To be fixed in v3.0-rc4 of the Swagger spec. | |
Fixed | Minor Bug | The status model for the Domestic and International Payments (Immediate) does not contain a transition from AcceptedSettlementInProcess that handles error cases. | A transition from | Amend the specification in v3.1 to include a transition from | |
Fixed | Errata | v3 RC3 International Standing Orders page - Reusable Class UML Diagram is incorrect. | v3 RC3 International Standing Orders page. The Reusable Class describes OBInternationalStandingOrder1 but the UML diagram represents OBWriteInternationalStandingOrder1 (the consent request object). | UML DIagram for OBInternationalStandingOrder1 isn't provided in the specification. Amend the specification in V3.1 to include the correct UML Diagram. | |
Fixed | OBSD-4752 - Getting issue details... STATUS | Minor Bug | OBActiveCurrencyAndAmount_SimpleType in the specifications is missing the Pattern: '^\d{1,13}\.\d{1,5}$'. | Account, Payment and COF Data Dictionary in the specification does not have the pattern for OBActiveCurrencyAndAmount_SimpleType defined. | The swagger definition has the correct regex pattern. For Consistency of the specs with swagger, it will be fixed in V3.1 specification. |
Fixed | OBSD-4787 - Getting issue details... STATUS | Minor Bug | "Meta" and "Links" tag in response are shown in examples but not in swagger. | To be fixed in v3.0-rc4 of the Swagger spec. | |
Fixed | OBSD-4786 - Getting issue details... STATUS | Minor Bug | Funds Confirmation Usage Examples missing meta element | Meta is a mandatory data element in the JSON response, but is missing in the example. | Specification and Swagger spec are accurate. Example will be fixed in V3.1 specification. |
Fixed | OBSD-4785 - Getting issue details... STATUS | Errata | Typo on Products/PCA Data Model and Products/BCA Data Model pages | Fix gramattical error:
Changes required in PCA Product Data Model & BCA Product Data Model. | Will be fixed in V3.1 specification. |
Fixed | Raised by OB R/W API Team | Minor Bug | Incorrect type (length) for DomesticStandingOrderId and InternationalStandingOrderId . | Payment Order Ids for Standing Orders ( | The Ids should be standardised to Max40Text for consistenc This will be fixed in v3.0-rc4 of the Swagger spec. The specification will be updated in v3.1 |
Fixed | OBSD-2303 - Getting issue details... STATUS | Minor Bug | V3 Specification specifies that Error Codes in Authorisation flow must be aligned to OAuth Error codes. | Section 3.6 of the V3 RC3 specification incorrectly specifies following:However, ASPSPs may extend the error response codes to include OIDC error responses as well. | The sentence should read: It must be changed to the following, to include a reference to OIDC Error Codes:
This will be updated in v3.1 |
Fixed | Raised by OB R/W API Team | Minor Bug | Details for PUT operations are not provided in Request Headers and HTTP Status codes sections. | The R/W Ver 3.0 specifications introduced a PUT operation for ASPSP Event Notification specification. The Request Headers and HTTP Status Codes for PUT operations should be explicity defined. | The Request Headers for PUT operations are the same as those for POST operations. The HTTP Codes for PUT operations are the same as those for DELETE operations. The tables will be updated in v3.1 to reflect the above. |
Fixed | Raised by OB R/W API Team | Errata | 'Process for verifying a signature' mislabels Step 2 as Step 1. | It will be fixed in V3.1 specification. | |
Fixed | Raised by OB R/W API Team | Minor Bug | In The 'Steps' section on the Payments specification, the description for Step 4 should be generalised for redirect as well as decoupled journeys | It should be made clear that step 4 occurs when authorisation is complete. This would apply in both the redirect and decoupled flows. It will be fixed in V3.1 specification. | |
Fixed | CDRW-2373 | Minor Bug | Incorrect Usage Examples | Self Links in Usage Examples don’t Contain Namespace | It will be fixed in V3.1 specification. |
Fixed | CDRW-2372 | Minor Bug | Incorrect Usage Examples | Missing idempotency key on Standing Order Examples | It will be fixed in V3.1 specification. |
Fixed | CDRW-2583 | Minor Bug | Incorrect Usage Examples | Incorrect Usage Example for Bulk Transactions | It will be fixed in V3.1 specification. |
Fixed | CDRW-2408 | Errata | Swagger files - ProductType field missing | The ProductType field was inadvertently left out of the swagger files for the product end-points | ProductType re-introduced. Will be fixed. v3.1 |
Fixed | CDRW-2423 | Errata | Incorrect field size for PurposeCode | The PurposeCode field for international payments is of the incorrect length (35 chars rather than the ISO enum size of 4 chars) | It will be fixed in V3.1 specification. |
Fixed | CDRW-2409 | Minor Bug | Grammar Fix | Fixed multiple instances of poor grammar and lapses of typographical diligence. | It will fix be in v3.1 specification. |
Fixed | CDRW-2582 | Errata | Transaction permissions not specified | Transaction Permissions Errata (Debtor/Creditor Agent Inconsistency) | It will be fixed in V3.1 specification. |
Fixed | CDRW-2585 | Clarification | Common base-url for all resources | State that the base-url must be the same for all resources | It will be fixed in V3.1 specification. |
Fixed | CDRW-2584 | Clarification | Improve definition of CurrencyOfTransfer | It will be fixed in V3.1 specification. | |
Fixed | CDRW-2671 | Errata | Incorrect data type for iat and toe claims | The iat and toe claims are specified as strings.These should be numeric (in keeping with the defintion of iat in the JWT RFC) | It will be fixed in V3.1 specification. |
Open | OBSD-15311 - Getting issue details... STATUS | Errata | Incorrect multiplicity for | The occurence is specified as 0..2 instead of 0..1 | This will be fixed in v3.1.6 |
Read/Write API v1.1
References:
- Account and Transaction API Specification - v1.1.0
- Payment Initiation API Specification - v1.1.0
- Open Banking Security Profile - Implementer's Draft v1.1.2
- /wiki/spaces/DZ/pages/131236509
This version of the Read/Write API Specification will be supported by all CMA9 ASPSPs from 13 Jan 2018. The following table details known issues with this version of the specification.
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Closed | CDRW-928 | Minor bug | Security Profile / Signing: Ensure we have got B64Enc v/s B64URLEnc. | In the security profile, step 3 "Form the payload to be signed " provides an example that Base64 encodes JOSE header and json. Similarly the signature that is computed in Step 4 of the documentation is highlighted in the example as Base64 encoded formatted. The RFC 7515 states that the header and json is encoded in Base64URL format and not Base64. The security profile should be updated to match RFC 7515. | ASPSPs and TPPs should be advised in the documentation to follow the RFC in this case. Fixed in v3 |
Closed | CDRW-929 | Minor bug | Links format in swagger and example on Confluence doesn't match. | The Links object in the swagger contains fields with format as URI and this can be absolute URI but the examples on confluence take in values as relative URI The standard for sending links to the consumer should be absolute URI. | ASPSPs and TPPs should be advised in the documentation to use absolute URIs. Fixed |
Open | TBC | Minor clarification | OB Security Profile has been incorrectly interpreted by an ASPSP. | Clarification to reflect that TPPs are NOT required to pass ACR values in either the requested acr_values string or inside the request object to address a possible mis-interpretation. This is a MAY and not a MUST as already stated in v1.1.0 of the specification. | No impact as long as ASPSPs and TPPs follow the existing spec. Wording will be made clearer/more explicit in next release. Security Profile Implementation Guide to be updated and published |
Closed | TBC | Minor clarification | Security Profile: Clarity on use of MA-TLS with OIDC well-known end-point. | Clarification to reflect that an ASPSP's OIDC well-known end-point MUST NOT use TLS-MA. The end-point SHOULD use TLS. | No impact on ASPSPs and TPPs that have followed the existing specification. Wording will be improved and made more explicit in the next release. Fixed Security Profile 1.1.2 |
Closed | TBC | Minor bug | Directory: The mechanism that OB uses to calculate x5t does not meet specification. | Any participant attempting to check certificates fingerprints against the x5t parameter will find validation errors. As a result of this issue, the kid field for all JWK's in the OB stores do not confirmed to the published specification where OB committed to keeping the "kid" the same as the "x5t". | Potential impact on participants that rely on x5t being correct in order to accept a jwk as valid. Any participant that is following the OB specification and dynamically calculating the appropriate kid to use when creating JWT's will reject all messages from TPPs. OB will implement a workaround for effected participants at start of managed rollout, and implement a permanent fix and update the specifications asap after 13 Jan. Fixed |
Closed | TBC | Minor clarification | Update Security Profile page in Confluence to align to version in Bitbucket | The master version of the Security Profile is held in Bitbucket. The Confluence page has not been kept up to date with changes to the master, and requires a cut-and-paste to align. | The differences are non-normative, and the master is linked in the Confluence page, but these changes should be reflected for completeness. All references are now link to the bitbucket. Fixed |
Closed | TBC | Minor clarification | Security Profile: Clarity on the use of ciphers for the PSU facing Authorization end-point | Clarification to reflect that the ASPSP's are free to support a more expansive list of TLS Ciphers on the Authorization Server Endpoint than is explicitly supported by the FAPI Read Write Security Profile section 8.6 | The differences are non TPP or ASPSP impacting as this clarification item is related to ASPSP → PSU communication link only. Will require collaboration with the OIDF FAPI Working Group. https://bitbucket.org/openid/fapi/issues/129/tls-cipher-restrictions-should-be-relaxed Fixed Security Profile 1.1.2 |
Closed | TBC | Medium Implementation bug | Directory Services: The x5t and x5t256 values of the JWKS files are being calculated incorrectly. | There's an implementation defect in the way the x5t and x5t256 values of the JWKS files are being calculated. As a result, any participant relying on these values to correlate to the corresponding certificate will not be able to match the two values. The x5c and x5u values are correct and do match the public keys in the JWK. | Only one participant so far has called this out as an impacting issue however a process has been put in place to address any JWKs manually that are utilised by a TPP. A code change will be delivered to correct this generation process as soon as possible and existing JWKS entries will be updated. Fixed |
Closed | TBC | Minor specification issue | Open Banking Security Profile: The KID for each JWK in the JWKS store isn't being calculated in the way that was indicated. | The specification for KID calculation indicates that "OBIE will keep the KID's the same as the x5t". The implementation hasn't followed this intention. The way KID is currently being calculated is the SHA1 of the JWK instead of the SHA1 of the DER Encoded Certificate. | Open Banking will not change the way KIDs are calculated but will update the specifications to reference the way KID is being generated. Fixed in directory spec |
Closed | TBC | Minor specification issue | Read/Write API Specifications: Beneficiaries endpoint does not cater for all international benficiaries | The current beneficiaries endpoint only allows for beneficiaries which have a sort code and account number or IBAN. Some international beneficiaries are identified by other local identification schemes. | Some ASPSPs will not be able to share all details for some international beneficiaries. The specification will be updated to cater for this in the next release, as a non-breaking change. Fixed |
Open | TBC | Minor specification issue | Security profile: Spec not clear that query parameters in the authorize url should be url-encoded | The examples that are referred too were created as part of the “security profile implementation guide”. They don’t appear in the security profile in bit bucket. They should be updated / corrected to reflect url encoding as per oidc cores examples. | Some ASPSPs may mis-interpret the specification. The examples will be updated in due course to make things clearer. Security Profile Implementation Guide to be updated and published |
Closed | CDRW-1206 | Minor clarification | Inconsistency between Payments and Account specification should a ASPSP reject the request with a 403 if x-fapi-financial-id is invalid. | Accounts v1,1 seems to have dropped the following line from the spec inadvertently. "If the value does not match the expected value (based on the Client ID or network certificate of the caller, the ASPSP must reject the request with a 403 (Not Authorized) status code." This is in response to https://openbanking.atlassian.net/browse/OBSD-2643 | Some ASPSP have already misinterpreted the specification and don't validate this header. Fixed |
Read/Write API v2.0
References:
This version of the Read/Write API Specification will be supported by all CMA9 ASPSPs from 7 September 2018 for CMA Order in-scope accounts. The following table details known issues with this version of the specification.
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Closed | OBSD-4103 | Errata | OB Statements - Endpoint section specifies Filtering for wrong endpoints | Filtering word should be removed from the Endpoints table for:
| Non-breaking change. The Swagger is correct for this issue, but the documentation has specified filtering on endpoints that should not apply filtering. Will be fixed in v2.1 Has been fixed in v3.0 |
Closed | TBC | Bug | OB Statements - filters missing in Swagger spec. | Filtering on statement dates is in the specification for:
However - these are missing from the Swagger spec. | Non-breaking change. TPPs may expect the ability to filter on dates to identify statements. However, this functionality is missing from the Swagger spec. Will be fixed in v2.1 Has been fixed in v3.0 |
Closed | TBC | Errata | Usage Guidance Errata | For Party Endpoint: Usage Examples for Account Owner and Authorised User - have been documented incorrectly. | Errata. Non-breaking change. Will be fixed in v2.1. Has been fixed in v3.0 |
Closed | TBC | Bug | Transactions Object Bug | Transactions object using the wrong currency exchange object. In v3, we have fixed this with the CurrencyExchange object replacing the EquivalentAmount object to describe currency exchange. | Breaking change to replace the CurrencyExchange object. ASPSPs cannot represent currency exchange information until this fix is applied. Will be fixed in v2.1 Has been fixed in v3.0 |
Closed | TBC | Errata | Address Code-LIst Errata | Updated ISO 20022 OBAddressTypeCode code from "DeliverTo" to "DeliveryTo" | Errata. Non-breaking change. Will be fixed in v2.1 Has been fixed in v3.0 |
Closed | TBC | Requested enhancements | Requested Enumerations for Use Cases |
| Will not be included in v2.1 as fix. Has been fixed in v3.0 |
Closed | OBSD-3833 | Bug | /party endpoint AddressLine - mismatch between spec and Swagger | AddressLine in Swagger is specified as a string. However - in the data dictionary is 0..5 | Non-breaking change. Will be fixed in v2.1 Has been fixed in v3.0 |
Open Data API v2.1
References:
This version of the Open Data Specification will be supported by all CMA9 ASPSPs from 13 Jan 2018 and replaces v1.x. The following table details known issues with this version of the specification.
Status | Ref | Type | Issue | Details | Impact/Mitigation |
---|---|---|---|---|---|
Open | OD-803 | Enhancement | Products: Need to split ServicingAccessChannel by individual services. | A request was made that AccessChannel be split in to:- I) SalesAccessChannel - channel(s) by which a product may be sold to a customer ii) ServicingAccessChannel - channel(s) by which an existing customer may obtain 1 or more services for a particular product. | Minor impact. Will be updated in v2.2. |
Closed | OD-826 | Minor bug | Regular Expressions (Regex), that are required to constrain values entered in to fields to a certain pattern, should be in the data dictionary as well as the Swagger. | Regex in Swagger is hard coded and there are a number of discrepancies (amount and rate fields) where these are limited to 2DP. They should be 3DP. | ASPSPs will only be able to specify amount and rates to 2 decimal places. Has been fixed in v2.2.0-rc1. |
Closed | OD-845 | Minor bug | OverdraftFeeApplicableRange section is a modelling error and should be removed from the PCA design. | OverdraftFeeApplicableRange doesn't appear in the Design at all but does appear in the swagger. | This is an optional field, so no impact. Has been fixed in v2.2.0-rc1. |
Open | OD-855 | Enhancement | PCA, BCA: Minimum Arranged Overdraft Amount. | Some banking products require an account holder to take an Arranged Overdraft of at least £x, or else a bank will not process an Arranged Overdraft request. This is potentially useful information. If, for example, an accountholder has an Arranged Overdraft of £100 currently, and a banking product that they're interested in taking requires a minimum Arranged Overdraft of £200, then they would not be able to switch their current account. | Minor impact. Will be updated in v2.2. |
Closed | OD-856 | Minor bug | All Notes fields should have a consistent cardinality 0..* | In some places cardinality is 0..1 and these should all be 0..n to allow multiple notes. | ASPSPs will have to combine notes into one field rather than separate fields. Has been fixed in v2.2.0-rc1 |
Closed | OD-857 | Minor bug | The Max256Type datatype was not correctly generated in the Swagger files. | Swagger is a string but GFEG defines 256 characters. Swagger should be changes to 256. | No impact. Has been fixed in v2.2.0-rc1 |
Closed | OD-883 | Minor bug | 3 missing fee category codes. | FeeCategoryType1Code list is missing the following fields 'Auto', | ASPSP can select other and chose one of these for now. No impact. Has been fixed in v2.2.0-rc1 |
Closed | OD-884 | Bug | Fix the way that mandatory field restrictions are generated by the Swagger generation script. | Swagger contains required tag in the wrong place, which makes the Java Json Validator https://www.jsonschemavalidator.net/ fail. | ASPSPs cannot validate using Java Json Validator, but will have to use OB Json Validation tool instead. Has been fixed in v2.2.0-rc1 |
Open | OD-973 | Minor bug | PCA, BCA, SMELoan and CCC amend spelling mistake in the codelist | There are a number of spelling mistakes in code lists (e.g. CoreProduct/ LoanApplicationFeeChargeType enumeration "NoLoanApplicationFee" is incorrectly spelt "NoLoanApplicatioFee" in swagger). | TPPs may see some values with spelling mistakes. Will be fixed in v2.2. |
Open | OD-978 | Enhancement | Enhance the Fee and charges Cap so that it can be linked with the any Fee Type. | Where there are tiered fees and charges, the current design only allows the ASPSP to use one cap across the tiers. ../OtherFeesAndCharges/FeeChargeCap unable to explicitly link to a ../OtherFeesAndCharges/FeeCharge Detail | ASPSPs can use notes field to specify complex caps. This item requires a decision as to whether it may be included in a future release. |
Open | OD-979 | Minor bug | Make the identification field optional for all section except Product ID | Some ID fields in PCA (e.g. <Product>MarketingState/Identification) are mandatory and should be optional to be consistent with BCA, SMELoans, CCC. | ASPSPs will have to populate with some value (e.g. 0). Will be fixed in v2.2. |
Open | OD-980 | Minor bug | Restriction on regular expression for Residency Included field should be removed. | For specifying the countries for which the PCA products are available/restricted to use the field ResidencyIncluded, current specification specifies it's DataType as OB_CodeMnemonic with a fixed length of 4. However, to correctly specify data values in this field, the correct DataType restriction should allow length of up to 4 and NOT fixed at 4. e.g. The value on this is expected to be 'UK' or 'EU', which would error out with the specification supplied. | ASPSPs will have to pad out the field (e.g. with spaces). Will be fixed in v2.2. |
Open | OD-981 | Minor bug | Check the possibility of changing the optional or mandatory fields as an array rather than objects. | For any fields where cardinality is 0..1, the swagger defines this as an object. For 1..1 and 1..n the swagged defines this as an array. Ideally these should all be arrays. | No impact. Will be fixed in v2.2. |
Open | OD-986 | Minor bug | Missing 'Other' code from Fee Type under overdraft fee charge details and cap section. | In PCA and BCA schema the FeeType Enum in the OverDraftFeesCharges of overdraftTierSet and OverDraftTierBand are missing the "Other" value in both OverdraftFeeChargeCap and OverdraftFeeChargeDetail. | ASPSPs can only specify fee types using the standard code list. Minor impact, as code lists are fairly comprehensive. Will be fixed in v2.2. |
Open | OD-997 | Enhancement | Add "Academic Term" in period code list. | The current code list options for: OpenBankingPCA/Brand/PCA/PCAMarketingState/StateTenurePeriod should be extended to include: AcademicTerm. | Some ASPSPs may have to use Monthly, Quarterly, Yearly for now. Minor impact. Will be updated in v2.2. |
Open | OD-1010 | Minor bug | Remove the example reference url link from the base of the API URI | Current URLs for V1.2 and the Swagger which implies a different configuration. Current example: https://openapi.nationwide.co.uk/open-banking/v1.2/atms Our assumption is we would just change the version number however Swagger suggests a new part of the URL is being added: “/reference-implementation/open-banking/v2.1” | ASPSPs should remove/replace 'reference-implementation' with their own URI. Minor impact. Will be fixed in 2.2. |
© Open Banking Limited 2019 | https://www.openbanking.org.uk/open-licence | https://www.openbanking.org.uk