swagger: '2.0' info: description: |- Aktia's PSD2 Contingency Mechanism is subset of the Aktia's Mobile Bank backend's REST API endpoints. All end points in this api require access token, which is returned from authentication end point of the Aktia's OpenAM. See separate instructions how to obtain Aktia's OpenAM acces token with valid TPP sertificate and credentials After succesfull authentication the following end points must be called in consecutive order: - 1. /api/login/details - see Login - 2. /api/login/otp/authenticate (when otp is required) - see Login - 3. /api/summary - see Summary After __successful summary call__, there are no more restrcitions on api end point call order. version: '1.0' title: Aktia's PSD2 Contingency Mechanism termsOfService: termsOfServiceUrl contact: name: Aktia host: 'ProvidedLater' basePath: / tags: - name: Login - name: Summary - name: Accounts - name: Payments paths: '/api/account/{accountId}/transactionsAndLockedEvents/transaction/{transactionId}': get: tags: - Accounts summary: Get transaction details. description: This end point provides JSON form information about a single transaction. operationId: getTransactionDetailsUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: accountId in: path description: Account id required: true type: string - name: transactionId in: path description: Transaction id required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/TransactionDetailsResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '/api/account/{id}': get: tags: - Accounts summary: Get a single account's details. description: |- This end point provides additional information about a single account. Customers in mandates list are returned in correctly sorted order for ui. operationId: getAccountDetailsUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: id in: path description: Account id required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/AccountDetailsResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '/api/account/{id}/transactionsAndLockedEvents': get: tags: - Accounts summary: Get transactions and locked events of the account. description: |- Returns locked events (katevaraukset) and transactions (tapahtumat) of the queried account. This is paging end point which may not return all results in one request. Both locked events and transactions are sorted into descending order by date (latest items first). Query starts from the beginning (latest items) when continuationKey paramater is not given. When response does not contain all data, the continuationKey property in response has a value. Query returns next batch of items when executed with continuation key from the latest response. Paging applies to transactions only. All locked events are returned in the request which does not provide continuationKey. IMPORTANT. This request returns real time balance of the account. When response is returned, the balance from this query must be shown in ui instead of the one from latest summary. Additionaly, if the balance differs from the one in latest summary, possibly cached summary data must be evicted. operationId: getTransactionsAndLockedEventsUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: id in: path description: Account id required: true type: string - name: continuationKey in: query description: Continuation key from the previous response required: false type: string responses: '200': description: OK schema: $ref: '#/definitions/TransactionsAndLockedEvents' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' /api/login/details: get: tags: - Login summary: Get details for login and user account. description: 'Must be first API function, which is called after successful authentication.' operationId: getLoginDetailsUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/LoginDetailsResponse' '400': description: Unexpected authorization problem regardless of error value. schema: $ref: '#/definitions/OpenAmErrorResponse' '401': description: Unexpected authorization problem regardless of error value. schema: $ref: '#/definitions/OpenAmErrorResponse' /api/login/otp/authenticate: post: tags: - Login summary: Authenticate using one time password. description: |- Verify that the otp code given by user is correct. Client must verify from response that otpAccepted flag is true. If the flag is false, the otp code in request was incorrect and user must be prompted for the code again. Valid otp info is always present in the response (http status 200) regardless of otpAccepted value. Important: New otp info must be used also when prompting for otp again because of incorrect otp code. operationId: authenticateUsingPOST consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - in: body name: requestBody description: otp code required: false schema: $ref: '#/definitions/OtpAuthenticationRequest' responses: '200': description: Otp authentication result. Check otpAccepted flag. schema: $ref: '#/definitions/OtpAuthenticationResponse' '401': description: Account is locked (errorCode ACCOUNT_LOCKED). schema: $ref: '#/definitions/ErrorResponse' /api/login/otp/next: get: tags: - Login summary: Get information for next otp code(one time password). operationId: getOtpInfoUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/OtpInfoResponse' '401': description: Session has expired if error is "invalid_token". User must login again. schema: $ref: '#/definitions/OpenAmErrorResponse' /api/payments: post: tags: - Payments summary: Create a new payment. description: |- Create a new payment using account number. The payment can later be confirmed using the `/api/payments/confirm` end point. Server performs additional validation for payment which may cause creation to fail. When server validations prevent payment creation, response status is 200, but `result.success` in response is `false`. Client must always verify `result.success` and show user error messages from `result.failReasons`. Message property in each fail reason contains localized error message which can be shown to user as is. When payment creation fails for server validations, only `result` property has value. When creating e-invoice agreement at the same time as the payment is confirmed, the data for the agreement is given in optional property `einvoiceAgreementCreateData` in request body. Failure in payment creation means automatically failure for e-invoice agreement also, because the e-invoice agreement data is attached to payment and cannot exist without it. Check `einvoiceAgreementResult.success` to verify how e-invoice agreement save succeeded, if the e-invoice agreement data was present in the request and payment create succeeded. Possible error(s) are listed in `einvoiceAgreementResult.failReasons` and can be displayed to user as is. IMPORTANT: * When payment create is success, but e-invoice agreement data save fails, it is not possible to try again or fix the problem, because new create operation would just create another payment and adding e-invoice agreement data via update is not allowed. * Use "\n" as new line marker in message text to embed new lines into the message. * Message text maximum length in request body model is because of new lines longer than actual maximum, which is 140. Number of new lines, which can be present in a message without consuming character count in a payment varies depending on message length, distribution of new lines and also by payment target account. Number of characters other than new lines must never exceed 140. It is, however, possible to create a payment with message containing more than 140 characters if excess is caused by new lines. For example a message containing 140 letters split evenly to 4 lines with new line markers (not counted in the character count of 140 in this case) is ok. Safest validation for the client is to limit the number of characters in message text to 140 and include new lines also in the character count. * Not all user accounts can be used for payment. Information about payment permissions is returned in response of summary end point (/api/summary). See `paymentAccounts` property of the summary response. * Future e-invoices, which are received because of an e-invoice agreement, will be paid from user's default payment account. Boolean flag `defaultPaymentAccount` in `paymentAccounts` in summary marks the account. operationId: createPaymentUsingPOST consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - in: body name: payment description: Payment data required: false schema: $ref: '#/definitions/CreatePaymentRequest' responses: '200': description: OK schema: $ref: '#/definitions/PaymentCreateResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' /api/payments/accountsInfo: get: tags: - Payments summary: Get information about own accounts for use in payments. description: Contains information about accounts which user can use when paying. Contains also account information for payments between own accounts. Same data is contained in `paymentAccounts` property of summary end point's (/api/summary) response. operationId: getAccountsInfoUsingGET consumes: - application/json produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/PaymentAccountsResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' /api/payments/confirm: post: tags: - Payments summary: Confirm a list of payments. description: | Confirm a list of payments. Data for next otp number is returned in `otpResponse.otpInfo`. Client can cache it and need not make separate query for next otp number. This is regardless of how payment confirmation succeeds. The info is available in `otpResponse.otpInfo` even if all payments are returned in `failedPayments`. Boolean property `otpResponse.otpAccepted` is `true` after successful otp verification. Property `einvoiceAgreementCreatedPaymentIds` contains ids of payments which did have e-invoice agreement data and the agreement creation succeeded. Agreement create can succeed even when confirming the payment fails. Property `failedEinvoiceAgreementsForPayments` lists the payments which have embedded e-invoice agreement data, but agreement create failed. The fail reasons in the list can be dsiplayed to user as is. If payment confirm succeeds, but e-invoice agreement create fails, the e-invoice agreement data is lost. SPECIAL ERROR CODES: * `WRONG_OTP_CODE` is set to `failReasonCode` for all payments in `failedPayments`. E-invoice agreements cannot be created either, but `failedEinvoiceAgreementsForPayments` will be empty even when optional e-invoice agreement data was present in a payment to be confirmed. Boolean property `otpResponse.otpAccepted` is `false` and the preferred method is to always check very first otp success from the flag. When prompting again otp code because of incorrect otp, client must use 'otpResponse.otpInfo.nextOtpIndex` from the failed request's response. * Response is different if request fails because of too many failed attempts with incorrect otp which has caused user account to be locked. In that case response status is 401 and errorCode in response is `ACCOUNT_LOCKED` (see Response Messages below). IMPORTANT: * If request fails and response status is 4xx or 5xx, it is possible that the given otp was accepted and current otp info in client is outdated. Client must query for currently valid otp using `GET /api/login/otp/next` and use that otp info when prompting again otp from the user. operationId: confirmPaymentsUsingPOST consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - in: body name: requestBody description: otp number and payments to confirm required: false schema: $ref: '#/definitions/PaymentsConfirmRequest' responses: '200': description: Correct otp code. Check from response that allConfirmed is true. schema: $ref: '#/definitions/PaymentsConfirmResponse' '401': description: |- When response has `errorCode="ACCOUNT_LOCKED"`, otp authentication failed and account is locked. Api usage in current session is locked. User must logout and login again. Same response status is possible also when session expires and the access token is no longer valid. Response has `error="invalid_token"`. **Important**: There are two alternative models for response: * Error responses from mobile gateway server have properties `errorCode` and `message`. The response model which is shown here is the response from mobile gateway server. * Session expiration response originates from OpenIG, which processes all requests before they reach mobile gateway server and that response has properties `error` and `error_description`. schema: $ref: '#/definitions/SwaggerAccountLockedOtpErrorResponse' /api/payments/ibanInfo: get: tags: - Payments summary: Query information about iban. description: 'Begin the process for a new payment using an account number by providing the account number''s IBAN for a BIC check. Required data for the next step of the process will be provided as the return value. ' operationId: checkIbanUsingGET consumes: - application/json produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: iban in: query description: iban required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/IbanInfoResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '/api/payments/{id}': get: tags: - Payments summary: Get details for one payment. description: |- Provides details about one payment. Details cannot be queried for payments having payment type code `FOREIGN_PAYMENT` or `OTHER_PAYMENT`. If queried, response is not found (404). Non null optional `einvoiceAgreementCreateData` property in the response implies that an e-invoice agreement will be created when the payment is successfully confirmed. operationId: getPaymentDetailsUsingGET consumes: - application/json produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: id in: path description: id required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/PaymentDetailsResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '404': description: Payment is not found or details are not available for this kind of payment (`FOREIGN_PAYMENT` or `OTHER_PAYMENT`). schema: $ref: '#/definitions/ErrorResponse' put: tags: - Payments summary: Update existing payment. description: | Update already existing payment. Server performs additional validation for update which may cause it to fail. When server validations prevent payment update, response status is 200, but `result.success` in response is `false`. Client must always verify `result.success` and show user error messages from `result.failReasons`. Message property in each fail reason contains localized error message which can be shown to user as is. When payment update fails for server validations, `lastModifiedAt` is not returned in the response. Fail reason code `REFRESH.TO.ACPT.CHGS` means that payment has been updated at backend after it was queried by client. When result contains that code, client must query payment details again before repeating update attempt, because update requests will not succeed with the outdated payment object (specifically having incorrect `lastModifiedAt` property in update request). This end point updates optional e-invoice agreement create data also in an unconfirmed payment. The agreement data cannot be added afterwards into an already existing payment. It must be present in the payment data which was queried from server for updating using end point `GET /api/payments/{id}`. Update results for the agreement are returned in property `einvoiceAgreementResult` and it is present in the response when the payment did have embedded agreement data before update. E-invoice agreement update can succeed or fail regardless of the outcome of payment update. If payment repetition is not updated, it can be omitted from the request. Single payment (repetition code `ONCE`) cannot be updated to repeating payment. MESSAGE TEXT: * Use "\n" as new line marker in message text to embed new lines into the message. * Message text maximum length in request body model is because of new lines longer than actual maximum, which is 140. Number of new lines, which can be present in a message without consuming character count in a payment varies depending on message length, distribution of new lines and also by payment target account. Number of characters other than new lines must never exceed 140. It is, however, possible to create a payment with message containing more than 140 characters if excess is caused by new lines. For example a message containing 140 letters split evenly to 4 lines with new line markers (not counted in the character count of 140 in this case) is ok. Safest validation for the client is to limit the number of characters in message text to 140 and include new lines also in the character count. Property `otpCode` in request is mandatory when payment status is anything else than `unconfirmed`. Response contains `otpResponse` property only when otpCode was given in request. IMPORTANT: * When request fails because of incorrect otp code, `otpResponse.otpAccepted` in response is `false`. Additionally `result.success` is `false` and `failReasons` in `result` contains single fail reason having `code` value ´WRONG_OTP_CODE` and localized `message` which can be shown to user. * Preferred property to check if otp was correct, is `otpResponse.otpAccepted`. * If request fails and response status is 4xx or 5xx, it is possible that the given otp was accepted and current otp info in client is outdated. Client must query for currently valid otp using `GET /api/login/otp/next` and use that otp info when prompting again otp from the user. operationId: updatePaymentUsingPUT consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - in: body name: payment description: Payment data required: false schema: $ref: '#/definitions/UpdatePaymentRequest' - name: id in: path description: id required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/PaymentUpdateResponse' '400': description: Request validation error. schema: $ref: '#/definitions/BadRequestResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '404': description: Payment not found. schema: $ref: '#/definitions/ErrorResponse' delete: tags: - Payments summary: Delete existing payment. description: | Delete payment. Server performs additional validation for deletion which may cause it to fail. When server validations prevent payment deletion, response status is 200, but `result.success` in response is false. Client must always verify `result.success` and show user error messages from `result.failReasons`. Message property in each fail reason contains localized error message which can be shown to user as is. Fail reason code `REFRESH.TO.ACPT.CHGS` means that payment has been updated at backend after it was queried by client. When result contains that code, client must query payment details again before repeating deletion attempt, because payment deletion will not succeed with the outdated payment object (specifically having incorrect `lastModifiedAt` parameter in the request). Request parameter `otpCode`is mandatory when payment status is anything else than `unconfirmed`. Response contains `otpResponse` property only when otpCode was given in request. IMPORTANT: * When request fails because of incorrect otp code, `otpResponse.otpAccepted` in response is `false`. Additionally `result.success` is `false` and `failReasons` in `result` contains single fail reason having `code` value ´WRONG_OTP_CODE` and localized `message` which can be shown to user. * Preferred property to check if otp was correct, is `otpResponse.otpAccepted`. * If request fails and response status is 4xx or 5xx, it is possible that the given otp was accepted and current otp info in client is outdated. Client must query for currently valid otp using `GET /api/login/otp/next` and use that otp info when prompting again otp from the user. operationId: deletePaymentUsingDELETE consumes: - application/json produces: - application/json;charset=UTF-8 parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string - name: id in: path description: id required: true type: string - name: lastModifiedAt in: query description: Must be the payments lastModifiedAt property as is. required: true type: string - name: otpCode in: query description: Mandatory when payment status is anything else than `unconfirmed`. required: false type: string responses: '200': description: OK schema: $ref: '#/definitions/PaymentDeleteResponse' '400': description: Mandatory otpCode parameter is missing. schema: $ref: '#/definitions/BadRequestResponse' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' '404': description: Payment not found. schema: $ref: '#/definitions/ErrorResponse' /api/summary: get: tags: - Summary summary: Returns summary of customer's accounts. description: |- Purpose of this function is to provide principal mandatory data for home view. Accounts are pre-sorted into correct order for viewing in accountSummary.accountSummaryList property of the response. Each account item in the list does have sortingOrder property, but performing sort based on the property does not change the order. Not all accounts are allowed for payments and/or own transfer. Additional lists inside paymentAccounts property of the response contain allowed accounts for payments, allowed accounts for own transfer source and finally allowed accounts for own transfer target. IMPORTANT: All three lists in paymentAccounts are sorted to the order in which they must be shown to user when user is selecting account for payment, own transfer source or own transfer target. operationId: getSummaryUsingGET consumes: - application/json produces: - application/json parameters: - name: Authorization in: header description: 'Value must contain token type and access token from openAM authentication. Given token ''xxx-xxx'' and token type ''Bearer'', the correct header would be ''Authorization: Bearer xxx-xxx''' required: true type: string - name: Accept-Language in: header description: 'Language of the response for string properties, which are meant to be shown to user. Value must be ''fi'', ''sv'' or ''en''. Value ''en'' will be used if header is missing or has unsupported value.' required: true type: string responses: '200': description: OK schema: $ref: '#/definitions/Summary1Response' '401': description: 'When error is "invalid_token", user session has expired. User must login again.' schema: $ref: '#/definitions/Generic401ErrorModel' definitions: PaymentRepetition: type: object required: - repetitionCode properties: duration: $ref: '#/definitions/RepetitionDuration' repetition: type: string repetitionCode: type: string enum: - ONCE - DAILY - WEEKLY - EVERY_TWO_WEEKS - MONTHLY - MONTHLY_LAST_WEEKDAY - EVERY_TWO_MONTHS - QUARTERLY - EVERY_SIX_MONTHS - YEARLY - UNKNOWN FailReason: type: object required: - code - message properties: code: type: string message: type: string FabOperationInfo: type: object required: - fabOperation - fabOperationCode properties: fabOperation: type: string fabOperationCode: type: string enum: - COPY_IBAN - OWN_TRANSFER - NEW_PAYMENT - EDIT_PAYMENT - DELETE_PAYMENT PaymentUpdateResponse: type: object required: - result properties: einvoiceAgreementResult: $ref: '#/definitions/ApiOperationResult' lastModifiedAt: type: string example: 'This is needed as is for payment update, delete and confirm' otpResponse: $ref: '#/definitions/OtpAuthenticationResponse' paymentId: type: string result: $ref: '#/definitions/ApiOperationResult' savePaymentTemplateResult: $ref: '#/definitions/ApiOperationResult' IbanInfoResponse: type: object required: - einvoiceAgreementPossible - fastForwardPossible - iban - sepaPaymentPossible properties: bic: type: string einvoiceAgreementPossible: type: boolean einvoiceIban: type: string fastForwardIban: type: string fastForwardPossible: type: boolean iban: type: string sepaPaymentPossible: type: boolean PaymentDeleteResponse: type: object required: - paymentId - result properties: otpResponse: $ref: '#/definitions/OtpAuthenticationResponse' paymentId: type: string result: $ref: '#/definitions/ApiOperationResult' PaymentsConfirmRequest: type: object required: - otpCode - payments properties: otpCode: type: string pattern: '[0-9]+' payments: type: array items: $ref: '#/definitions/PaymentToConfirm' PaymentAccountInfo: type: object required: - balance - defaultPaymentAccount - iban - id - name properties: balance: type: number defaultPaymentAccount: type: boolean iban: type: string id: type: string name: type: string CreatePaymentRecipient: type: object required: - bic - iban - name properties: bic: type: string pattern: '([A-Za-z0-9]{4})([A-Za-z]{2})([A-Za-z0-9]{2})([A-Za-z0-9]{3})?' iban: type: string name: type: string minLength: 0 maxLength: 70 PaymentDetailsResponse: type: object required: - amount - dueDate - fabInfo - fastForward - id - lastModifiedAt - operations - payer - paymentSourceCode - paymentStatus - paymentStatusCode - paymentType - paymentTypeCode - receipt - recipient - repetetion - uiGuidance properties: amount: type: number example: 123.45 dueDate: type: string format: date-time example: '2016-01-01' fabInfo: $ref: '#/definitions/FabResponse' fastForward: type: boolean fastForwardIban: type: string id: type: string lastModifiedAt: type: string example: Client must keep this as is messageText: type: string operations: $ref: '#/definitions/PaymentOperations' payer: $ref: '#/definitions/PaymentPayer' paymentSourceCode: type: string enum: - CUSTOMER - BANKING_SYSTEM - BRANCH_OFFICE - E_INVOICE - INCOMING_SDD - AKTIA_NAMS - EXTERNAL - OTHER paymentStatus: type: string paymentStatusCode: type: string enum: - FAILED - REJECTED_UNCOVERED - UNCOVERED - DUE - UNCONFIRMED paymentStatusDescription: type: string paymentType: type: string paymentTypeCode: type: string enum: - EINVOICE - SINGLE_PAYMENT - RECURRING_PAYMENT - SEPA_DIRECT_DEBIT - DIRECT_PAYMENT - FOREIGN_PAYMENT - OTHER_PAYMENT receipt: type: boolean recipient: $ref: '#/definitions/PaymentRecipient' referenceNumber: type: string repetetion: $ref: '#/definitions/PaymentRepetition' uiGuidance: $ref: '#/definitions/PaymentUiGuidance' AccountParty: type: object required: - customerTypeCode - name - roleCode properties: customerTypeCode: type: string enum: - PRIVATE - CORPORATE name: type: string roleCode: type: string enum: - PRIMARY_OWNER - OTHER OtpAuthenticationResponse: type: object required: - otpAccepted properties: otpAccepted: type: boolean otpInfo: $ref: '#/definitions/OtpInfoResponse' OtpAuthenticationRequest: type: object required: - otpCode properties: otpCode: type: string pattern: '[0-9]+' Generic401ErrorModel: type: object properties: error: type: string example: invalid_token error_description: type: string example: Technical description - do not show in ui. AccountBaseInfo: type: object required: - balance - bic - iban - id - name - primaryOwnerName properties: balance: type: number example: 123.45 bic: type: string iban: type: string id: type: string name: type: string primaryOwnerName: type: string AccountDetailsResponse: type: object required: - balance - bic - iban - id - mandates - name - primaryOwnerName properties: balance: type: number example: 123.45 bic: type: string iban: type: string id: type: string mandates: type: array items: $ref: '#/definitions/AccountMandate' name: type: string primaryOwnerName: type: string AccountSummaryItem: type: object required: - accountType - balance - balanceTotal - bic - duePaymentsTotal - fabInfo - hideFromSummary - iban - id - name - parties - primaryOwnerName - sortingOrder properties: accountType: $ref: '#/definitions/AccountType' balance: type: number example: 123.45 balanceTotal: type: number example: 123.45 bic: type: string duePaymentsTotal: type: number example: 123.45 description: 'Total value cannot be calculated, if this is missing or empty.' fabInfo: $ref: '#/definitions/FabResponse' hideFromSummary: type: boolean iban: type: string id: type: string name: type: string parties: type: array items: $ref: '#/definitions/AccountParty' primaryOwnerName: type: string sortingOrder: type: integer format: int32 UpdatePaymentRecipient: type: object required: - name properties: name: type: string minLength: 0 maxLength: 70 OtpChallenge: type: object required: - otpInfo - otpRequired - readMessagesWithoutOtp properties: otpInfo: $ref: '#/definitions/OtpInfoResponse' otpRequired: type: boolean readMessagesWithoutOtp: type: boolean PaymentCreateResponse: type: object required: - result properties: einvoiceAgreementResult: $ref: '#/definitions/ApiOperationResult' lastModifiedAt: type: string example: 'This is needed as is for payment update, delete and confirm' paymentId: type: string result: $ref: '#/definitions/ApiOperationResult' savePaymentTemplateResult: $ref: '#/definitions/ApiOperationResult' TransactionDetailsResponse: type: object required: - account - transaction properties: account: $ref: '#/definitions/AccountBaseInfo' transaction: $ref: '#/definitions/TransactionDetails' StorePaymentPayer: type: object required: - accountId properties: accountId: type: string anotherPayerName: type: string minLength: 0 maxLength: 70 PaymentOperations: type: object required: - confirmEnabled - deleteAllowed - editAllowed - einvoicingPossible properties: confirmEnabled: type: boolean confirmNotice: type: string deleteAllowed: type: boolean deleteNotice: type: string editAllowed: type: boolean editNotice: type: string einvoicingNotice: type: string einvoicingPossible: type: boolean FailedObjectReason: type: object required: - failReason - failReasonCode - id properties: failReason: type: string failReasonCode: type: string id: type: string RepetitionDuration: type: object required: - untilFurtherNotice properties: repetitionEndDate: type: string example: 2017-7-12 untilFurtherNotice: type: boolean OtpInfoResponse: type: object required: - currentOtpCard - fixedOtpCard - nextOtpIndex properties: currentOtpCard: type: string example: H0012345 fixedOtpCard: type: boolean example: false nextOtpCard: type: string example: H0098765 nextOtpIndex: type: string TermsAcceptanceInfo: type: object required: - mustAcceptTerms properties: mustAcceptTerms: type: boolean CustomerServiceInfo: type: object properties: openHours: type: string phone: type: string serviceClass: type: string LockedEvent: type: object required: - amount - description - eventName - fromDate - id - toDate properties: amount: type: number example: 123.45 description: type: string eventName: type: string fromDate: type: string format: date-time example: '2016-01-01' id: type: string toDate: type: string format: date-time example: '2016-01-01' PaymentPayer: type: object required: - accountId properties: accountId: type: string accountName: type: string anotherPayerName: type: string minLength: 0 maxLength: 70 bic: type: string iban: type: string payerName: type: string FabResponse: type: object required: - fabOperations properties: fabOperations: type: array items: $ref: '#/definitions/FabOperationInfo' Advisor: type: object properties: advisorServiceClass: type: string name: type: string phone: type: string ErrorResponse: type: object properties: errorCode: type: string example: NOT_FOUND enum: - INVALID_ACCESS_TOKEN_MOCK - UNEXPECTED_LOGIN_ERROR_MOCK - INVALID_AUTHENTICATION_MOCK - INVALID_CREDENTIALS_MOCK - PARAMETER_MISSING_MOCK - TOO_MANY_REQUESTS_MOCK - ACCOUNT_LOCKED_MOCK - UNAUTHORIZED - UNEXPECTED_ERROR - REQUEST_ERROR - SERVER_CONFIGURATION_ERROR - CANNOT_PARSE_ACCESS_TOKEN - INVALID_SESSION_START - WRONG_OTP_CODE - ACCOUNT_LOCKED - OTP_AUTHENTICATION_REQUIRED - MUST_UPDATE_PASSWORD - MUST_ACCEPT_TERMS - MUST_WAIT_SUMMARY_TO_SUCCEED - UNKNOWN_ID - NOT_FOUND - UNSUPPORTED_MEDIA_TYPE message: type: string example: Technical message which is not intended for application user. UpdatePaymentRequest: type: object required: - amount - dueDate - lastModifiedAt - payer - recipient properties: amount: type: number example: 123.45 dueDate: type: string format: date-time example: '2016-01-01' lastModifiedAt: type: string example: Client must keep this as is messageText: type: string minLength: 0 maxLength: 160 otpCode: type: string payer: $ref: '#/definitions/StorePaymentPayer' recipient: $ref: '#/definitions/UpdatePaymentRecipient' referenceNumber: type: string repetetion: $ref: '#/definitions/CreatePaymentRepetition' AccountSummary: type: object required: - accountSummaryList properties: accountSummaryList: type: array items: $ref: '#/definitions/AccountSummaryItem' PaymentToConfirm: type: object required: - lastModifiedAt - paymentId properties: lastModifiedAt: type: string example: Must be the value from server paymentId: type: string PaymentAccountsResponse: type: object required: - ownTransferFromAccounts - ownTransferToAccounts - paymentAccounts properties: ownTransferFromAccounts: type: array items: $ref: '#/definitions/PermittedAccountInfo' ownTransferToAccounts: type: array items: $ref: '#/definitions/PermittedAccountInfo' paymentAccounts: type: array items: $ref: '#/definitions/PaymentAccountInfo' TransactionInformation: type: object required: - amount - bookingDate - receiverOrPayerName - transactionId - transactionType properties: amount: type: number example: 123.45 bookingDate: type: string format: date-time example: '2016-01-01' message: type: string receiverOrPayerName: type: string reference: type: string transactionId: type: string transactionType: type: string PermittedAccountInfo: type: object required: - balance - iban - id - name properties: balance: type: number iban: type: string id: type: string name: type: string LoginDetailsResponse: type: object required: - domainSettings - otpChallenge - termsAcceptanceInfo - userAccountInfo properties: domainSettings: $ref: '#/definitions/DomainSettings' otpChallenge: $ref: '#/definitions/OtpChallenge' termsAcceptanceInfo: $ref: '#/definitions/TermsAcceptanceInfo' userAccountInfo: $ref: '#/definitions/UserAccountInfo' PaymentRecipient: type: object required: - name properties: bic: type: string iban: type: string name: type: string Summary1Response: type: object required: - accountSummary - frontPageHighlight - paymentAccounts - paymentsTodoItemCount properties: accountSummary: $ref: '#/definitions/AccountSummary' frontPageHighlight: $ref: '#/definitions/FrontPageHighlight' paymentAccounts: $ref: '#/definitions/PaymentAccountsResponse' paymentsTodoItemCount: type: integer format: int32 CreatePaymentRepetition: type: object required: - repetitionCode properties: duration: $ref: '#/definitions/RepetitionDuration' repetitionCode: type: string enum: - ONCE - DAILY - WEEKLY - EVERY_TWO_WEEKS - MONTHLY - MONTHLY_LAST_WEEKDAY - EVERY_TWO_MONTHS - QUARTERLY - EVERY_SIX_MONTHS - YEARLY - UNKNOWN PaymentUiGuidance: type: object required: - dueDateExpired properties: dueDateExpired: type: boolean dueDateNotice: type: string OpenAmErrorResponse: type: object required: - error - error_description properties: error: type: string error_description: type: string PaymentsConfirmResponse: type: object required: - confirmedPaymentIds - einvoiceAgreementCreatedPaymentIds - failedEinvoiceAgreementsForPayments - failedPayments - otpResponse properties: confirmedPaymentIds: type: array items: type: string einvoiceAgreementCreatedPaymentIds: type: array items: type: string failedEinvoiceAgreementsForPayments: type: array items: $ref: '#/definitions/FailedObjectReason' failedPayments: type: array items: $ref: '#/definitions/FailedObjectReason' otpResponse: $ref: '#/definitions/OtpAuthenticationResponse' TransactionsAndLockedEvents: type: object required: - account - lockedEvents - transactions properties: account: $ref: '#/definitions/AccountBaseInfo' continuationKey: type: string lockedEvents: type: array items: $ref: '#/definitions/LockedEvent' transactions: type: array items: $ref: '#/definitions/TransactionInformation' BadRequestResponse: type: object properties: errorCode: type: string example: REQUEST_ERROR enum: - INVALID_ACCESS_TOKEN_MOCK - UNEXPECTED_LOGIN_ERROR_MOCK - INVALID_AUTHENTICATION_MOCK - INVALID_CREDENTIALS_MOCK - PARAMETER_MISSING_MOCK - TOO_MANY_REQUESTS_MOCK - ACCOUNT_LOCKED_MOCK - UNAUTHORIZED - UNEXPECTED_ERROR - REQUEST_ERROR - SERVER_CONFIGURATION_ERROR - CANNOT_PARSE_ACCESS_TOKEN - INVALID_SESSION_START - WRONG_OTP_CODE - EINVOICE_AGREEMENT_CREATE_FAILED - ACCOUNT_LOCKED - OTP_AUTHENTICATION_REQUIRED - MUST_UPDATE_PASSWORD - MUST_ACCEPT_TERMS - MUST_WAIT_SUMMARY_TO_SUCCEED - UNKNOWN_ID - NOT_FOUND - UNSUPPORTED_MEDIA_TYPE message: type: string example: Technical message which is not intended for application user. DomainSettings: type: object required: - ownTransferWithoutOtp - pinTouchActivationAvailable properties: ownTransferWithoutOtp: type: boolean example: false pinTouchActivationAvailable: type: boolean example: false pinTouchTermsPdfUrl: type: string PaymentSummary: type: object required: - amount - dueDate - einvoiceAgreementCreateDataPresent - fromAccount - id - lastModifiedAt - operations - paymentStatus - paymentStatusCode - paymentType - paymentTypeCode - title - uiGuidance properties: amount: type: number example: 123.45 currency: type: string dueDate: type: string format: date-time example: '2016-01-19' einvoiceAgreementCreateDataPresent: type: boolean fromAccount: type: string fromAccountIban: type: string id: type: string lastModifiedAt: type: string example: Client must keep this as is message: type: string operations: $ref: '#/definitions/PaymentOperations' payerName: type: string paymentCategory: type: string paymentStatus: type: string example: Katteeton paymentStatusCode: type: string example: UNCOVERED enum: - FAILED - REJECTED_UNCOVERED - UNCOVERED - DUE - UNCONFIRMED paymentType: type: string example: E-lasku paymentTypeCode: type: string example: EINVOICE enum: - EINVOICE - SINGLE_PAYMENT - RECURRING_PAYMENT - SEPA_DIRECT_DEBIT - DIRECT_PAYMENT - FOREIGN_PAYMENT - OTHER_PAYMENT recipientBankBic: type: string recipientName: type: string referenceNumber: type: string title: type: string toIban: type: string uiGuidance: $ref: '#/definitions/PaymentUiGuidance' UserAccountInfo: type: object required: - accountLocked - customerName - customerType - passwordUpdateRequired - updateOrCreateKYCInfo properties: accountLocked: type: boolean customerName: type: string customerServiceInfo: $ref: '#/definitions/CustomerServiceInfo' customerType: type: string enum: - PERSON - CORPORATE passwordUpdateRequired: type: boolean personalAdvisor: $ref: '#/definitions/Advisor' updateOrCreateKYCInfo: type: boolean AccountMandate: type: object required: - customerName properties: customerId: type: string customerName: type: string CreatePaymentRequest: type: object required: - amount - dueDate - fastForward - payer - receipt - recipient - repetetion properties: amount: type: number example: 123.45 dueDate: type: string format: date-time example: '2016-01-01' fastForward: type: boolean messageText: type: string minLength: 0 maxLength: 160 newTemplate: type: boolean payer: $ref: '#/definitions/StorePaymentPayer' receipt: type: boolean recipient: $ref: '#/definitions/CreatePaymentRecipient' referenceNumber: type: string repetetion: $ref: '#/definitions/CreatePaymentRepetition' templateName: type: string SwaggerAccountLockedOtpErrorResponse: type: object properties: errorCode: type: string example: ACCOUNT_LOCKED enum: - INVALID_ACCESS_TOKEN_MOCK - UNEXPECTED_LOGIN_ERROR_MOCK - INVALID_AUTHENTICATION_MOCK - INVALID_CREDENTIALS_MOCK - PARAMETER_MISSING_MOCK - TOO_MANY_REQUESTS_MOCK - ACCOUNT_LOCKED_MOCK - UNAUTHORIZED - UNEXPECTED_ERROR - REQUEST_ERROR - SERVER_CONFIGURATION_ERROR - CANNOT_PARSE_ACCESS_TOKEN - INVALID_SESSION_START - WRONG_OTP_CODE - EINVOICE_AGREEMENT_CREATE_FAILED - ACCOUNT_LOCKED - OTP_AUTHENTICATION_REQUIRED - MUST_UPDATE_PASSWORD - MUST_ACCEPT_TERMS - MUST_WAIT_SUMMARY_TO_SUCCEED - UNKNOWN_ID - NOT_FOUND - UNSUPPORTED_MEDIA_TYPE message: type: string example: Technical message which is not intended for application user. TransactionDetails: type: object required: - amount - bookingDate - transactionId - transactionType - valueDate properties: amount: type: number example: 123.45 anotherPayerName: type: string archiveId: type: string bookingDate: type: string format: date-time example: '2016-01-01' einvoicingPossibility: type: boolean message: type: string payerAccount: type: string payerBic: type: string payerName: type: string receiverAccount: type: string receiverBic: type: string receiverName: type: string reference: type: string transactionDate: type: string format: date-time example: '2016-01-01' transactionId: type: string transactionType: type: string valueDate: type: string format: date-time example: '2016-01-01' AccountType: type: object properties: accountType: type: string categoryCode: type: string enum: - CURRENT_ACCOUNT - SAVINGS_ACCOUNT - ASP_ACCOUNT - OTHER longTermSavings: type: boolean productCode: type: string ApiOperationResult: type: object required: - successful properties: failReasons: type: array items: $ref: '#/definitions/FailReason' successful: type: boolean FrontPageHighlight: type: object required: - showHighlight properties: id: type: string description: Is not null when showHighlight is true idType: type: string description: Is not null when showHighlight is true enum: - ACCOUNT - PAYMENT - TRANSACTION - EINVOICE - CUSTOMER showHighlight: type: boolean totalAmount: type: number example: 123.45 description: Is not null when showHighlight is true