diff --git a/docs/archive/standards-1.5.1/LICENCE b/docs/archive/standards-1.5.1/LICENCE
new file mode 100644
index 00000000..1bc87155
--- /dev/null
+++ b/docs/archive/standards-1.5.1/LICENCE
@@ -0,0 +1,9 @@
+
Unless otherwise stated, all specifications and downloadable reference applications are subject to this MIT Open Licence.
+
MIT Licence
+
Copyright 2018 Data61
+
+
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/docs/archive/standards-1.5.1/README b/docs/archive/standards-1.5.1/README
new file mode 100644
index 00000000..618d7756
--- /dev/null
+++ b/docs/archive/standards-1.5.1/README
@@ -0,0 +1,30 @@
+
Consumer Data Right Standards
+
This repository contains the binding API Standards and Information Security profile created in response to the Consumer Data Right legislation and the subsequent regulatory rules. The purpose of the Consumer Data Right regime is to give Australians greater control over their data and is intended to apply sector by sector across the whole Australian economy.
Data Standards Body Web Site - Contains additional informaiton on the CDR and the DSB as well as notifications of the latest developments in the regime.
+
Formal Standards Site - The published contents of the standards in this repository. This is the formal documentation of the binding standards.
+
CDR Register Design Documentation - The documentation for the CDR Register which is a core piece of infrastructure that facilitates the operation of the CDR regime.
+
+
Contributing To The Standards
+
Consultation on the standards as they evolve is performed transparently with any interested contributor invited to participate in accordance with the rules of engagement described below.
+
+
There are a number ofways to contribute to these standards:
+
+
+
Issues posted on this repository - The issues posted on this repository are used for formal consultation of specific decision proposals that are to be considered by the Data Standards Chair. These decisions constitute significant changes to the standards and are raised as required. These issues constitute an audit trail of the decisions taken by the Data Standards Chair. As this is the case it is requested that contributors do not raise new issues and instead contribute comments to the issues created by the DSB.
+
The standards maintenance repository - This repository is used to manage minor changes to established aspects of the standards. Contributors are encouraged to raise new issues in this repository that will then be prioritised for resolution in a series of multi-week iterations. Outcomes of these iterations will then be submitted to the Data Standards Chair for approval on this repository as a decision. The Consumer Data Right Support Portal is the preferred way to search for answers, raise questions and request clarification of the standards.
+
Via Email - If you would like to submit a confidential question or item of feedback, or if GitHub feels unfamiliar, the DSB welcome email correspondence related to the standards and the standards development process.
+
+
Rules of engagement for this repository
+
We're committed to undertaking conversations relating to the technical standards in the open. Questions or comments that participants might ask us via email or private message are likely to be questions or comments other participants have as well. Our answers will be of interest to everyone. There are likely to be experiences and lessons everybody working in this ecosystem can learn from. Having these conversations transparently helps us reduce duplication, resolve issues faster and keep everyone up to date with the conversation.
In addition, it would be appreciated if the following rules are adhered to when commenting or contributing:
+* Please provide a single, considered response to each proposal covering all feedback concerning the proposal.
+* For transparency, if you work at or are associated with an organisation with an interest in the standards, please indicate this in your response.
+* Please ensure you are aware of and compliant with any social media guidelines or internal processes for response set by your organisation before providing feedback.
+* Please refrain from initiating new issues or pull requests in this repository due to the need for formal approval of all aspects of the standards
diff --git a/docs/archive/standards-1.5.1/docs/fonts/slate.eot b/docs/archive/standards-1.5.1/docs/fonts/slate.eot
new file mode 100755
index 00000000..13c4839a
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/fonts/slate.eot differ
diff --git a/docs/archive/standards-1.5.1/docs/fonts/slate.svg b/docs/archive/standards-1.5.1/docs/fonts/slate.svg
new file mode 100644
index 00000000..5f349823
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/fonts/slate.svg
@@ -0,0 +1,14 @@
+
+
+
diff --git a/docs/archive/standards-1.5.1/docs/fonts/slate.ttf b/docs/archive/standards-1.5.1/docs/fonts/slate.ttf
new file mode 100755
index 00000000..ace9a46a
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/fonts/slate.ttf differ
diff --git a/docs/archive/standards-1.5.1/docs/fonts/slate.woff b/docs/archive/standards-1.5.1/docs/fonts/slate.woff
new file mode 100755
index 00000000..1e72e0ee
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/fonts/slate.woff differ
diff --git a/docs/archive/standards-1.5.1/docs/fonts/slate.woff2 b/docs/archive/standards-1.5.1/docs/fonts/slate.woff2
new file mode 100755
index 00000000..7c585a72
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/fonts/slate.woff2 differ
diff --git a/docs/archive/standards-1.5.1/docs/images/clientCredentialsSequence.png b/docs/archive/standards-1.5.1/docs/images/clientCredentialsSequence.png
new file mode 100644
index 00000000..a2de4c28
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/clientCredentialsSequence.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/favicon.ico b/docs/archive/standards-1.5.1/docs/images/favicon.ico
new file mode 100644
index 00000000..bd624802
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/favicon.ico differ
diff --git a/docs/archive/standards-1.5.1/docs/images/holderDomain.png b/docs/archive/standards-1.5.1/docs/images/holderDomain.png
new file mode 100644
index 00000000..d2bbfdfc
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/holderDomain.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/logo.png b/docs/archive/standards-1.5.1/docs/images/logo.png
new file mode 100755
index 00000000..36c2504e
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/logo.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/logoSanta.png b/docs/archive/standards-1.5.1/docs/images/logoSanta.png
new file mode 100644
index 00000000..23253af8
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/logoSanta.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/navbar.png b/docs/archive/standards-1.5.1/docs/images/navbar.png
new file mode 100755
index 00000000..df38e90d
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/navbar.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/redirPartA.png b/docs/archive/standards-1.5.1/docs/images/redirPartA.png
new file mode 100644
index 00000000..f6824ed2
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/redirPartA.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/redirPartB.png b/docs/archive/standards-1.5.1/docs/images/redirPartB.png
new file mode 100644
index 00000000..6addc5e8
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/redirPartB.png differ
diff --git a/docs/archive/standards-1.5.1/docs/images/redirPartC.png b/docs/archive/standards-1.5.1/docs/images/redirPartC.png
new file mode 100644
index 00000000..2e920979
Binary files /dev/null and b/docs/archive/standards-1.5.1/docs/images/redirPartC.png differ
diff --git a/docs/archive/standards-1.5.1/docs/includes/archives b/docs/archive/standards-1.5.1/docs/includes/archives
new file mode 100644
index 00000000..59c53995
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/archives
@@ -0,0 +1,71 @@
+
Archives
+
The following table lists archived versions of the Consumer Data Standards. These are older versions of the standards that are available for reference only. They are not considered binding.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
This end point allows the ACCC to obtain operational statistics from the Data Holder on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime.
+
+
NOTE: This version must be implemented by July 31st 2021
The period of metrics to be requested. Values can be CURRENT (meaning metrics for current day), HISTORIC (meaning metrics for previous days or months) or ALL. If absent the default is ALL.
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
The action to take for the meta data. At the moment the only option is REFRESH which requires the data holder to call the ACCC to refresh meta data as soon as practicable
Percentage availability of the CDR platform over time
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentMonth
+
number
+
conditional
+
none
+
Percentage availability of the CDR platform so far for the current calendar month. 0.0 means 0%. 1.0 means 100%.
+
+
+
previousMonths
+
[number]
+
conditional
+
none
+
Percentage availability of the CDR platform for previous calendar months. The first element indicates the last month and so on. A maximum of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%.
Percentage of calls within the performance thresholds
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentDay
+
number
+
conditional
+
none
+
Percentage of calls within the performance threshold for the current day. 0.0 means 0%. 1.0 means 100%
+
+
+
previousDays
+
[number]
+
conditional
+
none
+
Percentage of calls within the performance threshold for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available. 0.0 means 0%. 1.0 means 100%
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
A tokenised identifier for the account which is unique but not shareable
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Some general notes that apply to all end points that retrieve transactions:
+
+
+
Where multiple transactions are returned, transactions should be ordered according to effective date in descending order
+
As the date and time for a transaction can alter depending on status and transaction type two separate date/times are included in the payload. There are still some scenarios where neither of these time stamps is available. For the purpose of filtering and ordering it is expected that the data holder will use the “effective” date/time which will be defined as:
+
+
+
Posted date/time if available, then
+
Execution date/time if available, then
+
A reasonable date/time nominated by the data holder using internal data structures
+
+
For transaction amounts it should be assumed that a negative value indicates a reduction of the available balance on the account while a positive value indicates an increase in the available balance on the account
+
For aggregated transactions (ie. groups of sub transactions reported as a single entry for the account) only the aggregated information, with as much consistent information accross the subsidiary transactions as possible, is required to be shared
Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type
Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type
Filter transactions to only transactions with amounts less than or equal to than this amount
+
+
+
text
+
query
+
string
+
optional
+
Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
ID of the transaction obtained from a previous call to one of the other transaction end points
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain direct debit authorisations for multiple, filtered accounts
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
ID of the account to get scheduled payments for. Must have previously been returned by one of the account list end points. The account specified is the source account for the payment
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain scheduled payments for multiple, filtered accounts that are the source of funds for the payments
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Filter on the payee type field. In addition to normal type field values, ALL can be specified to retrieve all payees. If absent the assumed value is ALL
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Note that the payee sub-structure should be selected to represent the payment destination only rather than any known characteristics of the payment recipient
The ID used to locate the details of a particular payee
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain a list of products that are currently openly offered to the market
+
+
Note that the results returned by this end point are expected to be ordered in descending order according to lastUpdated.
+
Conventions
+
In the product reference payloads there are a number of recurring conventions that are explained here, in one place.
+
Arrays Of Features
+
In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:
+
+
+
Each element in an array has the same structure so that clients can reliably interpret the payloads
+
Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.
+
Each element has a field name additionalValue. This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.
+
An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.
+
An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.
+
Depending on the type of data being represented there may be additional specific fields.
+
+
URIs To More Information
+
As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.
+
+
These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.
+
Linkage To Accounts
+
From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.
+
+
For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.
+
+
Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.
+
Dates
+
It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.
+
+
In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.
+
+
NOTE: This version must be implemented by February 2021
Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'
Only include products that have been updated after the specified date and time. If absent defaults to include all products
+
+
+
brand
+
query
+
string
+
optional
+
Filter results based on a specific brand
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Obtain basic information on the customer that has authorised the current session
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain detailed information on the authorised customer within the current session.
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain a health check status for the implementation
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Obtain a list of scheduled outages for the implementation
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+
+
+
additionalInformation
+
object
+
optional
+
none
+
Object that contains links to additional information on specific topics
URI reference to a PNG, JPG or GIF image with proportions defined by ISO 7810 ID-1 and width no greater than 512 pixels. The URI reference may be a link or url-encoded data URI RFC 2397
An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also
Link to a web page with more information on the bundle criteria and benefits
+
+
+
productIds
+
[string]
+
optional
+
none
+
Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points
Generic field containing additional information relevant to the featureType specified. Whether mandatory or not is dependent on the value of the featureType.
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the feature. Mandatory if the feature type is set to OTHER
The type of constraint described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the constraintType specified. Whether mandatory or not is dependent on the value of constraintType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information the constraint
The type of eligibility criteria described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the eligibilityType specified. Whether mandatory or not is dependent on the value of eligibilityType
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the eligibility criteria. Mandatory if the field is set to OTHER
A fee rate calculated based on a proportion of the balance. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied.
A fee rate calculated based on a proportion of a transaction. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied
A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied
The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory
A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the discountType specified. Whether mandatory or not is dependent on the value of discountType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the discount
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
Generic field containing additional information relevant to the depositRateType specified. Whether mandatory or not is dependent on the value of depositRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
+
+
+
interestPaymentDue
+
string
+
optional
+
none
+
When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered
+
+
+
repaymentType
+
string
+
optional
+
none
+
Options in place for repayments. If absent, the lending rate is applicable to all repayment types
+
+
+
loanPurpose
+
string
+
optional
+
none
+
The reason for taking out the loan. If absent, the lending rate is applicable to all loan purposes
Generic field containing additional information relevant to the lendingRateType specified. Whether mandatory or not is dependent on the value of lendingRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate.
Defines the criteria and conditions for which a rate applies
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a DOLLAR amount. PERCENT (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of MONTH's or DAY's (in the case of term deposit tiers)
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier's range has no upper bound.
+
+
+
rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
The display name of the account as defined by the bank. This should not incorporate account numbers or PANs. If it does the values should be masked according to the rules of the MaskedAccountString common type.
+
+
+
nickname
+
string
+
optional
+
none
+
A customer supplied nick name for the account
+
+
+
openStatus
+
string
+
optional
+
none
+
Open or closed status for the account. If not present then OPEN is assumed
Flag indicating that the customer associated with the authorisation is an owner of the account. Does not indicate sole ownership, however. If not present then 'true' is assumed
The unmasked BSB for the account. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+
+
+
» accountNumber
+
string
+
optional
+
none
+
The unmasked account number for the account. Should not be supplied if the account number is a PAN requiring PCI compliance. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+
+
+
» bundleName
+
string
+
optional
+
none
+
Optional field to indicate if this account is part of a bundle that is providing additional benefit for to the customer
+
+
+
» specificAccountUType
+
string
+
optional
+
none
+
The type of structure to present account specific fields.
True if the feature is already activated and false if the feature is available for activation. Defaults to true if absent. (note this is an additional field appended to the feature object defined in the Product Reference payload)
Current instructions on action to be taken at maturity. This includes default actions that may be specified in the terms and conditions for the product e.g. roll-over to the same term and frequency of interest payments
Set to true if one or more offset accounts are configured for this loan account
+
+
+
offsetAccountIds
+
[string]
+
optional
+
none
+
The accountIDs of the configured offset accounts attached to this loan. Only offset accounts that can be accessed under the current authorisation should be included. It is expected behaviour that offsetAccountEnabled is set to true but the offsetAccountIds field is absent or empty. This represents a situation where an offset account exists but details can not be accessed under the current authorisation
+
+
+
repaymentType
+
string
+
optional
+
none
+
Options in place for repayments. If absent defaults to PRINCIPAL_AND_INTEREST
A unique ID of the transaction adhering to the standards for ID permanence. This is mandatory (through hashing if necessary) unless there are specific and justifiable technical reasons why a transaction cannot be uniquely identified for a particular account type
True if extended information is available using the transaction detail end point. False if extended data is not available
+
+
+
type
+
string
+
mandatory
+
none
+
The type of the transaction
+
+
+
status
+
string
+
mandatory
+
none
+
Status of the transaction whether pending or posted. Note that there is currently no provision in the standards to guarantee the ability to correlate a pending transaction with an associated posted transaction
+
+
+
description
+
string
+
mandatory
+
none
+
The transaction description as applied by the financial institution
The time the transaction was posted. This field is Mandatory if the transaction has status POSTED. This is the time that appears on a standard statement
Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit transaction entry
The balance of the account at this time. Should align to the balance available via other channels such as Internet Banking. Assumed to be negative if the customer has money owing
ID of the payee adhering to the rules of ID permanence
+
+
+
nickname
+
string
+
mandatory
+
none
+
The short display name of the payee as provided by the customer. Where a customer has not provided a nickname, a display name derived by the bank for the payee consistent with existing digital banking channels
+
+
+
description
+
string
+
optional
+
none
+
A description of the payee provided by the customer
+
+
+
type
+
string
+
mandatory
+
none
+
The type of payee. DOMESTIC means a registered payee for domestic payments including NPP. INTERNATIONAL means a registered payee for international payments. BILLER means a registered payee for BPAY
Type of account object included. Valid values are: account A standard Australian account defined by BSB/Account Number. card A credit or charge card to pay to (note that PANs are masked). payId A PayID recognised by NPP
BPAY CRN of the Biller. If the contents of the CRN match the format of a Credit Card PAN then it should be masked using the rules applicable for the MaskedPANString common type
A unique ID of the scheduled payment adhering to the standards for ID permanence
+
+
+
nickname
+
string
+
optional
+
none
+
The short display name of the payee as provided by the customer
+
+
+
payerReference
+
string
+
mandatory
+
none
+
The reference for the transaction that will be used by the originating institution for the purposes of constructing a statement narrative on the payer’s account. Empty string if no data provided
+
+
+
payeeReference
+
string
+
mandatory
+
none
+
The reference for the transaction that will be provided by the originating institution. Empty string if no data provided
+
+
+
status
+
string
+
mandatory
+
none
+
Indicates whether the schedule is currently active. The value SKIP is equivalent to ACTIVE except that the customer has requested the next normal occurrence to be skipped.
Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object
[The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry]
The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry
Flag indicating whether the amount of the payment is calculated based on the context of the event. For instance a payment to reduce the balance of a credit card to zero. If absent then false is assumed
Present if toUType is set to payeeId. Indicates that the payment is to registered payee that can be accessed using the payee end point. If the Bank Payees scope has not been consented to then a payeeId should not be provided and the full payee details should be provided instead
Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object
Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay
Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased
+
+
+
Enumerated Values
+
+
+
Property
+
Value
+
+
+
+
recurrenceUType
+
onceOff
+
+
+
recurrenceUType
+
intervalSchedule
+
+
+
recurrenceUType
+
lastWeekDay
+
+
+
recurrenceUType
+
eventBased
+
+
+
+
BankingScheduledPaymentRecurrenceOnceOff
+
+
+
{
+ "paymentDate":"string"
+}
+
+
+
Indicates that the payment is a once off payment on a specific future date. Mandatory if recurrenceUType is set to onceOff
The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value, If neither field is present the payments will continue indefinitely
+
+
+
nonBusinessDayTreatment
+
string
+
optional
+
none
+
Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. AFTER - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. BEFORE - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. ON - If a scheduled payment date is a non-business day the payment will be made on that day regardless. ONLY - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
An array of interval objects defining the payment schedule. Each entry in the array is additive, in that it adds payments to the overall payment schedule. If multiple intervals result in a payment on the same day then only one payment will be made. Must have at least one entry
An interval for the payment. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
Uses an interval to define the ordinal day within the interval defined by the interval field on which the payment occurs. If the resulting duration is 0 days in length or larger than the number of days in the interval then the payment will occur on the last day of the interval. A duration of 1 day indicates the first day of the interval. If absent the assumed value is P1D. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. The first day of a week is considered to be Monday.
Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay
The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
The interval for the payment. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
+
+
+
lastWeekDay
+
string
+
mandatory
+
none
+
The weekDay specified. The payment will occur on the last occurrence of this weekday in the interval.
+
+
+
nonBusinessDayTreatment
+
string
+
optional
+
none
+
Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. AFTER - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. BEFORE - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. ON - If a scheduled payment date is a non-business day the payment will be made on that day regardless. ONLY - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
+
+
+
Enumerated Values
+
+
+
Property
+
Value
+
+
+
+
lastWeekDay
+
MON
+
+
+
lastWeekDay
+
TUE
+
+
+
lastWeekDay
+
WED
+
+
+
lastWeekDay
+
THU
+
+
+
lastWeekDay
+
FRI
+
+
+
lastWeekDay
+
SAT
+
+
+
lastWeekDay
+
SUN
+
+
+
nonBusinessDayTreatment
+
AFTER
+
+
+
nonBusinessDayTreatment
+
BEFORE
+
+
+
nonBusinessDayTreatment
+
ON
+
+
+
nonBusinessDayTreatment
+
ONLY
+
+
+
+
BankingScheduledPaymentRecurrenceEventBased
+
+
+
{
+ "description":"string"
+}
+
+
+
Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
description
+
string
+
mandatory
+
none
+
Description of the event and conditions that will result in the payment. Expected to be formatted for display to a customer
Enumeration with values. OK (implementation is fully functional). PARTIAL_FAILURE (one or more end points are unexpectedly unavailable). UNAVAILABLE (the full implementation is unexpectedly unavailable). SCHEDULED_OUTAGE (an advertised outage is in effect)
+
+
+
» explanation
+
string
+
conditional
+
none
+
Provides an explanation of the current outage that can be displayed to an end customer. Mandatory if the status property is any value other than OK
Flag that indicates, if present and set to true, that the outage is only partial meaning that only a subset of normally available end points will be affected by the outage
+
+
+
explanation
+
string
+
mandatory
+
none
+
Provides an explanation of the current outage that can be displayed to an end customer
The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+
+
+
firstName
+
string
+
optional
+
none
+
For people with single names this field need not be present. The single name should be in the lastName field
+
+
+
lastName
+
string
+
mandatory
+
none
+
For people with single names the single name should be in this field
+
+
+
middleNames
+
[string]
+
mandatory
+
none
+
Field is mandatory but array may be empty
+
+
+
prefix
+
string
+
optional
+
none
+
Also known as title or salutation. The prefix to the name (e.g. Mr, Mrs, Ms, Miss, Sir, etc)
Value is a valid ANZSCO Standard Occupation classification code. If the occupation code held by the data holder is not one of the supported ANZSCO versions, then it must not be supplied.
+
+
+
occupationCodeVersion
+
string
+
conditional
+
none
+
The applicable ANZSCO release version of the occupation code provided. Mandatory if an occupationCode is supplied. If occupationCode is supplied but occupationCodeVersion is absent, default is ANZSCO_1220.0_2013_V1.2
Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+
+
+
agentFirstName
+
string
+
optional
+
none
+
The first name of the individual providing access on behalf of the organisation. For people with single names this field need not be present. The single name should be in the lastName field
+
+
+
agentLastName
+
string
+
mandatory
+
none
+
The last name of the individual providing access on behalf of the organisation. For people with single names the single name should be in this field
+
+
+
agentRole
+
string
+
mandatory
+
none
+
The role of the individual identified as the agent who is providing authorisation. Expected to be used for display. Default to Unspecified if the role is not known
+
+
+
businessName
+
string
+
mandatory
+
none
+
Name of the organisation
+
+
+
legalName
+
string
+
optional
+
none
+
Legal name, if different to the business name
+
+
+
shortName
+
string
+
optional
+
none
+
Short name used for communication, if different to the business name
+
+
+
abn
+
string
+
optional
+
none
+
Australian Business Number for the organisation
+
+
+
acn
+
string
+
optional
+
none
+
Australian Company Number for the organisation. Required only if an ACN is applicable for the organisation type
A valid ANZSIC code for the organisation. If the industry code held by the data holder is not one of the supported ANZSIC versions, then it must not be supplied.
+
+
+
industryCodeVersion
+
string
+
conditional
+
none
+
The applicable ANZSIC release version of the industry code provided. Should only be supplied if industryCode is also supplied. If industryCode is supplied but industryCodeVersion is absent, default is ANZSIC_1292.0_2006_V2.0
Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
Name of the individual or business formatted for inclusion in an address used for physical mail
+
+
+
addressLine1
+
string
+
mandatory
+
none
+
First line of the standard address object
+
+
+
addressLine2
+
string
+
optional
+
none
+
Second line of the standard address object
+
+
+
addressLine3
+
string
+
optional
+
none
+
Third line of the standard address object
+
+
+
postcode
+
string
+
conditional
+
none
+
Mandatory for Australian addresses
+
+
+
city
+
string
+
mandatory
+
none
+
Name of the city or locality
+
+
+
state
+
string
+
mandatory
+
none
+
Free text if the country is not Australia. If country is Australia then must be one of the values defined by the State Type Abbreviation in the PAF file format. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
Postal delivery number if the address is a postal delivery type
+
+
+
postalDeliveryNumberPrefix
+
string
+
optional
+
none
+
Postal delivery number prefix related to the postal delivery number
+
+
+
postalDeliveryNumberSuffix
+
string
+
optional
+
none
+
Postal delivery number suffix related to the postal delivery number
+
+
+
localityName
+
string
+
mandatory
+
none
+
Full name of locality
+
+
+
postcode
+
string
+
mandatory
+
none
+
Postcode for the locality
+
+
+
state
+
string
+
mandatory
+
none
+
State in which the address belongs. Valid enumeration defined by Australia Post PAF code file State Type Abbreviation. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
Changes arising from iteration 1 of the banking maintenance cadence. See release notes for detail
+
+
+
12/11/2019
+
1.0.1
+
Patch update
+
Minor defect changes and clarifications. See release notes for detail
+
+
+
30/9/2019
+
1.0.0
+
Baseline version 1
+
This release is the baseline release for the standards that are intended for implementation February 2020 and contains minor updates as well as changes to align to the locked down CDR Rules and the updated CDR Register design
+
+
+
4/9/2019
+
0.9.6
+
Defect fix release
+
This release addresses a series of documentation issues and other clarifications as identified via GitHub feedback
+
+
+
15/7/2019
+
0.9.5
+
Incorporated May 2019 Feedback
+
This version incorporates the decisions arising from the consultation feedback obtained on the May 2019 draft of the standards (v0.9.3)
+
+
+
27/6/2019
+
0.9.4
+
Documentation and error fixes from May draft
+
Added missing versioning headers x-v/ x-min-v
Removed Banking API's tag
Fixed nonBusinessDayTreatment enum default is an array
Removal of empty x-scope in product reference
BankingScheduledPaymentRecurrence removed required intervals field
Added Swagger Contact object
BankingScheduledPaymentRecurrence removed required intervals field
Minor updates to static documentation typos/ broken links
Added cross links to additionalValue descriptions for Product Reference enums
Minor updates to product reference samples
+
+
+
29/5/2019
+
0.9.3
+
Final updates for May Draft
+
Addition of Discoverability, InfoSec Profile and minor corrections
+
+
+
28/5/2019
+
0.9.2
+
Admin End Points
+
Added separate swagger/yaml as well as documentation for admin end points
+
+
+
28/5/2019
+
0.9.1
+
Modified BankingProductRateTier.maximumValue to optional
Modifications according to responses in technical feedback section documented in published feedback summary
organisationType for Organisation model is now required due to addition of OTHER value
+
+
+
19/12/2018
+
0.1.0
+
Masking rules
+
Added specificity to the masking guidance for the masked string primitives
+
+
+
18/12/2018
+
0.1.0
+
Updated swagger files
+
Swagger files were updated to address feedback. Documentation has not been changed to reflect these changes unless stated. Changes are as follows:
Extracted common query parameters
Extracted enums with repeated use
Used schema composition to facilitate model inheritance
Removed erroneous default values
Corrected for JSON syntax errors
Standardised Operation IDs and Model names
Change $type fields to PType (also fixed in doco)
+
+
+
18/12/2018
+
0.1.0
+
Addition of change log
+
This change log was added to the standards documentation
+
+
diff --git a/docs/archive/standards-1.5.1/docs/includes/cx b/docs/archive/standards-1.5.1/docs/includes/cx
new file mode 100644
index 00000000..1dc6e663
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/cx
@@ -0,0 +1,10 @@
+
Consumer Experience
+
The Consumer Experience (CX) standards, containing requirements and guidelines for the creation of implementatations by both Data Recipients and Data Holders, are split into two documents. This first defines mandatory standards and the second includes guidelines for facilitating the implementation of rules and standards that relate to the consumer experience:
diff --git a/docs/archive/standards-1.5.1/docs/includes/known-issues b/docs/archive/standards-1.5.1/docs/includes/known-issues
new file mode 100644
index 00000000..bdb19773
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/known-issues
@@ -0,0 +1,2 @@
+
Known Issues
+
This version of the standards currently has no known issues
diff --git a/docs/archive/standards-1.5.1/docs/includes/nfrs b/docs/archive/standards-1.5.1/docs/includes/nfrs
new file mode 100644
index 00000000..cd077eb0
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/nfrs
@@ -0,0 +1,187 @@
+
Non-functional Requirements
+
+
+
The non-functional requirements (NFRs) for the Consumer Data Right regime cover a number of considerations:
+
+
+
Minimum performance and availability expectations for data holders. Included to ensure a reliable and performant service is offered to data recipients and customers.
+
Maximum traffic expectations for data holders. Included to ensure there is a ceiling for the amount of traffic that a data holder is expected to service.
+
Requirements for reporting of performance. Included to provide transparency of performance without the need for time consuming auditing or inspection.
+
Requirements for data latency and quality. Included to give a clear indication to the depth and recency of the data available under the regime.
+
Limitations on the number of calls that a data recipient can make to a single provider. Included to protect data holders from poorly designed or overly transactional data recipient implementations.
+
+
Definitions
+
In the following definition of NFRs specific terms have the following meanings:
+
+
+
Data Recipient: For the purposes of these NFRs a data recipient is defined as a configured application presented in the register meta data. This acknowledges that a single accredited entity may be able to register multiple independent services (or apps) that can obtain authorisations from consumers independently of each other.
+
Session: A session is defined as the life span of a unique Access Token. Multiple API requests made with a single, valid, Access Token would be considered part of a single Session.
+
Customer Present: Authenticated API requests made in direct response to interactions by the end customer using the digital services of the data recipient will be considered “Customer Present”. Technically a data holder will define an API request as “Customer Present” if, and only if, the x-fapi-customer-ip-address header is populated with a valid IP address of the end customer’s device.
+
Customer Not Present: Authenticated API requests that are not deemed to be “Customer Present”
+
Unattended: A synonym of “Customer Not Present”
+
Authenticated: API requests to API end points that the standards require to be protected by security mechanisms that enforce explicit customer authorisation
+
Unauthenticated: API requests to API end points that the standards deem to be publically available. This implies that these end points may be accessed by any client without the client performing any authentication or authorisation actions
+
High Traffic Period: Any time in the 18 hour period between 6am and 12am (midnight) is considered to be a high traffic period
+
Low Traffic Period: Any time of the day not considered to be included in a high traffic period.
+
Large Payload: An API which is capable of returning a large data response that would reasonably impose higher data retrieval times on the resource server. Typically bulk request end points.
+
+
Session Requirements
+
A expiry time of a unique session should be set according to the statements included in the Security Profile.
+
+
After a unique session is expired it is expected that the data recipient, for the same customer, may establish a new session as long as the authorisation is still valid.
+
Availability Requirements
+
Service availability requirement for data holders:
+99.5% per month
+
+
The definition of a period of unavailability is any period of time when any of the API end points defined in the standard is unable to reliably provide a successful response to an appropriately constructed request.
+
+
The availability requirement applies to both authenticated and unauthenticated end points.
+
+
The availability requirement does not include planned outages. Planned outages should be:
+
+
+
Commensurate in length and frequency to other primary digital channels offered by the data holder,
+
Published to data recipients with at least one week lead time for normal outages,
+
May occur without notification if the change is to resolve a critical service or security issue.
+
+
Performance Requirements
+
API end point performance will be measured in response time of individual API requests from receipt of request to delivery of response.
+
+
It is understood that different response times can be measured depending on which technical layer of an API implementation stack is instrumented and that not all of the technical layers between the data recipient and the data holder will be in the control of the data holder. As this is implementation specific it is expected that the data holder will ensure that the measurement of response time occurs as close to the data recipient as practicable.
+
+
In light of these considerations, the performance requirement for data holders is:
+
+
95% of calls per hour responded to within a nominated threshold
+
+
The nominated threshold for each end point will be according to the following table:
+
+
+
+
Tier
+
Response Time
+
Applies To…
+
+
+
+
Unauthenticated
+
1500ms
+
All Unauthenticated end points not otherwise specified in a separate threshold.
+
+
+
High Priority
+
1000ms
+
All calls to the following end points:
All InfoSec end points including Dynamic Client Registration
CDR Arrangement Revocation
The following Unauthenticated end points:
Get Status
Get Outages
Customer Present calls to the following end points:
Get Accounts
Get Customer
Get Customer Detail
+
+
+
Low Priority
+
1500ms
+
Customer Present calls to the following end points:
Get Account Detail
Get Account Balance
Get Bulk Balances
Get Balances For Specific Accounts
Get Transactions For Account
Get Transaction Detail
Get Payees
Get Payee Detail
Get Direct Debits For Account
Get Scheduled Payments For Account
Get Scheduled Payments Bulk
Get Scheduled Payments For Specific Accounts
+
+
+
Unattended
+
4000ms
+
Unattended calls to the following end points that are not Large Payload end points:
High Priority Authenticated end points
Low Priority Authenticated end points
All Admin end points.
+
+
+
Large Payload
+
6000ms
+
Any Unattended calls to the following end points:
Get Bulk Direct Debits
Get Direct Debits For Specific Accounts
+
+
+
+
Note that calls initiated in excess of a traffic threshold (see next section) may be excluded from the performance requirement.
+
Traffic Thresholds
+
Calls in excess of the following traffic thresholds will be able to be freely throttled or rejected by a data holder without impact to their performance or availability requirements.
+
+
Traffic thresholds will be set using the following metrics:
+
+
+
Number of sessions per day – the number of individual sessions initiated in a calendar day.
+
Transactions Per Second (TPS) – the number of concurrent transactions each second.
+
Number of calls – the number of end point calls initiated for a specified duration.
+
+
+
For Customer Present and authorisation traffic the following traffic thresholds will apply:
+
+
+
Unlimited sessions per day
+
10 TPS per customer
+
50 TPS per data recipient
+
+
+
For Unattended traffic the following traffic thresholds will apply for low traffic periods:
+
+
+
20 sessions per day, per customer, per data recipient
+
100 total calls per session
+
5TPS per session
+
50 TPS per data recipient
+
+
+
For Unattended traffic during high traffic periods only best effort support is required.
+
+
For secure traffic (both Customer Present and Unattended) the following traffic thresholds will apply:
+
+
+
300 TPS total across all consumers
+
+
+
For Public traffic (i.e. traffic to unauthenticated end points) the following traffic thresholds will apply:
+
+
+
300 TPS total across all consumers (additive to secure traffic)
+
+
Data Recipient Requirements
+
Data recipients will be limited by the traffic thresholds documented in the previous section. In addition to this data recipients are expected to design their services according to the following principles:
+
+
+
Services should be designed to minimise traffic with data holders
+
Services should be designed to be resilient in the case of the rejection of a call by a data holder due to traffic threshold breaches
+
Services should schedule unattended calls to avoid high traffic periods
+
Unattended calls should be managed to avoid short term bursts of traffic
Availability for each of the previous twelve months
+
Percentage of calls within performance threshold for current day
+
Percentage of calls within performance threshold for each of the previous seven days
+
Number of calls within each performance tier for current day
+
Number of calls within each performance tier for each of the previous seven days
+
Average response time within each performance tier for current day
+
Average response time within each performance tier for each of the previous seven days
+
Number of sessions for current day
+
Number of sessions for each of the previous seven days
+
Peak total TPS for current day
+
Peak total TPS for each of the previous seven days
+
Average TPS for current day
+
Average TPS for each of the previous seven days
+
Number of calls resulting in error due to server execution for current day
+
Number of calls resulting in error due to server execution for each of the previous seven days
+
Number of calls rejected due to traffic thresholds for current day
+
Number of calls rejected due to traffic thresholds for each of the previous seven days
+
Number of customers with active authorisations
+
Number of data recipients with active authorisations
+
+
Data Latency
+
Within this proposal there is no specific requirement with regard to data latency (ie. how up to date data should be). Instead, the requirement for data latency is that data presented via API end points should be commensurate to data presented via other primary digital channels.
+
+
For example, for a Bank that provides a mobile application as their primary digital experience, a balance presented via one of the balance end points should be the same as the balance presented through the mobile application.
+
Data Quality
+
Data holders are required to take reasonable steps to ensure that CDR data, having regard to the purpose for which it is held, is accurate and up to date.
+
+
A data holder is required to be able to demonstrate that reasonable steps to maintain data quality are being undertaken.
+
Exemptions To Protect Service
+
In the event of the following extreme circumstances data holders will be able to obtain relief from non-functional requirements:
+
+
+
Periods of time when the digital channels for the data holder are the target for a distributed denial of service or equivalent form of attack (this should result in http error 429 Too Many Requests being returned).
+
A significant increase in traffic from a poorly designed or misbehaving data recipient (this should result in http error 429 Too Many Requests being returned).
+
If the data holder identifies a situation where there is the potential for physical or financial harm or abuse (this should result in http error 403 Forbidden being returned).
This end point allows the ACCC to obtain operational statistics from the Data Holder on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime.
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
period
+
query
+
string
+
optional
+
The period of metrics to be requested. Values can be CURRENT (meaning metrics for current day), HISTORIC (meaning metrics for previous days or months) or ALL. If absent the default is ALL.
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v]#request-headers) and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
Percentage availability of the CDR platform over time
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentMonth
+
number
+
conditional
+
none
+
Percentage availability of the CDR platform so far for the current calendar month. 0.0 means 0%. 1.0 means 100%.
+
+
+
previousMonths
+
[number]
+
conditional
+
none
+
Percentage availability of the CDR platform for previous calendar months. The first element indicates the last month and so on. A maximum of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%.
Percentage of calls within the performance thresholds
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentDay
+
number
+
conditional
+
none
+
Percentage of calls within the performance threshold for the current day. 0.0 means 0%. 1.0 means 100%
+
+
+
previousDays
+
[number]
+
conditional
+
none
+
Percentage of calls within the performance threshold for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available. 0.0 means 0%. 1.0 means 100%
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also
Link to a web page with more information on the bundle criteria and benefits
+
+
+
productIds
+
[string]
+
optional
+
none
+
Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points
Generic field containing additional information relevant to the featureType specified. Whether mandatory or not is dependent on the value of the featureType.
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the feature. Mandatory if the feature type is set to OTHER
The type of constraint described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the constraintType specified. Whether mandatory or not is dependent on the value of constraintType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information the constraint
The type of eligibility criteria described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the eligibilityType specified. Whether mandatory or not is dependent on the value of eligibilityType
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the eligibility criteria. Mandatory if the field is set to OTHER
A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory
The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to ISO 8601 Durations
A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory
A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the discountType specified. Whether mandatory or not is dependent on the value of discountType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the discount
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations
Generic field containing additional information relevant to the depositRateType specified. Whether mandatory or not is dependent on the value of depositRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations
+
+
+
interestPaymentDue
+
string
+
optional
+
none
+
When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered
Generic field containing additional information relevant to the lendingRateType specified. Whether mandatory or not is dependent on the value of lendingRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate.
Defines the criteria and conditions for which a rate applies
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. 'DOLLAR', 'MONTH' (in the case of term deposit tiers), 'PERCENT' (in the case of loan-to-value ratio or LVR)
+
+
+
minimumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value
+
+
+
maximumValue
+
number
+
optional
+
none
+
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier's range has no upper bound.
+
+
+
rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
Defines a condition for the applicability of a tiered rate
+
+
+
subTier
+
object
+
optional
+
none
+
Defines the sub-tier criteria and conditions for which a rate applies
+
+
+
» name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
» unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. 'DOLLAR', 'MONTH' (in the case of term deposit tiers), 'PERCENT' (in the case of loan-to-value ratio or LVR)
+
+
+
» minimumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value
+
+
+
» maximumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months)
+
+
+
» rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+
+
+
additionalInformation
+
object
+
optional
+
none
+
Object that contains links to additional information on specific topics
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also
Link to a web page with more information on the bundle criteria and benefits
+
+
+
productIds
+
[string]
+
optional
+
none
+
Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points
Generic field containing additional information relevant to the featureType specified. Whether mandatory or not is dependent on the value of the featureType.
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the feature. Mandatory if the feature type is set to OTHER
The type of constraint described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the constraintType specified. Whether mandatory or not is dependent on the value of constraintType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information the constraint
The type of eligibility criteria described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the eligibilityType specified. Whether mandatory or not is dependent on the value of eligibilityType
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the eligibility criteria. Mandatory if the field is set to OTHER
A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory
The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory
A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the discountType specified. Whether mandatory or not is dependent on the value of discountType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the discount
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
Generic field containing additional information relevant to the depositRateType specified. Whether mandatory or not is dependent on the value of depositRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
+
+
+
interestPaymentDue
+
string
+
optional
+
none
+
When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered
Generic field containing additional information relevant to the lendingRateType specified. Whether mandatory or not is dependent on the value of lendingRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate.
Defines the criteria and conditions for which a rate applies
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a DOLLAR amount. PERCENT (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of MONTH's or DAY's (in the case of term deposit tiers)
+
+
+
minimumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value
+
+
+
maximumValue
+
number
+
optional
+
none
+
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier's range has no upper bound.
+
+
+
rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
Defines a condition for the applicability of a tiered rate
+
+
+
subTier
+
object
+
optional
+
none
+
Defines the sub-tier criteria and conditions for which a rate applies
+
+
+
» name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
» unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a DOLLAR amount. PERCENT (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of MONTH's or DAY's (in the case of term deposit tiers)
+
+
+
» minimumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value
+
+
+
» maximumValue
+
number
+
mandatory
+
none
+
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months)
+
+
+
» rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
Obtain a list of products that are currently openly offered to the market
+
+
Note that the results returned by this end point are expected to be ordered according to updated-since
+
Conventions
+
In the product reference payloads there are a number of recurring conventions that are explained here, in one place.
+
Arrays Of Features
+
In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:
+
+
+
Each element in an array has the same structure so that clients can reliably interpret the payloads
+
Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.
+
Each element has a field name additionalValue. This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.
+
An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.
+
An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.
+
Depending on the type of data being represented there may be additional specific fields.
+
+
URIs To More Information
+
As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.
+
+
These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.
+
Linkage To Accounts
+
From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.
+
+
For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.
+
+
Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.
+
Dates
+
It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.
+
+
In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
effective
+
query
+
string
+
optional
+
Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'
Only include products that have been updated after the specified date and time. If absent defaults to include all products
+
+
+
brand
+
query
+
string
+
optional
+
Filter results based on a specific brand
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+
+
+
additionalInformation
+
object
+
optional
+
none
+
Object that contains links to additional information on specific topics
Obtain a list of products that are currently openly offered to the market
+
+
Note that the results returned by this end point are expected to be ordered according to updated-since
+
Conventions
+
In the product reference payloads there are a number of recurring conventions that are explained here, in one place.
+
Arrays Of Features
+
In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:
+
+
+
Each element in an array has the same structure so that clients can reliably interpret the payloads
+
Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.
+
Each element has a field name additionalValue. This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.
+
An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.
+
An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.
+
Depending on the type of data being represented there may be additional specific fields.
+
+
URIs To More Information
+
As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.
+
+
These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.
+
Linkage To Accounts
+
From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.
+
+
For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.
+
+
Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.
+
Dates
+
It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.
+
+
In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.
+
+
NOTE: This version must be implemented by July 2020
Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'
Only include products that have been updated after the specified date and time. If absent defaults to include all products
+
+
+
brand
+
query
+
string
+
optional
+
Filter results based on a specific brand
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+
+
+
additionalInformation
+
object
+
optional
+
none
+
Object that contains links to additional information on specific topics
Release notes for version 1.1.0 of the CDR Standards.
+
Errata for v1.1.0
+
Since v1.1.0 was published the following errors have been identified and will be corrected in the next version:
+
+
+
The x-cds-subject header was intended to be removed but was accidentally left in the standards documentation. The statements requiring x-cds-subject should be ignored.
+
The statements regarding the use of TLS in the Information Security profile imply that the authorize end point should be protected with TLS using a certificate provided by the CDR CA. As the authorize end point must be accessed by a public client this end point must use TLS but the data holder is free to use any certificate authority.
+
+
High Level Standards
+
+
+
Change
+
Description
+
Link
+
+
+
+
Content-Type header optionality
+
Clarified that the Content-Type header is only mandatory for PUT and POST calls
Release notes for version 1.1.1 of the CDR Standards.
+
+
This version of the standards only contains fixes and clarifications. None of the changes in this version materially impact the intent or meaning of the standards and no updates should be required for compliant implementations.
+
High Level Standards
+
+
+
Change
+
Description
+
Link
+
+
+
+
Summary of future binding
+
Added a section highlighting the sections of the standard where an obligation will commence at a future date
Replaced back slashes with forward slashes in various places in samples and descriptive text
+
Various
+
+
+
Removed sample files
+
Removed a series of obsolete samples were not linked but were included in the repository
+
Not Applicable
+
+
+
x-cds-client-headers description
+
Ensured all descriptions for the x-cds-client-headers header are consistent across the standards
+
Various
+
+
+
x-fapi-interaction-id description
+
Ensured all descriptions for the x-fapi-interaction-id header are consistent across the standards
+
Various
+
+
+
NFR Tier Clarification
+
Updated the non-functional requirements section to include the end points added to the standards after this section was originally published. Note that this section is still non-binding in the standards with no future binding date set
Release notes for version 1.2.0 of the CDR Standards.
+
+
This version of the standards is considered to be the binding baseline for the Phase 2 implementation of the Consumer Data Right regime currently targeted for July 2020.
+
High Level Standards
+
+
+
Change
+
Description
+
Link
+
+
+
+
Binding Statement
+
Modified the introduction section to include a statement of binding that is aligned to the legal framework for the CDR regime
Change to the description of the DateTimeString type to clarify the baselining of time to UTC. This is a clarification only and does not materially change the standards
CX Standards: minor defect correction for location of ‘balances’. 'Account name and type' now changed to 'Account name, type and balance'. 'Account numbers, balances and features' now changed to 'Account numbers and features'.
CX Guidelines: showing how DHs may present static ‘1 Jan 2017’ reference in authorisation flow to reflect rule 4.23(b). CX Guidelines now also suggest other locations for this information that are not required in the rules or standards.
Rule 7.4 and 7.9 example: compliance with Privacy Safeguards 5 and 10
+
CX Guidelines: example for privacy safeguard requirement on dashboards. Rules regarding disclosure of datasets, references to ADRs and DHs, and date of initial and final disclosure.
Introduction of v3 of the Product Reference end points to remove sub tiers, addition of more info and info URL fields, and addition of repayment type and loan purpose fields
Optional example for ‘Transaction Details’ amended
+
CX Standards defect. An optional example for ‘Transaction Details’ incorrectly referred to ‘BSB, account number’. This optional example has been removed.
CX Standards clarification. Amended to clarify that the use of the term “One Time Password” may be presented alongside an existing term used by a data holder (e.g. Netcode, one time pin etc.).
CX Standards clarification. This clarification has been added to the standard as follows:
Data holders are not permitted to show unavailable joint accounts as joint accounts need to be elected via a joint account management service before they are permitted to appear in the authorisation flow (See CDR Rules: Schedule 3, 4.1(1); 4.2; 4.3(3); and CDR Rule 4.24)
CX Standards, optional addition. To avoid DH non-compliance this guideline has been added as an optional part of an existing CX standard on account selection as follows:
Data holders MAY add a ‘profile selection’ step or equivalent prior to the account selection step if a single identifier provides access to different customer accounts. For example, one customer ID may give access to business customer and individual customer accounts.
The ‘profile selection’ stepSHOULDonly be considered if it is an existing customer experience, andSHOULDbe as minimal as possible to avoid introducing unwarranted friction (having regard to CDR Rule 4.24).
This item was previously a guideline but was uplifted to be an optional part of the standards as it is not permitted in the authorisation flow unless it is a rule or standard.
The CX Guidelines and CX Standards artefacts now include the CX Principles and Outcome Principle 3. These principles guide standard/guideline development but are not standards themselves.
CX Guideline amended to avoid implying that concurrent consent will support re-authorisation. Guideline amended to clarify that consumer withdrawal must occur before/in the course of replacing an existing consent.
+
CX Guidelines p.65 (Added to key decisions table p.3)
+
+
+
CDR Logo in authorisation flow
+
CX Guideline has been removed pending the ACCC making this functionality available.
CX Guideline has been removed pending the ACCC making this functionality available. ACCC is consulting on the sharing of the accreditation ID with DHs on GitHub
The requirement that a 406 response must be provided if x-v and x-min-v are not present was written before the must/should language was used with specific meaning. This is not clarified as a MUST (as was intended) rather than a SHOULD. This change has also been applied where the version headers are documented for end points.
The documentation covering the need for ADR's to host a revocation end point until November 2020 was inadvertently removed. Revocation end point documentation has been modified to match the relevant decision proposals
Clarify for the revocation and arrangement end points that client assertion is used to verify the identity of Data Recipients and bearer tokens are used to verify the identity of Data Holders
Permitting DHs to show unavailable joint accounts in authorisation flow
+
v1.3.0 of the CX Standards reflected ACCC’s position that DHs were not permitted to show unavailable joint accounts in the authorisation flow. The ACCC have revised this position to allow DHs to show unavailable joint accounts in the authorisation flow.
This revised position is reflected in V1.4.0 as optional for November 2020. This change (1) removes the statement on data holders not being permitted to show unavailable joint accounts and (2) includes a clarification on how unavailable accounts are to be interpreted.
Updates the sections covering Concurrent Consent, PAR client authentication, CDR Arrangement Revocation and CDR Arrangement ID documenation based on DP135
+
+
diff --git a/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.json b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.json
new file mode 100644
index 00000000..466807e6
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.json
@@ -0,0 +1,575 @@
+{
+ "swagger" : "2.0",
+ "info" : {
+ "description" : "Data Holder Consumer Data Standards Administration End Points",
+ "version" : "1.3.0",
+ "title" : "Consumer Data Standards Administration End Points",
+ "contact" : {
+ "name" : "Consumer Data Standards Administration End Points",
+ "url" : "https://consumerdatastandards.org.au/",
+ "email" : "cdr-data61@csiro.au"
+ },
+ "license" : {
+ "name" : "MIT License",
+ "url" : "https://opensource.org/licenses/MIT"
+ }
+ },
+ "host" : "data.holder.com.au",
+ "basePath" : "/cds-au/v1",
+ "schemes" : [ "https" ],
+ "consumes" : [ "application/json" ],
+ "produces" : [ "application/json" ],
+ "paths" : {
+ "/admin/register/metadata" : {
+ "post" : {
+ "tags" : [ "Admin", "Register" ],
+ "summary" : "Metadata Update",
+ "description" : "Indicate that a critical update to the metadata for Accredited Data Recipients has been made and should be obtained",
+ "operationId" : "metadataUpdate",
+ "parameters" : [ {
+ "in" : "body",
+ "name" : "action",
+ "required" : true,
+ "schema" : {
+ "$ref" : "#/definitions/RequestMetaDataUpdate"
+ }
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](##response-headers) of the API end point that the data holder has responded with."
+ }
+ }
+ }
+ },
+ "x-version" : "1"
+ }
+ },
+ "/admin/metrics" : {
+ "get" : {
+ "tags" : [ "Admin", "Metrics" ],
+ "summary" : "Get Metrics",
+ "description" : "This end point allows the ACCC to obtain operational statistics from the Data Holder on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime.\n\nNOTE: This version must be implemented by **July 31st 2021**\n\nObsolete versions: [v1](includes/obsolete/get-metrics-v1.html)",
+ "operationId" : "getMetrics",
+ "parameters" : [ {
+ "name" : "period",
+ "in" : "query",
+ "description" : "The period of metrics to be requested. Values can be CURRENT (meaning metrics for current day), HISTORIC (meaning metrics for previous days or months) or ALL. If absent the default is ALL.",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "CURRENT", "HISTORIC", "ALL" ]
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseMetricsListV2"
+ }
+ }
+ },
+ "x-version" : "2"
+ }
+ }
+ },
+ "definitions" : {
+ "RequestMetaDataUpdate" : {
+ "type" : "object",
+ "required" : [ "data" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/RequestMetaDataUpdate_data"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "ResponseMetricsListV2" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseMetricsListV2_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "AvailabilityMetrics" : {
+ "type" : "object",
+ "properties" : {
+ "currentMonth" : {
+ "type" : "number",
+ "description" : "Percentage availability of the CDR platform so far for the current calendar month. 0.0 means 0%. 1.0 means 100%."
+ },
+ "previousMonths" : {
+ "type" : "array",
+ "description" : "Percentage availability of the CDR platform for previous calendar months. The first element indicates the last month and so on. A maximum of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Percentage availability of the CDR platform over time",
+ "x-conditional" : [ "currentMonth", "previousMonths" ]
+ },
+ "PerformanceMetrics" : {
+ "type" : "object",
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Percentage of calls within the performance threshold for the current day. 0.0 means 0%. 1.0 means 100%"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Percentage of calls within the performance threshold for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available. 0.0 means 0%. 1.0 means 100%",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Percentage of calls within the performance thresholds",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "InvocationMetrics" : {
+ "type" : "object",
+ "properties" : {
+ "unauthenticated" : {
+ "$ref" : "#/definitions/InvocationMetrics_unauthenticated"
+ },
+ "highPriority" : {
+ "$ref" : "#/definitions/InvocationMetrics_highPriority"
+ },
+ "lowPriority" : {
+ "$ref" : "#/definitions/InvocationMetrics_lowPriority"
+ },
+ "unattended" : {
+ "$ref" : "#/definitions/InvocationMetrics_unattended"
+ },
+ "largePayload" : {
+ "$ref" : "#/definitions/InvocationMetrics_largePayload"
+ }
+ },
+ "description" : "Number of API calls in each performance tier over time",
+ "x-conditional" : [ "unauthenticated", "highPriority", "lowPriority", "unattended", "largePayload" ]
+ },
+ "AverageResponseMetrics" : {
+ "type" : "object",
+ "properties" : {
+ "unauthenticated" : {
+ "$ref" : "#/definitions/AverageResponseMetrics_unauthenticated"
+ },
+ "highPriority" : {
+ "$ref" : "#/definitions/AverageResponseMetrics_highPriority"
+ },
+ "lowPriority" : {
+ "$ref" : "#/definitions/AverageResponseMetrics_lowPriority"
+ },
+ "unattended" : {
+ "$ref" : "#/definitions/AverageResponseMetrics_unattended"
+ },
+ "largePayload" : {
+ "$ref" : "#/definitions/AverageResponseMetrics_largePayload"
+ }
+ },
+ "description" : "Average response time in seconds, at millisecond resolution, within each performance tier",
+ "x-conditional" : [ "unauthenticated", "highPriority", "lowPriority", "unattended", "largePayload" ]
+ },
+ "SessionCountMetrics" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Session count for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Session count for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Session counts over time. Note that a session is defined as the provisioning of an Access Token.",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "AverageTPSMetrics" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average TPS for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average TPS for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Transactions per second over time",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "PeakTPSMetrics" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Peak TPS for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Peak TPS for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Maximum record transactions per second over time",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "ErrorMetrics" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Number of errors for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Number of errors for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Number of calls resulting in error due to server execution over time",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "RejectionMetricsV2" : {
+ "properties" : {
+ "authenticated" : {
+ "$ref" : "#/definitions/RejectionMetricsV2_authenticated"
+ },
+ "unauthenticated" : {
+ "$ref" : "#/definitions/RejectionMetricsV2_unauthenticated"
+ }
+ },
+ "description" : "Number of calls rejected due to traffic thresholds over time",
+ "x-conditional" : [ "currentDay", "previousDays" ]
+ },
+ "Links" : {
+ "type" : "object",
+ "required" : [ "self" ],
+ "properties" : {
+ "self" : {
+ "type" : "string",
+ "description" : "Fully qualified link to this API call",
+ "x-cds-type" : "URIString"
+ }
+ }
+ },
+ "Meta" : {
+ "type" : "object"
+ },
+ "RequestMetaDataUpdate_data" : {
+ "required" : [ "action" ],
+ "properties" : {
+ "action" : {
+ "type" : "string",
+ "description" : "The action to take for the meta data. At the moment the only option is REFRESH which requires the data holder to call the ACCC to refresh meta data as soon as practicable",
+ "default" : "REFRESH",
+ "enum" : [ "REFRESH" ]
+ }
+ }
+ },
+ "ResponseMetricsListV2_data" : {
+ "required" : [ "requestTime" ],
+ "properties" : {
+ "requestTime" : {
+ "type" : "string",
+ "description" : "The date and time that the metrics in this payload were requested.",
+ "x-cds-type" : "DateTimeString"
+ },
+ "availability" : {
+ "$ref" : "#/definitions/AvailabilityMetrics"
+ },
+ "performance" : {
+ "$ref" : "#/definitions/PerformanceMetrics"
+ },
+ "invocations" : {
+ "$ref" : "#/definitions/InvocationMetrics"
+ },
+ "averageResponse" : {
+ "$ref" : "#/definitions/AverageResponseMetrics"
+ },
+ "sessionCount" : {
+ "$ref" : "#/definitions/SessionCountMetrics"
+ },
+ "averageTps" : {
+ "$ref" : "#/definitions/AverageTPSMetrics"
+ },
+ "peakTps" : {
+ "$ref" : "#/definitions/PeakTPSMetrics"
+ },
+ "errors" : {
+ "$ref" : "#/definitions/ErrorMetrics"
+ },
+ "rejections" : {
+ "$ref" : "#/definitions/RejectionMetricsV2"
+ },
+ "customerCount" : {
+ "type" : "integer",
+ "description" : "Number of customers with active authorisations at the time of the call"
+ },
+ "recipientCount" : {
+ "type" : "integer",
+ "description" : "Number of data recipients with active authorisations at the time of the call"
+ }
+ }
+ },
+ "InvocationMetrics_unauthenticated" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "API call counts for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "API call counts for the unauthenticated tier"
+ },
+ "InvocationMetrics_highPriority" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "API call counts for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "API call counts for the high priority tier"
+ },
+ "InvocationMetrics_lowPriority" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "API call counts for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "API call counts for the low priority tier"
+ },
+ "InvocationMetrics_unattended" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "API call counts for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "API call counts for the unattended tier"
+ },
+ "InvocationMetrics_largePayload" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "API call counts for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "API call counts for the large payload tier"
+ },
+ "AverageResponseMetrics_unauthenticated" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average response time for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Average response time for the unauthenticated tier"
+ },
+ "AverageResponseMetrics_highPriority" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average response time for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Average response time for the high priority tier"
+ },
+ "AverageResponseMetrics_lowPriority" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average response time for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Average response time for the low priority tier"
+ },
+ "AverageResponseMetrics_unattended" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average response time for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Average response time for the unattended tier"
+ },
+ "AverageResponseMetrics_largePayload" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Average response time for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Average response time for the large payload tier"
+ },
+ "RejectionMetricsV2_authenticated" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Number of calls rejected for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Number of calls rejected for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Rejection counts for all authenticated end points"
+ },
+ "RejectionMetricsV2_unauthenticated" : {
+ "properties" : {
+ "currentDay" : {
+ "type" : "number",
+ "description" : "Number of calls rejected for current day"
+ },
+ "previousDays" : {
+ "type" : "array",
+ "description" : "Number of calls rejected for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.",
+ "items" : {
+ "type" : "number"
+ }
+ }
+ },
+ "description" : "Rejection counts for all uauthenticated end points"
+ }
+ },
+ "parameters" : {
+ "RequestHeader_x-v" : {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ },
+ "RequestHeader_x-min-v" : {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }
+ }
+}
\ No newline at end of file
diff --git a/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.yaml b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.yaml
new file mode 100644
index 00000000..abd355cd
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_admin.yaml
@@ -0,0 +1,454 @@
+---
+swagger: "2.0"
+info:
+ description: Data Holder Consumer Data Standards Administration End Points
+ version: 1.3.0
+ title: Consumer Data Standards Administration End Points
+ contact:
+ name: Consumer Data Standards Administration End Points
+ url: https://consumerdatastandards.org.au/
+ email: cdr-data61@csiro.au
+ license:
+ name: MIT License
+ url: https://opensource.org/licenses/MIT
+host: data.holder.com.au
+basePath: /cds-au/v1
+schemes:
+- https
+consumes:
+- application/json
+produces:
+- application/json
+paths:
+ /admin/register/metadata:
+ post:
+ tags:
+ - Admin
+ - Register
+ summary: Metadata Update
+ description: Indicate that a critical update to the metadata for Accredited Data Recipients has been made and should be obtained
+ operationId: metadataUpdate
+ parameters:
+ - in: body
+ name: action
+ required: true
+ schema:
+ $ref: '#/definitions/RequestMetaDataUpdate'
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](##response-headers) of the API end point that the data holder has responded with.
+ x-version: "1"
+ /admin/metrics:
+ get:
+ tags:
+ - Admin
+ - Metrics
+ summary: Get Metrics
+ description: |-
+ This end point allows the ACCC to obtain operational statistics from the Data Holder on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime.
+
+ NOTE: This version must be implemented by **July 31st 2021**
+
+ Obsolete versions: [v1](includes/obsolete/get-metrics-v1.html)
+ operationId: getMetrics
+ parameters:
+ - name: period
+ in: query
+ description: The period of metrics to be requested. Values can be CURRENT (meaning metrics for current day), HISTORIC (meaning metrics for previous days or months) or ALL. If absent the default is ALL.
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - CURRENT
+ - HISTORIC
+ - ALL
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ schema:
+ $ref: '#/definitions/ResponseMetricsListV2'
+ x-version: "2"
+definitions:
+ RequestMetaDataUpdate:
+ type: object
+ required:
+ - data
+ properties:
+ data:
+ $ref: '#/definitions/RequestMetaDataUpdate_data'
+ meta:
+ $ref: '#/definitions/Meta'
+ ResponseMetricsListV2:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/ResponseMetricsListV2_data'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ AvailabilityMetrics:
+ type: object
+ properties:
+ currentMonth:
+ type: number
+ description: Percentage availability of the CDR platform so far for the current calendar month. 0.0 means 0%. 1.0 means 100%.
+ previousMonths:
+ type: array
+ description: Percentage availability of the CDR platform for previous calendar months. The first element indicates the last month and so on. A maximum of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%.
+ items:
+ type: number
+ description: Percentage availability of the CDR platform over time
+ x-conditional:
+ - currentMonth
+ - previousMonths
+ PerformanceMetrics:
+ type: object
+ properties:
+ currentDay:
+ type: number
+ description: Percentage of calls within the performance threshold for the current day. 0.0 means 0%. 1.0 means 100%
+ previousDays:
+ type: array
+ description: Percentage of calls within the performance threshold for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available. 0.0 means 0%. 1.0 means 100%
+ items:
+ type: number
+ description: Percentage of calls within the performance thresholds
+ x-conditional:
+ - currentDay
+ - previousDays
+ InvocationMetrics:
+ type: object
+ properties:
+ unauthenticated:
+ $ref: '#/definitions/InvocationMetrics_unauthenticated'
+ highPriority:
+ $ref: '#/definitions/InvocationMetrics_highPriority'
+ lowPriority:
+ $ref: '#/definitions/InvocationMetrics_lowPriority'
+ unattended:
+ $ref: '#/definitions/InvocationMetrics_unattended'
+ largePayload:
+ $ref: '#/definitions/InvocationMetrics_largePayload'
+ description: Number of API calls in each performance tier over time
+ x-conditional:
+ - unauthenticated
+ - highPriority
+ - lowPriority
+ - unattended
+ - largePayload
+ AverageResponseMetrics:
+ type: object
+ properties:
+ unauthenticated:
+ $ref: '#/definitions/AverageResponseMetrics_unauthenticated'
+ highPriority:
+ $ref: '#/definitions/AverageResponseMetrics_highPriority'
+ lowPriority:
+ $ref: '#/definitions/AverageResponseMetrics_lowPriority'
+ unattended:
+ $ref: '#/definitions/AverageResponseMetrics_unattended'
+ largePayload:
+ $ref: '#/definitions/AverageResponseMetrics_largePayload'
+ description: Average response time in seconds, at millisecond resolution, within each performance tier
+ x-conditional:
+ - unauthenticated
+ - highPriority
+ - lowPriority
+ - unattended
+ - largePayload
+ SessionCountMetrics:
+ properties:
+ currentDay:
+ type: number
+ description: Session count for current day
+ previousDays:
+ type: array
+ description: Session count for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: Session counts over time. Note that a session is defined as the provisioning of an Access Token.
+ x-conditional:
+ - currentDay
+ - previousDays
+ AverageTPSMetrics:
+ properties:
+ currentDay:
+ type: number
+ description: Average TPS for current day
+ previousDays:
+ type: array
+ description: Average TPS for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: Transactions per second over time
+ x-conditional:
+ - currentDay
+ - previousDays
+ PeakTPSMetrics:
+ properties:
+ currentDay:
+ type: number
+ description: Peak TPS for current day
+ previousDays:
+ type: array
+ description: Peak TPS for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: Maximum record transactions per second over time
+ x-conditional:
+ - currentDay
+ - previousDays
+ ErrorMetrics:
+ properties:
+ currentDay:
+ type: number
+ description: Number of errors for current day
+ previousDays:
+ type: array
+ description: Number of errors for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: Number of calls resulting in error due to server execution over time
+ x-conditional:
+ - currentDay
+ - previousDays
+ RejectionMetricsV2:
+ properties:
+ authenticated:
+ $ref: '#/definitions/RejectionMetricsV2_authenticated'
+ unauthenticated:
+ $ref: '#/definitions/RejectionMetricsV2_unauthenticated'
+ description: Number of calls rejected due to traffic thresholds over time
+ x-conditional:
+ - currentDay
+ - previousDays
+ Links:
+ type: object
+ required:
+ - self
+ properties:
+ self:
+ type: string
+ description: Fully qualified link to this API call
+ x-cds-type: URIString
+ Meta:
+ type: object
+ RequestMetaDataUpdate_data:
+ required:
+ - action
+ properties:
+ action:
+ type: string
+ description: The action to take for the meta data. At the moment the only option is REFRESH which requires the data holder to call the ACCC to refresh meta data as soon as practicable
+ default: REFRESH
+ enum:
+ - REFRESH
+ ResponseMetricsListV2_data:
+ required:
+ - requestTime
+ properties:
+ requestTime:
+ type: string
+ description: The date and time that the metrics in this payload were requested.
+ x-cds-type: DateTimeString
+ availability:
+ $ref: '#/definitions/AvailabilityMetrics'
+ performance:
+ $ref: '#/definitions/PerformanceMetrics'
+ invocations:
+ $ref: '#/definitions/InvocationMetrics'
+ averageResponse:
+ $ref: '#/definitions/AverageResponseMetrics'
+ sessionCount:
+ $ref: '#/definitions/SessionCountMetrics'
+ averageTps:
+ $ref: '#/definitions/AverageTPSMetrics'
+ peakTps:
+ $ref: '#/definitions/PeakTPSMetrics'
+ errors:
+ $ref: '#/definitions/ErrorMetrics'
+ rejections:
+ $ref: '#/definitions/RejectionMetricsV2'
+ customerCount:
+ type: integer
+ description: Number of customers with active authorisations at the time of the call
+ recipientCount:
+ type: integer
+ description: Number of data recipients with active authorisations at the time of the call
+ InvocationMetrics_unauthenticated:
+ properties:
+ currentDay:
+ type: number
+ description: API call counts for current day
+ previousDays:
+ type: array
+ description: API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: API call counts for the unauthenticated tier
+ InvocationMetrics_highPriority:
+ properties:
+ currentDay:
+ type: number
+ description: API call counts for current day
+ previousDays:
+ type: array
+ description: API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: API call counts for the high priority tier
+ InvocationMetrics_lowPriority:
+ properties:
+ currentDay:
+ type: number
+ description: API call counts for current day
+ previousDays:
+ type: array
+ description: API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: API call counts for the low priority tier
+ InvocationMetrics_unattended:
+ properties:
+ currentDay:
+ type: number
+ description: API call counts for current day
+ previousDays:
+ type: array
+ description: API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: API call counts for the unattended tier
+ InvocationMetrics_largePayload:
+ properties:
+ currentDay:
+ type: number
+ description: API call counts for current day
+ previousDays:
+ type: array
+ description: API call counts for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available
+ items:
+ type: number
+ description: API call counts for the large payload tier
+ AverageResponseMetrics_unauthenticated:
+ properties:
+ currentDay:
+ type: number
+ description: Average response time for current day
+ previousDays:
+ type: array
+ description: Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Average response time for the unauthenticated tier
+ AverageResponseMetrics_highPriority:
+ properties:
+ currentDay:
+ type: number
+ description: Average response time for current day
+ previousDays:
+ type: array
+ description: Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Average response time for the high priority tier
+ AverageResponseMetrics_lowPriority:
+ properties:
+ currentDay:
+ type: number
+ description: Average response time for current day
+ previousDays:
+ type: array
+ description: Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Average response time for the low priority tier
+ AverageResponseMetrics_unattended:
+ properties:
+ currentDay:
+ type: number
+ description: Average response time for current day
+ previousDays:
+ type: array
+ description: Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Average response time for the unattended tier
+ AverageResponseMetrics_largePayload:
+ properties:
+ currentDay:
+ type: number
+ description: Average response time for current day
+ previousDays:
+ type: array
+ description: Average response time for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Average response time for the large payload tier
+ RejectionMetricsV2_authenticated:
+ properties:
+ currentDay:
+ type: number
+ description: Number of calls rejected for current day
+ previousDays:
+ type: array
+ description: Number of calls rejected for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Rejection counts for all authenticated end points
+ RejectionMetricsV2_unauthenticated:
+ properties:
+ currentDay:
+ type: number
+ description: Number of calls rejected for current day
+ previousDays:
+ type: array
+ description: Number of calls rejected for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available.
+ items:
+ type: number
+ description: Rejection counts for all uauthenticated end points
+parameters:
+ RequestHeader_x-v:
+ name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ RequestHeader_x-min-v:
+ name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](##request-headers) and [x-v](##request-headers). If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
+ required: false
+ type: string
diff --git a/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.json b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.json
new file mode 100644
index 00000000..23324aba
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.json
@@ -0,0 +1,4440 @@
+{
+ "swagger" : "2.0",
+ "info" : {
+ "description" : "API sets created by the Australian Consumer Data Standards to meet the needs of the Consumer Data Right",
+ "version" : "1.5.1",
+ "title" : "Consumer Data Standards",
+ "contact" : {
+ "name" : "Consumer Data Standards",
+ "url" : "https://consumerdatastandards.org.au/",
+ "email" : "cdr-data61@csiro.au"
+ },
+ "license" : {
+ "name" : "MIT License",
+ "url" : "https://opensource.org/licenses/MIT"
+ }
+ },
+ "host" : "data.holder.com.au",
+ "basePath" : "/cds-au/v1",
+ "schemes" : [ "https" ],
+ "consumes" : [ "application/json" ],
+ "produces" : [ "application/json" ],
+ "paths" : {
+ "/banking/accounts" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Accounts",
+ "description" : "Obtain a list of accounts",
+ "operationId" : "listAccounts",
+ "parameters" : [ {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ }, {
+ "name" : "open-status",
+ "in" : "query",
+ "description" : "Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "OPEN", "CLOSED", "ALL" ]
+ }, {
+ "name" : "is-owned",
+ "in" : "query",
+ "description" : "Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts",
+ "required" : false,
+ "type" : "boolean",
+ "x-cds-type" : "Boolean"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingAccountList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:accounts.basic:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/balances" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Bulk Balances",
+ "description" : "Obtain balances for multiple, filtered accounts",
+ "operationId" : "listBalancesBulk",
+ "parameters" : [ {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ }, {
+ "name" : "open-status",
+ "in" : "query",
+ "description" : "Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "OPEN", "CLOSED", "ALL" ]
+ }, {
+ "name" : "is-owned",
+ "in" : "query",
+ "description" : "Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts",
+ "required" : false,
+ "type" : "boolean",
+ "x-cds-type" : "Boolean"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingAccountsBalanceList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:accounts.basic:read" ],
+ "x-version" : "1"
+ },
+ "post" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Balances For Specific Accounts",
+ "description" : "Obtain balances for a specified list of accounts",
+ "operationId" : "listBalancesSpecificAccounts",
+ "parameters" : [ {
+ "in" : "body",
+ "name" : "accountIds",
+ "description" : "The list of account IDs to obtain balances for",
+ "required" : true,
+ "schema" : {
+ "$ref" : "#/definitions/RequestAccountIds"
+ }
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingAccountsBalanceList"
+ }
+ },
+ "422" : {
+ "description" : "The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context",
+ "headers" : {
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseErrorList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:accounts.basic:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}/balance" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Account Balance",
+ "description" : "Obtain the balance for a single specified account",
+ "operationId" : "getBalance",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "ID of the specific account requested",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingAccountsBalanceById"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:accounts.basic:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Account Detail",
+ "description" : "Obtain detailed information on a single account",
+ "operationId" : "getAccountDetail",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "A tokenised identifier for the account which is unique but not shareable",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingAccountById"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:accounts.detail:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}/transactions" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Transactions For Account",
+ "description" : "Obtain transactions for a specific account.\n\nSome general notes that apply to all end points that retrieve transactions:\n\n- Where multiple transactions are returned, transactions should be ordered according to effective date in descending order\n- As the date and time for a transaction can alter depending on status and transaction type two separate date/times are included in the payload. There are still some scenarios where neither of these time stamps is available. For the purpose of filtering and ordering it is expected that the data holder will use the “effective” date/time which will be defined as:\n - Posted date/time if available, then\n - Execution date/time if available, then\n - A reasonable date/time nominated by the data holder using internal data structures\n- For transaction amounts it should be assumed that a negative value indicates a reduction of the available balance on the account while a positive value indicates an increase in the available balance on the account\n- For aggregated transactions (ie. groups of sub transactions reported as a single entry for the account) only the aggregated information, with as much consistent information accross the subsidiary transactions as possible, is required to be shared",
+ "operationId" : "getTransactions",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "ID of the account to get transactions for. Must have previously been returned by one of the account list end points.",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "oldest-time",
+ "in" : "query",
+ "description" : "Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "DateTimeString"
+ }, {
+ "name" : "newest-time",
+ "in" : "query",
+ "description" : "Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "DateTimeString"
+ }, {
+ "name" : "min-amount",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions with amounts higher or equal to than this amount",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "AmountString"
+ }, {
+ "name" : "max-amount",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions with amounts less than or equal to than this amount",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "AmountString"
+ }, {
+ "name" : "text",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingTransactionList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:transactions:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}/transactions/{transactionId}" : {
+ "get" : {
+ "tags" : [ "Banking", "Accounts" ],
+ "summary" : "Get Transaction Detail",
+ "description" : "Obtain detailed information on a transaction for a specific account",
+ "operationId" : "getTransactionDetail",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "ID of the account to get transactions for. Must have previously been returned by one of the account list end points",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "transactionId",
+ "in" : "path",
+ "description" : "ID of the transaction obtained from a previous call to one of the other transaction end points",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingTransactionById"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:transactions:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}/direct-debits" : {
+ "get" : {
+ "tags" : [ "Banking", "Direct Debits" ],
+ "summary" : "Get Direct Debits For Account",
+ "description" : "Obtain direct debit authorisations for a specific account",
+ "operationId" : "listDirectDebits",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "ID of the account to get direct debit authorisations for. Must have previously been returned by one of the account list end points.",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingDirectDebitAuthorisationList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/direct-debits" : {
+ "get" : {
+ "tags" : [ "Banking", "Direct Debits" ],
+ "summary" : "Get Bulk Direct Debits",
+ "description" : "Obtain direct debit authorisations for multiple, filtered accounts",
+ "operationId" : "listDirectDebitsBulk",
+ "parameters" : [ {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ }, {
+ "name" : "open-status",
+ "in" : "query",
+ "description" : "Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "OPEN", "CLOSED", "ALL" ]
+ }, {
+ "name" : "is-owned",
+ "in" : "query",
+ "description" : "Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts",
+ "required" : false,
+ "type" : "boolean",
+ "x-cds-type" : "Boolean"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingDirectDebitAuthorisationList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ },
+ "post" : {
+ "tags" : [ "Banking", "Direct Debits" ],
+ "summary" : "Get Direct Debits For Specific Accounts",
+ "description" : "Obtain direct debit authorisations for a specified list of accounts",
+ "operationId" : "listDirectDebitsSpecificAccounts",
+ "parameters" : [ {
+ "in" : "body",
+ "name" : "accountIds",
+ "description" : "Array of specific accountIds to obtain authorisations for",
+ "required" : true,
+ "schema" : {
+ "$ref" : "#/definitions/RequestAccountIds"
+ }
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingDirectDebitAuthorisationList"
+ }
+ },
+ "422" : {
+ "description" : "The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context",
+ "headers" : {
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseErrorList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/accounts/{accountId}/payments/scheduled" : {
+ "get" : {
+ "tags" : [ "Banking", "Scheduled Payments" ],
+ "summary" : "Get Scheduled Payments for Account",
+ "description" : "Obtain scheduled, outgoing payments for a specific account",
+ "operationId" : "listScheduledPayments",
+ "parameters" : [ {
+ "name" : "accountId",
+ "in" : "path",
+ "description" : "ID of the account to get scheduled payments for. Must have previously been returned by one of the account list end points. The account specified is the source account for the payment",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingScheduledPaymentsList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/payments/scheduled" : {
+ "get" : {
+ "tags" : [ "Banking", "Scheduled Payments" ],
+ "summary" : "Get Scheduled Payments Bulk",
+ "description" : "Obtain scheduled payments for multiple, filtered accounts that are the source of funds for the payments",
+ "operationId" : "listScheduledPaymentsBulk",
+ "parameters" : [ {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ }, {
+ "name" : "open-status",
+ "in" : "query",
+ "description" : "Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "OPEN", "CLOSED", "ALL" ]
+ }, {
+ "name" : "is-owned",
+ "in" : "query",
+ "description" : "Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts",
+ "required" : false,
+ "type" : "boolean",
+ "x-cds-type" : "Boolean"
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingScheduledPaymentsList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ },
+ "post" : {
+ "tags" : [ "Banking", "Scheduled Payments" ],
+ "summary" : "Get Scheduled Payments For Specific Accounts",
+ "description" : "Obtain scheduled payments for a specified list of accounts",
+ "operationId" : "listScheduledPaymentsSpecificAccounts",
+ "parameters" : [ {
+ "in" : "body",
+ "name" : "accountIds",
+ "description" : "Array of specific accountIds to obtain scheduled payments for. The accounts specified are the source of funds for the payments returned",
+ "required" : true,
+ "schema" : {
+ "$ref" : "#/definitions/RequestAccountIds"
+ }
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingScheduledPaymentsList"
+ }
+ },
+ "422" : {
+ "description" : "The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context",
+ "headers" : {
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseErrorList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:regular_payments:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/payees" : {
+ "get" : {
+ "tags" : [ "Banking", "Payees" ],
+ "summary" : "Get Payees",
+ "description" : "Obtain a list of pre-registered payees",
+ "operationId" : "listPayees",
+ "parameters" : [ {
+ "name" : "type",
+ "in" : "query",
+ "description" : "Filter on the payee type field. In addition to normal type field values, ALL can be specified to retrieve all payees. If absent the assumed value is ALL",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "BILLER", "DOMESTIC", "INTERNATIONAL", "ALL" ]
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingPayeeList"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:payees:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/payees/{payeeId}" : {
+ "get" : {
+ "tags" : [ "Banking", "Payees" ],
+ "summary" : "Get Payee Detail",
+ "description" : "Obtain detailed information on a single payee.\n\nNote that the payee sub-structure should be selected to represent the payment destination only rather than any known characteristics of the payment recipient",
+ "operationId" : "getPayeeDetail",
+ "parameters" : [ {
+ "name" : "payeeId",
+ "in" : "path",
+ "description" : "The ID used to locate the details of a particular payee",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingPayeeById"
+ }
+ }
+ },
+ "x-scopes" : [ "bank:payees:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/banking/products" : {
+ "get" : {
+ "tags" : [ "Banking", "Products" ],
+ "summary" : "Get Products",
+ "description" : "Obtain a list of products that are currently openly offered to the market\n\nNote that the results returned by this end point are expected to be ordered in descending order according to ``lastUpdated``.\n\n### Conventions\nIn the product reference payloads there are a number of recurring conventions that are explained here, in one place.\n\n#### Arrays Of Features\n\nIn the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:\n\n- Each element in an array has the same structure so that clients can reliably interpret the payloads\n- Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.\n- Each element has a field name [additionalValue](#productfeaturetypedoc). This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.\n- An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.\n- An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.\n- Depending on the type of data being represented there may be additional specific fields.\n\n#### URIs To More Information\n\nAs the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.\n\nThese URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.\n\n#### Linkage To Accounts\nFrom the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.\n\nFor this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.\n\nSimilarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.\n\n#### Dates\nIt is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.\n\nIn addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.\n\nNOTE: This version must be implemented by **February 2021**\n\nObsolete versions: [v1](includes/obsolete/get-products-v1.html) [v2](includes/obsolete/get-products-v2.html)",
+ "operationId" : "listProducts",
+ "parameters" : [ {
+ "name" : "effective",
+ "in" : "query",
+ "description" : "Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'",
+ "required" : false,
+ "type" : "string",
+ "default" : "CURRENT",
+ "enum" : [ "CURRENT", "FUTURE", "ALL" ]
+ }, {
+ "name" : "updated-since",
+ "in" : "query",
+ "description" : "Only include products that have been updated after the specified date and time. If absent defaults to include all products",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "DateTimeString"
+ }, {
+ "name" : "brand",
+ "in" : "query",
+ "description" : "Filter results based on a specific brand",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ }, {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingProductList"
+ }
+ }
+ },
+ "x-version" : "3"
+ }
+ },
+ "/banking/products/{productId}" : {
+ "get" : {
+ "tags" : [ "Banking", "Products" ],
+ "summary" : "Get Product Detail",
+ "description" : "Obtain detailed information on a single product offered openly to the market.\n\nNOTE: This version must be implemented by **February 2021**\n\nObsolete versions: [v1](includes/obsolete/get-product-detail-v1.html) [v2](includes/obsolete/get-product-detail-v2.html)",
+ "operationId" : "getProductDetail",
+ "parameters" : [ {
+ "name" : "productId",
+ "in" : "path",
+ "description" : "ID of the specific product requested",
+ "required" : true,
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }, {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseBankingProductById"
+ }
+ }
+ },
+ "x-version" : "3"
+ }
+ },
+ "/common/customer" : {
+ "get" : {
+ "tags" : [ "Common", "Customer" ],
+ "summary" : "Get Customer",
+ "description" : "Obtain basic information on the customer that has authorised the current session",
+ "operationId" : "getCustomer",
+ "parameters" : [ {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseCommonCustomer"
+ }
+ }
+ },
+ "x-scopes" : [ "common:customer.basic:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/common/customer/detail" : {
+ "get" : {
+ "tags" : [ "Common", "Customer" ],
+ "summary" : "Get Customer Detail",
+ "description" : "Obtain detailed information on the authorised customer within the current session.",
+ "operationId" : "getCustomerDetail",
+ "parameters" : [ {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ }, {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ },
+ "x-fapi-interaction-id" : {
+ "type" : "string",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseCommonCustomerDetail"
+ }
+ }
+ },
+ "x-scopes" : [ "common:customer.detail:read" ],
+ "x-version" : "1"
+ }
+ },
+ "/discovery/status" : {
+ "get" : {
+ "tags" : [ "Common", "Discovery" ],
+ "summary" : "Get Status",
+ "description" : "Obtain a health check status for the implementation",
+ "operationId" : "getStatus",
+ "parameters" : [ {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseCommonDiscoveryStatus"
+ }
+ }
+ },
+ "x-version" : "1"
+ }
+ },
+ "/discovery/outages" : {
+ "get" : {
+ "tags" : [ "Common", "Discovery" ],
+ "summary" : "Get Outages",
+ "description" : "Obtain a list of scheduled outages for the implementation",
+ "operationId" : "getOutages",
+ "parameters" : [ {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ }, {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ } ],
+ "responses" : {
+ "200" : {
+ "description" : "Success",
+ "headers" : {
+ "x-v" : {
+ "type" : "string",
+ "description" : "The [version](#response-headers) of the API end point that the data holder has responded with."
+ }
+ },
+ "schema" : {
+ "$ref" : "#/definitions/ResponseDiscoveryOutagesList"
+ }
+ }
+ },
+ "x-version" : "1"
+ }
+ }
+ },
+ "definitions" : {
+ "RequestAccountIds" : {
+ "type" : "object",
+ "required" : [ "data" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/RequestAccountIds_data"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "ResponseBankingProductList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingProductList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "BankingProductV3" : {
+ "type" : "object",
+ "required" : [ "brand", "description", "isTailored", "lastUpdated", "name", "productCategory", "productId" ],
+ "properties" : {
+ "productId" : {
+ "type" : "string",
+ "description" : "A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.",
+ "x-cds-type" : "ASCIIString"
+ },
+ "effectiveFrom" : {
+ "type" : "string",
+ "description" : "The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate",
+ "x-cds-type" : "DateTimeString"
+ },
+ "effectiveTo" : {
+ "type" : "string",
+ "description" : "The date and time at which this product will be retired and will no longer be offered. Used to enable the managed deprecation of products",
+ "x-cds-type" : "DateTimeString"
+ },
+ "lastUpdated" : {
+ "type" : "string",
+ "description" : "The last date and time that the information for this product was changed (or the creation date for the product if it has never been altered)",
+ "x-cds-type" : "DateTimeString"
+ },
+ "productCategory" : {
+ "$ref" : "#/definitions/BankingProductCategory"
+ },
+ "name" : {
+ "type" : "string",
+ "description" : "The display name of the product"
+ },
+ "description" : {
+ "type" : "string",
+ "description" : "A description of the product"
+ },
+ "brand" : {
+ "type" : "string",
+ "description" : "A label of the brand for the product. Able to be used for filtering. For data holders with single brands this value is still required"
+ },
+ "brandName" : {
+ "type" : "string",
+ "description" : "An optional display name of the brand"
+ },
+ "applicationUri" : {
+ "type" : "string",
+ "description" : "A link to an application web page where this product can be applied for.",
+ "x-cds-type" : "URIString"
+ },
+ "isTailored" : {
+ "type" : "boolean",
+ "description" : "Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable",
+ "x-cds-type" : "Boolean"
+ },
+ "additionalInformation" : {
+ "$ref" : "#/definitions/BankingProductV3_additionalInformation"
+ },
+ "cardArt" : {
+ "type" : "array",
+ "description" : "An array of card art images",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductV3_cardArt"
+ }
+ }
+ }
+ },
+ "ResponseBankingProductById" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/BankingProductDetailV3"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "BankingProductDetailV3" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/BankingProductV3"
+ }, {
+ "type" : "object",
+ "properties" : {
+ "bundles" : {
+ "type" : "array",
+ "description" : "An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductBundle"
+ }
+ },
+ "features" : {
+ "type" : "array",
+ "description" : "Array of features available for the product",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductFeature"
+ }
+ },
+ "constraints" : {
+ "type" : "array",
+ "description" : "Constraints on the application for or operation of the product such as minimum balances or limit thresholds",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductConstraint"
+ }
+ },
+ "eligibility" : {
+ "type" : "array",
+ "description" : "Eligibility criteria for the product",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductEligibility"
+ }
+ },
+ "fees" : {
+ "type" : "array",
+ "description" : "Fees applicable for the product",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductFee"
+ }
+ },
+ "depositRates" : {
+ "type" : "array",
+ "description" : "Interest rates available for deposits",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductDepositRate"
+ }
+ },
+ "lendingRates" : {
+ "type" : "array",
+ "description" : "Interest rates charged against lending balances",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductLendingRateV2"
+ }
+ }
+ }
+ } ]
+ },
+ "BankingProductBundle" : {
+ "type" : "object",
+ "required" : [ "description", "name" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "Name of the bundle"
+ },
+ "description" : {
+ "type" : "string",
+ "description" : "Description of the bundle"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the bundle"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on the bundle criteria and benefits",
+ "x-cds-type" : "URIString"
+ },
+ "productIds" : {
+ "type" : "array",
+ "description" : "Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points",
+ "items" : {
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }
+ }
+ }
+ },
+ "BankingProductFeature" : {
+ "type" : "object",
+ "required" : [ "featureType" ],
+ "properties" : {
+ "featureType" : {
+ "type" : "string",
+ "description" : "The type of feature described",
+ "enum" : [ "ADDITIONAL_CARDS", "BALANCE_TRANSFERS", "BILL_PAYMENT", "BONUS_REWARDS", "CARD_ACCESS", "COMPLEMENTARY_PRODUCT_DISCOUNTS", "DIGITAL_BANKING", "DIGITAL_WALLET", "DONATE_INTEREST", "FREE_TXNS", "FREE_TXNS_ALLOWANCE", "INSURANCE", "INTEREST_FREE", "INTEREST_FREE_TRANSFERS", "LOYALTY_PROGRAM", "NOTIFICATIONS", "NPP_ENABLED", "NPP_PAYID", "OFFSET", "OVERDRAFT", "REDRAW", "UNLIMITED_TXNS", "OTHER" ]
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [featureType](#tocSproductfeaturetypedoc) specified. Whether mandatory or not is dependent on the value of the [featureType.](#tocSproductfeaturetypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the feature. Mandatory if the [feature type](#tocSproductfeaturetypedoc) is set to OTHER"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this feature",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalValue", "additionalInfo" ]
+ },
+ "BankingProductConstraint" : {
+ "type" : "object",
+ "required" : [ "constraintType" ],
+ "properties" : {
+ "constraintType" : {
+ "type" : "string",
+ "description" : "The type of constraint described. See the next section for an overview of valid values and their meaning",
+ "enum" : [ "MIN_BALANCE", "MIN_LIMIT", "MAX_BALANCE", "MAX_LIMIT", "OPENING_BALANCE" ]
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [constraintType](#tocSproductconstrainttypedoc) specified. Whether mandatory or not is dependent on the value of [constraintType](#tocSproductconstrainttypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information the constraint"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on the constraint",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalValue" ]
+ },
+ "BankingProductEligibility" : {
+ "type" : "object",
+ "required" : [ "eligibilityType" ],
+ "properties" : {
+ "eligibilityType" : {
+ "type" : "string",
+ "description" : "The type of eligibility criteria described. See the next section for an overview of valid values and their meaning",
+ "enum" : [ "BUSINESS", "EMPLOYMENT_STATUS", "MAX_AGE", "MIN_AGE", "MIN_INCOME", "MIN_TURNOVER", "NATURAL_PERSON", "PENSION_RECIPIENT", "RESIDENCY_STATUS", "STAFF", "STUDENT", "OTHER" ]
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [eligibilityType](#tocSproducteligibilitytypedoc) specified. Whether mandatory or not is dependent on the value of [eligibilityType](#tocSproducteligibilitytypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the [eligibility](#tocSproducteligibilitytypedoc) criteria. Mandatory if the field is set to OTHER"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this eligibility criteria",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalValue", "additionalInfo" ]
+ },
+ "BankingProductFee" : {
+ "type" : "object",
+ "required" : [ "feeType", "name" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "Name of the fee"
+ },
+ "feeType" : {
+ "type" : "string",
+ "description" : "The type of fee",
+ "enum" : [ "DEPOSIT", "EVENT", "EXIT", "PAYMENT", "PERIODIC", "PURCHASE", "TRANSACTION", "UPFRONT", "VARIABLE", "WITHDRAWAL" ]
+ },
+ "amount" : {
+ "type" : "string",
+ "description" : "The amount charged for the fee. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* \"VARIABLE\" is supplied",
+ "x-cds-type" : "AmountString"
+ },
+ "balanceRate" : {
+ "type" : "string",
+ "description" : "A fee rate calculated based on a proportion of the balance. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* \"VARIABLE\" is supplied.",
+ "x-cds-type" : "RateString"
+ },
+ "transactionRate" : {
+ "type" : "string",
+ "description" : "A fee rate calculated based on a proportion of a transaction. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* \"VARIABLE\" is supplied",
+ "x-cds-type" : "RateString"
+ },
+ "accruedRate" : {
+ "type" : "string",
+ "description" : "A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* \"VARIABLE\" is supplied",
+ "x-cds-type" : "RateString"
+ },
+ "accrualFrequency" : {
+ "type" : "string",
+ "description" : "The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "currency" : {
+ "type" : "string",
+ "description" : "The currency the fee will be charged in. Assumes AUD if absent",
+ "x-cds-type" : "CurrencyString"
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [feeType](#tocSproductfeetypedoc) specified. Whether mandatory or not is dependent on the value of [feeType](#tocSproductfeetypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the fee"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this fee",
+ "x-cds-type" : "URIString"
+ },
+ "discounts" : {
+ "type" : "array",
+ "description" : "An optional list of discounts to this fee that may be available",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductDiscount"
+ }
+ }
+ },
+ "x-conditional" : [ "additionalValue", "amount", "balanceRate", "transactionRate", "accruedRate" ]
+ },
+ "BankingProductDiscount" : {
+ "type" : "object",
+ "required" : [ "description", "discountType" ],
+ "properties" : {
+ "description" : {
+ "type" : "string",
+ "description" : "Description of the discount"
+ },
+ "discountType" : {
+ "type" : "string",
+ "description" : "The type of discount. See the next section for an overview of valid values and their meaning",
+ "enum" : [ "BALANCE", "DEPOSITS", "ELIGIBILITY_ONLY", "FEE_CAP", "PAYMENTS" ]
+ },
+ "amount" : {
+ "type" : "string",
+ "description" : "Dollar value of the discount. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory.",
+ "x-cds-type" : "AmountString"
+ },
+ "balanceRate" : {
+ "type" : "string",
+ "description" : "A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee",
+ "x-cds-type" : "RateString"
+ },
+ "transactionRate" : {
+ "type" : "string",
+ "description" : "A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory",
+ "x-cds-type" : "RateString"
+ },
+ "accruedRate" : {
+ "type" : "string",
+ "description" : "A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee",
+ "x-cds-type" : "RateString"
+ },
+ "feeRate" : {
+ "type" : "string",
+ "description" : "A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee",
+ "x-cds-type" : "RateString"
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [discountType](#tocSproductdiscounttypedoc) specified. Whether mandatory or not is dependent on the value of [discountType](#tocSproductdiscounttypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the discount"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this discount",
+ "x-cds-type" : "URIString"
+ },
+ "eligibility" : {
+ "type" : "array",
+ "description" : "Eligibility constraints that apply to this discount. Mandatory if ``discountType`` is ``ELIGIBILITY_ONLY``.",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductDiscountEligibility"
+ }
+ }
+ },
+ "x-conditional" : [ "accruedRate", "additionalValue", "amount", "balanceRate", "eligibility", "feeRate", "transactionRate" ]
+ },
+ "BankingProductDiscountEligibility" : {
+ "type" : "object",
+ "required" : [ "discountEligibilityType" ],
+ "properties" : {
+ "discountEligibilityType" : {
+ "type" : "string",
+ "description" : "The type of the specific eligibility constraint for a discount",
+ "enum" : [ "BUSINESS", "EMPLOYMENT_STATUS", "INTRODUCTORY", "MAX_AGE", "MIN_AGE", "MIN_INCOME", "MIN_TURNOVER", "NATURAL_PERSON", "PENSION_RECIPIENT", "RESIDENCY_STATUS", "STAFF", "STUDENT", "OTHER" ]
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [discountEligibilityType](#tocSproductdiscounteligibilitydoc) specified. Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on this eligibility constraint. Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc)"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this eligibility constraint",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalInfo", "additionalValue" ]
+ },
+ "BankingProductDepositRate" : {
+ "type" : "object",
+ "required" : [ "depositRateType", "rate" ],
+ "properties" : {
+ "depositRateType" : {
+ "type" : "string",
+ "description" : "The type of rate (base, bonus, etc). See the next section for an overview of valid values and their meaning",
+ "enum" : [ "BONUS", "BUNDLE_BONUS", "FIXED", "FLOATING", "INTRODUCTORY", "MARKET_LINKED", "VARIABLE" ]
+ },
+ "rate" : {
+ "type" : "string",
+ "description" : "The rate to be applied",
+ "x-cds-type" : "RateString"
+ },
+ "calculationFrequency" : {
+ "type" : "string",
+ "description" : "The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "applicationFrequency" : {
+ "type" : "string",
+ "description" : "The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "tiers" : {
+ "type" : "array",
+ "description" : "Rate tiers applicable for this rate",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductRateTierV3"
+ }
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [depositRateType](#tocSproductdepositratetypedoc) specified. Whether mandatory or not is dependent on the value of [depositRateType](#tocSproductdepositratetypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the rate"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this rate",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalValue" ]
+ },
+ "BankingProductLendingRateV2" : {
+ "type" : "object",
+ "required" : [ "lendingRateType", "rate" ],
+ "properties" : {
+ "lendingRateType" : {
+ "type" : "string",
+ "description" : "The type of rate (fixed, variable, etc). See the next section for an overview of valid values and their meaning",
+ "enum" : [ "BUNDLE_DISCOUNT_FIXED", "BUNDLE_DISCOUNT_VARIABLE", "CASH_ADVANCE", "DISCOUNT", "FLOATING", "INTRODUCTORY", "MARKET_LINKED", "PENALTY", "PURCHASE", "VARIABLE", "FIXED" ]
+ },
+ "rate" : {
+ "type" : "string",
+ "description" : "The rate to be applied",
+ "x-cds-type" : "RateString"
+ },
+ "comparisonRate" : {
+ "type" : "string",
+ "description" : "A comparison rate equivalent for this rate",
+ "x-cds-type" : "RateString"
+ },
+ "calculationFrequency" : {
+ "type" : "string",
+ "description" : "The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "applicationFrequency" : {
+ "type" : "string",
+ "description" : "The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "interestPaymentDue" : {
+ "type" : "string",
+ "description" : "When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered",
+ "enum" : [ "IN_ADVANCE", "IN_ARREARS" ]
+ },
+ "repaymentType" : {
+ "type" : "string",
+ "description" : "Options in place for repayments. If absent, the lending rate is applicable to all repayment types",
+ "enum" : [ "INTEREST_ONLY", "PRINCIPAL_AND_INTEREST" ]
+ },
+ "loanPurpose" : {
+ "type" : "string",
+ "description" : "The reason for taking out the loan. If absent, the lending rate is applicable to all loan purposes",
+ "enum" : [ "OWNER_OCCUPIED", "INVESTMENT" ]
+ },
+ "tiers" : {
+ "type" : "array",
+ "description" : "Rate tiers applicable for this rate",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductRateTierV3"
+ }
+ },
+ "additionalValue" : {
+ "type" : "string",
+ "description" : "Generic field containing additional information relevant to the [lendingRateType](#tocSproductlendingratetypedoc) specified. Whether mandatory or not is dependent on the value of [lendingRateType](#tocSproductlendingratetypedoc)"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the rate."
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this rate",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "additionalValue" ]
+ },
+ "BankingProductRateTierV3" : {
+ "type" : "object",
+ "required" : [ "minimumValue", "name", "unitOfMeasure" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "A display name for the tier"
+ },
+ "unitOfMeasure" : {
+ "type" : "string",
+ "description" : "The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a **DOLLAR** amount. **PERCENT** (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of **MONTH**'s or **DAY**'s (in the case of term deposit tiers)",
+ "enum" : [ "DOLLAR", "PERCENT", "DAY", "MONTH" ]
+ },
+ "minimumValue" : {
+ "type" : "number",
+ "description" : "The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value",
+ "x-cds-type" : "Number"
+ },
+ "maximumValue" : {
+ "type" : "number",
+ "description" : "The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier's range has no upper bound.",
+ "x-cds-type" : "Number"
+ },
+ "rateApplicationMethod" : {
+ "type" : "string",
+ "description" : "The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')",
+ "enum" : [ "PER_TIER", "WHOLE_BALANCE" ]
+ },
+ "applicabilityConditions" : {
+ "$ref" : "#/definitions/BankingProductRateCondition"
+ },
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the rate tier."
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this rate tier",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "description" : "Defines the criteria and conditions for which a rate applies"
+ },
+ "BankingProductRateCondition" : {
+ "type" : "object",
+ "properties" : {
+ "additionalInfo" : {
+ "type" : "string",
+ "description" : "Display text providing more information on the condition"
+ },
+ "additionalInfoUri" : {
+ "type" : "string",
+ "description" : "Link to a web page with more information on this condition",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "description" : "Defines a condition for the applicability of a tiered rate"
+ },
+ "ResponseBankingAccountList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingAccountList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "BankingAccount" : {
+ "type" : "object",
+ "required" : [ "accountId", "displayName", "maskedNumber", "productCategory", "productName" ],
+ "properties" : {
+ "accountId" : {
+ "type" : "string",
+ "description" : "A unique ID of the account adhering to the standards for ID permanence",
+ "x-cds-type" : "ASCIIString"
+ },
+ "creationDate" : {
+ "type" : "string",
+ "description" : "Date that the account was created (if known)",
+ "x-cds-type" : "DateString"
+ },
+ "displayName" : {
+ "type" : "string",
+ "description" : "The display name of the account as defined by the bank. This should not incorporate account numbers or PANs. If it does the values should be masked according to the rules of the MaskedAccountString common type."
+ },
+ "nickname" : {
+ "type" : "string",
+ "description" : "A customer supplied nick name for the account"
+ },
+ "openStatus" : {
+ "type" : "string",
+ "description" : "Open or closed status for the account. If not present then OPEN is assumed",
+ "default" : "OPEN",
+ "enum" : [ "OPEN", "CLOSED" ]
+ },
+ "isOwned" : {
+ "type" : "boolean",
+ "description" : "Flag indicating that the customer associated with the authorisation is an owner of the account. Does not indicate sole ownership, however. If not present then 'true' is assumed",
+ "default" : true,
+ "x-cds-type" : "Boolean"
+ },
+ "maskedNumber" : {
+ "type" : "string",
+ "description" : "A masked version of the account. Whether BSB/Account Number, Credit Card PAN or another number",
+ "x-cds-type" : "MaskedAccountString"
+ },
+ "productCategory" : {
+ "$ref" : "#/definitions/BankingProductCategory"
+ },
+ "productName" : {
+ "type" : "string",
+ "description" : "The unique identifier of the account as defined by the data holder (akin to model number for the account)"
+ }
+ }
+ },
+ "ResponseBankingAccountById" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/BankingAccountDetail"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "BankingAccountDetail" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/BankingAccount"
+ }, {
+ "type" : "object",
+ "properties" : {
+ "bsb" : {
+ "type" : "string",
+ "description" : "The unmasked BSB for the account. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces"
+ },
+ "accountNumber" : {
+ "type" : "string",
+ "description" : "The unmasked account number for the account. Should not be supplied if the account number is a PAN requiring PCI compliance. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces"
+ },
+ "bundleName" : {
+ "type" : "string",
+ "description" : "Optional field to indicate if this account is part of a bundle that is providing additional benefit for to the customer"
+ },
+ "specificAccountUType" : {
+ "type" : "string",
+ "description" : "The type of structure to present account specific fields.",
+ "enum" : [ "termDeposit", "creditCard", "loan" ]
+ },
+ "termDeposit" : {
+ "type" : "array",
+ "items" : {
+ "$ref" : "#/definitions/BankingTermDepositAccount"
+ }
+ },
+ "creditCard" : {
+ "$ref" : "#/definitions/BankingCreditCardAccount"
+ },
+ "loan" : {
+ "$ref" : "#/definitions/BankingLoanAccount"
+ },
+ "depositRate" : {
+ "type" : "string",
+ "description" : "current rate to calculate interest earned being applied to deposit balances as it stands at the time of the API call",
+ "x-cds-type" : "RateString"
+ },
+ "lendingRate" : {
+ "type" : "string",
+ "description" : "The current rate to calculate interest payable being applied to lending balances as it stands at the time of the API call",
+ "x-cds-type" : "RateString"
+ },
+ "depositRates" : {
+ "type" : "array",
+ "description" : "Fully described deposit rates for this account based on the equivalent structure in Product Reference",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductDepositRate"
+ }
+ },
+ "lendingRates" : {
+ "type" : "array",
+ "description" : "Fully described deposit rates for this account based on the equivalent structure in Product Reference",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductLendingRateV2"
+ }
+ },
+ "features" : {
+ "type" : "array",
+ "description" : "Array of features of the account based on the equivalent structure in Product Reference with the following additional field",
+ "items" : {
+ "type" : "object",
+ "allOf" : [ {
+ "$ref" : "#/definitions/BankingProductFeature"
+ }, {
+ "type" : "object",
+ "properties" : {
+ "isActivated" : {
+ "type" : "boolean",
+ "description" : "True if the feature is already activated and false if the feature is available for activation. Defaults to true if absent. (note this is an additional field appended to the feature object defined in the Product Reference payload)",
+ "default" : true,
+ "x-cds-type" : "Boolean"
+ }
+ }
+ } ]
+ }
+ },
+ "fees" : {
+ "type" : "array",
+ "description" : "Fees and charges applicable to the account based on the equivalent structure in Product Reference",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductFee"
+ }
+ },
+ "addresses" : {
+ "type" : "array",
+ "description" : "The addresses for the account to be used for correspondence",
+ "items" : {
+ "$ref" : "#/definitions/CommonPhysicalAddress"
+ }
+ }
+ },
+ "x-conditional" : [ "termDeposit", "creditCard", "loan" ]
+ } ]
+ },
+ "BankingTermDepositAccount" : {
+ "type" : "object",
+ "required" : [ "lodgementDate", "maturityDate", "maturityInstructions" ],
+ "properties" : {
+ "lodgementDate" : {
+ "type" : "string",
+ "description" : "The lodgement date of the original deposit",
+ "x-cds-type" : "DateString"
+ },
+ "maturityDate" : {
+ "type" : "string",
+ "description" : "Maturity date for the term deposit",
+ "x-cds-type" : "DateString"
+ },
+ "maturityAmount" : {
+ "type" : "string",
+ "description" : "Amount to be paid upon maturity. If absent it implies the amount to paid is variable and cannot currently be calculated",
+ "x-cds-type" : "AmountString"
+ },
+ "maturityCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "maturityInstructions" : {
+ "type" : "string",
+ "description" : "Current instructions on action to be taken at maturity. This includes default actions that may be specified in the terms and conditions for the product e.g. roll-over to the same term and frequency of interest payments",
+ "enum" : [ "ROLLED_OVER", "PAID_OUT_AT_MATURITY", "HOLD_ON_MATURITY" ]
+ }
+ }
+ },
+ "BankingCreditCardAccount" : {
+ "type" : "object",
+ "required" : [ "minPaymentAmount", "paymentDueAmount", "paymentDueDate" ],
+ "properties" : {
+ "minPaymentAmount" : {
+ "type" : "string",
+ "description" : "The minimum payment amount due for the next card payment",
+ "x-cds-type" : "AmountString"
+ },
+ "paymentDueAmount" : {
+ "type" : "string",
+ "description" : "The amount due for the next card payment",
+ "x-cds-type" : "AmountString"
+ },
+ "paymentCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "paymentDueDate" : {
+ "type" : "string",
+ "description" : "Date that the next payment for the card is due",
+ "x-cds-type" : "DateString"
+ }
+ }
+ },
+ "BankingLoanAccount" : {
+ "type" : "object",
+ "required" : [ "loanEndDate", "nextInstalmentDate", "repaymentFrequency" ],
+ "properties" : {
+ "originalStartDate" : {
+ "type" : "string",
+ "description" : "Optional original start date for the loan",
+ "x-cds-type" : "DateString"
+ },
+ "originalLoanAmount" : {
+ "type" : "string",
+ "description" : "Optional original loan value",
+ "x-cds-type" : "AmountString"
+ },
+ "originalLoanCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "loanEndDate" : {
+ "type" : "string",
+ "description" : "Date that the loan is due to be repaid in full",
+ "x-cds-type" : "DateString"
+ },
+ "nextInstalmentDate" : {
+ "type" : "string",
+ "description" : "Next date that an instalment is required",
+ "x-cds-type" : "DateString"
+ },
+ "minInstalmentAmount" : {
+ "type" : "string",
+ "description" : "Minimum amount of next instalment",
+ "x-cds-type" : "AmountString"
+ },
+ "minInstalmentCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "maxRedraw" : {
+ "type" : "string",
+ "description" : "Maximum amount of funds that can be redrawn. If not present redraw is not available even if the feature exists for the account",
+ "x-cds-type" : "AmountString"
+ },
+ "maxRedrawCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "minRedraw" : {
+ "type" : "string",
+ "description" : "Minimum redraw amount",
+ "x-cds-type" : "AmountString"
+ },
+ "minRedrawCurrency" : {
+ "type" : "string",
+ "description" : "If absent assumes AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "offsetAccountEnabled" : {
+ "type" : "boolean",
+ "description" : "Set to true if one or more offset accounts are configured for this loan account",
+ "x-cds-type" : "Boolean"
+ },
+ "offsetAccountIds" : {
+ "type" : "array",
+ "description" : "The accountIDs of the configured offset accounts attached to this loan. Only offset accounts that can be accessed under the current authorisation should be included. It is expected behaviour that offsetAccountEnabled is set to true but the offsetAccountIds field is absent or empty. This represents a situation where an offset account exists but details can not be accessed under the current authorisation",
+ "items" : {
+ "type" : "string",
+ "x-cds-type" : "ASCIIString"
+ }
+ },
+ "repaymentType" : {
+ "type" : "string",
+ "description" : "Options in place for repayments. If absent defaults to PRINCIPAL_AND_INTEREST",
+ "default" : "PRINCIPAL_AND_INTEREST",
+ "enum" : [ "INTEREST_ONLY", "PRINCIPAL_AND_INTEREST" ]
+ },
+ "repaymentFrequency" : {
+ "type" : "string",
+ "description" : "The expected or required repayment frequency. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ }
+ }
+ },
+ "ResponseBankingTransactionList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingTransactionList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "BankingTransaction" : {
+ "type" : "object",
+ "required" : [ "accountId", "amount", "description", "isDetailAvailable", "reference", "status", "type" ],
+ "properties" : {
+ "accountId" : {
+ "type" : "string",
+ "description" : "ID of the account for which transactions are provided",
+ "x-cds-type" : "ASCIIString"
+ },
+ "transactionId" : {
+ "type" : "string",
+ "description" : "A unique ID of the transaction adhering to the standards for ID permanence. This is mandatory (through hashing if necessary) unless there are specific and justifiable technical reasons why a transaction cannot be uniquely identified for a particular account type",
+ "x-cds-type" : "ASCIIString"
+ },
+ "isDetailAvailable" : {
+ "type" : "boolean",
+ "description" : "True if extended information is available using the transaction detail end point. False if extended data is not available",
+ "x-cds-type" : "Boolean"
+ },
+ "type" : {
+ "type" : "string",
+ "description" : "The type of the transaction",
+ "enum" : [ "DIRECT_DEBIT", "FEE", "INTEREST_CHARGED", "INTEREST_PAID", "PAYMENT", "TRANSFER_OUTGOING", "TRANSFER_INCOMING", "OTHER" ]
+ },
+ "status" : {
+ "type" : "string",
+ "description" : "Status of the transaction whether pending or posted. Note that there is currently no provision in the standards to guarantee the ability to correlate a pending transaction with an associated posted transaction",
+ "enum" : [ "PENDING", "POSTED" ]
+ },
+ "description" : {
+ "type" : "string",
+ "description" : "The transaction description as applied by the financial institution"
+ },
+ "postingDateTime" : {
+ "type" : "string",
+ "description" : "The time the transaction was posted. This field is Mandatory if the transaction has status POSTED. This is the time that appears on a standard statement",
+ "x-cds-type" : "DateTimeString"
+ },
+ "valueDateTime" : {
+ "type" : "string",
+ "description" : "Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit transaction entry",
+ "x-cds-type" : "DateTimeString"
+ },
+ "executionDateTime" : {
+ "type" : "string",
+ "description" : "The time the transaction was executed by the originating customer, if available",
+ "x-cds-type" : "DateTimeString"
+ },
+ "amount" : {
+ "type" : "string",
+ "description" : "The value of the transaction. Negative values mean money was outgoing from the account",
+ "x-cds-type" : "AmountString"
+ },
+ "currency" : {
+ "type" : "string",
+ "description" : "The currency for the transaction amount. AUD assumed if not present",
+ "x-cds-type" : "CurrencyString"
+ },
+ "reference" : {
+ "type" : "string",
+ "description" : "The reference for the transaction provided by the originating institution. Empty string if no data provided"
+ },
+ "merchantName" : {
+ "type" : "string",
+ "description" : "Name of the merchant for an outgoing payment to a merchant"
+ },
+ "merchantCategoryCode" : {
+ "type" : "string",
+ "description" : "The merchant category code (or MCC) for an outgoing payment to a merchant"
+ },
+ "billerCode" : {
+ "type" : "string",
+ "description" : "BPAY Biller Code for the transaction (if available)"
+ },
+ "billerName" : {
+ "type" : "string",
+ "description" : "Name of the BPAY biller for the transaction (if available)"
+ },
+ "crn" : {
+ "type" : "string",
+ "description" : "BPAY CRN for the transaction (if available)"
+ },
+ "apcaNumber" : {
+ "type" : "string",
+ "description" : "6 Digit APCA number for the initiating institution. The field is fixed-width and padded with leading zeros if applicable."
+ }
+ },
+ "x-conditional" : [ "transactionId", "postingDateTime" ]
+ },
+ "ResponseBankingTransactionById" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/BankingTransactionDetail"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "BankingTransactionDetail" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/BankingTransaction"
+ }, {
+ "type" : "object",
+ "required" : [ "extendedData" ],
+ "properties" : {
+ "extendedData" : {
+ "$ref" : "#/definitions/BankingTransactionDetail_extendedData"
+ }
+ }
+ } ]
+ },
+ "ResponseBankingAccountsBalanceList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingAccountsBalanceList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "ResponseBankingAccountsBalanceById" : {
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/BankingBalance"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "BankingBalance" : {
+ "type" : "object",
+ "required" : [ "accountId", "availableBalance", "currentBalance" ],
+ "properties" : {
+ "accountId" : {
+ "type" : "string",
+ "description" : "A unique ID of the account adhering to the standards for ID permanence",
+ "x-cds-type" : "ASCIIString"
+ },
+ "currentBalance" : {
+ "type" : "string",
+ "description" : "The balance of the account at this time. Should align to the balance available via other channels such as Internet Banking. Assumed to be negative if the customer has money owing",
+ "x-cds-type" : "AmountString"
+ },
+ "availableBalance" : {
+ "type" : "string",
+ "description" : "Balance representing the amount of funds available for transfer. Assumed to be zero or positive",
+ "x-cds-type" : "AmountString"
+ },
+ "creditLimit" : {
+ "type" : "string",
+ "description" : "Object representing the maximum amount of credit that is available for this account. Assumed to be zero if absent",
+ "x-cds-type" : "AmountString"
+ },
+ "amortisedLimit" : {
+ "type" : "string",
+ "description" : "Object representing the available limit amortised according to payment schedule. Assumed to be zero if absent",
+ "x-cds-type" : "AmountString"
+ },
+ "currency" : {
+ "type" : "string",
+ "description" : "The currency for the balance amounts. If absent assumed to be AUD",
+ "x-cds-type" : "CurrencyString"
+ },
+ "purses" : {
+ "type" : "array",
+ "description" : "Optional array of balances for the account in other currencies. Included to support accounts that support multi-currency purses such as Travel Cards",
+ "items" : {
+ "$ref" : "#/definitions/BankingBalancePurse"
+ }
+ }
+ }
+ },
+ "BankingBalancePurse" : {
+ "type" : "object",
+ "required" : [ "amount" ],
+ "properties" : {
+ "amount" : {
+ "type" : "string",
+ "description" : "The balance available for this additional currency purse",
+ "x-cds-type" : "AmountString"
+ },
+ "currency" : {
+ "type" : "string",
+ "description" : "The currency for the purse",
+ "x-cds-type" : "CurrencyString"
+ }
+ }
+ },
+ "ResponseBankingPayeeList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingPayeeList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "ResponseBankingPayeeById" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/BankingPayeeDetail"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "BankingPayee" : {
+ "type" : "object",
+ "required" : [ "nickname", "payeeId", "type" ],
+ "properties" : {
+ "payeeId" : {
+ "type" : "string",
+ "description" : "ID of the payee adhering to the rules of ID permanence",
+ "x-cds-type" : "ASCIIString"
+ },
+ "nickname" : {
+ "type" : "string",
+ "description" : "The short display name of the payee as provided by the customer. Where a customer has not provided a nickname, a display name derived by the bank for the payee consistent with existing digital banking channels"
+ },
+ "description" : {
+ "type" : "string",
+ "description" : "A description of the payee provided by the customer"
+ },
+ "type" : {
+ "type" : "string",
+ "description" : "The type of payee. DOMESTIC means a registered payee for domestic payments including NPP. INTERNATIONAL means a registered payee for international payments. BILLER means a registered payee for BPAY",
+ "enum" : [ "BILLER", "DOMESTIC", "INTERNATIONAL" ]
+ },
+ "creationDate" : {
+ "type" : "string",
+ "description" : "The date the payee was created by the customer",
+ "x-cds-type" : "DateString"
+ }
+ }
+ },
+ "BankingPayeeDetail" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/BankingPayee"
+ }, {
+ "type" : "object",
+ "required" : [ "payeeUType" ],
+ "properties" : {
+ "payeeUType" : {
+ "type" : "string",
+ "description" : "Type of object included that describes the payee in detail",
+ "enum" : [ "domestic", "biller", "international" ]
+ },
+ "domestic" : {
+ "$ref" : "#/definitions/BankingDomesticPayee"
+ },
+ "biller" : {
+ "$ref" : "#/definitions/BankingBillerPayee"
+ },
+ "international" : {
+ "$ref" : "#/definitions/BankingInternationalPayee"
+ }
+ },
+ "x-conditional" : [ "domestic", "biller", "international" ]
+ } ]
+ },
+ "BankingDomesticPayee" : {
+ "type" : "object",
+ "required" : [ "payeeAccountUType" ],
+ "properties" : {
+ "payeeAccountUType" : {
+ "type" : "string",
+ "description" : "Type of account object included. Valid values are: **account** A standard Australian account defined by BSB/Account Number. **card** A credit or charge card to pay to (note that PANs are masked). **payId** A PayID recognised by NPP",
+ "enum" : [ "account", "card", "payId" ]
+ },
+ "account" : {
+ "$ref" : "#/definitions/BankingDomesticPayeeAccount"
+ },
+ "card" : {
+ "$ref" : "#/definitions/BankingDomesticPayeeCard"
+ },
+ "payId" : {
+ "$ref" : "#/definitions/BankingDomesticPayeePayId"
+ }
+ },
+ "x-conditional" : [ "account", "card", "payId" ]
+ },
+ "BankingDomesticPayeeAccount" : {
+ "type" : "object",
+ "required" : [ "accountNumber", "bsb" ],
+ "properties" : {
+ "accountName" : {
+ "type" : "string",
+ "description" : "Name of the account to pay to"
+ },
+ "bsb" : {
+ "type" : "string",
+ "description" : "BSB of the account to pay to"
+ },
+ "accountNumber" : {
+ "type" : "string",
+ "description" : "Number of the account to pay to"
+ }
+ }
+ },
+ "BankingDomesticPayeeCard" : {
+ "type" : "object",
+ "required" : [ "cardNumber" ],
+ "properties" : {
+ "cardNumber" : {
+ "type" : "string",
+ "description" : "Name of the account to pay to",
+ "x-cds-type" : "MaskedPANString"
+ }
+ }
+ },
+ "BankingDomesticPayeePayId" : {
+ "type" : "object",
+ "required" : [ "identifier", "type" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "The name assigned to the PayID by the owner of the PayID"
+ },
+ "identifier" : {
+ "type" : "string",
+ "description" : "The identifier of the PayID (dependent on type)"
+ },
+ "type" : {
+ "type" : "string",
+ "description" : "The type of the PayID",
+ "enum" : [ "ABN", "EMAIL", "ORG_IDENTIFIER", "TELEPHONE" ]
+ }
+ }
+ },
+ "BankingBillerPayee" : {
+ "type" : "object",
+ "required" : [ "billerCode", "billerName" ],
+ "properties" : {
+ "billerCode" : {
+ "type" : "string",
+ "description" : "BPAY Biller Code of the Biller"
+ },
+ "crn" : {
+ "type" : "string",
+ "description" : "BPAY CRN of the Biller. If the contents of the CRN match the format of a Credit Card PAN then it should be masked using the rules applicable for the MaskedPANString common type"
+ },
+ "billerName" : {
+ "type" : "string",
+ "description" : "Name of the Biller"
+ }
+ },
+ "x-conditional" : [ "crn" ]
+ },
+ "BankingInternationalPayee" : {
+ "type" : "object",
+ "required" : [ "bankDetails", "beneficiaryDetails" ],
+ "properties" : {
+ "beneficiaryDetails" : {
+ "$ref" : "#/definitions/BankingInternationalPayee_beneficiaryDetails"
+ },
+ "bankDetails" : {
+ "$ref" : "#/definitions/BankingInternationalPayee_bankDetails"
+ }
+ }
+ },
+ "ResponseBankingDirectDebitAuthorisationList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingDirectDebitAuthorisationList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "BankingDirectDebit" : {
+ "type" : "object",
+ "required" : [ "accountId", "authorisedEntity" ],
+ "properties" : {
+ "accountId" : {
+ "type" : "string",
+ "description" : "A unique ID of the account adhering to the standards for ID permanence.",
+ "x-cds-type" : "ASCIIString"
+ },
+ "authorisedEntity" : {
+ "$ref" : "#/definitions/BankingAuthorisedEntity"
+ },
+ "lastDebitDateTime" : {
+ "type" : "string",
+ "description" : "The date and time of the last debit executed under this authorisation",
+ "x-cds-type" : "DateTimeString"
+ },
+ "lastDebitAmount" : {
+ "type" : "string",
+ "description" : "The amount of the last debit executed under this authorisation",
+ "x-cds-type" : "AmountString"
+ }
+ }
+ },
+ "BankingAuthorisedEntity" : {
+ "type" : "object",
+ "properties" : {
+ "description" : {
+ "type" : "string",
+ "description" : "Description of the authorised entity derived from previously executed direct debits"
+ },
+ "financialInstitution" : {
+ "type" : "string",
+ "description" : "Name of the financial institution through which the direct debit will be executed. Is required unless the payment is made via a credit card scheme"
+ },
+ "abn" : {
+ "type" : "string",
+ "description" : "Australian Business Number for the authorised entity"
+ },
+ "acn" : {
+ "type" : "string",
+ "description" : "Australian Company Number for the authorised entity"
+ },
+ "arbn" : {
+ "type" : "string",
+ "description" : "Australian Registered Body Number for the authorised entity"
+ }
+ }
+ },
+ "ResponseBankingScheduledPaymentsList" : {
+ "type" : "object",
+ "required" : [ "data", "links", "meta" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseBankingScheduledPaymentsList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/LinksPaginated"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/MetaPaginated"
+ }
+ }
+ },
+ "BankingScheduledPayment" : {
+ "type" : "object",
+ "required" : [ "from", "payeeReference", "payerReference", "paymentSet", "recurrence", "scheduledPaymentId", "status" ],
+ "properties" : {
+ "scheduledPaymentId" : {
+ "type" : "string",
+ "description" : "A unique ID of the scheduled payment adhering to the standards for ID permanence",
+ "x-cds-type" : "ASCIIString"
+ },
+ "nickname" : {
+ "type" : "string",
+ "description" : "The short display name of the payee as provided by the customer"
+ },
+ "payerReference" : {
+ "type" : "string",
+ "description" : "The reference for the transaction that will be used by the originating institution for the purposes of constructing a statement narrative on the payer’s account. Empty string if no data provided"
+ },
+ "payeeReference" : {
+ "type" : "string",
+ "description" : "The reference for the transaction that will be provided by the originating institution. Empty string if no data provided"
+ },
+ "status" : {
+ "type" : "string",
+ "description" : "Indicates whether the schedule is currently active. The value SKIP is equivalent to ACTIVE except that the customer has requested the next normal occurrence to be skipped.",
+ "enum" : [ "ACTIVE", "INACTIVE", "SKIP" ]
+ },
+ "from" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentFrom"
+ },
+ "paymentSet" : {
+ "type" : "array",
+ "items" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentSet"
+ }
+ },
+ "recurrence" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentRecurrence"
+ }
+ }
+ },
+ "BankingScheduledPaymentSet" : {
+ "required" : [ "to" ],
+ "properties" : {
+ "to" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentTo"
+ },
+ "isAmountCalculated" : {
+ "type" : "boolean",
+ "description" : "Flag indicating whether the amount of the payment is calculated based on the context of the event. For instance a payment to reduce the balance of a credit card to zero. If absent then false is assumed",
+ "x-cds-type" : "Boolean"
+ },
+ "amount" : {
+ "type" : "string",
+ "description" : "The amount of the next payment if known. Mandatory unless the isAmountCalculated field is set to true. Must be zero or positive if present",
+ "x-cds-type" : "AmountString"
+ },
+ "currency" : {
+ "type" : "string",
+ "description" : "The currency for the payment. AUD assumed if not present",
+ "x-cds-type" : "CurrencyString"
+ }
+ },
+ "description" : "The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry",
+ "x-conditional" : [ "amount" ]
+ },
+ "BankingScheduledPaymentTo" : {
+ "type" : "object",
+ "required" : [ "toUType" ],
+ "properties" : {
+ "toUType" : {
+ "type" : "string",
+ "description" : "The type of object provided that specifies the destination of the funds for the payment.",
+ "enum" : [ "accountId", "payeeId", "domestic", "biller", "international" ]
+ },
+ "accountId" : {
+ "type" : "string",
+ "description" : "Present if toUType is set to accountId. Indicates that the payment is to another account that is accessible under the current consent",
+ "x-cds-type" : "ASCIIString"
+ },
+ "payeeId" : {
+ "type" : "string",
+ "description" : "Present if toUType is set to payeeId. Indicates that the payment is to registered payee that can be accessed using the payee end point. If the Bank Payees scope has not been consented to then a payeeId should not be provided and the full payee details should be provided instead",
+ "x-cds-type" : "ASCIIString"
+ },
+ "domestic" : {
+ "$ref" : "#/definitions/BankingDomesticPayee"
+ },
+ "biller" : {
+ "$ref" : "#/definitions/BankingBillerPayee"
+ },
+ "international" : {
+ "$ref" : "#/definitions/BankingInternationalPayee"
+ }
+ },
+ "description" : "Object containing details of the destination of the payment. Used to specify a variety of payment destination types",
+ "x-conditional" : [ "accountId", "payeeId", "domestic", "biller", "international" ]
+ },
+ "BankingScheduledPaymentFrom" : {
+ "type" : "object",
+ "required" : [ "accountId" ],
+ "properties" : {
+ "accountId" : {
+ "type" : "string",
+ "description" : "ID of the account that is the source of funds for the payment",
+ "x-cds-type" : "ASCIIString"
+ }
+ },
+ "description" : "Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object"
+ },
+ "BankingScheduledPaymentRecurrence" : {
+ "type" : "object",
+ "required" : [ "recurrenceUType" ],
+ "properties" : {
+ "nextPaymentDate" : {
+ "type" : "string",
+ "description" : "The date of the next payment under the recurrence schedule",
+ "x-cds-type" : "DateString"
+ },
+ "recurrenceUType" : {
+ "type" : "string",
+ "description" : "The type of recurrence used to define the schedule",
+ "enum" : [ "onceOff", "intervalSchedule", "lastWeekDay", "eventBased" ]
+ },
+ "onceOff" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentRecurrenceOnceOff"
+ },
+ "intervalSchedule" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentRecurrenceIntervalSchedule"
+ },
+ "lastWeekDay" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentRecurrenceLastWeekday"
+ },
+ "eventBased" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentRecurrenceEventBased"
+ }
+ },
+ "description" : "Object containing the detail of the schedule for the payment",
+ "x-conditional" : [ "onceOff", "intervalSchedule", "lastWeekDay", "eventBased" ]
+ },
+ "BankingScheduledPaymentRecurrenceOnceOff" : {
+ "type" : "object",
+ "required" : [ "paymentDate" ],
+ "properties" : {
+ "paymentDate" : {
+ "type" : "string",
+ "description" : "The scheduled date for the once off payment",
+ "x-cds-type" : "DateString"
+ }
+ },
+ "description" : "Indicates that the payment is a once off payment on a specific future date. Mandatory if recurrenceUType is set to onceOff"
+ },
+ "BankingScheduledPaymentRecurrenceIntervalSchedule" : {
+ "type" : "object",
+ "required" : [ "intervals" ],
+ "properties" : {
+ "finalPaymentDate" : {
+ "type" : "string",
+ "description" : "The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely",
+ "x-cds-type" : "DateString"
+ },
+ "paymentsRemaining" : {
+ "type" : "integer",
+ "description" : "Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value, If neither field is present the payments will continue indefinitely",
+ "x-cds-type" : "PositiveInteger"
+ },
+ "nonBusinessDayTreatment" : {
+ "type" : "string",
+ "description" : "Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. **AFTER** - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. **BEFORE** - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. **ON** - If a scheduled payment date is a non-business day the payment will be made on that day regardless. **ONLY** - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored",
+ "default" : "ON",
+ "enum" : [ "AFTER", "BEFORE", "ON", "ONLY" ]
+ },
+ "intervals" : {
+ "type" : "array",
+ "description" : "An array of interval objects defining the payment schedule. Each entry in the array is additive, in that it adds payments to the overall payment schedule. If multiple intervals result in a payment on the same day then only one payment will be made. Must have at least one entry",
+ "items" : {
+ "$ref" : "#/definitions/BankingScheduledPaymentInterval"
+ }
+ }
+ },
+ "description" : "Indicates that the schedule of payments is defined by a series of intervals. Mandatory if recurrenceUType is set to intervalSchedule"
+ },
+ "BankingScheduledPaymentInterval" : {
+ "type" : "object",
+ "required" : [ "interval" ],
+ "properties" : {
+ "interval" : {
+ "type" : "string",
+ "description" : "An interval for the payment. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate",
+ "x-cds-type" : "ExternalRef"
+ },
+ "dayInInterval" : {
+ "type" : "string",
+ "description" : "Uses an interval to define the ordinal day within the interval defined by the interval field on which the payment occurs. If the resulting duration is 0 days in length or larger than the number of days in the interval then the payment will occur on the last day of the interval. A duration of 1 day indicates the first day of the interval. If absent the assumed value is P1D. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. The first day of a week is considered to be Monday.",
+ "x-cds-type" : "ExternalRef"
+ }
+ }
+ },
+ "BankingScheduledPaymentRecurrenceLastWeekday" : {
+ "type" : "object",
+ "required" : [ "interval", "lastWeekDay" ],
+ "properties" : {
+ "finalPaymentDate" : {
+ "type" : "string",
+ "description" : "The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely",
+ "x-cds-type" : "DateString"
+ },
+ "paymentsRemaining" : {
+ "type" : "integer",
+ "description" : "Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely",
+ "x-cds-type" : "PositiveInteger"
+ },
+ "interval" : {
+ "type" : "string",
+ "description" : "The interval for the payment. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate",
+ "x-cds-type" : "ExternalRef"
+ },
+ "lastWeekDay" : {
+ "type" : "string",
+ "description" : "The weekDay specified. The payment will occur on the last occurrence of this weekday in the interval.",
+ "enum" : [ "MON", "TUE", "WED", "THU", "FRI", "SAT", "SUN" ]
+ },
+ "nonBusinessDayTreatment" : {
+ "type" : "string",
+ "description" : "Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. **AFTER** - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. **BEFORE** - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. **ON** - If a scheduled payment date is a non-business day the payment will be made on that day regardless. **ONLY** - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored",
+ "default" : "ON",
+ "enum" : [ "AFTER", "BEFORE", "ON", "ONLY" ]
+ }
+ },
+ "description" : "Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay"
+ },
+ "BankingScheduledPaymentRecurrenceEventBased" : {
+ "type" : "object",
+ "required" : [ "description" ],
+ "properties" : {
+ "description" : {
+ "type" : "string",
+ "description" : "Description of the event and conditions that will result in the payment. Expected to be formatted for display to a customer"
+ }
+ },
+ "description" : "Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased"
+ },
+ "ResponseCommonDiscoveryStatus" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseCommonDiscoveryStatus_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "ResponseDiscoveryOutagesList" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseDiscoveryOutagesList_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ }
+ },
+ "DiscoveryOutage" : {
+ "type" : "object",
+ "required" : [ "duration", "explanation", "outageTime" ],
+ "properties" : {
+ "outageTime" : {
+ "type" : "string",
+ "description" : "Date and time that the outage is scheduled to begin",
+ "x-cds-type" : "DateTimeString"
+ },
+ "duration" : {
+ "type" : "string",
+ "description" : "Planned duration of the outage. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "isPartial" : {
+ "type" : "boolean",
+ "description" : "Flag that indicates, if present and set to true, that the outage is only partial meaning that only a subset of normally available end points will be affected by the outage",
+ "x-cds-type" : "Boolean"
+ },
+ "explanation" : {
+ "type" : "string",
+ "description" : "Provides an explanation of the current outage that can be displayed to an end customer"
+ }
+ }
+ },
+ "ResponseCommonCustomer" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseCommonCustomer_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ },
+ "x-conditional" : [ "person", "organisation" ]
+ },
+ "ResponseCommonCustomerDetail" : {
+ "type" : "object",
+ "required" : [ "data", "links" ],
+ "properties" : {
+ "data" : {
+ "$ref" : "#/definitions/ResponseCommonCustomerDetail_data"
+ },
+ "links" : {
+ "$ref" : "#/definitions/Links"
+ },
+ "meta" : {
+ "$ref" : "#/definitions/Meta"
+ }
+ },
+ "x-conditional" : [ "person", "organisation" ]
+ },
+ "CommonPerson" : {
+ "type" : "object",
+ "required" : [ "lastName", "middleNames" ],
+ "properties" : {
+ "lastUpdateTime" : {
+ "type" : "string",
+ "description" : "The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data",
+ "x-cds-type" : "DateTimeString"
+ },
+ "firstName" : {
+ "type" : "string",
+ "description" : "For people with single names this field need not be present. The single name should be in the lastName field"
+ },
+ "lastName" : {
+ "type" : "string",
+ "description" : "For people with single names the single name should be in this field"
+ },
+ "middleNames" : {
+ "type" : "array",
+ "description" : "Field is mandatory but array may be empty",
+ "items" : {
+ "type" : "string"
+ }
+ },
+ "prefix" : {
+ "type" : "string",
+ "description" : "Also known as title or salutation. The prefix to the name (e.g. Mr, Mrs, Ms, Miss, Sir, etc)"
+ },
+ "suffix" : {
+ "type" : "string",
+ "description" : "Used for a trailing suffix to the name (e.g. Jr)"
+ },
+ "occupationCode" : {
+ "type" : "string",
+ "description" : "Value is a valid [ANZSCO](http://www.abs.gov.au/ANZSCO) Standard Occupation classification code. If the occupation code held by the data holder is not one of the supported [ANZSCO](http://www.abs.gov.au/ANZSCO) versions, then it must not be supplied.",
+ "x-cds-type" : "ExternalRef"
+ },
+ "occupationCodeVersion" : {
+ "type" : "string",
+ "description" : "The applicable [ANZSCO](http://www.abs.gov.au/ANZSCO) release version of the occupation code provided. Mandatory if an ``occupationCode`` is supplied. If ``occupationCode`` is supplied but ``occupationCodeVersion`` is absent, default is ``ANZSCO_1220.0_2013_V1.2``",
+ "default" : "ANZSCO_1220.0_2013_V1.2",
+ "enum" : [ "ANZSCO_1220.0_2013_V1.3", "ANZSCO_1220.0_2013_V1.2", "ANZSCO_1220.0_2006_V1.1", "ANZSCO_1220.0_2006_V1.0" ]
+ }
+ },
+ "x-conditional" : [ "occupationCodeVersion" ]
+ },
+ "CommonPersonDetail" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/CommonPerson"
+ }, {
+ "type" : "object",
+ "required" : [ "emailAddresses", "phoneNumbers", "physicalAddresses" ],
+ "properties" : {
+ "phoneNumbers" : {
+ "type" : "array",
+ "description" : "Array is mandatory but may be empty if no phone numbers are held",
+ "items" : {
+ "$ref" : "#/definitions/CommonPhoneNumber"
+ }
+ },
+ "emailAddresses" : {
+ "type" : "array",
+ "description" : "May be empty",
+ "items" : {
+ "$ref" : "#/definitions/CommonEmailAddress"
+ }
+ },
+ "physicalAddresses" : {
+ "type" : "array",
+ "description" : "Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail",
+ "items" : {
+ "$ref" : "#/definitions/CommonPhysicalAddressWithPurpose"
+ }
+ }
+ }
+ } ]
+ },
+ "CommonOrganisation" : {
+ "type" : "object",
+ "required" : [ "agentLastName", "agentRole", "businessName", "organisationType" ],
+ "properties" : {
+ "lastUpdateTime" : {
+ "type" : "string",
+ "description" : "The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data",
+ "x-cds-type" : "DateTimeString"
+ },
+ "agentFirstName" : {
+ "type" : "string",
+ "description" : "The first name of the individual providing access on behalf of the organisation. For people with single names this field need not be present. The single name should be in the lastName field"
+ },
+ "agentLastName" : {
+ "type" : "string",
+ "description" : "The last name of the individual providing access on behalf of the organisation. For people with single names the single name should be in this field"
+ },
+ "agentRole" : {
+ "type" : "string",
+ "description" : "The role of the individual identified as the agent who is providing authorisation. Expected to be used for display. Default to Unspecified if the role is not known"
+ },
+ "businessName" : {
+ "type" : "string",
+ "description" : "Name of the organisation"
+ },
+ "legalName" : {
+ "type" : "string",
+ "description" : "Legal name, if different to the business name"
+ },
+ "shortName" : {
+ "type" : "string",
+ "description" : "Short name used for communication, if different to the business name"
+ },
+ "abn" : {
+ "type" : "string",
+ "description" : "Australian Business Number for the organisation"
+ },
+ "acn" : {
+ "type" : "string",
+ "description" : "Australian Company Number for the organisation. Required only if an ACN is applicable for the organisation type"
+ },
+ "isACNCRegistered" : {
+ "type" : "boolean",
+ "description" : "True if registered with the ACNC. False if not. Absent or null if not confirmed.",
+ "x-cds-type" : "Boolean"
+ },
+ "industryCode" : {
+ "type" : "string",
+ "description" : "A valid [ANZSIC](http://www.abs.gov.au/ANZSIC) code for the organisation. If the industry code held by the data holder is not one of the supported [ANZSIC](http://www.abs.gov.au/ANZSIC) versions, then it must not be supplied.",
+ "x-cds-type" : "ExternalRef"
+ },
+ "industryCodeVersion" : {
+ "type" : "string",
+ "description" : "The applicable [ANZSIC](http://www.abs.gov.au/ANZSIC) release version of the industry code provided. Should only be supplied if ``industryCode`` is also supplied. If ``industryCode`` is supplied but ``industryCodeVersion`` is absent, default is ``ANZSIC_1292.0_2006_V2.0``",
+ "default" : "ANZSIC_1292.0_2006_V2.0",
+ "enum" : [ "ANZSIC_1292.0_2006_V2.0", "ANZSIC_1292.0_2006_V1.0" ]
+ },
+ "organisationType" : {
+ "type" : "string",
+ "description" : "Legal organisation type",
+ "enum" : [ "COMPANY", "GOVERNMENT_ENTITY", "PARTNERSHIP", "SOLE_TRADER", "TRUST", "OTHER" ]
+ },
+ "registeredCountry" : {
+ "type" : "string",
+ "description" : "Enumeration with values from [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country codes. Assumed to be AUS if absent",
+ "x-cds-type" : "ExternalRef"
+ },
+ "establishmentDate" : {
+ "type" : "string",
+ "description" : "The date the organisation described was established",
+ "x-cds-type" : "DateString"
+ }
+ },
+ "x-conditional" : [ "industryCodeVersion" ]
+ },
+ "CommonOrganisationDetail" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/CommonOrganisation"
+ }, {
+ "type" : "object",
+ "required" : [ "physicalAddresses" ],
+ "properties" : {
+ "physicalAddresses" : {
+ "type" : "array",
+ "description" : "Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail",
+ "items" : {
+ "$ref" : "#/definitions/CommonPhysicalAddressWithPurpose"
+ }
+ }
+ }
+ } ]
+ },
+ "CommonPhoneNumber" : {
+ "type" : "object",
+ "required" : [ "fullNumber", "number", "purpose" ],
+ "properties" : {
+ "isPreferred" : {
+ "type" : "boolean",
+ "description" : "May be true for one and only one entry to indicate the preferred phone number. Assumed to be 'false' if not present",
+ "x-cds-type" : "Boolean"
+ },
+ "purpose" : {
+ "type" : "string",
+ "description" : "The purpose of the number as specified by the customer",
+ "enum" : [ "MOBILE", "HOME", "INTERNATIONAL", "WORK", "OTHER", "UNSPECIFIED" ]
+ },
+ "countryCode" : {
+ "type" : "string",
+ "description" : "If absent, assumed to be Australia (+61). The + should be included"
+ },
+ "areaCode" : {
+ "type" : "string",
+ "description" : "Required for non Mobile Phones, if field is present and refers to Australian code - the leading 0 should be omitted."
+ },
+ "number" : {
+ "type" : "string",
+ "description" : "The actual phone number, with leading zeros as appropriate"
+ },
+ "extension" : {
+ "type" : "string",
+ "description" : "An extension number (if applicable)"
+ },
+ "fullNumber" : {
+ "type" : "string",
+ "description" : "Fully formatted phone number with country code, area code, number and extension incorporated. Formatted according to section 5.1.4. of [RFC 3966](https://www.ietf.org/rfc/rfc3966.txt)",
+ "x-cds-type" : "ExternalRef"
+ }
+ },
+ "x-conditional" : [ "areaCode" ]
+ },
+ "CommonEmailAddress" : {
+ "type" : "object",
+ "required" : [ "address", "purpose" ],
+ "properties" : {
+ "isPreferred" : {
+ "type" : "boolean",
+ "description" : "May be true for one and only one email record in the collection. Denotes the default email address",
+ "x-cds-type" : "Boolean"
+ },
+ "purpose" : {
+ "type" : "string",
+ "description" : "The purpose for the email, as specified by the customer (Enumeration)",
+ "enum" : [ "WORK", "HOME", "OTHER", "UNSPECIFIED" ]
+ },
+ "address" : {
+ "type" : "string",
+ "description" : "A correctly formatted email address, as defined by the addr_spec format in [RFC 5322](https://www.ietf.org/rfc/rfc5322.txt)",
+ "x-cds-type" : "ExternalRef"
+ }
+ }
+ },
+ "CommonPhysicalAddressWithPurpose" : {
+ "allOf" : [ {
+ "$ref" : "#/definitions/CommonPhysicalAddress"
+ }, {
+ "type" : "object",
+ "required" : [ "purpose" ],
+ "properties" : {
+ "purpose" : {
+ "type" : "string",
+ "description" : "Enumeration of values indicating the purpose of the physical address",
+ "enum" : [ "MAIL", "PHYSICAL", "REGISTERED", "WORK", "OTHER" ]
+ }
+ }
+ } ]
+ },
+ "CommonPhysicalAddress" : {
+ "type" : "object",
+ "required" : [ "addressUType" ],
+ "properties" : {
+ "addressUType" : {
+ "type" : "string",
+ "description" : "The type of address object present",
+ "enum" : [ "simple", "paf" ]
+ },
+ "simple" : {
+ "$ref" : "#/definitions/CommonSimpleAddress"
+ },
+ "paf" : {
+ "$ref" : "#/definitions/CommonPAFAddress"
+ }
+ },
+ "x-conditional" : [ "simple", "paf" ]
+ },
+ "CommonSimpleAddress" : {
+ "type" : "object",
+ "required" : [ "addressLine1", "city", "state" ],
+ "properties" : {
+ "mailingName" : {
+ "type" : "string",
+ "description" : "Name of the individual or business formatted for inclusion in an address used for physical mail"
+ },
+ "addressLine1" : {
+ "type" : "string",
+ "description" : "First line of the standard address object"
+ },
+ "addressLine2" : {
+ "type" : "string",
+ "description" : "Second line of the standard address object"
+ },
+ "addressLine3" : {
+ "type" : "string",
+ "description" : "Third line of the standard address object"
+ },
+ "postcode" : {
+ "type" : "string",
+ "description" : "Mandatory for Australian addresses"
+ },
+ "city" : {
+ "type" : "string",
+ "description" : "Name of the city or locality"
+ },
+ "state" : {
+ "type" : "string",
+ "description" : "Free text if the country is not Australia. If country is Australia then must be one of the values defined by the [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf) in the PAF file format. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT"
+ },
+ "country" : {
+ "type" : "string",
+ "description" : "A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code. Australia (AUS) is assumed if country is not present.",
+ "default" : "AUS",
+ "x-cds-type" : "ExternalRef"
+ }
+ },
+ "x-conditional" : [ "postcode" ]
+ },
+ "CommonPAFAddress" : {
+ "type" : "object",
+ "required" : [ "localityName", "postcode", "state" ],
+ "properties" : {
+ "dpid" : {
+ "type" : "string",
+ "description" : "Unique identifier for an address as defined by Australia Post. Also known as Delivery Point Identifier"
+ },
+ "thoroughfareNumber1" : {
+ "type" : "integer",
+ "description" : "Thoroughfare number for a property (first number in a property ranged address)",
+ "x-cds-type" : "PositiveInteger"
+ },
+ "thoroughfareNumber1Suffix" : {
+ "type" : "string",
+ "description" : "Suffix for the thoroughfare number. Only relevant is thoroughfareNumber1 is populated"
+ },
+ "thoroughfareNumber2" : {
+ "type" : "integer",
+ "description" : "Second thoroughfare number (only used if the property has a ranged address eg 23-25)",
+ "x-cds-type" : "PositiveInteger"
+ },
+ "thoroughfareNumber2Suffix" : {
+ "type" : "string",
+ "description" : "Suffix for the second thoroughfare number. Only relevant is thoroughfareNumber2 is populated"
+ },
+ "flatUnitType" : {
+ "type" : "string",
+ "description" : "Type of flat or unit for the address"
+ },
+ "flatUnitNumber" : {
+ "type" : "string",
+ "description" : "Unit number (including suffix, if applicable)"
+ },
+ "floorLevelType" : {
+ "type" : "string",
+ "description" : "Type of floor or level for the address"
+ },
+ "floorLevelNumber" : {
+ "type" : "string",
+ "description" : "Floor or level number (including alpha characters)"
+ },
+ "lotNumber" : {
+ "type" : "string",
+ "description" : "Allotment number for the address"
+ },
+ "buildingName1" : {
+ "type" : "string",
+ "description" : "Building/Property name 1"
+ },
+ "buildingName2" : {
+ "type" : "string",
+ "description" : "Building/Property name 2"
+ },
+ "streetName" : {
+ "type" : "string",
+ "description" : "The name of the street"
+ },
+ "streetType" : {
+ "type" : "string",
+ "description" : "The street type. Valid enumeration defined by Australia Post PAF code file"
+ },
+ "streetSuffix" : {
+ "type" : "string",
+ "description" : "The street type suffix. Valid enumeration defined by Australia Post PAF code file"
+ },
+ "postalDeliveryType" : {
+ "type" : "string",
+ "description" : "Postal delivery type. (eg. PO BOX). Valid enumeration defined by Australia Post PAF code file"
+ },
+ "postalDeliveryNumber" : {
+ "type" : "integer",
+ "description" : "Postal delivery number if the address is a postal delivery type",
+ "x-cds-type" : "PositiveInteger"
+ },
+ "postalDeliveryNumberPrefix" : {
+ "type" : "string",
+ "description" : "Postal delivery number prefix related to the postal delivery number"
+ },
+ "postalDeliveryNumberSuffix" : {
+ "type" : "string",
+ "description" : "Postal delivery number suffix related to the postal delivery number"
+ },
+ "localityName" : {
+ "type" : "string",
+ "description" : "Full name of locality"
+ },
+ "postcode" : {
+ "type" : "string",
+ "description" : "Postcode for the locality"
+ },
+ "state" : {
+ "type" : "string",
+ "description" : "State in which the address belongs. Valid enumeration defined by Australia Post PAF code file [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf). NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT"
+ }
+ },
+ "description" : "Australian address formatted according to the file format defined by the [PAF file format](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf)"
+ },
+ "Links" : {
+ "type" : "object",
+ "required" : [ "self" ],
+ "properties" : {
+ "self" : {
+ "type" : "string",
+ "description" : "Fully qualified link that generated the current response document",
+ "x-cds-type" : "URIString"
+ }
+ }
+ },
+ "Meta" : {
+ "type" : "object"
+ },
+ "LinksPaginated" : {
+ "type" : "object",
+ "required" : [ "self" ],
+ "properties" : {
+ "self" : {
+ "type" : "string",
+ "description" : "Fully qualified link that generated the current response document",
+ "x-cds-type" : "URIString"
+ },
+ "first" : {
+ "type" : "string",
+ "description" : "URI to the first page of this set. Mandatory if this response is not the first page",
+ "x-cds-type" : "URIString"
+ },
+ "prev" : {
+ "type" : "string",
+ "description" : "URI to the previous page of this set. Mandatory if this response is not the first page",
+ "x-cds-type" : "URIString"
+ },
+ "next" : {
+ "type" : "string",
+ "description" : "URI to the next page of this set. Mandatory if this response is not the last page",
+ "x-cds-type" : "URIString"
+ },
+ "last" : {
+ "type" : "string",
+ "description" : "URI to the last page of this set. Mandatory if this response is not the last page",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "x-conditional" : [ "prev", "next", "first", "last" ]
+ },
+ "MetaPaginated" : {
+ "type" : "object",
+ "required" : [ "totalPages", "totalRecords" ],
+ "properties" : {
+ "totalRecords" : {
+ "type" : "integer",
+ "description" : "The total number of records in the full set. See [pagination](#pagination).",
+ "x-cds-type" : "NaturalNumber"
+ },
+ "totalPages" : {
+ "type" : "integer",
+ "description" : "The total number of pages in the full set. See [pagination](#pagination).",
+ "x-cds-type" : "NaturalNumber"
+ }
+ }
+ },
+ "ResponseErrorList" : {
+ "type" : "object",
+ "required" : [ "errors" ],
+ "properties" : {
+ "errors" : {
+ "type" : "array",
+ "items" : {
+ "$ref" : "#/definitions/ResponseErrorList_errors"
+ }
+ }
+ }
+ },
+ "BankingProductCategory" : {
+ "type" : "string",
+ "description" : "The category to which a product or account belongs. See [here](#product-categories) for more details",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ },
+ "RequestAccountIds_data" : {
+ "required" : [ "accountIds" ],
+ "properties" : {
+ "accountIds" : {
+ "type" : "array",
+ "items" : {
+ "type" : "string",
+ "description" : "Array of specific accountIds to obtain authorisations for",
+ "x-cds-type" : "ASCIIString"
+ }
+ }
+ }
+ },
+ "ResponseBankingProductList_data" : {
+ "required" : [ "products" ],
+ "properties" : {
+ "products" : {
+ "type" : "array",
+ "description" : "The list of products returned. If the filter results in an empty set then this array may have no records",
+ "items" : {
+ "$ref" : "#/definitions/BankingProductV3"
+ }
+ }
+ }
+ },
+ "BankingProductV3_additionalInformation" : {
+ "properties" : {
+ "overviewUri" : {
+ "type" : "string",
+ "description" : "General overview of the product",
+ "x-cds-type" : "URIString"
+ },
+ "termsUri" : {
+ "type" : "string",
+ "description" : "Terms and conditions for the product",
+ "x-cds-type" : "URIString"
+ },
+ "eligibilityUri" : {
+ "type" : "string",
+ "description" : "Eligibility rules and criteria for the product",
+ "x-cds-type" : "URIString"
+ },
+ "feesAndPricingUri" : {
+ "type" : "string",
+ "description" : "Description of fees, pricing, discounts, exemptions and bonuses for the product",
+ "x-cds-type" : "URIString"
+ },
+ "bundleUri" : {
+ "type" : "string",
+ "description" : "Description of a bundle that this product can be part of",
+ "x-cds-type" : "URIString"
+ }
+ },
+ "description" : "Object that contains links to additional information on specific topics"
+ },
+ "BankingProductV3_cardArt" : {
+ "required" : [ "imageUri" ],
+ "properties" : {
+ "title" : {
+ "type" : "string",
+ "description" : "Display label for the specific image"
+ },
+ "imageUri" : {
+ "type" : "string",
+ "description" : "URI reference to a PNG, JPG or GIF image with proportions defined by ISO 7810 ID-1 and width no greater than 512 pixels. The URI reference may be a link or url-encoded data URI [RFC 2397](https://tools.ietf.org/html/rfc2397)",
+ "x-cds-type" : "URIString"
+ }
+ }
+ },
+ "ResponseBankingAccountList_data" : {
+ "required" : [ "accounts" ],
+ "properties" : {
+ "accounts" : {
+ "type" : "array",
+ "description" : "The list of accounts returned. If the filter results in an empty set then this array may have no records",
+ "items" : {
+ "$ref" : "#/definitions/BankingAccount"
+ }
+ }
+ }
+ },
+ "ResponseBankingTransactionList_data" : {
+ "required" : [ "transactions" ],
+ "properties" : {
+ "transactions" : {
+ "type" : "array",
+ "items" : {
+ "$ref" : "#/definitions/BankingTransaction"
+ }
+ }
+ }
+ },
+ "BankingTransactionDetail_extendedData_x2p101Payload" : {
+ "required" : [ "extendedDescription" ],
+ "properties" : {
+ "extendedDescription" : {
+ "type" : "string",
+ "description" : "An extended string description. Only present if specified by the extensionUType field"
+ },
+ "endToEndId" : {
+ "type" : "string",
+ "description" : "An end to end ID for the payment created at initiation"
+ },
+ "purposeCode" : {
+ "type" : "string",
+ "description" : "Purpose of the payment. Format is defined by NPP standards for the x2p1.01 overlay service"
+ }
+ }
+ },
+ "BankingTransactionDetail_extendedData" : {
+ "required" : [ "service" ],
+ "properties" : {
+ "payer" : {
+ "type" : "string",
+ "description" : "Label of the originating payer. Mandatory for inbound payment"
+ },
+ "payee" : {
+ "type" : "string",
+ "description" : "Label of the target PayID. Mandatory for an outbound payment. The name assigned to the BSB/Account Number or PayID (by the owner of the PayID)"
+ },
+ "extensionUType" : {
+ "type" : "string",
+ "description" : "Optional extended data provided specific to transaction originated via NPP",
+ "enum" : [ "x2p101Payload" ]
+ },
+ "x2p101Payload" : {
+ "$ref" : "#/definitions/BankingTransactionDetail_extendedData_x2p101Payload"
+ },
+ "service" : {
+ "type" : "string",
+ "description" : "Identifier of the applicable overlay service. Valid values are: X2P1.01",
+ "enum" : [ "X2P1.01" ]
+ }
+ }
+ },
+ "ResponseBankingAccountsBalanceList_data" : {
+ "required" : [ "balances" ],
+ "properties" : {
+ "balances" : {
+ "type" : "array",
+ "description" : "The list of balances returned",
+ "items" : {
+ "$ref" : "#/definitions/BankingBalance"
+ }
+ }
+ }
+ },
+ "ResponseBankingPayeeList_data" : {
+ "required" : [ "payees" ],
+ "properties" : {
+ "payees" : {
+ "type" : "array",
+ "description" : "The list of payees returned",
+ "items" : {
+ "$ref" : "#/definitions/BankingPayee"
+ }
+ }
+ }
+ },
+ "BankingInternationalPayee_beneficiaryDetails" : {
+ "required" : [ "country" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "Name of the beneficiary"
+ },
+ "country" : {
+ "type" : "string",
+ "description" : "Country where the beneficiary resides. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code",
+ "x-cds-type" : "ExternalRef"
+ },
+ "message" : {
+ "type" : "string",
+ "description" : "Response message for the payment"
+ }
+ }
+ },
+ "BankingInternationalPayee_bankDetails_bankAddress" : {
+ "required" : [ "address", "name" ],
+ "properties" : {
+ "name" : {
+ "type" : "string",
+ "description" : "Name of the recipient Bank"
+ },
+ "address" : {
+ "type" : "string",
+ "description" : "Address of the recipient Bank"
+ }
+ }
+ },
+ "BankingInternationalPayee_bankDetails" : {
+ "required" : [ "accountNumber", "country" ],
+ "properties" : {
+ "country" : {
+ "type" : "string",
+ "description" : "Country of the recipient institution. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code",
+ "x-cds-type" : "ExternalRef"
+ },
+ "accountNumber" : {
+ "type" : "string",
+ "description" : "Account Targeted for payment"
+ },
+ "bankAddress" : {
+ "$ref" : "#/definitions/BankingInternationalPayee_bankDetails_bankAddress"
+ },
+ "beneficiaryBankBIC" : {
+ "type" : "string",
+ "description" : "Swift bank code. Aligns with standard [ISO 9362](https://www.iso.org/standard/60390.html)",
+ "x-cds-type" : "ExternalRef"
+ },
+ "fedWireNumber" : {
+ "type" : "string",
+ "description" : "Number for Fedwire payment (Federal Reserve Wire Network)"
+ },
+ "sortCode" : {
+ "type" : "string",
+ "description" : "Sort code used for account identification in some jurisdictions"
+ },
+ "chipNumber" : {
+ "type" : "string",
+ "description" : "Number for the Clearing House Interbank Payments System"
+ },
+ "routingNumber" : {
+ "type" : "string",
+ "description" : "International bank routing number"
+ },
+ "legalEntityIdentifier" : {
+ "type" : "string",
+ "description" : "The legal entity identifier (LEI) for the beneficiary. Aligns with [ISO 17442](https://www.iso.org/standard/59771.html)",
+ "x-cds-type" : "ExternalRef"
+ }
+ }
+ },
+ "ResponseBankingDirectDebitAuthorisationList_data" : {
+ "required" : [ "directDebitAuthorisations" ],
+ "properties" : {
+ "directDebitAuthorisations" : {
+ "type" : "array",
+ "description" : "The list of authorisations returned",
+ "items" : {
+ "$ref" : "#/definitions/BankingDirectDebit"
+ }
+ }
+ }
+ },
+ "ResponseBankingScheduledPaymentsList_data" : {
+ "required" : [ "scheduledPayments" ],
+ "properties" : {
+ "scheduledPayments" : {
+ "type" : "array",
+ "description" : "The list of scheduled payments to return",
+ "items" : {
+ "$ref" : "#/definitions/BankingScheduledPayment"
+ }
+ }
+ }
+ },
+ "ResponseCommonDiscoveryStatus_data" : {
+ "required" : [ "status", "updateTime" ],
+ "properties" : {
+ "status" : {
+ "type" : "string",
+ "description" : "Enumeration with values. OK (implementation is fully functional). PARTIAL_FAILURE (one or more end points are unexpectedly unavailable). UNAVAILABLE (the full implementation is unexpectedly unavailable). SCHEDULED_OUTAGE (an advertised outage is in effect)",
+ "enum" : [ "OK", "PARTIAL_FAILURE", "SCHEDULED_OUTAGE", "UNAVAILABLE" ]
+ },
+ "explanation" : {
+ "type" : "string",
+ "description" : "Provides an explanation of the current outage that can be displayed to an end customer. Mandatory if the status property is any value other than OK"
+ },
+ "detectionTime" : {
+ "type" : "string",
+ "description" : "The date and time that the current outage was detected. Should only be present if the status property is PARTIAL_FAILURE or UNAVAILABLE",
+ "x-cds-type" : "DateTimeString"
+ },
+ "expectedResolutionTime" : {
+ "type" : "string",
+ "description" : "The date and time that full service is expected to resume (if known). Should not be present if the status property has a value of OK.",
+ "x-cds-type" : "DateTimeString"
+ },
+ "updateTime" : {
+ "type" : "string",
+ "description" : "The date and time that this status was last updated by the Data Holder.",
+ "x-cds-type" : "DateTimeString"
+ }
+ }
+ },
+ "ResponseDiscoveryOutagesList_data" : {
+ "required" : [ "outages" ],
+ "properties" : {
+ "outages" : {
+ "type" : "array",
+ "description" : "List of scheduled outages. Property is mandatory but may contain and empty list if no outages are scheduled",
+ "items" : {
+ "$ref" : "#/definitions/DiscoveryOutage"
+ }
+ }
+ }
+ },
+ "ResponseCommonCustomer_data" : {
+ "required" : [ "customerUType" ],
+ "properties" : {
+ "customerUType" : {
+ "type" : "string",
+ "description" : "The type of customer object that is present",
+ "enum" : [ "person", "organisation" ]
+ },
+ "person" : {
+ "$ref" : "#/definitions/CommonPerson"
+ },
+ "organisation" : {
+ "$ref" : "#/definitions/CommonOrganisation"
+ }
+ }
+ },
+ "ResponseCommonCustomerDetail_data" : {
+ "required" : [ "customerUType" ],
+ "properties" : {
+ "customerUType" : {
+ "type" : "string",
+ "description" : "The type of customer object that is present",
+ "enum" : [ "person", "organisation" ]
+ },
+ "person" : {
+ "$ref" : "#/definitions/CommonPersonDetail"
+ },
+ "organisation" : {
+ "$ref" : "#/definitions/CommonOrganisationDetail"
+ }
+ }
+ },
+ "ResponseErrorList_errors" : {
+ "required" : [ "code", "detail", "title" ],
+ "properties" : {
+ "code" : {
+ "type" : "string",
+ "description" : "Must be one of the following: 0001 – Account not able to be found"
+ },
+ "title" : {
+ "type" : "string",
+ "description" : "Must be one of the following: Invalid account"
+ },
+ "detail" : {
+ "type" : "string",
+ "description" : "ID of the account not found"
+ },
+ "meta" : {
+ "type" : "object",
+ "description" : "Optional additional data for specific error types",
+ "properties" : { }
+ }
+ }
+ }
+ },
+ "parameters" : {
+ "RequestHeader_x-v" : {
+ "name" : "x-v",
+ "in" : "header",
+ "description" : "Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)",
+ "required" : true,
+ "type" : "string"
+ },
+ "RequestHeader_x-min-v" : {
+ "name" : "x-min-v",
+ "in" : "header",
+ "description" : "Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.",
+ "required" : false,
+ "type" : "string"
+ },
+ "RequestHeader_x-fapi-interaction-id" : {
+ "name" : "x-fapi-interaction-id",
+ "in" : "header",
+ "description" : "An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.",
+ "required" : false,
+ "type" : "string"
+ },
+ "RequestHeader_x-fapi-auth-date" : {
+ "name" : "x-fapi-auth-date",
+ "in" : "header",
+ "description" : "The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ },
+ "RequestHeader_x-fapi-customer-ip-address" : {
+ "name" : "x-fapi-customer-ip-address",
+ "in" : "header",
+ "description" : "The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.",
+ "required" : false,
+ "type" : "string"
+ },
+ "RequestHeader_x-cds-client-headers" : {
+ "name" : "x-cds-client-headers",
+ "in" : "header",
+ "description" : "The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "Base64"
+ },
+ "ParamAccountOpenStatus" : {
+ "name" : "open-status",
+ "in" : "query",
+ "description" : "Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed",
+ "required" : false,
+ "type" : "string",
+ "default" : "ALL",
+ "enum" : [ "OPEN", "CLOSED", "ALL" ]
+ },
+ "ParamProductCategory" : {
+ "name" : "product-category",
+ "in" : "query",
+ "description" : "Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.",
+ "required" : false,
+ "type" : "string",
+ "enum" : [ "BUSINESS_LOANS", "CRED_AND_CHRG_CARDS", "LEASES", "MARGIN_LOANS", "OVERDRAFTS", "PERS_LOANS", "REGULATED_TRUST_ACCOUNTS", "RESIDENTIAL_MORTGAGES", "TERM_DEPOSITS", "TRADE_FINANCE", "TRAVEL_CARDS", "TRANS_AND_SAVINGS_ACCOUNTS" ]
+ },
+ "ParamAccountIsOwned" : {
+ "name" : "is-owned",
+ "in" : "query",
+ "description" : "Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts",
+ "required" : false,
+ "type" : "boolean",
+ "x-cds-type" : "Boolean"
+ },
+ "ParamPage" : {
+ "name" : "page",
+ "in" : "query",
+ "description" : "Page of results to request (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 1,
+ "x-cds-type" : "PositiveInteger"
+ },
+ "ParamPageSize" : {
+ "name" : "page-size",
+ "in" : "query",
+ "description" : "Page size to request. Default is 25 (standard pagination)",
+ "required" : false,
+ "type" : "integer",
+ "default" : 25,
+ "x-cds-type" : "PositiveInteger"
+ },
+ "ParamTransactionNewestTime" : {
+ "name" : "newest-time",
+ "in" : "query",
+ "description" : "Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "DateTimeString"
+ },
+ "ParamTransactionOldestTime" : {
+ "name" : "oldest-time",
+ "in" : "query",
+ "description" : "Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "DateTimeString"
+ },
+ "ParamTransactionMinAmount" : {
+ "name" : "min-amount",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions with amounts higher or equal to than this amount",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "AmountString"
+ },
+ "ParamTransactionMaxAmount" : {
+ "name" : "max-amount",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions with amounts less than or equal to than this amount",
+ "required" : false,
+ "type" : "string",
+ "x-cds-type" : "AmountString"
+ },
+ "ParamTransactionText" : {
+ "name" : "text",
+ "in" : "query",
+ "description" : "Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)",
+ "required" : false,
+ "type" : "string"
+ }
+ }
+}
\ No newline at end of file
diff --git a/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.yaml b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.yaml
new file mode 100644
index 00000000..debf60b7
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/includes/swagger/cds_full.yaml
@@ -0,0 +1,4057 @@
+---
+swagger: "2.0"
+info:
+ description: API sets created by the Australian Consumer Data Standards to meet the needs of the Consumer Data Right
+ version: 1.5.1
+ title: Consumer Data Standards
+ contact:
+ name: Consumer Data Standards
+ url: https://consumerdatastandards.org.au/
+ email: cdr-data61@csiro.au
+ license:
+ name: MIT License
+ url: https://opensource.org/licenses/MIT
+host: data.holder.com.au
+basePath: /cds-au/v1
+schemes:
+- https
+consumes:
+- application/json
+produces:
+- application/json
+paths:
+ /banking/accounts:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Accounts
+ description: Obtain a list of accounts
+ operationId: listAccounts
+ parameters:
+ - name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ - name: open-status
+ in: query
+ description: Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - OPEN
+ - CLOSED
+ - ALL
+ - name: is-owned
+ in: query
+ description: Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
+ required: false
+ type: boolean
+ x-cds-type: Boolean
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingAccountList'
+ x-scopes:
+ - bank:accounts.basic:read
+ x-version: "1"
+ /banking/accounts/balances:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Bulk Balances
+ description: Obtain balances for multiple, filtered accounts
+ operationId: listBalancesBulk
+ parameters:
+ - name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ - name: open-status
+ in: query
+ description: Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - OPEN
+ - CLOSED
+ - ALL
+ - name: is-owned
+ in: query
+ description: Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
+ required: false
+ type: boolean
+ x-cds-type: Boolean
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingAccountsBalanceList'
+ x-scopes:
+ - bank:accounts.basic:read
+ x-version: "1"
+ post:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Balances For Specific Accounts
+ description: Obtain balances for a specified list of accounts
+ operationId: listBalancesSpecificAccounts
+ parameters:
+ - in: body
+ name: accountIds
+ description: The list of account IDs to obtain balances for
+ required: true
+ schema:
+ $ref: '#/definitions/RequestAccountIds'
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingAccountsBalanceList'
+ 422:
+ description: The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
+ headers:
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseErrorList'
+ x-scopes:
+ - bank:accounts.basic:read
+ x-version: "1"
+ /banking/accounts/{accountId}/balance:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Account Balance
+ description: Obtain the balance for a single specified account
+ operationId: getBalance
+ parameters:
+ - name: accountId
+ in: path
+ description: ID of the specific account requested
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingAccountsBalanceById'
+ x-scopes:
+ - bank:accounts.basic:read
+ x-version: "1"
+ /banking/accounts/{accountId}:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Account Detail
+ description: Obtain detailed information on a single account
+ operationId: getAccountDetail
+ parameters:
+ - name: accountId
+ in: path
+ description: A tokenised identifier for the account which is unique but not shareable
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingAccountById'
+ x-scopes:
+ - bank:accounts.detail:read
+ x-version: "1"
+ /banking/accounts/{accountId}/transactions:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Transactions For Account
+ description: |-
+ Obtain transactions for a specific account.
+
+ Some general notes that apply to all end points that retrieve transactions:
+
+ - Where multiple transactions are returned, transactions should be ordered according to effective date in descending order
+ - As the date and time for a transaction can alter depending on status and transaction type two separate date/times are included in the payload. There are still some scenarios where neither of these time stamps is available. For the purpose of filtering and ordering it is expected that the data holder will use the “effective” date/time which will be defined as:
+ - Posted date/time if available, then
+ - Execution date/time if available, then
+ - A reasonable date/time nominated by the data holder using internal data structures
+ - For transaction amounts it should be assumed that a negative value indicates a reduction of the available balance on the account while a positive value indicates an increase in the available balance on the account
+ - For aggregated transactions (ie. groups of sub transactions reported as a single entry for the account) only the aggregated information, with as much consistent information accross the subsidiary transactions as possible, is required to be shared
+ operationId: getTransactions
+ parameters:
+ - name: accountId
+ in: path
+ description: ID of the account to get transactions for. Must have previously been returned by one of the account list end points.
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: oldest-time
+ in: query
+ description: Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type
+ required: false
+ type: string
+ x-cds-type: DateTimeString
+ - name: newest-time
+ in: query
+ description: Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type
+ required: false
+ type: string
+ x-cds-type: DateTimeString
+ - name: min-amount
+ in: query
+ description: Filter transactions to only transactions with amounts higher or equal to than this amount
+ required: false
+ type: string
+ x-cds-type: AmountString
+ - name: max-amount
+ in: query
+ description: Filter transactions to only transactions with amounts less than or equal to than this amount
+ required: false
+ type: string
+ x-cds-type: AmountString
+ - name: text
+ in: query
+ description: Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)
+ required: false
+ type: string
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingTransactionList'
+ x-scopes:
+ - bank:transactions:read
+ x-version: "1"
+ /banking/accounts/{accountId}/transactions/{transactionId}:
+ get:
+ tags:
+ - Banking
+ - Accounts
+ summary: Get Transaction Detail
+ description: Obtain detailed information on a transaction for a specific account
+ operationId: getTransactionDetail
+ parameters:
+ - name: accountId
+ in: path
+ description: ID of the account to get transactions for. Must have previously been returned by one of the account list end points
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: transactionId
+ in: path
+ description: ID of the transaction obtained from a previous call to one of the other transaction end points
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingTransactionById'
+ x-scopes:
+ - bank:transactions:read
+ x-version: "1"
+ /banking/accounts/{accountId}/direct-debits:
+ get:
+ tags:
+ - Banking
+ - Direct Debits
+ summary: Get Direct Debits For Account
+ description: Obtain direct debit authorisations for a specific account
+ operationId: listDirectDebits
+ parameters:
+ - name: accountId
+ in: path
+ description: ID of the account to get direct debit authorisations for. Must have previously been returned by one of the account list end points.
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingDirectDebitAuthorisationList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ /banking/accounts/direct-debits:
+ get:
+ tags:
+ - Banking
+ - Direct Debits
+ summary: Get Bulk Direct Debits
+ description: Obtain direct debit authorisations for multiple, filtered accounts
+ operationId: listDirectDebitsBulk
+ parameters:
+ - name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ - name: open-status
+ in: query
+ description: Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - OPEN
+ - CLOSED
+ - ALL
+ - name: is-owned
+ in: query
+ description: Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
+ required: false
+ type: boolean
+ x-cds-type: Boolean
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingDirectDebitAuthorisationList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ post:
+ tags:
+ - Banking
+ - Direct Debits
+ summary: Get Direct Debits For Specific Accounts
+ description: Obtain direct debit authorisations for a specified list of accounts
+ operationId: listDirectDebitsSpecificAccounts
+ parameters:
+ - in: body
+ name: accountIds
+ description: Array of specific accountIds to obtain authorisations for
+ required: true
+ schema:
+ $ref: '#/definitions/RequestAccountIds'
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingDirectDebitAuthorisationList'
+ 422:
+ description: The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
+ headers:
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseErrorList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ /banking/accounts/{accountId}/payments/scheduled:
+ get:
+ tags:
+ - Banking
+ - Scheduled Payments
+ summary: Get Scheduled Payments for Account
+ description: Obtain scheduled, outgoing payments for a specific account
+ operationId: listScheduledPayments
+ parameters:
+ - name: accountId
+ in: path
+ description: ID of the account to get scheduled payments for. Must have previously been returned by one of the account list end points. The account specified is the source account for the payment
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingScheduledPaymentsList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ /banking/payments/scheduled:
+ get:
+ tags:
+ - Banking
+ - Scheduled Payments
+ summary: Get Scheduled Payments Bulk
+ description: Obtain scheduled payments for multiple, filtered accounts that are the source of funds for the payments
+ operationId: listScheduledPaymentsBulk
+ parameters:
+ - name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ - name: open-status
+ in: query
+ description: Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - OPEN
+ - CLOSED
+ - ALL
+ - name: is-owned
+ in: query
+ description: Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
+ required: false
+ type: boolean
+ x-cds-type: Boolean
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingScheduledPaymentsList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ post:
+ tags:
+ - Banking
+ - Scheduled Payments
+ summary: Get Scheduled Payments For Specific Accounts
+ description: Obtain scheduled payments for a specified list of accounts
+ operationId: listScheduledPaymentsSpecificAccounts
+ parameters:
+ - in: body
+ name: accountIds
+ description: Array of specific accountIds to obtain scheduled payments for. The accounts specified are the source of funds for the payments returned
+ required: true
+ schema:
+ $ref: '#/definitions/RequestAccountIds'
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingScheduledPaymentsList'
+ 422:
+ description: The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
+ headers:
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseErrorList'
+ x-scopes:
+ - bank:regular_payments:read
+ x-version: "1"
+ /banking/payees:
+ get:
+ tags:
+ - Banking
+ - Payees
+ summary: Get Payees
+ description: Obtain a list of pre-registered payees
+ operationId: listPayees
+ parameters:
+ - name: type
+ in: query
+ description: Filter on the payee type field. In addition to normal type field values, ALL can be specified to retrieve all payees. If absent the assumed value is ALL
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - BILLER
+ - DOMESTIC
+ - INTERNATIONAL
+ - ALL
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingPayeeList'
+ x-scopes:
+ - bank:payees:read
+ x-version: "1"
+ /banking/payees/{payeeId}:
+ get:
+ tags:
+ - Banking
+ - Payees
+ summary: Get Payee Detail
+ description: |-
+ Obtain detailed information on a single payee.
+
+ Note that the payee sub-structure should be selected to represent the payment destination only rather than any known characteristics of the payment recipient
+ operationId: getPayeeDetail
+ parameters:
+ - name: payeeId
+ in: path
+ description: The ID used to locate the details of a particular payee
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseBankingPayeeById'
+ x-scopes:
+ - bank:payees:read
+ x-version: "1"
+ /banking/products:
+ get:
+ tags:
+ - Banking
+ - Products
+ summary: Get Products
+ description: |-
+ Obtain a list of products that are currently openly offered to the market
+
+ Note that the results returned by this end point are expected to be ordered in descending order according to ``lastUpdated``.
+
+ ### Conventions
+ In the product reference payloads there are a number of recurring conventions that are explained here, in one place.
+
+ #### Arrays Of Features
+
+ In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:
+
+ - Each element in an array has the same structure so that clients can reliably interpret the payloads
+ - Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.
+ - Each element has a field name [additionalValue](#productfeaturetypedoc). This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.
+ - An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.
+ - An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.
+ - Depending on the type of data being represented there may be additional specific fields.
+
+ #### URIs To More Information
+
+ As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.
+
+ These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.
+
+ #### Linkage To Accounts
+ From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.
+
+ For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.
+
+ Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.
+
+ #### Dates
+ It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.
+
+ In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.
+
+ NOTE: This version must be implemented by **February 2021**
+
+ Obsolete versions: [v1](includes/obsolete/get-products-v1.html) [v2](includes/obsolete/get-products-v2.html)
+ operationId: listProducts
+ parameters:
+ - name: effective
+ in: query
+ description: Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'
+ required: false
+ type: string
+ default: CURRENT
+ enum:
+ - CURRENT
+ - FUTURE
+ - ALL
+ - name: updated-since
+ in: query
+ description: Only include products that have been updated after the specified date and time. If absent defaults to include all products
+ required: false
+ type: string
+ x-cds-type: DateTimeString
+ - name: brand
+ in: query
+ description: Filter results based on a specific brand
+ required: false
+ type: string
+ - name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ - name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ - name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ schema:
+ $ref: '#/definitions/ResponseBankingProductList'
+ x-version: "3"
+ /banking/products/{productId}:
+ get:
+ tags:
+ - Banking
+ - Products
+ summary: Get Product Detail
+ description: |-
+ Obtain detailed information on a single product offered openly to the market.
+
+ NOTE: This version must be implemented by **February 2021**
+
+ Obsolete versions: [v1](includes/obsolete/get-product-detail-v1.html) [v2](includes/obsolete/get-product-detail-v2.html)
+ operationId: getProductDetail
+ parameters:
+ - name: productId
+ in: path
+ description: ID of the specific product requested
+ required: true
+ type: string
+ x-cds-type: ASCIIString
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ schema:
+ $ref: '#/definitions/ResponseBankingProductById'
+ x-version: "3"
+ /common/customer:
+ get:
+ tags:
+ - Common
+ - Customer
+ summary: Get Customer
+ description: Obtain basic information on the customer that has authorised the current session
+ operationId: getCustomer
+ parameters:
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseCommonCustomer'
+ x-scopes:
+ - common:customer.basic:read
+ x-version: "1"
+ /common/customer/detail:
+ get:
+ tags:
+ - Common
+ - Customer
+ summary: Get Customer Detail
+ description: Obtain detailed information on the authorised customer within the current session.
+ operationId: getCustomerDetail
+ parameters:
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ - name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ - name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ - name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ x-fapi-interaction-id:
+ type: string
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ schema:
+ $ref: '#/definitions/ResponseCommonCustomerDetail'
+ x-scopes:
+ - common:customer.detail:read
+ x-version: "1"
+ /discovery/status:
+ get:
+ tags:
+ - Common
+ - Discovery
+ summary: Get Status
+ description: Obtain a health check status for the implementation
+ operationId: getStatus
+ parameters:
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ schema:
+ $ref: '#/definitions/ResponseCommonDiscoveryStatus'
+ x-version: "1"
+ /discovery/outages:
+ get:
+ tags:
+ - Common
+ - Discovery
+ summary: Get Outages
+ description: Obtain a list of scheduled outages for the implementation
+ operationId: getOutages
+ parameters:
+ - name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ - name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ responses:
+ 200:
+ description: Success
+ headers:
+ x-v:
+ type: string
+ description: The [version](#response-headers) of the API end point that the data holder has responded with.
+ schema:
+ $ref: '#/definitions/ResponseDiscoveryOutagesList'
+ x-version: "1"
+definitions:
+ RequestAccountIds:
+ type: object
+ required:
+ - data
+ properties:
+ data:
+ $ref: '#/definitions/RequestAccountIds_data'
+ meta:
+ $ref: '#/definitions/Meta'
+ ResponseBankingProductList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingProductList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ BankingProductV3:
+ type: object
+ required:
+ - brand
+ - description
+ - isTailored
+ - lastUpdated
+ - name
+ - productCategory
+ - productId
+ properties:
+ productId:
+ type: string
+ description: A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
+ x-cds-type: ASCIIString
+ effectiveFrom:
+ type: string
+ description: The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
+ x-cds-type: DateTimeString
+ effectiveTo:
+ type: string
+ description: The date and time at which this product will be retired and will no longer be offered. Used to enable the managed deprecation of products
+ x-cds-type: DateTimeString
+ lastUpdated:
+ type: string
+ description: The last date and time that the information for this product was changed (or the creation date for the product if it has never been altered)
+ x-cds-type: DateTimeString
+ productCategory:
+ $ref: '#/definitions/BankingProductCategory'
+ name:
+ type: string
+ description: The display name of the product
+ description:
+ type: string
+ description: A description of the product
+ brand:
+ type: string
+ description: A label of the brand for the product. Able to be used for filtering. For data holders with single brands this value is still required
+ brandName:
+ type: string
+ description: An optional display name of the brand
+ applicationUri:
+ type: string
+ description: A link to an application web page where this product can be applied for.
+ x-cds-type: URIString
+ isTailored:
+ type: boolean
+ description: Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+ x-cds-type: Boolean
+ additionalInformation:
+ $ref: '#/definitions/BankingProductV3_additionalInformation'
+ cardArt:
+ type: array
+ description: An array of card art images
+ items:
+ $ref: '#/definitions/BankingProductV3_cardArt'
+ ResponseBankingProductById:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/BankingProductDetailV3'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ BankingProductDetailV3:
+ allOf:
+ - $ref: '#/definitions/BankingProductV3'
+ - type: object
+ properties:
+ bundles:
+ type: array
+ description: An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also
+ items:
+ $ref: '#/definitions/BankingProductBundle'
+ features:
+ type: array
+ description: Array of features available for the product
+ items:
+ $ref: '#/definitions/BankingProductFeature'
+ constraints:
+ type: array
+ description: Constraints on the application for or operation of the product such as minimum balances or limit thresholds
+ items:
+ $ref: '#/definitions/BankingProductConstraint'
+ eligibility:
+ type: array
+ description: Eligibility criteria for the product
+ items:
+ $ref: '#/definitions/BankingProductEligibility'
+ fees:
+ type: array
+ description: Fees applicable for the product
+ items:
+ $ref: '#/definitions/BankingProductFee'
+ depositRates:
+ type: array
+ description: Interest rates available for deposits
+ items:
+ $ref: '#/definitions/BankingProductDepositRate'
+ lendingRates:
+ type: array
+ description: Interest rates charged against lending balances
+ items:
+ $ref: '#/definitions/BankingProductLendingRateV2'
+ BankingProductBundle:
+ type: object
+ required:
+ - description
+ - name
+ properties:
+ name:
+ type: string
+ description: Name of the bundle
+ description:
+ type: string
+ description: Description of the bundle
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the bundle
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on the bundle criteria and benefits
+ x-cds-type: URIString
+ productIds:
+ type: array
+ description: Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points
+ items:
+ type: string
+ x-cds-type: ASCIIString
+ BankingProductFeature:
+ type: object
+ required:
+ - featureType
+ properties:
+ featureType:
+ type: string
+ description: The type of feature described
+ enum:
+ - ADDITIONAL_CARDS
+ - BALANCE_TRANSFERS
+ - BILL_PAYMENT
+ - BONUS_REWARDS
+ - CARD_ACCESS
+ - COMPLEMENTARY_PRODUCT_DISCOUNTS
+ - DIGITAL_BANKING
+ - DIGITAL_WALLET
+ - DONATE_INTEREST
+ - FREE_TXNS
+ - FREE_TXNS_ALLOWANCE
+ - INSURANCE
+ - INTEREST_FREE
+ - INTEREST_FREE_TRANSFERS
+ - LOYALTY_PROGRAM
+ - NOTIFICATIONS
+ - NPP_ENABLED
+ - NPP_PAYID
+ - OFFSET
+ - OVERDRAFT
+ - REDRAW
+ - UNLIMITED_TXNS
+ - OTHER
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [featureType](#tocSproductfeaturetypedoc) specified. Whether mandatory or not is dependent on the value of the [featureType.](#tocSproductfeaturetypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the feature. Mandatory if the [feature type](#tocSproductfeaturetypedoc) is set to OTHER
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this feature
+ x-cds-type: URIString
+ x-conditional:
+ - additionalValue
+ - additionalInfo
+ BankingProductConstraint:
+ type: object
+ required:
+ - constraintType
+ properties:
+ constraintType:
+ type: string
+ description: The type of constraint described. See the next section for an overview of valid values and their meaning
+ enum:
+ - MIN_BALANCE
+ - MIN_LIMIT
+ - MAX_BALANCE
+ - MAX_LIMIT
+ - OPENING_BALANCE
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [constraintType](#tocSproductconstrainttypedoc) specified. Whether mandatory or not is dependent on the value of [constraintType](#tocSproductconstrainttypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information the constraint
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on the constraint
+ x-cds-type: URIString
+ x-conditional:
+ - additionalValue
+ BankingProductEligibility:
+ type: object
+ required:
+ - eligibilityType
+ properties:
+ eligibilityType:
+ type: string
+ description: The type of eligibility criteria described. See the next section for an overview of valid values and their meaning
+ enum:
+ - BUSINESS
+ - EMPLOYMENT_STATUS
+ - MAX_AGE
+ - MIN_AGE
+ - MIN_INCOME
+ - MIN_TURNOVER
+ - NATURAL_PERSON
+ - PENSION_RECIPIENT
+ - RESIDENCY_STATUS
+ - STAFF
+ - STUDENT
+ - OTHER
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [eligibilityType](#tocSproducteligibilitytypedoc) specified. Whether mandatory or not is dependent on the value of [eligibilityType](#tocSproducteligibilitytypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the [eligibility](#tocSproducteligibilitytypedoc) criteria. Mandatory if the field is set to OTHER
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this eligibility criteria
+ x-cds-type: URIString
+ x-conditional:
+ - additionalValue
+ - additionalInfo
+ BankingProductFee:
+ type: object
+ required:
+ - feeType
+ - name
+ properties:
+ name:
+ type: string
+ description: Name of the fee
+ feeType:
+ type: string
+ description: The type of fee
+ enum:
+ - DEPOSIT
+ - EVENT
+ - EXIT
+ - PAYMENT
+ - PERIODIC
+ - PURCHASE
+ - TRANSACTION
+ - UPFRONT
+ - VARIABLE
+ - WITHDRAWAL
+ amount:
+ type: string
+ description: The amount charged for the fee. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* "VARIABLE" is supplied
+ x-cds-type: AmountString
+ balanceRate:
+ type: string
+ description: A fee rate calculated based on a proportion of the balance. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* "VARIABLE" is supplied.
+ x-cds-type: RateString
+ transactionRate:
+ type: string
+ description: A fee rate calculated based on a proportion of a transaction. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* "VARIABLE" is supplied
+ x-cds-type: RateString
+ accruedRate:
+ type: string
+ description: A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the *feeType* "VARIABLE" is supplied
+ x-cds-type: RateString
+ accrualFrequency:
+ type: string
+ description: The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ currency:
+ type: string
+ description: The currency the fee will be charged in. Assumes AUD if absent
+ x-cds-type: CurrencyString
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [feeType](#tocSproductfeetypedoc) specified. Whether mandatory or not is dependent on the value of [feeType](#tocSproductfeetypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the fee
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this fee
+ x-cds-type: URIString
+ discounts:
+ type: array
+ description: An optional list of discounts to this fee that may be available
+ items:
+ $ref: '#/definitions/BankingProductDiscount'
+ x-conditional:
+ - additionalValue
+ - amount
+ - balanceRate
+ - transactionRate
+ - accruedRate
+ BankingProductDiscount:
+ type: object
+ required:
+ - description
+ - discountType
+ properties:
+ description:
+ type: string
+ description: Description of the discount
+ discountType:
+ type: string
+ description: The type of discount. See the next section for an overview of valid values and their meaning
+ enum:
+ - BALANCE
+ - DEPOSITS
+ - ELIGIBILITY_ONLY
+ - FEE_CAP
+ - PAYMENTS
+ amount:
+ type: string
+ description: Dollar value of the discount. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory.
+ x-cds-type: AmountString
+ balanceRate:
+ type: string
+ description: A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+ x-cds-type: RateString
+ transactionRate:
+ type: string
+ description: A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory
+ x-cds-type: RateString
+ accruedRate:
+ type: string
+ description: A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+ x-cds-type: RateString
+ feeRate:
+ type: string
+ description: A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+ x-cds-type: RateString
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [discountType](#tocSproductdiscounttypedoc) specified. Whether mandatory or not is dependent on the value of [discountType](#tocSproductdiscounttypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the discount
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this discount
+ x-cds-type: URIString
+ eligibility:
+ type: array
+ description: Eligibility constraints that apply to this discount. Mandatory if ``discountType`` is ``ELIGIBILITY_ONLY``.
+ items:
+ $ref: '#/definitions/BankingProductDiscountEligibility'
+ x-conditional:
+ - accruedRate
+ - additionalValue
+ - amount
+ - balanceRate
+ - eligibility
+ - feeRate
+ - transactionRate
+ BankingProductDiscountEligibility:
+ type: object
+ required:
+ - discountEligibilityType
+ properties:
+ discountEligibilityType:
+ type: string
+ description: The type of the specific eligibility constraint for a discount
+ enum:
+ - BUSINESS
+ - EMPLOYMENT_STATUS
+ - INTRODUCTORY
+ - MAX_AGE
+ - MIN_AGE
+ - MIN_INCOME
+ - MIN_TURNOVER
+ - NATURAL_PERSON
+ - PENSION_RECIPIENT
+ - RESIDENCY_STATUS
+ - STAFF
+ - STUDENT
+ - OTHER
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [discountEligibilityType](#tocSproductdiscounteligibilitydoc) specified. Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on this eligibility constraint. Whether mandatory or not is dependent on the value of [discountEligibilityType](#tocSproductdiscounteligibilitydoc)
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this eligibility constraint
+ x-cds-type: URIString
+ x-conditional:
+ - additionalInfo
+ - additionalValue
+ BankingProductDepositRate:
+ type: object
+ required:
+ - depositRateType
+ - rate
+ properties:
+ depositRateType:
+ type: string
+ description: The type of rate (base, bonus, etc). See the next section for an overview of valid values and their meaning
+ enum:
+ - BONUS
+ - BUNDLE_BONUS
+ - FIXED
+ - FLOATING
+ - INTRODUCTORY
+ - MARKET_LINKED
+ - VARIABLE
+ rate:
+ type: string
+ description: The rate to be applied
+ x-cds-type: RateString
+ calculationFrequency:
+ type: string
+ description: The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ applicationFrequency:
+ type: string
+ description: The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ tiers:
+ type: array
+ description: Rate tiers applicable for this rate
+ items:
+ $ref: '#/definitions/BankingProductRateTierV3'
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [depositRateType](#tocSproductdepositratetypedoc) specified. Whether mandatory or not is dependent on the value of [depositRateType](#tocSproductdepositratetypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the rate
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this rate
+ x-cds-type: URIString
+ x-conditional:
+ - additionalValue
+ BankingProductLendingRateV2:
+ type: object
+ required:
+ - lendingRateType
+ - rate
+ properties:
+ lendingRateType:
+ type: string
+ description: The type of rate (fixed, variable, etc). See the next section for an overview of valid values and their meaning
+ enum:
+ - BUNDLE_DISCOUNT_FIXED
+ - BUNDLE_DISCOUNT_VARIABLE
+ - CASH_ADVANCE
+ - DISCOUNT
+ - FLOATING
+ - INTRODUCTORY
+ - MARKET_LINKED
+ - PENALTY
+ - PURCHASE
+ - VARIABLE
+ - FIXED
+ rate:
+ type: string
+ description: The rate to be applied
+ x-cds-type: RateString
+ comparisonRate:
+ type: string
+ description: A comparison rate equivalent for this rate
+ x-cds-type: RateString
+ calculationFrequency:
+ type: string
+ description: The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ applicationFrequency:
+ type: string
+ description: The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ interestPaymentDue:
+ type: string
+ description: When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered
+ enum:
+ - IN_ADVANCE
+ - IN_ARREARS
+ repaymentType:
+ type: string
+ description: Options in place for repayments. If absent, the lending rate is applicable to all repayment types
+ enum:
+ - INTEREST_ONLY
+ - PRINCIPAL_AND_INTEREST
+ loanPurpose:
+ type: string
+ description: The reason for taking out the loan. If absent, the lending rate is applicable to all loan purposes
+ enum:
+ - OWNER_OCCUPIED
+ - INVESTMENT
+ tiers:
+ type: array
+ description: Rate tiers applicable for this rate
+ items:
+ $ref: '#/definitions/BankingProductRateTierV3'
+ additionalValue:
+ type: string
+ description: Generic field containing additional information relevant to the [lendingRateType](#tocSproductlendingratetypedoc) specified. Whether mandatory or not is dependent on the value of [lendingRateType](#tocSproductlendingratetypedoc)
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the rate.
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this rate
+ x-cds-type: URIString
+ x-conditional:
+ - additionalValue
+ BankingProductRateTierV3:
+ type: object
+ required:
+ - minimumValue
+ - name
+ - unitOfMeasure
+ properties:
+ name:
+ type: string
+ description: A display name for the tier
+ unitOfMeasure:
+ type: string
+ description: The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a **DOLLAR** amount. **PERCENT** (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of **MONTH**'s or **DAY**'s (in the case of term deposit tiers)
+ enum:
+ - DOLLAR
+ - PERCENT
+ - DAY
+ - MONTH
+ minimumValue:
+ type: number
+ description: The number of tierUnitOfMeasure units that form the lower bound of the tier. The tier should be inclusive of this value
+ x-cds-type: Number
+ maximumValue:
+ type: number
+ description: 'The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier''s range has no upper bound.'
+ x-cds-type: Number
+ rateApplicationMethod:
+ type: string
+ description: The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
+ enum:
+ - PER_TIER
+ - WHOLE_BALANCE
+ applicabilityConditions:
+ $ref: '#/definitions/BankingProductRateCondition'
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the rate tier.
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this rate tier
+ x-cds-type: URIString
+ description: Defines the criteria and conditions for which a rate applies
+ BankingProductRateCondition:
+ type: object
+ properties:
+ additionalInfo:
+ type: string
+ description: Display text providing more information on the condition
+ additionalInfoUri:
+ type: string
+ description: Link to a web page with more information on this condition
+ x-cds-type: URIString
+ description: Defines a condition for the applicability of a tiered rate
+ ResponseBankingAccountList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingAccountList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ BankingAccount:
+ type: object
+ required:
+ - accountId
+ - displayName
+ - maskedNumber
+ - productCategory
+ - productName
+ properties:
+ accountId:
+ type: string
+ description: A unique ID of the account adhering to the standards for ID permanence
+ x-cds-type: ASCIIString
+ creationDate:
+ type: string
+ description: Date that the account was created (if known)
+ x-cds-type: DateString
+ displayName:
+ type: string
+ description: The display name of the account as defined by the bank. This should not incorporate account numbers or PANs. If it does the values should be masked according to the rules of the MaskedAccountString common type.
+ nickname:
+ type: string
+ description: A customer supplied nick name for the account
+ openStatus:
+ type: string
+ description: Open or closed status for the account. If not present then OPEN is assumed
+ default: OPEN
+ enum:
+ - OPEN
+ - CLOSED
+ isOwned:
+ type: boolean
+ description: Flag indicating that the customer associated with the authorisation is an owner of the account. Does not indicate sole ownership, however. If not present then 'true' is assumed
+ default: true
+ x-cds-type: Boolean
+ maskedNumber:
+ type: string
+ description: A masked version of the account. Whether BSB/Account Number, Credit Card PAN or another number
+ x-cds-type: MaskedAccountString
+ productCategory:
+ $ref: '#/definitions/BankingProductCategory'
+ productName:
+ type: string
+ description: The unique identifier of the account as defined by the data holder (akin to model number for the account)
+ ResponseBankingAccountById:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/BankingAccountDetail'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ BankingAccountDetail:
+ allOf:
+ - $ref: '#/definitions/BankingAccount'
+ - type: object
+ properties:
+ bsb:
+ type: string
+ description: The unmasked BSB for the account. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+ accountNumber:
+ type: string
+ description: The unmasked account number for the account. Should not be supplied if the account number is a PAN requiring PCI compliance. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+ bundleName:
+ type: string
+ description: Optional field to indicate if this account is part of a bundle that is providing additional benefit for to the customer
+ specificAccountUType:
+ type: string
+ description: The type of structure to present account specific fields.
+ enum:
+ - termDeposit
+ - creditCard
+ - loan
+ termDeposit:
+ type: array
+ items:
+ $ref: '#/definitions/BankingTermDepositAccount'
+ creditCard:
+ $ref: '#/definitions/BankingCreditCardAccount'
+ loan:
+ $ref: '#/definitions/BankingLoanAccount'
+ depositRate:
+ type: string
+ description: current rate to calculate interest earned being applied to deposit balances as it stands at the time of the API call
+ x-cds-type: RateString
+ lendingRate:
+ type: string
+ description: The current rate to calculate interest payable being applied to lending balances as it stands at the time of the API call
+ x-cds-type: RateString
+ depositRates:
+ type: array
+ description: Fully described deposit rates for this account based on the equivalent structure in Product Reference
+ items:
+ $ref: '#/definitions/BankingProductDepositRate'
+ lendingRates:
+ type: array
+ description: Fully described deposit rates for this account based on the equivalent structure in Product Reference
+ items:
+ $ref: '#/definitions/BankingProductLendingRateV2'
+ features:
+ type: array
+ description: Array of features of the account based on the equivalent structure in Product Reference with the following additional field
+ items:
+ type: object
+ allOf:
+ - $ref: '#/definitions/BankingProductFeature'
+ - type: object
+ properties:
+ isActivated:
+ type: boolean
+ description: True if the feature is already activated and false if the feature is available for activation. Defaults to true if absent. (note this is an additional field appended to the feature object defined in the Product Reference payload)
+ default: true
+ x-cds-type: Boolean
+ fees:
+ type: array
+ description: Fees and charges applicable to the account based on the equivalent structure in Product Reference
+ items:
+ $ref: '#/definitions/BankingProductFee'
+ addresses:
+ type: array
+ description: The addresses for the account to be used for correspondence
+ items:
+ $ref: '#/definitions/CommonPhysicalAddress'
+ x-conditional:
+ - termDeposit
+ - creditCard
+ - loan
+ BankingTermDepositAccount:
+ type: object
+ required:
+ - lodgementDate
+ - maturityDate
+ - maturityInstructions
+ properties:
+ lodgementDate:
+ type: string
+ description: The lodgement date of the original deposit
+ x-cds-type: DateString
+ maturityDate:
+ type: string
+ description: Maturity date for the term deposit
+ x-cds-type: DateString
+ maturityAmount:
+ type: string
+ description: Amount to be paid upon maturity. If absent it implies the amount to paid is variable and cannot currently be calculated
+ x-cds-type: AmountString
+ maturityCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ maturityInstructions:
+ type: string
+ description: Current instructions on action to be taken at maturity. This includes default actions that may be specified in the terms and conditions for the product e.g. roll-over to the same term and frequency of interest payments
+ enum:
+ - ROLLED_OVER
+ - PAID_OUT_AT_MATURITY
+ - HOLD_ON_MATURITY
+ BankingCreditCardAccount:
+ type: object
+ required:
+ - minPaymentAmount
+ - paymentDueAmount
+ - paymentDueDate
+ properties:
+ minPaymentAmount:
+ type: string
+ description: The minimum payment amount due for the next card payment
+ x-cds-type: AmountString
+ paymentDueAmount:
+ type: string
+ description: The amount due for the next card payment
+ x-cds-type: AmountString
+ paymentCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ paymentDueDate:
+ type: string
+ description: Date that the next payment for the card is due
+ x-cds-type: DateString
+ BankingLoanAccount:
+ type: object
+ required:
+ - loanEndDate
+ - nextInstalmentDate
+ - repaymentFrequency
+ properties:
+ originalStartDate:
+ type: string
+ description: Optional original start date for the loan
+ x-cds-type: DateString
+ originalLoanAmount:
+ type: string
+ description: Optional original loan value
+ x-cds-type: AmountString
+ originalLoanCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ loanEndDate:
+ type: string
+ description: Date that the loan is due to be repaid in full
+ x-cds-type: DateString
+ nextInstalmentDate:
+ type: string
+ description: Next date that an instalment is required
+ x-cds-type: DateString
+ minInstalmentAmount:
+ type: string
+ description: Minimum amount of next instalment
+ x-cds-type: AmountString
+ minInstalmentCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ maxRedraw:
+ type: string
+ description: Maximum amount of funds that can be redrawn. If not present redraw is not available even if the feature exists for the account
+ x-cds-type: AmountString
+ maxRedrawCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ minRedraw:
+ type: string
+ description: Minimum redraw amount
+ x-cds-type: AmountString
+ minRedrawCurrency:
+ type: string
+ description: If absent assumes AUD
+ x-cds-type: CurrencyString
+ offsetAccountEnabled:
+ type: boolean
+ description: Set to true if one or more offset accounts are configured for this loan account
+ x-cds-type: Boolean
+ offsetAccountIds:
+ type: array
+ description: The accountIDs of the configured offset accounts attached to this loan. Only offset accounts that can be accessed under the current authorisation should be included. It is expected behaviour that offsetAccountEnabled is set to true but the offsetAccountIds field is absent or empty. This represents a situation where an offset account exists but details can not be accessed under the current authorisation
+ items:
+ type: string
+ x-cds-type: ASCIIString
+ repaymentType:
+ type: string
+ description: Options in place for repayments. If absent defaults to PRINCIPAL_AND_INTEREST
+ default: PRINCIPAL_AND_INTEREST
+ enum:
+ - INTEREST_ONLY
+ - PRINCIPAL_AND_INTEREST
+ repaymentFrequency:
+ type: string
+ description: The expected or required repayment frequency. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ ResponseBankingTransactionList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingTransactionList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ BankingTransaction:
+ type: object
+ required:
+ - accountId
+ - amount
+ - description
+ - isDetailAvailable
+ - reference
+ - status
+ - type
+ properties:
+ accountId:
+ type: string
+ description: ID of the account for which transactions are provided
+ x-cds-type: ASCIIString
+ transactionId:
+ type: string
+ description: A unique ID of the transaction adhering to the standards for ID permanence. This is mandatory (through hashing if necessary) unless there are specific and justifiable technical reasons why a transaction cannot be uniquely identified for a particular account type
+ x-cds-type: ASCIIString
+ isDetailAvailable:
+ type: boolean
+ description: True if extended information is available using the transaction detail end point. False if extended data is not available
+ x-cds-type: Boolean
+ type:
+ type: string
+ description: The type of the transaction
+ enum:
+ - DIRECT_DEBIT
+ - FEE
+ - INTEREST_CHARGED
+ - INTEREST_PAID
+ - PAYMENT
+ - TRANSFER_OUTGOING
+ - TRANSFER_INCOMING
+ - OTHER
+ status:
+ type: string
+ description: Status of the transaction whether pending or posted. Note that there is currently no provision in the standards to guarantee the ability to correlate a pending transaction with an associated posted transaction
+ enum:
+ - PENDING
+ - POSTED
+ description:
+ type: string
+ description: The transaction description as applied by the financial institution
+ postingDateTime:
+ type: string
+ description: The time the transaction was posted. This field is Mandatory if the transaction has status POSTED. This is the time that appears on a standard statement
+ x-cds-type: DateTimeString
+ valueDateTime:
+ type: string
+ description: Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit transaction entry
+ x-cds-type: DateTimeString
+ executionDateTime:
+ type: string
+ description: The time the transaction was executed by the originating customer, if available
+ x-cds-type: DateTimeString
+ amount:
+ type: string
+ description: The value of the transaction. Negative values mean money was outgoing from the account
+ x-cds-type: AmountString
+ currency:
+ type: string
+ description: The currency for the transaction amount. AUD assumed if not present
+ x-cds-type: CurrencyString
+ reference:
+ type: string
+ description: The reference for the transaction provided by the originating institution. Empty string if no data provided
+ merchantName:
+ type: string
+ description: Name of the merchant for an outgoing payment to a merchant
+ merchantCategoryCode:
+ type: string
+ description: The merchant category code (or MCC) for an outgoing payment to a merchant
+ billerCode:
+ type: string
+ description: BPAY Biller Code for the transaction (if available)
+ billerName:
+ type: string
+ description: Name of the BPAY biller for the transaction (if available)
+ crn:
+ type: string
+ description: BPAY CRN for the transaction (if available)
+ apcaNumber:
+ type: string
+ description: 6 Digit APCA number for the initiating institution. The field is fixed-width and padded with leading zeros if applicable.
+ x-conditional:
+ - transactionId
+ - postingDateTime
+ ResponseBankingTransactionById:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/BankingTransactionDetail'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ BankingTransactionDetail:
+ allOf:
+ - $ref: '#/definitions/BankingTransaction'
+ - type: object
+ required:
+ - extendedData
+ properties:
+ extendedData:
+ $ref: '#/definitions/BankingTransactionDetail_extendedData'
+ ResponseBankingAccountsBalanceList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingAccountsBalanceList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ ResponseBankingAccountsBalanceById:
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/BankingBalance'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ BankingBalance:
+ type: object
+ required:
+ - accountId
+ - availableBalance
+ - currentBalance
+ properties:
+ accountId:
+ type: string
+ description: A unique ID of the account adhering to the standards for ID permanence
+ x-cds-type: ASCIIString
+ currentBalance:
+ type: string
+ description: The balance of the account at this time. Should align to the balance available via other channels such as Internet Banking. Assumed to be negative if the customer has money owing
+ x-cds-type: AmountString
+ availableBalance:
+ type: string
+ description: Balance representing the amount of funds available for transfer. Assumed to be zero or positive
+ x-cds-type: AmountString
+ creditLimit:
+ type: string
+ description: Object representing the maximum amount of credit that is available for this account. Assumed to be zero if absent
+ x-cds-type: AmountString
+ amortisedLimit:
+ type: string
+ description: Object representing the available limit amortised according to payment schedule. Assumed to be zero if absent
+ x-cds-type: AmountString
+ currency:
+ type: string
+ description: The currency for the balance amounts. If absent assumed to be AUD
+ x-cds-type: CurrencyString
+ purses:
+ type: array
+ description: Optional array of balances for the account in other currencies. Included to support accounts that support multi-currency purses such as Travel Cards
+ items:
+ $ref: '#/definitions/BankingBalancePurse'
+ BankingBalancePurse:
+ type: object
+ required:
+ - amount
+ properties:
+ amount:
+ type: string
+ description: The balance available for this additional currency purse
+ x-cds-type: AmountString
+ currency:
+ type: string
+ description: The currency for the purse
+ x-cds-type: CurrencyString
+ ResponseBankingPayeeList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingPayeeList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ ResponseBankingPayeeById:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/BankingPayeeDetail'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ BankingPayee:
+ type: object
+ required:
+ - nickname
+ - payeeId
+ - type
+ properties:
+ payeeId:
+ type: string
+ description: ID of the payee adhering to the rules of ID permanence
+ x-cds-type: ASCIIString
+ nickname:
+ type: string
+ description: The short display name of the payee as provided by the customer. Where a customer has not provided a nickname, a display name derived by the bank for the payee consistent with existing digital banking channels
+ description:
+ type: string
+ description: A description of the payee provided by the customer
+ type:
+ type: string
+ description: The type of payee. DOMESTIC means a registered payee for domestic payments including NPP. INTERNATIONAL means a registered payee for international payments. BILLER means a registered payee for BPAY
+ enum:
+ - BILLER
+ - DOMESTIC
+ - INTERNATIONAL
+ creationDate:
+ type: string
+ description: The date the payee was created by the customer
+ x-cds-type: DateString
+ BankingPayeeDetail:
+ allOf:
+ - $ref: '#/definitions/BankingPayee'
+ - type: object
+ required:
+ - payeeUType
+ properties:
+ payeeUType:
+ type: string
+ description: Type of object included that describes the payee in detail
+ enum:
+ - domestic
+ - biller
+ - international
+ domestic:
+ $ref: '#/definitions/BankingDomesticPayee'
+ biller:
+ $ref: '#/definitions/BankingBillerPayee'
+ international:
+ $ref: '#/definitions/BankingInternationalPayee'
+ x-conditional:
+ - domestic
+ - biller
+ - international
+ BankingDomesticPayee:
+ type: object
+ required:
+ - payeeAccountUType
+ properties:
+ payeeAccountUType:
+ type: string
+ description: 'Type of account object included. Valid values are: **account** A standard Australian account defined by BSB/Account Number. **card** A credit or charge card to pay to (note that PANs are masked). **payId** A PayID recognised by NPP'
+ enum:
+ - account
+ - card
+ - payId
+ account:
+ $ref: '#/definitions/BankingDomesticPayeeAccount'
+ card:
+ $ref: '#/definitions/BankingDomesticPayeeCard'
+ payId:
+ $ref: '#/definitions/BankingDomesticPayeePayId'
+ x-conditional:
+ - account
+ - card
+ - payId
+ BankingDomesticPayeeAccount:
+ type: object
+ required:
+ - accountNumber
+ - bsb
+ properties:
+ accountName:
+ type: string
+ description: Name of the account to pay to
+ bsb:
+ type: string
+ description: BSB of the account to pay to
+ accountNumber:
+ type: string
+ description: Number of the account to pay to
+ BankingDomesticPayeeCard:
+ type: object
+ required:
+ - cardNumber
+ properties:
+ cardNumber:
+ type: string
+ description: Name of the account to pay to
+ x-cds-type: MaskedPANString
+ BankingDomesticPayeePayId:
+ type: object
+ required:
+ - identifier
+ - type
+ properties:
+ name:
+ type: string
+ description: The name assigned to the PayID by the owner of the PayID
+ identifier:
+ type: string
+ description: The identifier of the PayID (dependent on type)
+ type:
+ type: string
+ description: The type of the PayID
+ enum:
+ - ABN
+ - EMAIL
+ - ORG_IDENTIFIER
+ - TELEPHONE
+ BankingBillerPayee:
+ type: object
+ required:
+ - billerCode
+ - billerName
+ properties:
+ billerCode:
+ type: string
+ description: BPAY Biller Code of the Biller
+ crn:
+ type: string
+ description: BPAY CRN of the Biller. If the contents of the CRN match the format of a Credit Card PAN then it should be masked using the rules applicable for the MaskedPANString common type
+ billerName:
+ type: string
+ description: Name of the Biller
+ x-conditional:
+ - crn
+ BankingInternationalPayee:
+ type: object
+ required:
+ - bankDetails
+ - beneficiaryDetails
+ properties:
+ beneficiaryDetails:
+ $ref: '#/definitions/BankingInternationalPayee_beneficiaryDetails'
+ bankDetails:
+ $ref: '#/definitions/BankingInternationalPayee_bankDetails'
+ ResponseBankingDirectDebitAuthorisationList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingDirectDebitAuthorisationList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ BankingDirectDebit:
+ type: object
+ required:
+ - accountId
+ - authorisedEntity
+ properties:
+ accountId:
+ type: string
+ description: A unique ID of the account adhering to the standards for ID permanence.
+ x-cds-type: ASCIIString
+ authorisedEntity:
+ $ref: '#/definitions/BankingAuthorisedEntity'
+ lastDebitDateTime:
+ type: string
+ description: The date and time of the last debit executed under this authorisation
+ x-cds-type: DateTimeString
+ lastDebitAmount:
+ type: string
+ description: The amount of the last debit executed under this authorisation
+ x-cds-type: AmountString
+ BankingAuthorisedEntity:
+ type: object
+ properties:
+ description:
+ type: string
+ description: Description of the authorised entity derived from previously executed direct debits
+ financialInstitution:
+ type: string
+ description: Name of the financial institution through which the direct debit will be executed. Is required unless the payment is made via a credit card scheme
+ abn:
+ type: string
+ description: Australian Business Number for the authorised entity
+ acn:
+ type: string
+ description: Australian Company Number for the authorised entity
+ arbn:
+ type: string
+ description: Australian Registered Body Number for the authorised entity
+ ResponseBankingScheduledPaymentsList:
+ type: object
+ required:
+ - data
+ - links
+ - meta
+ properties:
+ data:
+ $ref: '#/definitions/ResponseBankingScheduledPaymentsList_data'
+ links:
+ $ref: '#/definitions/LinksPaginated'
+ meta:
+ $ref: '#/definitions/MetaPaginated'
+ BankingScheduledPayment:
+ type: object
+ required:
+ - from
+ - payeeReference
+ - payerReference
+ - paymentSet
+ - recurrence
+ - scheduledPaymentId
+ - status
+ properties:
+ scheduledPaymentId:
+ type: string
+ description: A unique ID of the scheduled payment adhering to the standards for ID permanence
+ x-cds-type: ASCIIString
+ nickname:
+ type: string
+ description: The short display name of the payee as provided by the customer
+ payerReference:
+ type: string
+ description: The reference for the transaction that will be used by the originating institution for the purposes of constructing a statement narrative on the payer’s account. Empty string if no data provided
+ payeeReference:
+ type: string
+ description: The reference for the transaction that will be provided by the originating institution. Empty string if no data provided
+ status:
+ type: string
+ description: Indicates whether the schedule is currently active. The value SKIP is equivalent to ACTIVE except that the customer has requested the next normal occurrence to be skipped.
+ enum:
+ - ACTIVE
+ - INACTIVE
+ - SKIP
+ from:
+ $ref: '#/definitions/BankingScheduledPaymentFrom'
+ paymentSet:
+ type: array
+ items:
+ $ref: '#/definitions/BankingScheduledPaymentSet'
+ recurrence:
+ $ref: '#/definitions/BankingScheduledPaymentRecurrence'
+ BankingScheduledPaymentSet:
+ required:
+ - to
+ properties:
+ to:
+ $ref: '#/definitions/BankingScheduledPaymentTo'
+ isAmountCalculated:
+ type: boolean
+ description: Flag indicating whether the amount of the payment is calculated based on the context of the event. For instance a payment to reduce the balance of a credit card to zero. If absent then false is assumed
+ x-cds-type: Boolean
+ amount:
+ type: string
+ description: The amount of the next payment if known. Mandatory unless the isAmountCalculated field is set to true. Must be zero or positive if present
+ x-cds-type: AmountString
+ currency:
+ type: string
+ description: The currency for the payment. AUD assumed if not present
+ x-cds-type: CurrencyString
+ description: The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry
+ x-conditional:
+ - amount
+ BankingScheduledPaymentTo:
+ type: object
+ required:
+ - toUType
+ properties:
+ toUType:
+ type: string
+ description: The type of object provided that specifies the destination of the funds for the payment.
+ enum:
+ - accountId
+ - payeeId
+ - domestic
+ - biller
+ - international
+ accountId:
+ type: string
+ description: Present if toUType is set to accountId. Indicates that the payment is to another account that is accessible under the current consent
+ x-cds-type: ASCIIString
+ payeeId:
+ type: string
+ description: Present if toUType is set to payeeId. Indicates that the payment is to registered payee that can be accessed using the payee end point. If the Bank Payees scope has not been consented to then a payeeId should not be provided and the full payee details should be provided instead
+ x-cds-type: ASCIIString
+ domestic:
+ $ref: '#/definitions/BankingDomesticPayee'
+ biller:
+ $ref: '#/definitions/BankingBillerPayee'
+ international:
+ $ref: '#/definitions/BankingInternationalPayee'
+ description: Object containing details of the destination of the payment. Used to specify a variety of payment destination types
+ x-conditional:
+ - accountId
+ - payeeId
+ - domestic
+ - biller
+ - international
+ BankingScheduledPaymentFrom:
+ type: object
+ required:
+ - accountId
+ properties:
+ accountId:
+ type: string
+ description: ID of the account that is the source of funds for the payment
+ x-cds-type: ASCIIString
+ description: Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object
+ BankingScheduledPaymentRecurrence:
+ type: object
+ required:
+ - recurrenceUType
+ properties:
+ nextPaymentDate:
+ type: string
+ description: The date of the next payment under the recurrence schedule
+ x-cds-type: DateString
+ recurrenceUType:
+ type: string
+ description: The type of recurrence used to define the schedule
+ enum:
+ - onceOff
+ - intervalSchedule
+ - lastWeekDay
+ - eventBased
+ onceOff:
+ $ref: '#/definitions/BankingScheduledPaymentRecurrenceOnceOff'
+ intervalSchedule:
+ $ref: '#/definitions/BankingScheduledPaymentRecurrenceIntervalSchedule'
+ lastWeekDay:
+ $ref: '#/definitions/BankingScheduledPaymentRecurrenceLastWeekday'
+ eventBased:
+ $ref: '#/definitions/BankingScheduledPaymentRecurrenceEventBased'
+ description: Object containing the detail of the schedule for the payment
+ x-conditional:
+ - onceOff
+ - intervalSchedule
+ - lastWeekDay
+ - eventBased
+ BankingScheduledPaymentRecurrenceOnceOff:
+ type: object
+ required:
+ - paymentDate
+ properties:
+ paymentDate:
+ type: string
+ description: The scheduled date for the once off payment
+ x-cds-type: DateString
+ description: Indicates that the payment is a once off payment on a specific future date. Mandatory if recurrenceUType is set to onceOff
+ BankingScheduledPaymentRecurrenceIntervalSchedule:
+ type: object
+ required:
+ - intervals
+ properties:
+ finalPaymentDate:
+ type: string
+ description: The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
+ x-cds-type: DateString
+ paymentsRemaining:
+ type: integer
+ description: Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value, If neither field is present the payments will continue indefinitely
+ x-cds-type: PositiveInteger
+ nonBusinessDayTreatment:
+ type: string
+ description: Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. **AFTER** - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. **BEFORE** - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. **ON** - If a scheduled payment date is a non-business day the payment will be made on that day regardless. **ONLY** - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
+ default: ON
+ enum:
+ - AFTER
+ - BEFORE
+ - ON
+ - ONLY
+ intervals:
+ type: array
+ description: An array of interval objects defining the payment schedule. Each entry in the array is additive, in that it adds payments to the overall payment schedule. If multiple intervals result in a payment on the same day then only one payment will be made. Must have at least one entry
+ items:
+ $ref: '#/definitions/BankingScheduledPaymentInterval'
+ description: Indicates that the schedule of payments is defined by a series of intervals. Mandatory if recurrenceUType is set to intervalSchedule
+ BankingScheduledPaymentInterval:
+ type: object
+ required:
+ - interval
+ properties:
+ interval:
+ type: string
+ description: An interval for the payment. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
+ x-cds-type: ExternalRef
+ dayInInterval:
+ type: string
+ description: Uses an interval to define the ordinal day within the interval defined by the interval field on which the payment occurs. If the resulting duration is 0 days in length or larger than the number of days in the interval then the payment will occur on the last day of the interval. A duration of 1 day indicates the first day of the interval. If absent the assumed value is P1D. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. The first day of a week is considered to be Monday.
+ x-cds-type: ExternalRef
+ BankingScheduledPaymentRecurrenceLastWeekday:
+ type: object
+ required:
+ - interval
+ - lastWeekDay
+ properties:
+ finalPaymentDate:
+ type: string
+ description: The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
+ x-cds-type: DateString
+ paymentsRemaining:
+ type: integer
+ description: Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
+ x-cds-type: PositiveInteger
+ interval:
+ type: string
+ description: The interval for the payment. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
+ x-cds-type: ExternalRef
+ lastWeekDay:
+ type: string
+ description: The weekDay specified. The payment will occur on the last occurrence of this weekday in the interval.
+ enum:
+ - MON
+ - TUE
+ - WED
+ - THU
+ - FRI
+ - SAT
+ - SUN
+ nonBusinessDayTreatment:
+ type: string
+ description: Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. **AFTER** - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. **BEFORE** - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. **ON** - If a scheduled payment date is a non-business day the payment will be made on that day regardless. **ONLY** - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
+ default: ON
+ enum:
+ - AFTER
+ - BEFORE
+ - ON
+ - ONLY
+ description: Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay
+ BankingScheduledPaymentRecurrenceEventBased:
+ type: object
+ required:
+ - description
+ properties:
+ description:
+ type: string
+ description: Description of the event and conditions that will result in the payment. Expected to be formatted for display to a customer
+ description: Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased
+ ResponseCommonDiscoveryStatus:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/ResponseCommonDiscoveryStatus_data'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ ResponseDiscoveryOutagesList:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/ResponseDiscoveryOutagesList_data'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ DiscoveryOutage:
+ type: object
+ required:
+ - duration
+ - explanation
+ - outageTime
+ properties:
+ outageTime:
+ type: string
+ description: Date and time that the outage is scheduled to begin
+ x-cds-type: DateTimeString
+ duration:
+ type: string
+ description: Planned duration of the outage. Formatted according to [ISO 8601 Durations](https://en.wikipedia.org/wiki/ISO_8601#Durations) (excludes recurrence syntax)
+ x-cds-type: ExternalRef
+ isPartial:
+ type: boolean
+ description: Flag that indicates, if present and set to true, that the outage is only partial meaning that only a subset of normally available end points will be affected by the outage
+ x-cds-type: Boolean
+ explanation:
+ type: string
+ description: Provides an explanation of the current outage that can be displayed to an end customer
+ ResponseCommonCustomer:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/ResponseCommonCustomer_data'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ x-conditional:
+ - person
+ - organisation
+ ResponseCommonCustomerDetail:
+ type: object
+ required:
+ - data
+ - links
+ properties:
+ data:
+ $ref: '#/definitions/ResponseCommonCustomerDetail_data'
+ links:
+ $ref: '#/definitions/Links'
+ meta:
+ $ref: '#/definitions/Meta'
+ x-conditional:
+ - person
+ - organisation
+ CommonPerson:
+ type: object
+ required:
+ - lastName
+ - middleNames
+ properties:
+ lastUpdateTime:
+ type: string
+ description: The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+ x-cds-type: DateTimeString
+ firstName:
+ type: string
+ description: For people with single names this field need not be present. The single name should be in the lastName field
+ lastName:
+ type: string
+ description: For people with single names the single name should be in this field
+ middleNames:
+ type: array
+ description: Field is mandatory but array may be empty
+ items:
+ type: string
+ prefix:
+ type: string
+ description: Also known as title or salutation. The prefix to the name (e.g. Mr, Mrs, Ms, Miss, Sir, etc)
+ suffix:
+ type: string
+ description: Used for a trailing suffix to the name (e.g. Jr)
+ occupationCode:
+ type: string
+ description: Value is a valid [ANZSCO](http://www.abs.gov.au/ANZSCO) Standard Occupation classification code. If the occupation code held by the data holder is not one of the supported [ANZSCO](http://www.abs.gov.au/ANZSCO) versions, then it must not be supplied.
+ x-cds-type: ExternalRef
+ occupationCodeVersion:
+ type: string
+ description: The applicable [ANZSCO](http://www.abs.gov.au/ANZSCO) release version of the occupation code provided. Mandatory if an ``occupationCode`` is supplied. If ``occupationCode`` is supplied but ``occupationCodeVersion`` is absent, default is ``ANZSCO_1220.0_2013_V1.2``
+ default: ANZSCO_1220.0_2013_V1.2
+ enum:
+ - ANZSCO_1220.0_2013_V1.3
+ - ANZSCO_1220.0_2013_V1.2
+ - ANZSCO_1220.0_2006_V1.1
+ - ANZSCO_1220.0_2006_V1.0
+ x-conditional:
+ - occupationCodeVersion
+ CommonPersonDetail:
+ allOf:
+ - $ref: '#/definitions/CommonPerson'
+ - type: object
+ required:
+ - emailAddresses
+ - phoneNumbers
+ - physicalAddresses
+ properties:
+ phoneNumbers:
+ type: array
+ description: Array is mandatory but may be empty if no phone numbers are held
+ items:
+ $ref: '#/definitions/CommonPhoneNumber'
+ emailAddresses:
+ type: array
+ description: May be empty
+ items:
+ $ref: '#/definitions/CommonEmailAddress'
+ physicalAddresses:
+ type: array
+ description: Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
+ items:
+ $ref: '#/definitions/CommonPhysicalAddressWithPurpose'
+ CommonOrganisation:
+ type: object
+ required:
+ - agentLastName
+ - agentRole
+ - businessName
+ - organisationType
+ properties:
+ lastUpdateTime:
+ type: string
+ description: The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+ x-cds-type: DateTimeString
+ agentFirstName:
+ type: string
+ description: The first name of the individual providing access on behalf of the organisation. For people with single names this field need not be present. The single name should be in the lastName field
+ agentLastName:
+ type: string
+ description: The last name of the individual providing access on behalf of the organisation. For people with single names the single name should be in this field
+ agentRole:
+ type: string
+ description: The role of the individual identified as the agent who is providing authorisation. Expected to be used for display. Default to Unspecified if the role is not known
+ businessName:
+ type: string
+ description: Name of the organisation
+ legalName:
+ type: string
+ description: Legal name, if different to the business name
+ shortName:
+ type: string
+ description: Short name used for communication, if different to the business name
+ abn:
+ type: string
+ description: Australian Business Number for the organisation
+ acn:
+ type: string
+ description: Australian Company Number for the organisation. Required only if an ACN is applicable for the organisation type
+ isACNCRegistered:
+ type: boolean
+ description: True if registered with the ACNC. False if not. Absent or null if not confirmed.
+ x-cds-type: Boolean
+ industryCode:
+ type: string
+ description: A valid [ANZSIC](http://www.abs.gov.au/ANZSIC) code for the organisation. If the industry code held by the data holder is not one of the supported [ANZSIC](http://www.abs.gov.au/ANZSIC) versions, then it must not be supplied.
+ x-cds-type: ExternalRef
+ industryCodeVersion:
+ type: string
+ description: The applicable [ANZSIC](http://www.abs.gov.au/ANZSIC) release version of the industry code provided. Should only be supplied if ``industryCode`` is also supplied. If ``industryCode`` is supplied but ``industryCodeVersion`` is absent, default is ``ANZSIC_1292.0_2006_V2.0``
+ default: ANZSIC_1292.0_2006_V2.0
+ enum:
+ - ANZSIC_1292.0_2006_V2.0
+ - ANZSIC_1292.0_2006_V1.0
+ organisationType:
+ type: string
+ description: Legal organisation type
+ enum:
+ - COMPANY
+ - GOVERNMENT_ENTITY
+ - PARTNERSHIP
+ - SOLE_TRADER
+ - TRUST
+ - OTHER
+ registeredCountry:
+ type: string
+ description: Enumeration with values from [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country codes. Assumed to be AUS if absent
+ x-cds-type: ExternalRef
+ establishmentDate:
+ type: string
+ description: The date the organisation described was established
+ x-cds-type: DateString
+ x-conditional:
+ - industryCodeVersion
+ CommonOrganisationDetail:
+ allOf:
+ - $ref: '#/definitions/CommonOrganisation'
+ - type: object
+ required:
+ - physicalAddresses
+ properties:
+ physicalAddresses:
+ type: array
+ description: Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
+ items:
+ $ref: '#/definitions/CommonPhysicalAddressWithPurpose'
+ CommonPhoneNumber:
+ type: object
+ required:
+ - fullNumber
+ - number
+ - purpose
+ properties:
+ isPreferred:
+ type: boolean
+ description: May be true for one and only one entry to indicate the preferred phone number. Assumed to be 'false' if not present
+ x-cds-type: Boolean
+ purpose:
+ type: string
+ description: The purpose of the number as specified by the customer
+ enum:
+ - MOBILE
+ - HOME
+ - INTERNATIONAL
+ - WORK
+ - OTHER
+ - UNSPECIFIED
+ countryCode:
+ type: string
+ description: If absent, assumed to be Australia (+61). The + should be included
+ areaCode:
+ type: string
+ description: Required for non Mobile Phones, if field is present and refers to Australian code - the leading 0 should be omitted.
+ number:
+ type: string
+ description: The actual phone number, with leading zeros as appropriate
+ extension:
+ type: string
+ description: An extension number (if applicable)
+ fullNumber:
+ type: string
+ description: Fully formatted phone number with country code, area code, number and extension incorporated. Formatted according to section 5.1.4. of [RFC 3966](https://www.ietf.org/rfc/rfc3966.txt)
+ x-cds-type: ExternalRef
+ x-conditional:
+ - areaCode
+ CommonEmailAddress:
+ type: object
+ required:
+ - address
+ - purpose
+ properties:
+ isPreferred:
+ type: boolean
+ description: May be true for one and only one email record in the collection. Denotes the default email address
+ x-cds-type: Boolean
+ purpose:
+ type: string
+ description: The purpose for the email, as specified by the customer (Enumeration)
+ enum:
+ - WORK
+ - HOME
+ - OTHER
+ - UNSPECIFIED
+ address:
+ type: string
+ description: A correctly formatted email address, as defined by the addr_spec format in [RFC 5322](https://www.ietf.org/rfc/rfc5322.txt)
+ x-cds-type: ExternalRef
+ CommonPhysicalAddressWithPurpose:
+ allOf:
+ - $ref: '#/definitions/CommonPhysicalAddress'
+ - type: object
+ required:
+ - purpose
+ properties:
+ purpose:
+ type: string
+ description: Enumeration of values indicating the purpose of the physical address
+ enum:
+ - MAIL
+ - PHYSICAL
+ - REGISTERED
+ - WORK
+ - OTHER
+ CommonPhysicalAddress:
+ type: object
+ required:
+ - addressUType
+ properties:
+ addressUType:
+ type: string
+ description: The type of address object present
+ enum:
+ - simple
+ - paf
+ simple:
+ $ref: '#/definitions/CommonSimpleAddress'
+ paf:
+ $ref: '#/definitions/CommonPAFAddress'
+ x-conditional:
+ - simple
+ - paf
+ CommonSimpleAddress:
+ type: object
+ required:
+ - addressLine1
+ - city
+ - state
+ properties:
+ mailingName:
+ type: string
+ description: Name of the individual or business formatted for inclusion in an address used for physical mail
+ addressLine1:
+ type: string
+ description: First line of the standard address object
+ addressLine2:
+ type: string
+ description: Second line of the standard address object
+ addressLine3:
+ type: string
+ description: Third line of the standard address object
+ postcode:
+ type: string
+ description: Mandatory for Australian addresses
+ city:
+ type: string
+ description: Name of the city or locality
+ state:
+ type: string
+ description: Free text if the country is not Australia. If country is Australia then must be one of the values defined by the [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf) in the PAF file format. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
+ country:
+ type: string
+ description: A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code. Australia (AUS) is assumed if country is not present.
+ default: AUS
+ x-cds-type: ExternalRef
+ x-conditional:
+ - postcode
+ CommonPAFAddress:
+ type: object
+ required:
+ - localityName
+ - postcode
+ - state
+ properties:
+ dpid:
+ type: string
+ description: Unique identifier for an address as defined by Australia Post. Also known as Delivery Point Identifier
+ thoroughfareNumber1:
+ type: integer
+ description: Thoroughfare number for a property (first number in a property ranged address)
+ x-cds-type: PositiveInteger
+ thoroughfareNumber1Suffix:
+ type: string
+ description: Suffix for the thoroughfare number. Only relevant is thoroughfareNumber1 is populated
+ thoroughfareNumber2:
+ type: integer
+ description: Second thoroughfare number (only used if the property has a ranged address eg 23-25)
+ x-cds-type: PositiveInteger
+ thoroughfareNumber2Suffix:
+ type: string
+ description: Suffix for the second thoroughfare number. Only relevant is thoroughfareNumber2 is populated
+ flatUnitType:
+ type: string
+ description: Type of flat or unit for the address
+ flatUnitNumber:
+ type: string
+ description: Unit number (including suffix, if applicable)
+ floorLevelType:
+ type: string
+ description: Type of floor or level for the address
+ floorLevelNumber:
+ type: string
+ description: Floor or level number (including alpha characters)
+ lotNumber:
+ type: string
+ description: Allotment number for the address
+ buildingName1:
+ type: string
+ description: Building/Property name 1
+ buildingName2:
+ type: string
+ description: Building/Property name 2
+ streetName:
+ type: string
+ description: The name of the street
+ streetType:
+ type: string
+ description: The street type. Valid enumeration defined by Australia Post PAF code file
+ streetSuffix:
+ type: string
+ description: The street type suffix. Valid enumeration defined by Australia Post PAF code file
+ postalDeliveryType:
+ type: string
+ description: Postal delivery type. (eg. PO BOX). Valid enumeration defined by Australia Post PAF code file
+ postalDeliveryNumber:
+ type: integer
+ description: Postal delivery number if the address is a postal delivery type
+ x-cds-type: PositiveInteger
+ postalDeliveryNumberPrefix:
+ type: string
+ description: Postal delivery number prefix related to the postal delivery number
+ postalDeliveryNumberSuffix:
+ type: string
+ description: Postal delivery number suffix related to the postal delivery number
+ localityName:
+ type: string
+ description: Full name of locality
+ postcode:
+ type: string
+ description: Postcode for the locality
+ state:
+ type: string
+ description: State in which the address belongs. Valid enumeration defined by Australia Post PAF code file [State Type Abbreviation](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf). NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
+ description: Australian address formatted according to the file format defined by the [PAF file format](https://auspost.com.au/content/dam/auspost_corp/media/documents/australia-post-data-guide.pdf)
+ Links:
+ type: object
+ required:
+ - self
+ properties:
+ self:
+ type: string
+ description: Fully qualified link that generated the current response document
+ x-cds-type: URIString
+ Meta:
+ type: object
+ LinksPaginated:
+ type: object
+ required:
+ - self
+ properties:
+ self:
+ type: string
+ description: Fully qualified link that generated the current response document
+ x-cds-type: URIString
+ first:
+ type: string
+ description: URI to the first page of this set. Mandatory if this response is not the first page
+ x-cds-type: URIString
+ prev:
+ type: string
+ description: URI to the previous page of this set. Mandatory if this response is not the first page
+ x-cds-type: URIString
+ next:
+ type: string
+ description: URI to the next page of this set. Mandatory if this response is not the last page
+ x-cds-type: URIString
+ last:
+ type: string
+ description: URI to the last page of this set. Mandatory if this response is not the last page
+ x-cds-type: URIString
+ x-conditional:
+ - prev
+ - next
+ - first
+ - last
+ MetaPaginated:
+ type: object
+ required:
+ - totalPages
+ - totalRecords
+ properties:
+ totalRecords:
+ type: integer
+ description: The total number of records in the full set. See [pagination](#pagination).
+ x-cds-type: NaturalNumber
+ totalPages:
+ type: integer
+ description: The total number of pages in the full set. See [pagination](#pagination).
+ x-cds-type: NaturalNumber
+ ResponseErrorList:
+ type: object
+ required:
+ - errors
+ properties:
+ errors:
+ type: array
+ items:
+ $ref: '#/definitions/ResponseErrorList_errors'
+ BankingProductCategory:
+ type: string
+ description: The category to which a product or account belongs. See [here](#product-categories) for more details
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ RequestAccountIds_data:
+ required:
+ - accountIds
+ properties:
+ accountIds:
+ type: array
+ items:
+ type: string
+ description: Array of specific accountIds to obtain authorisations for
+ x-cds-type: ASCIIString
+ ResponseBankingProductList_data:
+ required:
+ - products
+ properties:
+ products:
+ type: array
+ description: The list of products returned. If the filter results in an empty set then this array may have no records
+ items:
+ $ref: '#/definitions/BankingProductV3'
+ BankingProductV3_additionalInformation:
+ properties:
+ overviewUri:
+ type: string
+ description: General overview of the product
+ x-cds-type: URIString
+ termsUri:
+ type: string
+ description: Terms and conditions for the product
+ x-cds-type: URIString
+ eligibilityUri:
+ type: string
+ description: Eligibility rules and criteria for the product
+ x-cds-type: URIString
+ feesAndPricingUri:
+ type: string
+ description: Description of fees, pricing, discounts, exemptions and bonuses for the product
+ x-cds-type: URIString
+ bundleUri:
+ type: string
+ description: Description of a bundle that this product can be part of
+ x-cds-type: URIString
+ description: Object that contains links to additional information on specific topics
+ BankingProductV3_cardArt:
+ required:
+ - imageUri
+ properties:
+ title:
+ type: string
+ description: Display label for the specific image
+ imageUri:
+ type: string
+ description: URI reference to a PNG, JPG or GIF image with proportions defined by ISO 7810 ID-1 and width no greater than 512 pixels. The URI reference may be a link or url-encoded data URI [RFC 2397](https://tools.ietf.org/html/rfc2397)
+ x-cds-type: URIString
+ ResponseBankingAccountList_data:
+ required:
+ - accounts
+ properties:
+ accounts:
+ type: array
+ description: The list of accounts returned. If the filter results in an empty set then this array may have no records
+ items:
+ $ref: '#/definitions/BankingAccount'
+ ResponseBankingTransactionList_data:
+ required:
+ - transactions
+ properties:
+ transactions:
+ type: array
+ items:
+ $ref: '#/definitions/BankingTransaction'
+ BankingTransactionDetail_extendedData_x2p101Payload:
+ required:
+ - extendedDescription
+ properties:
+ extendedDescription:
+ type: string
+ description: An extended string description. Only present if specified by the extensionUType field
+ endToEndId:
+ type: string
+ description: An end to end ID for the payment created at initiation
+ purposeCode:
+ type: string
+ description: Purpose of the payment. Format is defined by NPP standards for the x2p1.01 overlay service
+ BankingTransactionDetail_extendedData:
+ required:
+ - service
+ properties:
+ payer:
+ type: string
+ description: Label of the originating payer. Mandatory for inbound payment
+ payee:
+ type: string
+ description: Label of the target PayID. Mandatory for an outbound payment. The name assigned to the BSB/Account Number or PayID (by the owner of the PayID)
+ extensionUType:
+ type: string
+ description: Optional extended data provided specific to transaction originated via NPP
+ enum:
+ - x2p101Payload
+ x2p101Payload:
+ $ref: '#/definitions/BankingTransactionDetail_extendedData_x2p101Payload'
+ service:
+ type: string
+ description: 'Identifier of the applicable overlay service. Valid values are: X2P1.01'
+ enum:
+ - X2P1.01
+ ResponseBankingAccountsBalanceList_data:
+ required:
+ - balances
+ properties:
+ balances:
+ type: array
+ description: The list of balances returned
+ items:
+ $ref: '#/definitions/BankingBalance'
+ ResponseBankingPayeeList_data:
+ required:
+ - payees
+ properties:
+ payees:
+ type: array
+ description: The list of payees returned
+ items:
+ $ref: '#/definitions/BankingPayee'
+ BankingInternationalPayee_beneficiaryDetails:
+ required:
+ - country
+ properties:
+ name:
+ type: string
+ description: Name of the beneficiary
+ country:
+ type: string
+ description: Country where the beneficiary resides. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code
+ x-cds-type: ExternalRef
+ message:
+ type: string
+ description: Response message for the payment
+ BankingInternationalPayee_bankDetails_bankAddress:
+ required:
+ - address
+ - name
+ properties:
+ name:
+ type: string
+ description: Name of the recipient Bank
+ address:
+ type: string
+ description: Address of the recipient Bank
+ BankingInternationalPayee_bankDetails:
+ required:
+ - accountNumber
+ - country
+ properties:
+ country:
+ type: string
+ description: Country of the recipient institution. A valid [ISO 3166 Alpha-3](https://www.iso.org/iso-3166-country-codes.html) country code
+ x-cds-type: ExternalRef
+ accountNumber:
+ type: string
+ description: Account Targeted for payment
+ bankAddress:
+ $ref: '#/definitions/BankingInternationalPayee_bankDetails_bankAddress'
+ beneficiaryBankBIC:
+ type: string
+ description: Swift bank code. Aligns with standard [ISO 9362](https://www.iso.org/standard/60390.html)
+ x-cds-type: ExternalRef
+ fedWireNumber:
+ type: string
+ description: Number for Fedwire payment (Federal Reserve Wire Network)
+ sortCode:
+ type: string
+ description: Sort code used for account identification in some jurisdictions
+ chipNumber:
+ type: string
+ description: Number for the Clearing House Interbank Payments System
+ routingNumber:
+ type: string
+ description: International bank routing number
+ legalEntityIdentifier:
+ type: string
+ description: The legal entity identifier (LEI) for the beneficiary. Aligns with [ISO 17442](https://www.iso.org/standard/59771.html)
+ x-cds-type: ExternalRef
+ ResponseBankingDirectDebitAuthorisationList_data:
+ required:
+ - directDebitAuthorisations
+ properties:
+ directDebitAuthorisations:
+ type: array
+ description: The list of authorisations returned
+ items:
+ $ref: '#/definitions/BankingDirectDebit'
+ ResponseBankingScheduledPaymentsList_data:
+ required:
+ - scheduledPayments
+ properties:
+ scheduledPayments:
+ type: array
+ description: The list of scheduled payments to return
+ items:
+ $ref: '#/definitions/BankingScheduledPayment'
+ ResponseCommonDiscoveryStatus_data:
+ required:
+ - status
+ - updateTime
+ properties:
+ status:
+ type: string
+ description: Enumeration with values. OK (implementation is fully functional). PARTIAL_FAILURE (one or more end points are unexpectedly unavailable). UNAVAILABLE (the full implementation is unexpectedly unavailable). SCHEDULED_OUTAGE (an advertised outage is in effect)
+ enum:
+ - OK
+ - PARTIAL_FAILURE
+ - SCHEDULED_OUTAGE
+ - UNAVAILABLE
+ explanation:
+ type: string
+ description: Provides an explanation of the current outage that can be displayed to an end customer. Mandatory if the status property is any value other than OK
+ detectionTime:
+ type: string
+ description: The date and time that the current outage was detected. Should only be present if the status property is PARTIAL_FAILURE or UNAVAILABLE
+ x-cds-type: DateTimeString
+ expectedResolutionTime:
+ type: string
+ description: The date and time that full service is expected to resume (if known). Should not be present if the status property has a value of OK.
+ x-cds-type: DateTimeString
+ updateTime:
+ type: string
+ description: The date and time that this status was last updated by the Data Holder.
+ x-cds-type: DateTimeString
+ ResponseDiscoveryOutagesList_data:
+ required:
+ - outages
+ properties:
+ outages:
+ type: array
+ description: List of scheduled outages. Property is mandatory but may contain and empty list if no outages are scheduled
+ items:
+ $ref: '#/definitions/DiscoveryOutage'
+ ResponseCommonCustomer_data:
+ required:
+ - customerUType
+ properties:
+ customerUType:
+ type: string
+ description: The type of customer object that is present
+ enum:
+ - person
+ - organisation
+ person:
+ $ref: '#/definitions/CommonPerson'
+ organisation:
+ $ref: '#/definitions/CommonOrganisation'
+ ResponseCommonCustomerDetail_data:
+ required:
+ - customerUType
+ properties:
+ customerUType:
+ type: string
+ description: The type of customer object that is present
+ enum:
+ - person
+ - organisation
+ person:
+ $ref: '#/definitions/CommonPersonDetail'
+ organisation:
+ $ref: '#/definitions/CommonOrganisationDetail'
+ ResponseErrorList_errors:
+ required:
+ - code
+ - detail
+ - title
+ properties:
+ code:
+ type: string
+ description: 'Must be one of the following: 0001 – Account not able to be found'
+ title:
+ type: string
+ description: 'Must be one of the following: Invalid account'
+ detail:
+ type: string
+ description: ID of the account not found
+ meta:
+ type: object
+ description: Optional additional data for specific error types
+ properties: {}
+parameters:
+ RequestHeader_x-v:
+ name: x-v
+ in: header
+ description: Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If the value of [x-min-v](#request-headers) is equal to or higher than the value of [x-v](#request-headers) then the [x-min-v](#request-headers) header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See [HTTP Headers](#request-headers)
+ required: true
+ type: string
+ RequestHeader_x-min-v:
+ name: x-min-v
+ in: header
+ description: Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between [x-min-v](#request-headers) and [x-v](#request-headers). If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+ required: false
+ type: string
+ RequestHeader_x-fapi-interaction-id:
+ name: x-fapi-interaction-id
+ in: header
+ description: An [RFC4122](https://tools.ietf.org/html/rfc4122) UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+ required: false
+ type: string
+ RequestHeader_x-fapi-auth-date:
+ name: x-fapi-auth-date
+ in: header
+ description: The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ RequestHeader_x-fapi-customer-ip-address:
+ name: x-fapi-customer-ip-address
+ in: header
+ description: The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+ required: false
+ type: string
+ RequestHeader_x-cds-client-headers:
+ name: x-cds-client-headers
+ in: header
+ description: The customer's original standard http headers [Base64](#common-field-types) encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
+ required: false
+ type: string
+ x-cds-type: Base64
+ ParamAccountOpenStatus:
+ name: open-status
+ in: query
+ description: Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
+ required: false
+ type: string
+ default: ALL
+ enum:
+ - OPEN
+ - CLOSED
+ - ALL
+ ParamProductCategory:
+ name: product-category
+ in: query
+ description: Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+ required: false
+ type: string
+ enum:
+ - BUSINESS_LOANS
+ - CRED_AND_CHRG_CARDS
+ - LEASES
+ - MARGIN_LOANS
+ - OVERDRAFTS
+ - PERS_LOANS
+ - REGULATED_TRUST_ACCOUNTS
+ - RESIDENTIAL_MORTGAGES
+ - TERM_DEPOSITS
+ - TRADE_FINANCE
+ - TRAVEL_CARDS
+ - TRANS_AND_SAVINGS_ACCOUNTS
+ ParamAccountIsOwned:
+ name: is-owned
+ in: query
+ description: Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
+ required: false
+ type: boolean
+ x-cds-type: Boolean
+ ParamPage:
+ name: page
+ in: query
+ description: Page of results to request (standard pagination)
+ required: false
+ type: integer
+ default: 1
+ x-cds-type: PositiveInteger
+ ParamPageSize:
+ name: page-size
+ in: query
+ description: Page size to request. Default is 25 (standard pagination)
+ required: false
+ type: integer
+ default: 25
+ x-cds-type: PositiveInteger
+ ParamTransactionNewestTime:
+ name: newest-time
+ in: query
+ description: Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type
+ required: false
+ type: string
+ x-cds-type: DateTimeString
+ ParamTransactionOldestTime:
+ name: oldest-time
+ in: query
+ description: Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type
+ required: false
+ type: string
+ x-cds-type: DateTimeString
+ ParamTransactionMinAmount:
+ name: min-amount
+ in: query
+ description: Filter transactions to only transactions with amounts higher or equal to than this amount
+ required: false
+ type: string
+ x-cds-type: AmountString
+ ParamTransactionMaxAmount:
+ name: max-amount
+ in: query
+ description: Filter transactions to only transactions with amounts less than or equal to than this amount
+ required: false
+ type: string
+ x-cds-type: AmountString
+ ParamTransactionText:
+ name: text
+ in: query
+ description: Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)
+ required: false
+ type: string
diff --git a/docs/archive/standards-1.5.1/docs/index.html b/docs/archive/standards-1.5.1/docs/index.html
new file mode 100644
index 00000000..f4bcd06c
--- /dev/null
+++ b/docs/archive/standards-1.5.1/docs/index.html
@@ -0,0 +1,19228 @@
+
+
+
+
+
+
+
+ Consumer Data Standards
+
+
+
+
+
+
+
+
+
+
+
+ NAV
+
+
+
+
These standards have been developed as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data.
+
+
The Consumer Data Right (CDR) is intended to be applied sector by sector across the whole economy, beginning in the banking, energy and telecommunications sectors. These standards have been developed to facilitate the Consumer Data Right by acting as a specific baseline for implementation.
+
+
CSIRO’s Data61 has been appointed as the Data Standards Body (DSB) for the CDR regime. These standards have been prepared by the DSB. The work of the team is overseen by the Data Standards Chair, Mr. Andrew Stevens, with industry and consumer advice provided by an Advisory Committee. The work of standards development is conducted in close consultation with the Australian Competition and Consumer Commission (ACCC) as lead regulator of the Consumer Data Right, supported by the Office of the Australian Information Commissioner (OAIC).
+
+
The standards are required to be published. The obligations on CDR participants to apply the published standards commence on the commencement of the Consumer Data Right rules:
+
+
+
where the rules require compliance with the standards, non-compliance with the standards may constitute a breach of the rules.
+
where the standards are specified as binding standards as required by the Consumer Data Right rules for the purposes of s56FA of the legislation, they apply as under contract between a data holder and an accredited data recipient. The legal effect of binding standards as between data holders and accredited data recipients is fully set out in s56FD and s56FE of the legislation.
+
+
Future Dated Obligations
+
The standards, as published from time to time, may include specific statements indicating that a specific section of the standards will not take effect until a future date or may cease to have effect on some future date.
+
+
The table below highlights these areas of the standards.
Data holders may obsolete version 1 of this end point from August 29th 2020. Data recipients must upgrade their implementations to use version 2 by this time
Data holders may obsolete version 1 of this end point from August 29th 2020. Data recipients must upgrade their implementations to use version 2 by this time
Data holders may obsolete version 1 of this end point from August 29th 2020. Data recipients must upgrade their implementations to use version 2 by this time
+
August 29th 2020
+
+
+
Concurrent Consent
+
The target state concurrent consent solution covers various components of the Information Security profile is being phased in with alignment to the November 2020 implementation milestone set by the ACCC. If this milestone moves then this obligation will also move.
Data recipients may obsolete this end point from February 1st 2021. Data holders may obsolete consent revocation via this end point from February 1st 2021, however they must still support oAuth token revocation. Data recipients must upgrade their implementations to use the Data Holder CDR Arrangement Revocation End Point by this time.
Whilst Data Holders must conform with the FAPI normative references, requiring the scope claim, the standards were clarified in v1.5.0 to clarify the minimum required set of claims to be supported by the Token Introspection end point. Data holders must support the scope claim not later than February 1st 2021
+
February 1st 2021
+
+
+
Standards
+
These standards represent version 1.5.1 of the high level standards. See the versioning section for more information on how versions are managed in the standard.
+
+
Note that, in this proposal, the key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as described in RFC2119.
+
+
Principles
+
+
The following principles, classified as Outcome Principles and Technical Principles, are the basis for the development of the standards for the Consumer Data Right.
+
+
Outcome Principles
+
+
These principles articulate qualitative outcomes that the API definitions should seek to deliver.
+
+
Outcome Principle 1: APIs are secure
+
+
The API definitions will consider and incorporate the need for a high degree of security to protect customer data. This includes the risk of technical breach but also additional concerns of inadvertent data leakage through overly broad data payloads and scopes. The security of customer data is a first order outcome that the API standards must seek to deliver.
+
+
Outcome Principle 2: APIs use open standards
+
+
In order to promote widespread adoption, open standards that are robust and widely used in the industry will be used wherever possible.
+
+
Outcome Principle 3: Data sharing provides a positive consumer experience
+
+
The standards will ensure that CDR consumers have simple, informed, and trustworthy data
+sharing experiences that provide them with positive outcomes over the short and long term.
+
+
Outcome Principle 4: APIs provide a good developer experience
+
+
To ensure that the entry hurdle for new developers is low the experience of the developers that are building clients using the APIs will be considered. The ability for a developer to easily understand and write code using the APIs in modern development environments should be facilitated by the API standards.
+
+
Outcome Principle 5: Standards are consistent across sectors
+
+
The standards will strive for consistency in patterns, structure, security mechanisms and
+user experience across sectors to facilitate the development of customer experiences and
+services that are able to integrate data from multiple sectors seamlessly and to reduce the
+cost of customer education for new sectors.
+
+
Technical Principles
+
+
These principles articulate specific technical outcomes that the API definitions should seek to deliver.
+
+
Technical Principle 1: APIs are RESTful
+
+
The API standards will adhere to RESTful API concepts where possible and sensible to do so. In particular the concepts of statelessness and resource orientation will be followed.
+
+
Technical Principle 2: APIs are implementation agnostic
+
+
The underlying implementation of the APIs should not be constrained or driven by the API definitions and standards. Conversely, the underlying implementation choices should not be visible or derivable to the client applications using the APIs.
+
+
Technical Principle 3: APIs are simple
+
+
As complexity will increase implementation costs for both holders and clients as well as reduce the utility of the APIs, API definitions should seek to be as simple as possible but no simpler.
+
+
Technical Principle 4: APIs are rich in capability
+
+
As the APIs are defined care should be taken to ensure that the data payloads defined represent rich data sets that can be used in many scenarios, including scenarios not necessarily front of mind during the design process.
+
+
Technical Principle 5: APIs are performant
+
+
The API definitions should consider and incorporate performance implications during design ensuring that repeated calls are not necessary for simple use cases and that payload sizes do not introduce performance issues.
+
+
Technical Principle 6: APIs are consistent
+
+
The API definitions across the full suite of APIs should be consistent with each other as much as possible. Where possible common data structures and patterns should be defined and reused.
+
+
Technical Principle 7: APIs are version controlled and backwards compatible
+
+
As the API definitions evolve care will be taken to ensure the operation of existing clients are protected when breaking changes occur. Breaking changes will be protected by a well-defined version control model and by a policy of maintaining previous versions for a period of time to allow for backwards compatibility.
+
+
Technical Principle 8: APIs are extensible
+
+
The API definitions and standards should be built for extensibility. This extensibility should accommodate future API categories and industry sectors but it should also allow for extension by data holders to create unique, value add offerings to the ecosystem.
+
+
Consumer Experience Principles
+
+
These principles articulate qualitative outcomes for consumer experience that the standards should seek to deliver.
+
+
CX Principle 1: The CDR is Consumer-centric
+
+
The CDR consumer experience is intuitive and is centred on consumer attitudes, needs,
+behaviours, and expectations – noting that these may change over time.
+
+
CX Principle 2: The CDR is Accessible and Inclusive
+
+
A diverse range of people are able to access, use, and comprehend the CDR ecosystem regardless of
+their background, situation, experience, or personal characteristics.
+
+
CX Principle 3: The CDR is Comprehensible
+
+
When interacting with the CDR, consumers are able to understand the following:
+
+
+
who their data is shared with;
+
what information is shared;
+
when sharing begins and ceases;
+
where data is shared to and from;
+
why their data is being requested; and
+
how they can manage and control the sharing and use of their data.
+
+
+
CX Principle 4: The CDR is Simple and Empowering
+
+
Consumer interactions with the CDR are as simple as possible, but not at the expense of
+informed consent, consumer control, transparency, privacy, or comprehension. Consumers
+should be encouraged to be privacy conscious without experiencing cognitive loads that
+lead to disengagement. Consumers should also be empowered by the CDR without
+interactive burdens being placed on them.
+
+
CX Principle 5: Consent is Current
+
+
Consent is granted at a point in time and is only as current as the consumer’s original intent.
+Consumer attitudes and behaviours may change over time and be impacted by external
+events such as the expansion of the CDR or consumer awareness. Consent terms should
+always align to current consumer preferences.
+
+
Versioning
+
+
The standards have adopted a two level versioning strategy. The high level standards (including principles, Uniform Resource Identifier structure, payload naming conventions, etc) be versioned and each API end point will have an additional version specific to that end point.
+
+
Documentation Versioning
+
+
+
Sample versioning of the standards documentation is as follows:
+1.12.2 - meaning major version 1, minor version 12 and bugfix version 2
+
+
+
The standards documentation will be versioned using three version parts <major>.<minor>.<bug fix>. This version will be used to describe updates in the Change Log.
+
+
Each of the three components will be independently incrementing integers and are described as follows:
+
+
+
major: Major version of the standards. Reserved for increment only when a set of changes are applied that are large enough to make co-existence in the same implementation environment with previous versions untenable. This would include major changes to the information security profile, major changes to the high level standards or a change in basic protocols.
+
minor: Significant changes to the standards. This would include changes that require approval by the Chair of the Data Standards Body such as new end points and new versions of existing end points.
+
bug fix: Minor documentation changes that clarify or correct the standards but do not meaningfully alter the standards.
+
+
+
Uniform Resource Identifier (URI) Versioning
+
+
+
The base URI structure containing the version for this standard is:
+http://<holder path>/cds-au/v<major version>
+
+
+
The high level standard will be versioned as described above. The major component of this version will be embedded in the URI Structure for the APIs. This allows for a data holder to support multiple major versions of the standards in production even if the significant breaking changes occur between major versions.
+
+
End Point Versioning
+
+
Each end point will have multiple versions independent of other end points. A specific end point version will be requested by a client using a HTTP header. This header will be supported by all end points under the API standards. See the section on HTTP Headers for more information on how versions are requested and supplied under the standards.
+
+
URI Structure
+
+
+
Some example URIs that meet this standard are:
+http://www.bank.com.au/api/cds-au/v1/banking/accounts
+http://www.bank.com.au/complex/uri/taxonomy/cds-au/v1/banking/products
+http://www.energyretailer.com.au/api/cds-au/v1/energy/usage
+
+
+
The URI structure for API end points in the standards MUST be implemented as follows:
+<holder path> / cds-au / <version> / <industry> / <resource>
+
+
The components of this URI structure are described as follows:
+
+
+
Holder Path: The holder path is a base path set by the data holder. It can be any URI desired by the holder. While all authenticated end points must be accessible under the same holder path the data holder may stipulate a different holder path for unauthenticated end points.
+
“cds-au”: This is a static string representing the end points defined by the Consumer Data Standards for Australia. This static string allows for separation from other APIs available at the same base holder path and also allows for extension if the standards are adopted by another jurisdiction in whole or in part.
+
Version: The major version of the high level standards. This is not the version of the endpoint or the payload being requested but the version of the overall standards being applied. This version number will be “v” followed by the major version of the standards as a positive integer (e.g. v1, v12 or v76).
+
Industry: A static string used to separate APIs for a specific industry. As standards for new industries are defined the list of industry strings will be extended.
+
Resource: The URI for the specific resource requested. This end point URI will be defined as part of the end point definitions for each API group.
+
+
+
Note that the currently accepted values for the Industry component of the base path are:
+
+
+
banking – for APIs related to banking and potentially wider financial services data
+
energy – for APIs related to the energy distribution industry
+
telco – for APIs related to telecommunications
+
common – for APIs that potentially span industries
+
+
+
Resource URIs
+
+
Resources that are collections, and members of collections, will follow the JSONAPI.org recommendation.
+
+
Under this model, collections, individual members and collection sub-resources would be accessed as follows:
+
+
+
+
+
+
+
+
+
GET …/accounts
+
Returns an array of accounts
+
+
+
GET …/accounts/{id}
+
Returns the detail of a specific account
+
+
+
GET …/accounts/transactions
+
Returns the transactions of multiple accounts
+
+
+
GET …/accounts/{id}/transactions
+
Returns the transactions of a specific account
+
+
+
POST …/accounts
+
Create a new account
+
+
+
POST …/accounts/search
+
Returns an array of accounts based on a complex query
+
+
+
+
The final example above represents a complex query accessed via a POST request. In this situation the POST URI should be applied to a sub-resource of the collection. A POST to a collection is reserved for the creation of a new collection member.
+
+
If no valid sub-resource exists then a dedicated sub-resource should be created, such as the “search” URI listed in the example above.
+
+
HTTP Headers
+
+
Supported HTTP headers, and their usage, for the standards are as laid out in the following sections.
+
+
Request Headers
+
+
+
A sample set of headers requesting version 3 to 5:
+
+Content-Type : application/json;charset=UTF-8
+Accept : application/json;charset=UTF-8
+x-v : 5
+x-min-v : 3
+x-fapi-interaction-id : 6ba7b814-9dad-11d1-80b4-00c04fd430c8
+x-fapi-auth_date : 2020-01-16 16:50:15.507399
+x-fapi-customer-ip-address : 2001:0db8:85a3:0000:0000:8a2e:0370:7334
+x-cds-client-headers : TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1Ljg4IFNhZmFyaS81MzcuMzY=
+
+
A Data Holder must be able to process Content-Type headers in accordance with [RFC7231]. The following would be valid:
+
+Content-Type: application/json;charset=UTF-8
+Content-Type: application/json
+Content-Type: AppliCAtion/JSon;Charset=uTf-8
+
+
A Data Holder must be able to process Accept headers in accordance with [RFC7231]. The following would be valid:
+
+Accept: */*
+Accept: application/json;charset=UTF-8
+Accept: application/json
+Accept-Encoding: charset=UTF-8
+Accept: AppliCAtion/JSon;Charset=uTf-8
+
+
+
+
+
Header Field
+
Description
+
Mandatory?
+
+
+
+
Content-Type
+
Standard HTTP Header. Represents the format of the payload provided in the request. The media type must be set to application/json. Mandatory for PUT and POST calls.
+
Conditional
+
+
+
Accept
+
If specified, the media type must be set to application/json, unless otherwise specified in the resource end point standard. \n\n If set to an unacceptable value the holder must respond with a 406 Not Acceptable. If not specified, or a wildcard (/) is provided, the default media type is application/json.
+
Optional
+
+
+
x-v
+
Version of the API end point requested by the client. Must be set to a positive integer. The holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the holder must respond with a 406 Not Acceptable.
+
Mandatory
+
+
+
x-min-v
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the holder must respond with a 406 Not Acceptable.
+
Optional
+
+
+
x-<HID>-v
+
A holder specific version of extension fields. Should not be used in conjunction with x-min-v.
+
Optional
+
+
+
x-fapi-interaction-id
+
An optional [RFC4122] UUID used as a correlation id. If provided, the data holder must "play back" this value in the x-fapi-interaction-id response header.
+
Optional
+
+
+
x-fapi-auth-date
+
The time when the customer last logged in to the data recipient as described in [FAPI-R]. Required for all resource calls (customer present and unattended). Not required for unauthenticated calls.
+
Conditional
+
+
+
x-fapi-customer-ip-address
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
+
Conditional
+
+
+
x-cds-client-headers
+
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls. This header is not required to include:
Headers containing security information
Custom or proprietary headers used to facilitate the client application
+
Conditional
+
+
+
+
Response headers
+
+
+
+
Header Field
+
Description
+
Mandatory?
+
+
+
+
Content-Type
+
Standard HTTP Header. Represents the format of the payload returned in the response. Must be application/json unless otherwise specified in the resource end point standard.
+
Mandatory
+
+
+
Retry-After
+
Header indicating the time (in seconds) that the client should wait before retrying an operation. The holder should include this header along with responses with the HTTP status code of 429 Too many requests.
+
Optional
+
+
+
x-v
+
The version of the API end point that the holder has responded with.
+
Mandatory
+
+
+
x-fapi-interaction-id
+
An [RFC4122] UUID used as a correlation id. The data holder must set the response header x-fapi-interaction-id to the value received from the corresponding request header or to a new [RFC4122] UUID value if the request header was not provided.
+
Mandatory
+
+
+
+
Additional Headers
+
+
Generally understood headers used in HTTP transactions to provide caching guidance and the use of the compression are not specified but are considered acceptable. It is at the discretion of the data holder if these headers are used for a specific implementation. Data holders should not require these headers for successful API access, however.
+
+
HTTP Response Codes
+
+
The handling and usage of HTTP response codes for the standards will be according to the following table.
+
+
+
+
Situation
+
HTTP Status
+
Notes
+
POST
+
GET
+
DELETE
+
+
+
+
Query completed successfully
+
200 OK
+
+
Yes
+
Yes
+
No
+
+
+
Normal execution. The request has succeeded.
+
201 Created
+
The operation results in the creation of a new resource.
+
Yes
+
No
+
No
+
+
+
Delete operation completed successfully
+
204 No Content
+
+
No
+
No
+
Yes
+
+
+
The response is not modified since last call
+
304 Not Modified
+
May be returned if standard caching headers such as ETag or If-modified-since are utilised
+
Yes
+
Yes
+
No
+
+
+
Request has malformed, missing or non-compliant JSON body or URL parameters
+
400 Bad Request
+
The requested operation will not be carried out.
+
Yes
+
Yes
+
Yes
+
+
+
Authorization header missing or invalid token
+
401 Unauthorized
+
The operation was refused access. Re-authenticating may result in an appropriate token that may be used.
+
Yes
+
Yes
+
Yes
+
+
+
Token has incorrect scope or a security policy was violated.
+
403 Forbidden
+
The operation was refused access. Re-authenticating is unlikely to remediate the situation. It is expected that this error will result in an error payload
+
Yes
+
Yes
+
Yes
+
+
+
The consumer tried to access the resource with a method that is not supported.
+
405 Method Not Allowed
+
+
Yes
+
Yes
+
Yes
+
+
+
The request contained an Accept header other than permitted media types, a character set other than UTF-8 or a version that was not supported
+
406 Not Acceptable
+
+
Yes
+
Yes
+
Yes
+
+
+
The operation was refused because the payload is in a format not supported by this method on the target resource.
+
415 Unsupported Media Type
+
+
Yes
+
No
+
No
+
+
+
The request was well formed but was unable to be processed due to business logic specific to the request
+
422 Unprocessable Entity
+
If applicable to the HTTP method it is expected that this error will result in an error payload
+
Yes
+
Yes
+
No
+
+
+
The operation was refused as too many requests have been made within a certain timeframe.
+
429 Too Many Requests
+
Throttling is a NFR. The data holder should include a Retry-After header in the response indicating how long the data consumer must wait before retrying the operation.
+
Yes
+
Yes
+
Yes
+
+
+
Something went wrong on the API gateway or micro-service
+
500 Internal Server Error
+
The operation failed.
+
Yes
+
Yes
+
Yes
+
+
+
Service is currently unavailable
+
503 Service Unavailable
+
+
Yes
+
Yes
+
Yes
+
+
+
The server was unable to respond in a timely manner
+
504 Gateway Timeout
+
Returned if a timeout has occurred but a resend of the original request is viable (otherwise use 500 instead)
+
Yes
+
Yes
+
Yes
+
+
+
+
Payload Conventions
+
+
This section of the standard outlines the request and response payload structures for all API end points as well as the naming conventions for fields.
Each API request payload MUST have a JSON object at the root level known as the root object. This object MUST contain a data object to hold the primary data for the request.
+
+
The root object will contain a meta object if, and only if, it is specifically REQUIRED by the end point. The meta object is used to provide additional information such as second factor authorisation data, traffic management, pagination counts or other purposes that are complementary to the workings of the API.
+
+
The definition of the contents for the data object and meta object will be defined separately for each end point.
Each API request payload MUST have a JSON object at the root level known as the root object.
+
+
The contents of the root object are as follows:
+
+
+
If the response is successful (200 OK) the root object:
+
+
+
MUST contain a data object
+
MUST contain a links object
+
MAY contain a meta object if REQUIRED by the definition of the specific end point
+
+
If the response is unsuccessful (not 200 OK) the root object:
+
+
+
MAY contain an errors object (as per the specific end point definition)
+
+
+
+
The definition of the contents for the data object and meta object will be defined separately for each end point.
+
+
The links object will contain links to related API end points. This will include links to support pagination.
+
+
The links object MUST contain a field named self that will have the fully qualified URI to the current request as a value.
+
+
The errors object will be an array of zero or more unnamed objects. The fields in each of these objects will be as follows:
+
+
+
code field MUST be present: holds an end point specific error code
+
title field MUST be present: holds a human readable label of the error that is constant
+per code
+
detail field MUST be present: holds a human readable description of this specific error
+
meta object MAY be present: holds additional end point specific data relevant to the error
+
+
+
Field Naming Conventions
Valid Characters In Field Names
+
All field names defined in either a request or response payload MUST be treated as case sensitive by clients and servers, and they MUST meet all of the following conditions:
+
+
+
Member names MUST contain at least one character.
+
Member names MUST contain only the allowed characters listed below:
+
+
+
U+0061 to U+007A, a-z
+
U+0041 to U+005A, A-Z
+
U+0030 to U+0039, 0-9
+
+
Additionally, the following characters are allowed in field names, except as the first or last character:
+
+
+
U+002D HYPHEN-MINUS, '-'
+
U+005F LOW LINE, '_'
+
U+0024 DOLLAR SIGN, '$'
+
+
+
+
Any other character MUST NOT be used in field names.
+
Field Naming Style
+
Field names MUST be meaningful names with defined semantics.
+
+
Fields representing the same data in different payloads or different parts of a payload MUST have
+the same name.
+
+
Array types SHOULD have plural field names. All other field names SHOULD be singular.
+
+
Field names MUST be defined using camel case with the following clarifications:
+
+
+
If a field name is a single acronym it SHOULD be lowercase
+
If a field name contains an acronym along with other words it MAY be uppercase
+
The first character in a field name SHOULD be lower case unless it is part of an acronym
+
+
+
Fields MUST NOT be named using reserved javascript tokens.
+
Maps
+
For JSON maps (i.e. key/value pairs) any Unicode character MAY be used as a field name and stylistic requirements do not apply.
+
Field Property Conventions
Field Data Types
+
Each field defined for the payloads of an end point MUST have an assigned data type.
+
+
The list of valid data types are set out in the common field types section. If a custom data type is required for a field then the field SHOULD be classified as a string with a clear description of how the property value is to be interpreted or defined.
+
Mandatory/Optional Fields
+
Each field defined for the payloads of an end point MUST have an assigned status of mandatory, optional or conditional.
+
+
Mandatory fields MUST be present and have a non-null value in a request or response payload for the payload to be considered valid.
+
+
Optional fields MAY be present but this is not guaranteed. It is also valid for these fields to be present but have a null value. Note that optional fields indicate that data may sometimes not be held by a Data Holder and this is an expected scenario.
+
+
Conditional fields MUST have an associated conditional statement. If the conditional statement is true in a specific request or response the field is considered mandatory. If the conditional statement is false then the field is considered optional.
+
+
+
Empty/Null Fields
+
An empty field (ie. a field that is not present in a payload) will be considered equivalent with a field that is present with a null value.
+
+
An empty string (“”) is not considered to be equivalent to null.
+
+
A Boolean value of false is not considered to be equivalent to null. Optional Boolean fields, by implication, have three possible values: true, false and indeterminate (ie. null).
A specific convention will apply to union objects.
+
+
In the standards a union object is used in a situation where a set of data can be represented with different sets of fields depending on the context. To maintain strong typing of the fields one of a series of known object structures will be used. An example where this technique is used in the standard is in the definition of account balances where balance information can be represented differently, but unambiguously, for different account types.
+
+
For union objects an additional field, with a known suffix, is used to identify the object type that has been provided specifically.
+
+
As the name of this field is constant it can be used to perform an indirect lookup on the object type that has actually been provided removing the need to scan for which object is present.
+
+
A field of this type will always be specified with the suffix UType meaning Union Type.
Unless otherwise stated within the data standards, arrays are explicitly expressed in response payloads.
+
+
Mandatory fields
+
+
In objects where an array field is defined as having 0..n values, the array field must be explicitly expressed as an array in the payload, even if it only contains one item or is empty.
+
+
This applies equally for object arrays. Where a field is defined as an array value, the response should be:
+* an array of objects,
+* an array of values, or
+* an empty array ([]).
+
+
An empty array is the representation for an array equivalent to an empty string.
+
+
Optional fields
+
+
If the field is optional a null value or empty field response is accepted.
+
+
Normative references
+
+
The only exception to this, unless explicitly stated, is normative standards. The requirements for expressing arrays within those normative standards apply per the normative references.
+
+
Common Field Types
+
+
The following table outlines the common data types for fields used in the standard.
+
+
+
+
Type
+
Description
+
Valid Examples
+
+
+
+
String
+
Standard UTF-8 string but unrestricted in content. Any valid Unicode character can be used.
+
+
+
+
ASCIIString
+
Standard UTF-8 string but limited to the ASCII character set.
+
+
+
+
Boolean
+
Standard JSON boolean
+
true false
+
+
+
Enum
+
String representing an option from a defined list of values - All possible values should be provided - Values should be in all caps - Spaces should be replaced with under bars '_' - Values should be limited to the ASCII character set
+
“OPTION1” “ANOTHER_OPTION” “VAL_ABC_123”
+
+
+
NaturalNumber
+
A natural number (ie. a positive integer inclusive of zero)
+
0 1 10000
+
+
+
PositiveInteger
+
A positive integer (zero excluded)
+
1 10000
+
+
+
NegativeInteger
+
A negative integer inclusive of zero
+
0 -1 -10000
+
+
+
Integer
+
Any positive or negative integer inclusive of zero
+
1 0 -1
+
+
+
Number
+
A standard floating point number. Can be positive, negative or zero
+
0.1 -100.09 10 90.09
+
+
+
Base64
+
Base64 encoded string as per RFC 4648
+
Q29uc3VtZXIgRGF0YSBSaWdodA==
+
+
+
DateTimeString
+
Combined Date and Time string as per RFC- 3339 (labelled date-time in the RFC). As specified in RFC-3339 times should be offset relative to UTC
Date string as per RFC-3339 (labelled full-date in the RFC)
+
“2007-05-01” “2012-12-25”
+
+
+
TimeString
+
Time string as per RFC-3339 (labelled full-time in the RFC). As specified in RFC-3339 times should be offset relative to UTC
+
“15:43:00.12345Z” “15:43:00-12:00”
+
+
+
CurrencyString
+
Standard 3 character currency codes as per ISO-4217
+
“AUD” “USD” “GBP”
+
+
+
RateString
+
A string representing an interest rate. A rate of 100% would be represented by the value 1.0 and a rate of -100% by -1.0 - At least 1 and up to a total of 16 significant digits before decimal point - Up to 16 digits following the decimal point - No formatting, eg thousand separating commas
+
“0.05” “-0.05” “12.3456789” “-99.123456789123”
+
+
+
AmountString
+
A string representing an amount of currency. - A positive, zero or negative number - Negative numbers identified with a ‘-‘ - No currency symbols should be supplied - At least 1 and up to a total of 16 significant digits before decimal point - Minimum 2 digits following a decimal point (more digits allowable but only if required) - No additional formatting, eg thousand separating commas
+
“0.01” “10.00” “1234567.89” “-1001.23” “1.999”
+
+
+
MaskedPANString
+
Masked credit card number. Lower case ‘x’ should be used to mask numbers and only the last four digits should be exposed to facilitate identification. This type is expected to be used for display so the format should be logical for this context
+
"xxxx xxxx xxxx 1234"
+
+
+
MaskedAccountString
+
Masked bank account number genericised for a variety of account types. Should be represented as the full account number would normally be represented for display (including formatting) but with all digits except the last four replaced with a lowercase x. This type is expected to be used for display so the format should be logical for this context
+
"xxxx xxxx xxxx 1234" "xxx-xxx xxxxx1234"
+
+
+
URIString
+
A valid URI
+
"http://www.google.com"
+
+
+
ExternalRef
+
The format is defined by an external reference such as ISO standard or an RFC
Each API end point that can return multiple records will stipulate whether pagination is supported for the end point or not. For end points that will return less than a reasonably sized page of results in the majority of circumstances support for paging may not be included.
+
+
Note that the use of paging for an end point does not require or preclude the use of filtering query parameters. It is expected that filtering and paging will be applied independently of each other.
+
+
Query Parameters
+
+
The consumer will stipulate pagination requirements on the request using query parameters. When paging is supported the consumer MAY provide the following query parameters:
+
+
+
page – the page number being requested (with the first page being 1)
+
page-size – the number of records to return in each page
+
+
+
If the query parameters are not provided the following defaults will be assumed:
+
+
+
page – a default of 1 (the first page) will be assumed
+
page-size – a default of 25 will be assumed
+
+
+
Response Fields
+
+
In addition to the data requested a holder MUST provide the following additional information in the response payload:
+
+
+
In the links object the following fields are to be provided:
+
+
+
first - A URI to request the first page. Mandatory if this response is not the first page.
+
last - A URI to request the last page. Mandatory if this response is not the last page.
+
prev - A URI to the previous page. Mandatory if this response is not the first page.
+
next - A URI to the next page. Mandatory if this response is not the last page.
+
+
In the meta object the following fields are to be provided:
+
+
+
totalRecords - The total number of records in the set. This field MUST be present.
+
totalPages - The total number of pages in the set. This field MUST be present. If totalRecords is 0 totalPages MUST be 0.
+
+
+
+
For each of these fields the page size specified in the request should be assumed when calculating
+values.
+
+
Additional Pagination Rules
+
+
+
Holders are not expected to implement pagination with transaction isolation. The underlying data-set may change between two subsequent requests. This may result in situations where the same transaction is returned on more than one page.
+
A maximum page size of 1000 records is assumed for all end points (unless otherwise stipulated in the end point definition). If a page size greater than this maximum is requested then a HTTP status of 422 Unprocessable Entity SHOULD be returned.
+
+
+
Cursor Support
+
+
For performance reasons data holders may wish to support other pagination patterns such as cursors or continuation tokens. While the standard does not explicitly support these additional mechanisms it is considered allowable to implement these patterns and expose them via the pagination links.
+
+
In this scenario the URIs included in the links for other pages may not be compliant with the standard and may, instead, include other query parameters that support another pagination pattern. It is expected that all other pagination requirements such as link fields and meta fields will still be supported if other patterns are implemented.
+
+
To allow for a more performant implementation data consumers are encouraged to utilise pagination links wherever possible and only use constructed URIs for the first page or if random access to a specific set of records is required.
+
+
ID Permanence
+
+
Within these standards resource IDs are REQUIRED to comply with the following:
+
+
+
An ID for a resource should only be specified in the API standard if an end point exists to
+obtain detail for that resource or to change the state of the resource.
+
If an ID is specified in the standards for a resource then it is mandatory and MUST be supplied, by the data holder, in accordance with the standards.
+
If an ID is specified the ID value MUST be entirely arbitrary and have no inherent meaning. For instance, an ID should not be a combination of other fields or a string that can be parsed to extract meaningful information.
+
IDs SHOULD be unique but that uniqueness may be within a clearly bounded context. For example, a beneficiary ID may be unique but only in the context of a specific account. The bounds of uniqueness should be clearly described in the standards definition for the end point.
+
IDs MUST be immutable across sessions and consents but MUST NOT be transferable across data recipients. For example, data recipient A obtaining an account ID would get a different result from data recipient B obtaining the ID for the same account even if the same customer authorised the access. Under this constraint IDs cannot be usefully transferred between client organisations or data holders.
+
IDs MUST NOT be transferable between different customers for the same data recipient. For example, a data recipient should obtain a different ID for a joint account if the ID was obtained independently using authorisations from both customers.
+
In payloads the field name of “id” should NEVER be used. Each ID field should be meaningfully named so that wherever that ID is used across multiple end points it always refers to the same ID set. For instance, the IDs for accounts would be represented in JSON in a field named “accountId”.
+
+
+
Extensibility
+
+
The Consumer Data Right standards will not cover all possible data sets or APIs that participants may wish to expose. Participants may also wish to innovate on top of the API standards by offering additional data to meet specific market opportunities. It is desirable that the standards not only allow for this to occur but actively encourage it with specific additions to the standards to enable such extension.
+
+
At the same time, it is important that a participant seeking to provide extensions does not hinder a data consumer that is only built for the published standards.
+
+
To accommodate these concerns the standards incorporate the following considerations specifically related to extension by data holders.
+
+
The three types of extension that the standards address are:
+
+
+
Data holder offering entirely new API categories that are not covered by the API Standards
+
Data holder offering additional end points to an API category that is already covered by the standards
+
Data holder offering additional fields to the response payloads for an end point defined in the
+standards
+
+
+
Holder Identifier
+
+
+
For example, the prefixes for the four major Banks included in the first phases of implementation would be:
+
+
CBA – Commonwealth Bank
+
WBC – Westpac Banking Corporation
+
ANZ – ANZ Banking Group
+
NAB – National Australia Bank
+
+
+
+
Data holders seeking to extend the standards MUST nominate a prefix to identify all extensions. Extended fields and end points and would use this prefix consistently. This prefix would be, by preference, the ASX symbol for the holder. Care should be taken not to use a prefix already adopted by another holder in the regime.
+
+
In these standards, where a holder Identifier would be included, the term <HID> will be used.
+
+
New API Categories
+
+
When extending by adding new API categories a holder MUST add these to the overall URI structure by substituting the industry element with the Holder (Provider) ID.
+
+
For instance, the standard URI base path is structured as:
+<holder path> / cds-au / <version> / <industry> / <resource>
+
+
For the extension API categories for a specific holder they would be structured as:
+<holder path> / cds-au / <version> / <HID> / <resource>
+
+
The end points defined under this structure, including the payloads of these end points do not need to be prefixed in any way. The fact that they are underneath the holder section implies that they are additional to the standard.
+
+
Note that:
+
+
+
This mechanism MUST NOT be used to create modified duplicates of the end points defined in the API Standards
+
The end points in this area MUST comply with the standard's conventions and principles including naming conventions and data types.
+
+
+
New End Points In Existing API Categories
+
+
When creating new end points that are in parallel to existing API categories in the standard the Holder Identifier MUST be used to prefix the highest URI element where divergence occurs.
+
+
For example, assume an existing balance end point is defined as follows:
+<base path>/accounts/{account ID}/transactions
+
+
and the holder wishes to add an end point that summarises balance movement for a specific time period then they may define the end point as:
+<base path>/account/{account ID}/<HID>-balance-movement
+
+
Note that:
+
+
+
The prefix is defined as the Holder Identifier followed by a hyphen.
+
As the entire end point is new, the request and payload fields do not need to be prefixed in any way.
+
Care should be taken to ensure there is no collision with an end point defined in the standards by specifying an extension at the same level as a variable URI element (such as at the same level of the {account ID} in the example above).
+
If an end point has multiple levels in the resource path only the highest point where divergence with the standard occurs needs to be prefixed.
+
The new end point MUST comply with standard's conventions and principles including naming conventions and data types.
+
+
+
Additional Fields In An Existing Response Payload
+
+
When adding a new field in an existing payload the field can be added to the JSON by prefixing the string <HID>-.
+
+
If an object is being added as an extension only the highest level object name needs to be prefixed. Any fields inside the extended object can be named normally.
+
+
Note that:
+
+
+
Existing fields MUST NOT be modified in any way. This includes adding new enumeration values to enum type fields.
+
A mandatory field MUST NOT be made optional as the result of an extension.
+
Request payloads can also be extended but the resulting end point should still execute successfully if the extension field is not present (by implication, extension fields in request payloads MUST be optional).
+
New query parameters MAY be added along the same lines as a new field in a request payload (i.e. prefixed, non-mandatory and no side effects if not present).
+
New headers MAY be added along the same lines as a new field in a request payload with the exception that the new header should be prefixed x-<HID>-.
+
New fields MUST comply with the naming conventions and data type standards used.
+
+
+
Additional Query Parameters
+
+
When adding support for a new query parameter to an existing end point that a data consumer is expected to supply, the new parameter should be prefixed by the string <HID>- to avoid potential collision with extension by another data holder.
+
+
Extension Versioning
+
+
As described previously in the versioning section the standard provides for multiple versions of each API end point. This implies the need for extensions to also be versioned.
+
+
An optional header x-<HID>-v will be supported for all end points that can be used by the data consumer to request a specific version of extension fields to include in the response. See the section on HTTP Headers for more information on the use of this header.
For information on the specific normative references that underpin this profile refer to the Normative References section.
+
Symbols and Abbreviated terms
+
+
API: Application Programming Interface
+
CA: Certificate Authority
+
CDR: Consumer Data Right
+
CDR-SP: Consumer Data Right Security Profile
+
CL: Credential Level
+
DH: Data Holder
+
DR: Data Recipient
+
DTA: Digital Transformation Agency
+
FAPI: Financial API
+
HoK: Holder of Key
+
JSON: The JavaScript Object Notation
+
JWA: JSON Web Algorithms
+
JWE: JSON Web Encryption
+
JWK: JSON Web Key
+
JWKS: JSON Web Key Set
+
JWS: JSON Web Signing
+
JWT: JSON Web Token
+
IP: Identity Proofing
+
LoA: Level of Assurance
+
LoAs: Levels of Assurance
+
MTLS: Mutually Authenticated Transport Layer Security
+
OIDC: Open ID Connect
+
PAR: Pushed Authorisation Requests
+
PI: Personal Information
+
PKI: Public Key Infrastructure
+
PPID: Pairwise Pseudonymous Identifier
+
REST: Representational State Transfer
+
TDIF: Trusted Digital Identity Framework
+
TLS: Transport Layer Security
+
+
CDR Federation
+
The CDR Federation will facilitate the secure exchange of consumer data and federation metadata between
+multiple system entities which will assume one or more of the following roles:
+
+
+
Data Holder:
+
+
+
Multiple Data Holders will be supported.
+
+
Data Recipient:
+
+
+
Multiple Data Recipients will be supported.
+
+
Register:
+
+
+
A register will be supported and will be maintained by the Australian Competition and Consumer Commission (ACCC).
+
+
Customer:
+
+
+
The authorising customer that is authenticated by a Data Holder.
+
+
+
Data Holder
+
The Data Holder (DH) is a system entity that authenticates a Customer
+(resource owner or user), as part of an authorisation process initiated by a Data
+Recipient, and issues an authorisation for that Data Recipient to access the Customer's data via published APIs.
For the purposes of this standard a single designated organisation may be represented via the Register as multiple separate Data Holders to support multiple brands or market identities.
+
Data Recipient
+
A Data Recipient (DR) is a system entity that is authorised by a Data Holder to access consumer resources (APIs). A Data Recipient MUST capture consumer consent prior to commencing an authorisation process with a Data Holder.
+
+
A Data Recipient MUST be accredited in order to participate in the CDR Federation. Accreditation rules for Data Recipients are beyond the scope of this artifact.
For the purposes of this standard a single accredited organisation may be represented via the Register as multiple separate Data Recipients to support multiple applications or services.
+
Register
+
+
+
The Register is a central point of discovery for both Data Holders and Data
+Recipients. Data Holders and Data Recipients must be created as entities in the Register in order for them to participate as members of the CDR Federation. The functionality of the Register will include but will not be limited to:
+
+
+
Management of Identities and Access: The Register will allow registered persons, on behalf of Data Holders and Data Recipients, to manage the metadata of their associated organisations and systems.
+
Management of Certificates: The Register will facilitate the issuing, management and revocation of digital certificates.
+
Discoverability and Search: The Register will expose APIs and Web Interfaces in order to support metadata queries across Register entities.
+
+
Customer
+
For the purposes of this standard a single person or individual may be represented as multiple Customers according to the practice of the Data Holder according to their existing digital channels.
+
Authentication Flows
+
This profile supports the authentication flows specified by OpenID Connect[OIDC] as constrained further by FAPI[FAPI].
+
+
Specifically the Hybrid Flow outlined at section 3.3 of [OIDC].
+
+
No other flows are currently supported.
+
+
+
OIDC Hybrid Flow
+
The [OIDC] Hybrid Flow is a type of redirection flow where the consumer's user
+agent is redirected from a Data Recipient’s (Relying Party) web site to a Data
+Holder’s Authorisation end point in the context of an [OIDC] authentication
+request. The Hybrid flow incorporates aspects of the both the implicit flow and
+authorisation code flow detailed under [OIDC].
+
+
Only a response_type (see section 3 of [OIDC]) of code id_token SHALL be allowed.
+
+
The request_uri parameter is only supported if the Data Holder supports PAR.
+
+
In addition, the following statements are applicable for this flow:
+
+
+
Data Holders MUST request a user identifier that can uniquely identify the customer and that is already known by the customer in the redirected page
+
Data Holders MUST NOT request that the customer enter an existing password in the redirected page
+
Data Holders MUST provide a one-time password (OTP) to the customer through an existing channel or mechanism that the customer can then enter into the redirected page
+
The delivery mechanism for the OTP is at the discretion of the Data Holder but MUST align to existing and preferred channels for the customer and MUST NOT introduce unwarranted friction into the authentication process
+
Data Holders SHOULD implement additional controls to minimise the risk of interception of the OTP through the selected delivery mechanism
+
The provided OTP MUST be used only for authentication for CDR based sharing and MUST NOT be usable for the authorisation of other transactions or actions
+
The provided OTP MUST be invalidated after a period of time at the discretion of the Data Holder. This expiry period SHOULD facilitate enough time for the customer to reasonably complete the authorisation process
+
The provided OTP MUST be numeric digits and be between 4 and 6 digits in length
+
The algorithm for the creation of the OTP is at the discretion of the Data Holder but SHOULD incorporate a level of pseudorandomness appropriate for the use case
+
Data Holders SHOULD implement additional controls to minimise the risk of enumeration attacks via the redirect page
+
Data recipients SHOULD record the following information each time an authorisation flow is executed: username (consumer’s ID at the data recipient), timestamp, IP, consent scopes and duration.
+
+
+
In line with CDR Rule 4.24 on restrictions when asking CDR consumers to authorise disclosure of CDR data, unwarranted friction for OTP delivery is considered to include:
+
+
+
the addition of any requirements beyond normal data holder practices for verification code delivery
+
providing or requesting additional information beyond normal data holder practices for verification code delivery
+
offering additional or alternative services
+
reference or inclusion of other documents
+
+
+
Additional requirements and guidelines for this flow are contained in the Consumer Experience section.
+
+
+
Client Authentication
+
This section outlines how participants in the CDR regime will authenticate clients seeking access to end points.
+
+
Note that, while [MTLS] is utilised for transaction security and as a Holder of Key mechanism, the PKI Mutual TLS OAuth Client Authentication Method SHALL NOT be supported as the mechanism for client authentication.
+
CDR Register calling Data Holders and Data Recipients
+
+
Non-Normative Example - CDR Register calls the Data holder's Get Metrics end point with Client Authentication (note that the “aud” claim represents the AdminBaseUri as defined in CDR Register Participant Endpoints).
Data Holders and Data Recipients MUST support the authentication of the CDR Register using a signed JWT according to the following requirements:
+
+
+
The JWT MUST contain the following REQUIRED Claim Values and MAY contain the following OPTIONAL Claim Values:
+
+
+
iss - REQUIRED. Issuer. This MUST contain the static CDR Register id of ‘cdr-register’.
+
sub - REQUIRED. Subject. This MUST contain the static CDR Register id of ‘cdr-register’.
+
aud - REQUIRED. Audience. The aud (audience) Claim. Value that identifies the intended audience. The Data Holder or Data Recipient MUST verify that it is an intended audience for the token. Contents MUST be the base URI for the end point being accessed.
+
jti - REQUIRED. JWT ID. A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once.
+
exp - REQUIRED. Expiration time on or after which the ID Token MUST NOT be accepted for processing.
+
iat - OPTIONAL. Time at which the JWT was issued.
+
+
Validation and use of the JWT and the claims described above MUST be performed in accordance with [JWT]
+
The JWT should be accepted from the client using the "Authorization Request Header Field" mechanism as described in section 2.1 of RFC6750
+
+
Data Holders calling Data Recipients
+
+
Non-Normative Example - Data Holder calls the Data Recipient's revocation end point (note that the “aud” claim is the fully qualified path to the revocation end point because the full path is also the Base URI).
Data Recipients MUST support the authentication of Data Holders using a signed JWT according to the following requirements:
+
+
+
The JWT MUST contain the following REQUIRED Claim Values and MAY contain the following OPTIONAL Claim Values:
+
+
+
iss - REQUIRED. Issuer. This MUST contain the id of the Data Holder obtained from the CDR Register.
+
sub - REQUIRED. Subject. This MUST contain the id of the Data Holder obtained from the CDR Register.
+
aud - REQUIRED. Audience. The aud (audience) Claim. Value that identifies the Data Recipient as the intended audience. The Data Recipient MUST verify that it is an intended audience for the token. Contents MUST be the base URI for the end point being accessed.
+
jti - REQUIRED. JWT ID. A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once.
+
exp - RE QUIRED. Expiration time on or after which the ID Token MUST NOT be accepted for processing.
+
iat - OPTIONAL. Time at which the JWT was issued.
+
+
Validation and use of the JWT and the claims described above MUST be performed in accordance with [JWT]
+
The JWT should be accepted from the client using the "Authorization Request Header Field" mechanism as described in section 2.1 of RFC6750
+
+
Data Recipients calling Data Holders
+
Data Holders MUST support the authentication of Data Recipients using the private_key_jwt Client Authentication method specified at section 9 of [OIDC].
+
+
+
Non-Normative Example - Data Recipient calls Data Holder's token end point.
The private_key_jwt authentication method is enabled through the delivery of an encoded [JWT] signed using the Data Recipient's private key and thus facilitates non-repudiation.
+
+
Client public keys are obtained from the [JWKS] endpoints.
+
+
The [JWT] represents an assertion that MUST include the following claims:
+
+
+
iss: The client ID of the bearer.
+
sub: The client ID of the bearer.
+
aud: The Token Endpoint URL.
+
exp: A JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC expiry time.
+
jti: A unique identifier generated by the client for this authentication.
+
+
+
The following claims MAY be included:
+
+
+
iat: A JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC issued at time.
+
+
+
When invoking a protected end point, the aforementioned assertion MUST be sent with the POST method and MUST include the following parameters:
+
+
+
grant_type: This parameter MUST only be included when invoking the Token End point and MUST be set to authorisation_code or client_credentials. The value refresh_token is also valid when refreshing an access token.
+
code: This parameter MUST only be included when invoking the Token End point after utilising the Hybrid Authentication flow. This is the value of the code parameter returned in the authorisation response.
+
client_id: The ID of the calling Client.
+
client_assertion_type: This MUST be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer.
+
client_assertion: The encoded assertion JWT.
+
+
OIDC Client Types
+
Only Confidential Clients SHALL be supported under this profile. Therefore, Public clients SHALL NOT be supported.
+
+
In reference to the client types referenced in section 2.1 of [OAUTH2]:
+
+
+
Confidential Clients MUST be supported under this profile.
+
Public clients MUST NOT be supported.
+
+
JSON Web Key Sets
+
Data Holder public keys MUST only be obtained from the standard OIDC end point used for that purpose.
+
+
Data Recipient public keys MUST only be obtained from the URI registered with the CDR Register.
+
+
CDR Register public keys MUST only be obtained from the end point exposed for that purpose.
+
+
+
Consent
+
Consent requirements will be communicated between the Data Recipient and Data Holder via the authorisation request object. The primary mechanism for capturing consent will be scopes and claims under [OIDC].
+
+
Other patterns for the establishment of consent may be considered in the future, including the incorporation of fine-grained consent for specific use cases.
+
Scopes and Claims
OIDC Scopes
+
In addition to CDR data scopes the following scopes MUST be supported:
+
+
+
openid: As described as section 3.1.2.1 of [OIDC], this scope MUST be present on each authentication request.
+
profile: Data Holders MUST support the profile scope as described in section 5.4 of [OIDC]. This scope MAY be present on an authentication request.
+
+
Claims
+
The following normal[OIDC] claims MUST be supported. This list includes, but is not limited to, [OIDC]standard claims :
acr: Authentication Context Class Reference. MUST contain a valid ordinal LoA value.
+
auth_time: Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC auth_time. It MUST be returned by the Data Holder in the ID Token when the Data Recipient has requested it as an essential claim according to section 2 of the [OIDC] standard. It SHOULD NOT be returned via the UserInfo endpoint.
+
name: End-User's full name in displayable form including all name parts.
+
given_name: Given name(s) or first name(s) of the End-User.
+
family_name: Surname(s) or last name(s) of the End-User.
+
updated_at: Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC updated_at time.
+
+
+
The following additional claims MUST be supported:
+
+
+
refresh_token_expires_at: indicates the date-time at which the most recently provided refresh token will expire. Its value MUST be a number containing a NumericDate value, as specified in section 2 of section 2[JWT]. If no refresh token has been provided then a zero value should be returned.
+
sharing_expires_at: indicates the date-time at which the current sharing arrangement will expire. Its value MUST be a number containing a NumericDate value, as specified in section 2 of [JWT]. If consent is not complete or a sharing_duration was not requested in the authorisation request object then a zero value should be returned.
ID Tokens are specified in section 2 of the [OIDC] standard. In accordance with [FAPI-RW], ID Tokens must be signed and encrypted when returned
+to a Data Recipient from both the Authorisation
+End Point and Token End Point.
+
+
In addition to the mandatory claims specified in section 2 of the [OIDC] standard, required claims for ID Tokens as part of Hybrid Flow authentication must align to section 3.3 (Authentication using the Hybrid Flow) of the [OIDC] standards and section 5.2.2 and section 8.4.3 of the [FAPI-RW] profile.
+
+
ID Tokens MUST be signed by Data Holders as specified in section 8.6 of [FAPI-RW].
+
+
The ID Token returned from the Authorisation End Point MUST NOT contain any Personal Information (PI) claims.
+
Hashing value for state and authorisation code
+
The c_hash value MUST be generated according to section 3.3.2.11 of [OIDC].
+
+
The s_hash value MUST be generated according to section 5.1 of [FAPI-RW].
+
Access Token
+
Access Tokens MUST be used as specified in section 10.3 of [OAUTH2].
+
+
An Access Token MUST expire between 2 minutes to 10 minutes after the Data Holder issues it (at the discretion of the Data Holder).
+
+
The process for refreshing an Access Token is described in section 12.1 of [OIDC].
+
Refresh Token
+
Refresh Tokens MUST be supported by Data Holders.
+
+
The usage of Refresh Tokens is specified in section 12 of [OIDC].
+
+
The expiration time for a Refresh Token MUST be set by the Data Holder.
+
+
Refresh Token expiration MAY be any length of time greater than 28 days but MUST NOT exceed the end of the duration of sharing consented to by the Consumer.
+
+
Data Holders MAY cycle Refresh Tokens when an Access Token is issued. If Refresh Token cycling is not performed then the Refresh Token MUST NOT expire before the expiration of the sharing consented by the Customer.
+
Token Expiry
+
The expiry time for issued access tokens and refresh tokens must be deterministic for the Data Recipient.
+
+
In order to achieve this:
+
+
+
The Data Holder MUST indicate the lifetime in seconds of the access token in the expires_in field of the JSON object returned by the token end-point (see section 4.2.2 of [OAUTH2]).
+
The Data Holder MUST indicate the expiration time of the refresh token using the refresh_token_expires_at claim.
+
+
+
+
Identifiers and Subject Types
sub claim
+
The identifier for an authenticated end-user (subject) MUST be passed in the sub claim of an ID Token and UserInfo response as defined by [OIDC].
+
+
The Data Holder MUST generate the sub value as a Pairwise Pseudonymous Identifier (PPID) as described in section 8 of [OIDC]. Furthermore, the identifier MUST be unique per customer as per the definition of customer in the CDR Federation section of this profile.
+
+
It is RECOMMENDED that the sub value is generated as a version 4 Universally Unique
+Identifier (UUID) [RFC4122].
The CDR Arrangement ID is a unique string representing a consent arrangement between a Data Recipient and Data Holder for a given consumer.
+
+
The identifier MUST be unique per customer according to the definition of customer in the CDR Federation section of this profile.
+
+
The Data Holder MUST provide the CDR Arrangement ID as the claim cdr_arrangement_id in the Token End Point response and Token Introspection End Point response.
+
+
A Data Holder MUST only return the cdr_arrangement_id in the Token and Token Introspection End Point responses if they also support concurrent consent. This ensures that Data Recipients have a reliable way to determine whether a given Data Holder supports concurrent consent.
+
+
Statements related to the CDR Arrangement ID:
+
+
+
The CDR Arrangement ID MUST be unique to a Data Holder
+
The CDR Arrangement ID MUST be non-guessable and must not identify a consumer
+
A CDR Arrangement ID SHOULD be generated using an algorithm that reduces the chances of collision
+
A CDR Arrangement ID MUST be static across consents within the one sharing arrangement (e.g. across consent renewal and re-authorisation)
+
+
Retrospectively obtaining a CDR Arrangement ID
+
For any existing consents, Data Holders must retrospectively generate a cdr_arrangement_id such that from November 2020, Data Recipients can obtain a valid cdr_arrangement_id for all active consents they hold.
+
+
A Data Recipient can call either the Token or Token Introspection End Points at any point post-consent to obtain the CDR Arrangement ID in the response JSON as the claim cdr_arrangement_id.
+
+
+
Levels of Assurance (LoAs)
+
Levels Of Assurance (LoAs), returned after a successful authentication MUST be represented in Single Ordinal form where a single LoA value is represented.
+
+
+
Single Ordinal
+
A Single LoA value is carried in the acr claim which is described in section 2 of [OIDC].
+
+
+
An LoA of 2 is represented by the URI: urn:cds.au:cdr:2
+
+
+
The authenticator used to attain this level MUST conform with the Credential Level CL1 rules specified under the Trusted Digital Identity Framework[TDIF] Authentication Credential Requirements specification.
+
+
An LoA of 3 is represented by the URI: urn:cds.au:cdr:3
+
+
+
The authenticators used to attain this level MUST conform with the Credential Level CL2 rules specified under the Trusted Digital Identity Framework[TDIF] Authentication Credential Requirements specification.
+
+
+
+
READ operations SHALL only be allowed where at least an LoA of 2 has been achieved during the establishment of consent.
+
+
WRITE operations SHALL only be allowed where:
+
+
+
At least an LoA of 3 has been achieved during the establishment of consent, or
+
At least an LoA of 2 has been achieved during the establishment of consent and a subsequent challenge/response has resulted in an LoA of 3 being achieved within the lifespan of the current Access Token.
+
+
Transaction Security
Use of TLS
+
All HTTP calls MUST be made using HTTPS incorporating TLS >= 1.2.
+
+
+
Use of MTLS
+
All back-channel communication between Data Recipient and Data Holder systems MUST incorporate, unless stated otherwise, [MTLS] as part of the TLS handshake:
+
+
+
The presented Client transport certificate MUST be issued by the CDR Certificate Authority (CA). The Server MUST NOT trust Client transport certificates issued by other authorities.
+
The presented Server transport certificate MUST be issued by the CDR Certificate Authority (CA). The Client MUST NOT trust Server transport certificates issued by other authorities.
+
+
+
End points for transferring CDR Data that are classified as not requiring authentication do not require the use of [MTLS].
+
Holder of Key Mechanism
+
[MTLS] MUST be supported as a Holder of Key (HoK) Mechanism.
+
+
Note that, by implication, resource requests MUST be validated to ensure the client certificate and access token match.
+
+
OAUTB SHALL NOT be supported due to a lack industry support.
+
+
[MTLS] HoK allows issued tokens to be bound to a client certificate as specified in section 3 of [MTLS].
+
Ciphers
+
Only the following cipher suites SHALL be permitted in accordance with section 8.5 of [FAPI-RW]:
+
+
+
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+
+
CORS
+
Cross-origin resource sharing (CORS) must be enabled (ie. Access-Control-Allow-Origin set to "*") for the following end points:
The Request Object is a signed and encoded JWT specified in section 6.1 of [OIDC]. As per [FAPI-RW]section 5.2.2, the request parameter MUST be present on requests to the [OIDC] Hybrid Authorisation End Point. The Request Object enables [OIDC] requests to be passed in a single and self-contained parameter.
+
+
Request Objects MUST be signed by Data Recipients as specified in section 8.6 of [FAPI-RW].
+
+
Request Object references MUST be supported if the Data Holder supports Pushed Authorisation Requests (PAR).
+
Requesting Sharing Duration
+
To facilitate the specification of the duration for consent to share CDR data that is approved by the consumer, a mechanism for the Data Recipient to specify a sharing duration to the Data Holder is required.
+
+
To accomplish this, the Data Holder MUST support an additional claim in the authorisation request object named sharing_duration. The sharing_duration claim MUST be handled as follows:
+
+
+
The sharing_duration parameter is a number
+
The value of the sharing_duration parameter will contain the requested duration for sharing, in seconds.
+
If the sharing_duration value exceeds one year then a duration of one year will be assumed.
+
If the sharing_duration value is zero or absent then once off access will be assumed and only an Access Token (without a Refresh Token) will be provided on successful authorisation.
+
If the sharing_duration value is negative then the authorisation should fail.
+
+
+
Note that the period of one year in the above statements should be interpreted as 365, 24 hour days (or 31,536,000 seconds).
+
+
The Data Recipient is able to obtain the expiration of sharing via the sharing_expires_at claim.
+
Specifying an existing arrangement
+
Provided a Data Holder supports PAR, they MUST also support the cdr_arrangement_id claim provided in the Request Object sent to the PAR End Point. The Data Recipient MAY provide the cdr_arrangement_id claim in the Request Object sent to the PAR End Point.
+
+
The cdr_arrangement_id claim MUST be handled as follows:
+
+
Until November 2020 data holders are not required to take any action if cdr_arrangement_id is supplied but MUST NOT respond with an error.
+
+
Until November 2020 data recipients MUST NOT implement scenarios that support concurrent consent. Only single, extant consent scenarios should be implemented until this date.
+
+
If a data recipient provides the cdr_arrangement_id claim in the request object to the data holder's PAR End Point, the data holder MUST revoke any existing tokens related to the arrangement once the new consent is successfully established and a new set of tokens has been provided to the data recipient.
+
+
For data recipients seeking to replace consent where the Data Holder does not support PAR, data recipients MUST actively revoke previously supplied refresh tokens, immediately after receiving the tokens for a newly established consent, using the appropriate revocation end point.
At a minimum, the Data Holder metadata MUST include:
+
+
+
issuer: URL that the Data Holder asserts as its Issuer Identifier.
+
authorization_endpoint: URL of the Authorization End Point.
+
token_endpoint: URL of the Token End Point.
+
introspection_endpoint: URL of the Introspection End Point.
+
revocation_endpoint: URL of the Revocation End Point.
+
userinfo_endpoint: URL of the UserInfo End Point.
+
registration_endpoint: URL of the Client Registration End Point.
+
scopes_supported: This list of supported scopes.
+
claims_supported: The list of supported claims.
+
acr_values_supported: The supported ACR values.
+
jwks_uri: The JSON Web Key Set for the data holder.
+
id_token_encryption_alg_values_supported: The list of the supported JWE algorithms for securing the issued ID tokens. Must conform to [FAPI-RW] and [OIDD].
+
id_token_encryption_enc_values_supported: The list of the supported JWE encryption methods for securing the issued ID tokens.
+
+
+
From November 2020, the Data Holder metadata MUST include:
+
+
+
cdr_arrangement_revocation_endpoint: The URL of the CDR Arrangement Revocation End Point for consent revocation
+
pushed_authorization_request_endpoint: URL of the Pushed Authorisation End Point used to support [PAR].
The requirements for the Authorisation End Point are specified in section 3.3.2 of [OIDC] and further specified under section 5.2.2 of [FAPI-RW]. This end point is invoked as part of the Hybrid Authentication flow.
+
JSON Web Key Set End Point
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder & Data Recipient
+
+
+
Transport Security
+
TLS
+
+
+
Client Authentication Required
+
No
+
+
+
Bearer Token Required
+
No
+
+
+
+
The requirements for the JWKS End Point are specified in various sections of [OIDC].
+
+
This end point is used by the Data Holder to provide the public keys they will use when required.
+
+
Data Holders MUST support a JWKS End Point.
+
Token End Point
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder
+
+
+
Transport Security
+
MTLS
+
+
+
Client Authentication Required
+
Yes
+
+
+
Bearer Token Required
+
No
+
+
+
+
The requirements for the Token End Point are specified in section 3.3.3 of [OIDC].
+
+
To obtain an Access Token, an ID Token, and a Refresh Token, the Data Recipient sends a Token Request to the Token End Point.
+
+
Data Holders MUST support a Token End Point.
+
UserInfo End Point
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder
+
+
+
Transport Security
+
MTLS
+
+
+
Client Authentication Required
+
No
+
+
+
Bearer Token Required
+
Yes
+
+
+
+
The requirements for the UserInfo End Point are specified in section 5.3 of [OIDC].
+
+
Data Holders MUST support a UserInfo End Point.
+
Introspection End Point
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder
+
+
+
Transport Security
+
MTLS
+
+
+
Client Authentication Required
+
Yes
+
+
+
Bearer Token Required
+
No
+
+
+
+
Data Holders MUST implement an Introspection End Point to allow Data Recipients to determine the status and expiry date of Refresh Tokens. The requirements for an Introspection End Point are described in section 2 of [RFC7662].
+
+
Introspection of Refresh Tokens MUST be supported.
+
+
Introspection of Access Tokens and ID Tokens MUST NOT be supported.
+
+
A Token Introspection End Point Response SHALL include, at least, the following fields:
+
+
+
active: Boolean indicator of whether or not the presented token
+ is currently active.
+
exp: A JSON number representing the number of seconds from 1970-01-01T00:00:00Z to the UTC expiry time.
+
scope: A JSON string containing a space-separated list of scopes associated with this token.
+
cdr_arrangement_id: A unique identifier of the CDR arrangement related to the authorisation.
+
+
+
A Token Introspection End Point Response MAY include claims defined in Section 2.2 of [RFC7662] but username SHALL NOT be allowed.
+
Token Revocation End Point
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder and Data Recipient
+
+
+
Transport Security
+
MTLS for Data Holders, TLS for Data Recipients
+
+
+
Client Authentication Required
+
Yes (for verifying Data Recipients)
+
+
+
Bearer Token Required
+
Yes (for verifying Data Holders)
+
+
+
+
Requirements for Data Holder implementations
+
+
Data Holders MUST implement a Token Revocation End Point as described in section 2 of [RFC7009].
+
+
The Revocation End Point serves as a revocation mechanism that allows a Data Recipient to invalidate its tokens as required to allow for token clean up.
+
+
Revocation of Refresh Tokens and Access Tokens MUST be supported.
+
+
Requirements for Data Recipient implementations
+
+
The Token Revocation End Point, when implemented by the Data Recipient allows a Data Holder to notify the Data Recipient of the revocation of a sharing arrangement by the Customer in totality as required by the ACCC CDR Rules. This revocation will have been actioned by the Customer via the Data Holder’s consent dashboard as described in the ACCC CDR Rules.
+
+
Revocation of Access Tokens MUST not be supported.
+
+
Revocation of Refresh Tokens MUST be supported and will be used to notify the Data Recipient of sharing revocation.
+
+
If consent is withdrawn by a Customer in writing or by using the Data Recipient’s dashboard the Data Recipient MUST revoke consent using Data Holder’s implementation.
+
+
Revoking consent
+
+
If the Data Holder does not support a CDR Arrangement Revocation End Point, Data Recipients MUST use the Data Holder's Token Revocation End Point with the current Refresh Token to notify the Data Holder.
+
+
If the Data Holder does support the CDR Arrangement Revocation End Point, Data Recipients MUST use the Data Holder's CDR Arrangement Revocation End Point with a valid cdr_arrangement_id to notify the Data Holder.
+
+
NOTE: Data Recipients MUST continue to support this Token Revocation End Point until February 2021.
+
+
NOTE: Data Holders MUST continue to support consent revocation via the oAuth Token Revocation end point until February 2021.
HTTP Method: POST
+Data Holder Path: The cdr_arrangement_revocation_endpoint defined using OIDC Discovery
+Data Recipient Path:<RecipientBaseUri>/arrangements/revoke where <RecipientBaseUri> is registered with the CDR Register.
+
+
From November 2020, Data Holders and Data Recipients MUST implement a CDR Arrangement Revocation End Point that can be used to revoke an existing sharing arrangement.
+
+
The request MUST include the following parameters using the application/x-www-form-urlencoded format in the HTTP request entity-body:
+cdr_arrangement_id: The ID of the arrangement that the client wants to revoke.
+
+
This end point will be implemented according to the following:
+
+
+
Data Recipients and Data Holders MUST revoke consent by calling the CDR Arrangement Revocation End Point with a valid CDR Arrangement ID
+
Data Holders MUST publish their CDR Arrangement Revocation End Point using their OpenID Provider Metadata Discovery End Point
+
Data Recipients MUST expose their CDR Arrangement Revocation End Point under their Recipient Base URI published in their Software Statement Assertion
+
Consent revocation MUST also revoke associated refresh and/or access tokens
+
For Data Recipients, Data Holder must be authenticated when they call this end point according to the guidance in the Client Authentication section.
+
If the cdr_arrangement_id is not related to the client making the call it MUST be rejected
+
+
+
Response Codes
+
+
The following responses are in addition to error responses covered by normative references. Error scenarios in the following table MUST use the error structure defined in the Payload Conventions.
+
+
+
+
Response Code
+
Situation
+
Description
+
+
+
+
204 No Content
+
Success
+
The sharing arrangement has been revoked successfully
+
+
+
422 Unprocessable Entity
+
Invalid Arrangement ID
+
The client submitted an invalid arrangement identifier or the identifier could not be found
+
+
+
+
Data Holders calling Data Recipients
+
+
Data Holders may discover that a given Data Recipient supports the CDR Arrangement Revocation End Point by the presence of the Recipient Base URI in the Software Statement Assertion (SSA). If a Data Recipient does not support the CDR Arrangement Revocation End Point, the Data Holder MUST call the Data Recipient Token Revocation End Point.
+
+
Data Recipients SHOULD update their client registration with each Data Holder as soon as is practical once they support the CDR Arrangement Revocation End Point.
+
+
Data Recipients MUST continue to support their Token Revocation End Point until February 2021 and until they have updated their client registrations.
+
+
Updating Register Meta Data and Client Registration
+
+
When a Data Recipient supports the CDR Arrangement Revocation End Point, they MUST:
+1. Update their meta data with the CDR Register to include their recipient_base_uri.
+2. Update their client registration with each Data Holder.
+
+
If the Data Recipient does not support the CDR Arrangement Revocation End Point, the Data Holder MUST instead revoke consent using the Data Recipient Token Revocation End Point.
+
+
Data Recipients calling Data Holders
+
+
Data Recipients may discover that a given Data Holder supports the CDR Arrangement Revocation End Point by the presence of the cdr_arrangement_revocation_endpoint in the Data Holder's OpenID Provider metadata.
+
+
If a Data Recipient does not support the CDR Arrangement Revocation End Point, Data Holders must notify Data Recipients when consent is withdrawn by calling the Data Recipient Revocation End Point.
## This is used by the ADR in the subsequent authorisation request as follows
+## (note that until PAR is an RFC standard, the mandatory oAuth parameters as
+## per FAPI R/W for confidential clients must be replayed in the request URL):
+
+GET /authorise?client_id=s6BhdRkqt3&
+ response_type=code%20id_token&
+ scope=openid%20profile%20bank:accounts.basic:read%20bank:accounts.detail:read&
+ request_uri=urn%3Adata.holder.com.au%3Abwc4JK-ESC0w8acc191e-Y1LTC2
+HTTP/1.1
+Host: data.holder.com.au
+
+
+
+
Description
+
Value
+
+
+
+
Hosted By
+
Data Holder
+
+
+
Transport Security
+
MTLS
+
+
+
Client Authentication Required
+
Yes
+
+
+
Bearer Token Required
+
No
+
+
+
+
From November 2020, Data Holders MUST support Pushed Authorisation Requests (PAR) via the pushed authorisation end point according to [PAR].
+
+
Data Recipients MAY send authorisation requests using [PAR] if supported by the Data Holder. Request objects which contain the cdr_arrangement_id claim MUST only be sent using [PAR]. If a Data Holder does not support [PAR], a Data Recipient SHOULD NOT provide the cdr_arrangement_id claim in the request object.
+
+
The Data Holder response provides the Data Recipient with a Request URI in the response. The Request URI is then passed to the Data Holder’s Authorisation End Point to initiate an authorisation flow.
+
+
In addition:
+
+
+
Request Object references SHALL NOT be supported in any mode of use other than [PAR]. If a Data Holder does not support [PAR], it MUST NOT support Request Object references.
+
The Request URI MUST expire between 10 seconds and 90 seconds
+
Data Recipients MAY provide an existing cdr_arrangement_id claim in an authorisation request object to establish a new consent under an existing arrangement
+
Data Holders MUST revoke existing refresh tokens and access tokens when a cdr_arrangement_id is provided in the Request Object but only after successful authorisation
+
If the cdr_arrangement_id is not related to the consumer being authenticated it MUST be rejected
+
If the cdr_arrangement_id is not recognised by to the Data Holder it MUST be rejected
The Consumer Experience (CX) standards, containing requirements and guidelines for the creation of implementatations by both Data Recipients and Data Holders, are split into two documents. This first defines mandatory standards and the second includes guidelines for facilitating the implementation of rules and standards that relate to the consumer experience:
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
A tokenised identifier for the account which is unique but not shareable
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Some general notes that apply to all end points that retrieve transactions:
+
+
+
Where multiple transactions are returned, transactions should be ordered according to effective date in descending order
+
As the date and time for a transaction can alter depending on status and transaction type two separate date/times are included in the payload. There are still some scenarios where neither of these time stamps is available. For the purpose of filtering and ordering it is expected that the data holder will use the “effective” date/time which will be defined as:
+
+
+
Posted date/time if available, then
+
Execution date/time if available, then
+
A reasonable date/time nominated by the data holder using internal data structures
+
+
For transaction amounts it should be assumed that a negative value indicates a reduction of the available balance on the account while a positive value indicates an increase in the available balance on the account
+
For aggregated transactions (ie. groups of sub transactions reported as a single entry for the account) only the aggregated information, with as much consistent information accross the subsidiary transactions as possible, is required to be shared
Constrain the transaction history request to transactions with effective time at or after this date/time. If absent defaults to newest-time minus 90 days. Format is aligned to DateTimeString common type
Constrain the transaction history request to transactions with effective time at or before this date/time. If absent defaults to today. Format is aligned to DateTimeString common type
Filter transactions to only transactions with amounts less than or equal to than this amount
+
+
+
text
+
query
+
string
+
optional
+
Filter transactions to only transactions where this string value is found as a substring of either the reference or description fields. Format is arbitrary ASCII string. This parameter is optionally implemented by data holders. If it is not implemented then a response should be provided as normal without text filtering applied and an additional boolean field named isQueryParamUnsupported should be included in the meta object and set to true (whether the text parameter is supplied or not)
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
ID of the transaction obtained from a previous call to one of the other transaction end points
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain direct debit authorisations for multiple, filtered accounts
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
ID of the account to get scheduled payments for. Must have previously been returned by one of the account list end points. The account specified is the source account for the payment
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain scheduled payments for multiple, filtered accounts that are the source of funds for the payments
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
+
+
+
open-status
+
query
+
string
+
optional
+
Used to filter results according to open/closed status. Values can be OPEN, CLOSED or ALL. If absent then ALL is assumed
Filters accounts based on whether they are owned by the authorised customer. True for owned accounts, false for unowned accounts and absent for all accounts
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The request was well formed but was unable to be processed due to business logic specific to the request. For this API a 422 response must be given if any of the account IDs provided are invalid for the consent context
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
422
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Filter on the payee type field. In addition to normal type field values, ALL can be specified to retrieve all payees. If absent the assumed value is ALL
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Note that the payee sub-structure should be selected to represent the payment destination only rather than any known characteristics of the payment recipient
The ID used to locate the details of a particular payee
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain a list of products that are currently openly offered to the market
+
+
Note that the results returned by this end point are expected to be ordered in descending order according to lastUpdated.
+
Conventions
+
In the product reference payloads there are a number of recurring conventions that are explained here, in one place.
+
Arrays Of Features
+
In the product detail payload there are a number of arrays articulating generic features, constraints, prices, etc. The intent of these arrays is as follows:
+
+
+
Each element in an array has the same structure so that clients can reliably interpret the payloads
+
Each element as a type element that is an enumeration of the specific aspect of a product being described, such as types of fees.
+
Each element has a field name additionalValue. This is a generic field with contents that will vary based on the type of object being described. The contents of this field for the ADDITIONAL_CARDS feature is the number of cards allowed while the contents of this field for the MAX_LIMIT constraint would be the maximum credit limit allowed for the product.
+
An element in these arrays of the same type may appear more than once. For instance, a product may offer two separate loyalty programs that the customer can select from. A fixed term mortgage may have different rates for different term lengths.
+
An element in these arrays may contain an additionalInfo and additionalInfoUri field. The additionalInfo field is used to provide displayable text clarifying the purpose of the element in some way when the product is presented to a customer. The additionalInfoUri provides a link to externally hosted information specifically relevant to that feature of the product.
+
Depending on the type of data being represented there may be additional specific fields.
+
+
URIs To More Information
+
As the complexities and nuances of a financial product can not easily be fully expressed in a data structure without a high degree of complexity it is necessary to provide additional reference information that a potential customer can access so that they are fully informed of the features and implications of the product. The payloads for product reference therefore contain numerous fields that are provided to allow the product holder to describe the product more fully using a web page hosted on their online channels.
+
+
These URIs do not need to all link to different pages. If desired, they can all link to a single hosted page and use difference HTML anchors to focus on a specific topic such as eligibility or fees.
+
Linkage To Accounts
+
From the moment that a customer applies for a product and an account is created the account and the product that spawned it will diverge. Rates and features of the product may change and a discount may be negotiated for the account.
+
+
For this reason, while productCategory is a common field between accounts and products, there is no specific ID that can be used to link an account to a product within the regime.
+
+
Similarly, many of the fields and objects in the product payload will appear in the account detail payload but the structures and semantics are not identical as one refers to a product that can potentially be originated and one refers to an account that actual has been instantiated and created along with the associated decisions inherent in that process.
+
Dates
+
It is expected that data consumers needing this data will call relatively frequently to ensure the data they have is representative of the current offering from a bank. To minimise the volume and frequency of these calls the ability to set a lastUpdated field with the date and time of the last update to this product is included. A call for a list of products can then be filtered to only return products that have been updated since the last time that data was obtained using the updated-since query parameter.
+
+
In addition, the concept of effective date and time has also been included. This allows for a product to be marked for obsolescence, or introduction, from a certain time without the need for an update to show that a product has been changed. The inclusion of these dates also removes the need to represent deleted products in the payload. Products that are no long offered can be marked not effective for a few weeks before they are then removed from the product set as an option entirely.
+
+
NOTE: This version must be implemented by February 2021
Allows for the filtering of products based on whether the current time is within the period of time defined as effective by the effectiveFrom and effectiveTo fields. Valid values are ‘CURRENT’, ‘FUTURE’ and ‘ALL’. If absent defaults to 'CURRENT'
Only include products that have been updated after the specified date and time. If absent defaults to include all products
+
+
+
brand
+
query
+
string
+
optional
+
Filter results based on a specific brand
+
+
+
product-category
+
query
+
string
+
optional
+
Used to filter results on the productCategory field applicable to accounts. Any one of the valid values for this field can be supplied. If absent then all accounts returned.
Page size to request. Default is 25 (standard pagination)
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Obtain basic information on the customer that has authorised the current session
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain detailed information on the authorised customer within the current session.
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
+
+
+
x-fapi-interaction-id
+
header
+
string
+
optional
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
+
+
+
x-fapi-auth-date
+
header
+
string
+
optional
+
The time when the customer last logged in to the data recipient. Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls.
+
+
+
x-fapi-customer-ip-address
+
header
+
string
+
optional
+
The customer's original IP address if the customer is currently logged in to the data recipient. The presence of this header indicates that the API is being called in a customer present context. Not to be included for unauthenticated calls.
The customer's original standard http headers Base64 encoded, including the original User Agent header, if the customer is currently logged in to the data recipient. Mandatory for customer present calls. Not required for unattended or unauthenticated calls.
The version of the API end point that the data holder has responded with.
+
+
+
200
+
x-fapi-interaction-id
+
string
+
+
An RFC4122 UUID used as a correlation id. If provided, the data holder must play back this value in the x-fapi-interaction-id response header. If not provided a [RFC4122] UUID value is required to be provided in the response header to track the interaction.
Obtain a health check status for the implementation
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
Obtain a list of scheduled outages for the implementation
+
Endpoint Version
+
+
+
+
+
+
+
+
Version
+
1
+
+
+
+
Parameters
+
+
+
+
Name
+
In
+
Type
+
Required
+
Description
+
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder must respond with a 406 Not Acceptable.
A data holder specific unique identifier for this product. This identifier must be unique to a product but does not otherwise need to adhere to ID permanence guidelines.
The date and time from which this product is effective (ie. is available for origination). Used to enable the articulation of products to the regime before they are available for customers to originate
Indicates whether the product is specifically tailored to a circumstance. In this case fees and prices are significantly negotiated depending on context. While all products are open to a degree of tailoring this flag indicates that tailoring is expected and thus that the provision of specific fees and rates is not applicable
+
+
+
additionalInformation
+
object
+
optional
+
none
+
Object that contains links to additional information on specific topics
URI reference to a PNG, JPG or GIF image with proportions defined by ISO 7810 ID-1 and width no greater than 512 pixels. The URI reference may be a link or url-encoded data URI RFC 2397
An array of bundles that this product participates in. Each bundle is described by free form information but also by a list of product IDs of the other products that are included in the bundle. It is assumed that the current product is included in the bundle also
Link to a web page with more information on the bundle criteria and benefits
+
+
+
productIds
+
[string]
+
optional
+
none
+
Array of product IDs for products included in the bundle that are available via the product end points. Note that this array is not intended to represent a comprehensive model of the products included in the bundle and some products available for the bundle may not be available via the product reference end points
Generic field containing additional information relevant to the featureType specified. Whether mandatory or not is dependent on the value of the featureType.
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the feature. Mandatory if the feature type is set to OTHER
The type of constraint described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the constraintType specified. Whether mandatory or not is dependent on the value of constraintType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information the constraint
The type of eligibility criteria described. See the next section for an overview of valid values and their meaning
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the eligibilityType specified. Whether mandatory or not is dependent on the value of eligibilityType
+
+
+
additionalInfo
+
string
+
conditional
+
none
+
Display text providing more information on the eligibility criteria. Mandatory if the field is set to OTHER
A fee rate calculated based on a proportion of the balance. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied.
A fee rate calculated based on a proportion of a transaction. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied
A fee rate calculated based on a proportion of the calculated interest accrued on the account. One of amount, balanceRate, transactionRate and accruedRate is mandatory unless the feeType "VARIABLE" is supplied
The indicative frequency with which the fee is calculated on the account. Only applies if balanceRate or accruedRate is also present. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
A discount rate calculated based on a proportion of the balance. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of a transaction. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory
A discount rate calculated based on a proportion of the calculated interest accrued on the account. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
A discount rate calculated based on a proportion of the fee to which this discount is attached. Note that the currency of the fee discount is expected to be the same as the currency of the fee itself. One of amount, balanceRate, transactionRate, accruedRate and feeRate is mandatory. Unless noted in additionalInfo, assumes the application and calculation frequency are the same as the corresponding fee
+
+
+
additionalValue
+
string
+
conditional
+
none
+
Generic field containing additional information relevant to the discountType specified. Whether mandatory or not is dependent on the value of discountType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the discount
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
Generic field containing additional information relevant to the depositRateType specified. Whether mandatory or not is dependent on the value of depositRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate
The period after which the rate is applied to the balance to calculate the amount due for the period. Calculation of the amount is often daily (as balances may change) but accumulated until the total amount is 'applied' to the account (see applicationFrequency). Formatted according to ISO 8601 Durations (excludes recurrence syntax)
The period after which the calculated amount(s) (see calculationFrequency) are 'applied' (i.e. debited or credited) to the account. Formatted according to ISO 8601 Durations (excludes recurrence syntax)
+
+
+
interestPaymentDue
+
string
+
optional
+
none
+
When loan payments are due to be paid within each period. The investment benefit of earlier payments affect the rate that can be offered
+
+
+
repaymentType
+
string
+
optional
+
none
+
Options in place for repayments. If absent, the lending rate is applicable to all repayment types
+
+
+
loanPurpose
+
string
+
optional
+
none
+
The reason for taking out the loan. If absent, the lending rate is applicable to all loan purposes
Generic field containing additional information relevant to the lendingRateType specified. Whether mandatory or not is dependent on the value of lendingRateType
+
+
+
additionalInfo
+
string
+
optional
+
none
+
Display text providing more information on the rate.
Defines the criteria and conditions for which a rate applies
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
name
+
string
+
mandatory
+
none
+
A display name for the tier
+
+
+
unitOfMeasure
+
string
+
mandatory
+
none
+
The unit of measure that applies to the tierValueMinimum and tierValueMaximum values e.g. a DOLLAR amount. PERCENT (in the case of loan-to-value ratio or LVR). Tier term period representing a discrete number of MONTH's or DAY's (in the case of term deposit tiers)
The number of tierUnitOfMeasure units that form the upper bound of the tier or band. For a tier with a discrete value (as opposed to a range of values e.g. 1 month) this must be the same as tierValueMinimum. Where this is the same as the tierValueMinimum value of the next-higher tier the referenced tier should be exclusive of this value. For example a term deposit of 2 months falls into the upper tier of the following tiers: (1 – 2 months, 2 – 3 months). If absent the tier's range has no upper bound.
+
+
+
rateApplicationMethod
+
string
+
optional
+
none
+
The method used to calculate the amount to be applied using one or more tiers. A single rate may be applied to the entire balance or each applicable tier rate is applied to the portion of the balance that falls into that tier (referred to as 'bands' or 'steps')
The display name of the account as defined by the bank. This should not incorporate account numbers or PANs. If it does the values should be masked according to the rules of the MaskedAccountString common type.
+
+
+
nickname
+
string
+
optional
+
none
+
A customer supplied nick name for the account
+
+
+
openStatus
+
string
+
optional
+
none
+
Open or closed status for the account. If not present then OPEN is assumed
Flag indicating that the customer associated with the authorisation is an owner of the account. Does not indicate sole ownership, however. If not present then 'true' is assumed
The unmasked BSB for the account. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+
+
+
» accountNumber
+
string
+
optional
+
none
+
The unmasked account number for the account. Should not be supplied if the account number is a PAN requiring PCI compliance. Is expected to be formatted as digits only with leading zeros included and no punctuation or spaces
+
+
+
» bundleName
+
string
+
optional
+
none
+
Optional field to indicate if this account is part of a bundle that is providing additional benefit for to the customer
+
+
+
» specificAccountUType
+
string
+
optional
+
none
+
The type of structure to present account specific fields.
True if the feature is already activated and false if the feature is available for activation. Defaults to true if absent. (note this is an additional field appended to the feature object defined in the Product Reference payload)
Current instructions on action to be taken at maturity. This includes default actions that may be specified in the terms and conditions for the product e.g. roll-over to the same term and frequency of interest payments
Set to true if one or more offset accounts are configured for this loan account
+
+
+
offsetAccountIds
+
[string]
+
optional
+
none
+
The accountIDs of the configured offset accounts attached to this loan. Only offset accounts that can be accessed under the current authorisation should be included. It is expected behaviour that offsetAccountEnabled is set to true but the offsetAccountIds field is absent or empty. This represents a situation where an offset account exists but details can not be accessed under the current authorisation
+
+
+
repaymentType
+
string
+
optional
+
none
+
Options in place for repayments. If absent defaults to PRINCIPAL_AND_INTEREST
A unique ID of the transaction adhering to the standards for ID permanence. This is mandatory (through hashing if necessary) unless there are specific and justifiable technical reasons why a transaction cannot be uniquely identified for a particular account type
True if extended information is available using the transaction detail end point. False if extended data is not available
+
+
+
type
+
string
+
mandatory
+
none
+
The type of the transaction
+
+
+
status
+
string
+
mandatory
+
none
+
Status of the transaction whether pending or posted. Note that there is currently no provision in the standards to guarantee the ability to correlate a pending transaction with an associated posted transaction
+
+
+
description
+
string
+
mandatory
+
none
+
The transaction description as applied by the financial institution
The time the transaction was posted. This field is Mandatory if the transaction has status POSTED. This is the time that appears on a standard statement
Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit transaction entry
The balance of the account at this time. Should align to the balance available via other channels such as Internet Banking. Assumed to be negative if the customer has money owing
ID of the payee adhering to the rules of ID permanence
+
+
+
nickname
+
string
+
mandatory
+
none
+
The short display name of the payee as provided by the customer. Where a customer has not provided a nickname, a display name derived by the bank for the payee consistent with existing digital banking channels
+
+
+
description
+
string
+
optional
+
none
+
A description of the payee provided by the customer
+
+
+
type
+
string
+
mandatory
+
none
+
The type of payee. DOMESTIC means a registered payee for domestic payments including NPP. INTERNATIONAL means a registered payee for international payments. BILLER means a registered payee for BPAY
Type of account object included. Valid values are: account A standard Australian account defined by BSB/Account Number. card A credit or charge card to pay to (note that PANs are masked). payId A PayID recognised by NPP
BPAY CRN of the Biller. If the contents of the CRN match the format of a Credit Card PAN then it should be masked using the rules applicable for the MaskedPANString common type
A unique ID of the scheduled payment adhering to the standards for ID permanence
+
+
+
nickname
+
string
+
optional
+
none
+
The short display name of the payee as provided by the customer
+
+
+
payerReference
+
string
+
mandatory
+
none
+
The reference for the transaction that will be used by the originating institution for the purposes of constructing a statement narrative on the payer’s account. Empty string if no data provided
+
+
+
payeeReference
+
string
+
mandatory
+
none
+
The reference for the transaction that will be provided by the originating institution. Empty string if no data provided
+
+
+
status
+
string
+
mandatory
+
none
+
Indicates whether the schedule is currently active. The value SKIP is equivalent to ACTIVE except that the customer has requested the next normal occurrence to be skipped.
Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object
[The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry]
The set of payment amounts and destination accounts for this payment accommodating multi-part payments. A single entry indicates a simple payment with one destination account. Must have at least one entry
Flag indicating whether the amount of the payment is calculated based on the context of the event. For instance a payment to reduce the balance of a credit card to zero. If absent then false is assumed
Present if toUType is set to payeeId. Indicates that the payment is to registered payee that can be accessed using the payee end point. If the Bank Payees scope has not been consented to then a payeeId should not be provided and the full payee details should be provided instead
Object containing details of the source of the payment. Currently only specifies an account ID but provided as an object to facilitate future extensibility and consistency with the to object
Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay
Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased
+
+
+
Enumerated Values
+
+
+
Property
+
Value
+
+
+
+
recurrenceUType
+
onceOff
+
+
+
recurrenceUType
+
intervalSchedule
+
+
+
recurrenceUType
+
lastWeekDay
+
+
+
recurrenceUType
+
eventBased
+
+
+
+
BankingScheduledPaymentRecurrenceOnceOff
+
+
+
{
+ "paymentDate":"string"
+}
+
+
+
Indicates that the payment is a once off payment on a specific future date. Mandatory if recurrenceUType is set to onceOff
The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value, If neither field is present the payments will continue indefinitely
+
+
+
nonBusinessDayTreatment
+
string
+
optional
+
none
+
Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. AFTER - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. BEFORE - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. ON - If a scheduled payment date is a non-business day the payment will be made on that day regardless. ONLY - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
An array of interval objects defining the payment schedule. Each entry in the array is additive, in that it adds payments to the overall payment schedule. If multiple intervals result in a payment on the same day then only one payment will be made. Must have at least one entry
An interval for the payment. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
Uses an interval to define the ordinal day within the interval defined by the interval field on which the payment occurs. If the resulting duration is 0 days in length or larger than the number of days in the interval then the payment will occur on the last day of the interval. A duration of 1 day indicates the first day of the interval. If absent the assumed value is P1D. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. The first day of a week is considered to be Monday.
Indicates that the schedule of payments is defined according to the last occurrence of a specific weekday in an interval. Mandatory if recurrenceUType is set to lastWeekDay
The limit date after which no more payments should be made using this schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
Indicates the number of payments remaining in the schedule. If both finalPaymentDate and paymentsRemaining are present then payments will stop according to the most constraining value. If neither field is present the payments will continue indefinitely
The interval for the payment. Formatted according to ISO 8601 Durations (excludes recurrence syntax) with components less than a day in length ignored. This duration defines the period between payments starting with nextPaymentDate
+
+
+
lastWeekDay
+
string
+
mandatory
+
none
+
The weekDay specified. The payment will occur on the last occurrence of this weekday in the interval.
+
+
+
nonBusinessDayTreatment
+
string
+
optional
+
none
+
Enumerated field giving the treatment where a scheduled payment date is not a business day. If absent assumed to be ON. AFTER - If a scheduled payment date is a non-business day the payment will be made on the first business day after the scheduled payment date. BEFORE - If a scheduled payment date is a non-business day the payment will be made on the first business day before the scheduled payment date. ON - If a scheduled payment date is a non-business day the payment will be made on that day regardless. ONLY - Payments only occur on business days. If a scheduled payment date is a non-business day the payment will be ignored
+
+
+
Enumerated Values
+
+
+
Property
+
Value
+
+
+
+
lastWeekDay
+
MON
+
+
+
lastWeekDay
+
TUE
+
+
+
lastWeekDay
+
WED
+
+
+
lastWeekDay
+
THU
+
+
+
lastWeekDay
+
FRI
+
+
+
lastWeekDay
+
SAT
+
+
+
lastWeekDay
+
SUN
+
+
+
nonBusinessDayTreatment
+
AFTER
+
+
+
nonBusinessDayTreatment
+
BEFORE
+
+
+
nonBusinessDayTreatment
+
ON
+
+
+
nonBusinessDayTreatment
+
ONLY
+
+
+
+
BankingScheduledPaymentRecurrenceEventBased
+
+
+
{
+ "description":"string"
+}
+
+
+
Indicates that the schedule of payments is defined according to an external event that cannot be predetermined. Mandatory if recurrenceUType is set to eventBased
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
description
+
string
+
mandatory
+
none
+
Description of the event and conditions that will result in the payment. Expected to be formatted for display to a customer
Enumeration with values. OK (implementation is fully functional). PARTIAL_FAILURE (one or more end points are unexpectedly unavailable). UNAVAILABLE (the full implementation is unexpectedly unavailable). SCHEDULED_OUTAGE (an advertised outage is in effect)
+
+
+
» explanation
+
string
+
conditional
+
none
+
Provides an explanation of the current outage that can be displayed to an end customer. Mandatory if the status property is any value other than OK
Flag that indicates, if present and set to true, that the outage is only partial meaning that only a subset of normally available end points will be affected by the outage
+
+
+
explanation
+
string
+
mandatory
+
none
+
Provides an explanation of the current outage that can be displayed to an end customer
The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+
+
+
firstName
+
string
+
optional
+
none
+
For people with single names this field need not be present. The single name should be in the lastName field
+
+
+
lastName
+
string
+
mandatory
+
none
+
For people with single names the single name should be in this field
+
+
+
middleNames
+
[string]
+
mandatory
+
none
+
Field is mandatory but array may be empty
+
+
+
prefix
+
string
+
optional
+
none
+
Also known as title or salutation. The prefix to the name (e.g. Mr, Mrs, Ms, Miss, Sir, etc)
Value is a valid ANZSCO Standard Occupation classification code. If the occupation code held by the data holder is not one of the supported ANZSCO versions, then it must not be supplied.
+
+
+
occupationCodeVersion
+
string
+
conditional
+
none
+
The applicable ANZSCO release version of the occupation code provided. Mandatory if an occupationCode is supplied. If occupationCode is supplied but occupationCodeVersion is absent, default is ANZSCO_1220.0_2013_V1.2
Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
The date and time that this record was last updated by the customer. If no update has occurred then this date should reflect the initial creation date for the data
+
+
+
agentFirstName
+
string
+
optional
+
none
+
The first name of the individual providing access on behalf of the organisation. For people with single names this field need not be present. The single name should be in the lastName field
+
+
+
agentLastName
+
string
+
mandatory
+
none
+
The last name of the individual providing access on behalf of the organisation. For people with single names the single name should be in this field
+
+
+
agentRole
+
string
+
mandatory
+
none
+
The role of the individual identified as the agent who is providing authorisation. Expected to be used for display. Default to Unspecified if the role is not known
+
+
+
businessName
+
string
+
mandatory
+
none
+
Name of the organisation
+
+
+
legalName
+
string
+
optional
+
none
+
Legal name, if different to the business name
+
+
+
shortName
+
string
+
optional
+
none
+
Short name used for communication, if different to the business name
+
+
+
abn
+
string
+
optional
+
none
+
Australian Business Number for the organisation
+
+
+
acn
+
string
+
optional
+
none
+
Australian Company Number for the organisation. Required only if an ACN is applicable for the organisation type
A valid ANZSIC code for the organisation. If the industry code held by the data holder is not one of the supported ANZSIC versions, then it must not be supplied.
+
+
+
industryCodeVersion
+
string
+
conditional
+
none
+
The applicable ANZSIC release version of the industry code provided. Should only be supplied if industryCode is also supplied. If industryCode is supplied but industryCodeVersion is absent, default is ANZSIC_1292.0_2006_V2.0
Must contain at least one address. One and only one address may have the purpose of REGISTERED. Zero or one, and no more than one, record may have the purpose of MAIL. If zero then the REGISTERED address is to be used for mail
Name of the individual or business formatted for inclusion in an address used for physical mail
+
+
+
addressLine1
+
string
+
mandatory
+
none
+
First line of the standard address object
+
+
+
addressLine2
+
string
+
optional
+
none
+
Second line of the standard address object
+
+
+
addressLine3
+
string
+
optional
+
none
+
Third line of the standard address object
+
+
+
postcode
+
string
+
conditional
+
none
+
Mandatory for Australian addresses
+
+
+
city
+
string
+
mandatory
+
none
+
Name of the city or locality
+
+
+
state
+
string
+
mandatory
+
none
+
Free text if the country is not Australia. If country is Australia then must be one of the values defined by the State Type Abbreviation in the PAF file format. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
Postal delivery number if the address is a postal delivery type
+
+
+
postalDeliveryNumberPrefix
+
string
+
optional
+
none
+
Postal delivery number prefix related to the postal delivery number
+
+
+
postalDeliveryNumberSuffix
+
string
+
optional
+
none
+
Postal delivery number suffix related to the postal delivery number
+
+
+
localityName
+
string
+
mandatory
+
none
+
Full name of locality
+
+
+
postcode
+
string
+
mandatory
+
none
+
Postcode for the locality
+
+
+
state
+
string
+
mandatory
+
none
+
State in which the address belongs. Valid enumeration defined by Australia Post PAF code file State Type Abbreviation. NSW, QLD, VIC, NT, WA, SA, TAS, ACT, AAT
Must be one of the following: 0001 – Account not able to be found
+
+
+
» title
+
string
+
mandatory
+
none
+
Must be one of the following: Invalid account
+
+
+
» detail
+
string
+
mandatory
+
none
+
ID of the account not found
+
+
+
» meta
+
object
+
optional
+
none
+
Optional additional data for specific error types
+
+
+
+
BankingProductCategory
+
+
+
"BUSINESS_LOANS"
+
+
+
The category to which a product or account belongs. See here for more details
+
Properties
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
anonymous
+
string
+
mandatory
+
none
+
The category to which a product or account belongs. See here for more details
+
+
+
Enumerated Values
+
+
+
Property
+
Value
+
+
+
+
anonymous
+
BUSINESS_LOANS
+
+
+
anonymous
+
CRED_AND_CHRG_CARDS
+
+
+
anonymous
+
LEASES
+
+
+
anonymous
+
MARGIN_LOANS
+
+
+
anonymous
+
OVERDRAFTS
+
+
+
anonymous
+
PERS_LOANS
+
+
+
anonymous
+
REGULATED_TRUST_ACCOUNTS
+
+
+
anonymous
+
RESIDENTIAL_MORTGAGES
+
+
+
anonymous
+
TERM_DEPOSITS
+
+
+
anonymous
+
TRADE_FINANCE
+
+
+
anonymous
+
TRAVEL_CARDS
+
+
+
anonymous
+
TRANS_AND_SAVINGS_ACCOUNTS
+
+
+
Product Categories
+
The Product Category enumeration lists the available product categories for categorising products and accounts. These are explained in the following tables:
+
+
Deposit Products
+
+
+
+
Enum
+
Description
+
+
+
+
REGULATED_TRUST_ACCOUNTS
+
This grouping of products includes accounts were funds are held in trust in regulated industries with complex rules embedded on how the products must operate. Industries that require this sort of product include real estate agents, solicitors and conveyancers.
+
+
+
TERM_DEPOSITS
+
This grouping of products includes all accounts where cash is deposited in the account for a set time period with restrictions on when funds can be withdrawn. Includes traditional Term Deposits and specialised deposits with either fixed terms or notice periods for withdrawal of funds.
+
+
+
TRANS_AND_SAVINGS_ACCOUNTS
+
This grouping of products includes all accounts where cash is deposited in the account and is accessible to the customer when they choose. These are given many names on the market including Cash Accounts, Saving Accounts, Transaction Accounts, Current Accounts, Cheque Accounts, Passbook Accounts, etc...
+
+
+
TRAVEL_CARDS
+
This grouping of products includes prepaid cards with multi-currency capabilities.
+
+
+
+
Lending Products
+
+
+
+
Enum
+
Description
+
+
+
+
BUSINESS_LOANS
+
This grouping of products incorporates all types of lending for business purpose that is not a trade finance facility, lease, overdraft, residential mortgage, credit card or margin lending. It includes traditional term loans, bank guarantees and commercial bills. This category would incorporate both secured and unsecured business purpose lending including all business purpose equipment finance that is not covered by a lease.
+
+
+
CRED_AND_CHRG_CARDS
+
This grouping of products includes all lending products that are issued for the purpose of allowing a flexible line of credit accessed through use of a card. These may be called various names including Credit Cards, Charge Cards and Store Cards.
+
+
+
LEASES
+
This grouping of products will include all types of leases including Financial Lease, Operating Lease, Sale and leaseback, etc...
+
+
+
MARGIN_LOANS
+
This grouping of products includes all types of margin loans which let you borrow money to invest in traded assets including shares & commodities or in managed funds.
+
+
+
OVERDRAFTS
+
This grouping of products includes all types of lending which allows for the loan amount to be withdrawn, repaid, and redrawn again in any manner and any number of times, until the arrangement expires. These loans may be secured or unsecured, and generally don’t have set / minimum repayment requirements.
+
+
+
PERS_LOANS
+
This grouping of products includes all lending for personal purposes that is not a residential mortgage, credit card or margin lending. These loans may be unsecured loans and term loans for purchase assets used as security such as motor vehicles. These may be called various names including Personal Loans and Car Loans.
+
+
+
RESIDENTIAL_MORTGAGES
+
This grouping of products includes all lending products that are available for the primary purpose of borrowing for the purpose of purchasing or renovating residential property, where a residential property will be used as security. This group will include both fixed, variable & secured overdraft types of product and may include both owner-occupied and investment purpose borrowing.
+
+
+
TRADE FINANCE
+
This grouping of products includes specialised lending products specifically designed to facilitate domestic & international trade. This includes the issuance of letters of credit, factoring, export credit.
+
+
+
Product & Account Components
+
+
Product Feature Types
+
+
Description of the usage of the featureType field as it applies to products.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
ADDITIONAL_CARDS
+
Additional cards can be requested
+
The maximum number of additional cards. If no maximum then should be set to null
+
+
+
BALANCE_TRANSFERS
+
Balance transfers can be made to the account (eg. for credit cards)
+
NA
+
+
+
BILL_PAYMENT
+
The product can be attached to an automatic budgeting and bill payment service
+
Optional name of the service
+
+
+
BONUS_REWARDS
+
Bonus loyalty rewards points are available
+
Number of points available
+
+
+
CARD_ACCESS
+
A card is available for the product to access funds
+
Text describing list of card types that this product can be linked to
+
+
+
COMPLEMENTARY_PRODUCT_DISCOUNTS
+
Indicates that complementary, discounted offerings (such as gift cards, or discounted travel) is available
+
Description of the complementary offering
+
+
+
DIGITAL_BANKING
+
Access is available to online banking features for the product
+
NA
+
+
+
DIGITAL_WALLET
+
A Digital wallet can be attached to the product
+
The name or brand of the wallet
+
+
+
DONATE_INTEREST
+
Indicates that interest generated from the product can be automatically donated to a charity or community group
+
NA
+
+
+
FREE_TXNS_ALLOWANCE
+
A set amount of transaction fee value that is discounted per month
+
The amount of transaction fee discounted (in AUD)
+
+
+
FREE_TXNS
+
A set number of free transactions available per month
+
The number of free transactions
+
+
+
INSURANCE
+
Insurance is provided as an additional feature of the product
+
Text description of the type of insurance (e.g. Travel Insurance)
A fee associated with making a purchase at a merchant
+
NA
+
+
+
TRANSACTION
+
A fee associated with any transaction (incorporates WITHDRAWAL, DEPOSIT, PAYMENT and PURCHASE)
+
NA
+
+
+
UPFRONT
+
A fee paid at the beginning of the product NA lifecycle, such as an establishment fee, loyalty program fee or application fee
+
NA
+
+
+
VARIABLE
+
An at-cost fee that is relevant to a customer's circumstances where the amount or rate may not be known until negotiated with the customer
+
NA
+
+
+
WITHDRAWAL
+
A fee associated with making a withdrawal
+
NA
+
+
+
+
+
Product Discount Types
+
+
Description of the usage of the discountType field as it applies to products.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
BALANCE
+
Discount on a fee for maintaining a set balance. As the discount applies to a fee the period is the same as for the fee
+
The minimum balance in AmountString format
+
+
+
DEPOSITS
+
Discount for depositing a certain amount of money in a period. As the discount applies to a fee the period is the same as for the fee
+
The minimum deposit amount in AmountString format
+
+
+
ELIGIBILITY_ONLY
+
Discount applies based on customer eligibility (eligibility array must be populated)
+
N/A
+
+
+
FEE_CAP
+
The amount, balanceRate, transactionRate, accruedRate or feeRate fields of the discount represent the maximum amount charged in a time period
+
The time period for which the fee cap applies. Formatted according to ISO 8601 Durations
+
+
+
PAYMENTS
+
Discount for outbound payments from the account under a certain amount of money in a period. As the discount applies to a fee the period is the same as for the fee
+
The payment threshold amount in AmountString format
+
+
+
+
+
Product Discount Eligibility Types
+
+
Description of the usage of the discountEligibilityType field as it applies to products.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
BUSINESS
+
A business or other non-person legal entity
+
NA
+
+
+
EMPLOYMENT_STATUS
+
An eligibility constraint based on employment status applies
+
A description of the status required
+
+
+
INTRODUCTORY
+
The discount is only available during an introductory period
+
The period of time for the introductory discount. Formatted according to ISO 8601 Durations
+
+
+
MAX_AGE
+
Only customers younger than a maximum age receive the discount
+
The maximum age in years
+
+
+
MIN_AGE
+
Only customers older than a minimum age receive the discount
+
The minimum age in years
+
+
+
MIN_INCOME
+
The customer must have an income greater than a specified threshold to obtain the discount
+
Minimum income in AmountString format
+
+
+
MIN_TURNOVER
+
Only a business with greater than a minimum turnover is eligible
+
Minimum turnover in AmountString format
+
+
+
NATURAL_PERSON
+
The customer must be a natural person rather than another legal entity
+
NA
+
+
+
PENSION_RECIPIENT
+
A recipient of a government pension may receive the discount
+
Optional. Should contain a description of which pensions qualify
+
+
+
RESIDENCY_STATUS
+
An eligibility constraint based on residency status applies
+
A description of the status required
+
+
+
STAFF
+
Only a staff member of the provider may receive the discount
+
NA
+
+
+
STUDENT
+
Only students may receive the discount
+
Optional. Should contain a description of who qualifies as a student, e.g. do apprentices qualify?
+
+
+
OTHER
+
Another eligibility criteria exists as described in the additionalInfo field (if this option is specified then the additionalInfo field is mandatory)
+
NA
+
+
+
+
+
Product Deposit Rate Types
+
+
Description of the usage of the depositRateType field as it applies to products.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
BONUS
+
A bonus rate available by meeting a specific criteria
+
A description of the criteria to obtain the bonus
+
+
+
BUNDLE_BONUS
+
A bonus rate obtained by originating a bundle instead of a standalone product
A floating rate is relatively fixed but still adjusts under specific circumstances
+
Details of the float parameters
+
+
+
INTRODUCTORY
+
An introductory discount that will expire after a set period
+
The period of time for the introductory rate. Formatted according to ISO 8601 Durations
+
+
+
MARKET_LINKED
+
A rate that is linked to a specific market, commodity or asset class
+
Details of the market linkage
+
+
+
PENALTY
+
A specific penalty rate that may be applied. A penalty rate increases the interest payable
+
Description of the penalty rate that is applicable
+
+
+
PURCHASE
+
Specific rate applied to purchases from the account
+
NA
+
+
+
VARIABLE
+
A variable base rate for the product
+
NA
+
+
+
+
+
Banking Term Deposit Account Types
+
+
Description of the usage of the maturityInstructions field as it applies to accounts.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
HOLD_ON_MATURITY
+
Funds are held in a facility or similar mechanism managed by the data holder for a period of time until the customer provides instructions or the maximum period of the hold has elapsed. Funds may be renewed or withdrawn upon instructions by the customer
+
NA
+
+
+
+
+
Banking CRN Types
+
+
Description of the usage of the crn types.
+
+
+
+
Value
+
Description
+
Use of additionalValue Field
+
+
+
+
FIXED_CRN
+
A unique reference number such as a credit card or a fixed reference number identifying a customer's account that does not change with each bill
+
NA
+
+
+
VARIABLE_CRN
+
Biller generated reference number provided to the customer that is unique to each bill
+
NA
+
+
+
INTELLIGENT_CRN
+
Biller generated reference number provided to the customer that is unique to each bill which fixes the amount of the bill being paid, expiry date or both
+
NA
+
+
+
Admin APIs
+
This provides an overview of CDS Administration Endpoints. Please note this API is intended for Data Holders/ Recipients only.
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
This end point allows the ACCC to obtain operational statistics from the Data Holder on the operation of their CDR compliant implementation. The statistics obtainable from this end point are determined by the non-functional requirements for the CDR regime.
+
+
NOTE: This version must be implemented by July 31st 2021
The period of metrics to be requested. Values can be CURRENT (meaning metrics for current day), HISTORIC (meaning metrics for previous days or months) or ALL. If absent the default is ALL.
+
+
+
x-v
+
header
+
string
+
mandatory
+
Version of the API end point requested by the client. Must be set to a positive integer. The data holder should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable. See HTTP Headers
+
+
+
x-min-v
+
header
+
string
+
optional
+
Minimum version of the API end point requested by the client. Must be set to a positive integer if provided. The data holder should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the data holder should respond with a 406 Not Acceptable.
The action to take for the meta data. At the moment the only option is REFRESH which requires the data holder to call the ACCC to refresh meta data as soon as practicable
Percentage availability of the CDR platform over time
+
+
Properties
+
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentMonth
+
number
+
conditional
+
none
+
Percentage availability of the CDR platform so far for the current calendar month. 0.0 means 0%. 1.0 means 100%.
+
+
+
previousMonths
+
[number]
+
conditional
+
none
+
Percentage availability of the CDR platform for previous calendar months. The first element indicates the last month and so on. A maximum of twelve entries is required if available. 0.0 means 0%. 1.0 means 100%.
Percentage of calls within the performance thresholds
+
+
Properties
+
+
+
+
Name
+
Type
+
Required
+
Restrictions
+
Description
+
+
+
+
currentDay
+
number
+
conditional
+
none
+
Percentage of calls within the performance threshold for the current day. 0.0 means 0%. 1.0 means 100%
+
+
+
previousDays
+
[number]
+
conditional
+
none
+
Percentage of calls within the performance threshold for previous days. The first element indicates yesterday and so on. A maximum of seven entries is required if available. 0.0 means 0%. 1.0 means 100%
The following authorisation scopes have been defined for the standards. Each API end point will specify which scopes are required to access the data available via that end point.
+
+
+
+
Scope Name
+
Scope ID
+
Description
+
+
+
+
Basic Bank Account Data
+
bank:accounts.basic:read
+
This scope would allow for the third party to access basic information of the customer’s accounts.
Includes simple account information including balance. Does not include account identifiers, product information or transaction data.
+
+
+
Detailed Bank Account Data
+
bank:accounts.detail:read
+
This scope would allow for the third party to access detailed information of the customer’s accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Bank Account Data scope is also authorised.
Includes basic account information plus account identifiers and product information. Does not include transaction data.
+
+
+
Bank Transaction Data
+
bank:transactions:read
+
This scope would allow the third party to access transaction data for accounts. This scope is effectively additional authorisation to the Basic Bank Account Data scope. Granting this authorisation only makes sense if the Basic Bank Account Data scope is also authorised.
Includes all account transaction data.
+
+
+
Bank Payee Data
+
bank:payees:read
+
This scope allows access to payee information stored by the customer.
Includes payee information such as billers, international beneficiaries and domestic payees.
+
+
+
Bank Regular Payments
+
bank:regular_payments:read
+
The scope would allow the third party to access regular payments. Includes Direct Debits and Scheduled Payments.
+
+
+
Basic Customer Data
+
common:customer.basic:read
+
The scope would allow the third party to access personally identifiable information about the customer. For retail customers this would be information about the customer themselves. For business customers it would imply the name of specific user but also information about the business.
Includes name and occupation for individuals or name, business numbers and industry code for organisations
+
+
+
Detailed Customer Data
+
common:customer.detail:read
+
The scope would allow the third party to access more detailed information about the customer. Includes the data available with the Basic Customer Data scope plus contact details.
Includes basic data plus phone, email and address information.
+
+
+
Public
+
NA
+
Openly accessible information. A customer would never need to grant this scope. This scope is included so that end points that can be called without requiring authorisation can be identified.
Includes access to openly available information such as generic product information.
+
+
+
Non-functional Requirements
+
+
+
The non-functional requirements (NFRs) for the Consumer Data Right regime cover a number of considerations:
+
+
+
Minimum performance and availability expectations for data holders. Included to ensure a reliable and performant service is offered to data recipients and customers.
+
Maximum traffic expectations for data holders. Included to ensure there is a ceiling for the amount of traffic that a data holder is expected to service.
+
Requirements for reporting of performance. Included to provide transparency of performance without the need for time consuming auditing or inspection.
+
Requirements for data latency and quality. Included to give a clear indication to the depth and recency of the data available under the regime.
+
Limitations on the number of calls that a data recipient can make to a single provider. Included to protect data holders from poorly designed or overly transactional data recipient implementations.
+
+
Definitions
+
In the following definition of NFRs specific terms have the following meanings:
+
+
+
Data Recipient: For the purposes of these NFRs a data recipient is defined as a configured application presented in the register meta data. This acknowledges that a single accredited entity may be able to register multiple independent services (or apps) that can obtain authorisations from consumers independently of each other.
+
Session: A session is defined as the life span of a unique Access Token. Multiple API requests made with a single, valid, Access Token would be considered part of a single Session.
+
Customer Present: Authenticated API requests made in direct response to interactions by the end customer using the digital services of the data recipient will be considered “Customer Present”. Technically a data holder will define an API request as “Customer Present” if, and only if, the x-fapi-customer-ip-address header is populated with a valid IP address of the end customer’s device.
+
Customer Not Present: Authenticated API requests that are not deemed to be “Customer Present”
+
Unattended: A synonym of “Customer Not Present”
+
Authenticated: API requests to API end points that the standards require to be protected by security mechanisms that enforce explicit customer authorisation
+
Unauthenticated: API requests to API end points that the standards deem to be publically available. This implies that these end points may be accessed by any client without the client performing any authentication or authorisation actions
+
High Traffic Period: Any time in the 18 hour period between 6am and 12am (midnight) is considered to be a high traffic period
+
Low Traffic Period: Any time of the day not considered to be included in a high traffic period.
+
Large Payload: An API which is capable of returning a large data response that would reasonably impose higher data retrieval times on the resource server. Typically bulk request end points.
+
+
Session Requirements
+
A expiry time of a unique session should be set according to the statements included in the Security Profile.
+
+
After a unique session is expired it is expected that the data recipient, for the same customer, may establish a new session as long as the authorisation is still valid.
+
Availability Requirements
+
Service availability requirement for data holders:
+99.5% per month
+
+
The definition of a period of unavailability is any period of time when any of the API end points defined in the standard is unable to reliably provide a successful response to an appropriately constructed request.
+
+
The availability requirement applies to both authenticated and unauthenticated end points.
+
+
The availability requirement does not include planned outages. Planned outages should be:
+
+
+
Commensurate in length and frequency to other primary digital channels offered by the data holder,
+
Published to data recipients with at least one week lead time for normal outages,
+
May occur without notification if the change is to resolve a critical service or security issue.
+
+
Performance Requirements
+
API end point performance will be measured in response time of individual API requests from receipt of request to delivery of response.
+
+
It is understood that different response times can be measured depending on which technical layer of an API implementation stack is instrumented and that not all of the technical layers between the data recipient and the data holder will be in the control of the data holder. As this is implementation specific it is expected that the data holder will ensure that the measurement of response time occurs as close to the data recipient as practicable.
+
+
In light of these considerations, the performance requirement for data holders is:
+
+
95% of calls per hour responded to within a nominated threshold
+
+
The nominated threshold for each end point will be according to the following table:
+
+
+
+
Tier
+
Response Time
+
Applies To…
+
+
+
+
Unauthenticated
+
1500ms
+
All Unauthenticated end points not otherwise specified in a separate threshold.
+
+
+
High Priority
+
1000ms
+
All calls to the following end points:
All InfoSec end points including Dynamic Client Registration
CDR Arrangement Revocation
The following Unauthenticated end points:
Get Status
Get Outages
Customer Present calls to the following end points:
Get Accounts
Get Customer
Get Customer Detail
+
+
+
Low Priority
+
1500ms
+
Customer Present calls to the following end points:
Get Account Detail
Get Account Balance
Get Bulk Balances
Get Balances For Specific Accounts
Get Transactions For Account
Get Transaction Detail
Get Payees
Get Payee Detail
Get Direct Debits For Account
Get Scheduled Payments For Account
Get Scheduled Payments Bulk
Get Scheduled Payments For Specific Accounts
+
+
+
Unattended
+
4000ms
+
Unattended calls to the following end points that are not Large Payload end points:
High Priority Authenticated end points
Low Priority Authenticated end points
All Admin end points.
+
+
+
Large Payload
+
6000ms
+
Any Unattended calls to the following end points:
Get Bulk Direct Debits
Get Direct Debits For Specific Accounts
+
+
+
+
Note that calls initiated in excess of a traffic threshold (see next section) may be excluded from the performance requirement.
+
Traffic Thresholds
+
Calls in excess of the following traffic thresholds will be able to be freely throttled or rejected by a data holder without impact to their performance or availability requirements.
+
+
Traffic thresholds will be set using the following metrics:
+
+
+
Number of sessions per day – the number of individual sessions initiated in a calendar day.
+
Transactions Per Second (TPS) – the number of concurrent transactions each second.
+
Number of calls – the number of end point calls initiated for a specified duration.
+
+
+
For Customer Present and authorisation traffic the following traffic thresholds will apply:
+
+
+
Unlimited sessions per day
+
10 TPS per customer
+
50 TPS per data recipient
+
+
+
For Unattended traffic the following traffic thresholds will apply for low traffic periods:
+
+
+
20 sessions per day, per customer, per data recipient
+
100 total calls per session
+
5TPS per session
+
50 TPS per data recipient
+
+
+
For Unattended traffic during high traffic periods only best effort support is required.
+
+
For secure traffic (both Customer Present and Unattended) the following traffic thresholds will apply:
+
+
+
300 TPS total across all consumers
+
+
+
For Public traffic (i.e. traffic to unauthenticated end points) the following traffic thresholds will apply:
+
+
+
300 TPS total across all consumers (additive to secure traffic)
+
+
Data Recipient Requirements
+
Data recipients will be limited by the traffic thresholds documented in the previous section. In addition to this data recipients are expected to design their services according to the following principles:
+
+
+
Services should be designed to minimise traffic with data holders
+
Services should be designed to be resilient in the case of the rejection of a call by a data holder due to traffic threshold breaches
+
Services should schedule unattended calls to avoid high traffic periods
+
Unattended calls should be managed to avoid short term bursts of traffic
Availability for each of the previous twelve months
+
Percentage of calls within performance threshold for current day
+
Percentage of calls within performance threshold for each of the previous seven days
+
Number of calls within each performance tier for current day
+
Number of calls within each performance tier for each of the previous seven days
+
Average response time within each performance tier for current day
+
Average response time within each performance tier for each of the previous seven days
+
Number of sessions for current day
+
Number of sessions for each of the previous seven days
+
Peak total TPS for current day
+
Peak total TPS for each of the previous seven days
+
Average TPS for current day
+
Average TPS for each of the previous seven days
+
Number of calls resulting in error due to server execution for current day
+
Number of calls resulting in error due to server execution for each of the previous seven days
+
Number of calls rejected due to traffic thresholds for current day
+
Number of calls rejected due to traffic thresholds for each of the previous seven days
+
Number of customers with active authorisations
+
Number of data recipients with active authorisations
+
+
Data Latency
+
Within this proposal there is no specific requirement with regard to data latency (ie. how up to date data should be). Instead, the requirement for data latency is that data presented via API end points should be commensurate to data presented via other primary digital channels.
+
+
For example, for a Bank that provides a mobile application as their primary digital experience, a balance presented via one of the balance end points should be the same as the balance presented through the mobile application.
+
Data Quality
+
Data holders are required to take reasonable steps to ensure that CDR data, having regard to the purpose for which it is held, is accurate and up to date.
+
+
A data holder is required to be able to demonstrate that reasonable steps to maintain data quality are being undertaken.
+
Exemptions To Protect Service
+
In the event of the following extreme circumstances data holders will be able to obtain relief from non-functional requirements:
+
+
+
Periods of time when the digital channels for the data holder are the target for a distributed denial of service or equivalent form of attack (this should result in http error 429 Too Many Requests being returned).
+
A significant increase in traffic from a poorly designed or misbehaving data recipient (this should result in http error 429 Too Many Requests being returned).
+
If the data holder identifies a situation where there is the potential for physical or financial harm or abuse (this should result in http error 403 Forbidden being returned).
+
+
Known Issues
+
This version of the standards currently has no known issues
+
Change Log
+
The following table lists the changes made to these standards in reverse date order (most recent change is at the top).
Changes arising from iteration 1 of the banking maintenance cadence. See release notes for detail
+
+
+
12/11/2019
+
1.0.1
+
Patch update
+
Minor defect changes and clarifications. See release notes for detail
+
+
+
30/9/2019
+
1.0.0
+
Baseline version 1
+
This release is the baseline release for the standards that are intended for implementation February 2020 and contains minor updates as well as changes to align to the locked down CDR Rules and the updated CDR Register design
+
+
+
4/9/2019
+
0.9.6
+
Defect fix release
+
This release addresses a series of documentation issues and other clarifications as identified via GitHub feedback
+
+
+
15/7/2019
+
0.9.5
+
Incorporated May 2019 Feedback
+
This version incorporates the decisions arising from the consultation feedback obtained on the May 2019 draft of the standards (v0.9.3)
+
+
+
27/6/2019
+
0.9.4
+
Documentation and error fixes from May draft
+
Added missing versioning headers x-v/ x-min-v
Removed Banking API's tag
Fixed nonBusinessDayTreatment enum default is an array
Removal of empty x-scope in product reference
BankingScheduledPaymentRecurrence removed required intervals field
Added Swagger Contact object
BankingScheduledPaymentRecurrence removed required intervals field
Minor updates to static documentation typos/ broken links
Added cross links to additionalValue descriptions for Product Reference enums
Minor updates to product reference samples
+
+
+
29/5/2019
+
0.9.3
+
Final updates for May Draft
+
Addition of Discoverability, InfoSec Profile and minor corrections
+
+
+
28/5/2019
+
0.9.2
+
Admin End Points
+
Added separate swagger/yaml as well as documentation for admin end points
+
+
+
28/5/2019
+
0.9.1
+
Modified BankingProductRateTier.maximumValue to optional
Modifications according to responses in technical feedback section documented in published feedback summary
organisationType for Organisation model is now required due to addition of OTHER value
+
+
+
19/12/2018
+
0.1.0
+
Masking rules
+
Added specificity to the masking guidance for the masked string primitives
+
+
+
18/12/2018
+
0.1.0
+
Updated swagger files
+
Swagger files were updated to address feedback. Documentation has not been changed to reflect these changes unless stated. Changes are as follows:
Extracted common query parameters
Extracted enums with repeated use
Used schema composition to facilitate model inheritance
Removed erroneous default values
Corrected for JSON syntax errors
Standardised Operation IDs and Model names
Change $type fields to PType (also fixed in doco)
+
+
+
18/12/2018
+
0.1.0
+
Addition of change log
+
This change log was added to the standards documentation
+
+
+
Archives
+
The following table lists archived versions of the Consumer Data Standards. These are older versions of the standards that are available for reference only. They are not considered binding.
+ 
+ 
+ 
+