Contents
1 Overview.. 2
2 Endpoints. 2
2.1 POST/event-notifications. 2
2.2 Transport Level Security. 2
3 Data Model 2
3.1 Event Notification - Request 2
3.2 OBEventSubject 4
3.3 OBEventResourceUpdate. 5
3.4 OBEventConsentAuthorizationRevoked. 7
3.5 OBEventAccountAccessConsentLinkedAccountUpdate. 8
3.6 Event Notification Retry Policy. 9
4 Usage Examples. 10
4.1 Send Event Notification - Resource Update. 10
4.2 Send Event Notification - AIS Consent Authorisation Revoked. 11
4.3 Send Event Notification - AIS Consent Authorisation Revoked. 12
1 Overview
The Event Notification resource is used by a ASPSP to notify a TPP of an event.
...
An ASPSP will send event notifications to a TPP using the event-notification resource.
Resource | HTTP Operation | Endpoint | Mandatory ? | Scope | Grant Type | Message Signing | Idempotency Key | Request Object | Response Object |
event- notification | POST | POST / event- notifications | Optional | n/a | n/a | No | No | OBEventNotification |
Notes:
· A TPP must make available an event notification endpoint to receive event notifications.
...
MA-TLS is not applicable to TPP hosted endpoints.
3 Data Model
...
3.1 Event Notification - Request
...
3.1.1 UML Diagram
...
3.1.2 Notes
The rid, rty and rlk claims are prefixed with the OB namespace http://openbanking.org.bh in the data model. The namespace has been removed from the diagram for clarity.
3.1.3 Data Dictionary
Name | XPath | Class | Pattern |
OBEventNotification |
| OBEventNotification |
|
iss | OBEventNotification/iss | String |
|
iat | OBEventNotification/iat | Number |
|
jti | OBEventNotification/jti | String |
|
aud | OBEventNotification/aud | String |
|
sub | OBEventNotification/sub | String : URI |
|
txn | OBEventNotification/txn | String |
|
toe | OBEventNotification/toe | Number |
|
events | OBEventNotification/events | OBEvent |
|
urn:bh:org:cbb_openbanking:events:resource-update | OBEventNotification/events/ urn:bh:org:cbb_openbanking:events:resource-update | OBEventResourceUpdate |
|
urn:bh:org:cbb_openbanking:events:account-access-consent-linked-account-update | OBEventNotification/events/ urn:bh:org:cbb_openbanking:events:account-access-consent-linked-account-update | OBEventAccountAccessConsentLinkedAccountUpdate |
|
urn:bh:org:cbb_openbanking:events:consent-authorization-revoked | OBEventNotification/events/ urn:bh:org:cbb_openbanking:events:consent-authorization-revoked | OBEventConsentAuthorizationRevoked |
|
3.2 OBEventSubject
This section describes the OBEventSubject class which is used in the OBEventResourceUpdate, OBEventConsentAuthorizationRevoked and OBEventAccountAccessConsentLinkedAccountUpdateclasses.
3.2.1 UML Diagram
...
3.2.2 Notes
The rid, rty and rlk claims are prefixed with the OB namespace http://openbanking.org.bh in the data model. The namespace has been removed from the diagram for clarity.
The array of resource links (http://openbanking.org.bh/rlk) must contain links to all supported versions of the resource.
...
3.2.3 Data Dictionary
Name | Occurrence | XPath | Enhanced Definition | Class | Codes | Pattern |
OBEventSubject |
|
|
| OBEventSubject |
|
|
subject_type | 1..1 | OBEventSubject/subject_type | Subject type for the updated resource. | String |
| |
1..1 | OBEventSubject/http://openbanking.org.bh/rid | Resource Id for the updated resource. | String |
|
| |
1..1 | OBEventSubject/http://openbanking.org.bh/rty | Resource Type for the updated resource. | String |
|
| |
1..n | OBEventSubject/http://openbanking.org.bh/rlk | Resource links to other available versions of the resource. | OBEventSubject/http://openbanking.org.bh/rlk |
|
| |
version | 1..1 | OBEventSubject/http://openbanking.org.bh/rlk/version | Resource version. | String |
|
|
link | 1..1 | OBEventSubject/http://openbanking.org.bh/rlk/link | Resource link. | String |
|
|
3.3 OBEventResourceUpdate
This section describes the OBEventResourceUpdate class which is used in the OBEventNotification resource.
3.3.1 UML Diagram
...
3.3.2 Notes
The rid, rty and rlk claims are prefixed with the OB namespace http://openbanking.org.bh in the data model. The namespace has been removed from the diagram for clarity.
The array of resource links (http://openbanking.org.bh/rlk) must contain links to all supported versions of the resource.
3.3.3 Data Dictionary
Name | Occurrence | XPath | Enhanced Definition | Class | Codes | Pattern |
urn:bh:org:cbb_openbanking:events:resource-update |
|
| An event that indicates a resource has been updated. | OBEventResourceUpdate |
|
|
subject | 1..1 | urn:bh:org:cbb_openbanking:events:resource-update /subject | The subject of the event. | OBEventSubject |
|
|
3.4 OBEventConsentAuthorizationRevoked
This This section describes the OBEventConsentAuthorizationRevoked class which is used in the OBEventNotification resource
3.4.1 UML Diagram
...
3.4.2 Notes
For the OBEventConsentAuthorizationRevoked object:
...
3.4.3 Data Dictionary
Name | Occurrence | XPath | Enhanced Definition | Class | Codes | Pattern |
|
urn:bh:org:cbb_openbanking:events:consent-authorization-revoked |
|
| An event that indicates a consent resource has had its authorisation revoked. | OBEventConsentAuthorizationRevoked |
|
|
|
reason | 0..1 | urn:bh:org:cbb_openbanking:events:consent-authorization-revoked/reason | Reason for the Consent Authorization Revoked event. | String |
|
|
|
subject | 0..1 | urn:uk:org:openbanking:events:consent-authorization-revoked/subject | The subject of the event. | OBEventSubject |
|
|
|
3.5 OBEventAccountAccessConsentLinkedAccountUpdate
...
3.5.1 UML Diagram
...
3.5.2 Notes
For the OBEventAccountAccessConsentLinkedAccountUpdate object:
...
3.5.3 Data Dictionary
...
Name | Occurrence | XPath | Enhanced Definition | Class | Codes | Pattern |
urn:bh:org:cbb_openbanking:events:account-access-consent-linked-account-update |
|
| An event that indicates an account linked to a consent has move in/out of scope of the consent. | OBEventAccountAccessConsentLinkedAccountUpdate |
|
|
reason | 0..1 | urn:bh:org:cbb_openbanking:events:account-access-consent-linked-account-update/reason | Reason for the Account Access Consent Linked Account Update event. | String |
|
|
subject | 1..1 | urn:bh:org:cbb_openbanking:events:account-access-consent-linked-account-update/subject | The subject of the event. | OBEventSubject |
|
|
...
|
|
3.6 Event Notification Retry Policy
3.6.1 ASPSP
An ASPSP's Event Notification Retry Policy defines behaviour when an event notification is unacknowledged or the ASPSP receives a 5xx error.
...
A TPP may make GET requests for its resources if its /event-notifications endpoint was unavailable for the Maximum Time Interval for Retries, as defined in an ASPSP's Event Notification Retry Policy.
4 Usage Examples
4.1 Send Event Notification - Resource Update
...
4.1.1 POST Event Notification Request
|
...
Decoded JWT Body - Event Notification Payload
| Code Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| -210b43d02306",
"toe": 1516239022
}
|---|
|
4.1.2 POST Event Notification Response
...
|
|
|
|
|
|
...
4.2 Send Event Notification - AIS Consent Authorisation Revoked
In case of Account Information Access/Authorization revocation, the state of the Consent resource is not updated. This triggers only one event for the underlying consent resource:·
consent-authorization-revoked
4.2.1 POST Event Notification Request
...
|
|
|
|
|
Content-Type: application/jwt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2V4YW1wbGViYW5rLmNvbS8iLCJpYXQiOjE1MTYyMzkwMjIsImp0aSI6ImI0NjBhMDdjLTQ5NjItNDNkMS04NWVlLTlkYzEwZmJiOGY2YyIsInN1YiI6Imh0dHBzOi8vZXhhbXBsZWJhbmsuY29tL2FwaS9vcGVuLWJhbmtpbmcvdjMuMS9jYnBpaS9mdW5kcy1jb25maXJtYXRpb24tY29uc2VudHMvODgzNzkiLCJhdWQiOiI3dW14NW5UUjMzODExUXlRZmkiLCJldmVudHMiOnsidXJuOnVrOm9yZzpvcGVuYmFua2luZzpldmVudHM6cmVzb3VyY2UtdXBkYXRlIjp7InN1YmplY3QiOnsic3ViamVjdF90eXBlIjoiaHR0cDovL29wZW5iYW5raW5nLm9yZy51ay9yaWRfaHR0cDovL29wZW5iYW5raW5nLm9yZy51ay9ydHkiLCJodHRwOi8vb3BlbmJhbmtpbmcub3JnLnVrL3JpZCI6Ijg4Mzc5IiwiaHR0cDovL29wZW5iYW5raW5nLm9yZy51ay9ydHkiOiJmdW5kcy1jb25maXJtYXRpb24tY29uc2VudHMiLCJodHRwOi8vb3BlbmJhbmtpbmcub3JnLnVrL3JsayI6W3sidmVyc2lvbiI6InYzLjEiLCJsaW5rIjoiaHR0cHM6Ly9leGFtcGxlYmFuay5jb20vYXBpL29wZW4tYmFua2luZy92My4xL2NicGlpL2Z1bmRzLWNvbmZpcm1hdGlvbi1jb25zZW50cy84ODM3OSJ9XX19LCJ1cm46dWs6b3JnOm9wZW5iYW5raW5nOmV2ZW50czpjb25zZW50LWF1dGhvcml6YXRpb24tcmV2b2tlZCI6e319LCJ0eG4iOiJkZmM1MTYyOC0zNDc5LTRiODEtYWQ2MC0yMTBiNDNkMDIzMDYiLCJ0b2UiOjE1MTYyMzkwMjJ9.jKq6U1jKvoEF5mFAgtlJxtzaTZ2VJFsm8NoXoLOFDPc
...
|
Decoded JWT Body - Event Notification Payload
| Code Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|---|
4.2.2 POST Event Notification Response
...
|
|
|
|
|
...
4.3 Send Event Notification - AIS Consent Authorisation Revoked
...
4.3.1 POST Event Notification Request
...
|
|
|
|
|
Content-Type: application/jwt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2V4YW1wbGViYW5rLmNvbS8iLCJpYXQiOjE1MTYyMzkwMjIsImp0aSI6ImI0NjBhMDdjLTQ5NjItNDNkMS04NWVlLTlkYzEwZmJiOGY2YyIsInN1YiI6Imh0dHBzOi8vZXhhbXBsZWJhbmsuY29tL2FwaS9vcGVuLWJhbmtpbmcvdjMuMS9haXNwL2FjY291bnQtYWNjZXNzLWNvbnNlbnRzL2FhYy0xMjM0LTAwNyIsImF1ZCI6Ijd1bXg1blRSMzM4MTFReVFmaSIsImV2ZW50cyI6eyJ1cm46dWs6b3JnOm9wZW5iYW5raW5nOmV2ZW50czpjb25zZW50LWF1dGhvcml6YXRpb24tcmV2b2tlZCI6eyJzdWJqZWN0Ijp7InN1YmplY3RfdHlwZSI6Imh0dHA6Ly9vcGVuYmFua2luZy5vcmcudWsvcmlkX2h0dHA6Ly9vcGVuYmFua2luZy5vcmcudWsvcnR5IiwiaHR0cDovL29wZW5iYW5raW5nLm9yZy51ay9yaWQiOiJhYWMtMTIzNC0wMDciLCJodHRwOi8vb3BlbmJhbmtpbmcub3JnLnVrL3J0eSI6ImFjY291bnQtYWNjZXNzLWNvbnNlbnRzIiwiaHR0cDovL29wZW5iYW5raW5nLm9yZy51ay9ybGsiOlt7InZlcnNpb24iOiJ2My4xIiwibGluayI6Imh0dHBzOi8vZXhhbXBsZWJhbmsuY29tL2FwaS9vcGVuLWJhbmtpbmcvdjMuMS9haXNwL2FjY291bnQtYWNjZXNzLWNvbnNlbnRzL2FhYy0xMjM0LTAwNyJ9XX19fSwidHhuIjoiZGZjNTE2MjgtMzQ3OS00YjgxLWFkNjAtMjEwYjQzZDAyMzA2IiwidG9lIjoxNTE2MjM5MDIyfQ.aBWXTb4_zNxY5u4TuyuAYCtHMFXntJeSnNBw6jFySF8
...
|
Decoded JWT Body - Event Notification Payload
...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
...
4.3.2 POST Event Notification Response
...
|
|
|
|
|
...