Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

1. Overview

The File Payment Consent resource is used by a PISP to register an intent to initiate a File Payment.

This resource description should be read in conjunction with a compatible Payment Initiation API Profile.

2. Endpoints

Endpoints for the resources are defined below

S. No.

Resource

HTTP Operation

Endpoint

Mandatory

Scope

Grant Type

Message Signing

Idempotency Key

Request Object

Response Object

2.1

file-payment-consents

POST

POST /file-payment-consents

Conditional

payments

Client Credentials

Signed Request Signed Response

Yes

OBWriteFileConsent

OBWriteFileConsentResponse

2.2

file-payment-consents

POST

POST /file-payment-consents/{ConsentId}/file

Conditional

payments

Client Credentials

Signed Request Signed Response

Yes

File

NA

2.3

file-payment-consents

GET

GET /file-payment-consents/{ConsentId}

Mandatory (if resource POST implemented)

payments

Client Credentials

Signed Response

No

NA

OBWriteFileConsentResponse

2.4

file-payment-consents

GET

GET /file-payment-consents/{ConsentId}/file

Conditional

payments

Client Credentials

Signed Response

No

NA

File

 

2.1  POST/file-payment-consents

The API endpoint allows the PISP to ask an ASPSP to create a new file-payment-consents resource.

  • The POST action indicates to the ASPSP that a file payment consents has been staged. At this point, the user/customer may not have been identified by the ASPSP and the request payload may not contain any information of the account(s) that should be debited

  • The endpoint allows the PISP to send metadata of the consent (between user/customer and PISP) to the ASPSP

  • The metadata of the consent must include the FileContextFormat of the request

  • The metadata of the consent must include the FileHash, which is a base64 encoding of a SHA256 hash of the file to be uploaded

  • The ASPSP creates the file-payment-consents resource and responds with a unique ConsentId to refer to the resource

2.1.1 Status

The default Status is "AwaitingUpload" immediately after the file-payment-consents has been created.

Status

AwaitingUpload

 2.2  POST/file-payment-consents/{ConsentId}/file

The API endpoint allows the PISP to upload a file to an ASPSP, against a file-payment-consents resource.

  • The endpoint allows the PISP to send a copy of the consent (between user/customer and PISP) to the ASPSP for the user/customer to authorise. The PISP must upload the file against the ConsentId before redirecting the user/customer to authorise the consent

  • The file structure must match the FileContextFormat in the file-payment-consents request

  • An ASPSP must confirm the hash of the file matches with the FileHash provided in the file-payment-consents Metadata

  • The metadata for the file-payment-consents must match the contents of the uploaded file:

o    If the content of the metadata does not match the content of the file, the ASPSP must reject the file-payment-consent

  • The file is sent in the HTTP request body

  • HTTP headers (e.g. Content-Type) are used to describe the file

2.2.1  Status

The default Status is "AwaitingAuthorisation" immediately after the file has been uploaded.

Status

AwaitingAuthorisation

 

2.3  GET/file-payment-consents/{ConsentId}

 A PISP can optionally retrieve a payment consents resource that they have created to check its status.

2.3.1 Status

Once the user/customer authorises the payment-consents resource, the Status of the payment-consents resource will be updated with "Authorised".

If the user/customer rejects the consent or the file-payment-consents has failed some other ASPSP validation, the Status will be set to "Rejected".

Once a file-payments has been successfully created using the file-payment-consent, the Status of the file-payment-consents will be set to "Consumed".

The available Status codes for the file-payment-consents resource are:

Status

AwaitingUpload

AwaitingAuthorisation

Rejected

Authorised

Consumed

2.4  GET/file-payment-consents/{ConsentId}/file

The API endpoint allows the PISP to download a file (that had been uploaded against a file-payment-consents resource) from an ASPSP.

  • The file is sent in the HTTP response body

  • HTTP headers (e.g. Content-Type) are used to describe the file

2.5  State Model

2.5.1 Payment Order Consent

The state model for the file-payment-consents resource follows the generic consent state model

The definitions for the Status:

 S.No.

Status

Status Definition

1

AwaitingUpload

The file for the consent resource is awaiting upload

2

AwaitingAuthorisation

The consent resource is awaiting user/customer authorisation

3

Rejected

The consent resource has been rejected

4

Authorised

The consent resource has been successfully authorised

5

Consumed

The consented action has been successfully completed. This does not reflect the status of the consented action

3. Data Model

The Data Dictionary section gives the detail on the payload content for the File Payment API flows.

3.1 OBFileInitiation (Reused Classes)

This section describes the OBFileInitiation class, which is reused as the Initiation object in the file-payment-consents resource.

3.1.1  UML Diagram

 

3.1.2  Notes

For the OBFile Initiation object:

  • All elements in the Initiation payload that are specified by the PISP must not be changed via the ASPSP, as this is part of formal consent from the user/customer

  • If the ASPSP is able to establish a problem with payload or any contextual error during the API call, the ASPSP must reject the file-payment-consents request immediately

  • If the ASPSP establishes a problem with the file-payment-consents after the API call, the ASPSP must set the Status of the file-payment-consents resource to Rejected

  • The DebtorAccount is optional, as the PISP may not know the account identification details for the user/customer

  • If the DebtorAccount is specified by the PISP and is invalid for the user/customer - then the file-payment-consents will be set to Rejected after user/customer authentication

  • An ASPSP may choose which fields must be populated to process a specified FileContextFormat, and may reject the request if the fields are not populated. These ASPSP specific requirements must be documented

  • An ASPSP may choose which fields must not be populated to process a specified FileContextFormat, and may reject the request if the fields are populated. These ASPSP specific requirements must be documented

3.1.3  Data Dictionary

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

Pattern

OBFileInitiation

 

OBFileInitiation

The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file

OBFileInitiation

 

 

FileContextFormat

1..1

OBFileInitiation/FileContextFormat

Specifies the payment file context format

String

 Enum:

·  BH.OBF.pain.001.001.08

 

 

FileHash

1..1

OBFileInitiation/FileHash

A base64 encoding of a SHA256 hash of the file to be uploaded

String

 

 

FileReference

0..1

OBFileInitiation/FileReference

Reference for the file

String

 

 

NumberOfTransactions

0..1

OBFileInitiation/NumberOfTransactions

Number of individual transactions contained in the payment information group

String

 

[0-9]{1,15}

ControlSum

0..1

OBFileInitiation/ControlSum

Total of all individual amounts included in the group, irrespective of currencies

Number

 

 

RequestedExecutionDateTime

0..1

OBFileInitiation/RequestedExecutionDateTime

Date at which the initiating party requests the clearing agent to process the payment. Usage: This is the date on which the debtor's account is to be debited

DateTime

 

 

LocalInstrument

0..1

OBFileInitiation/LocalInstrument

User community specific instrument.

Usage: This element is used to specify a local instrument, local clearing option and/or further qualify the service or service level

String

Enum:

·  BH.OBF.DNS

·  BH.OBF.NRT

·  BH.OBF.BIL

 

DebtorAccount

0..1

OBFileInitiation/DebtorAccount

Unambiguous identification of the account of the debtor to which a debit entry will be made as a result of the transaction

OBFileInitiation/DebtorAccount

 

 

SchemeName

1..1

OBFileInitiation/DebtorAccount/SchemeName

Name of the identification scheme, in a coded form as published in an external list

String

Enum:

·  BH.OBF.IBAN

 

Identification

1..1

OBFileInitiation/DebtorAccount/Identification

Identification assigned by an institution to identify an account. This identification is known by the account owner

String

 

 

Name

0..1

OBFileInitiation/DebtorAccount/Name

The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP’s online channels. Note, the account name is not the product name or the nickname of the account

String

 

 

RemittanceInformation

0..1

OBFileInitiation/RemittanceInformation

Information supplied to enable the matching of an entry with the items that the transfer is intended to settle, such as commercial invoices in an accounts' receivable system

OBFileInitiation/RemittanceInformation

 

 

RemittanceDescription

0..1

OBFileInitiation/RemittanceInformation/ RemittanceDescription

Information supplied to enable the matching/reconciliation of an entry with the items that the payment is intended to settle, such as commercial invoices in an accounts' receivable system, in an unstructured form

String

 

 

Reference

0..1

OBFileInitiation/RemittanceInformation/Reference

Unique reference, as assigned by the creditor, to unambiguously refer to the payment transaction.

Usage: If available, the initiating party should provide this reference in the structured remittance information, to enable reconciliation by the creditor upon receipt of the amount of money. If the business context requires the use of a creditor reference or a payment remit identification, and only one identifier can be passed through the end-to-end chain, the creditor's reference or payment remittance identification should be quoted in the end-to-end transaction identification

String

 

 

SupplementaryData

0..1

OBFileInitiation/SupplementaryData

Additional information that cannot be captured in the structured fields and/or any other specific block

OBSupplementaryData

 

 

3.2  File Payment Consent – Request

The OBWriteFileConsent object will be used for the call to:

  • POST /file-payment-consents

3.2.1 UML Diagram

3.2.2 Notes

The file-payment-consents request contains these objects:

  • Initiation

  • Authorisation

  • SCASupportData

For the file-payment-consents request object:

  • There is no Risk section in the OBWriteFileConsent object - as this is not relevant for a file payment

3.2.3  Data Dictionary

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

Pattern

OBWriteFileConsent

 

OBWriteFileConsent

 

OBWriteFileConsent

 

 

Data

1..1

OBWriteFileConsent/Data

 

OBWriteFileConsent/Data

 

 

Initiation

1..1

OBWriteFileConsent/Data/Initiation

The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file

OBFileInitiation

 

 

Authorisation

0..1

OBWriteFileConsent/Data/Authorisation

The authorisation type request from the PISP

OBAuthorisation

 

 

SCASupportData

0..1

OBWriteFileConsent/Data/SCASupportData

Supporting Data provided by PISP, when requesting SCA Exemption

OBSCASupportData

 

 

 

3.3  File Payment Consent - Response

The OBWriteFileConsentResponse object will be used for a response to a call to:

  • POST /file-payment-consents

  • GET /file-payment-consents/{ConsentId}

3.3.1 UML Diagram

3.3.2 Notes

The file-payment-consents response contains the full original payload from the file-payment-consents request with these additional elements:

  • ConsentId

  • CreationDateTime the file-payment-consents resource was created

  • Status and StatusUpdateDateTime of the file-payment-consents resource

  • CutOffDateTime Behaviour is explained in Payment Initiation API Profile, Section - Payment Restrictions -> CutOffDateTime Behaviour

  • Charges array - for the breakdown of applicable ASPSP charges

  • Post successful user/customer Authentication, an ASPSP may provide Debtor/Name in the Payment Order Consent Response, even when the user/customer did not provide the Debtor Account via PISP

3.3.3 Data Dictionary

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

Pattern

OBWriteFileConsentResponse

 

OBWriteFileConsentResponse

 

OBWriteFileConsentResponse

 

 

Data

1..1

OBWriteFileConsentResponse/Data

 

OBWriteFileConsentResponse/Data

 

 

ConsentId

1..1

OBWriteFileConsentResponse/Data/ConsentId

OB: Unique identification as assigned by the ASPSP to uniquely identify the consent resource

String

 

 

CreationDateTime

1..1

OBWriteFileConsentResponse/Data/CreationDateTime

Date and time at which the resource was created

DateTime

 

 

Status

1..1

OBWriteFileConsentResponse/Data/Status

Specifies the status of consent resource in code form

String

Enum:

·  Authorised

·  AwaitingAuthorisation

·  AwaitingUpload

·  Consumed

·  Rejected

 

StatusUpdateDateTime

1..1

OBWriteFileConsentResponse/Data/StatusUpdateDateTime

Date and time at which the consent resource status was updated

DateTime

 

 

CutOffDateTime

0..1

OBWriteFileConsentResponse/Data/CutOffDateTime

Specified cut-off date and time for the payment consent

DateTime

 

 

Charges

0..n

OBWriteFileConsentResponse/Data/Charges

Set of elements used to provide details of a charge for the payment initiation

OBCharge

 

 

Initiation

1..1

OBWriteFileConsentResponse/Data/Initiation

The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file

OBFileInitiation

 

 

Authorisation

0..1

OBWriteFileConsentResponse/Data/Authorisation

The authorisation type request from the PISP

OBAuthorisation

 

 

SCASupportData

0..1

OBWriteFileConsentResponse/Data/SCASupportData

Supporting Data provided by PISP, when requesting SCA Exemption

OBSCASupportData

 

 

Debtor

0..1

OBWriteFileConsentResponse/Data/Debtor

Set of elements used to identify a person or an organisation

OBWriteFileConsentResponse/Data/Debtor

 

 

Name

1..1

OBWriteFileConsentResponse/Data/Debtor/Name

The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP’s online channels

String

 

 

4. Usage Example 

4.1 POST /file-payment-consents

4.1.1 Request

POST / file-payment-consents

Authorisation: Bearer 4ZopnFZFKjr5zDsicSQpLL

x-idempotency-key: XYZ.51403.MLT.30

x-jws-signature: LMlmPSqzISEpar72ce5deMGue4RsZMDnZYG1bW6hdPlvriZ=..G1rrM18vVYBmdmRurS6nIR1yFHR8bGZyIJdvaB5nKGRvm35hTr==

x-fapi-auth-date: Tue, 19 Mar 2020 19:43:31 GMT+3

x-fapi-customer-ip-address: 204.35.213.15

x-fapi-interaction-id: 75bdc714-b2dg-7676-c759-780d6815689f

Content-Type: application/json

Accept: application/json

{

  "Data": {

    "Initiation": {

      "FileContextFormat": "BH.OBF.pain.001.001.08",

      "FileHash": "jhkgas5768a/s78as",

      "FileReference": "41536789",

      "NumberOfTransactions": "10",

      "ControlSum": 10,

      "RequestedExecutionDateTime": "2020-03-20T09:14:32.115+03:00",

      "LocalInstrument": "BH.OBF.DNS",

      "DebtorAccount": {

        "SchemeName": "BH.OBF.IBAN",

        "Identification": "BH10CBBU00100000008876",

        "Name": "Khalid Ahmed Ali",

      },

      "RemittanceInformation": {

        "RemittanceDescription": "External Ops Code 34251",

        "Reference": "XYZ-101"

      },

    },

    "Authorisation": {

      "AuthorisationType": "Single",

      "CompletionDateTime": "2020-03-20T09:14:32.115+03:00"

    },

    "SCASupportData": {

      "RequestedSCAExemptionType": " ",

      "AppliedAuthenticationApproach": "SCA",

      "ReferencePaymentOrderId": "936427-2"

    }

  }

}

4.1.2 Response

201 Created

x-jws-signature: LMlmPSqzISEpar72ce5deMGue4RsZMDnZYG1bW6hdPlvriZ=

x-fapi-interaction-id: 75bdc714-b2dg-7676-c759-780d6815689f

Content-Type: application/json

{

  "Data": {

    "ConsentId": "309782",

    "CreationDateTime": "2020-03-20T09:14:32.153+03:00",

    "Status": "Authorised",

    "StatusUpdateDateTime": "2020-03-20T09:14:32.153+03:00",

    "CutOffDateTime": "2020-03-20T09:14:32.153+03:00",

    "Charges": [

      {

        "ChargeBearer": "BorneByCreditor",

        "Type": " "",

        "Amount": {

          "Amount": "5.53",

          "Currency": "BHD"

        }

      }

    ],

    "Initiation": {

      "FileContextFormat": "BH.OBF.pain.001.001.08",

      "FileHash": "jhkgas5768a/s78as",

      "FileReference": "41536789",

      "NumberOfTransactions": "10",

      "ControlSum": 10,

      "RequestedExecutionDateTime": "2020-03-20T09:14:32.115+03:00",

      "LocalInstrument": "BH.OBF.DNS",

      "DebtorAccount": {

        "SchemeName": "BH.OBF.IBAN",

        "Identification": "BH10CBBU00100000008876",

        "Name": "Khalid Ahmed Ali",

      },

      "RemittanceInformation": {

        "RemittanceDescription": "External Ops Code 34251",

        "Reference": "XYZ-101"

      },

    },

    "Authorisation": {

      "AuthorisationType": "Single",

      "CompletionDateTime": "2020-03-20T09:14:32.115+03:00"

    },

    "SCASupportData": {

      "RequestedSCAExemptionType": " ",

      "AppliedAuthenticationApproach": "SCA",

      "ReferencePaymentOrderId": "936427-2"

    }

  },

  "Links": {

    "Self": " www.TBC.com"   

  },

  "Meta": {

    "TotalPages": 01,

    "FirstAvailableDateTime": "2020-03-20T09:14:32.153+03:00",

    "LastAvailableDateTime": "2020-03-20T09:14:32.153+03:00"

  }

}

4.2  POST /file-payment-consents/{ConsentId}/file

4.2.1 Request

POST / file-payment-consents/309782/file

Authorisation: Bearer 4ZopnFZFKjr5zDsicSQpLL

x-idempotency-key: XYZ.51403.MLT.30

x-jws-signature: LMlmPSqzISEpar72ce5deMGue4RsZMDnZYG1bW6hdPlvriZ=..G1rrM18vVYBmdmRurS6nIR1yFHR8bGZyIJdvaB5nKGRvm35hTr==

x-fapi-auth-date: Tue, 19 Mar 2020 19:43:31 GMT+03:00

x-fapi-customer-ip-address: 204.35.213.15

x-fapi-interaction-id: 75bdc714-b2dg-7676-c759-780d6815689f

Content-Type: application/json

Accept: application/json

 

[File-Data]

4.2.2 Response

200 OK

x-fapi-interaction-id: 75bdc714-b2dg-7676-c759-780d6815689f

  • No labels