--- swagger: "2.0" info: title: Mock Data Customer API x-ibm-name: mock-data-customer-api version: 1.0.0 contact: name: openbanking@dssbank.no license: name: Copyright © 2018-2019 LILLESANDS SPAREBANK. All rights reserved. url: https://openbanking.lillesands-sparebank.no/terms description: "API for manipulating mock data. \nAll endpoints here are only meant for testing. \nAll endpoints here are only available in sandbox and not in production.\n[**Read the developer documentation before using this API** ](https://openbanking.lillesands-sparebank.no/portal-sandbox/documentation/)\n" basePath: / schemes: - https paths: /v1/sandbox/customers: post: description: "Post new customers. \n*customerNumber* should be used as identifier when performing SCA in test.\nFor private customers an agreement is created automatically as a part of the process. \nCorporate customers needs to add agreements through POST /v1/sandbox/agreements.\n" summary: /v1/sandbox/customers tags: - /v1/sandbox/customers operationId: CustomersPost deprecated: false produces: - application/json;charset=utf-8 parameters: - $ref: '#/parameters/Content-Type' - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/Digest' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' - name: Body in: body required: true description: "" schema: $ref: '#/definitions/customersRequest' responses: 201: description: "" schema: $ref: '#/definitions/v1SandboxCustomers' examples: application/json;charset=utf-8: customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE get: description: | Only for managing sandbox data, not part of the production API. Get list of all customers created using POST /v1/sandbox/customers. *customerNumber* should be used as identifier when performing SCA in test. summary: /v1/sandbox/customers tags: - /v1/sandbox/customers operationId: CustomersGet deprecated: false produces: - application/json;charset=utf-8 parameters: - name: withAccounts in: query description: set to true if you need the request to include mock accounts owned by this customer. Set to false if you do not need it and you want a faster response. required: false type: boolean x-example: true - name: withAgreements in: query description: set to true if you need the request to include all agreements related to this customer. Set to false if you do not need it and you want a faster response. required: false type: boolean x-example: true - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' responses: 200: description: "" schema: type: array items: $ref: '#/definitions/v1SandboxCustomers1' examples: application/json;charset=utf-8: - customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 agreements: - id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] _links: self: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE engagements: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE accounts: [] cardAccounts: [] _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE /v1/sandbox/customers/{customerId}: get: description: | Only for managing sandbox data, not part of the production API. Get a single customer created using POST /v1/sandbox/customers. *customerNumber* should be used as identifier when performing SCA in test. summary: /v1/sandbox/customers/:id tags: - /v1/sandbox/customers operationId: CustomersByCustomerIdGet deprecated: false produces: - application/json;charset=utf-8 parameters: - name: customerId in: path required: true type: string description: "" - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' responses: 200: description: "" schema: $ref: '#/definitions/v1SandboxCustomerswId' examples: application/json;charset=utf-8: customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 agreements: - id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] accounts: [] cardAccounts: [] _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE delete: description: Delete customer previously created using POST /v1/sandbox/customers. summary: /v1/sandbox/customers/:id tags: - /v1/sandbox/customers operationId: CustomersByCustomerIdDelete deprecated: false produces: - application/json parameters: - name: customerId in: path required: true type: string description: "" - $ref: '#/parameters/Accept' - $ref: '#/parameters/Accept-Charset' - $ref: '#/parameters/Accept-Encoding' - $ref: '#/parameters/Accept-Language' - $ref: '#/parameters/Host' - $ref: '#/parameters/X-Request-ID' - $ref: '#/parameters/TPP-Signature-Certificate' - $ref: '#/parameters/Signature' responses: 204: description: "" schema: type: object parameters: Accept: name: Accept in: header type: string required: false description: Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header. x-example: application/json Accept-Charset: name: Accept-Charset in: header type: string required: false description: Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header. x-example: utf-8 Accept-Encoding: name: Accept-Encoding in: header required: false type: string description: Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header. x-example: deflate, gzip;q=1.0, *;q=0.5 Accept-Language: name: Accept-Language in: header description: Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header. required: false type: string x-example: en-US,en;q=0.7,nb;q=0.3 Host: name: Host in: header type: string required: false description: The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening. x-example: http://lbxp02vip.unix.cosng.net:20100/secesb/rest/era-psd2 Content-Type: name: Content-Type in: header required: false type: string description: Advertises what type of data is actually sent. X-Request-ID: name: X-Request-ID in: header type: string required: true description: Request identifier, unique to the call, as determined by the TPP. x-example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19 Digest: name: Digest in: header type: string required: true description: "Base64 encoded sha256 or sha512 hash of the message body, used with the signature.\n>\nThe Digest header is defined by RFC3230 and sha256/sha512 si defined by RFC5843. " x-example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOabcX3YxNoH4k== TPP-Signature-Certificate: name: TPP-Signature-Certificate in: header type: string required: true description: The certificate used for signing the request in base64 encoding. x-example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k== Signature: name: Signature in: header type: string required: true description: | HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework. - *keyId* must be formatted as `keyId="SN=XXX,CA=YYY"` where `XXX` is the serial number of the signing certificate in hexadecimal encoding and `YYY` is the ful Distinguished Name of the Certificate Authority having certificate - *algorithm* must identify the same algorithm for the signature as presented in the signing certificate and should be `rsa-sha256` - *headers* must contain `date`, `digest`, `x-request-id`, `psu-id`, `psu-corporate-id`, and `tpp-redirect-uri` when available - *signature* must be computed as `Base64(RSA-SHA256(signingString))` If any values in the signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the signature header according to RFC 2047 which means MIME encoding the signature. Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?= Example of this encoding: `=?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=` Java example of how to implement encoding: ``` if (charset.equals(StandardCharsets.UTF_8)) { signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8))); } ``` x-example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************" definitions: customersRequest: title: /v1/sandbox/customersRequest example: customerNumber: "12345678" name: Test Inc. type: corporate type: object properties: customerNumber: type: string name: type: string type: type: string required: - customerNumber - name - type v1SandboxCustomers: title: /v1/sandbox/customers example: customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE type: object properties: customerId: type: string customerNumber: type: string customerType: type: string enum: - PRIVATE - CORPORATE customerName: type: string _links: $ref: '#/definitions/Links' required: - customerId - customerNumber - customerType - customerName - _links Links: title: Links example: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE type: object properties: self: $ref: '#/definitions/Self' required: - self Self: title: Self example: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE type: object properties: href: type: string verbs: type: array items: type: string required: - href - verbs v1SandboxCustomers1: title: /v1/sandbox/customers1 example: customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 agreements: - id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] _links: self: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE engagements: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE accounts: [] cardAccounts: [] _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE type: object properties: customerId: example: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf type: string customerNumber: example: 01085800481 type: string customerType: example: PRIVATE type: string enum: - PRIVATE - CORPORATE customerName: example: Testodius Test2 type: string agreements: example: - id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] _links: self: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE engagements: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE type: array items: $ref: '#/definitions/Agreement' accounts: example: [] type: array items: type: string cardAccounts: example: [] type: array items: type: string _links: $ref: '#/definitions/Links' required: - customerId - customerNumber - customerType - customerName - agreements - accounts - cardAccounts - _links Agreement: title: Agreement example: id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] _links: self: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE engagements: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE type: object properties: id: example: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== type: string name: example: Testodius Test2 type: string engagements: example: [] type: array items: type: string _links: $ref: '#/definitions/Links1' required: - id - name - engagements - _links Links1: title: Links1 example: self: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== verbs: - GET - DELETE engagements: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE type: object properties: self: $ref: '#/definitions/Self' engagements: $ref: '#/definitions/Engagements' required: - self - engagements Engagements: title: Engagements example: href: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements verbs: - POST - DELETE type: object properties: href: example: /v1/sandbox/agreements/enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg==/engagements type: string verbs: example: - POST - DELETE type: array items: type: string required: - href - verbs v1SandboxCustomerswId: title: /v1/sandbox/customers/:id example: customerId: enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf customerNumber: 01085800481 customerType: PRIVATE customerName: Testodius Test2 agreements: - id: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== name: Testodius Test2 engagements: [] accounts: [] cardAccounts: [] _links: self: href: /v1/sandbox/customers/enc!!IZ5FQKfTP6SdoIoD_nyvKlJt1cHv_JOIku7xUgmyui1a18SoQ0YA4nfH7c28PLxf verbs: - GET - DELETE type: object properties: customerId: type: string customerNumber: type: string customerType: type: string enum: - PRIVATE - CORPORATE customerName: type: string agreements: type: array items: $ref: '#/definitions/Agreement1' accounts: type: array items: type: string cardAccounts: type: array items: type: string _links: $ref: '#/definitions/Links' required: - customerId - customerNumber - customerType - customerName - agreements - accounts - cardAccounts - _links Agreement1: title: Agreement1 type: object properties: id: example: enc!!9LnOfAAQ-HgKXsU61DSZc0b1M9k-2FkJ4Hunsoe4mfTD3AOU_Evq91NkmNgd1lK9RRT6jE7MV7aAPxm7gMrQLg== type: string name: example: Testodius Test2 type: string engagements: example: [] type: array items: type: string required: - id - name - engagements tags: - name: /v1/sandbox/customers x-ibm-configuration: enforced: true testable: true phase: realized x-ibm-endpoints: - endpointUrl: https://openbanking.lillesands-sparebank.no/api-sandbox type: - production - development ...