Banking Ecosystem Platform Documentation

1. Introduction

The banking ecosystem Platform provides all services required to establish trustful relationships among the participants of the banking ecosystem trust network and optionally to collect billing data.

This documentation contains descriptions of the interfaces of the Platform services. It is intended to provide the necessary information for developers using this services of the Platform.

The banking ecosystem Platform is decomposed into several system components and microservices, which are described in this section.

The Account Chooser (https://accounts.openbanking.verimi.de) enables the RP to query the matching OpenID Provider Issuer for the user who is supposed to be authenticated. The Account Chooser gets invoked by the user’s user agent and provides a user interface where the user can select the bank he has an account on. The Account Chooser provides the issuer URL of the respective IDP (OpenID Provider) to the RP by using an HTTP redirect (302 - Found). It also allows the RP to check the authenticity of an issuer URL, which is required before any OAuth/OpenID Connect process is started using a particular issuer URL.

1.2. Authorization Server

The Authorization Server (https://as.openbanking.verimi.de) manages authentication and authorization of all entities accessing Platform APIs. The Authorization Server uses the OAuth 2.0 Client Credentials Grant in conjunction with OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens to authenticate clients and prevent token leakage. After successful authentication, the client is provided with an access token containing its authorization data. The client in turn uses this access token when invoking any of the Platform APIs.

The following APIs must be invoked using a valid access token:

Bank Directory
IDP Directory
RP Directory
SP Directory
SC Directory
Service Configuration
Billing Mediation Service v2

1.3. Directory

The Directory is comprised of several micro services that can be queried or updated by authorized components. These microservices are:

Bank directory (https://api.openbanking.verimi.de/banks/v1/)
Contains general information (bank identification code, name) about all active and passive banks. It is used to search banks in the account chooser.
IDP directory (https://api.openbanking.verimi.de/idps/v1/)
Contains IDP-specific information like the BIC to IDP mapping and the issuer URL. All other IDP configuration data are published in the respective IDP’s OpenID Provider Configuration.
RP directory (https://api.openbanking.verimi.de/rps/v1/)
Contains RP client metadata and credentials like the client_id, the public key certificates, the allowed scopes & claims as well as redirect_uris for Account Chooser and the OpenID Connect Flow. The metadata is based on OpenID Connect client metadata but contains additional banking ecosystem-specific attributes.
SP directory (https://api.openbanking.verimi.de/sps/v1/)
Contains service provider (SP) metadata and credentials like the client_id, the public key certificates, and the supported scopes & required claims.The metadata is based on OpenID Connect client metadata but contains additional banking ecosystem-specific attributes.
SC directory (https://api.openbanking.verimi.de/scs/v1/)
Contains service configurations (SC) that map IDPs to sets of SPs with which they collaborate to provide additional services like QES.
Service Configuration (https://api.openbanking.verimi.de/service-configuration/v1/)
Contains a read-only view for RPs on the SC Directory for service discovery.

1.4. Billing Mediation

The billing mediation service v2 (https://api.openbanking.verimi.de/mediationrecords/v2) enables the IDPs and SPs to pass billing-relevant events to the banking ecosystem.

1.5. Use cases

Currently, there are the following use cases for accessing the Platform:

Management
IDP
RP
SP
SC
Service Configuration

1.5.1. Management

Management refers to the creation and further management of directory entries. Any party wanting to act in this role, needs to setup a technical account with the Platform AS first (see below). It then uses the CRUD requests on the directories in conjunction with access tokens issued by the Platform AS.

1.5.2. IDP

IDPs need to synchronize periodically with the RP and SP directories in order to keep the data they use to authenticate and authorize RPs and SPs up-to-date. The synchronization works as follows:

The IDP obtains an access token from token endpoint of the Platform AS
With this access token the IDP can obtain all registered RPs from the banking ecosystem RP directory (and subsequently store this data in its local RP database for further use)
With the same token the IDP can obtain all SPs it has whitelisted from the banking ecosystem SC directory to synchronize the SPs' clients to that the SPs are able to use the IDP’s introspection endpoint to receive the data they need to fulfill their service

The IDP may also want to use banking ecosystem as a billing platform. In this case, it sends mediation records to the billing mediation service. This request also requires a valid access token.

1.6. Account Management & API Invocation

1.6.1. Technical Accounts

The API consumer (independent of the use case) must be in possession of

a private key and
a corresponding certificate (may be self-signed)
a client ID with the Platform AS.

The key and certificate may be created by any suitable tool. For example the openssl command would be

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj '/CN=<insert your client name>' -nodes

The public key certificate (only!) needs to be sent to the banking ecosystem Platform team, it will provide you with a client_id. Then add the certificate and public key to your HTTP client.

1.6.2. Authorization

The permissions of an technical account are determined by its allowed scope values. These scope values are set at creation time and can be modified later on.

Every directory entry belongs to a so-called owner id. Permissions can be limited to the entries belonging to a certain owner.

Every protected API request type requires a certain scope value (or one out of several alternatives), please consult the request documentation for the specific scope values.

1.6.3. Obtain an Access Token

API consumers obtain the access token from the Platform AS by using the client_credentials grant type in combination with TLS Client Authentication.

1.6.4. API Invocation

API consumers must send a valid access token along with every request to a protected Platform API.

All access tokens are bound to the public key certificate used to obtain the access token.This is a means to prevent token leakage.It requires API consumers to establish the TLS connection to the Platform APIs using TLS Client Authentication with the key & certificate used to obtain the token.

1.7. Base URL

There are two independent Platform instances provided to partners, which are production and sandbox. This are the respective base DNS names:

Sandbox: sandbox.openbanking.verimi.cloud

Production: openbanking.verimi.com

This document describes the URL of any resource or API relative to the respective base DNS names, the examples are given for the base URL of the sandbox.

2. Authorization Server

2.1. Token endpoint

The token endpoint can be found at

https://as.<PLATFORM_BASE>/token

The client is authenticated via TLS client authentication for OAuth 2.0., for more information see: mTLS OAth2

Here is an an example of a curl command:

2.1.1. Get a AccessToken for Platform Services

$ curl -i --request POST \
    --cert cert.pem \
    --key key.pem \
    --url https://as.sandbox.openbanking.verimi.cloud/token/ \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data 'grant_type=client_credentials&client_id=test_client'

Example AccessToken Response

HTTP/1.1 200
status: 200
date: Thu, 22 Mar 2018 13:30:24 GMT
content-type: application/json;charset=UTF-8
content-length: 828
connection: keep-alive
cache-control: no-store
pragma: no-cache

{
  "access_token": "....WQiOiJOQnlWIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJ0ZXN0X2NsaWVud....nNjcCI6WyJlbWFpbCIsImh0dHBzOlwvXC95ZXMuY29tXC9wZXJzb25fZGF0YSJdLCJpc3MiOiJodHRwczpcL1wvYXMuc2FuZGJveC55ZXMuY29tIiwiY25mIjp7Ing1dCNTMjU2IjoiVGRvT09DeWd1R2tiaTJPTFY5TmdCYUw2czhEbXhMUmVHUFh6RG14T0ZGNCJ9LCJleHAiOjE1MTc1NzY1NTksImlhdCI6MTUxNzU3NTk1OSwiY2lkIjoidGVzdF9jbGllbnQifQ.BqeNm0MWNkh....g36weG_CAh4V3aT1RT-_F6qE57yKj-ORYqZlo2QI_xg_-URmrVmit245PdDD0TsJfe46b9QtlTyy4E3Q66d4CAovM8wqqDWGJ39QvoomuDaA7MxrhQBmb3RkZHisoUL5mfrIzu2JJj4Ja0i-uRL_FjU7tC9qDuOoOL8z6v5TS9DrIXDuH6kccF5pEHXLrp24KYd105I3wXQmhAg_CdG4zXWU5EmPkFw-fHRiTFw0F40ofcVK9YUwhgUUQ3T4TV8fR_Z2EsVKm21VBMuWzSSgT-93cSgGlXNI5OQtkjRHNW8cDib3pNZtnfPOPbXiPDXssmUneGg",
  "scope": "rp_read_all",
  "token_type": "Bearer",
  "expires_in": 600
}

3. Account Chooser

3.1. Initialization of the Account Chooser

The RP starts the Account Chooser with the provided client_id at the following URL:

https://accounts.sandbox.openbanking.verimi.cloud/?client_id={client ID of the RP}

Example

https://accounts.sandbox.openbanking.verimi.cloud/?client_id=sandbox.yes.com:3630BF72-E979-477A-A8FF-8A338F058932

3.2. Parameter `state`

You can add a state parameter to the initial request. The state will then be present at every redirect to the provided redirect URL of the RP.

The allowed length for the state is limited as the length of the complete URL is limited. We recommend to use URLs with less than 2048 characters.

Example initial request

 https://accounts.sandbox.openbanking.verimi.cloud/?client_id={client ID of the RP}&state=iasgnrkgj3k

Example redirect performed by the Account Chooser

 https://{redirect URI of the rp}/?issuer_url={issuer URL of the idp}&state=iasgnrkgj3k

3.3. Remembering the selected bank

On your first visit, the account chooser will remember your selected bank in a cookie, if an IDP was successfully found. On your next visit, you will immediately be redirected if the IDP is available. If you want to choose another bank, you have to add the following url parameter to your initial Account Chooser request:

prompt=select_account

Example

 https://accounts.sandbox.openbanking.verimi.cloud/?client_id={client ID of the RP}&prompt=select_account

3.3.1. Delete the cookie

To delete the cookie you can either use your browser’s function or use the account chooser API by calling

https://accounts.sandbox.openbanking.verimi.cloud/cookie

3.4. Additional initial request parameters

since 22.04.2021

3.4.1. Parameter `preselect_bic`

A bank can be preselected with this paramter under the appropriate conditions (see below) in order to skip the account chooser. The response will be returned immediately, and the account chooser ui is not displayed.
The bic cookie for remembering the previously selected bank will also be written using the value from the preselect_bic parameter.

If the cookie is already present, it will be ignored and overwritten with the value from the preselect_bic parameter.

Example request

 https://accounts.sandbox.openbanking.verimi.cloud/?client_id={client ID of the RP}&state=iasgnrkgj3k&preselect_bic=TESTDEY0001

In case of an error, the response url contains the parameter error=invalid_request and one of the following descriptions as error_description=…

Table 1. possible error for `preselect_bic`
Action	Example `error_description`
usage of `preselect_bic` with more than one `bic` value or more than once per request	`More than one 'preselect_bic' values found '[TESTDEY0001, TESTDEY0004]'`
usage of both parameters `preselect_bic` and `prompt=select_account`	`usage of 'preselect_bic' with 'select_account=prompt' is not allowed`
the `bic` from `preselect_bic` does not exist in the bank directory	`no bank found for bic 'FAILDE0000'`
the `bic` from `preselect_bic` does not exist in the idp directory	`no idp found for bic 'FAILBC11XXX'`
the `bic` from `preselect_bic` does exist in the idp directory, but the idp hasn’t the status `active`	`given idp 'TESTDEY0002' is not active`

3.4.2. Parameter `return_bic`

Request parameter to add the bank selected by the user as selected_bic=… response parameter to the account chooser redirect response.

Format

return_bic=true

Example request

 https://accounts.sandbox.openbanking.verimi.cloud/?client_id={client ID of the RP}&state=iasgnrkgj3k&return_bic=true

Example response

 https://{redirect URI of the rp}/?issuer_url={issuer URL of the idp}&state=iasgnrkgj3k&selected_bic={selected bank bic}

3.5. The User interacts with the Account Chooser

The user searches with the Account Chooser for his or her bank. Searching can be done via BIC or the name of the bank.

3.6. Redirect when the bank is found

If the search leads to a unique result, the Account Chooser performs a redirect to the provided redirect URL of the RP. The issuer URL of the selected bank (IDP) is passed as a parameter.

Redirect performed by the Account Chooser

https://{redirect URI of the rp}/?issuer_url={issuer URL of the idp}

3.6.1. Example

The RP uses the redirect URI https://rpbackend.acme.com

The user is searching for the bank with the BIC "TESTBANK" and the issuer URL https://idp.testbank.com

After the interaction with the user, the Account Chooser performs the following redirect:

https://rpbackend.acme.com/?issuer_url=https://idp.testbank.com

The Relying Party has to check the given issuer_url with the Account-Chooser API, see: Check Issuer

3.7. Redirect when the user cancels the flow

Some interactions with the user can result in the cancellation of the account chooser workflow and returning the user to the relying party. In such a case, the account chooser will redirect to the rp with an url parameter 'error' detailling the specific reason:

https://<ac_redirect_uri>?error=<code-see-table>

Table 2. possible error
Action	Error `code`
Pressing the "back" button	`canceled`
The bank search returned no results	`unknown_issuer`
The user selected a bank that either has no idp (issuer) at all, or the found idp is inactive	`unknown_issuer`

3.8. API Operations

Account Chooser provided APIs.

3.8.1. Check Issuer

Check the issuer_url the relying party has received with the account-chooser redirect URL, as URL parameter.

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/idp/' -i -X GET

The API returns an HTTP status code and an empty body.

Result response HTTP 204 (no content)

When the IDP is found and "active"

HTTP/1.1 204 No Content
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d15884601947bc2faee3cad616c2
X-B3-SpanId: 6a1d1334a829848d
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:44 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Result response HTTP 400 (bad request)

When the URL parameter iss is not a valid URI

HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d156be47091601d0e030443d036b
X-B3-SpanId: 168c8bd2d5ef8316
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:41 GMT
Connection: close

Result response HTTP 404 (not found)

When the IDP is not found in IDP Directory

HTTP/1.1 404 Not Found
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d1555b77065af309f82f8899da6b
X-B3-SpanId: 7d309f2dcfede9af
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:40 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Result response HTTP 423 (locked)

When the IDP is found but not "active"

HTTP/1.1 423 Locked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d1577b26f8cd68b28df2a5ce39de
X-B3-SpanId: 5c4c4ce1968e8e7d
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:44 GMT
Keep-Alive: timeout=60
Connection: keep-alive

4. Account Chooser External API

Relevant parts of the Account Chooser can also be accessed with an API to allow for implementing a custom account chooser.

The following methods are provided relative to the base path

https://accounts.openbanking.verimi.de/ext

Init external Account Chooser: GET /init
Search Bank Directory: GET /search
Select IDP: GET /idp
Selection: GET /selection
Abort the transaction: GET /abort

All parameters for the respective request are required, unless otherwise noted.

4.1. Init external Account Chooser: GET /init

Notify the initiation of the external account chooser. To be called first when the external account chooser application was initiated. This shall only be called once per the user’s transaction.

4.1.1. Request

https://accounts.openbanking.verimi.de/ext/init?clientId=<client id>

Table 3. Parameters
Parameter	Restriction	Description
clientId	a valid client id for the banking ecosystem	the client id of the relying party

Example curl request

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/ext/init' -i -X GET

4.1.2. Responses

NO CONTENT / 204

Client id does exist and the init call was tracked in statistics

HTTP/1.1 204 No Content
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d14356ba98bb0496246bd30c8f08
X-B3-SpanId: 0250fb0d50fa7930
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:23 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Bad Request / 400

Bad input parameter

Not Found / 404

Not found

4.2. Search Bank Directory: GET /search

Search the bank directory for a given search term.

Searches bank directory entries for the given search term and tracks search request. It is expected, that the user is typing its bank’s name or bank’s BIC into a search field of the external account chooser application. This method shall be called for every input change and therefore delivers with every new character a better matching list of banks.

4.2.1. Request

https://accounts.openbanking.verimi.de/ext/search?clientId=<client id>&term=<search term>

Table 4. Parameters
Parameter	Restriction	Description
clientId	a valid client id for the banking ecosystem	the client id of the relying party
term	1 to 100 Characters, see: Allowed Characters	search for a list of Banks by the `bank_name`, `keywords`, `bic` or `blz`. The search is performed on a Apache Lucene index

Example curl request

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/ext/search' -i -X GET

4.2.2. Responses

OK / 200

A list of banks for the given search term, see bank response datamodel for a description.

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d143077e77acb3339f9d0eafd023
X-B3-SpanId: 1c905caa8d455fef
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:13:23 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 1093

[ {
  "bic" : "TESTDEY0001",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo2",
  "federation_sub" : null
}, {
  "bic" : "TESTDEY0003",
  "blz" : "47110815",
  "name" : "Test Bank (testidp)",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "federation_sub" : null
}, {
  "bic" : "TESTDEY0002",
  "blz" : "47110815",
  "name" : "Test Bank (inaktiv)",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "federation_sub" : null
}, {
  "bic" : "TESTDEY0006",
  "blz" : "88888888",
  "name" : "Encoding & Test & Co. Kg",
  "zip" : "55555",
  "city" : "Nirgendwo",
  "federation_sub" : null
}, {
  "bic" : "TESTVER0004",
  "blz" : "40000004",
  "name" : "Verimi Test Bank Delete",
  "zip" : "47111",
  "city" : "Delete me",
  "federation_sub" : null
}, {
  "bic" : "TESTIDP0006",
  "blz" : "00000006",
  "name" : "Testbank 6 (testidp6)",
  "zip" : "47116",
  "city" : "Teststadt6",
  "federation_sub" : null
}, {
  "bic" : "TESTIDP0007",
  "blz" : "00000007",
  "name" : "Testbank 7 (testidp7)",
  "zip" : "47117",
  "city" : "Teststadt7",
  "federation_sub" : null
} ]

Bad Request / 400

Bad input parameter

4.3. Select IDP: GET /idp

Get information of the selected IDP.

To be called when the user has selected a bank and its idp information are required. This method is expected to be called when the user clicks one of the suggested banks of the former bank search. The status (active, inactive) and iss (issuer URL of IDP) fields of the IDP response object can be used for further filtering decisions in the external account chooser application.

4.3.1. Request

https://accounts.openbanking.verimi.de/ext/idp?clientId=<client id>
    &bic=<bic of the selected bank>
    &term=<search term>
    &bankName=<name of the selected bank>
    &clickPosition=<position of the selected bank in the list of banks>

Table 5. Parameters
Parameter	Restriction	Description
clientId	a valid client id for the banking ecosystem	the client id of the relying party
bic	a valid bic	the bic (Bank Identifier Code) for the selected bank
term	1 to 100 Characters, see: Allowed Characters	the final search term the user entered in the search field before selecting a bank
bankName	1 to 100 Characters, see: Allowed Characters	the name of selected bank as displayed in the Account Chooser
clickPosition	an integer with a minimum value of 1	the position of the selected bank within the retrieved list of banks (indexing starts at 1, so the first bank in the list has clickPosition 1)

Example curl request

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/ext/idp' -i -X GET

4.3.2. Responses

OK / 200

The IDP for the selected bank, see idp response data model for a description.

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d142728e798efe687ac018a4f516
X-B3-SpanId: 20034b2b975af5fe
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:13:23 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 67

{
  "iss" : "https://accounts.testbank.de",
  "status" : "active"
}

Bad Request / 400

Bad input parameter

Not Found / 404

The IDP does not exist in the IDP directory, in case the requested BIC was correct, this must be treated as the bank does not yet participate.

4.4. Selection: GET /selection

Send information if an external provider is used for the following transaction.

To be called when the RP is about to redirect to the IDP. The call shall also pass the information if an external provider is used for the following transaction. This is expected to be the last call in the user’s account chooser transaction and to be called only once.

4.4.1. Request

https://accounts.openbanking.verimi.de/ext/selection?clientId=<client id>
    &useExternal=<true|false>
    &bankName=<name of the selected bank>
    &iss=<the issuer url of the idp>

Table 6. Parameters
Parameter	Restriction	Description
clientId	a valid client id for the banking ecosystem	the client id of the relying party
useExternal	boolean flag, one of the values `true` or `false`	that parameter must be set to `true` in case an external Provider will be used for the following transaction (not banking ecosystem).
bankName	1 to 100 Characters, see: Allowed Characters	the name of selected bank as displayed in the Account Chooser
iss	a valid url	The IDP issuer url as received by the previous `/idp` request.

Example curl request

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/ext/selection' -i -X GET

4.4.2. Responses

NO CONTENT / 204

The request was tracked.

HTTP/1.1 204 No Content
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d143f224a750c42c157e5fa64e03
X-B3-SpanId: 6ef2349748838690
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:23 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Bad Request / 400

Bad input parameter

4.5. Abort the transaction: GET /abort

Send information that user aborted the external account chooser.

To be called when the user aborts the external account chooser in a way that it can be detected by the application. This is expected to be called only once per transaction or not at all.

4.5.1. Request

https://accounts.openbanking.verimi.de/ext/abort?clientId=<client id>

Table 7. Parameters
Parameter	Restriction	Description
clientId	a valid client id for the banking ecosystem	the client id of the relying party

Example curl request

$ curl 'https://accounts.sandbox.openbanking.verimi.cloud/ext/abort' -i -X GET

4.5.2. Responses

NO CONTENT / 204

The event was tracked.

HTTP/1.1 204 No Content
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-B3-TraceId: 65e7d1430c04a3b6834271208608a955
X-B3-SpanId: 689dcf734d019240
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self' accounts.local.yes.com; connect-src 'self' accounts.local.yes.com https://api-js.mixpanel.com; style-src 'self' accounts.local.yes.com 'unsafe-inline'; child-src 'self' accounts.local.yes.com; script-src 'self' accounts.local.yes.com; img-src *
Date: Wed, 06 Mar 2024 02:13:23 GMT
Keep-Alive: timeout=60
Connection: keep-alive

Bad Request / 400

Bad input parameter

Not Found / 401

Unauthorized RP client id

5. Bank Directory

Currently for internal use only.

For data model explanation take a look at [bank-response-datamodel]. For error responses see General expectable responses.

5.1. API Operations

5.1.1. READ ALL (search by term) : Method GET

Banks can be searched by the following search criteria:

Bank name
BLZ (German banks)
BIC
keywords

owner_id

Allowed characters are (search by term only):

a-z
A-Z
0-9
Space
Dot
Braces
Slash
Underscore
Minus
German-Umlauts

Table 8. API Scopes
Scope value	Description
bank_read	Read all bank configurations for the given search term, unrestricted
bank_read#owner_id:{owner_id}	Read all bank configurations restricted to the given `owner_id`

https://<basepath>/<version>/?term=<search term>

The bank search API supports several parameters, which are all optional.

Note: If none of the parameters are set, a list of all banks belonging to the corresponding owner (scope bank_read#owner_id:{owner_id}) is returned. The search by term is not affected by the owner_id.

Table 9. possible parameters
Parameter	Restriction	Description
term	1 to 100 Characters (see: "Allowed characters" above)	(deprecated) search for a list of Banks by the `bank_name`, `bic` or `blz`. The search is performed via a database query
search	1 to 100 Characters (see: "Allowed characters" above)	search for a list of Banks by the `bank_name`, `keywords`, `bic` or `blz`. The search is performed on a Apache Lucene index
limit	Integer	Limit the result list to a certain size
distinct	Enum (name, none)	Distinct the value names to avoid duplicate bank names

Here is an example of how the parameters have to be used.

https://<basepath>/<version>/?term=<search term>&limit=<maximum number of results>&distinct=name

$ curl 'https://api.sandbox.openbanking.verimi.cloud/banks/v1/' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 03 Mar 2024 02:23:36 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 183

[ {
  "id" : 42,
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "owner_id" : "1_platform",
  "keywords" : null
} ]

5.1.2. READ by ID: Method GET

Read a resource from the directory by appending the resource id to the service endpoint.

https://<basepath>/banks/<version>/<id>

$ curl 'https://api.sandbox.openbanking.verimi.cloud/banks/v1/23' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 03 Mar 2024 02:23:00 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 179

{
  "id" : 23,
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "owner_id" : "1_platform",
  "keywords" : null
}

5.1.3. CREATE : Method POST

Create a bank in the bank directory.

One of the following scopes is required to perform this operation:

Table 10. API Scopes
Scope value	Description
bank_create	Create a bank configuration, unrestricted
bank_create#owner_id:{{owner_id}}	Create a bank configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/banks/v1/' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "owner_id" : "1_platform",
  "keywords" : "testbank yesbank"
}'

Bank Request Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`bic`	`String`	not null / 1 to 50 character / unique / Must match the regular expression `[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}\|\w{3}\|\w{0})` in words: - 4 letters (bank code) - 2 letters (country code) - 2 letters or digits (city code) - 6, 3 or 0 letter bank branch code (optional)	the Business Identifier Code (BIC) according to ISO 9362
`blz`	`String`	nullable / 1 to 50 character	the BLZ ('Bankleitzahl')
`name`	`String`	not null / 1 to 255 character	the bank name
`zip`	`String`	nullable / 1 to 50 character	the the zip code of the city where the bank is located
`city`	`String`	nullable / 1 to 255 character	the city where the bank is located
`owner_id`	`String`	not null / 1 to 50 character	the id of the owner of the bank entry
`keywords`	`String`	nullable / 1 to 65,535 character	(optional) WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.

bic

String

not null / 1 to 50 character / unique / Must match the regular expression
[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}|\w{3}|\w{0})

in words:
- 4 letters (bank code)
- 2 letters (country code)
- 2 letters or digits (city code)
- 6, 3 or 0 letter bank branch code (optional)

the Business Identifier Code (BIC) according to ISO 9362

blz

String

nullable / 1 to 50 character

the BLZ ('Bankleitzahl')

name

String

not null / 1 to 255 character

the bank name

zip

String

nullable / 1 to 50 character

the the zip code of the city where the bank is located

city

String

nullable / 1 to 255 character

the city where the bank is located

owner_id

String

not null / 1 to 50 character

the id of the owner of the bank entry

keywords

String

nullable / 1 to 65,535 character

(optional) WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.

Result response HTTP 201 (Created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 03 Mar 2024 02:23:09 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 193

{
  "id" : 24,
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "owner_id" : "1_platform",
  "keywords" : "testbank yesbank"
}

5.1.4. UPDATE : Method PUT

Update a bank in the bank directory.

One of the following scopes is required to perform this operation:

Table 11. API Scopes
Scope value	Description
bank_update	Update a bank configuration, unrestricted
bank_update#owner_id:{{owner_id}}	Update a bank configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/banks/v1/17' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "keywords" : "yesbank testbank",
  "owner_id" : null
}'

Bank Request Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`bic`	`String`	not null / 1 to 50 character / unique / must match BIC format / Must match the regular expression `[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}\|\w{3}\|\w{0})` in words: - 4 letters (bank code) - 2 letters (country code) - 2 digits (city code) - 6, 3 or 0 letter bank branch code (optional)	the Business Identifier Code (BIC) according to ISO 9362
`blz`	`String`	nullable / 1 to 50 character	the BLZ ('Bankleitzahl')
`name`	`String`	not null / 1 to 255 character	the bank name
`zip`	`String`	nullable / 1 to 50 character	the the zip code of the city where the bank is located
`city`	`String`	nullable / 1 to 255 character	the city where the bank is located
`keywords`	`String`	nullable / 1 to 65,535 character	(optional) WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.
`owner_id`	`String`	nullable / 1 to 50 character	(optional) The new `owner_id`. The corresponding API scope is required

bic

String

not null / 1 to 50 character / unique / must match BIC format / Must match the regular expression
[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}|\w{3}|\w{0})

in words:
- 4 letters (bank code)
- 2 letters (country code)
- 2 digits (city code)
- 6, 3 or 0 letter bank branch code (optional)

the Business Identifier Code (BIC) according to ISO 9362

blz

String

nullable / 1 to 50 character

the BLZ ('Bankleitzahl')

name

String

not null / 1 to 255 character

the bank name

zip

String

nullable / 1 to 50 character

the the zip code of the city where the bank is located

city

String

nullable / 1 to 255 character

the city where the bank is located

keywords

String

nullable / 1 to 65,535 character

(optional) WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.

owner_id

String

nullable / 1 to 50 character

(optional) The new owner_id. The corresponding API scope is required

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 03 Mar 2024 02:22:51 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 193

{
  "id" : 17,
  "bic" : "TESTDEY9999",
  "blz" : "47110815",
  "name" : "Test Bank",
  "zip" : "47110",
  "city" : "Nirgendwo",
  "owner_id" : "1_platform",
  "keywords" : "yesbank testbank"
}

Bank Response Data Model

Field Type Description

Field	Type	Description
`id`	`Long`	the internal id
`bic`	`String`	the Business Identifier Code (BIC) according to ISO 9362
`blz`	`String`	the BLZ ('Bankleitzahl')
`name`	`String`	the bank name
`zip`	`String`	the the zip code of the city where the bank is located
`city`	`String`	the city where the bank is located
`owner_id`	`String`	the id of the owner of the bank entry
`keywords`	`String`	WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.

id

Long

the internal id

bic

String

the Business Identifier Code (BIC) according to ISO 9362

blz

String

the BLZ ('Bankleitzahl')

name

String

the bank name

zip

String

the the zip code of the city where the bank is located

city

String

the city where the bank is located

owner_id

String

the id of the owner of the bank entry

keywords

String

WHITESPACE separated list of keywords to search for. The keyword may have a fuzziness of one character and may start with the given search term.

When no banks were found for the search term in bank name, BIC, or BLZ the API will respond with an empty array.

5.1.5. DELETE : Method DELETE

Delete a bank from the bank directory.

https://<basepath>/<version>/<id>

One of the following scopes is required to perform this operation:

Table 12. API Scopes
Scope value	Description
bank_delete	Delete a bank configuration, unrestricted
bank_delete#owner_id:{{owner_id}}	Delete a bank configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/banks/v1/46' -i -X DELETE

Result response HTTP 204 (NO CONTENT)

6. IDP Directory

The IDP Directory is accessible at the following service endpoint:

https://<basepath>/idps/<version>

6.1. API Operations

6.1.1. CREATE: Method POST

Create an IDP configuration in the IDP Directory by posting it to the service endpoint:

Table 13. API Scopes
Scope value	Description
idp_create	Create an IDP configuration (not restricted to any specific 'owner_id')
idp_create#owner_id:{{owner_id}}	Create an IDP configuration, restricted to the 'owner_id' given in HTTP body

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "bics" : [ "TESTDEY0456", "TESTDEY0123" ],
  "iss" : "http://some.issuer.com",
  "previous_iss" : [ "www.previous.two.iss.url.de", "www.previous.one.iss.url.de" ],
  "status" : "active",
  "owner_id" : "owner_test_user",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : null
}'

IDP Request Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`bics`	`Array of Strings`	(optional) can be empty or must at least contain one BIC. Must match the regular expression `[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}\|\w{3}\|\w{0})` in words: - 4 letters (bank code) - 2 letters (country code) - 2 letters or digits (city code) - 6, 3 or 0 letter bank branch code (optional)	a list of `bic` (Bank Identifier Code) for this IDP
`iss`	`String`	not null / has to be an url / unique	the `issuer_url` field value
`previous_iss`	`Array of Strings`	(optional) can be empty or must at least contain one iss_url. Must only contain unique urls	a list of previous issuer_urls, e.g. the issuer_urls of merged banks
`logo_uri`	`String`	(optional) can be empty or must contain the IDPs logo url. Must be a valid url to the IDP’s logo.	The logo must conform to the following requirements: - Aspect ratio: 1:1 to 4:1 (you may embed your logo in a surrounding space to conform to this) - Height: 75..150 px - Width: 150..400 px - Maximal file size: 100 kB - Format: SVG (recommended) or PNG.
`owner_id`	`String`	not null or empty / 1 to 50 character	the owner_id
`status`	`Enumeration`	(optional) allowed values are `active` or `inactive`, default: `active`	Indicates if the idp is currently active or not
`notification_email`	`String`	(optional) must be a valid email address	IDP’s email address e.g. used by SPs for incident reporting
`notification_email_senders`	`Array of Strings`	(optional) valid email addresses	Legitimate email sender(s) for this IDP that can be checked by the receivers (e.g. SPs)

bics

Array of Strings

(optional) can be empty or must at least contain one BIC. Must match the regular expression
[a-zA-Z]{4}[a-zA-Z]{2}\w{2}(\w{6}|\w{3}|\w{0})

in words:
- 4 letters (bank code)
- 2 letters (country code)
- 2 letters or digits (city code)
- 6, 3 or 0 letter bank branch code (optional)

a list of bic (Bank Identifier Code) for this IDP

iss

String

not null / has to be an url / unique

the issuer_url field value

previous_iss

Array of Strings

(optional) can be empty or must at least contain one iss_url. Must only contain unique urls

a list of previous issuer_urls, e.g. the issuer_urls of merged banks

logo_uri

String

(optional) can be empty or must contain the IDPs logo url. Must be a valid url to the IDP’s logo.

The logo must conform to the following requirements: - Aspect ratio: 1:1 to 4:1 (you may embed your logo in a surrounding space to conform to this)
- Height: 75..150 px
- Width: 150..400 px
- Maximal file size: 100 kB
- Format: SVG (recommended) or PNG.

owner_id

String

not null or empty / 1 to 50 character

the owner_id

status

Enumeration

(optional) allowed values are active or inactive, default: active

Indicates if the idp is currently active or not

notification_email

String

(optional) must be a valid email address

IDP’s email address e.g. used by SPs for incident reporting

notification_email_senders

Array of Strings

(optional) valid email addresses

Legitimate email sender(s) for this IDP that can be checked by the receivers (e.g. SPs)

Result response HTTP 201 (CREATED)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:34:34 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 414

{
  "id" : "15d47d15-3d87-4fbd-8f9b-30dacdd5c0e6",
  "bics" : [ "TESTDEY0456", "TESTDEY0123" ],
  "iss" : "http://some.issuer.com",
  "previous_iss" : [ "www.previous.two.iss.url.de", "www.previous.one.iss.url.de" ],
  "status" : "active",
  "owner_id" : "owner_test_user",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}

6.1.2. READ All: Method GET

Read all IDP configurations the caller is allowed to access.

https://<basepath>/idps/<version>/

At least one of the following scopes are required to perform this operation:

Table 14. API Scopes
Scope value	Description
idp_read	Read any IDP configuration (not restricted to a specific 'owner_id')
idp_read#owner_id:{{owner_id}}	Read IDP configurations restricted to the given owner id.

If the caller has the scope idp_read and one or more idp_read scopes restricted to owner ids, all IDP configurations are returned.
If the caller has several restricted scopes idp_read for different owner ids, all IDP configurations for the respective owner ids are returned.

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:34:56 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 2173

[ {
  "id" : "1dd0453d-d8b0-4d14-8eb3-b38fe7f9c032",
  "bics" : [ ],
  "iss" : "https://anothertestidp.local.yes.com/issuer",
  "previous_iss" : [ ],
  "status" : "active",
  "owner_id" : "7d077f17-314c-43e5-88b5-56210554d20a",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}, {
  "id" : "26730f74-2314-4c70-ba7e-56f923e2c443",
  "bics" : [ "TESTDEY0003" ],
  "iss" : "https://testidp.local.yes.com/issuer",
  "previous_iss" : [ "www.TESTDEY0003.de" ],
  "status" : "active",
  "owner_id" : "37B339D5-1743-4BAA-948F-CF548CD876B6",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}, {
  "id" : "2b4e100c-15b4-4b06-98d6-a4068cd410ef",
  "bics" : [ "TESTDEY0002" ],
  "iss" : "https://accounts.inactivetestbank.de",
  "previous_iss" : [ "www.TESTDEY0002.de" ],
  "status" : "inactive",
  "owner_id" : "37B339D5-1743-4BAA-948F-CF548CD876B6",
  "notification_email" : "test@mail.com",
  "notification_email_senders" : [ ]
}, {
  "id" : "6c593d96-dc52-47fa-9f00-3b0501c21dc0",
  "bics" : [ "TESTDEY0006" ],
  "iss" : "https://anotheranothertestidp.local.yes.com/issuer",
  "previous_iss" : [ "www.TESTDEY0006.de" ],
  "status" : "active",
  "owner_id" : "cb6e1b26-62c6-4b5b-9d8a-FBA405DC6517",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}, {
  "id" : "a6b4136c-f6ed-4b0f-a430-6dc882073142",
  "bics" : [ "TESTDEY0004", "TESTDEY0001" ],
  "iss" : "https://accounts.testbank.de",
  "previous_iss" : [ "www.TESTDEY0004.de", "www.TESTDEY0001.de" ],
  "status" : "active",
  "owner_id" : "37B339D5-1743-4BAA-948F-CF548CD876B6",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}, {
  "id" : "d1de4cfb-8b82-4bbe-8cac-58f09724fe02",
  "bics" : [ "TESTDE00001" ],
  "iss" : "https://idps.test.de/issuer",
  "previous_iss" : [ ],
  "status" : "active",
  "owner_id" : "123456",
  "notification_email_senders" : [ ]
} ]

For the description of the returned data see IDP Response Data Model.

6.1.3. READ by ID: Method GET

Read a resource from the directory by appending the resource id to the service endpoint.

https://<basepath>/idps/<version>/<idp id>

The following scope is required to perform this operation:

Table 15. API Scopes
Scope value	Description
idp_read	Read any IDP configuration (not restricted to a specific 'owner_id')

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/a6b4136c-f6ed-4b0f-a430-6dc882073142' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:35:03 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 423

{
  "id" : "a6b4136c-f6ed-4b0f-a430-6dc882073142",
  "bics" : [ "TESTDEY0004", "TESTDEY0001" ],
  "iss" : "https://accounts.testbank.de",
  "previous_iss" : [ "www.TESTDEY0004.de", "www.TESTDEY0001.de" ],
  "status" : "active",
  "owner_id" : "37B339D5-1743-4BAA-948F-CF548CD876B6",
  "notification_email" : "test@mail.com",
  "logo_uri" : "https://www.idp.com/path/to/logo/logo.img",
  "notification_email_senders" : [ ]
}

IDP Response Data Model

Field Type Description

Field	Type	Description
`id`	`String`	internal id
`bics`	`Array of Strings`	a list of `bic` (Bank Identifier Code) for this IDP
`iss`	`String`	the `issuer_url` field value
`previous_iss`	`Array of Strings`	(optional) can be empty or contain at least one previous iss_url.
`logo_uri`	`String`	(optional) can be empty or must contain the IDPs logo url. Must be a valid url to the IDP’s logo.
`status`	`Enumeration`	possible values are `active` or `inactive`. Indicates if the idp is currently active or not
`owner_id`	`String`	the owner of this resource
`notification_email_senders`	`Array of Strings`	(optional) Legitimate email sender(s) for this IDP that can be checked by the receivers (e.g. SPs)
`notification_email`	`String`	(missing from response if not set) IDP’s email address e.g. used by SPs for incident reporting

id

String

internal id

bics

Array of Strings

a list of bic (Bank Identifier Code) for this IDP

iss

String

the issuer_url field value

previous_iss

Array of Strings

(optional) can be empty or contain at least one previous iss_url.

logo_uri

String

(optional) can be empty or must contain the IDPs logo url. Must be a valid url to the IDP’s logo.

status

Enumeration

possible values are active or inactive. Indicates if the idp is currently active or not

owner_id

String

the owner of this resource

notification_email_senders

Array of Strings

(optional) Legitimate email sender(s) for this IDP that can be checked by the receivers (e.g. SPs)

notification_email

String

(missing from response if not set) IDP’s email address e.g. used by SPs for incident reporting

6.1.4. READ by BIC: Method GET

Read an IDP from the directory by appending the BIC as URL parameter to the service endpoint:

https://<basepath>/idps/<version>/?bic=<BIC>

The following scope is required to perform this operation:

Table 16. API Scopes
Scope value	Description
idp_read	Read any IDP configuration (not restricted to any specific 'owner_id')

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/' -i -X GET

Result response HTTP 200 (OK)

See Result response HTTP 200 (OK)

6.1.5. READ by Issuer: Method GET

Read a resource from the directory by appending the issuer URL as URL parameter to the service endpoint:

https://<basepath>/idps/<version>/?iss=<issuer url>

The following scope is required to perform this operation:

Table 17. API Scopes
Scope value	Description
idp_read	Read any IDP configuration (not restricted to any specific 'owner_id')

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/' -i -X GET

Result response HTTP 200 (OK)

See Result response HTTP 200 (OK)

6.1.6. READ by Owner Id: Method GET

Read a resource from the directory by appending the owner id as URL parameter to the service endpoint:

https://<basepath>/idps/<version>/?owner_id=<owner id>

The following scope is required to perform this operation:

Table 18. API Scopes
Scope value	Description
idp_read	Read any IDP configuration (not restricted to any specific 'owner_id')
idp_read#owner_id:{{owner_id}}	Read all IDP configurations, the query parameter may only be the "owner_id" of the restricted scope.

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/' -i -X GET

Result response HTTP 200 (OK)

See Result response HTTP 200 (OK)

6.1.7. UPDATE: Method PUT

Update a resource in the directory by appending the IDP id to the service endpoint:

https://<basepath>/idps/<version>/<idp id>

One of the following scopes is required to perform this operation:

Table 19. API Scopes
Scope value	Description
idp_update	Update any IDP configuration (not restricted to any specific 'owner_id')
idp_update#owner_id:{{owner_id}}	Update any IDP configuration, restricted to "owner_id" of the found resource

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/f5f76824-cab0-44b7-877a-e397ddcd93d6' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "bics" : [ "TESTDEY9123", "TESTDEY0123" ],
  "iss" : "https://update.test.de",
  "previous_iss" : [ "www.previous.two.iss.url.de", "www.previous.one.iss.url.de" ],
  "status" : "active",
  "notification_email" : null,
  "logo_uri" : null,
  "notification_email_senders" : null
}'

Result response HTTP 200 (OK)

See Result response HTTP 200 (OK)

Result response HTTP 409 (CONFLICT)

API returns Http Status 409 if you try to update your IDP configuration with bics that are already in use by other IDP.

HTTP/1.1 409 Conflict
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:34:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 141

{
  "server_time" : "2024-03-06T02:34:08.860113049Z[Etc/UTC]",
  "code" : "409",
  "message" : "one or more of the bics are already in use"
}

Result response HTTP 409 (CONFLICT)

API returns Http Status 409 if you try to create or update your IDP configuration with an issuer_url that is already in use for another active IDP configuration, weather as 'iss' or in the 'previous_iss'. Configurations with the status "inactive" are ignored.

HTTP/1.1 409 Conflict
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:34:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 137

{
  "server_time" : "2024-03-06T02:34:11.779344630Z[Etc/UTC]",
  "code" : "409",
  "message" : "the issuer_url (iss) is already in use"
}

6.1.8. DELETE: Method DELETE

Delete an IDP from the directory by appending the IDP id to the service endpoint:

https://<basepath>/idps/<version>/<idp id>

Table 20. API Scopes
Scope value	Description
idp_delete	Delete any IDP configuration (not restricted to any specific 'owner_id')
idp_delete#owner_id:{{owner_id}}	Delete an IDP configuration restricted to the "owner_id" of the found resource

Example curl request

$ curl 'https://api.sandbox.openbanking.verimi.cloud/idps/v1/b3d05039-e6cb-438d-85b2-bd74c2612f12' -i -X DELETE

Result response HTTP 204 (NO CONTENT)

Response with empty body

7. RP Directory

7.1. API Operations

7.1.1. CREATE: Method POST

Create a RP configuration in the RP Directory.

The following scopes are required to perform this operation:

Table 21. API Scopes
Scope value	Description
rp_create	Create a RP configuration, unrestricted
rp_create#owner_id:{{owner_id}}	Create a RP configuration, restricted to 'owner_id' given in HTTP body
rp_read	Create a RP configuration for any non-empty value of the property 'legally_responsible_id'. This scope is not required, when the property is left empty.
rp_read#owner_id:{{owner_id}}	Create a RP configuration with property 'legally_responsible_id' the sames as the 'owner_id' from the restricted scope. This scope is not required, when the property is left empty.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "client_name" : "Test RP",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "ac_redirect_uri" : "https://rp.test/login",
  "redirect_uris" : [ "https://rp.test/callback", "https://rp.test/callback/api" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "salutation", "birthdate", "title", "family_name", "place_of_birth", "email", "given_name" ],
  "allowed_claims_qes" : [ "nationalities", "family_name", "birthdate", "given_name", "address", "place_of_birth" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "owner_id" : "1_platform",
  "legally_responsible_id" : null,
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ],
  "metadata" : null
}'

RP Request Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`client_name`	`String`	not null / 1 to 50 characters	the name of the RP
`legally_responsible_id`	`String`	nullable (optional) / 1 to 50 characters	the id of the legal entitiy that is legally responsible for this rp
`default_consent_purpose`	`String`	not null / 1 to 300 characters	the default purpose of a RP
`ac_redirect_uri`	`String`	not null, a URI, 1 to 200 characters	the redirect URI where the RP is been redirected to, after the Account Chooser found an IDP
`redirect_uris`	`Array of Strings`	not null, must contain one entry or more. Further checks are applied on each contained URI depending on the given application_type	the OAuth `redirect_uris`
`allowed_scopes`	`Array of Strings`	nullable, maximum 300 characters per entry	a list of scopes this RP is allowed to consent
`allowed_claims`	`Array of Strings`	nullable, maximum 300 characters per entry	a list of claims this RP is allowed to consent
`allowed_claims_qes`	`Array of Strings`	(optional) nullable, maximum 300 characters per entry	a list of claims this RP is allowed to use for qes (qid), allowed values are any combination of `given_name` `family_name` `birthdate` `place_of_birth` `nationalities` `address` see: Signing Service / RP permissions
`token_endpoint_auth_method`	`Enumeration`	not null, must be set to `self_signed_tls_client_auth`	the method whereby this RP can be authenticated on an OpenID server. Currently, the only supported method is `self_signed_tls_client_auth`.
`jwks`	`Object`	json object, either this field must not be null or parameter `jwks_uri` is set instead	the jwks (json web key set) for this RP, see: RFC-7517
`jwks_uri`	`String`	a URI, 1 to 200 characters, either this field must not be null or `jwks` is set instead	the URI to the jwks (json web key set) for this RP
`logo_uri`	`String`	(optional) a URI, 1 to 200 characters	the URI to the logo for this RP Note: If the filename in `logo_uri` ends with `-noborder.{filename extension}`, Account Chooser will display the logo without margin to the top of the page.
`policy_uri`	`String`	not null, a URI, 1 to 200 characters	the policy URI to the policy page of this RP
`tos_uri`	`String`	a URI, 1 to 200 characters	the terms of services URI to the policy page of this RP
`tos_uri_label`	`String`	1 to 50 characters, can only be used, if `tos_uri` is available	the label of the terms of services URI
`status`	`Enumeration`	(optional) Allowed values are `active` `inactive` `demo` If omitted, the default is `active`.	Indicates if the rp is currently in-/active or in a demonstration mode
`application_type`	`Enumeration`	(optional) Allowed values are `web` `native` If omitted, the default is `web`.	Kind of the application. The defined values are native or web. Web Clients MUST only register URLs using the https scheme as redirect_uris; they MUST NOT use localhost as the hostname. Native Clients MUST only register redirect_uris using custom URI schemes or URLs using the http: scheme with localhost as the hostname. (see 2. Client Metadata in OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1)
`allowed_authorization_data_types`	`Array of Strings`	(optional) Allowed values are `sign` `account_information` `payment_initiation`	`metadata`

client_name

String

not null / 1 to 50 characters

the name of the RP

legally_responsible_id

String

nullable (optional) / 1 to 50 characters

the id of the legal entitiy that is legally responsible for this rp

default_consent_purpose

String

not null / 1 to 300 characters

the default purpose of a RP

ac_redirect_uri

String

not null, a URI, 1 to 200 characters

the redirect URI where the RP is been redirected to, after the Account Chooser found an IDP

redirect_uris

Array of Strings

not null, must contain one entry or more. Further checks are applied on each contained URI depending on the given application_type

the OAuth redirect_uris

allowed_scopes

Array of Strings

nullable, maximum 300 characters per entry

a list of scopes this RP is allowed to consent

allowed_claims

Array of Strings

nullable, maximum 300 characters per entry

a list of claims this RP is allowed to consent

allowed_claims_qes

Array of Strings

(optional) nullable, maximum 300 characters per entry

a list of claims this RP is allowed to use for qes (qid),
allowed values are any combination of
given_name
family_name
birthdate
place_of_birth
nationalities
address
see: Signing Service / RP permissions

token_endpoint_auth_method

Enumeration

not null, must be set to self_signed_tls_client_auth

the method whereby this RP can be authenticated on an OpenID server. Currently, the only supported method is self_signed_tls_client_auth.

jwks

Object

json object, either this field must not be null or parameter jwks_uri is set instead

the jwks (json web key set) for this RP, see: RFC-7517

jwks_uri

String

a URI, 1 to 200 characters, either this field must not be null or jwks is set instead

the URI to the jwks (json web key set) for this RP

logo_uri

String

(optional) a URI, 1 to 200 characters

the URI to the logo for this RP

Note: If the filename in logo_uri ends with -noborder.{filename extension}, Account Chooser will display the logo without margin to the top of the page.

policy_uri

String

not null, a URI, 1 to 200 characters

the policy URI to the policy page of this RP

tos_uri

String

a URI, 1 to 200 characters

the terms of services URI to the policy page of this RP

tos_uri_label

String

1 to 50 characters, can only be used, if tos_uri is available

the label of the terms of services URI

status

Enumeration

(optional) Allowed values are
active
inactive
demo
If omitted, the default is active.

Indicates if the rp is currently in-/active or in a demonstration mode

application_type

Enumeration

(optional) Allowed values are
web
native
If omitted, the default is web.

Kind of the application. The defined values are native or web. Web Clients MUST only register URLs using the https scheme as redirect_uris; they MUST NOT use localhost as the hostname. Native Clients MUST only register redirect_uris using custom URI schemes or URLs using the http: scheme with localhost as the hostname. (see 2. Client Metadata in OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1)

allowed_authorization_data_types

Array of Strings

(optional) Allowed values are
sign
account_information
payment_initiation

metadata

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:53:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 4234

{
  "subject_type" : "public",
  "response_types" : [ "code" ],
  "client_name" : "Test RP",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "client_id" : "local.yes.com:91f7ffc4-d314-4f52-9e70-257033f5feaf",
  "ac_redirect_uri" : "https://rp.test/login",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ]
}

RP Response Data Model

Field Type Description

Field	Type	Description
`client_name`	`String`	the name of the RP
`default_consent_purpose`	`String`	the default purpose of a RP
`ac_redirect_uri`	`String`	the redirect URI where the RP is been redirected to, after the Account Chooser found an IDP
`redirect_uris`	`Array of Strings`	the OAuth `redirect_uris`
`allowed_scopes`	`Array of Strings`	a list of scopes this RP is allowed to consent
`allowed_claims`	`Array of Strings`	a list of claims this RP is allowed to consent
`allowed_claims_qes`	`Array of Strings`	a list of claims this RP is allowed to use for qes (qid), allowed values are any combination of `given_name` `family_name` `birthdate` `place_of_birth` `nationalities` `address` see: Signing Service / RP permissions
`token_endpoint_auth_method`	`Enumeration`	the method whereby this RP can be authenticated on an OpenID server. Currently, the only supported method is `self_signed_tls_client_auth`.
`jwks`	`Object`	the jwks (json web key set) for this RP, see: RFC-7517
`jwks_uri`	`String`	the URI to the jwks (json web key set) for this RP
`logo_uri`	`String`	the URI to the logo for this RP
`policy_uri`	`String`	the policy URI to the policy page of this RP
`tos_uri`	`String`	the terms of services URI to the policy page of this RP
`tos_uri_label`	`String`	the label of the terms of services URI
`client_id`	`String`	the generated client_id with banking ecosystem dependent prefix. Needed for Account Chooser request
`owner_id`	`String`	the legal entity id of the owner of this rp
`legally_responsible_id`	`String`	the id of the legal entity that is legally responsible for this rp
`subject_type`	`String`	the OpenID `subject_type` which is set to "public"
`grant_types`	`Array of Strings`	the OpenID `grant_type` which is set to "authorization_code"
`response_types`	`Array of Strings`	the OpenID `response_type` which is set to "code"
`status`	`Enumeration`	possible values are `active` `inactive` `demo` Indicates if the rp is currently in-/active or in a demonstration mode
`application_type`	`Enumeration`	(optional) possible values are `web` `native` Kind of the application. (see 2. Client Metadata in OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1)
`allowed_authorization_data_types`	`Array of Strings`	(optional) possible values are `sign` `account_information` `payment_initiation` + Corresponding specifications for more details: sign account_information payment_initiation
`metadata`	(optional) JSON object	An optional metadata configuration, see rp metadata

client_name

String

the name of the RP

default_consent_purpose

String

the default purpose of a RP

ac_redirect_uri

String

the redirect URI where the RP is been redirected to, after the Account Chooser found an IDP

redirect_uris

Array of Strings

the OAuth redirect_uris

allowed_scopes

Array of Strings

a list of scopes this RP is allowed to consent

allowed_claims

Array of Strings

a list of claims this RP is allowed to consent

allowed_claims_qes

Array of Strings

token_endpoint_auth_method

Enumeration

the method whereby this RP can be authenticated on an OpenID server. Currently, the only supported method is self_signed_tls_client_auth.

jwks

Object

the jwks (json web key set) for this RP, see: RFC-7517

jwks_uri

String

the URI to the jwks (json web key set) for this RP

logo_uri

String

the URI to the logo for this RP

policy_uri

String

the policy URI to the policy page of this RP

tos_uri

String

the terms of services URI to the policy page of this RP

tos_uri_label

String

the label of the terms of services URI

client_id

String

the generated client_id with banking ecosystem dependent prefix. Needed for Account Chooser request

owner_id

String

the legal entity id of the owner of this rp

legally_responsible_id

String

the id of the legal entity that is legally responsible for this rp

subject_type

String

the OpenID subject_type which is set to "public"

grant_types

Array of Strings

the OpenID grant_type which is set to "authorization_code"

response_types

Array of Strings

the OpenID response_type which is set to "code"

status

Enumeration

possible values are
active
inactive
demo
Indicates if the rp is currently in-/active or in a demonstration mode

application_type

Enumeration

(optional) possible values are
web
native
Kind of the application. (see 2. Client Metadata in OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1)

allowed_authorization_data_types

Array of Strings

(optional) possible values are
sign
account_information
payment_initiation
+ Corresponding specifications for more details:
sign
account_information
payment_initiation

metadata

(optional) JSON object

An optional metadata configuration, see rp metadata

7.1.2. READ: Method GET

Append the client_id to the base path to read a single resource.

https://<basepath>/rps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 22. API Scopes
Scope value	Description
rp_read	Read a RP configuration
rp_read#owner_id:{{owner_id}}	Read a RP configuration, restricted to "owner_id" of the found resource.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/local.yes.com:2f4e6d84-400b-4285-8ec5-451effcb3f74' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:53:39 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 4234

{
  "subject_type" : "public",
  "response_types" : [ "code" ],
  "client_name" : "Test RP",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "client_id" : "local.yes.com:2f4e6d84-400b-4285-8ec5-451effcb3f74",
  "ac_redirect_uri" : "https://rp.test/login",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ]
}

7.1.3. READ all data: Method GET

Use the base path to read all RP configurations from the directory:

https://<basepath>/rps/<version>/

One of the following scopes is required to perform this operation:

Table 23. API Scopes
Scope value	Description
rp_read	Read all rp configurations
rp_read#owner_id:{{owner_id}}	Read a RP configuration, restricted to "owner_id" of the found resource(s). The rps are filtered to the owner_ids of the scopes

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:53:33 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 8477

[ {
  "subject_type" : "public",
  "response_types" : [ "code" ],
  "client_name" : "Test RP",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "client_id" : "local.yes.com:2728efe1-620e-4788-916f-d6aa366813ee",
  "ac_redirect_uri" : "https://rp.test/login",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ]
}, {
  "subject_type" : "public",
  "response_types" : [ "code" ],
  "client_name" : "Second One",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "client_id" : "local.yes.com:4703552b-fb8f-49dd-b0a1-60844c47fda6",
  "ac_redirect_uri" : "https://rp.test/login",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ]
} ]

7.1.4. READ all data by owner id: Method GET

Read all rps for a given owner id by appending the owner id as URL parameter to the service endpoint:

https://<basepath>/rps/<version>/?owner_id=<owner id>

One of the following scopes is required to perform this operation:

Table 24. API Scopes
Scope value	Description
rp_read	Read all rp configurations for any owner id
rp_read#owner_id:{{owner_id}}	Read all RP configurations, the query parameter may only be the "owner_id" of the restricted scope.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/' -i -X GET

Result response HTTP 200 (OK)

See Result response HTTP 200 (OK)

7.1.5. READ all data filtered: Method GET

Use the path to read all changed RP configurations from the directory:

https://<basepath>/rps/<version>/filtered

The following scope is required to perform this operation:

Table 25. API Scope
Scope value	Description
rp_read	Read all rp configurations

The result can be filtered by a start time (see from parameter).

The parameters have to be sent as url parameters.

Table 26. Parameters
Parameter	Type	Description
from	String	(optional) ISO-8601 timestamp with timezone in format "yyyy-MM-dd’T’hh:mm:hh" + time zone (e.g. 2018-02-02T12:00:00Z or 2018-02-02T12:00:00+01:00) Selects entries that were changed since the given timestamp in UTC (>=)

The response contains:

a list of RPs that were created/modified since the given timestamp
a list of RP Ids that were deleted since the given timestamp
an interval for the returned changes with the fields changes_from <= changes < changes_until

The timestamp changes_until can be used to perform subsequent reads for getting future changes.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/filtered' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:53:31 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 8875

{
  "created_rps" : [ {
    "subject_type" : "public",
    "response_types" : [ "code" ],
    "client_name" : "Test RP",
    "default_consent_purpose" : "Weitergabe von Nutzerdaten",
    "client_id" : "local.yes.com:bfcd3912-ef14-479b-a7c2-38bdfed1d01c",
    "ac_redirect_uri" : "https://rp.test/login",
    "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
    "allowed_scopes" : [ "openid" ],
    "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
    "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "token_endpoint_auth_method" : "self_signed_tls_client_auth",
    "jwks" : {
      "keys" : [ {
        "kty" : "RSA",
        "use" : "sig",
        "alg" : "RS256",
        "kid" : "9902091708373514192",
        "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
        "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
        "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
        "e" : "AQAB"
      }, {
        "kty" : "RSA",
        "use" : "sig",
        "alg" : "RS256",
        "kid" : "9902091708373514192",
        "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
        "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
        "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
        "e" : "AQAB"
      } ]
    },
    "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
    "owner_id" : "1_platform",
    "policy_uri" : "https://legal.testrp.com",
    "tos_uri" : "https://terms.testrp.com",
    "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
    "logo_uri" : "https://logos.testrp.com",
    "status" : "active",
    "application_type" : "web",
    "grant_types" : [ "authorization_code" ],
    "allowed_authorization_data_types" : [ "sign" ]
  } ],
  "updated_rps" : [ {
    "subject_type" : "public",
    "response_types" : [ "code" ],
    "client_name" : "update client name",
    "default_consent_purpose" : "Weitergabe von Nutzerdaten",
    "client_id" : "local.yes.com:e9e418cc-f848-4dfd-919f-8e309f190577",
    "ac_redirect_uri" : "https://rp.test/login",
    "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
    "allowed_scopes" : [ "openid" ],
    "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
    "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "token_endpoint_auth_method" : "self_signed_tls_client_auth",
    "jwks" : {
      "keys" : [ {
        "kty" : "RSA",
        "use" : "sig",
        "alg" : "RS256",
        "kid" : "9902091708373514192",
        "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
        "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
        "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
        "e" : "AQAB"
      }, {
        "kty" : "RSA",
        "use" : "sig",
        "alg" : "RS256",
        "kid" : "9902091708373514192",
        "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
        "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
        "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
        "e" : "AQAB"
      } ]
    },
    "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
    "owner_id" : "1_platform",
    "policy_uri" : "https://legal.testrp.com",
    "tos_uri" : "https://terms.testrp.com",
    "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
    "logo_uri" : "https://logos.testrp.com",
    "status" : "active",
    "application_type" : "web",
    "grant_types" : [ "authorization_code" ],
    "allowed_authorization_data_types" : [ "sign" ]
  } ],
  "deleted_rp_ids" : [ "local.yes.com:ad389dda-5e96-4a5c-8d24-a123c58ff502" ],
  "changes_from" : "2024-03-06T02:50:29.406Z",
  "changes_until" : "2024-03-06T02:53:30.095Z"
}

RP Response Filtered Data Model

Field Type Description

Field	Type	Description
`created_or_updated_rps`	`RP`	the RPs that were changed in the given interval
`deleted_rp_ids`	`String`	the ids of the RPs that were deleted in the given interval
`changes_from`	`String` representing a ISO-8601 timestamp with a precision of milliseconds	The start time of the interval (including) for the changes.
`changes_until`	`String` representing a ISO-8601 timestamp with a precision of milliseconds	The end time of the interval (but not including) for the changes.

created_or_updated_rps

RP

the RPs that were changed in the given interval

deleted_rp_ids

String

the ids of the RPs that were deleted in the given interval

changes_from

String representing a ISO-8601 timestamp with a precision of milliseconds

The start time of the interval (including) for the changes.

changes_until

String representing a ISO-8601 timestamp with a precision of milliseconds

The end time of the interval (but not including) for the changes.

7.1.6. UPDATE: Method PUT

The URL for updating a resource in the RP Directory is build by adding the client_id to the base path.

https://<basepath>/rps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 27. API Scopes
Scope value	Description
rp_update	Update any RP configuration
rp_update#owner_id:{{owner_id}}	Update a RP configuration, restricted to "owner_id" of the found resource
rp_read	Update a RP configuration for any non-empty value of the property 'legally_responsible_id'. This scope is not required, when the property is left empty.
rp_read#owner_id:{{owner_id}}	Update a RP configuration with property 'legally_responsible_id' the sames as the 'owner_id' from the restricted scope. This scope is not required, when the property is left empty.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/local.yes.com:be5ba7f1-f18e-483e-b712-a38b1a73df32' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "client_name" : "Updated One",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "ac_redirect_uri" : "https://different.redirect.de",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "legally_responsible_id" : null,
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ],
  "metadata" : {
    "labels" : [ {
      "name" : "updated-label-name",
      "value" : "updated-label-value"
    } ]
  }
}'

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:53:48 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 4370

{
  "subject_type" : "public",
  "response_types" : [ "code" ],
  "client_name" : "Updated One",
  "default_consent_purpose" : "Weitergabe von Nutzerdaten",
  "client_id" : "local.yes.com:be5ba7f1-f18e-483e-b712-a38b1a73df32",
  "ac_redirect_uri" : "https://different.redirect.de",
  "redirect_uris" : [ "https://rp.test/callback/api", "https://rp.test/callback" ],
  "allowed_scopes" : [ "openid" ],
  "allowed_claims" : [ "place_of_birth", "birthdate", "salutation", "title", "given_name", "family_name", "email" ],
  "allowed_claims_qes" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    }, {
      "kty" : "RSA",
      "use" : "sig",
      "alg" : "RS256",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN\\/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh\\/XzRe38FTTTEgOg\\/lP7yrneaOeA8WGt\\/lGonx\\/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i\\/gz+3x2CS+zV\\/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC\\/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH\\/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u\\/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu\\/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc\\/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://testidp.integration.openbanking.verimi.cloud/issuer/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://legal.testrp.com",
  "tos_uri" : "https://terms.testrp.com",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen",
  "logo_uri" : "https://logos.testrp.com",
  "status" : "active",
  "application_type" : "web",
  "grant_types" : [ "authorization_code" ],
  "allowed_authorization_data_types" : [ "sign" ],
  "metadata" : {
    "labels" : [ {
      "name" : "updated-label-name",
      "value" : "updated-label-value"
    } ]
  }
}

7.1.7. DELETE: Method DELETE

The resource URL for deleting a RP configuration from the RP Directory is build by appending the client_id to the base path for RPs.

https://<basepath>/rps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 28. API Scopes
Scope value	Description
rp_delete	Delete any RP configuration
rp_delete#owner_id:{{owner_id}}	Delete a RP configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/rps/v1/local.yes.com:2e0946c0-fc0f-4db0-a320-75cafc8a2356' -i -X DELETE

Result response HTTP 204 (NO CONTENT)

7.2. RP Metadata

7.2.1. RP "metadata" permissions

It is possible to configure metadata on a relying party. To CREATE, READ or UPDATE a metadata element the SCOPE rp_metadata[#owner_id:<owner_id>] is needed.

If the SCOPE is missing

for a CREATE or an UPDATE operation, the client will get a HTTP 403 response, without creating/updating the entity.
for a READ operation of a single rp, the client will get the relying party without the metadata.
for a READ (all) operation, the client will get the relying party data without the metadata for the rps where the scope is missing, but still the whole list of rps.

Deleting the rp will also delete the metadata without also requiring the metadata scope. The DELETE scope is sufficient to delete all data for a rp.

Example:

given:
  relying party A : owner_id = 111111, with    metadata
  relying party B : owner_id = 222222, with    metadata
  relying party C : owner_id = 333333, with    metadata
  relying party D : owner_id = 444444, without metadata

action:
  HTTP GET (all)
  access_token with scopes:
    * rp_read
    * rp_metadata#owner_id:111111
    * rp_metadata#owner_id:222222

result:
  response list containing:
   A(owner_id = 111111) -> with metadata
   B(owner_id = 222222) -> with metadata
   C(owner_id = 333333) -> without metadata (changed, metadata not returned but still present)
   D(owner_id = 444444) -> without metadata (unchanged)

7.2.2. RP "metadata" Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`labels`	`Array of Objects`	(optional) json objects	a list of `rp.metadata.labels` objects (see down below for details)

labels

Array of Objects

(optional) json objects

a list of rp.metadata.labels objects (see down below for details)

7.2.3. RP "metadata.labels[]" Data Model

Labels are key-value pairs that can be used by the owner of the rp to store additional custom data about the relying party.

Field Type Restriction Description

Field	Type	Restriction	Description
`name`	`String`	not blank / 1 to 63 characters / must match the regular expression `^[a-z0-9A-Z]([a-z0-9A-Z._-][a-z0-9A-Z])?$` in words: - must be 63 characters or less (cannot be empty), - must begin and end with an alphanumeric character ([a-z0-9A-Z]), - could contain dashes (-), underscores (_), dots (.), and alphanumerics between. Note*: must be unique for a single relying party	The label key name based on Kubernetes labels. For details see: kubernetes docs labels
`value`	`String`	not null / up 253 characters / can be blank	the `value` for the corresponding label `name`

name

String

not blank / 1 to 63 characters / must match the regular expression
^[a-z0-9A-Z]([a-z0-9A-Z._-]*[a-z0-9A-Z])?$

in words:
- must be 63 characters or less (cannot be empty),
- must begin and end with an alphanumeric character ([a-z0-9A-Z]),
- could contain dashes (-), underscores (_), dots (.), and alphanumerics between.
*Note*: must be unique for a single relying party

The label key name based on Kubernetes labels. For details see: kubernetes docs labels

value

String

not null / up 253 characters / can be blank

the value for the corresponding label name

Example:

{
  "client_id": "yes.com:00000000-4444-4444-4444-000000000000",
  "... other relying party fields ...": "... values ...",
  "metadata": {
    "labels": [
      {
        "name": "internalReference",
        "value": "Ref47110815"
      },
      {
        "name": "institute",
        "value": "TESTBIC4711"
      }
    ]
  }
}

8. SP Directory

8.1. API Operations

8.1.1. CREATE: Method POST

Create a SP configuration in the SP Directory.

The following scope is required to perform this operation:

Table 29. API Scopes
Scope value	Description
sp_create	Create a SP configuration, unrestricted
sp_create#owner_id:{{owner_id}}	Create a SP configuration, restricted to 'owner_id' given in HTTP body

$ curl 'https://api.sandbox.openbanking.verimi.cloud/v1/' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "client_name" : "Qtsp All-In Signing Service",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : null,
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "sign" ],
  "conformance_levels_supported" : [ "AdES-B-T", "AdES-B-B" ],
  "notification_email_senders" : [ "notification2@email.dummy", "notification1@email.dummy" ],
  "notification_email" : "notification@email.dummy",
  "identity_assurance_claims_supported" : null,
  "default_signing_documents" : null,
  "owner_id" : "1_platform"
}'

SP Request Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`client_name`	`String`	not null / 1 to 256 characters	the name of the SP
`service_type`	`String`	not null / 1 to 200 characters	the type of the service, e.g. "remote_signature_creation"
`subject_type`	`String`		the OpenID `subject_type` which is set to "public"
`required_claims`	`Object`	not null	a list of claims this SP needs to fulfill its service following the syntax for individual claims in OIDC
`supported_scopes`	`Array of Strings`		a list of scopes this SP supports to request its services
`token_endpoint_auth_method`	`Enumeration`	not null, must be set to `self_signed_tls_client_auth`	the method whereby this SP can be authenticated on an OpenID server. Currently, the only supported method is `self_signed_tls_client_auth`.
`jwks`	`Object`	json object, either this field must not be null or `jwks_uri`	the jwks (json web key set) for this SP, see: RFC-7517
`jwks_uri`	`String`	a URI, 1 to 200 characters, either this field must not be null or `jwks_uri`	the URI to the jwks (json web key set) for this SP
`policy_uri`	`String`	not null, a URI, 1 to 200 characters	the policy URI to the policy page of this SP
`tos_uri`	`String`	a URI, 1 to 200 characters	the terms of services URI to the policy page of this SP
`tos_uri_label`	`String`	1 to 50 characters, can only be used, if `tos_uri` is available	the label of the terms of services URI
`status`	`Enumeration`	Allowed values are `active` or `inactive`. If omitted, the default is `active`	possible values are `active` or `inactive`. Indicates if the SP is currently active or not
`endpoints`	`Object`	not null	Object with name-URI attribute-value pairs configuring the exposed endpoints of the SP
`authorization_data_types_supported`	`Array of Enumeration`	(optional) possible values are `sign` `account_information` `payment_initiation`	The data types supported in RAR requests
`conformance_levels_supported`	`Array of Strings`	(optional) but mandatory for `service_type` = `remote_signature_creation`. At least the values `AdES-B-B` and `AdES-B-T` must be contained then	Supported conformance levels for signatures
`notification_email_senders`	`Array of Strings`	(optional) valid email addresses	Legitimate email sender(s) for this SP that can be checked by the receivers (e.g. IDPs)
`notification_email`	`String`	(optional) must be a valid email address	SP’s email address e.g. used by IDPs for incident reporting
`identity_assurance_claims_supported`	`Array of Strings`	(optional) must only contain the values `given_name` `family_name` `birthdate` `place_of_birth` `nationalities` `address`	JSON array containing the claims the QTSP supports
`default_signing_documents`	`Array of Objects`	(optional) see details	JSON array containing one or more objects that define the text of the default signing document. Each object contains two keys, `lang` and `text`, where `lang` contains an ISO 639-1 language tag, e.g., `de` or `en`, and `text` contains the text of the default document in the respective language.

client_name

String

not null / 1 to 256 characters

the name of the SP

service_type

String

not null / 1 to 200 characters

the type of the service, e.g. "remote_signature_creation"

subject_type

String

the OpenID subject_type which is set to "public"

required_claims

Object

not null

a list of claims this SP needs to fulfill its service following the syntax for individual claims in OIDC

supported_scopes

Array of Strings

a list of scopes this SP supports to request its services

token_endpoint_auth_method

Enumeration

not null, must be set to self_signed_tls_client_auth

the method whereby this SP can be authenticated on an OpenID server. Currently, the only supported method is self_signed_tls_client_auth.

jwks

Object

json object, either this field must not be null or jwks_uri

the jwks (json web key set) for this SP, see: RFC-7517

jwks_uri

String

a URI, 1 to 200 characters, either this field must not be null or jwks_uri

the URI to the jwks (json web key set) for this SP

policy_uri

String

not null, a URI, 1 to 200 characters

the policy URI to the policy page of this SP

tos_uri

String

a URI, 1 to 200 characters

the terms of services URI to the policy page of this SP

tos_uri_label

String

1 to 50 characters, can only be used, if tos_uri is available

the label of the terms of services URI

status

Enumeration

Allowed values are active or inactive. If omitted, the default is active

possible values are active or inactive. Indicates if the SP is currently active or not

endpoints

Object

not null

Object with name-URI attribute-value pairs configuring the exposed endpoints of the SP

authorization_data_types_supported

Array of Enumeration

(optional) possible values are
sign
account_information
payment_initiation

The data types supported in RAR requests

conformance_levels_supported

Array of Strings

(optional) but mandatory for service_type = remote_signature_creation. At least the values AdES-B-B and AdES-B-T must be contained then

Supported conformance levels for signatures

notification_email_senders

Array of Strings

(optional) valid email addresses

Legitimate email sender(s) for this SP that can be checked by the receivers (e.g. IDPs)

notification_email

String

(optional) must be a valid email address

SP’s email address e.g. used by IDPs for incident reporting

identity_assurance_claims_supported

Array of Strings

(optional) must only contain the values
given_name
family_name
birthdate
place_of_birth
nationalities
address

JSON array containing the claims the QTSP supports

default_signing_documents

Array of Objects

(optional) see details

JSON array containing one or more objects that define the text of the default signing document. Each object contains two keys, lang and text, where lang contains an ISO 639-1 language tag, e.g., de or en, and text contains the text of the default document in the respective language.

SP "default_signing_document" Data Model

Field Type Restriction Description

Field	Type	Restriction	Description
`text`	`String`	not null / 1 to 300 characters	Contains the text of the default document in the respective language.
`lang`	`String`	not null / 2 characters	Contains language tags e.g. "de" or "en"; see ISO 639-1

text

String

not null / 1 to 300 characters

Contains the text of the default document in the respective language.

lang

String

not null / 2 characters

Contains language tags e.g. "de" or "en"; see ISO 639-1

Example

{
  "default_signing_documents" : [
  {
    "lang":"de",
    "text":"Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
  },
  {
    "lang" : "en",
    "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
  }
  ]
}

For more details visit: https://www.openbanking.verimi.de/docs/qes/2.5/index.html#_service_configuration

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 03:12:17 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 3884

{
  "id" : "102b6bbd-e21a-4b71-96de-611072fcd51a",
  "client_name" : "Qtsp All-In Signing Service",
  "client_id" : "sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "owner_id" : "1_platform",
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "sign" ],
  "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ "notification2@email.dummy", "notification1@email.dummy" ],
  "notification_email" : "notification@email.dummy",
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
}

SP Response Data Model

Field Type Description

Field	Type	Description
`client_name`	`String`	the name of the SP
`client_id`	`String`	the generated client_id with banking ecosystem dependent prefix. Needed for admin requests
`service_type`	`String`	the type of the service, e.g. "remote_signature_creation"
`subject_type`	`String`	the OpenID `subject_type` which is set to "public"
`required_claims`	`Object`	a list of claims this SP needs to fulfill its service following the syntax for individual claims in OIDC
`supported_scopes`	`Array of Strings`	a list of scopes this SP supports to request its services
`token_endpoint_auth_method`	`Enumeration`	the method whereby this SP can be authenticated on an OpenID server. Currently, the only supported method is `self_signed_tls_client_auth`.
`jwks`	`Object`	the jwks (json web key set) for this SP, see: RFC-7517
`jwks_uri`	`String`	the URI to the jwks (json web key set) for this SP
`owner_id`	`String`	the owner of this resource
`policy_uri`	`String`	the policy URI to the policy page of this SP
`tos_uri`	`String`	the terms of services URI to the policy page of this SP
`tos_uri_label`	`String`	the label of the terms of services URI
`status`	`Enumeration`	possible values are `active` or `inactive`. Indicates if the SP is currently active or not
`endpoints`	`Object`	Object with name-URI attribute-value pairs configuring the exposed endpoints of the SP
`authorization_data_types_supported`	`Array of Enumeration`	(optional) The data types supported in RAR requests
`conformance_levels_supported`	`Array of Strings`	Supported conformance levels for signatures
`notification_email_senders`	`Array of Strings`	(optional) Legitimate email sender(s) for this SP that can be checked by the receivers (e.g. IDPs)
`notification_email`	`String`	(optional) SP’s email address e.g. used by IDPs for incident reporting
`identity_assurance_claims_supported`	`Array of Strings`	(optional) JSON array containing the claims the QTSP supports
`default_signing_documents`	`Array of Objects`	(optional) JSON array containing one or more objects that define the text of the default signing document. Each object contains two keys, `lang` and `text`, where `lang` contains an ISO 639-1 language tag, e.g., `de` or `en`, and `text` contains the text of the default document in the respective language.

client_name

String

the name of the SP

client_id

String

the generated client_id with banking ecosystem dependent prefix. Needed for admin requests

service_type

String

the type of the service, e.g. "remote_signature_creation"

subject_type

String

the OpenID subject_type which is set to "public"

required_claims

Object

a list of claims this SP needs to fulfill its service following the syntax for individual claims in OIDC

supported_scopes

Array of Strings

a list of scopes this SP supports to request its services

token_endpoint_auth_method

Enumeration

the method whereby this SP can be authenticated on an OpenID server. Currently, the only supported method is self_signed_tls_client_auth.

jwks

Object

the jwks (json web key set) for this SP, see: RFC-7517

jwks_uri

String

the URI to the jwks (json web key set) for this SP

owner_id

String

the owner of this resource

policy_uri

String

the policy URI to the policy page of this SP

tos_uri

String

the terms of services URI to the policy page of this SP

tos_uri_label

String

the label of the terms of services URI

status

Enumeration

possible values are active or inactive. Indicates if the SP is currently active or not

endpoints

Object

Object with name-URI attribute-value pairs configuring the exposed endpoints of the SP

authorization_data_types_supported

Array of Enumeration

(optional) The data types supported in RAR requests

conformance_levels_supported

Array of Strings

Supported conformance levels for signatures

notification_email_senders

Array of Strings

(optional) Legitimate email sender(s) for this SP that can be checked by the receivers (e.g. IDPs)

notification_email

String

(optional) SP’s email address e.g. used by IDPs for incident reporting

identity_assurance_claims_supported

Array of Strings

(optional) JSON array containing the claims the QTSP supports

default_signing_documents

Array of Objects

(optional) JSON array containing one or more objects that define the text of the default signing document. Each object contains two keys, lang and text, where lang contains an ISO 639-1 language tag, e.g., de or en, and text contains the text of the default document in the respective language.

8.1.2. READ all data: Method GET

Use the base path to read all SP configurations from the directory:

https://<basepath>/sps/<version>/

One of the following scopes is required to perform this operation:

Table 30. API Scopes
Scope value	Description
sp_read	Read all SP configurations
sp_read#owner_id:{{owner_id}}	Read all SP entries of the owner with id 'owner_id'

$ curl 'https://api.sandbox.openbanking.verimi.cloud/v1/' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 03:12:22 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 10528

[ {
  "id" : "102b6bbd-e21a-4b71-96de-611072fcd51a",
  "client_name" : "Qtsp All-In Signing Service",
  "client_id" : "sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "owner_id" : "1_platform",
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "sign" ],
  "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ "notification2@email.dummy", "notification1@email.dummy" ],
  "notification_email" : "notification@email.dummy",
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
}, {
  "id" : "5c4253b3-c40f-418f-8f1d-e7aa84c426e5",
  "client_name" : "Qtsp AG",
  "client_id" : "sp:local.yes.com:5c4253b3-c40f-418f-8f1d-e7aa84c426e5",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "9902091708373514192",
      "x5c" : [ "MIICujCCAaICCQCJa0vx+vG30DANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRycF9pbnRlZ3JhdGlvbl90ZXN0czAeFw0xODAxMTgwOTE5NDZaFw0xOTAxMTgwOTE5NDZaMB8xHTAbBgNVBAMMFHJwX2ludGVncmF0aW9uX3Rlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ftBFdhNHWBN/pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU+ahvNPZZh/XzRe38FTTTEgOg/lP7yrneaOeA8WGt/lGonx/KiS1QApaEZektORfg95Fs4LlrFthn+vBl55i/gz+3x2CS+zV/9jaKJq+MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC/p1h+UmRZRIZV2qqftgl3B+rWGlVeab03zyywh2ThWdcmsRbdrj5htNQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCSOhZ1gWgIihOdCItcVo4821f2IA4BfMEQhusGabpq1Y4sdhUpif3aAn1hWt59ZFNnIVH5imV2W2MRtm1TuG1E+c2vVVmoY7pa7sqBixbb3rDkf6g8cIqCuEd5p8e19DONzlOWJhuyoFjNcH/FKTeUPuvY48B4UasOYpSRIU2PmogK8mWaxW35NCytaNuZWmnxOM07pwB74fEse92LoWp+9L1dOxnY9CemzcGzpuQ1KJ9u/3XYK1uRfsRENMVHyzRQU7OaTAxFFtQMNxdSONomu/p+yZ4Hiu50VvcFJ7WEr+tbZFVUmAXTvc/qLc1mCThj92pspLb7FNw5jQSPBCrd" ],
      "x5t#S256" : "u9GlFzZB313fTbggt-DptCpFMGDwW6IYDusyFmb_70w",
      "n" : "s0ftBFdhNHWBN_pSYX732QRfmqzMVwQQ4GcOjP3WS88aUlVXjCKtfhTf5jsiWRKH6zQlbtU-ahvNPZZh_XzRe38FTTTEgOg_lP7yrneaOeA8WGt_lGonx_KiS1QApaEZektORfg95Fs4LlrFthn-vBl55i_gz-3x2CS-zV_9jaKJq-MLDZr2bBrHQrXE5SwiQDKXgQQ73uOgyTgA57SBi0QecOaOh3sEYG7HGhU0I1LT9Uw8sk1Y0ZVjpCEHSxQefR6x1ahB3oInrnDFcMPczgayqU4DQC_p1h-UmRZRIZV2qqftgl3B-rWGlVeab03zyywh2ThWdcmsRbdrj5htNQ",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://as.local.yes.com/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://www.qtsp.ag/de/privatkunden/rechtliches/datenschutz.html",
  "tos_uri" : "https://www.qtsp.ag/de/privatkunden/rechtliches.html",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen Qtsp AG",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://ais.qtsp.de/YES/rdsc/v1"
  },
  "authorization_data_types_supported" : [ ],
  "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ ],
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
}, {
  "id" : "babe136c-f6ed-4b0f-a430-56210554d20a",
  "client_name" : "Test Sig",
  "client_id" : "sp:local.yes.com:babe136c-f6ed-4b0f-a430-56210554d20a",
  "service_type" : "another_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : "https://as.local.yes.com/jwks.json",
  "owner_id" : "1_platform",
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://another.qtsp.com/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ ],
  "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ ],
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
} ]

8.1.3. READ by ID: Method GET

Append the client_id to the base path to read a single resource.

https://<basepath>/sps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 31. API Scopes
Scope value	Description
sp_read	Read all sp configurations
sp_read#owner_id:{{owner_id}}	Read a SP configuration of the owner with id 'owner_id'

$ curl 'https://api.sandbox.openbanking.verimi.cloud/v1/sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 03:12:20 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 3884

{
  "id" : "102b6bbd-e21a-4b71-96de-611072fcd51a",
  "client_name" : "Qtsp All-In Signing Service",
  "client_id" : "sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "verified_claims" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "birthdate" : null,
        "place_of_birth" : null
      }
    },
    "txn" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent" : null,
    "https://www.yes.com/claims/documents_consented" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "owner_id" : "1_platform",
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc" : "https://ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "sign" ],
  "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ "notification2@email.dummy", "notification1@email.dummy" ],
  "notification_email" : "notification@email.dummy",
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
}

8.1.4. UPDATE: Method PUT

The URL for updating a resource in the SP Directory is build by adding the client_id to the base path.

https://<basepath>/sps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 32. API Scopes
Scope value	Description
sp_update	Update any SP configuration
sp_update#owner_id:{{owner_id}}	Update a SP configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/v1/sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89' -i -X PUT \
    -H 'Content-Type: application/json' \
    -d '{
  "client_name" : "Qtsp All-In Signing Service",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "https://www.yes.com/claims/verified_person_data2" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "https://www.yes.com/claims/place_of_birth" : null
      }
    },
    "https://www.yes.com/claims/transaction_id2" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent2" : null,
    "https://www.yes.com/claims/documents_consented2" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign2" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "jwks_uri" : null,
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc2" : "https://22ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "account_information" ],
  "conformance_levels_supported" : [ "AdES-X-Y", "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ "a@sender.de" ],
  "notification_email" : "a@sender.de",
  "identity_assurance_claims_supported" : null,
  "default_signing_documents" : null
}'

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 03:12:28 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 3932

{
  "id" : "102b6bbd-e21a-4b71-96de-611072fcd51a",
  "client_name" : "Qtsp All-In Signing Service",
  "client_id" : "sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89",
  "service_type" : "remote_signature_creation",
  "subject_type" : "public",
  "required_claims" : {
    "https://www.yes.com/claims/verified_person_data2" : {
      "claims" : {
        "given_name" : null,
        "family_name" : null,
        "https://www.yes.com/claims/place_of_birth" : null
      }
    },
    "https://www.yes.com/claims/transaction_id2" : null,
    "sub" : null,
    "https://www.yes.com/claims/signing_consent2" : null,
    "https://www.yes.com/claims/documents_consented2" : null
  },
  "supported_scopes" : [ "https://www.yes.com/scopes/sign2" ],
  "token_endpoint_auth_method" : "self_signed_tls_client_auth",
  "jwks" : {
    "keys" : [ {
      "kty" : "RSA",
      "kid" : "17470176094258868442",
      "x5c" : [ "MIIEpDCCAowCCQDycoiYxdIw2jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwHhcNMTgwMTMxMDk1MDEyWhcNMTkwMTMxMDk1MDEyWjAUMRIwEAYDVQQDDAl0ZXN0LWNlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ArI6g1KI06oXooz/YslGp+T+MGKf1LEXLG9qH7phv6/nxcQtnomxVPPjhie1ggNrzIIDfNtWyTjMbY4r9VAOBeDid+dN78yAUKVNZJnChE9gNq6TjFGebDh2Ek7KjsvraiocTt78i9ILijcAhqMix2JUXIyrF4AR8XLrwJws4GuGYoVSym3qMvflvSkejHeh2Kv4khlBmkjRgq/tycieFEnr8J8xApV1oCOXXR1I6VuHPeMRp+q4Gb2FctMzVwv24QleqVFHXaLSEoqTMxihyqGxNqjBKZJGwwbNZo+wMwIFZlSL3CE0F7wqDH+cNBsSiXPTknXWCghanVpetWRo+1Q3gJ2MWsJv+C8EIw5fYKv7rJP+1AiAdnZenFcesA6Kj70J+HVtmYaL3EanqN7oPsNRSoLG0VfKLM+koe1T91bRUGYZKRsC4j47O9acjqdObFpQLiNKCZJu2Tpg2TwzY4zHGxDNnGDs/U2xt+re72wyXmTF5ZGRz2WDrQfvCb0pJK8MfknGLnc5O5H34zBcxht5N/UW8DsQEZQyoPm5L9bbZA5eJKLx2w4MfIeyazLIfBAK+Vl0sOIpNgk09sbdY5OdHtFT0hsjsCz0mmwrbpdD6n4c+TmM2mAHV0NfSjLhkvAHOywdnLHzzRXhXJqYMEsxm2hZY9IjmNYF0ej2/QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCriE+JW/jHQUp769AOFYjP7H30xoGqQ+4TRzR3tSy8pWE+sT9EGg49nK17k2OzlXrbDIqEw0zeYx/aKYmQ5XHU41n+tbtEJSybm8I4DeCoVX2UQn/vxebmiPRQzWcBsIXXSdoU3jksWAfkEbAWQ0gtN/5lAVrcdYyqktLe3XifmgBoAgP2HEm0jFfVHg1Fnz+ZWgqAtcwu+DcoyHs9DgyvVW+FodYZTJPedxEDW4gs7biIW3Sk88zYiuA9mttbl4l83F3EAZS6uGX4AKN0UlJQFvwl1dh7e3D7xJo7VrGvXQHRHIr599d4tWCNjmvwHdShfAfVZMjcJfudddQ+PT1MI+w4fhyh8a5hPlQ6qQE8w1K4lpZKzjVSc+4/LYLk/8wdNKKPYVIQ+ElHJd7bXrr0Lcy/F1RS9jQYqm/99Lr6PUjkAOMkp688NyzDJq3szDFT4+upQZUTshZyE86NKtp2ulbvchTYlIYyLViddY8IUHLZnVOTqrJm7635L0a3k2qLLbwsf+s/BxomXz7oCwU6G0mtmSSqO2AyuqNpg+AjSv2UiGwbe9SrkD2SQVnUvNdydiEsiNXa7PQtdPq6nv5IOTSKa+2X2W3q4fTS90qLdcsazicXbhe53Vn7cUuwOiAVlu4GuQKIXapPfamNpf0NU1h5S8rNuce9J2wsDTNxDQ==" ],
      "x5t#S256" : "VHDIh4cWbScPxPM65IrHu2kEHcEOQL2qcIR6U3U7Z1E",
      "n" : "tgKyOoNSiNOqF6KM_2LJRqfk_jBin9SxFyxvah-6Yb-v58XELZ6JsVTz44YntYIDa8yCA3zbVsk4zG2OK_VQDgXg4nfnTe_MgFClTWSZwoRPYDauk4xRnmw4dhJOyo7L62oqHE7e_IvSC4o3AIajIsdiVFyMqxeAEfFy68CcLOBrhmKFUspt6jL35b0pHox3odir-JIZQZpI0YKv7cnInhRJ6_CfMQKVdaAjl10dSOlbhz3jEafquBm9hXLTM1cL9uEJXqlRR12i0hKKkzMYocqhsTaowSmSRsMGzWaPsDMCBWZUi9whNBe8Kgx_nDQbEolz05J11goIWp1aXrVkaPtUN4CdjFrCb_gvBCMOX2Cr-6yT_tQIgHZ2XpxXHrAOio-9Cfh1bZmGi9xGp6je6D7DUUqCxtFXyizPpKHtU_dW0VBmGSkbAuI-OzvWnI6nTmxaUC4jSgmSbtk6YNk8M2OMxxsQzZxg7P1Nsbfq3u9sMl5kxeWRkc9lg60H7wm9KSSvDH5Jxi53OTuR9-MwXMYbeTf1FvA7EBGUMqD5uS_W22QOXiSi8dsODHyHsmsyyHwQCvlZdLDiKTYJNPbG3WOTnR7RU9IbI7As9JpsK26XQ-p-HPk5jNpgB1dDX0oy4ZLwBzssHZyx880V4VyamDBLMZtoWWPSI5jWBdHo9v0",
      "e" : "AQAB"
    } ]
  },
  "owner_id" : "1_platform",
  "policy_uri" : "https://ais.test/policy",
  "tos_uri" : "https://ais.test/tos",
  "tos_uri_label" : "Allgemeine Geschäftsbedingungen AIS",
  "status" : "active",
  "endpoints" : {
    "signDoc2" : "https://22ais.qtsp.com/Ais-Server/csc/v1/signatures/signDoc"
  },
  "authorization_data_types_supported" : [ "account_information" ],
  "conformance_levels_supported" : [ "AdES-X-Y", "AdES-B-B", "AdES-B-T" ],
  "notification_email_senders" : [ "a@sender.de" ],
  "notification_email" : "a@sender.de",
  "identity_assurance_claims_supported" : [ ],
  "default_signing_documents" : [ ]
}

8.1.5. DELETE: Method DELETE

The resource URL for deleting a SP configuration from the SP Directory is build by appending the client_id to the base path for SPs.

https://<basepath>/sps/<version>/<client_id>

One of the following scopes is required to perform this operation:

Table 33. API Scopes
Scope value	Description
sp_delete	Delete any SP configuration
sp_delete#owner_id:{{owner_id}}	Delete a SP configuration, restricted to "owner_id" of the found resource

$ curl 'https://api.sandbox.openbanking.verimi.cloud/v1/sp:integration.yes.com:9682d362-7123-42be-add0-5265e97b5f89' -i -X DELETE

Result response HTTP 204 (NO CONTENT)

9. Service Configuration

9.1. API Operations

9.1.1. READ by issuer: Method GET

This method is intended to be used by RPs to read the service-configuration of the issuer returned by the AC. Append the iss request parameter to the base path to read a single resource.

https://<basepath>/service-configuration/<version>/?iss=<iss_uri>

This method is public. No authorization with an access token from the banking ecosystem Platform Authorization Server is required.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/service-configuration/v1/' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 03:02:33 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 38784

{
  "identity" : {
    "iss" : "https://accounts.testbank.de"
  },
  "remote_signature_creation" : [ {
    "qtsp_id" : "sp:integration.yes.com:47a6b29a-69d3-4321-998a-5b6d81e2397f",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:a5502acf-cdd0-4736-9357-ff376251fced",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:a0744841-bc5d-4d5d-831d-f87a4f831cb7",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:c3c5a290-5070-4b2c-9406-7b8c96c157a3",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:0aa5cbe4-ab72-421c-a9d6-cb5c4988ed5f",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:afa50aeb-dcdf-46a6-8a21-8708c2962b80",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:7a375d1a-6020-43ea-8b9a-89f38782742e",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:59918406-a542-4fca-b86a-13b9f2224486",
    "signDoc" : "https://ais.swisscom.com/Ais-Server/csc/v1/signatures/signDoc",
    "conformance_levels_supported" : [ ],
    "identity_assurance_claims_supported" : [ ],
    "default_signing_documents" : [ ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:79176218-ce91-4c6a-94bb-94697fba8b9e",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:4f4b7d0d-20de-450a-979b-edbb93c9586c",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:7da4963b-8cbe-4405-93ac-604fc7978f37",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:af395b8a-8adf-4097-869b-203ffb2fe85a",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:92fd7f41-e736-4a54-ac04-08c2024ac7c5",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:17dedb5d-4beb-4c86-ae69-b6cb352492f6",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:a95e0cc2-7cb8-403f-8576-56036dd3b5c4",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:49a8f606-f561-45ca-8928-1e7f9a5cdeb4",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:03ebb662-1043-4bc0-97ce-c840d8209cca",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:35d70256-25cb-4505-8c3a-4d648261bd82",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:83c79920-d0e3-458e-8f13-768240bd2760",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:ca3af07b-7c47-4f57-a9da-59e851159acb",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:570c4305-950f-4184-a817-f0ffc36602bb",
    "signDoc" : "https://yesqtsp.namirialtsp.com/qtsp-rest-api/signature/signDoc",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:5c4253b3-c40f-418f-8f1d-e7aa84c426e5",
    "signDoc" : "https://ais.hudeldudel.de/Ais-Server/csc/v1/signatures/signDoc",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:314630f0-f1f3-4199-9ad6-bff8649bd043",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:799f8a47-ef86-4ead-972f-e637eb65b276",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:5a3a5f84-1723-4662-879d-318b5dd15f6f",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:e6f13047-9fe9-4bc2-ab8c-8e2f52bc788c",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:cf23cd89-0928-4cdb-8c85-0c6304da477d",
    "signDoc" : "https://ais.swisscom.com/Ais-Server/csc/v1/signatures/signDoc",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ ],
    "default_signing_documents" : [ ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:cbb20954-ecaa-4413-9baf-77d06b10bd34",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:9bb3d49a-7b3e-424c-85cd-d41b306e67b7",
    "signDoc" : "https://ais.swisscom.com/Ais-Server/csc/v1/signatures/signDoc",
    "conformance_levels_supported" : [ ],
    "identity_assurance_claims_supported" : [ ],
    "default_signing_documents" : [ ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:878abfe6-6381-4058-ac0d-68e7fc6ab1a8",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:4844c4ed-ce2b-4b63-a534-3242cc451ed9",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:9f42d531-63a5-45f7-8513-7be665f1b3c2",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:f99a0df7-9dbb-439f-9f3c-040e026e05fa",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:01373f93-0311-434d-9f77-99b3ea271e84",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:83d11ff1-6959-4713-a384-19947491ceda",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:4dd87513-da68-459f-a646-0a7d55ee67b2",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:054f6022-bdaf-437d-b704-86325218c692",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:018005c0-84dd-4da0-b49a-16440056fd8d",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:8da4efaa-6695-4c94-8438-3c6bca0afd34",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:94ab071c-a1be-422c-be84-63ecb01c2e4c",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:9ef70e10-7b2e-4110-bc70-e875087d4538",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:99c1bd23-edc3-4183-8735-8919e1013827",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:863cfb62-d0d3-4b0b-97e7-c3a476a406b4",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:2fc17bce-423e-4d3a-ad5d-7bfb56455f8f",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:98f4f259-cdf1-43ae-b38c-e425c6981299",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:f894e3e1-0623-49c5-91c3-ecfcf7cfe993",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:3220e574-a7f9-46ad-86bd-5d31af19a91c",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:a273b9bf-c61b-4565-ae5f-4c2106f3da36",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:60919d24-fda1-4a82-a22f-ab6dcda5eb5f",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:0b6dad9c-3438-4eed-aecb-405808ea84de",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:f6c69fc1-7e9a-41be-827a-956f7b1e11a2",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:152fad58-3a12-4dcb-9694-7e3034844bbe",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:e2e253b3-c40f-418f-8f1d-e7aa84c426e5",
    "signDoc" : "https://sp2/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ ],
    "default_signing_documents" : [ ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:e2ebabe0-7258-46ee-a9e9-bea81da70604",
    "signDoc" : "https://example.com/qtsp-rest-api/signature/signDoc",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:e2ec4305-950f-4184-a817-f0ffc36602bb",
    "signDoc" : "https://yesqtsp.sp3.com/qtsp-rest-api/signature/signDoc",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "birthdate", "address", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:02345ddd-ca4e-4f52-a382-c72d3ffdf161",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  }, {
    "qtsp_id" : "sp:integration.yes.com:ecc033e1-7d23-4fd6-9bd6-5679aeea5c4d",
    "signDoc" : "https://ais.intarsys.de/AIS-Server/etsi/YES/rdsc/v1",
    "conformance_levels_supported" : [ "AdES-B-B", "AdES-B-T" ],
    "identity_assurance_claims_supported" : [ "place_of_birth", "address", "birthdate", "nationalities", "given_name", "family_name" ],
    "default_signing_documents" : [ {
      "lang" : "de",
      "text" : "Hiermit bestätige ich, dass ich die angegebenen Daten sorgfältig geprüft habe und diese auf meine Person zutreffen."
    }, {
      "lang" : "en",
      "text" : "I hereby confirm that I have carefully checked the data provided and that they apply to my person."
    } ]
  } ]
}

READ By Issuer Response Data Model

Field Type Description

identity

JSON Object

JSON object containing the issuer in the attribute iss

remote_signature_creation

Array of Objects

See Signing Service Solution design chapters IDP Selection Phase and Service Configuration.

payment_initiation

JSON Object

Empty JSON object signifying that payment initation is supported by the IDP. See the chapter on service configuration in Payment Initiaion Service

10. Mediation Records v2

This chapter describes the current version of the API for mediation records.

See the respective sub-chapters for more information about the data model.

For error responses see General expectable responses.

10.1. API Operations

10.1.1. CREATE: General Information

Mediation records are polymorph, i.e. different kinds of services use different kinds of mediation records with different sets of attributes.

All kinds of mediation records are created via the same API.

Access

The following scope is required to perform this operation:

Table 34. API Scopes
Scope value	Description
mr_create	Create a mediation record, unrestricted
mr_create#owner_id:{{owner_id}}	Create a mediation record, restricted to 'owner_id' given in HTTP body

Representing Nested Claims in Identity*Records

In case of nested claims like in https://www.yes.com/claims/verified_person_data, the claim name is constructed by adding the nested claim name to the outer claim name after a separating /.

Example

  "claims_names" : [
        "email", "email_verified",
        "https://www.yes.com/claims/place_of_birth",
        "https://www.yes.com/claims/verified_person_data/claims/given_name",
        "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth"
        ]

Representing Verification Requirements in IdentityRecords

In case of nested attributes in https://www.yes.com/claims/verified_person_data/verification, the name is constructed by adding the nested attributes name to the outer attributes name after a separating /.

Example

  "fulfilled_verification_requirements" : [
        "identity_document/type", "identity_document/method", "date"
        ]

10.1.2. CREATE IdentityRecord: Method POST

Create a mediation record for identity (created by IDP when called by RP via token- or userinfo-endpoints).

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "identity",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "dc9ed5ec-c060-4b72-816b-54fdb56228c3",
  "delivery_time" : "2024-03-06T02:45:08.935Z",
  "provided_claim_names" : [ "https://www.yes.com/claims/verified_person_data/claims/given_name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "verified_claims/claims/place_of_birth", "https://www.yes.com/claims/documents_consented", "nationalities", "verified_claims/claims/given_name", "sub", "verified_claims/verification/evidence[type='id_document']/time", "https://www.yes.com/claims/place_of_birth", "verified_claims/verification/verification_process", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "birth_family_name", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/verified_person_data/claims/family_name", "https://www.yes.com/claims/salutation", "title", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/birthdate", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "https://www.yes.com/claims/title", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "verified_claims/verification/evidence[type='id_document']/document/number", "verified_claims/claims/address", "txn", "phone_number", "https://www.yes.com/claims/signing_consent", "family_name", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "birth_middle_name", "https://www.yes.com/claims/nationality", "given_name", "https://www.yes.com/claims/transaction_id", "verified_claims/claims/birth_middle_name", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/verification/trust_framework", "phone_number_verified", "gender", "https://www.yes.com/claims/verified_person_data/claims/address", "email", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "birthdate", "salutation", "email_verified", "verified_claims/claims/nationalities", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birth_given_name", "address", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality" ],
  "fulfilled_verification_requirements" : [ "identity_document/method", "identity_document/type" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "provided_acr_value" : "https://www.yes.com/acrs/online_banking_sca",
  "endpoint" : "token"
}'

Mediation Request Model for IdentityRecord

Field Type Restriction Description

type

String

Must be identity

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the RP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

A unique reference id for the mediation record, e.g. a uuid. Uniqueness is considered per idp (issuers), i.e. different issuers can use the same reference ids. If the reference id already exists, a HTTP Status 409 Conflict is returned.

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

The mediation record delivery timestamp, when the service was provided.
It must be a ISO-8601 timestamp. A maximum precision of milliseconds is supported. Timestamps with a higher precision will be truncated to three digits.

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

provided_claim_names

Array of Strings

not null or empty, max. 200 characters per claim name.

The list of the names of the claims delivered to the RP, cf. Representing Nested Claims in Identity*Records

provided_acr_value

String

(optional)

The acr value attested to the RP, e.g. https://www.yes.com/acrs/online_banking_sca

requested_claims

JSON Object

(optional) json object

The requested claims incl. all claims resulting from scopes, and the acr value. Top-level members are 'id_token' and 'userinfo' to group the claims requested at the different endpoints according to the banking ecosystem specification or the claims parameter

fulfilled_verification_requirements

Array of Strings

(optional) if requirements requested in the verification claim specification were fulfilled, the OP attests them here

The list of the verification requirements the OP fulfilled, cf. Representing Verification Requirements in IdentityRecords

endpoint

String

must be either token or userinfo

The endpoint the RP used to request the user data.

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:45:08 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 4244

{
  "type" : "identity",
  "id" : 16,
  "creation_time" : "2024-03-06T02:45:08.957Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "dc9ed5ec-c060-4b72-816b-54fdb56228c3",
  "delivery_time" : "2024-03-06T02:45:08.935Z",
  "provided_claim_names" : [ "birthdate", "https://www.yes.com/claims/nationality", "https://www.yes.com/claims/title", "verified_claims/claims/birth_middle_name", "verified_claims/claims/place_of_birth", "nationalities", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "verified_claims/claims/birth_given_name", "https://www.yes.com/claims/place_of_birth", "verified_claims/claims/nationalities", "https://www.yes.com/claims/salutation", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "https://www.yes.com/claims/verified_person_data/claims/given_name", "birth_family_name", "verified_claims/verification/verification_process", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality", "verified_claims/claims/address", "phone_number", "birth_middle_name", "salutation", "sub", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birthdate", "https://www.yes.com/claims/signing_consent", "gender", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "title", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "email", "https://www.yes.com/claims/verified_person_data/claims/address", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/given_name", "email_verified", "address", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "phone_number_verified", "txn", "given_name", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/transaction_id", "https://www.yes.com/claims/documents_consented", "verified_claims/verification/evidence[type='id_document']/time", "verified_claims/verification/trust_framework", "https://www.yes.com/claims/verified_person_data/claims/family_name", "family_name", "verified_claims/verification/evidence[type='id_document']/document/number" ],
  "fulfilled_verification_requirements" : [ "identity_document/type", "identity_document/method" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "provided_acr_value" : "https://www.yes.com/acrs/online_banking_sca",
  "endpoint" : "token"
}

Mediation Response Model for IdentityRecord

Field Type Description

type

String

The record type, always identity

id

String

the mediation record id

client_id

String

the service consumer id

delivery_time

String

The time, when the service was provided as a ISO-8601 timestamp with a precision of milliseconds.

creation_time

String

The time, when the record was received by mediation record service as a ISO-8601 timestamp with a precision of milliseconds.

issuer

String

The OP’s issuer URL

transaction_id

String

The transaction id as returned to the RP

reference_id

String

A unique identifier for the mediation record provided by the creator of the record.

owner_id

String

The owner_id you received during the onboarding process.

provided_claim_names

Array of Strings

The list of the names of the claims delivered to the RP, cf. Representing Nested Claims in Identity*Records

provided_acr_value

String

The acr value attested to the RP, e.g. https://www.yes.com/acrs/online_banking_sca

requested_claims

JSON Object

The requested claims as a claims parameter Json object.

fulfilled_verification_requirements

Array of Strings

The list of the verification requirements the OP fulfilled, cf. Representing Verification Requirements in IdentityRecords

endpoint

String

The endpoint the RP used to request the user data, always introspection

10.1.3. CREATE IdentityForServiceProviderRecord: Method POST

Create a mediation record for identity (created by IDP when called by SP via introspection-endpoint).

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "identity_for_service_provider",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "f35fca10-3a25-4c04-ab0f-5821886ffa1b",
  "delivery_time" : "2024-03-06T02:45:47.684Z",
  "provided_claim_names" : [ "https://www.yes.com/claims/verified_person_data/claims/given_name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "verified_claims/claims/place_of_birth", "https://www.yes.com/claims/documents_consented", "nationalities", "verified_claims/claims/given_name", "sub", "verified_claims/verification/evidence[type='id_document']/time", "https://www.yes.com/claims/place_of_birth", "verified_claims/verification/verification_process", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "birth_family_name", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/verified_person_data/claims/family_name", "https://www.yes.com/claims/salutation", "title", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/birthdate", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "https://www.yes.com/claims/title", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "verified_claims/verification/evidence[type='id_document']/document/number", "verified_claims/claims/address", "txn", "phone_number", "https://www.yes.com/claims/signing_consent", "family_name", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "birth_middle_name", "https://www.yes.com/claims/nationality", "given_name", "https://www.yes.com/claims/transaction_id", "verified_claims/claims/birth_middle_name", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/verification/trust_framework", "phone_number_verified", "gender", "https://www.yes.com/claims/verified_person_data/claims/address", "email", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "birthdate", "salutation", "email_verified", "verified_claims/claims/nationalities", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birth_given_name", "address", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "provided_acr_value" : "https://www.yes.com/acrs/online_banking_sca",
  "endpoint" : "introspection",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
}'

Mediation Request Model for IdentityForServiceProviderRecord

Field Type Restriction Description

type

String

Must be identity_for_service_provider

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

A unique reference id for the mediation record, e.g. a uuid. Uniqueness is considered per service provider (issuer and service_provider_id), i.e. different service providers can use the same reference ids. If the reference id for the given issuer and service_provider_id already exists, a HTTP Status 409 Conflict is returned.

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

provided_claim_names

Array of Strings

not null or empty, max. 200 characters per claim name.

The list of the names of the claims delivered to the RP, cf. Representing Nested Claims in Identity*Records

provided_acr_value

String

must be https://www.yes.com/acrs/online_banking_sca

The acr value attested to the SP.

endpoint

String

must be introspection

The endpoint the SP used to request the user data.

requested_claims

JSON Object

(optional) json object

service_provider_id

String

not null, 1 to 100 characters

Must be the client_id of the SP to which the data is delivered.

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:45:48 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 4252

{
  "type" : "identity_for_service_provider",
  "id" : 18,
  "creation_time" : "2024-03-06T02:45:48.361Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "f35fca10-3a25-4c04-ab0f-5821886ffa1b",
  "delivery_time" : "2024-03-06T02:45:47.684Z",
  "provided_claim_names" : [ "birthdate", "https://www.yes.com/claims/nationality", "https://www.yes.com/claims/title", "verified_claims/claims/birth_middle_name", "verified_claims/claims/place_of_birth", "nationalities", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "verified_claims/claims/birth_given_name", "https://www.yes.com/claims/place_of_birth", "verified_claims/claims/nationalities", "https://www.yes.com/claims/salutation", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "https://www.yes.com/claims/verified_person_data/claims/given_name", "birth_family_name", "verified_claims/verification/verification_process", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality", "verified_claims/claims/address", "phone_number", "birth_middle_name", "salutation", "sub", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birthdate", "https://www.yes.com/claims/signing_consent", "gender", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "title", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "email", "https://www.yes.com/claims/verified_person_data/claims/address", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/given_name", "email_verified", "address", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "phone_number_verified", "txn", "given_name", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/transaction_id", "https://www.yes.com/claims/documents_consented", "verified_claims/verification/evidence[type='id_document']/time", "verified_claims/verification/trust_framework", "https://www.yes.com/claims/verified_person_data/claims/family_name", "family_name", "verified_claims/verification/evidence[type='id_document']/document/number" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "provided_acr_value" : "https://www.yes.com/acrs/online_banking_sca",
  "endpoint" : "introspection",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
}

Mediation Response Model for IdentityForServiceProviderRecord

Field Type Description

type

String

The record type, always identity_for_service_provider

id

String

the mediation record id

client_id

String

the service consumer id

delivery_time

String

The time, when the service was provided as a ISO-8601 timestamp with a precision of milliseconds.

creation_time

String

The time, when the record was received by mediation record service as a ISO-8601 timestamp with a precision of milliseconds.

issuer

String

The OP’s issuer URL

transaction_id

String

The transaction id as returned to the SP

reference_id

String

A unique identifier for the mediation record provided by the creator of the record.

owner_id

String

The owner_id you received during the onboarding process.

provided_claim_names

Array of Strings

The list of the names of the claims delivered to the SP, cf. Representing Nested Claims in Identity*Records

provided_acr_value

String

The acr value attested to the SP, e.g. https://www.yes.com/acrs/online_banking_sca

endpoint

String

The endpoint the SP used to request the user data, always introspection

requested_claims

JSON Object

The requested claims as a claims parameter Json object.

service_provider_id

String

the client_id of the SP to which the data is delivered.

10.1.4. CREATE RemoteSignatureCreationRecord: Method POST

Create a mediation record for QES (created by QTSP when a signature is issued for an RP).

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "remote_signature_creation",
  "count" : 2,
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "f8f9499c-ff82-4585-8619-9eaf2c8cbeba",
  "delivery_time" : "2024-03-06T02:43:46.974Z",
  "credentialID" : "qes_eidas",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
}'

Mediation Request Model for RemoteSignatureCreationRecord

Field Type Restriction Description

type

String

Must be remote_signature_creation

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

A unique reference id for the mediation record, e.g. a uuid. Uniqueness is considered per qtsp (issuer and service_provider_id), i.e. service providers can use the same reference ids. If the reference id for the given issuer and service_provider_id already exists, a HTTP Status 409 Conflict is returned.

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

service_provider_id

String

not null, 1 to 100 characters

Must be the client_id of the SP to which the data is delivered.

count

Long

positive number or zero

The number of signatures created.
In case of QID the count must be zero.
see: QES for Identity Assurance / Billing Mediation

credentialID

String

not null, must be qes_eidas or aes_eidas

The kind of signature created.

provided_claim_names

Array of Strings

(optional) max. 200 characters per claim name

The list of the names of the claims delivered to the RP, cf. Representing Nested Claims in Identity*Records

requested_claims

JSON Object

(optional) json object

The requested claims from the authorization_details[type='sign'].identity_assurance_claims as json element
see: QES for Identity Assurance / Requesting Claims in authorization_details

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:43:47 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 504

{
  "type" : "remote_signature_creation",
  "id" : 2,
  "count" : 2,
  "creation_time" : "2024-03-06T02:43:47.765Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "f8f9499c-ff82-4585-8619-9eaf2c8cbeba",
  "delivery_time" : "2024-03-06T02:43:46.974Z",
  "credentialID" : "qes_eidas",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
}

Mediation Response Model for RemoteSignatureCreationRecord

Field Type Description

type

String

The record type, always remote_signature_creation

id

String

the mediation record id

client_id

String

the service consumer id

delivery_time

String

The time, when the service was provided as a ISO-8601 timestamp with a precision of milliseconds.

creation_time

String

The time, when the record was received by mediation record service as a ISO-8601 timestamp with a precision of milliseconds.

issuer

String

The OP’s issuer URL

transaction_id

String

The transaction id as returned to the SP

reference_id

String

A unique identifier for the mediation record provided by the creator of the record.

owner_id

String

The owner_id you received during the onboarding process.

service_provider_id

String

Must be the client_id of the SP to which the data is delivered.

count

Long

The number of signatured created

credentialID

String

The kind of signature created.

provided_claim_names

Array of Strings

The list of the names of the claims delivered to the SP, cf. Representing Nested Claims in Identity*Records

requested_claims

JSON Object

The requested claims as a claims parameter Json object.

10.1.5. CREATE PaymentInitiation Record: Method POST

Create a mediation record for payment initiation

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "payment_initiation",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "b1e8bece-7502-42a0-8605-0148ca22bc0a",
  "delivery_time" : "2024-03-06T02:44:30.538Z",
  "paymentProduct" : "sepa-credit-transfers",
  "currency" : "EUR",
  "amount" : 47.11,
  "debtorAccount" : [ "iban", "holderName" ]
}'

Mediation Request Model for PaymentInitiationRecord

Field Type Restriction Description

type

String

Must be payment_initiation

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

paymentProduct

String

Must be sepa-credit-transfers

The payment product. Currently, only sepa-credit-transfers is supported

currency

String

Must be EUR

ISO 4217 Alpha 3 currency code from the payment. Currently, only EUR is supported

amount

number(14,2)

not null, positive number

The amount from the payment given with fractional digits, where fractions must be compliant to the currency definition. Up to 14 significant figures with a maximum of two decimal places for currency EUR. Negative or zero amounts are not allowed. The decimal separator is a dot.

Example: Valid representations for EUR with up to two decimals are: 1056, 5768.2, 1.50, 5877.78.

debtorAccount

Array of Strings

(optional) max. 200 characters per value

An array containing up to two strings depending on the checks requested by the RP using debtorAccount in the request:

- the string holderName if any of the keys holderSameName, holderFamilyName, or holderGivenName were used.

- the string iban if the key iban was used.

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:44:31 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 505

{
  "type" : "payment_initiation",
  "id" : 7,
  "creation_time" : "2024-03-06T02:44:31.195Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "b1e8bece-7502-42a0-8605-0148ca22bc0a",
  "delivery_time" : "2024-03-06T02:44:30.538Z",
  "paymentProduct" : "sepa-credit-transfers",
  "currency" : "EUR",
  "amount" : 47.11,
  "debtorAccount" : [ "holderName", "iban" ]
}

Mediation Response Model for PaymentInitiationRecord

Field Type Description

type

String

The record type, always payment_initiation

id

String

the mediation record id

client_id

String

the service consumer id

delivery_time

String

The time, when the service was provided as a ISO-8601 timestamp with a precision of milliseconds.

creation_time

String

The time, when the record was received by mediation record service as a ISO-8601 timestamp with a precision of milliseconds.

issuer

String

The OP’s issuer URL

transaction_id

String

The transaction id as returned to the SP

reference_id

String

A unique identifier for the mediation record provided by the creator of the record.

owner_id

String

The owner_id you received during the onboarding process.

paymentProduct

String

The payment product. Currently, only sepa-credit-transfers is supported

currency

String

ISO 4217 Alpha 3 currency code from the payment. Currently, only EUR is supported

amount

number(14,2)

Example: Valid representations for EUR with up to two decimals are: 1056, 5768.2, 1.50, 5877.78.

debtorAccount

Array of Strings

An array containing up to two strings depending on the checks requested by the RP using debtorAccount in the request:

- the string holderName if any of the keys holderSameName, holderFamilyName, or holderGivenName were used.

- the string iban if the key iban was used.

10.1.6. CREATE AccountInformation Record: Method POST

This type of mediation record is only available in the development environment ("sandbox"), but not yet in production.

Create a mediation record for account information

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "ais_accounts",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "05fb7bea-9581-400d-bf49-f0c45ebb18b8",
  "delivery_time" : "2024-03-06T02:45:17.608Z",
  "additionalInformation" : [ "ownerName" ]
}'

Mediation Request Model for AccountInformationRecord

Field Type Restriction Description

type

String

Must be ais_accounts

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

additionalInformation

Array of Strings

not null, max. 200 characters per additional information name

array of additional information elements that were delivered if they were delivered for at least one account, identified by their name; currently either an empty array or ["ownerName"].

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:45:17 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 410

{
  "type" : "ais_accounts",
  "id" : 5,
  "creation_time" : "2024-03-06T02:45:17.634Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "05fb7bea-9581-400d-bf49-f0c45ebb18b8",
  "delivery_time" : "2024-03-06T02:45:17.608Z",
  "additionalInformation" : [ "ownerName" ]
}

Mediation Response Model for AccountInformation

Field Type Restriction Description

type

String

Must be ais_accounts

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

additionalInformation

Array of Strings

not null, max. 200 characters per additional information name

array of additional information elements that were delivered if they were delivered for at least one account, identified by their name; currently either an empty array or ["ownerName"].

10.1.7. CREATE AccountTransactions Record: Method POST

This type of mediation record is only available in the development environment ("sandbox"), but not yet in production.

Create a mediation record for account transactions

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "ais_transactions",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "ec80b357-4337-45d4-a1ee-670c24585c2a",
  "delivery_time" : "2024-03-06T02:44:00.962Z",
  "accountType" : "cardAccount",
  "dateFrom" : 1.608823391252E9,
  "dateTo" : 1.709693040963056E9,
  "recordCount" : 23
}'

Mediation Request Model for AccountTransactionsRecord

Field Type Restriction Description

type

String

Must be ais_transactions

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

accountType

String

must be either account or cardAccount

the type of account accessed

dateFrom

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

set to the respective values in the AIS transactions access request; or equivalent calculated from default access history duration if parameters where not given

dateTo

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

set to the respective values in the AIS transactions access request; or equivalent calculated from default access history duration if parameters where not given

recordCount

Long

positive number or zero

number of transaction records delivered

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:44:00 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 513

{
  "type" : "ais_transactions",
  "id" : 1,
  "creation_time" : "2024-03-06T02:44:01.003Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "ec80b357-4337-45d4-a1ee-670c24585c2a",
  "delivery_time" : "2024-03-06T02:44:00.962Z",
  "accountType" : "cardAccount",
  "dateFrom" : "2020-12-24T15:23:11.252Z",
  "dateTo" : "2024-03-06T02:44:00.96305612Z",
  "recordCount" : 23
}

Mediation Response Model for AccountTransactions

Field Type Restriction Description

type

String

Must be ais_transactions

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

accountType

String

must be either account or cardAccount

the type of account accessed

dateFrom

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

set to the respective values in the AIS transactions access request; or equivalent calculated from default access history duration if parameters where not given

dateTo

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

set to the respective values in the AIS transactions access request; or equivalent calculated from default access history duration if parameters where not given

recordCount

Long

positive number or zero

number of transaction records delivered

10.1.8. CREATE AccountBalances Record: Method POST

This type of mediation record is only available in the development environment ("sandbox"), but not yet in production.

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X POST \
    -H 'Content-Type: application/json' \
    -d '{
  "type" : "ais_balances",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "9274904a-4711-450b-86ab-c477e9623b7f",
  "delivery_time" : "2024-03-06T02:44:45.332Z",
  "accountType" : "account"
}'

Mediation Request Model for AccountBalancesRecord

Field Type Restriction Description

type

String

Must be ais_balances

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

accountType

String

must be either account or cardAccount

the type of account accessed

Result response HTTP 201 (created)

HTTP/1.1 201 Created
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:44:44 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 394

{
  "type" : "ais_balances",
  "id" : 3,
  "creation_time" : "2024-03-06T02:44:45.409Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "9274904a-4711-450b-86ab-c477e9623b7f",
  "delivery_time" : "2024-03-06T02:44:45.332Z",
  "accountType" : "account"
}

Mediation Response Model for AccountBalances

Field Type Restriction Description

type

String

Must be ais_balances

The record type.

issuer

String

not null, 1 to 100 characters

The OP’s issuer URL. Must correspond to the iss attribute of an entry in the IDP directory.

client_id

String

not null, 1 to 100 characters

The client_id of the RP which started the process. Must correspond to the client_id attribute of an entry in the RP directory.

transaction_id

String

not null, 1 to 50 characters

The transaction id as returned to the SP by the OP.

reference_id

String

(optional) 1 to 100 characters restricted to a-z, A-Z, 0-9 and dashes ("-")

delivery_time

String

not null, ISO-8601 timestamp with a maximum precision of milliseconds

owner_id

String

not null or empty / 1 to 100 characters

The owner_id you received during the onboarding process.

accountType

String

must be either account or cardAccount

the type of account accessed

10.1.9. READ : Method GET

Read all mediation records.

The following scope is required to perform this operation:

Table 35. API Scopes
Scope value	Description
mr_read	Read mediation records, unrestricted
mr_read#owner_id:{{`owner_id`}}	Read mediation records, restricted to the `owner_id` provided in the scope

The mediation records can be filtered with a time range, id range and the owner_id. The parameters have to be sent as url parameters.

Table 36. Parameters
Parameter	Type	Description
from	String	(optional) ISO-8601 timestamp with timezone in format "yyyy-MM-dd’T’hh:mm:hh" + time zone (e.g. 2018-02-02T12:00:00Z or 2018-02-02T12:00:00+01:00) Selects entries from the specified `creation_time` timestamp in UTC (>=)
to	String	(optional) ISO-8601 timestamp in format "yyyy-MM-dd’T’hh:mm:hh" + time zone (e.g. 2018-02-02T12:00:00Z or 2018-02-02T12:00:00+01:00) Selects entries up to the specified `creation_time` timestamp in UTC (<).
fromId	Long	(optional) positive number denoting a mediation record id Selects entries with an `id` larger than the specified one (>)
toId	Long	(optional) positive number denoting a mediation record id Selects entries with an `id` smaller than or equal to the specified one (<=)
owner_id	String	(optional) String, the `owner_id` 0 to 50 characters Selects entries of the specified `owner_id`.

https://<basepath>/mediationrecords/<version>?from=<timestamp>&to=<timestamp>&fromId=<long>&toId=<long>&owner_id=<your_owner_id>

$ curl 'https://api.sandbox.openbanking.verimi.cloud/mediationrecords/v2' -i -X GET

Result response HTTP 200 (OK)

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 06 Mar 2024 02:45:33 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 8857

[ {
  "type" : "identity",
  "id" : 16,
  "creation_time" : "2024-03-06T02:45:33.711Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "2ec93120-301b-4f9c-83f9-b4b376e01c86",
  "delivery_time" : "2024-03-06T02:45:33.711Z",
  "provided_claim_names" : [ "birthdate", "https://www.yes.com/claims/nationality", "https://www.yes.com/claims/title", "verified_claims/claims/birth_middle_name", "verified_claims/claims/place_of_birth", "nationalities", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "verified_claims/claims/birth_given_name", "https://www.yes.com/claims/place_of_birth", "verified_claims/claims/nationalities", "https://www.yes.com/claims/salutation", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "https://www.yes.com/claims/verified_person_data/claims/given_name", "birth_family_name", "verified_claims/verification/verification_process", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality", "verified_claims/claims/address", "phone_number", "birth_middle_name", "salutation", "sub", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birthdate", "https://www.yes.com/claims/signing_consent", "gender", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "title", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "email", "https://www.yes.com/claims/verified_person_data/claims/address", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/given_name", "email_verified", "address", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "phone_number_verified", "txn", "given_name", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/transaction_id", "https://www.yes.com/claims/documents_consented", "verified_claims/verification/evidence[type='id_document']/time", "verified_claims/verification/trust_framework", "https://www.yes.com/claims/verified_person_data/claims/family_name", "family_name", "verified_claims/verification/evidence[type='id_document']/document/number" ],
  "fulfilled_verification_requirements" : [ "identity_document/type", "identity_document/method" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "endpoint" : "token"
}, {
  "type" : "identity_for_service_provider",
  "id" : 17,
  "creation_time" : "2024-03-06T02:45:33.711Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "bfd43e35-e643-4c4c-a122-93a8adce9f77",
  "delivery_time" : "2024-03-06T02:45:33.711Z",
  "provided_claim_names" : [ "birthdate", "https://www.yes.com/claims/nationality", "https://www.yes.com/claims/title", "verified_claims/claims/birth_middle_name", "verified_claims/claims/place_of_birth", "nationalities", "verified_claims/verification/time", "verified_claims/verification/evidence[type='id_document']/method", "verified_claims/verification/evidence[type='id_document']/document/issuer/country", "verified_claims/claims/birth_given_name", "https://www.yes.com/claims/place_of_birth", "verified_claims/claims/nationalities", "https://www.yes.com/claims/salutation", "verified_claims/verification/evidence[type='id_document']/document/type", "verified_claims/claims/family_name", "https://www.yes.com/claims/verified_person_data/claims/birthdate", "https://www.yes.com/claims/verified_person_data/claims/given_name", "birth_family_name", "verified_claims/verification/verification_process", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/nationality", "verified_claims/claims/address", "phone_number", "birth_middle_name", "salutation", "sub", "verified_claims/verification/evidence[type='id_document']/document/date_of_expiry", "verified_claims/claims/birthdate", "https://www.yes.com/claims/signing_consent", "gender", "https://www.yes.com/claims/verified_person_data/claims/https://www.yes.com/claims/place_of_birth", "title", "verified_claims/verification/evidence[type='id_document']/document/date_of_issuance", "verified_claims/claims/birth_family_name", "verified_claims/verification/evidence[type='id_document']/document/issuer/name", "verified_claims/verification/evidence[type='id_document']/verifier/txn", "email", "https://www.yes.com/claims/verified_person_data/claims/address", "https://www.yes.com/claims/preferred_iban", "verified_claims/claims/given_name", "email_verified", "address", "verified_claims/verification/evidence[type='id_document']/type", "https://www.yes.com/claims/delivery_address", "phone_number_verified", "txn", "given_name", "verified_claims/verification/evidence[type='id_document']/verifier/organization", "https://www.yes.com/claims/tax_id", "birth_given_name", "place_of_birth", "https://www.yes.com/claims/transaction_id", "https://www.yes.com/claims/documents_consented", "verified_claims/verification/evidence[type='id_document']/time", "verified_claims/verification/trust_framework", "https://www.yes.com/claims/verified_person_data/claims/family_name", "family_name", "verified_claims/verification/evidence[type='id_document']/document/number" ],
  "requested_claims" : {
    "userinfo" : {
      "email" : null,
      "verified_claims" : {
        "claims" : {
          "given_name" : {
            "essential" : true
          },
          "family_name" : {
            "essential" : true
          },
          "birthdate" : {
            "essential" : true
          },
          "place_of_birth" : {
            "essential" : true
          },
          "nationalities" : {
            "essential" : true
          },
          "address" : {
            "essential" : true
          }
        },
        "verification" : {
          "trust_framework" : {
            "value" : "de_aml"
          },
          "evidence" : [ {
            "type" : {
              "value" : "id_document"
            },
            "method" : {
              "value" : "pipp"
            },
            "document" : {
              "type" : {
                "values" : [ "idcard", "passport" ]
              }
            }
          } ]
        }
      }
    },
    "id_token" : {
      "sub" : null,
      "acr" : {
        "value" : "https://www.yes.com/acrs/online_banking_sca"
      }
    }
  },
  "endpoint" : "token",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
}, {
  "type" : "remote_signature_creation",
  "id" : 18,
  "count" : 2,
  "creation_time" : "2024-03-06T02:45:33.712Z",
  "issuer" : "https://idp.bank.test/issuer/",
  "owner_id" : "133874",
  "client_id" : "yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8",
  "transaction_id" : "TX-2310",
  "reference_id" : "f9364810-24c9-40cd-8517-d2bb290cf022",
  "delivery_time" : "2024-03-06T02:45:33.712Z",
  "credentialID" : "qes_eidas",
  "service_provider_id" : "sp:yes.com:279855b893-8ba1-4d6e-aa0c-9972d4ea4ac8"
} ]

The response is polymorph, i.e. may contain all different kinds of mediation records. See the different create chapters for details.

11. Error Responses

11.1. Error Response Version 1

APIs with version 1 return the following error response in case of an error.

11.1.1. Data Model for Error Responses V1

Path Type Description

server_time

String

error time_stamp as ISO-8601 utc value

code

String

the api error code

message

String

the error message detail

11.2. Error Response Version 2

APIs with version 2 (a resource path containing /v2) use a different error response, see Data Model for Error Responses V2, but behave in all other respects as the API with version 1.

11.2.1. Data Model for Error Responses V2

Path Type Description

error

String

the id of the error

error_description

String

a description about the error

11.3. General expectable responses

These responses with http status codes can be received on all methods, due to security errors or validation of data models.
The examples given conform to the data model for error responses in version 1.

11.3.1. HTTP 400 (bad request)

When data model or request arguments are invalid.

HTTP/1.1 400 Bad Request
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 21 Mar 2018 11:38:14 GMT
Connection: close
Content-Length: 135

{
  "server_time" : "2018-03-21T12:38:15.697+01:00[Europe/Berlin]",
  "code" : "400",
  "message" : "one or more fields were invalid"
}

11.3.2. HTTP 401 (unauthorized)

When some security issues happen, like access_token invalid signature, wrong issuer, expired or not valid, etc.

HTTP/1.1 401 Unauthorized
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Date: Wed, 21 Mar 2018 11:38:11 GMT

11.3.3. HTTP 403 (forbidden)

When access_token is valid but doesn’t contain right scopes to access the service endpoint.

HTTP/1.1 403 Forbidden
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 21 Mar 2018 11:38:15 GMT
Content-Length: 135

{
  "server_time" : "2018-03-21T12:38:16.061+01:00[Europe/Berlin]",
  "code" : "401",
  "message" : "Invalid or missing access token"
}

11.3.4. HTTP 404 (not found)

When a resource is not found.

HTTP/1.1 404 Not Found
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Wed, 21 Mar 2018 11:38:14 GMT
Content-Length: 130

{
  "server_time" : "2018-03-21T12:38:15.084+01:00[Europe/Berlin]",
  "code" : "404",
  "message" : "requested rp was not found"
}

11.3.5. HTTP 409 (conflict)

Creating a mediation record v2 with a reference id that was already used for another record results in this error.

Concurrent changes to a resource can in rare cases result in this error. Please retry your change to the resource after retrieving it again.