openapi: 3.0.1 info: title: PSD2 Certificate Service by Consorsbank, BNP Paribas Wealth Management - Private Banking and DAB BNP Paribas version: '1.0' description: | # Summary For the authentication of the TPP as a client, the eIDAS-based site authentication certificate will be used. The TPP must also be licensed by the BaFin (German banking regulatory authority) or other national authorities within the EU to provide PSD2 services. As issuing a real certificate just for testing purposes will create too much effort, the Sandbox acts as a TSP issuing Qualified Website Authentication Certificates (QWAC) valid only for the Sandbox. A QWAC is defined in eIDAS and is implemented as a X.509 certificate. For PSD2 purposes the certificate gets extended by the QcStatement containing appropriate values such as the role(s) of the PSP (see ETSI). After embedding the QWAC in the actual XS2A request, the role and the signature get validated. ## Consorsbank, BNP Paribas Wealth Management - Private Banking and DAB BNP Paribas Contacts: * Consorsbank: [https://www.consorsbank.de/service-beratung/xs2a/] [mailto: xs2a@consorsbank.de] * BNP Paribas Wealth Management - Private Banking: [https://www.consorsbank.de/service-beratung/xs2a/] [mailto: xs2a.privatebanking@de.bnpparibas.com] * DAB BNP Paribas : [https://b2b.dab-bank.de/xs2a/] [mailto: xs2a@dab.com] license: name: Creative Commons Attribution 4.0 International Public License url: https://creativecommons.org/licenses/by/4.0/ servers: - url: https://xs2a-sndbx.consorsbank.de description: Consorsbank and BNP Paribas Wealth Management - Private Banking XS2A Sandbox Server (valid from 14MAR2019) - url: https://xs2a-sndbx.dab-bank.de description: DAB BNP Paribas XS2A Sandbox Server (valid from 14MAR2019) paths: /api/cert-generator: post: summary: Certificate Generation security: [] # No security description: | This method is used to generate a client certificate (.pem and .key file). The following TPP roles are supported: * "PISP" * "AISP" * "PIISP" The generated certificate can only be used for the sandbox. operationId: generateCertificate tags: - Certificate Service requestBody: $ref: '#/components/requestBodies/generationOfCertificate' responses: '200': $ref: '#/components/responses/OK_200_CertificateGeneration' '400': $ref: '#/components/responses/BAD_REQUEST_400_CERT' '403': $ref: '#/components/responses/FORBIDDEN_403_CERT' '404': $ref: '#/components/responses/NOT_FOUND_404_CERT' '405': $ref: '#/components/responses/METHOD_NOT_ALLOWED_405_CERT' '406': $ref: '#/components/responses/NOT_ACCEPTABLE_406_CERT' '408': $ref: '#/components/responses/REQUEST_TIMEOUT_408_CERT' '409': $ref: '#/components/responses/CONFLICT_409_CERT' '415': $ref: '#/components/responses/UNSUPPORTED_MEDIA_TYPE_415_CERT' '429': $ref: '#/components/responses/TOO_MANY_REQUESTS_429_CERT' '500': $ref: '#/components/responses/INTERNAL_SERVER_ERROR_500_CERT' '503': $ref: '#/components/responses/SERVICE_UNAVAILABLE_503_CERT' components: schemas: certificateRequest: description: | Body for a certificate generation. type: object required: - authorizationNumber - validity - organizationName - roles properties: authorizationNumber: description: > Available in the Public Register of the appropriate National Competent Authority. type: string countryName: description: | Name of the country your corporation is registered type: string domainComponent: description: | Domain of your corporation type: string localityName: description: | Name of the city of your corporation headquarter type: string organizationName: description: | Registered name of your corporation type: string organizationUnit: description: | Organization unit of your corporation type: string example: Information Technology stateOrProvinceName: description: | Name of the state/province of your corporation headquarter type: string roles: $ref: '#/components/schemas/tppRoles' validity: description: | Number of days the certificate is valid type: integer minimum: 1 maximum: 365 certificateResponse: description: | Certificate Response type: object required: - encodedCert - privateKey properties: encodedCert: description: | Encoded Certificate. type: string privateKey: description: | Private Key. type: string tppRoles: description: | Array of TPP roles. The following TPP roles are supported: * "PISP" * "AISP" * "PIISP" type: array items: $ref: '#/components/schemas/tppRole' uniqueItems: true tppRole: description: Role of the TPP type: string enum: - PISP - AISP - PIISP tppMessageText: description: Additional explaining text. type: string maxLength: 512 tppMessageStatus: description: status of the TPP message status type: integer tppMessagePath: description: The path that was called causing this response. type: string tppErrorTitle: description: | Short human readable description of error type. Could be in local language. To be provided by ASPSPs. type: string tppErrorDetail: description: | Detailed human readable text specific to this instance of the error. type: string tppErrorTimestamp: description: | A timestamp [RFC3339] when the problem ocurred. type: string format: date-time Error400_CERT: description: > Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 400 for Certificate Generation. type: object required: - timestamp - status properties: timestamp: $ref: '#/components/schemas/tppErrorTimestamp' status: description: | HTTP status code type: integer error: $ref: '#/components/schemas/tppErrorDetail' exception: description: | Details about the underlying exception causing this error. type: string errors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: >- This is a data element to support the declaration of additional errors in the context of HTTP 400. type: object required: - code properties: title: $ref: '#/components/schemas/tppErrorTitle' detail: $ref: '#/components/schemas/tppErrorDetail' code: type: string message: description: | A detailed error message about the cause of this error. type: string path: $ref: '#/components/schemas/tppMessagePath' Error403_CERT: description: > Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for CERT. type: object required: - timestamp - code properties: timestamp: $ref: '#/components/schemas/tppErrorTimestamp' title: description: | Short human readable description of error type. Could be in local language. type: string maxLength: 70 error: $ref: '#/components/schemas/tppErrorDetail' code: $ref: '#/components/schemas/tppMessageStatus' errors: description: | Array of Error Information Blocks. Might be used if more than one error is to be communicated type: array items: description: >- This is a data element to support the declaration of additional errors in the context of [RFC7807]. type: object required: - code properties: title: $ref: '#/components/schemas/tppErrorTitle' detail: $ref: '#/components/schemas/tppErrorDetail' code: $ref: '#/components/schemas/tppMessageStatus' path: $ref: '#/components/schemas/tppMessagePath' Error404_CERT: description: > Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 404 for CERT. type: object required: - code properties: code: $ref: '#/components/schemas/tppMessageStatus' message: $ref: '#/components/schemas/tppMessageText' Error415_CERT: description: > Definition of reporting error information in case of a HTTP error code 415. type: object required: - timestamp - status properties: timestamp: $ref: '#/components/schemas/tppErrorTimestamp' status: $ref: '#/components/schemas/tppMessageStatus' error: $ref: '#/components/schemas/tppErrorDetail' exception: description: | Details about the underlying exception causing this error. type: string message: description: | A detailed error message about the cause of this error. type: string path: $ref: '#/components/schemas/tppMessagePath' Error429_CERT: description: > Specific definition of reporting error information in case of a HTTP error code 429. type: object properties: timestamp: $ref: '#/components/schemas/tppErrorTimestamp' status: $ref: '#/components/schemas/tppMessageStatus' error: $ref: '#/components/schemas/tppErrorDetail' path: $ref: '#/components/schemas/tppMessagePath' example: - timestamp: '2019-01-10T10:01:12.999+0000' status: 409 error: additional text information requestBodies: generationOfCertificate: description: | JSON request body for certificate generation content: application/json: schema: $ref: '#/components/schemas/certificateRequest' examples: 'Example: ''Certificate Generation''': $ref: '#/components/examples/certificateGenerationExample' required: true responses: OK_200_CertificateGeneration: description: OK content: application/json: schema: $ref: '#/components/schemas/certificateResponse' NO_CONTENT_204_CERT: description: No Content BAD_REQUEST_400_CERT: description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Error400_CERT' application/problem+json: schema: $ref: '#/components/schemas/Error400_CERT' FORBIDDEN_403_CERT: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Error403_CERT' application/problem+json: schema: $ref: '#/components/schemas/Error403_CERT' NOT_FOUND_404_CERT: description: Not found content: application/json: schema: $ref: '#/components/schemas/Error404_CERT' application/problem+json: schema: $ref: '#/components/schemas/Error404_CERT' METHOD_NOT_ALLOWED_405_CERT: description: Method Not Allowed NOT_ACCEPTABLE_406_CERT: description: Not Acceptable REQUEST_TIMEOUT_408_CERT: description: Request Timeout CONFLICT_409_CERT: description: Conflict UNSUPPORTED_MEDIA_TYPE_415_CERT: description: Unsupported Media Type content: application/json: schema: $ref: '#/components/schemas/Error415_CERT' application/problem+json: schema: $ref: '#/components/schemas/Error415_CERT' TOO_MANY_REQUESTS_429_CERT: description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Error429_CERT' application/problem+json: schema: $ref: '#/components/schemas/Error429_CERT' INTERNAL_SERVER_ERROR_500_CERT: description: Internal Server Error SERVICE_UNAVAILABLE_503_CERT: description: Service Unavailable examples: certificateGenerationExample: value: authorizationNumber: 87B2AC organizationName: Fictional Corporation AG countryName: Germany domainComponent: my.domain.com localityName: Munich organizationUnit: Information Technology stateOrProvinceName: Bayern validity: 365 security: - {} tags: - name: Certificate Service description: > Certificate Service returns a client certificate to use with XS2A services.