---
swagger: "2.0"
info:
title: Confirmation of Funds V3 Sandbox
description: "The API endpoints described here allow a Card Based Payment Instrument
Issuer ('CBPII') to: \n - Register an intent to confirm funds by creating an
\"funds confirmation consent\" resource with an ASPSP, for agreement between the
PSU and ASPSP. This consent is a long lived consent, and contains the length of
time (expiration date) the customer (PSU) would like to provide to the CBPII;
and \n - Subsequently make a request to confirm funds are available.\n - Funds
can only be confirmed against the currency of the account.\n\n
\nThis API is
developed according to the Open Banking Read/Write API Specifications, see [https://www.openbanking.org.uk](https://www.openbanking.org.uk)\n\n
\n**API
Information**\n\n| Title | Confirmation of Funds V3 Sandbox |\n|-----|-----|\n|
Protocol | TLS-MA |\n| Open Banking Specification Version | 3.1 |\n| Access
\ | Free to use but subscription is required\n\n\n** Key Features:**\n- Registration
of consent to allow CBPII to make requests for funds confirmation\n- Processing
of requests to confirm funds are available\n- Process requests for revocation
of a previously registered consent"
termsOfService: https://www.openbanking.org.uk/terms
contact:
name: Support Mailbox
email: openbankingAPI@santander.co.uk
license:
name: open-licence
url: https://www.openbanking.org.uk/open-licence
version: 3.1.6
x-ibm-name: confirmation-of-funds-v3-1
basePath: /open-banking/v3.1/cbpii
schemes:
- https
consumes:
- application/json
- application/json; charset=utf-8
produces:
- application/json
- application/json; charset=utf-8
paths:
/funds-confirmation-consents:
post:
tags:
- Funds Confirmations
summary: Create Funds Confirmation Consent
operationId: CreateFundsConfirmationConsents
parameters:
- $ref: '#/parameters/OBFundsConfirmationConsent1Param'
- $ref: '#/parameters/x-fapi-financial-id-Param'
- $ref: '#/parameters/x-fapi-customer-last-logged-time-Param'
- $ref: '#/parameters/x-fapi-customer-ip-address-Param'
- $ref: '#/parameters/x-fapi-interaction-id-Param'
- $ref: '#/parameters/AuthorizationParam'
- $ref: '#/parameters/x-customer-user-agent-Param'
responses:
201:
$ref: '#/responses/201FundsConfirmationConsentsCreated'
400:
$ref: '#/responses/400ErrorResponse'
401:
$ref: '#/responses/401ErrorResponse'
403:
$ref: '#/responses/403ErrorResponse'
404:
$ref: '#/responses/404ErrorResponse'
405:
$ref: '#/responses/405ErrorResponse'
406:
$ref: '#/responses/406ErrorResponse'
415:
$ref: '#/responses/415ErrorResponse'
429:
$ref: '#/responses/429ErrorResponse'
500:
$ref: '#/responses/500ErrorResponse'
security:
- TPPOAuth2Security:
- fundsconfirmations
/funds-confirmation-consents/{ConsentId}:
get:
tags:
- Funds Confirmations
summary: Get Funds Confirmation Consent
operationId: GetFundsConfirmationConsentsConsentId
parameters:
- $ref: '#/parameters/ConsentId'
- $ref: '#/parameters/x-fapi-financial-id-Param'
- $ref: '#/parameters/x-fapi-customer-last-logged-time-Param'
- $ref: '#/parameters/x-fapi-customer-ip-address-Param'
- $ref: '#/parameters/x-fapi-interaction-id-Param'
- $ref: '#/parameters/AuthorizationParam'
- $ref: '#/parameters/x-customer-user-agent-Param'
responses:
200:
$ref: '#/responses/200FundsConfirmationConsentsConsentIdRead'
400:
$ref: '#/responses/400ErrorResponse'
401:
$ref: '#/responses/401ErrorResponse'
403:
$ref: '#/responses/403ErrorResponse'
404:
$ref: '#/responses/404ErrorResponse'
405:
$ref: '#/responses/405ErrorResponse'
406:
$ref: '#/responses/406ErrorResponse'
429:
$ref: '#/responses/429ErrorResponse'
500:
$ref: '#/responses/500ErrorResponse'
security:
- TPPOAuth2Security:
- fundsconfirmations
delete:
tags:
- Funds Confirmations
summary: Delete Funds Confirmation Consent
operationId: DeleteFundsConfirmationConsentsConsentId
parameters:
- $ref: '#/parameters/ConsentId'
- $ref: '#/parameters/x-fapi-financial-id-Param'
- $ref: '#/parameters/x-fapi-customer-last-logged-time-Param'
- $ref: '#/parameters/x-fapi-customer-ip-address-Param'
- $ref: '#/parameters/x-fapi-interaction-id-Param'
- $ref: '#/parameters/AuthorizationParam'
- $ref: '#/parameters/x-customer-user-agent-Param'
responses:
204:
$ref: '#/responses/204FundsConfirmationConsentsConsentIdDeleted'
400:
$ref: '#/responses/400ErrorResponse'
401:
$ref: '#/responses/401ErrorResponse'
403:
$ref: '#/responses/403ErrorResponse'
404:
$ref: '#/responses/404ErrorResponse'
405:
$ref: '#/responses/405ErrorResponse'
406:
$ref: '#/responses/406ErrorResponse'
429:
$ref: '#/responses/429ErrorResponse'
500:
$ref: '#/responses/500ErrorResponse'
security:
- TPPOAuth2Security:
- fundsconfirmations
/funds-confirmations:
post:
tags:
- Funds Confirmations
summary: Create Funds Confirmation
operationId: CreateFundsConfirmations
parameters:
- $ref: '#/parameters/OBFundsConfirmation1Param'
- $ref: '#/parameters/x-fapi-financial-id-Param'
- $ref: '#/parameters/x-fapi-customer-last-logged-time-Param'
- $ref: '#/parameters/x-fapi-customer-ip-address-Param'
- $ref: '#/parameters/x-fapi-interaction-id-Param'
- $ref: '#/parameters/AuthorizationParam'
- $ref: '#/parameters/x-customer-user-agent-Param'
responses:
201:
$ref: '#/responses/201FundsConfirmationsCreated'
400:
$ref: '#/responses/400ErrorResponse'
401:
$ref: '#/responses/401ErrorResponse'
403:
$ref: '#/responses/403ErrorResponse'
404:
$ref: '#/responses/404ErrorResponse'
405:
$ref: '#/responses/405ErrorResponse'
406:
$ref: '#/responses/406ErrorResponse'
415:
$ref: '#/responses/415ErrorResponse'
429:
$ref: '#/responses/429ErrorResponse'
500:
$ref: '#/responses/500ErrorResponse'
security:
- PSUOAuth2Security:
- fundsconfirmations
parameters:
x-fapi-financial-id-Param:
in: header
name: x-fapi-financial-id
type: string
required: true
description: The unique id of the ASPSP to which the request is issued. The unique
id will be issued by OB.
x-fapi-customer-ip-address-Param:
in: header
name: x-fapi-customer-ip-address
type: string
required: false
description: The PSU's IP address if the PSU is currently logged in with the TPP.
x-fapi-interaction-id-Param:
in: header
name: x-fapi-interaction-id
type: string
required: false
description: An RFC4122 UID used as a correlation id.
x-fapi-customer-last-logged-time-Param:
in: header
name: x-fapi-customer-last-logged-time
type: string
required: false
description: "The time when the PSU last logged in with the TPP. \nAll dates in
the HTTP headers are represented as RFC 7231 Full Dates. An example is below:
\nSun, 10 Sep 2017 19:43:31 UTC"
pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)
\d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$
AuthorizationParam:
in: header
name: Authorization
type: string
required: true
description: An Authorisation Token as per https://tools.ietf.org/html/rfc6750
OBFundsConfirmation1Param:
name: OBFundsConfirmation1Param
in: body
description: Default
required: true
schema:
$ref: '#/definitions/OBFundsConfirmation1'
OBFundsConfirmationConsent1Param:
name: OBFundsConfirmationConsent1Param
in: body
description: Default
required: true
schema:
$ref: '#/definitions/OBFundsConfirmationConsent1'
ConsentId:
name: ConsentId
in: path
description: ConsentId
required: true
type: string
x-customer-user-agent-Param:
in: header
name: x-customer-user-agent
type: string
description: Indicates the user-agent that the PSU is using.
required: false
responses:
201FundsConfirmationsCreated:
description: Funds Confirmation Created
headers:
x-fapi-interaction-id:
type: string
description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/definitions/OBFundsConfirmationResponse1'
201FundsConfirmationConsentsCreated:
description: Funds Confirmation Consent Created
headers:
x-fapi-interaction-id:
type: string
description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/definitions/OBFundsConfirmationConsentResponse1'
200FundsConfirmationConsentsConsentIdRead:
description: Funds Confirmation Consent Read
headers:
x-fapi-interaction-id:
type: string
description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/definitions/OBFundsConfirmationConsentResponse1'
204FundsConfirmationConsentsConsentIdDeleted:
description: Funds Confirmation Consent Deleted
headers:
x-fapi-interaction-id:
type: string
description: An RFC4122 UID used as a correlation id.
400ErrorResponse:
description: Bad request
schema:
$ref: '#/definitions/OBErrorResponse1'
401ErrorResponse:
description: Unauthorized
403ErrorResponse:
description: Forbidden
404ErrorResponse:
description: Not found
405ErrorResponse:
description: Method Not Allowed
406ErrorResponse:
description: Not Acceptable
415ErrorResponse:
description: Unsupported Media Type
429ErrorResponse:
description: Too Many Requests
headers:
Retry-After:
description: Number in seconds to wait
type: integer
500ErrorResponse:
description: Internal Server Error
schema:
$ref: '#/definitions/OBErrorResponse1'
securityDefinitions:
PSUOAuth2Security:
type: oauth2
flow: accessCode
scopes:
fundsconfirmations: Funds confirmation entitlement
description: OAuth flow, it is required when the PSU needs to perform SCA with
the ASPSP when a TPP wants to access an ASPSP resource owned by the PSU
x-tokenIntrospect:
url: https://openbanking-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/introspect
tokenUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/token
authorizationUrl: https://openbanking-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/authorize
TPPOAuth2Security:
type: oauth2
flow: application
scopes:
fundsconfirmations: Funds confirmation entitlement
description: TPP client credential authorisation flow with the ASPSP
tokenUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/token
definitions:
OBActiveCurrencyAndAmount_SimpleType:
description: A number of monetary units specified in an active currency where
the unit of currency is explicit and compliant with ISO 4217.
type: string
pattern: ^\d{1,13}\.\d{1,5}$
OBActiveOrHistoricCurrencyAndAmount:
description: Amount of money to be confirmed as available funds in the debtor
account. Contains an Amount and a Currency.
type: object
properties:
Amount:
$ref: '#/definitions/OBActiveCurrencyAndAmount_SimpleType'
Currency:
description: A code allocated to a currency by a Maintenance Agency under
an international identification scheme, as described in the latest edition
of the international standard ISO 4217 "Codes for the representation of
currencies and funds".
type: string
pattern: ^[A-Z]{3,3}$
required:
- Amount
- Currency
additionalProperties: false
OBCashAccountDebtor4:
description: Unambiguous identification of the account of the debtor to which
a confirmation of funds consent will be applied.
type: object
properties:
SchemeName:
$ref: '#/definitions/OBExternalAccountIdentification4Code'
Identification:
description: Identification assigned by an institution to identify an account.
This identification is known by the account owner.
type: string
minLength: 1
maxLength: 256
Name:
description: |-
Name of the account, as assigned by the account servicing institution.
Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account.
type: string
minLength: 1
maxLength: 70
SecondaryIdentification:
description: "This is secondary identification of the account, as assigned
by the account servicing institution. \nThis can be used by building societies
to additionally identify accounts with a roll number (in addition to a sort
code and account number combination)."
type: string
minLength: 1
maxLength: 34
required:
- SchemeName
- Identification
additionalProperties: false
OBExternalAccountIdentification4Code:
description: Name of the identification scheme, in a coded form as published in
an external list.
type: string
example:
- UK.OBIE.BBAN
- UK.OBIE.IBAN
- UK.OBIE.PAN
- UK.OBIE.Paym
- UK.OBIE.SortCodeAccountNumber
minLength: 1
maxLength: 40
OBExternalRequestStatus1Code:
description: Specifies the status of consent resource in code form.
type: string
enum:
- Authorised
- AwaitingAuthorisation
- Rejected
- Revoked
OBFundsConfirmation1:
type: object
properties:
Data:
$ref: '#/definitions/OBFundsConfirmationData1'
required:
- Data
additionalProperties: false
OBFundsConfirmationConsent1:
type: object
properties:
Data:
$ref: '#/definitions/OBFundsConfirmationConsentData1'
required:
- Data
additionalProperties: false
OBFundsConfirmationConsentData1:
type: object
properties:
ExpirationDateTime:
description: "Specified date and time the funds confirmation authorisation
will expire.\n If this is not populated, the authorisation will be open
ended.\nAll dates in the JSON payloads are represented in ISO 8601 date-time
format. \nAll date-time fields in responses must include the timezone. An
example is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
DebtorAccount:
$ref: '#/definitions/OBCashAccountDebtor4'
required:
- DebtorAccount
additionalProperties: false
OBFundsConfirmationConsentDataResponse1:
type: object
properties:
ConsentId:
description: Unique identification as assigned to identify the funds confirmation
consent resource.
type: string
minLength: 1
maxLength: 128
CreationDateTime:
description: "Date and time at which the resource was created.\nAll dates
in the JSON payloads are represented in ISO 8601 date-time format. \nAll
date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
Status:
$ref: '#/definitions/OBExternalRequestStatus1Code'
StatusUpdateDateTime:
description: "Date and time at which the resource status was updated.\nAll
dates in the JSON payloads are represented in ISO 8601 date-time format.
\nAll date-time fields in responses must include the timezone. An example
is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
ExpirationDateTime:
description: "Specified date and time the funds confirmation authorisation
will expire.\nIf this is not populated, the authorisation will be open ended.\nAll
dates in the JSON payloads are represented in ISO 8601 date-time format.
\nAll date-time fields in responses must include the timezone. An example
is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
DebtorAccount:
$ref: '#/definitions/OBCashAccountDebtor4'
required:
- ConsentId
- CreationDateTime
- Status
- StatusUpdateDateTime
- DebtorAccount
additionalProperties: false
OBFundsConfirmationConsentResponse1:
type: object
properties:
Data:
$ref: '#/definitions/OBFundsConfirmationConsentDataResponse1'
Links:
$ref: '#/definitions/Links'
Meta:
$ref: '#/definitions/Meta'
required:
- Data
- Links
- Meta
additionalProperties: false
OBFundsConfirmationData1:
type: object
properties:
ConsentId:
description: Unique identification as assigned by the ASPSP to uniquely identify
the funds confirmation consent resource.
type: string
minLength: 1
maxLength: 128
Reference:
description: Unique reference, as assigned by the CBPII, to unambiguously
refer to the request related to the payment transaction.
type: string
minLength: 1
maxLength: 35
InstructedAmount:
$ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount'
required:
- ConsentId
- Reference
- InstructedAmount
additionalProperties: false
OBFundsConfirmationDataResponse1:
type: object
properties:
FundsConfirmationId:
description: Unique identification as assigned by the ASPSP to uniquely identify
the funds confirmation resource.
type: string
minLength: 1
maxLength: 40
ConsentId:
description: Unique identification as assigned by the ASPSP to uniquely identify
the funds confirmation consent resource.
type: string
minLength: 1
maxLength: 128
CreationDateTime:
description: "Date and time at which the resource was created.\nAll dates
in the JSON payloads are represented in ISO 8601 date-time format. \nAll
date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
FundsAvailable:
description: Flag to indicate the result of a confirmation of funds check.
type: boolean
Reference:
description: Unique reference, as assigned by the CBPII, to unambiguously
refer to the request related to the payment transaction.
type: string
minLength: 1
maxLength: 35
InstructedAmount:
$ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount'
required:
- FundsConfirmationId
- ConsentId
- CreationDateTime
- FundsAvailable
- Reference
- InstructedAmount
additionalProperties: false
OBFundsConfirmationResponse1:
type: object
properties:
Data:
$ref: '#/definitions/OBFundsConfirmationDataResponse1'
Links:
$ref: '#/definitions/Links'
Meta:
$ref: '#/definitions/Meta'
required:
- Data
- Links
- Meta
additionalProperties: false
Links:
type: object
description: Links relevant to the payload
properties:
Self:
type: string
format: uri
First:
type: string
format: uri
Prev:
type: string
format: uri
Next:
type: string
format: uri
Last:
type: string
format: uri
additionalProperties: false
required:
- Self
Meta:
title: MetaData
type: object
description: Meta Data relevant to the payload
properties:
TotalPages:
type: integer
format: int32
FirstAvailableDateTime:
$ref: '#/definitions/ISODateTime'
LastAvailableDateTime:
$ref: '#/definitions/ISODateTime'
additionalProperties: false
ISODateTime:
description: "All dates in the JSON payloads are represented in ISO 8601 date-time
format. \nAll date-time fields in responses must include the timezone. An example
is below:\n2017-04-05T10:43:07+00:00"
type: string
format: date-time
OBError1:
type: object
properties:
ErrorCode:
description: Low level textual error code, e.g., UK.OBIE.Field.Missing
type: string
minLength: 1
maxLength: 128
Message:
description: |-
A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'
OBIE doesn't standardise this field
type: string
minLength: 1
maxLength: 500
Path:
description: Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
type: string
minLength: 1
maxLength: 500
Url:
description: URL to help remediate the problem, or provide more information,
or to API Reference, or help etc
type: string
required:
- ErrorCode
- Message
additionalProperties: false
minProperties: 1
OBErrorResponse1:
description: An array of detail error codes, and messages, and URLs to documentation
to help remediation.
type: object
properties:
Code:
description: High level textual error code, to help categorize the errors.
type: string
minLength: 1
maxLength: 40
Id:
description: A unique reference for the error instance, for audit purposes,
in case of unknown/unclassified errors.
type: string
minLength: 1
maxLength: 40
Message:
description: Brief Error message, e.g., 'There is something wrong with the
request parameters provided'
type: string
minLength: 1
maxLength: 500
Errors:
items:
$ref: '#/definitions/OBError1'
type: array
minItems: 1
required:
- Code
- Message
- Errors
additionalProperties: false
x-ibm-configuration:
enforced: true
phase: realized
categories:
- Type / Experience
- SanUK Business Domain / Personal Accounts
testable: true
security:
- PSUOAuth2Security:
- fundsconfirmations
TPPOAuth2Security:
- fundsconfirmations
x-ibm-endpoints:
- endpointUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox
type:
- production
...