--- swagger: "2.0" info: title: Confirmation of Funds V3 Sandbox description: "The API endpoints described here allow a Card Based Payment Instrument Issuer ('CBPII') to: \n - Register an intent to confirm funds by creating an \"funds confirmation consent\" resource with an ASPSP, for agreement between the PSU and ASPSP. This consent is a long lived consent, and contains the length of time (expiration date) the customer (PSU) would like to provide to the CBPII; and \n - Subsequently make a request to confirm funds are available.\n - Funds can only be confirmed against the currency of the account.\n\n
\nThis API is developed according to the Open Banking Read/Write API Specifications, see [https://www.openbanking.org.uk](https://www.openbanking.org.uk)\n\n
\n**API Information**\n\n| Title | Confirmation of Funds V3 Sandbox |\n|-----|-----|\n| Protocol | TLS-MA |\n| Open Banking Specification Version | 3.1 |\n| Access \ | Free to use but subscription is required\n\n\n** Key Features:**\n- Registration of consent to allow CBPII to make requests for funds confirmation\n- Processing of requests to confirm funds are available\n- Process requests for revocation of a previously registered consent" termsOfService: https://www.openbanking.org.uk/terms contact: name: Support Mailbox email: openbankingAPI@santander.co.uk license: name: open-licence url: https://www.openbanking.org.uk/open-licence version: 3.1.6 x-ibm-name: confirmation-of-funds-v3-1 basePath: /open-banking/v3.1/cbpii schemes: - https consumes: - application/json - application/json; charset=utf-8 produces: - application/json - application/json; charset=utf-8 paths: /funds-confirmation-consents: post: tags: - Funds Confirmations summary: Create Funds Confirmation Consent operationId: CreateFundsConfirmationConsents parameters: - $ref: '#/parameters/OBFundsConfirmationConsent1Param' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/AuthorizationParam' - $ref: '#/parameters/x-customer-user-agent-Param' responses: 201: $ref: '#/responses/201FundsConfirmationConsentsCreated' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 415: $ref: '#/responses/415ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations /funds-confirmation-consents/{ConsentId}: get: tags: - Funds Confirmations summary: Get Funds Confirmation Consent operationId: GetFundsConfirmationConsentsConsentId parameters: - $ref: '#/parameters/ConsentId' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/AuthorizationParam' - $ref: '#/parameters/x-customer-user-agent-Param' responses: 200: $ref: '#/responses/200FundsConfirmationConsentsConsentIdRead' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations delete: tags: - Funds Confirmations summary: Delete Funds Confirmation Consent operationId: DeleteFundsConfirmationConsentsConsentId parameters: - $ref: '#/parameters/ConsentId' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/AuthorizationParam' - $ref: '#/parameters/x-customer-user-agent-Param' responses: 204: $ref: '#/responses/204FundsConfirmationConsentsConsentIdDeleted' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations /funds-confirmations: post: tags: - Funds Confirmations summary: Create Funds Confirmation operationId: CreateFundsConfirmations parameters: - $ref: '#/parameters/OBFundsConfirmation1Param' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/AuthorizationParam' - $ref: '#/parameters/x-customer-user-agent-Param' responses: 201: $ref: '#/responses/201FundsConfirmationsCreated' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 415: $ref: '#/responses/415ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - PSUOAuth2Security: - fundsconfirmations parameters: x-fapi-financial-id-Param: in: header name: x-fapi-financial-id type: string required: true description: The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB. x-fapi-customer-ip-address-Param: in: header name: x-fapi-customer-ip-address type: string required: false description: The PSU's IP address if the PSU is currently logged in with the TPP. x-fapi-interaction-id-Param: in: header name: x-fapi-interaction-id type: string required: false description: An RFC4122 UID used as a correlation id. x-fapi-customer-last-logged-time-Param: in: header name: x-fapi-customer-last-logged-time type: string required: false description: "The time when the PSU last logged in with the TPP. \nAll dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: \nSun, 10 Sep 2017 19:43:31 UTC" pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$ AuthorizationParam: in: header name: Authorization type: string required: true description: An Authorisation Token as per https://tools.ietf.org/html/rfc6750 OBFundsConfirmation1Param: name: OBFundsConfirmation1Param in: body description: Default required: true schema: $ref: '#/definitions/OBFundsConfirmation1' OBFundsConfirmationConsent1Param: name: OBFundsConfirmationConsent1Param in: body description: Default required: true schema: $ref: '#/definitions/OBFundsConfirmationConsent1' ConsentId: name: ConsentId in: path description: ConsentId required: true type: string x-customer-user-agent-Param: in: header name: x-customer-user-agent type: string description: Indicates the user-agent that the PSU is using. required: false responses: 201FundsConfirmationsCreated: description: Funds Confirmation Created headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationResponse1' 201FundsConfirmationConsentsCreated: description: Funds Confirmation Consent Created headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationConsentResponse1' 200FundsConfirmationConsentsConsentIdRead: description: Funds Confirmation Consent Read headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationConsentResponse1' 204FundsConfirmationConsentsConsentIdDeleted: description: Funds Confirmation Consent Deleted headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. 400ErrorResponse: description: Bad request schema: $ref: '#/definitions/OBErrorResponse1' 401ErrorResponse: description: Unauthorized 403ErrorResponse: description: Forbidden 404ErrorResponse: description: Not found 405ErrorResponse: description: Method Not Allowed 406ErrorResponse: description: Not Acceptable 415ErrorResponse: description: Unsupported Media Type 429ErrorResponse: description: Too Many Requests headers: Retry-After: description: Number in seconds to wait type: integer 500ErrorResponse: description: Internal Server Error schema: $ref: '#/definitions/OBErrorResponse1' securityDefinitions: PSUOAuth2Security: type: oauth2 flow: accessCode scopes: fundsconfirmations: Funds confirmation entitlement description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when a TPP wants to access an ASPSP resource owned by the PSU x-tokenIntrospect: url: https://openbanking-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/introspect tokenUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/token authorizationUrl: https://openbanking-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/authorize TPPOAuth2Security: type: oauth2 flow: application scopes: fundsconfirmations: Funds confirmation entitlement description: TPP client credential authorisation flow with the ASPSP tokenUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox/open-banking/openid-connect-provider/v1/oauth2/token definitions: OBActiveCurrencyAndAmount_SimpleType: description: A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. type: string pattern: ^\d{1,13}\.\d{1,5}$ OBActiveOrHistoricCurrencyAndAmount: description: Amount of money to be confirmed as available funds in the debtor account. Contains an Amount and a Currency. type: object properties: Amount: $ref: '#/definitions/OBActiveCurrencyAndAmount_SimpleType' Currency: description: A code allocated to a currency by a Maintenance Agency under an international identification scheme, as described in the latest edition of the international standard ISO 4217 "Codes for the representation of currencies and funds". type: string pattern: ^[A-Z]{3,3}$ required: - Amount - Currency additionalProperties: false OBCashAccountDebtor4: description: Unambiguous identification of the account of the debtor to which a confirmation of funds consent will be applied. type: object properties: SchemeName: $ref: '#/definitions/OBExternalAccountIdentification4Code' Identification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 256 Name: description: |- Name of the account, as assigned by the account servicing institution. Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account. type: string minLength: 1 maxLength: 70 SecondaryIdentification: description: "This is secondary identification of the account, as assigned by the account servicing institution. \nThis can be used by building societies to additionally identify accounts with a roll number (in addition to a sort code and account number combination)." type: string minLength: 1 maxLength: 34 required: - SchemeName - Identification additionalProperties: false OBExternalAccountIdentification4Code: description: Name of the identification scheme, in a coded form as published in an external list. type: string example: - UK.OBIE.BBAN - UK.OBIE.IBAN - UK.OBIE.PAN - UK.OBIE.Paym - UK.OBIE.SortCodeAccountNumber minLength: 1 maxLength: 40 OBExternalRequestStatus1Code: description: Specifies the status of consent resource in code form. type: string enum: - Authorised - AwaitingAuthorisation - Rejected - Revoked OBFundsConfirmation1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationData1' required: - Data additionalProperties: false OBFundsConfirmationConsent1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationConsentData1' required: - Data additionalProperties: false OBFundsConfirmationConsentData1: type: object properties: ExpirationDateTime: description: "Specified date and time the funds confirmation authorisation will expire.\n If this is not populated, the authorisation will be open ended.\nAll dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time DebtorAccount: $ref: '#/definitions/OBCashAccountDebtor4' required: - DebtorAccount additionalProperties: false OBFundsConfirmationConsentDataResponse1: type: object properties: ConsentId: description: Unique identification as assigned to identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 CreationDateTime: description: "Date and time at which the resource was created.\nAll dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time Status: $ref: '#/definitions/OBExternalRequestStatus1Code' StatusUpdateDateTime: description: "Date and time at which the resource status was updated.\nAll dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time ExpirationDateTime: description: "Specified date and time the funds confirmation authorisation will expire.\nIf this is not populated, the authorisation will be open ended.\nAll dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time DebtorAccount: $ref: '#/definitions/OBCashAccountDebtor4' required: - ConsentId - CreationDateTime - Status - StatusUpdateDateTime - DebtorAccount additionalProperties: false OBFundsConfirmationConsentResponse1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationConsentDataResponse1' Links: $ref: '#/definitions/Links' Meta: $ref: '#/definitions/Meta' required: - Data - Links - Meta additionalProperties: false OBFundsConfirmationData1: type: object properties: ConsentId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 Reference: description: Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction. type: string minLength: 1 maxLength: 35 InstructedAmount: $ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount' required: - ConsentId - Reference - InstructedAmount additionalProperties: false OBFundsConfirmationDataResponse1: type: object properties: FundsConfirmationId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation resource. type: string minLength: 1 maxLength: 40 ConsentId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 CreationDateTime: description: "Date and time at which the resource was created.\nAll dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time FundsAvailable: description: Flag to indicate the result of a confirmation of funds check. type: boolean Reference: description: Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction. type: string minLength: 1 maxLength: 35 InstructedAmount: $ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount' required: - FundsConfirmationId - ConsentId - CreationDateTime - FundsAvailable - Reference - InstructedAmount additionalProperties: false OBFundsConfirmationResponse1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationDataResponse1' Links: $ref: '#/definitions/Links' Meta: $ref: '#/definitions/Meta' required: - Data - Links - Meta additionalProperties: false Links: type: object description: Links relevant to the payload properties: Self: type: string format: uri First: type: string format: uri Prev: type: string format: uri Next: type: string format: uri Last: type: string format: uri additionalProperties: false required: - Self Meta: title: MetaData type: object description: Meta Data relevant to the payload properties: TotalPages: type: integer format: int32 FirstAvailableDateTime: $ref: '#/definitions/ISODateTime' LastAvailableDateTime: $ref: '#/definitions/ISODateTime' additionalProperties: false ISODateTime: description: "All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: string format: date-time OBError1: type: object properties: ErrorCode: description: Low level textual error code, e.g., UK.OBIE.Field.Missing type: string minLength: 1 maxLength: 128 Message: description: |- A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field type: string minLength: 1 maxLength: 500 Path: description: Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency type: string minLength: 1 maxLength: 500 Url: description: URL to help remediate the problem, or provide more information, or to API Reference, or help etc type: string required: - ErrorCode - Message additionalProperties: false minProperties: 1 OBErrorResponse1: description: An array of detail error codes, and messages, and URLs to documentation to help remediation. type: object properties: Code: description: High level textual error code, to help categorize the errors. type: string minLength: 1 maxLength: 40 Id: description: A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors. type: string minLength: 1 maxLength: 40 Message: description: Brief Error message, e.g., 'There is something wrong with the request parameters provided' type: string minLength: 1 maxLength: 500 Errors: items: $ref: '#/definitions/OBError1' type: array minItems: 1 required: - Code - Message - Errors additionalProperties: false x-ibm-configuration: enforced: true phase: realized categories: - Type / Experience - SanUK Business Domain / Personal Accounts testable: true security: - PSUOAuth2Security: - fundsconfirmations TPPOAuth2Security: - fundsconfirmations x-ibm-endpoints: - endpointUrl: https://openbanking-ma-sandbox.santander.co.uk/sanuk/external-sandbox type: - production ...