--- swagger: "2.0" info: title: Confirmation Funds API V3 (Bank Of Scotland) description: Confirmation Fund Channel REST API termsOfService: https://www.openbanking.org.uk/terms contact: name: Service Desk email: ServiceDesk@openbanking.org.uk license: name: open-licence url: https://www.openbanking.org.uk/open-licence version: v3.1.10 x-ibm-name: confirmation-funds-bos basePath: /bos/open-banking/v3.1/cbpii schemes: - https consumes: - application/json; charset=utf-8 produces: - application/json; charset=utf-8 paths: /funds-confirmation-consents: post: tags: - Funds Confirmations summary: Create Funds Confirmation Consent operationId: CreateFundsConfirmationConsents parameters: - $ref: '#/parameters/OBFundsConfirmationConsent1Param' - $ref: '#/parameters/x-fapi-auth-date' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/x-customer-user-agent-Param' - $ref: '#/parameters/Authorization' responses: 201: $ref: '#/responses/201FundsConfirmationConsentsCreated' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 415: $ref: '#/responses/415ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations /funds-confirmation-consents/{ConsentId}: get: tags: - Funds Confirmations summary: Get Funds Confirmation Consent operationId: GetFundsConfirmationConsentsConsentId parameters: - $ref: '#/parameters/ConsentId' - $ref: '#/parameters/x-fapi-auth-date' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/x-customer-user-agent-Param' - $ref: '#/parameters/Authorization' responses: 200: $ref: '#/responses/200FundsConfirmationConsentsConsentIdRead' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations delete: tags: - Funds Confirmations summary: Delete Funds Confirmation Consent operationId: DeleteFundsConfirmationConsentsConsentId parameters: - $ref: '#/parameters/ConsentId' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-auth-date' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/x-customer-user-agent-Param' - $ref: '#/parameters/Authorization' responses: 204: $ref: '#/responses/204FundsConfirmationConsentsConsentIdDeleted' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - TPPOAuth2Security: - fundsconfirmations /funds-confirmations: post: tags: - Funds Confirmations summary: Create Funds Confirmation operationId: CreateFundsConfirmations parameters: - $ref: '#/parameters/OBFundsConfirmation1Param' - $ref: '#/parameters/x-fapi-auth-date' - $ref: '#/parameters/x-fapi-financial-id-Param' - $ref: '#/parameters/x-fapi-customer-last-logged-time-Param' - $ref: '#/parameters/x-fapi-customer-ip-address-Param' - $ref: '#/parameters/x-fapi-interaction-id-Param' - $ref: '#/parameters/x-customer-user-agent-Param' - $ref: '#/parameters/Authorization' responses: 201: $ref: '#/responses/201FundsConfirmationsCreated' 400: $ref: '#/responses/400ErrorResponse' 401: $ref: '#/responses/401ErrorResponse' 403: $ref: '#/responses/403ErrorResponse' 404: $ref: '#/responses/404ErrorResponse' 405: $ref: '#/responses/405ErrorResponse' 406: $ref: '#/responses/406ErrorResponse' 415: $ref: '#/responses/415ErrorResponse' 429: $ref: '#/responses/429ErrorResponse' 500: $ref: '#/responses/500ErrorResponse' security: - PSUOAuth2Security: - fundsconfirmations parameters: x-fapi-financial-id-Param: in: header name: x-fapi-financial-id type: string required: true description: The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB. x-fapi-customer-ip-address-Param: in: header name: x-fapi-customer-ip-address type: string required: false description: The PSU's IP address if the PSU is currently logged in with the TPP. x-fapi-interaction-id-Param: in: header name: x-fapi-interaction-id type: string required: false description: An RFC4122 UID used as a correlation id. x-fapi-customer-last-logged-time-Param: in: header name: x-fapi-customer-last-logged-time type: string required: false description: |- The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$ x-fapi-auth-date: in: header name: x-fapi-auth-date type: string required: false description: |- The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$ Authorization: in: header name: Authorization type: string required: true description: An Authorisation Token as per https://tools.ietf.org/html/rfc6750 OBFundsConfirmation1Param: name: OBFundsConfirmation1Param in: body description: Default required: true schema: $ref: '#/definitions/OBFundsConfirmation1' OBFundsConfirmationConsent1Param: name: OBFundsConfirmationConsent1Param in: body description: Default required: true schema: $ref: '#/definitions/OBFundsConfirmationConsent1' ConsentId: name: ConsentId in: path description: ConsentId required: true type: string x-customer-user-agent-Param: in: header name: x-customer-user-agent type: string description: Indicates the user-agent that the PSU is using. required: false responses: 201FundsConfirmationsCreated: description: Funds Confirmation Created headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationResponse1' 201FundsConfirmationConsentsCreated: description: Funds Confirmation Consent Created headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationConsentResponse1' 200FundsConfirmationConsentsConsentIdRead: description: Funds Confirmation Consent Read headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. schema: $ref: '#/definitions/OBFundsConfirmationConsentResponse1' 204FundsConfirmationConsentsConsentIdDeleted: description: Funds Confirmation Consent Deleted headers: x-fapi-interaction-id: type: string description: An RFC4122 UID used as a correlation id. 400ErrorResponse: description: Bad request schema: $ref: '#/definitions/OBErrorResponse1' 401ErrorResponse: description: Unauthorized 403ErrorResponse: description: Forbidden 404ErrorResponse: description: Not found 405ErrorResponse: description: Method Not Allowed 406ErrorResponse: description: Not Acceptable 415ErrorResponse: description: Unsupported Media Type 429ErrorResponse: description: Too Many Requests headers: Retry-After: description: Number in seconds to wait type: integer 500ErrorResponse: description: Internal Server Error schema: $ref: '#/definitions/OBErrorResponse1' securityDefinitions: PSUOAuth2Security: type: oauth2 flow: accessCode tokenUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg/bos/oidc-api/v1.1/token authorizationUrl: https://authorise-api.bankofscotland.co.uk/prod01/lbg/bos/personal/oidc-api/v1.1/authorize scopes: fundsconfirmations: Funds confirmation entitlement openid: Enable OpenID description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when a TPP wants to access an ASPSP resource owned by the PSU. The below example Authorization URL shows the personal channel. For business specific authorization URL please refer to the **well known endpoint** or the **Technical Implementation Guide**. TPPOAuth2Security: type: oauth2 flow: application tokenUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg/bos/oidc-api/v1.1/token scopes: fundsconfirmations: Funds confirmation entitlement accounts: TPP Client Credential Scope for accounts and payments api description: TPP client credential authorisation flow with the ASPSP definitions: OBActiveCurrencyAndAmount_SimpleType: description: A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. type: string pattern: ^\d{1,13}$|^\d{1,13}\.\d{1,5}$ OBActiveOrHistoricCurrencyAndAmount: description: Amount of money to be confirmed as available funds in the debtor account. Contains an Amount and a Currency. type: object properties: Amount: $ref: '#/definitions/OBActiveCurrencyAndAmount_SimpleType' Currency: description: A code allocated to a currency by a Maintenance Agency under an international identification scheme, as described in the latest edition of the international standard ISO 4217 "Codes for the representation of currencies and funds". type: string pattern: ^[A-Z]{3,3}$ required: - Amount - Currency additionalProperties: false OBCashAccountDebtor4: description: Unambiguous identification of the account of the debtor to which a confirmation of funds consent will be applied. type: object properties: SchemeName: $ref: '#/definitions/OBExternalAccountIdentification4Code' Identification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 256 Name: description: |- Name of the account, as assigned by the account servicing institution. Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account. type: string minLength: 1 maxLength: 350 SecondaryIdentification: description: |- This is secondary identification of the account, as assigned by the account servicing institution. This can be used by building societies to additionally identify accounts with a roll number (in addition to a sort code and account number combination). type: string minLength: 1 maxLength: 34 required: - SchemeName - Identification additionalProperties: false OBExternalAccountIdentification4Code: description: Name of the identification scheme, in a coded form as published in an external list. type: string example: - UK.OBIE.BBAN - UK.OBIE.IBAN - UK.OBIE.PAN - UK.OBIE.Paym - UK.OBIE.SortCodeAccountNumber OBExternalRequestStatus1Code: description: Specifies the status of consent resource in code form. type: string enum: - Authorised - AwaitingAuthorisation - Rejected - Revoked OBFundsConfirmation1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationData1' required: - Data additionalProperties: false OBFundsConfirmationConsent1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationConsentData1' required: - Data additionalProperties: false OBFundsConfirmationConsentData1: type: object properties: ExpirationDateTime: description: |- Specified date and time the funds confirmation authorisation will expire. If this is not populated, the authorisation will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time DebtorAccount: $ref: '#/definitions/OBCashAccountDebtor4' required: - DebtorAccount additionalProperties: false OBFundsConfirmationConsentDataResponse1: type: object properties: ConsentId: description: Unique identification as assigned to identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 CreationDateTime: description: |- Date and time at which the resource was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time Status: $ref: '#/definitions/OBExternalRequestStatus1Code' StatusUpdateDateTime: description: |- Date and time at which the resource status was updated. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time ExpirationDateTime: description: |- Specified date and time the funds confirmation authorisation will expire. If this is not populated, the authorisation will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time DebtorAccount: $ref: '#/definitions/OBCashAccountDebtor4' required: - ConsentId - CreationDateTime - Status - StatusUpdateDateTime - DebtorAccount additionalProperties: false OBFundsConfirmationConsentResponse1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationConsentDataResponse1' Links: $ref: '#/definitions/Links' Meta: $ref: '#/definitions/Meta' required: - Data - Links - Meta additionalProperties: false OBFundsConfirmationData1: type: object properties: ConsentId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 Reference: description: Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction. type: string minLength: 1 maxLength: 35 InstructedAmount: $ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount' required: - ConsentId - Reference - InstructedAmount additionalProperties: false OBFundsConfirmationDataResponse1: type: object properties: FundsConfirmationId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation resource. type: string minLength: 1 maxLength: 40 ConsentId: description: Unique identification as assigned by the ASPSP to uniquely identify the funds confirmation consent resource. type: string minLength: 1 maxLength: 128 CreationDateTime: description: |- Date and time at which the resource was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time FundsAvailable: description: Flag to indicate the result of a confirmation of funds check. type: boolean Reference: description: Unique reference, as assigned by the CBPII, to unambiguously refer to the request related to the payment transaction. type: string minLength: 1 maxLength: 35 InstructedAmount: $ref: '#/definitions/OBActiveOrHistoricCurrencyAndAmount' required: - FundsConfirmationId - ConsentId - CreationDateTime - FundsAvailable - Reference - InstructedAmount additionalProperties: false OBFundsConfirmationResponse1: type: object properties: Data: $ref: '#/definitions/OBFundsConfirmationDataResponse1' Links: $ref: '#/definitions/Links' Meta: $ref: '#/definitions/Meta' required: - Data - Links - Meta additionalProperties: false Links: type: object description: Links relevant to the payload properties: Self: type: string format: uri First: type: string format: uri Prev: type: string format: uri Next: type: string format: uri Last: type: string format: uri additionalProperties: false required: - Self Meta: title: MetaData type: object description: Meta Data relevant to the payload properties: TotalPages: type: integer format: int32 FirstAvailableDateTime: $ref: '#/definitions/ISODateTime' LastAvailableDateTime: $ref: '#/definitions/ISODateTime' additionalProperties: false ISODateTime: description: |- All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 type: string format: date-time OBError1: type: object properties: ErrorCode: description: Low level textual error code, e.g., UK.OBIE.Field.Missing type: string minLength: 1 maxLength: 128 Message: description: |- A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field type: string minLength: 1 maxLength: 500 Path: description: Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency type: string minLength: 1 maxLength: 500 Url: description: URL to help remediate the problem, or provide more information, or to API Reference, or help etc type: string required: - ErrorCode - Message additionalProperties: false minProperties: 1 OBErrorResponse1: description: An array of detail error codes, and messages, and URLs to documentation to help remediation. type: object properties: Code: description: High level textual error code, to help categorize the errors. type: string minLength: 1 maxLength: 40 Id: description: A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors. type: string minLength: 1 maxLength: 40 Message: description: Brief Error message, e.g., 'There is something wrong with the request parameters provided' type: string minLength: 1 maxLength: 500 Errors: items: $ref: '#/definitions/OBError1' type: array minItems: 1 required: - Code - Message - Errors additionalProperties: false x-ibm-configuration: enforced: true testable: true phase: realized x-ibm-endpoints: - endpointUrl: https://secure-api.lloydsbank.com/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.halifax.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.bankofscotland.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.mbna.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.halifax.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.mbna.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.lloydsbank.com/prod01/lbg type: - production ...