--- swagger: "2.0" info: title: PISP Domestic Scheduled Payments REST API BOS description: Swagger for PISP Domestic Scheduled Payments API Specification version: v3.1.10 termsOfService: https://www.openbanking.org.uk/terms contact: name: Service Desk email: ServiceDesk@openbanking.org.uk license: name: open-licence url: https://www.openbanking.org.uk/open-licence x-ibm-name: pisp-domestic-scheduled-payments-api-bos schemes: - https basePath: /bos/open-banking/v3.1/pisp tags: - name: Domestic Scheduled Payments consumes: - application/json; charset=UTF-8 produces: - application/json; charset=UTF-8 securityDefinitions: PSUOAuth2Security: type: oauth2 flow: accessCode tokenUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg/bos/oidc-api/v1.1/token authorizationUrl: https://authorise-api.bankofscotland.co.uk/prod01/lbg/bos/personal/oidc-api/v1.1/authorize scopes: payments: Generic payment scope openid: Enable OpenID description: OAuth flow, it is required when the PSU needs to perform SCA with the ASPSP when a TPP wants to access an ASPSP resource owned by the PSU. The below example Authorization URL shows the personal channel. For business and commercial specific authorization URLs please refer to the **well known endpoint** or the **Technical Implementation Guide**. TPPOAuth2Security: type: oauth2 flow: application tokenUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg/bos/oidc-api/v1.1/token scopes: payments: Generic payment scopes description: TPP client credential authorisation flow with the ASPSP paths: /domestic-scheduled-payment-consents: post: tags: - Domestic Scheduled Payment Consents summary: Creates a domestic scheduled payment consents resource. description: Creates a Domestic Scheduled Payment Consents. operationId: createDomesticScheduledPaymentConsents consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - $ref: '#/parameters/xIdempotencyKey' - $ref: '#/parameters/xFapiFinancialId' - $ref: '#/parameters/xFapiCustomerLastLoggedTime' - $ref: '#/parameters/xFapiInteractionId' - $ref: '#/parameters/DomesticScheduledPaymentConsentBody' - $ref: '#/parameters/x-jws-signature-Param' - $ref: '#/parameters/Authorization' responses: 201: description: Created schema: $ref: '#/definitions/DomesticScheduledPaymentConsentResponse' 400: description: Bad request 401: description: Unauthorized 403: description: Forbidden 404: description: Resource not found 500: description: Internal server error security: - TPPOAuth2Security: - payments /domestic-scheduled-payment-consents/{ConsentId}: get: tags: - Domestic Scheduled Payment Consents summary: Get a domestic scheduled payment consents. description: Get a Domestic Scheduled Payment Consents. operationId: getDomesticScheduledPaymentConsents consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - $ref: '#/parameters/ConsentId' - $ref: '#/parameters/xFapiFinancialId' - $ref: '#/parameters/xFapiCustomerLastLoggedTime' - $ref: '#/parameters/xFapiInteractionId' - $ref: '#/parameters/Authorization' responses: 200: description: OK schema: $ref: '#/definitions/DomesticScheduledPaymentConsentResponse' 401: description: Unauthorized 403: description: Forbidden 404: description: Resource not found 500: description: Internal server error security: - TPPOAuth2Security: - payments /domestic-scheduled-payments: post: tags: - Domestic Scheduled Payments summary: Creates a domestic scheduled payments resource. description: Creates a Domestic Scheduled Payments resource. operationId: createDomesticScheduledPayments consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - $ref: '#/parameters/xIdempotencyKey' - $ref: '#/parameters/xFapiFinancialId' - $ref: '#/parameters/xFapiCustomerLastLoggedTime' - $ref: '#/parameters/xFapiInteractionId' - $ref: '#/parameters/DomesticScheduledPaymentBody' - $ref: '#/parameters/x-jws-signature-Param' - $ref: '#/parameters/Authorization' responses: 201: description: Created schema: $ref: '#/definitions/DomesticScheduledPaymentResponse' 400: description: Bad request schema: $ref: '#/definitions/ErrorResponse' 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 500: description: Internal server error schema: $ref: '#/definitions/ErrorResponse' security: - PSUOAuth2Security: - payments /domestic-scheduled-payments/{DomesticScheduledPaymentId}: get: tags: - Domestic Scheduled Payment summary: Get a domestic scheduled payment. description: Get a Domestic Scheduled Payment. operationId: getDomesticScheduledPayments consumes: - application/json;charset=UTF-8 produces: - application/json;charset=UTF-8 parameters: - $ref: '#/parameters/DomesticScheduledPaymentId' - $ref: '#/parameters/xFapiFinancialId' - $ref: '#/parameters/xFapiCustomerLastLoggedTime' - $ref: '#/parameters/xFapiInteractionId' - $ref: '#/parameters/Authorization' responses: 200: description: OK headers: x-fapi-interaction-id: type: string x-jws-signature: type: string schema: $ref: '#/definitions/DomesticScheduledPaymentResponse' 400: description: Bad request schema: $ref: '#/definitions/ErrorResponse' 401: description: Unauthorized 403: description: Forbidden 404: description: Not found 500: description: Internal server error schema: $ref: '#/definitions/ErrorResponse' security: - TPPOAuth2Security: - payments parameters: Authorization: in: header name: Authorization type: string required: true description: An Authorisation Token as per https://tools.ietf.org/html/rfc6750 ConsentId: name: ConsentId in: path description: A unique identifier used to identify the consent required: true type: string DomesticScheduledPaymentId: name: DomesticScheduledPaymentId in: path description: A unique identifier used to identify the domestic scheduled payment. required: true type: string xIdempotencyKey: name: x-idempotency-key in: header description: Every request will be processed only once per x-idempotency-key. type: string required: true xFapiFinancialId: name: x-fapi-financial-id in: header description: The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB. type: string required: true x-jws-signature-Param: name: x-jws-signature in: header type: string required: true description: A detached JWS signature of the body of the payload. xFapiCustomerLastLoggedTime: name: x-fapi-customer-last-logged-time in: header description: 'The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC' pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$ type: string required: false xFapiInteractionId: name: x-fapi-interaction-id in: header description: An RFC4122 UID used as a correlation ID. type: string required: false pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ DomesticScheduledPaymentBody: name: body in: body description: Domestic Scheduled Payment POST body required: true schema: $ref: '#/definitions/DomesticScheduledPaymentPayload' DomesticScheduledPaymentConsentBody: name: body in: body description: Domestic Scheduled Payment consent POST body required: true schema: $ref: '#/definitions/DomesticScheduledPaymentConsentPayload' definitions: SCASupportDataResDef: type: object additionalProperties: false description: Supporting Data provided by TPP, when requesting SCA Exemption. properties: RequestedSCAExemptionType: description: This field allows a PISP to request specific SCA Exemption for a Payment Initiation type: string enum: - BillPayment - ContactlessTravel - EcommerceGoods - EcommerceServices - Kiosk - Parking - PartyToParty AppliedAuthenticationApproach: description: |- Specifies a character string with a maximum length of 40 characters. Usage: This field indicates whether the PSU was subject to SCA performed by the TPP type: string enum: - CA - SCA ReferencePaymentOrderId: description: |- Specifies a character string with a maximum length of 140 characters. Usage: If the payment is recurring then the transaction identifier of the previous payment occurrence so that the ASPSP can verify that the PISP, amount and the payee are the same as the previous occurrence. type: string minLength: 1 maxLength: 40 DomesticScheduledPaymentPayload: type: object required: - Data - Risk properties: Data: $ref: '#/definitions/DomesticScheduledPaymentData' Risk: $ref: '#/definitions/Risk' DomesticScheduledPaymentData: type: object required: - ConsentId - Initiation properties: ConsentId: $ref: '#/definitions/ConsentId' Initiation: $ref: '#/definitions/Initiation' SCASupportData: type: object additionalProperties: false description: Supporting Data provided by TPP, when requesting SCA Exemption. properties: RequestedSCAExemptionType: description: This field allows a PISP to request specific SCA Exemption for a Payment Initiation type: string enum: - BillPayment - ContactlessTravel - EcommerceGoods - EcommerceServices - Kiosk - Parking - PartyToParty AppliedAuthenticationApproach: description: |- Specifies a character string with a maximum length of 40 characters. Usage: This field indicates whether the PSU was subject to SCA performed by the TPP type: string maxLength: 40 enum: - CA - SCA ReferencePaymentOrderId: description: |- Specifies a character string with a maximum length of 140 characters. Usage: If the payment is recurring then the transaction identifier of the previous payment occurrence so that the ASPSP can verify that the PISP, amount and the payee are the same as the previous occurrence. type: string minLength: 1 maxLength: 40 DomesticScheduledPaymentConsentPayload: type: object required: - Data - Risk properties: Data: $ref: '#/definitions/DomesticScheduledPaymentConsentData' Risk: $ref: '#/definitions/Risk' DomesticScheduledPaymentConsentData: type: object required: - Permission - Initiation properties: Permission: $ref: '#/definitions/Permission' ReadRefundAccount: description: Specifies to share the refund account details with PISP type: string enum: - "No" - "Yes" Initiation: $ref: '#/definitions/Initiation' Authorisation: $ref: '#/definitions/Authorisation' SCASupportData: $ref: '#/definitions/SCASupportDataResDef' DomesticScheduledPaymentResponse: type: object required: - Data - Risk properties: Data: $ref: '#/definitions/DomesticScheduledPaymentResponseData' Risk: $ref: '#/definitions/Risk' DomesticScheduledPaymentResponseData: type: object required: - DomesticScheduledPaymentId - CreationDateTime - Status - StatusUpdateDateTime - Initiation properties: DomesticScheduledPaymentId: $ref: '#/definitions/DomesticScheduledPaymentId' CreationDateTime: $ref: '#/definitions/CreationDateTime' Status: $ref: '#/definitions/Status' StatusUpdateDateTime: $ref: '#/definitions/StatusUpdateDateTime' CutOffDateTime: $ref: '#/definitions/CutOffDateTime' Refund: type: object additionalProperties: false required: - Account description: Unambiguous identification of the refund account to which a refund will be made as a result of the transaction. properties: Account: type: object additionalProperties: false required: - SchemeName - Identification - Name description: Provides the details to identify an account. properties: SchemeName: $ref: '#/definitions/OBExternalAccountIdentification4Code' Identification: $ref: '#/definitions/Identification_0' Name: description: |- Name of the account, as assigned by the account servicing institution. Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account. OB: ASPSPs may carry out name validation for Confirmation of Payee, but it is not mandatory. type: string minLength: 1 maxLength: 350 SecondaryIdentification: $ref: '#/definitions/SecondaryIdentification' Charges: $ref: '#/definitions/Charges' Initiation: $ref: '#/definitions/Initiation' Debtor: $ref: '#/definitions/OBDebtorIdentification1' SCASupportData: $ref: '#/definitions/SCASupportDataResDef' DomesticScheduledPaymentId: type: string maxLength: 128 Permission: type: string enum: - Create Initiation: type: object required: - InstructionIdentification - RequestedExecutionDateTime - InstructedAmount - CreditorAccount properties: InstructionIdentification: $ref: '#/definitions/InstructionIdentification' EndToEndIdentification: $ref: '#/definitions/EndToEndIdentification' LocalInstrument: $ref: '#/definitions/LocalInstrument' RequestedExecutionDateTime: $ref: '#/definitions/RequestedExecutionDateTime' InstructedAmount: $ref: '#/definitions/InstructedAmount' DebtorAccount: $ref: '#/definitions/DebtorAccount' CreditorAccount: $ref: '#/definitions/CreditorAccount' CreditorPostalAddress: $ref: '#/definitions/CreditorPostalAddress' RemittanceInformation: $ref: '#/definitions/RemittanceInformation' SupplementaryData: $ref: '#/definitions/OBSupplementaryData1' InstructionIdentification: type: string minLength: 1 maxLength: 35 EndToEndIdentification: type: string minLength: 1 maxLength: 35 LocalInstrument: type: string enum: - UK:FasterPayments - UK:Bacs - UK:CHAPS - UK:Link RequestedExecutionDateTime: type: string InstructedAmount: type: object required: - Amount - Currency properties: Amount: type: string pattern: ^\d{1,13}$|^\d{1,13}\.\d{1,2}$ Currency: type: string enum: - GBP DebtorAccount: type: object description: Unambiguous identification of the account of the debtor to which a debit entry will be made as a result of the transaction. title: DebtorAccount properties: SchemeName: description: Name of the identification scheme, in a coded form as published in an external list. title: SchemeName type: string enum: - IBAN - SortCodeAccountNumber - BBAN Identification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 34 Name: description: 'Name of the account, as assigned by the account servicing institution, in agreement with the account owner in order to provide an additional means of identification of the account. Usage: The account name is different from the account owner name. The account name is used in certain user communities to provide a means of identifying the account, in addition to the account owner''s identity and the account number.' type: string minLength: 1 maxLength: 350 SecondaryIdentification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 34 required: - SchemeName - Identification additionalProperties: false CreditorAccount: description: Unambiguous identification of the account of the creditor to which a credit entry will be posted as a result of the payment transaction. title: CreditorAccount type: object properties: SchemeName: description: Name of the identification scheme, in a coded form as published in an external list. title: SchemeName type: string enum: - IBAN - SortCodeAccountNumber Identification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 34 Name: description: 'Name of the account, as assigned by the account servicing institution, in agreement with the account owner in order to provide an additional means of identification of the account. Usage: The account name is different from the account owner name. The account name is used in certain user communities to provide a means of identifying the account, in addition to the account owner''s identity and the account number. ASPSPs may carry out name validation for Confirmation of Payee, but it is not mandatory.' type: string minLength: 1 maxLength: 350 SecondaryIdentification: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 34 required: - SchemeName - Identification - Name additionalProperties: false CreditorPostalAddress: type: object properties: AddressType: type: string enum: - Business - Correspondence - DeliveryTo - MailTo - POBox - Postal - Residential - Statement Department: type: string minLength: 1 maxLength: 70 SubDepartment: type: string minLength: 1 maxLength: 70 StreetName: type: string minLength: 1 maxLength: 70 BuildingNumber: type: string minLength: 1 maxLength: 16 PostCode: type: string minLength: 1 maxLength: 16 TownName: type: string minLength: 1 maxLength: 35 CountrySubDivision: type: string minLength: 1 maxLength: 35 Country: type: string pattern: '[A-Z]{2,2}' AddressLine: type: array items: type: string minLength: 1 maxLength: 70 minItems: 0 maxItems: 7 RemittanceInformation: type: object properties: Unstructured: type: string minLength: 1 maxLength: 140 Reference: type: string minLength: 1 maxLength: 35 Authorisation: type: object required: - AuthorisationType properties: AuthorisationType: type: string enum: - Any - Single CompletionDateTime: type: string format: date-time Risk: type: object required: - PaymentContextCode properties: PaymentContextCode: type: string enum: - BillPayment - EcommerceGoods - EcommerceServices - Other - PartyToParty - BillingGoodsAndServicesInAdvance - BillingGoodsAndServicesInArrears - PispPayee - EcommerceMerchantInitiatedPayment - FaceToFacePointOfSale - TransferToSelf - TransferToThirdParty MerchantCategoryCode: type: string MerchantCustomerIdentification: type: string ContractPresentInidicator: type: boolean description: Indicates if Payee has a contractual relationship with the PISP. BeneficiaryPrepopulatedIndicator: type: boolean description: Indicates if PISP has immutably prepopulated payment details in for the PSU. PaymentPurposeCode: type: string minLength: 3 maxLength: 4 description: Category code, related to the type of services or goods that corresponds to the underlying purpose of the payment that conforms to Recommended UK Purpose Code in ISO 20022 Payment Messaging List BeneficiaryAccountType: $ref: '#/definitions/OBExternalExtendedAccountType1Code' DeliveryAddress: $ref: '#/definitions/DeliveryAddress' OBExternalExtendedAccountType1Code: description: Specifies the extended type of account. type: string enum: - Business - BusinessSavingsAccount - Charity - Collection - Corporate - Ewallet - Government - Investment - ISA - JointPersonal - Pension - Personal - PersonalSavingsAccount - Premier - Wealth DeliveryAddress: description: Information that locates and identifies a specific address, as defined by postal services or in free format text. type: object required: - TownName - Country properties: AddressLine: description: Information that locates and identifies a specific address, as defined by postal services, that is presented in free format text. type: array items: description: maxLength 70 text type: string minLength: 1 maxLength: 70 minItems: 0 maxItems: 2 StreetName: description: Name of a street or thoroughfare type: string minLength: 1 maxLength: 70 BuildingNumber: description: Number that identifies the position of a building on a street. type: string minLength: 1 maxLength: 16 PostCode: description: Identifier consisting of a group of letters and/or numbers that is added to a postal address to assist the sorting of mail type: string minLength: 1 maxLength: 16 TownName: description: Name of a built-up area, with defined boundaries, and a local government. type: string minLength: 1 maxLength: 35 CountrySubDivision: description: Identifies a subdivision of a country, for instance state, region, county. type: string minLength: 1 maxLength: 35 Country: description: Nation with its own government, occupying a particular territory. type: string pattern: '[A-Z]{2}' additionalProperties: false DomesticScheduledPaymentConsentListResponse: type: array items: type: object required: - Data - Risk properties: Data: $ref: '#/definitions/DomesticScheduledPaymentConsentResponseData' Risk: $ref: '#/definitions/Risk' DomesticScheduledPaymentConsentResponse: type: object required: - Data - Risk properties: Data: $ref: '#/definitions/DomesticScheduledPaymentConsentResponseData' Risk: $ref: '#/definitions/Risk' DomesticScheduledPaymentConsentResponseData: type: object required: - ConsentId - CreationDateTime - Status - StatusUpdateDateTime - Permission - Initiation properties: ConsentId: $ref: '#/definitions/ConsentId' CreationDateTime: $ref: '#/definitions/CreationDateTime' Status: $ref: '#/definitions/Status' StatusUpdateDateTime: $ref: '#/definitions/StatusUpdateDateTime' Permission: $ref: '#/definitions/Permission' ReadRefundAccount: description: Specifies to share the refund account details with PISP type: string enum: - "No" - "Yes" CutOffDateTime: $ref: '#/definitions/CutOffDateTime' ExpectedExecutionDateTime: $ref: '#/definitions/ExpectedExecutionDateTime' ExpectedSettlementDateTime: $ref: '#/definitions/ExpectedSettlementDateTime' Charges: $ref: '#/definitions/Charges' Initiation: $ref: '#/definitions/Initiation' Authorisation: $ref: '#/definitions/Authorisation' SCASupportData: $ref: '#/definitions/SCASupportDataResDef' Debtor: $ref: '#/definitions/OBDebtorIdentification1' OBExternalAccountIdentification4Code: description: Name of the identification scheme, in a coded form as published in an external list. type: string x-namespaced-enum: - UK.OBIE.BBAN - UK.OBIE.IBAN - UK.OBIE.PAN - UK.OBIE.Paym - UK.OBIE.SortCodeAccountNumber SecondaryIdentification: description: "This is secondary identification of the account, as assigned by the account servicing institution. \nThis can be used by building societies to additionally identify accounts with a roll number (in addition to a sort code and account number combination)." type: string minLength: 1 maxLength: 34 Identification_0: description: Identification assigned by an institution to identify an account. This identification is known by the account owner. type: string minLength: 1 maxLength: 256 OBDebtorIdentification1: type: object additionalProperties: false description: Set of elements used to identify a person or an organisation. properties: Name: type: string description: The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP's online channels. Note, the account name is not the product name or the nickname of the account. SchemeName: type: string enum: - IBAN - SortCodeAccountNumber - BBAN Identification: type: string SecondaryIdentification: type: string ConsentId: type: string maxLength: 128 CreationDateTime: type: string format: date-time Status: type: string enum: - Authorised - AwaitingAuthorisation - Consumed - Rejected StatusUpdateDateTime: type: string format: date-time CutOffDateTime: type: string format: date-time ExpectedExecutionDateTime: type: string format: date-time ExpectedSettlementDateTime: type: string format: date-time Charges: type: array items: type: object required: - ChargeBearer - Type - Amount properties: ChargeBearer: type: string enum: - BorneByCreditor - BorneByDebtor - FollowingServiceLevel - Shared Type: type: string maxLength: 40 Amount: type: object required: - Amount - Currency properties: Amount: type: string pattern: ^\d{1,13}$|^\d{1,13}\.\d{1,2}$ Currency: type: string enum: - GBP ErrorResponse: type: object required: - Code - Message - Errors properties: Code: type: string minLength: 1 maxLength: 40 Id: type: string minLength: 1 maxLength: 40 Message: type: string minLength: 1 maxLength: 500 Errors: items: $ref: '#/definitions/Error' type: array minItems: 1 OBSupplementaryData1: description: Additional information that can not be captured in the structured fields and/or any other specific block. type: object additionalProperties: false properties: DebitAccountReference: type: object properties: Reference: type: string Error: type: object required: - ErrorCode - Message properties: ErrorCode: type: string minLength: 1 maxLength: 128 Message: type: string minLength: 1 maxLength: 500 Path: type: string minLength: 1 maxLength: 500 Url: type: string x-ibm-configuration: enforced: true testable: true phase: realized x-ibm-endpoints: - endpointUrl: https://secure-api.lloydsbank.com/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.halifax.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.bankofscotland.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.mbna.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.halifax.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api.bankofscotland.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.mbna.co.uk/prod01/lbg type: - production - endpointUrl: https://secure-api-eidas.lloydsbank.com/prod01/lbg type: - production ...