Skip to main content

Create sandbox agreements

POST 

/v1/sandbox/agreements

Only used to manage agreements for corporate customers.

Create agreement for customer. Engagements are the connection between accounts and customers.

When granting consent in test a corporate customer will first select an agreement before granting consent to accounts registered on that agreement.

Engagements must have both the role "REGISTER" and "VIEW" to be available for granting consent in the sandbox environment.

Note that the field "customer" in engagement points to the PSU which should see the accounts when granting consent in the PSD2 Sandbox. However the field "account" in the engagement should not be owned by the same PSU, this should be owned by the customer created as the corporation which the PSU is a member of. Also note that the field "owner" in agreement is also the corporation which the PSU is a member of.

Request

Header Parameters

    Content-Type string

    Advertises what type of data is actually sent.

    Accept string

    Advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header.

    Example: application/json
    Accept-Charset string

    Advertises which character set the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice within the Content-Type response header.

    Example: utf-8
    Accept-Encoding string

    Advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header.

    Example: deflate, gzip;q=1.0, *;q=0.5
    Accept-Language string

    Advertises which natural languages the client is able to understand, and which locale variant is preferred. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Language response header.

    Example: en-US,en;q=0.7,nb;q=0.3
    Host string

    The domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.

    Example: openbanking.sor.no
    X-Request-ID stringrequired

    Request identifier, unique to the call, as determined by the TPP.

    Example: 4eba4445-1a4b-47b8-bdd5-4e56ef026b19
    Digest stringrequired

    Base64 encoded sha256 or sha512 hash of the message body, used with the signature.

    The Digest header is defined by RFC3230 and sha256/sha512 si defined by RFC5843.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOabcX3YxNoH4k==
    TPP-Signature-Certificate stringrequired

    The certificate used for signing the request in base64 encoding.

    Example: MIFFTzCCAzegAkIBAgMJANnQVDLqktJUMA0GCS....8WLZOX3YxNoH4k==
    Signature stringrequired

    HTTP Message Signature as specified by https://tools.ietf.org/html/draft-cavage-http-signatures-10 with requirements imposed by Berlin Group's NextGenPSD2 Framework.

    • keyId must be formatted as keyId="SN=XXX,CA=YYY" where XXX is the serial number of the signing certificate in hexadecimal encoding and YYY is the full Distinguished Name of the Certificate Authority having certificate
    • algorithm must identify the same algorithm for the signature as presented in the signing certificate and should be rsa-sha256
    • headers must contain date, digest, x-request-id, psu-id, psu-corporate-id, and tpp-redirect-uri when available
    • signature must be computed as Base64(RSA-SHA256(signingString))

    If any values in the Signature header is ISO-8859-1 or UTF-8 encoded you need to URL encode the Signature header according to RFC 2047 which means MIME encoding the signature.

    Also the signature must be wrapped using this format: =?charset?encoding?encoded signature?=

    Example of this encoding: =?utf-8?B?a2V5QTQsQ0E9Mi41LjQuOTc9IzB........jMTM1MDUzNDQ0ZTRmMmQ0NjUz?=

    Java example of how to implement encoding:

    if (charset.equals(StandardCharsets.UTF_8)) {
    Signature = String.format("=?utf-8?B?%s?=", Base64.getEncoder().encodeToString(signature.getBytes(StandardCharsets.UTF_8)));
    }
    Example: keyId="SN=6AEB4444FBAAD267,CA=O=PSDNO-FSA-ABCA,L=Trondheim,C=NO", algorithm="rsa-sha256", headers="date x-request-id tpp-redirect-uri psu-id", signature="***************"

Body

required

    owner stringrequired
    name stringrequired

    engagements

    object[]

    required

  • Array [

  • customer stringrequired

    account

    object

    required

    iban stringrequired
    roles string[]required

    Possible values: [OWNER, DISPOSAL, VIEW, REGISTER, APPROVE, INTERNAL_TRANSFER, SALARY]

    registerLimit int32required
    approvalLimit int32required
  • ]

Responses

Schema

    id stringrequired
    name stringrequired
    owner string

    engagements

    object[]

    required

  • Array [

  • id stringrequired
    customer stringrequired
    name string

    account

    object

    required

    bban stringrequired
    iban stringrequired
    roles string[]required

    Possible values: [OWNER, DISPOSAL, VIEW, REGISTER, APPROVE, INTERNAL_TRANSFER, SALARY]

    accessRights booleanrequired
    paymentRights booleanrequired
    transferRights booleanrequired
    registerLimit int32required
    approvalLimit int32required
  • ]

  • _links

    object

    required

    self

    object

    required

    href stringrequired
    verbs string[]required

    engagements

    object

    required

    href stringrequired
    verbs string[]required
Loading...