TPP Registration (Enroll)

Resource Enroll is accessible to both registered and unregistered subjects (registered in the Bank's API context). The subject makes this resource call with a valid certificate and requests the allocation of client_id and client_secret

  • Unregistered subject: ENROLL for registration in the Bank's API context
  • Registered subject: ENROLL for update data or unregister


Registering TPP (POST Enroll)

Method of service: HTTP POST

Registering a new TPP. There is a check on the client_name (TPP name) and existence in the list of registered TPPs. Client_name is unique within this list. Valid Certificate with requested scopes is necessary.

After TPP registration follow registration process on CSOB side. Finally, is generated and sent confirmation email to address specified in „create “.

Enroll: API call for new TPP registration

Request structure:

Attributes structure
Optionality
Type
Description
redirect_uris
Mandatory
Array of strings
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URIs in the exact format.
client_name
Mandatory
String
TPP application name.
client_type
Mandatory
String
OAuth defines two client types, based on their ability to authenticate securely with the authorization server (Confidential/Public). ASPSP does accept confidential clients only.
client_name#en-US
Optional
String
TPP name in the appropriate language / encoding.
logo_uri
Optional
URI
Application logo URI (or where to download it at registration).
contacts
Mandatory
Array of strings
E-mails as a contact to a responsible person on the TPP side.
scopes
Optional
Array of strings
Array of the required scopes by application. At registration, scopes are validated against the content of the certificate used.
license_number
Mandatory
String
License number obtain by national regulator.


Response structure:

Attributes structure
Optionality
Type
Description
client_id
Mandatory
String
The client_id assigned to application. This ID starts the authentication process and the communication process when replacing the code and refresh_token.
client_secret
Mandatory
String
Client_secret - password / token issued by the ASPSP for the application (client_id) of the TPP.
client_secret_expires_at
Optional
DateTime
Value 0 always returned.
api_key
Optional
String
Value "NOT_PROVIDED" always returned.


Update TPP (PUT Enroll)

Method of service: HTTP PUT

TPP data update. Client_id is sent in request (unique client_name is not enough). According to the correct process acquires TPP after successful registration via POST Enroll. Valid certificate is necessary.

TPP receive client_id after successful registration via POST Enroll.

Request structure:

Attributes structure
Optionality
Type
Description
redirect_uris
Mandatory
Array of strings
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URIs in the exact format.
client_name
Mandatory
String
TPP application name.
client_name#en-US
Optional
String
TPP name in the appropriate language / encoding.
client_type
Mandatory
String
OAuth defines two client types, based on their ability to authenticate securely with the authorization server (Confidential/Public). ASPSP does accept confidential clients only.
logo_uri
Optional
URI
Application logo URI (or where to download it at registration).
contacts
Mandatory
Array of strings
E-mails as a contact to a responsible person on the TPP side.
scopes
Optional
Array of strings
Array of the required scopes by application. At registration, scopes are validated against the content of the certificate used.


Response structure:

Attributes structure
Optionality
Type
Description
client_id
Mandatory
String
The unique identifier of the TPP application issued by the ASPSP.
redirect_uris
Mandatory
Array of strings
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URIs in the exact format.
client_name
Mandatory
String
TPP application name.
client_name#en-US
Optional
String
TPP name in the appropriate language / encoding.
logo_uri
Optional
URI
Application logo URI (or where to download it at registration).
contacts
Mandatory
Array of strings
E-mails as a contact to a responsible person on the TPP side.
scopes
Optional
Array of strings
Array of the required scopes by application. At registration, scopes are validated against the content of the certificate used.

Prerequisite: TPP is registered and approved by CSOB.


TPP Unregistration (DELETE Enroll)

Method of service: HTTP DELETE

DELETE Enroll call is using for TPP unregistration.

TPP deregistration = status “Unregistered”.

Request and Response Payload is empty.

Prerequisite: TPP is registered and approved by CSOB.


Renew Secret

Method of service: HTTP POST

TPP receive the new client_secret value by calling this resource. A valid certificate and client_id (already received) is required for a successful call. After successful calling and receiving a new client_secret, the original value is invalidated.

Request payload is empty.

Response structure

Attributes structure
Optionality
Type
Description
client_id
Mandatory
String
The client_id assigned to application. This ID starts the authentication process and the communication process when replacing the code and refresh_token.
client_secret
Mandatory
String
Client_secret - password / token issued by the ASPSP for the application (client_id) of the TPP.
client_secret_expires_at
Optional
DateTime
The default value is 0 (client_id never expires). Otherwise, the value is in seconds from 1970-01-01T0: 0: 0Z