TPP enroll update API call flow

API history

This API allows to change enrollment of authorized third party provider.


Step 1: Request to change existing enrollment

Initiate PUT request to change existing enrollment with valid certificate and assigned Client ID (TPP ID):

TPP enroll update
Version1
URL LIVE
URL SANDBOX
PUT https://api.csob.sk/enroll/enroll/{client_id}
PUT https://api.csob.sk/enroll-test/enroll/{client_id}

Only authorized third parties which are approved on bank side are allowed to request changing their enrollment. TPP ID assigned by the bank must be in the URL of request. Third party’s data will be replaced by new values sent in request. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).


Request:

Attributes structure
Optionality
Type
Description
redirect_uris
Mandatory
Array of strings
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URLs in the exact format
client_name
Mandatory
String
Third party name
client_type
Mandatory
String
OAuth defines two client types, based on their ability to authenticate securely with the authorization server (Confidential/Public). CSOB accepts confidential clients only.
client_name#en-US
Optional
String
Third party name in the appropriate language / encoding.
logo_uri
Optional
URI
Third party logo URL
contacts
Mandatory
Array of strings
E-mails as a contact to a responsible person at the third party side
scopes
Optional
Array of strings
Array of the required scopes by third party. At registration, scopes are validated against the content of the certificate used


Response:

Attributes structure
Optionality
Type
Description
client_id
Mandatory
String
Client id assigned to the third party by the bank. This ID is needed in further communication with the bank
redirect_uris
Mandatory
Array of strings
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URLs in the exact format
client_name
Mandatory
String
Third party name
client_name#en-US
Optional
String
Third party name in the appropriate language / encoding
logo_uri
Optional
URI
Third party logo URL
contacts
Mandatory
Array of strings
E-mails as a contact to a responsible person at the third party side
scopes
Optional
Array of strings
Array of the required scopes by third party. At registration, scopes are validated against the content of the certificate used


Example:

Request

PUT https://api.csob.sk/enroll/enroll/TIDgjzKuS7k HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json;charset=UTF-8
Content-Length: 512
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{
  "redirect_uris": [
  "https://www.csob.sk/psd2tpp"
  ],
  "client_name": "PSD2 TPP a.s.",
  "logo_uri": "http://www.csob.sk/images/logo2.jpg",
  "client_type": "Confidential",  
  "contacts": ["developer@csob.sk"],
  "scopes": ["AISP","PIISP"]
}


Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: qUeuEuqpW6q96LGqLBpj29i6t5dGzmWw
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 05 Apr 2019 12:40:56 GMT

{
    "client_id": "TIDgjzKuS7k",
    "redirect_uris": [
        "https://www.csob.sk/psd2tpp"
    ],
    "client_name": "PSD2 TPP a.s.",
    "logo_uri": "http://www.csob.sk/images/logo2.jpg",
    "contacts": [
        "developer@csob.sk"
    ],
    "scopes": [
        "AISP",
        "PIISP"
    ]
}