TPP enroll update API call flow
API historyThis API allows to change enrollment of authorized third party provider.
Step 1: Request to change existing enrollment
Initiate PUT request to change existing enrollment with valid certificate and assigned Client ID (TPP ID):
|
TPP enroll update
Version1
|
URL LIVE
URL SANDBOX
|
PUT https://api.csob.sk/enroll/enroll/{client_id}
PUT https://api.csob.sk/enroll-test/enroll/{client_id}
|
Only authorized third parties which are approved on bank side are allowed to request changing their enrollment. TPP ID assigned by the bank must be in the URL of request. Third party’s data will be replaced by new values sent in request. On API Explorer web site there is a possibility to test API online (Try it) and download API definition (WADL, Open API).
Request:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/json;charset=UTF-8
|
Body
Attributes structure |
Optionality |
Type |
Description |
redirect_uris |
Mandatory |
Array of strings |
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URLs in the exact format |
client_name |
Mandatory |
String |
Third party name |
client_type |
Mandatory |
String |
OAuth defines two client types, based on their ability to authenticate securely with the authorization server (Confidential/Public). CSOB accepts confidential clients only. |
client_name#en-US |
Optional |
String |
Third party name in the appropriate language / encoding. |
logo_uri |
Optional |
URI |
Third party logo URL |
contacts |
Mandatory |
Array of strings |
E-mails as a contact to a responsible person at the third party side |
scopes |
Optional |
Array of strings |
Array of the required scopes by third party. At registration, scopes are validated against the content of the certificate used |
Response:
Header
|
Attributes structure
|
Optionality
|
Type
|
Description
|
|
Content-Type
|
Mandatory
|
String
|
application/json
|
Body
Attributes structure |
Optionality |
Type |
Description |
client_id |
Mandatory |
String |
Client id assigned to the third party by the bank. This ID is needed in further communication with the bank |
redirect_uris |
Mandatory |
Array of strings |
A list of URLs to which the authentication flow is redirected at the end. The authorization request must contain just one of these registered URLs in the exact format |
client_name |
Mandatory |
String |
Third party name |
client_name#en-US |
Optional |
String |
Third party name in the appropriate language / encoding |
logo_uri |
Optional |
URI |
Third party logo URL |
contacts |
Mandatory |
Array of strings |
E-mails as a contact to a responsible person at the third party side |
scopes |
Optional |
Array of strings |
Array of the required scopes by third party. At registration, scopes are validated against the content of the certificate used |
Example:
Request
PUT https://api.csob.sk/enroll/enroll/TIDgjzKuS7k HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json;charset=UTF-8
Content-Length: 512
Host: api.csob.sk
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
{
"redirect_uris": [
"https://www.csob.sk/psd2tpp"
],
"client_name": "PSD2 TPP a.s.",
"logo_uri": "http://www.csob.sk/images/logo2.jpg",
"client_type": "Confidential",
"contacts": ["developer@csob.sk"],
"scopes": ["AISP","PIISP"]
}
Response
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server-Process-ID: qUeuEuqpW6q96LGqLBpj29i6t5dGzmWw
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 05 Apr 2019 12:40:56 GMT
{
"client_id": "TIDgjzKuS7k",
"redirect_uris": [
"https://www.csob.sk/psd2tpp"
],
"client_name": "PSD2 TPP a.s.",
"logo_uri": "http://www.csob.sk/images/logo2.jpg",
"contacts": [
"developer@csob.sk"
],
"scopes": [
"AISP",
"PIISP"
]
}