| | | |
---|
1.0.0 | 01 March 2019 | Payments NZ API Working Group | Baseline Account Information specifications |
v2.0-draft1 | May 31, 2019 | @Gavin Wong (Unlicensed) | Updates: References to "account request" to "account access consent" References to "Financial Institution" to "API Provider" Updated and standardised draft1-Steps to: Step 1: Agree Account Access Consent Step 2: Create Account Access Consent Step 3: Authorise Consent Step 4: Request Data Step 5: Retrieve Status (consistency for all specifications)
Step 3: Authorise Consent includes alternative flows for: In a redirection flow In a decoupled flow
Updated draft1-ConsentAuthorisation to reference authorization code flow can either be redirect or decoupled Updated section heading "Changes to Selected Account(s)" to draft1-ConsentUpdates and clarified that: "An API Provider must not allow a Customer to update the parameters of an account-access-consent." "The Customer must select the accounts to which the consent is linked at the point of consent authorisation." from "The Customer must select the accounts to which the consent should be applied at the point of consent authorisation."
Updated language in draft1-TransactionTo/FromDateTime to clarify "The API Provider must restrict access..." instead of "The Third Party must be restricted to..."
Additions: Data Model and Usage Examples added to draft1-DocumentStructure draft1-ReleaseManagement section for accessing Account Information APIs - taken from OBIE v3.1.2 but reworded for clarity draft1-AccountInformationResources section to describe sub-page content Added guidance (per OBIE v3.1.2) to draft1-Permissions to clarify that "While it is duplication for a Third Party to request a "Basic" permission code and the corresponding "Detail" permission code, it is not a malformed request, and the API Provider must not reject the request solely on the basis of duplication." Guidance in draft1-DetailPermissions that "The ReadStatementsDetail is required to access the statement file download via: /accounts/{AccountId}/statements/{StatementId}/file" draft1-ConsentRe-authentication (to align with OBIE v3.1.2)
Removed: References to "v1.0" "Accounts other than domestic retail Bank accounts." in draft1-OutofScope as scope of accounts has not been agreed. References in draft1-Scope to "it is not clear from a Legal perspective how the changing of these details over time.." as no longer relevant. "Handling Expired Account-Requests" as duplicated
Errata: |
v2.0-draft2 | Jul 8, 2019 | @Gavin Wong (Unlicensed) | Updates: References to intent-id to ConsentId Added loop for Step 4 in v2.0-draft2-SequenceDiagram Renamed Consent Re-authentication to "Re-authorisation" in v2.0-draft2-ConsentRe-authorisation References to authorization code grant updated to generic "authorisation flow" Updated references to "older version" to "lower version" and "newer version" to "higher version" (from Technical Decision 006)
Additions: In draft1-Steps clarification that "The account-access-consent is a long lived consent." in draft2-Scope clarification that "... the API specification is silent on what account types must be accessible" - reflecting Business Decision - 003 - Account Type Scope
Errata: |
v2.0-draft3 | Oct 17, 2019 | @Gavin Wong (Unlicensed) | Additions: Rejection scenarios for: draft3-ExpirationDateTime for "The ExpirationDateTime value is in the past" draft3-TransactionTo/FromDateTime for "The TransactionToDateTime value is in the past" draft3-TransactionTo/FromDateTime for "The TransactionToDateTime not greater than the TransactionFromDateTime"
Updates: |
v2.0-rc2 | Dec 23, 2019 | @Gavin Wong (Unlicensed) | Updates: Errata: Updating references to “resources” to clarify language Updated references to “account-requests” In the Steps section updated “The API Provider chooses either the redirection flow or a decoupled flow” to “The Third Party chooses either the redirection flow or a decoupled flow”
|
v2.0.0 | Mar 20, 2020 | @Gavin Wong (Unlicensed) | Errata: |
v2.0.1 | Jul 17, 2020 | @Gavin Wong (Unlicensed) | Patch update to Swagger specification to include documented query parameters. |
v2.0.2 | Nov 5, 2022 | @Nigel Somerfield | Patch update to Swagger specification to BECSRemittance - DebtorReference and CreditorReference - specify additionalProperties: false |