Event Notification Subscriptions v3.0.0
- 1 Version Control
- 2 Overview
- 3 Basics
- 3.1 Overview
- 3.1.1 Steps
- 3.2 Sequence Diagram
- 3.1 Overview
- 4 Subscriptions for Real Time Event Notifications
- 5 Release Management
- 5.1 Event-Subscription Resource
- 5.2 POST
- 5.3 GET
- 5.4 PUT
- 5.5 DELETE
- 6 Event-Subscription per Third Party
- 7 Event Subscription Resource Overview
- 8 Endpoints
- 9 Data Model
- 9.1 Event Subscription - Request
- 9.1.1 UML Diagram
- 9.1.2 Notes
- 9.1.3 Data Dictionary
- 9.2 Event Subscription - Response
- 9.2.1 UML
- 9.2.2 Data Dictionary
- 9.3 Event Subscriptions - Response
- 9.3.1 UML
- 9.3.2 Data Dictionary
- 9.1 Event Subscription - Request
- 10 Errors
- 11 Usage Examples
Version Control
Overview
The Event Notification Subscription API Profile describes the flows and common functionality for the Event Notification Subscription API, which allows a Third Party to:
Register an event subscription with an API Provider to subscribe to event notifications.
A subscription can enable real time event notifications via a HTTP callback from the API Provider
Specify a list of event types to be notified on.
Optionally read, update or delete a registered event subscription.
This profile should be read in conjunction with a compatible Read/Write Data API Profile, a compatible Event Notification API Profile and compatible individual resources.
Basics
Overview
The steps and sequence diagram below provide a general outline of a notification flow for all resources in the R/W APIs.
Steps
Step 1: Setup Event Notification Subscription
This flow begins with a Third Party creating an event-subscription resource with an API Provider.
Step 2: Retrieve/Update/Delete Event Notification Subscription
The Third Party may optionally read/update/delete the event-subscription resource.
Sequence Diagram
Subscriptions for Real Time Event Notifications
API Providers may choose to offer Real Time Notifications. Third Parties will subscribe to the different notification event types using the event-subscription resource.
Real Time Event Notifications
Third Parties must register an event subscription with a CallbackUrl
for Third Party hosted services to receive real time event notifications from an API Provider (providing an API Provider supports this functionality).
The CallbackUrl
must end with the Event Notification API specification version number, followed by a path specified by the Third Party. This is referred to as the {callback-url}. See https://paymentsnz.atlassian.net/wiki/spaces/PaymentsNZAPIStandards/pages/1720811582/Event+Notifications+v3.0.0#Callback-URL-naming-convention for details.
For example:
URL: https://api.thirdparty.co.nz/open-banking-nz/v3.0/event-notifications
Aggregated Polling
Aggregated polling is not supported in this version of the standard.
Release Management
This section overviews the release management and versioning strategy for the Event Notification API.
Event-Subscription Resource
Third Parties must register for event-subscriptions with the version of Event Notification API they have implemented. The version field of the event-subscription resource is used for this purpose.
POST
A Third Party must only create an event-subscription on one version
GET
A Third Party must not access a event-subscription on an older version, via the EventSubscriptionId for an event-subscription created in a newer version.
E.g., a event-subscription created in v4, accessed via v3.
An API Provider must allow an event-subscription resource to be accessed in a newer version.
An API Provider must ensure event-subscription fields are unchanged when accessed in a different version.
PUT
A Third Party must not update an event-subscription on an older version via a EventSubscriptionId created in a newer version.
E.g., A event-subscription is created in v4, and a PUT request on v3.
An API Provider must support updating an event-subscription from a previous version via a EventSubscriptionId created in a newer version.
E.g., A event-subscription is created in v3, and a PUT request on v4.
DELETE
A Third Party must not delete an event-subscription on an older version via a EventSubscriptionId created in a newer version.
E.g. An event-subscription is created in v4, and request DELETE on v3.
An API Provider must support deleting an event-subscription from a previous version via a EventSubscriptionId created in a newer version.
E.g., An event-subscription is created in v3, and request DELETE on v4.
Event-Subscription per Third Party
An API Provider will maintain at most, a single event-subscription resource per Third Party.
Event Subscription Resource Overview
The Event Subscription resource is used by a Third Party to subscribe to events with an API Provider.
This resource description should be read in conjunction with a compatible Event Notification Subscription Profile.
Endpoints
A Third Party will set up and maintain its event subscription details (URL, event types and version number) using the event-subscription resource.
Resource | HTTP Operation | Endpoint | Mandatory ? | Scope | Grant Type | Idempotency Key | Request Object | Response Object |
---|---|---|---|---|---|---|---|---|
event-subscription | POST | POST /event-subscriptions | Mandatory | accounts | Client Credentials | No | NZEventSubscription1 | NZEventSubscriptionResponse1 |
event-subscription | GET | GET /event-subscriptions | Mandatory | accounts | Client Credentials | No | n/a | NZEventSubscriptionsResponse1 |
event-subscription | PUT | PUT /event-subscriptions/{EventSubscriptionId} | Mandatory | accounts | Client Credentials | No | NZEventSubscriptionResponse1 | NZEventSubscriptionResponse1 |
event-subscription | DELETE | DELETE /event-subscriptions/{EventSubscriptionId} | Mandatory | accounts | Client Credentials | No | n/a | n/a |
POST /event-subscriptions
The API endpoint allows the Third Party to ask an API Provider to create a new event-subscription resource.
The POST action allows the Third Party to register an event subscription for a Third Party to access event notifications.
The API Provider creates the event-subscription resource and responds with a unique EventSubscriptionId to refer to the resource.
An API Provider must respond with a 409 error if an event-subscription exists for that Third Party.
GET /event-subscriptions
The API endpoint allows the Third Party to ask an API Provider to retrieve its event-subscription resource.
The API Provider retrieves the event-subscription resource and responds with the resource.
PUT /event-subscriptions/{EventSubscriptionId}
The API endpoint allows the Third Party to ask an API Provider to update an event-subscription resource.
The PUT action allows the Third Party to update an event subscription for a Third Party to access event notifications.
The API Provider updates the event-subscription resource and responds with the updated resource.
DELETE /event-subscriptions/{EventSubscriptionId}
The API endpoint allows the Third Party to ask an API Provider to delete an event-subscription resource.
The API Provider deletes the event-subscription resource.
Data Model
Event Subscription - Request
The NZEventSubscription1 object will be used for the call to:
POST /{callback-url}
UML Diagram
Notes
For the NZEventSubscription1 object:
Third Party must provide
CallbackUrl
, when subscribing for events.Third Party must provide the
Version
of Resources, for which they want to subscribe the events for. E.g. if supplied with value "3.0", Third Party indicates the subscription for the change in state of resources created in v3.0 versionEventTypes usage:
Third Parties must provide a list of event types to subscribe to specific events.
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
NZEventSubscription1 |
| NZEventSubscription1 |
| NZEventSubscription1 |
|
|
Data | 1..1 | NZEventSubscription1/Data |
| NZEventSubscriptionData1 |
|
|
CallbackUrl | 1..1 | NZEventSubscription1/Data/CallbackUrl | Callback URL for a Third Party hosted service. Will be used by API Providers to send event notifications to. | xs:anyURI |
|
|
Version | 1..1 | NZEventSubscription1/Data/Version | Version for the event notification. | Max10Text |
|
|
EventTypes | 1..n | NZEventSubscription1/Data/EventTypes | Array of event types the subscription applies to. | NZEventType1Code |
|
|
Event Subscription - Response
The NZEventSubscriptionResponse1 object will be used for a response to a call to:
POST /event-subscriptions
PUT /event-subscriptions/{EventSubscriptionId}
UML
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
NZEventSubscriptionResponse1 |
| NZEventSubscriptionResponse1 |
| NZEventSubscriptionResponse1 |
|
|
Data | 1..1 | NZEventSubscriptionResponse1/Data |
| NZEventSubscriptionResponseData1 |
|
|
EventSubscriptionId | 1..1 | NZEventSubscriptionResponse1/Data/EventSubscriptionId | Unique identification as assigned by the API Provider to uniquely identify the callback URL resource. | Max128Text |
|
|
CallbackUrl | 1..1 | NZEventSubscriptionResponse1/Data/CallbackUrl | Callback URL for a Third Party hosted service. Will be used by API Providers to send event notifications to. | xs:anyURI |
|
|
Version | 1..1 | NZEventSubscriptionResponse1/Data/Version | Version for the event notification. | Max10Text |
|
|
EventTypes | 1..n | NZEventSubscriptionResponse1/Data/EventTypes | Array of event types the subscription applies to. | NZEventType1Code |
|
|
Event Subscriptions - Response
The NZEventSubscriptionsResponse1 object will be used for a response to a call to:
GET /event-subscriptions
UML
Data Dictionary
Name | Occurrence | XPath | EnhancedDefinition | Class | Codes | Pattern |
---|---|---|---|---|---|---|
NZEventSubscriptionsResponse1 |
| NZEventSubscriptionsResponse1 |
| NZEventSubscriptionsResponse1 |
|
|
Data | 1..1 | NZEventSubscriptionsResponse1/Data |
| NZEventSubscriptionsResponseData1 |
|
|
EventSubscription | 0..n | NZEventSubscriptionsResponse1/Data/EventSubscription |
| NZEventSubscriptionResponseData1 |
|
|
EventSubscriptionId | 1..1 | NZEventSubscriptionsResponse1/Data/EventSubscription/EventSubscriptionId | Unique identification as assigned by the API Provider to uniquely identify the callback url resource. | Max128Text |
|
|
CallbackUrl | 1..1 | NZEventSubscriptionsResponse1/Data/EventSubscription/CallbackUrl | Callback URL for a Third Party hosted service. Will be used by API Providers to send event notifications to. | xs:anyURI |
|
|
Version | 1..1 | NZEventSubscriptionsResponse1/Data/EventSubscription/Version | Version for the event notification. | Max10Text |
|
|
EventTypes | 1..n | NZEventSubscriptionsResponse1/Data/EventSubscription/EventTypes | Array of event types the subscription applies to. | NZEventType1Code |
|
|
Errors
The following error scenarios can occur during event subscription creation or modification:
POST /event-subscriptions)
PUT /event-subscriptions/{EventSubscriptionId}
Scenario | HTTP Response code | Notes |
---|---|---|
The event subscription request was malformed, missing mandatory fields or had invalid values | 400 Bad Request | This includes invalid event identifiers or version information, as well as callback URLs that are not supported |
The request did not include correct or sufficient credentials | 401 Unauthorized |
|
The supplied token has incorrect scope or a security policy was violated | 403 Forbidden |
|
The request was attempted with a HTTP method that is not allowed | 405 Method Not Allowed | e.g. PATCH |
Supplied | 406 Not Acceptable |
|
The supplied request payload was not in a format supported by the API | 415 Unsupported Media Type | e.g. XML payload instead of JSON |
The third party made too many requests within a specified time | 429 Too Many Requests |
|
Something went wrong on the API gateway or service implementation | 500 Internal Server Error | The API provider MAY supply more information in the response body |
The API provider has not (yet) implemented the requested endpoint or method | 501 Not Implemented |
|
The requested API version has been deprecated, or is not available | 503 Service Unavailable |
|
The following error scenarios can occur during event subscription retrieval and deletion:
GET /event-subscriptions
DELETE /event-subscriptions/{EventSubscriptionId}
Scenario | HTTP Response code | Notes |
---|---|---|
Invalid headers, EventSubscriptionId or query parameters, or otherwise malformed request | 400 Bad Request |
|
The request did not include correct or sufficient credentials | 401 Unauthorized |
|
The supplied token has incorrect scope or a security policy was violated | 403 Forbidden |
|
The request was attempted with a HTTP method that is not allowed | 405 Method Not Allowed | e.g. PATCH |
Supplied | 406 Not Acceptable |
|
The third party made too many requests within a specified time | 429 Too Many Requests |
|
Something went wrong on the API gateway or service implementation | 500 Internal Server Error | The API provider MAY supply more information in the response body |
The API provider has not (yet) implemented the requested endpoint or method | 501 Not Implemented |
|
The requested API version has been deprecated, or is not available | 503 Service Unavailable |
|
Usage Examples
Create Event Subscription
POST Event Subscription Request
POST /event-subscriptions HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865
Content-Type: application/json
Accept: application/json
{
"Data": {
"CallbackUrl": "https://Third Party.co.nz/open-banking-nz/v3.0/event-notifications",
"Version": "3.0",
"EventTypes": [
"urn:nz:co:paymentsnz:apicentre:events:enduring-payment-consent-revoked"
]
}
}
POST Event Subscription Response
HTTP/1.1 201 Created
x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865
Content-Type: application/json
{
"Data": {
"EventSubscriptionId": "CB-101",
"CallbackUrl": "https://Third Party.co.nz/open-banking-nz/v3.0/event-notifications",
"Version": "3.0",
"EventTypes": [
"urn:nz:co:paymentsnz:apicentre:events:enduring-payment-consent-revoked"
]
},
"Links": {
"Self": "https://api.alphabank.co.nz/open-banking-nz/v3.0/event-subscriptions/CB-101"
},
"Meta": {}
}
Get Event Subscriptions
GET Event Subscription Request
GET /event-subscriptions HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-interaction-id: 86ebcd82-8e38-4f2d-a79c-965b41d15865
Accept: application/json
GET Event Subscription Response