Known issues log
All fixes for issues outlined on this list will be incorporated into the next version release, removed from this list and documented in the change control log of that standards version.
Ref # | Classification | Date reported | Issue summary | Proposed solution | Status | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
01 | Specification issue | Aug 3, 2024 | What should value of `exp` be in an introspection response with `"active": false` | Added explainer, will update the text in future specification versions. Also an errata candidate. | status:known issue | ||||||||
02 | Specification issue | Aug 26, 2024 | Contradictory statements regarding pagination 'Links' | Have published an explainer to communicate intent here: https://paymentsnz.atlassian.net/wiki/spaces/PaymentsDirectionAPIStandardsDevelopment/pages/1918533642 . This is a candidate for errata and inclusion in future standards versions. | status:known issue | ||||||||
03 | Specification issue | Sep 8, 2023 | Time as Customer - GAP v3.0.0 Security Profile | Introspection response states the Should | Added explainer here: https://paymentsnz.atlassian.net/wiki/spaces/PaymentsDirectionAPIStandardsDevelopment/pages/1921122308, will update the text in future specification versions. This is a candidate for errata and inclusion in future standards versions. | status:known issue | ||||||||
04 | Specification issue | Jun 26, 2023
| here are a couple of potential errors/omissions in the sequence diagram in Payments Initiation API Specification - v2.1.0 | Sequence Diagram (and subsequent standards versions too, probably)
| Corrected the diagram in v3.0 onwards. This is a candidate for errata and inclusion in any future patch changes for all other standards versions. | status:known issue | ||||||||
05 | Specification issue | Jan 13, 2025 | The PNZ v3.0 Security Profile lists the following statements: NZ Read and Write API Security Profile The NZ Read and Write API Security Profile extends from [FAPI Read+Write profile] FAPI-RW. This section identifies variations from FAPI-RW and the numbered section references where there is a variation in FAPI-RW. … 8.6 JWS Algorithm Considerations
And Section 8.6 of FAPI-RW indicates the following: Algorithm considerationsFor JWS, both clients and authorization servers
While at the same time in the PNZ v3.0 Security Profile JSON Security Suite section Step 2: Form the JOSE Header (table below)
This seems to be contradictory and should probably be clarified by:
In the meantime, we has assumed option 1 above and will be using the list of allowed algorithms for signing:
If this is not the correct assumption, can you please let me know so we can fix this up on our end. | Thanks for raising, it does seem that this could create some confusion. To clarify, 8.6 partially applies, since we follow:
But your assumption of option 1 is correct, the algorithms specified Probably the most practical approach would be to include this in a future update as a note to the Security Profile. In the meantime we will look to include in errata (when we publish this) in the near future. This is a candidate for errata and inclusion in any future patch changes for all other standards versions. | status:known issue | ||||||||
06 | Specification issue | Apr 2, 2025 | The spec and examples all use http not https https://github.com/PaymentsNZ/API-Event-Notification/blob/master/schemas/event-notification-schema.json#L152 but the docs show that this should be https (and I would have expected https) Event Notifications v3.0.1 | Event Notification Request | The API Centre will update and correct errata in the next standards version. | status:KNOWN ISSUE |
The intent of this page is to acknowledge and document current known issues with standards version(s) that have been reported, assessed and not actioned at this time as the issue does not warrant the creation and publication of a patch version.