{
"swagger": "2.0",
"info": {
"title": "Dynamic Client Registration API",
"description": "This specification defines the APIs for a TPP to submit a Software Statement Assertion to an ASPSP for the purpose of creating OAuth clients that are registered with ASPSP.\n",
"termsOfService": "https://www.openbanking.org.uk/terms",
"contact": {
"name": "Service Desk",
"email": "ServiceDesk@openbanking.org.uk"
},
"license": {
"name": "open-licence",
"url": "https://www.openbanking.org.uk/open-licence"
},
"version": "v3.1-RC1"
},
"basePath": "/open-banking/v3.1/aisp",
"schemes": [
"https"
],
"consumes": [
"application/jwt"
],
"produces": [
"application/json"
],
"paths": {
"/register": {
"post": {
"summary": "Register a client by way of a Software Statement Assertion",
"description": "Endpoint will be secured by way of Mutual Authentication over TLS",
"tags": [
"Client Registration",
"Conditional"
],
"parameters": [
{
"$ref": "#/parameters/ClientRegistration"
}
],
"responses": {
"201": {
"$ref": "#/responses/OBClientRegistration1"
},
"400": {
"$ref": "#/responses/400Error"
}
}
}
}
},
"parameters": {
"Authorization": {
"in": "header",
"name": "Authorization",
"type": "string",
"required": true,
"description": "An Authorisation Token as per https://tools.ietf.org/html/rfc6750"
},
"ClientId": {
"name": "ClientId",
"description": "The client ID",
"in": "path",
"type": "string",
"required": true
},
"ClientRegistration": {
"name": "requestBody",
"description": "A request to register a Software Statement Assertion with an ASPSP",
"in": "body",
"schema": {
"type": "string",
"format": "OBClientRegistration1"
}
}
},
"responses": {
"OBClientRegistration1": {
"description": "Client registration",
"schema": {
"allOf": [
{
"$ref": "#/definitions/OBRegistrationProperties1"
},
{
"required": [
"client_id"
]
}
]
}
},
"400Error": {
"description": "Request failed due to client error",
"schema": {
"$ref": "#/definitions/RegistrationError"
}
},
"401Error": {
"description": "Request failed due to unknown or invalid Client or invalid access token",
"headers": {
"WWW-Authenticate": {
"description": "Response header field specified in https://tools.ietf.org/html/rfc6750",
"type": "string",
"pattern": "^Bearer .*"
}
}
},
"403Error": {
"description": "The client does not have permission to read, update or delete the Client"
},
"405Error": {
"description": "Method Not Allowed"
}
},
"definitions": {
"SupportedAlgorithms": {
"type": "string",
"enum": [
"RS256",
"ES256"
]
},
"OBRegistrationProperties1": {
"type": "object",
"required": [
"redirect_uris",
"token_endpoint_auth_method",
"grant_types",
"scope",
"software_statement",
"application_type",
"id_token_signed_response_alg",
"request_object_signing_alg",
"tls_client_auth_dn"
],
"properties": {
"client_id": {
"description": "OAuth 2.0 client identifier string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_secret": {
"description": "OAuth 2.0 client secret string",
"type": "string",
"minLength": 1,
"maxLength": 36
},
"client_id_issued_at": {
"description": "Time at which the client identifier was issued expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32",
"minimum": 0
},
"client_secret_expires_at": {
"description": "Time at which the client secret will expire expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC. Set to 0 if does not expire",
"type": "integer",
"format": "int32",
"minimum": 0
},
"redirect_uris": {
"type": "array",
"items": {
"type": "string",
"format": "uri",
"minLength": 1,
"maxLength": 256
}
},
"token_endpoint_auth_method": {
"type": "string",
"enum": [
"client_secret_basic"
]
},
"grant_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"client_credentials",
"authorization_code"
]
},
"minItems": 1
},
"response_types": {
"type": "array",
"items": {
"type": "string",
"enum": [
"code",
"code id_token"
]
}
},
"software_id": {
"type": "string"
},
"scope": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 32
}
},
"software_statement": {
"type": "string",
"format": "JWT"
},
"application_type": {
"type": "string",
"enum": [
"web",
"mobile"
]
},
"id_token_signed_response_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"request_object_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"token_endpoint_auth_signing_alg": {
"$ref": "#/definitions/SupportedAlgorithms"
},
"tls_client_auth_dn": {
"type": "string",
"minLength": 1,
"maxLength": 128
}
}
},
"OBClientRegistration1": {
"allOf": [
{
"type": "object",
"required": [
"iss",
"iat",
"exp",
"aud",
"jti"
],
"properties": {
"iss": {
"description": "Unique identifier for the TPP. Implemented as Base62 encoded GUID",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,18}$",
"minLength": 1,
"maxLength": 18
},
"iat": {
"description": "The time at which the request was issued by the TPP expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"exp": {
"description": "The time at which the request expires expressed as seconds since 1970-01-01T00:00:00Z as measured in UTC",
"type": "integer",
"format": "int32"
},
"aud": {
"description": "The audience for the request. This should be the unique identifier\nfor the ASPSP issued by the issuer of the software statement.\nImplemented as Base62 encoded GUID\n",
"type": "string",
"pattern": "^[0-9a-zA-Z]{1,18}$",
"minLength": 1,
"maxLength": 18
},
"jti": {
"description": "Unique identifier for the JWT implemented as UUID v4",
"type": "string",
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$",
"minLength": 36,
"maxLength": 36
}
}
},
{
"$ref": "#/definitions/OBRegistrationProperties1"
}
]
},
"RegistrationError": {
"type": "object",
"required": [
"error"
],
"properties": {
"error": {
"type": "string",
"enum": [
"invalid_redirect_uri",
"invalid_client_metadata",
"invalid_software_statement",
"unapproved_software_statement"
]
},
"error_description": {
"type": "string",
"minLength": 1,
"maxLength": 500
}
}
}
},
"securityDefinitions": {
"TPPOAuth2Security": {
"type": "oauth2",
"flow": "application",
"description": "TPP client credential authorisation flow with the ASPSP. No scopes defined as per specification",
"tokenUrl": "https://authserver.example/token"
}
}
}