It summarizes the changes in the AA APIs requested by the AA ecosystem community. You can send the suggestions/queries regarding AA APIs changes by mailing us on aa-api@rebit.org.in .
Below changes are done in request body ConsentRequests model.
fiTypes from common model
FITypes
FIType enum values were defined multiple times causing
inconsistency.FIType with enum values and
referred it in all occurences in API spec.Summary of changes in YAML
{
fiTypes:
$ref: '#/definitions/FITypes'
}
type field of DataConsumer elementWhy was this change needed? There is a need to distinguish data consumer as USER if AA client
is consuming the data from FIP instead of FIU. Also in future if a mechanism is implemented to incentivize the
FIP for data, data fetch from FIU and data fetch from AA needs to be distinguished.
What about the old fields? NA
Has any data changed? Yes, a new enumeration value 'USER' is added.
What has changed in the API? Added new enumeration value as 'USER' in the
DataConsumer field of ConsentDetail model.
Other APIs impacted due to this change:
{
type:
type: string
description: Type of DataConsumer
enum:
- FIU
- AA
- USER //Added
example: AA
}
Frequency field.Frequency field in
ConsentsRequest model. FIU needs to implement business logic as per the updated description.{
Frequency:
description: Defines frequency of FI data fetch within the defined time unit. E.g. HOURLY,DAILY,MONTHLY,YEARLY.
The maximum frequency value that can be defined is 1 request per HOUR. Similaraly it will be 24 requests per DAY and so on. Frequency can not be set below 1 request per hour.
type: object
}
Below changes are done in the response body i.e. Consent Artefact Model and
SignedConsentDetail Model which is decrypted value of signedConsent field in
ConsentArtefact model. Also, the ConsentDetail model is renamed to SignedConsentDetail for better clarity.
fiTypes from common model
FITypes
Related to change in POST /Consent API.
{
fiTypes:
$ref: '#/definitions/FITypes'
}
type field of DataConsumer elementRelated to change in POST /Consent API.
{
type:
type: string
description: Type of DataConsumer
enum:
- FIU
- AA
- USER //Added
example: AA
}
Frequency field.Related to change in POST /Consent API.
{
Frequency:
description: Defines frequency of FI data fetch within the defined time unit. E.g. HOURLY,DAILY,MONTHLY,YEARLY.
The maximum frequency value that can be defined is 1 request per HOUR. Similaraly it will be 24 requests per DAY and so on. Frequency can not be set below 1 request per hour.
type: object
}
Below changes are done in the request body i.e. Keymaterial Model which is referred in the
FIRequest model.
params, Nonce field and added an example
params field description in the
KeyMaterial model with exact cryptographic parameters to be used as
"cipher=AES/GCM/NoPadding;KeyPairGenerator=ECDH". Also, updated description of Nonce field to
mention that Nonce should have a fixed length and added a reference on how Nonce should be formed{
params:
type: string
xml:
attribute: true
description: 'Specifies the secure standard cryptographic primitives to perform
end to end encryption. Use Key-Value pair separated by a semicolon. The value
given for cryptographic primitives in example should be used for symmetric
encryption(AES-256 bits, GCM-128 bits and No Padding) and key exchangeprotocol(ECDH).'
example: 'cipher=AES/GCM/NoPadding;KeyPairGenerator=ECDH'
}
{
Nonce:
type: string
example: '29512b70-ca84-46b5-9471-63765599cf15'
description: 'Nonce is a random string generated every time during the publishing of
Ephemeral public key to ensure that old communications cannot be reused in replay
attacks.Nonce should have a fixed length. Unlike random numbers, random strings do
not require byte ordering. Hence session keys can be generated in a platform
independent way. Ref: https://tools.ietf.org/html/rfc5116'
}
Below changes are done in the response body i.e. Keymaterial Model and encryptedFI field which is referred in the
FIFetchResponse model.
params and Nonce fieldRelated to change in POST /FI/Request API.
{
params:
type: string
xml:
attribute: true
description: 'Specifies the secure standard cryptographic primitives to perform
end to end encryption. Use Key-Value pair separated by a semicolon. The value
given for cryptographic primitives in example should be used for symmetric
encryption(AES-256 bits, GCM-128 bits and No Padding) and key exchangeprotocol(ECDH).'
example: 'cipher=AES/GCM/NoPadding;KeyPairGenerator=ECDH'
}
{
Nonce:
type: string
example: '29512b70-ca84-46b5-9471-63765599cf15'
description: 'Nonce is a random string generated every time during the publishing of
Ephemeral public key to ensure that old communications cannot be reused in replay
attacks.Nonce should have a fixed length. Unlike random numbers, random strings do
not require byte ordering. Hence session keys can be generated in a platform
independent way. Ref: https://tools.ietf.org/html/rfc5116'
}
encryptedFI fieldencryptedFI field was incorrectly considered as file data type
instead of string after compilation.encryptedFI field of
FIFetchResponse model. GET /FI/Fetch/{sessionId} from Experimental FIP API{
encryptedFI:
type: string
format: binary //Removed
description: Contains the encrypted financial information based on the
key material defined corresponding to the user's Account.
}
format: byteformat:byte is specified for x-jws-signature header and signedConsent
field. Hence the string will be considered as base64 encoded string. However the format is not correct as JWS
signature contains multiple base64 encoded strings connected with "." (dot). This might cause issue
while compiling.format: byte{
format: byte // Removed
}