feat: add thirdparty api specification and supporting docs #90
Conversation
|
Thanks for this @lewisdaly - having the readme docs, API definition doc and the yaml files (openapi 3.x) is all we need! |
|
Great! Thanks @elnyry-sam-k . |
fix: readme table fix: unbound arrays feat: update _sync_docs to reflect new master docs feat: update svgs feat: copy across puml sources from pisp repo feat: copy across puml sources from pisp repo chore: refactor assets dir chore: refactor assets dir chore: rerender svgs feat: update puml styling feat: rerender puml chore: clean up pumls chore: clean up pumls chore: clean up pumls chore: clean up pumls feat: tidy up todos from tx patterns docs chore: cleaning up heading indents chore: cleaning up heading indents chore: cleaning up heading indents chore: cleaning up heading indents chore: add toc chore: add toc feat: clean up error codes chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting chore: clean api formatting feat: clean up error scenarios for linking feat: clean up error scenarios for linking feat: clean up error scenarios for linking feat: clean up error scenarios for linking feat: clean up error scenarios for transfer
|
@ehenrka it's ready to go again for another review. I think I addressed most of your comments, and I marked those I was sure I addressed as "resolved". I still am yet to update the swagger files, but I'll wait until you are happy with the |
|
I'm working on reviewing the updates now, sorry for the delay as I had to prioritize other tasks last week. A generic comment is that the formatting is more consistent, but it lacks the variables formatting (from the new section 1.1 Conventions Used in This Document) with italics everywhere that I have seen so far. As an example:
Should be: Callback and data model information for GET /accounts/{ID}:
Should be fairly simple to just do a search and replace of instance of "/{ID}" to "/_{ID}_".. |
Ah I see - I missed that nuance |
thirdparty-api/README.md
Outdated
|
|
||
| | **Term** | **Alternative and Related Terms** | **Definition** | **Source** | | ||
| | --- | --- | --- | --- | | ||
| | **Payment Initiation Service Provider** | PISP, 3rd Party Payment Initiator (3PPI) | "Regulated entities like retail banks or third parties, that allow customers to make payments without accessing bank accounts or cards | [PSD2](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015L2366&qid=1633311418487) | |
There was a problem hiding this comment.
"Regulated entities ...
Remove the "
thirdparty-api/README.md
Outdated
| | **Term** | **Alternative and Related Terms** | **Definition** | **Source** | | ||
| | --- | --- | --- | --- | | ||
| | **Payment Initiation Service Provider** | PISP, 3rd Party Payment Initiator (3PPI) | "Regulated entities like retail banks or third parties, that allow customers to make payments without accessing bank accounts or cards | [PSD2](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015L2366&qid=1633311418487) | | ||
| | **FSP** | Provider, Financial Service Provider (FSP), Payment Service Provider, Digital Financial Services Provider (DFSP) | The entity that provides a digital financial service to an end user (either a consumer, a business, or a government.) In a closed-loop payment system, the Payment System Operator is also the provider. In an open- loop payment system, the providers are the banks or non-banks which participate in that system. | [ITU-T](https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ECOPO-2018-PDF-E.pdf) | |
There was a problem hiding this comment.
In an open- loop payment system ...
"open- loop" should be "open-loop"
thirdparty-api/data-models.md
Outdated
| #### 3.1.1 `/accounts` | ||
|
|
||
| The `/accounts` resource is used to request information from a DFSP relating to the accounts | ||
| it holds for a given identifier. The identifier is given to the PISP by the user, and the |
There was a problem hiding this comment.
But this is the first time "identifier" is used. How should I as a reader know that I have to read section 3.1.1.1.1 to know what an identifier is?
|
|
||
| ##### 3.1.1.1 Requests | ||
|
|
||
| This section describes the services that a PISP can request on the /accounts resource. |
There was a problem hiding this comment.
Still not formatted correctly. Section 1.1 says:
| Type of Information | Convention | Example |
|---|---|---|
| Elements of the API, such as resources | Boldface | /authorization |
| Variables | Italics with in angle brackets | {ID} |
...
|
|
||
| | Name | Cardinality | Type | Description | | ||
| | --- | --- | --- | --- | | ||
| | accountList | 1 | AccountList | Information about the accounts that the DFSP associates with the identifier sent by the PISP. | |
There was a problem hiding this comment.
Yes, it will require more work in each update to keep links correct, but it also makes the document a lot easier to read. We have it in the API Definition at least for most of the links, though some links have probably slipped away. For the updates I have done recently, I'm using a script to incremenent each subsequent section/figure/table/listing number if I want to add a section/figure/table/listing in the middle of the document.
But I'm leaving the decision up to you, it is not like the document can't be used without the links, just a lot more reader-friendly.
| the PISP. | ||
|
|
||
|
|
||
| 1. _let `consentId` be the value of the `body.consentId` in the **POST /consents** request_ |
There was a problem hiding this comment.
- let ...
- let ...
Use uppercase "L" in "Let ..."
|
|
||
| | Reference | Description | Version | Link | | ||
| | --- | --- | --- | --- | | ||
| | Ref. 1 | Open API for FSP Interoperability | `1.1` | [API Definition v1.1](https://github.com/mojaloop/mojaloop-specification/blob/master/fspiop-api/documents/v1.1-document-set/API%20Definition%20v1.1.md)| |
There was a problem hiding this comment.
The reference to the FSPIOP API Definition is currently not used in this document. But, I think it would be good if you could point to Section 3 in the FSPIOP API Definition, where the architecture of the API is detailed, as I think the same the same basic architecture is used for the Third Party API? Maybe as part of the introduction.
|
|
||
| ## <a id='DerivingtheChallenge'></a>6.1 Deriving the Challenge | ||
|
|
||
| 1. let `quote` be the value of the response body from the **PUT /quotes/{ID}** call |
There was a problem hiding this comment.
- let ...
- let ...
- let ...
Please use "Let" instead of "let".
Additionally, in Section 3.6.1 in the linking document, the steps was in italics. Please use similar formatting.
|
|
||
| ## <a id='badpayeelookup'></a> 5.1 Unsuccessful Payee Lookup | ||
|
|
||
| <!-- TODO: update these sequences with updated error codes --> |
There was a problem hiding this comment.
<!-- TODO: update these sequences with updated error codes -->
Either fix todo or remove it before release
| - _privatekey_ (stored by the PISP when creating the credential), as a base64 encoded utf-8 string | ||
| - SHA256() is a one way hash function, as defined in [RFC6234](https://datatracker.ietf.org/doc/html/rfc6234) | ||
| - sign(data, key) is a signature function that takes some data and a private key to produce a signature | ||
| 2. let _challengeHash_ be the result of applying the SHA256() function over the _challenge_ |
There was a problem hiding this comment.
- let ...
- let ...
Please use "Let" instead of "let".
Additionally, in Section 3.6.1 in the linking document, the steps was in italics (but it is not used in 6.1). Please use similar formatting.
|
Thanks @ehenrka. I found I can't comment on some of the comments you made, so I'll include some replies below:
Yep, Credential is defined in section 3.2.1.10
I'd rather we just suggest to the PISP to call the |
That is perfectly fine by me. |
|
@lewisdaly - as we discussed in the CCB meeting, is this now ready to go? (can you please update the branch etc).. @ehenrka any further comments? |
|
I'm happy with the updates from @lewisdaly. |
|
Great! Thanks @ehenrka. @elnyry-sam-k I guess we are good to merge in then... |
|
Thanks @lewisdaly , please go ahead! |
Closes #70
This PR adds the Third Party API specification, along with supporting documentation, sequences etc.
TODOS:
POST /thirdpartyRequests/authorizationsbased on @ehenrka feedback: Draft API Definition for the PISP / third party API #70 (comment)