If the termination of the transaction approval was successful.
","operationId":"abort","responses":{"204":{"description":"Transaction Approval session successfully terminated."},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"abortCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/dynamic-steps/{stepId}/activate":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"Activate step","description":"Activates a flow step.\nThe required next step action or an error if the step ID is invalid or the step could not be activated.
","operationId":"activate","responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The required next step action or an error if the step ID is invalid or the step could not be deactivated.
","operationId":"deactivate","responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"A list of dynamic steps with their activation information.
","operationId":"retrieve","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalDynamicStepActivationDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalDynamicStepActivationDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"retrieveCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/flows/{flowId}/select":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"Select flow","description":"\nSelects a transaction approval flow.\n
A success response with a next step indicating the required next action.
","operationId":"selectFlow","responses":{"200":{"description":" Transaction approval flow selection successful.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| UNEXPECTED_CALL | \nAnother transaction approval flow is already in progress. | \n
\n
\n
\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"404":{"description":"No flow with the requested ID exists.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectFlowCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"flowId","in":"path","description":"the ID of the selected flow as configured.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/transaction-approval/goto-targets/{stepId}/goto":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"Go to step","description":"Go to the selected flow step.\n
The required next step action or an error if the step ID is invalid.
","operationId":"doGoto","responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| GOTO_FAILED | \nThe selected step ID is not available. | \n
\n
\n
\n
Possible next step: always the same as before the goto call.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"doGotoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"stepId","in":"path","description":"The goto target's step ID.","required":true,"schema":{"maxLength":30,"minLength":1,"type":"string"}}]},"/transaction-approval/goto-targets/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"List goto steps","description":"Retrieves possible target steps of an interactive goto.\n
A list of target steps.
","operationId":"retrieve_1","responses":{"200":{"description":"The information has been successfully returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalGotoTargetAttributesDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalGotoTargetAttributesDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"retrieve_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/parameters":{"post":{"tags":["transaction-approval-rest-docs-openapi_Message Parameters"],"summary":"Validate and save","description":"Validate and save parameters for transaction approval.\nValidates and saves transaction approval message parameters and accepts an \"Auth Token ID\"\nthat identifies the device used for login.\nIn contrast to other endpoints,
null values are ignored here (no \"delete\" semantic).\n
Whether validation of the message parameters was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"validateAndConsume","requestBody":{"description":"Contains the id used for device selection in further steps and message parameters used to create a transaction approval message.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalParameterRequest"},"examples":{"Save transaction approval message parameters":{"description":"Save transaction approval message parameters","value":{"authTokenId":"12345","messageParameters":{"accountNumber":"12345","amount":"300","currency":"CHF"}}}}}}},"responses":{"200":{"description":"Message parameters and id for device selection successfully validated and saved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"If some parameters are missing or not supported.\n
Possible next step:
PARAMETERS_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"validateAndConsumeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/airlock-2fa/passcode/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Verify passcode","description":"Verifies the submitted Airlock 2FA passcode. The previously selected device has no impact on the passcode verification.\nNote that passcode checks are only possible if the step is in offline mode (using
POST /transaction-approval/airlock-2fa/offline/).\n
Whether the check was successful. If the attribute nextAuthStep is present in the response,\n further steps are required to successfully approve. If the attribute is missing, the message is\n successfully approved.
","operationId":"checkPasscode","requestBody":{"description":"Contains the passcode.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Airlock2FAPasscodeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| AIRLOCK_2FA_PASSCODE_WRONG | \nPasscode could not be validated successfully. Retry with correct passcode. | \n
\n
\n
\n
Possible next step:
AIRLOCK_2FA_PASSCODE_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| AIRLOCK_2FA_PASSCODE_WRONG | \nThe passcode could not be validated successfully and no retries are allowed. | \n
\n\n| AUTH_METHOD_INACTIVE | \nThe Airlock 2FA account is locked. No retries are allowed. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkPasscodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/airlock-2fa/status/poll":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Poll status","description":"
Polls Airlock 2FA transaction approval status.
\n
Allows polling whether the transaction was approved by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or switch to\noffline mode (POST /airlock-2fa/offline), if allowed by the configuration, and check the OTP manually\n(POST /airlock-2fa/otp/check).
\n
This endpoint is used for authentication using the Airlock 2FA factors One-Touch and Online QR Code, or for mobile-only authentication.
\n
The status of the online validation.\n If the attribute nextStep is present in the response, further steps are required\n to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"pollOnlineValidation","responses":{"200":{"description":"Transaction approval successful (if attribute
nextStep is missing),\ntransaction not yet validated (if
nextStep has value
AIRLOCK_2FA_POLLING_REQUIRED or
AIRLOCK_2FA_POLLING_OR_OTP_REQUIRED),\nfurther steps required in all other cases.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| TRANSACTION_DENIED | \nThe transaction was denied. This could be due to the user actively cancelling the transaction or a timeout. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"pollOnlineValidationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default
false). See
polling endpoints for details.","schema":{"type":"boolean"}}]},"/transaction-approval/airlock-2fa/devices/{id}/select":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Select device","description":"Selects one of the available Airlock 2FA devices to use for transaction approval.\n
Whether the device selection was successful. Gives information about the next transaction approval step required.
","operationId":"selectDevice","responses":{"200":{"description":"Airlock 2FA device successfully selected, notification sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| AIRLOCK_2FA_DEVICE_CHOICE_FAILED | \nInvalid ID selected. Retry with valid ID. | \n
\n
\n
\n
Possible next step:
AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected Airlock 2FA device.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/transaction-approval/airlock-2fa/offline":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Switch to offline","description":"Switch to Airlock 2FA offline transaction approval.\nThis will terminate any occurring online validation. As a consequence, any push notification sent can no longer be used to approve the transaction\nand subsequent online validation of the transaction is no longer possible.\nIf no validation was currently taking place when the call was made (because a device selection was required),\na new transaction approval process with Offline QR Code (only) will be transparently started.\n
This call is required to verify an OTP to validate an Offline QR Code challenge (POST /airlock-2fa/otp/check).\n
\n
Whether the switch to offline transaction approval was successful. Gives information about the next transaction approval step required.
","operationId":"switchToOffline","responses":{"200":{"description":"Successfully switched to offline transaction approval.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"switchToOfflineCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/airlock-2fa/otp/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Verify OTP","description":"Verifies the provided OTP to validate an Airlock 2FA Offline QR Code challenge.\nThe OTP is provided by the user (after scanning the Offline QR Code challenge).\n
Use this call for manual OTP validation for a AIRLOCK_2FA_OTP_REQUIRED next approval step.\n
\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"validateOfflineQrCode","requestBody":{"description":"Contains the Airlock 2FA OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| AIRLOCK_2FA_OTP_WRONG | \nOTP could not be validated successfully. Retry with correct OTP. | \n
\n
\n
\n
Possible next step:
AIRLOCK_2FA_OTP_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| AIRLOCK_2FA_OTP_WRONG | \nThe OTP could not be validated successfully and no retries are allowed. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"validateOfflineQrCodeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/cronto/otp/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"Verify Cronto OTP","description":"Verifies the submitted Cronto OTP.\nThe OTP was entered by the user (after scanning the cryptogram image) or returned by the Cronto app\n(when using the secure channel challenge in app-to-app communication).\n
Use this call for manual OTP validation for a CRONTO_OTP_REQUIRED next approval step\n(when \"onlineValidation\" was false, or offline fallback was selected by the user). Note that in any case\nmanually OTP checking cancels online validation. It is recommended to obtain the current\nchallenge again after each failed OTP check, as the \"onlineValidation\" flag could have changed.
\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"checkCrontoOtp","requestBody":{"description":"Contains the Cronto OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| CRONTO_OTP_WRONG | \nOTP could not be validated successfully. Retry with correct OTP. | \n
\n
\n
\n
Possible next step:
CRONTO_OTP_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| CRONTO_OTP_WRONG | \nThe OTP could not be validated successfully and no retries are allowed. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkCrontoOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/cronto/otp/poll":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"Poll challenge","description":"Cronto Challenge Polling.\nAllows polling whether the Cronto challenge has been answered by the app (\"online validation\"). If there\nhas not been any response from the app, keep polling in regular intervals or check the OTP manually\n(
POST /cronto/otp/check).\n
The status of the online validation (still waiting/success/cancelled/failed).\n If the attribute nextStep is present in the response, further steps are required\n to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"pollOnlineValidation_1","responses":{"200":{"description":"Challenge not yet validated (retry later or check OTP manually), transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| CRONTO_OTP_WRONG | \nThe OTP could not be validated successfully. | \n
\n\n| CANCELLED_BY_USER | \nThe process has been cancelled by the user in the app. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"pollOnlineValidation_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"queryOnly","in":"query","description":"Whether the final result should be returned (optional, default
false). See
polling endpoints for details.","schema":{"type":"boolean"}}]},"/transaction-approval/cronto/offline":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"Select offline","description":"Selects offline transaction approval. No push notification is sent to a device and no subsequent online validation\nof the response will be possible.\n
Whether the selection of offline transaction approval was successful. Gives information about the next transaction approval step required.
","operationId":"selectOfflineAuthentication","responses":{"200":{"description":"Successfully selected an offline device.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Offline selection failed. The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectOfflineAuthenticationCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/cronto/push-devices/{id}/select":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"Select push device","description":"Selects one of the active push devices to which the push notification will be sent.\n
Whether the device selection was successful. Gives information about the next transaction approval step required.
","operationId":"selectPushDevice","responses":{"200":{"description":"Push device successfully selected, notification sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| CRONTO_DEVICE_CHOICE_FAILED | \nInvalid ID selected. Retry with valid ID. | \n
\n
\n
\n
Possible next step:
CRONTO_DEVICE_CHOICE_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| CRONTO_DEVICE_CHOICE_FAILED | \nInvalid ID selected. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectPushDeviceCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"id","in":"path","description":"The ID of the selected push device.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/transaction-approval/email/otp/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Email OTP"],"summary":"Check email OTP","description":"Checks the submitted email OTP.\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"checkOtp","requestBody":{"description":"Request containing the OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| OTP_WRONG | \nThe OTP could not be validated successfully. | \n
\n
\n
\n
Possible next step:
EMAIL_OTP_CHECK_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| OTP_WRONG | \nThe OTP could not be validated successfully. No retries are possible. | \n
\n\n| OTP_EXPIRED | \nThe OTP has expired. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/email/otp/resend":{"post":{"tags":["transaction-approval-rest-docs-openapi_Email OTP"],"summary":"Resend email OTP","description":"Resends the email OTP.\n
Whether the resend was successful and informs about the nextStep.\n Additionally, the response includes information about the possibility of an OTP resend.
","operationId":"resendOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| EMAIL_OTP_RESEND_REFUSED | \nThe OTP could not be resent. | \n
\n
\n
\n
Possible next step:
EMAIL_OTP_CHECK_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"resendOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/fido/failure/report":{"post":{"tags":["transaction-approval-rest-docs-openapi_FIDO"],"summary":"Report FIDO failure","description":"Report a FIDO client failure.
Allows the client to report a FIDO failure, resulting in a step failure.
\n
The status of the flow. If the attribute nextStep is present in the response,\n further steps are required to successfully complete the flow.
","operationId":"handleClientFailure","requestBody":{"description":"Contains information (name and message) describing the failure.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoClientFailureRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required. This is only possible if \"On Failure Gotos\" are configured on the step.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| FIDO_APPROVAL_ABORTED | \n\tThe FIDO transaction approval has been aborted in the client. Returned if the reason in the request was \"ABORTED\". | \n
\n\n\t| FIDO_APPROVAL_NOT_ALLOWED | \n\tFIDO transaction approval was not allowed in the client. Returned if the reason in the request was \"NOT_ALLOWED\". | \n
\n\n\t| FIDO_WEB_AUTHN_NOT_AVAILABLE | \n\tThe browser/client does not support WebAuthn/FIDO. Returned if the reason in the request was \"NO_WEB_AUTHN\". | \n
\n\n\t| FIDO_APPROVAL_FAILED | \n\tReturned if any other error occurred in the client. Returned if the reason in the request was \"UNKNOWN\". | \n
\n
\n
\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"handleClientFailureCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/fido/assertion-response/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_FIDO"],"summary":"Verify response","description":"Verify the FIDO authenticator's response.\n
The FIDO authenticator's response to the challenge (obtained previously as additional attribute\nwith the FIDO_APPROVAL_ASSERTION_RESPONSE_REQUIRED next step code) contains information about the FIDO credential\nused for this transaction approval attempt as well as metadata that will be verified by IAM.
\n
This endpoint cannot verify or guarantee that the user has seen the transaction approval message sent with the challenge.\nThe FIDO/WebAuthn standard does currently not offer WYSIWYS (What you see is what you sign).
\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required.
","operationId":"verify","requestBody":{"description":"Contains the FIDO authenticator's response to the previously obtained challenge.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FidoAuthenticationPublicKeyCredentialRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| FIDO_APPROVAL_FAILED | \nThe response of the FIDO authenticator to the previously obtained challenge could not be successfully verified.\nAs a result, the transaction approval has failed and the flow has been terminated. No retries are possible. | \n
\n\n| FIDO_APPROVAL_TIMEOUT | \nThe response of the FIDO authenticator has timed out. | \n
\n
\n
\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"verifyCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/user/identify":{"post":{"tags":["transaction-approval-rest-docs-openapi_User"],"summary":"Identify user","description":"Identifies the transmitted username.\n
Whether the username check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, transaction approval\n of the user was successful.
","operationId":"checkUsername","requestBody":{"description":"Contains the username.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalUsernameCheckRequest"}}}},"responses":{"200":{"description":"Transaction approval successful or further steps required.\n
Possible next step:
PARAMETERS_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| USER_NOT_FOUND | \nThe user does not exist. | \n
\n
\n
\n
Possible next step:
USERNAME_REQUIRED.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkUsernameCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/matrix/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Matrix Cards"],"summary":"Verify response","description":"Verifies the submitted challenge response.\n
Whether the check was successful. If the attribute nextAuthStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction is\n successfully approved.
","operationId":"checkChallengeResponse","requestBody":{"description":"Contains the challenge response(s).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalMatrixChallengeCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| MATRIX_RESPONSE_WRONG | \nOne or more responses could not be validated successfully. Retry again.
\nSince challenge coordinates may change after failed attempts (depending on configuration),\nthe new ones might have to be requested again. | \n
\n
\n
\n
Possible next step:
MATRIX_RESPONSE_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| MATRIX_RESPONSE_WRONG | \nOne or more responses could not be validated successfully. | \n
\n\n| TOO_MANY_UNANSWERED_CHALLENGES | \nToo many challenges were requested but not answered. Try again later. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkChallengeResponseCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/message/acknowledge":{"post":{"tags":["transaction-approval-rest-docs-openapi_Message Acknowledgement"],"summary":"Acknowledge message","description":"Acknowledges a previously received message.\nThe message can be a pre-configured message ID or server-generated message, depending on the step configuration.\nIt has been received as an additional in a previous step response (as documented
here).\n
If the attribute nextStep is present in the response,\n further steps are required to successfully continue with the flow. If the attribute is missing,\n the transaction approval flow is successfully terminated.
","operationId":"acknowledgeMessageId","responses":{"200":{"description":"Message successfully acknowledged or further steps required (as documented
here).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"acknowledgeMessageIdCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/mtan/otp/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_SMS/mTAN"],"summary":"Check mTAN OTP","description":"Checks the submitted mTAN OTP.\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction approval\n of the user was successful.
","operationId":"checkMtanOtp","requestBody":{"description":"Request containing the mTAN OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction approval successful or further steps required.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| MTAN_OTP_WRONG | \nOTP could not be validated successfully. Retry with correct OTP. | \n
\n
\n
\n
Possible next step:
MTAN_OTP_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| MTAN_OTP_WRONG | \nOTP could not be validated successfully and no retries are allowed. | \n
\n\n| MTAN_OTP_EXPIRED | \nThe OTP has expired. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/mtan/otp/resend":{"post":{"tags":["transaction-approval-rest-docs-openapi_SMS/mTAN"],"summary":"Resend OTP","description":"Resends the mTAN OTP by SMS.\n
Whether the resend was successful and informs about the
nextStep.\n Additionally, the response includes information about the possibility of an OTP resend.\n
Deprecated: The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as additional attribute\n with the MTAN_OTP_REQUIRED next step code.
","operationId":"resendMtanOtp","responses":{"200":{"description":"The OTP has been resent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:03:00.629+02:00"},"included":[{"type":"transaction-approval.mtan.otp.resend.information","id":"731854796","attributes":{"otpResendPossible":false}}],"data":{"type":"transaction-approval.session","id":"572953137496921011","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:03:00.629+02:00"},"included":[{"type":"transaction-approval.mtan.otp.resend.information","id":"731854796","attributes":{"otpResendPossible":false}}],"data":{"type":"transaction-approval.session","id":"572953137496921011","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}}}},"400":{"description":"
\n\n| MTAN_OTP_RESEND_REFUSED | \nThe OTP could not be resent. | \n
\n
\n
\n
Possible next step:
MTAN_OTP_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Resend failed. The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"resendMtanOtpCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/mtan/tokens/{id}/select":{"post":{"tags":["transaction-approval-rest-docs-openapi_SMS/mTAN"],"summary":"Select token","description":"Selects one of the active mTAN tokens (phone numbers) for sending the OTP to.\n
Whether the token selection and sending of the OTP was successful. Gives information about the next transaction approval step required.\n Additionally, the response includes information about the possibility of an OTP resend.\n
Deprecated: The 'included' section containing resend information is deprecated and will be removed in a future version.\n The resend information is returned as additional attribute\n with the MTAN_OTP_REQUIRED next step code.
","operationId":"selectMtanToken","responses":{"200":{"description":"mTAN token successfully selected, OTP sent.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:03:00.629+02:00"},"included":[{"type":"transaction-approval.mtan.otp.resend.information","id":"731854796","attributes":{"otpResendPossible":false}}],"data":{"type":"transaction-approval.session","id":"572953137496921011","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"},"examples":{"Flow result":{"description":"Flow result","value":{"meta":{"type":"jsonapi.metadata.document","timestamp":"2025-07-03T11:03:00.629+02:00"},"included":[{"type":"transaction-approval.mtan.otp.resend.information","id":"731854796","attributes":{"otpResendPossible":false}}],"data":{"type":"transaction-approval.session","id":"572953137496921011","attributes":{"nextStep":"MTAN_OTP_REQUIRED","phoneNumber":"+41761234567","resendPossible":false}}}}}}}},"400":{"description":"
\n\n| MTAN_TOKEN_CHOICE_FAILED | \nInvalid mTAN token ID. Retry with valid ID. | \n
\n
\n
\n
Possible next step:
MTAN_TOKEN_CHOICE_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Selection failed. The current transaction approval flow has been aborted.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectMtanTokenCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"id","in":"path","description":"the ID of the selected mTAN token.","required":true,"schema":{"maxLength":50,"minLength":1,"type":"string"}}]},"/transaction-approval/otp/check":{"post":{"tags":["transaction-approval-rest-docs-openapi_Generic OTP"],"summary":"Verify OTP","description":"Checks the submitted OTP.\n
Whether the check was successful. If the attribute nextStep is present in the response,\n further steps are required to successfully approve the transaction. If the attribute is missing, the transaction\n has successfully been approved.
","operationId":"checkOtp_1","requestBody":{"description":"Request containing the OTP.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenericOtpCheckRequest"}}},"required":true},"responses":{"200":{"description":"Transaction successfully approved or further steps required.
Possible next step:
NEXT_OTP_REQUIRED (as documented
here).","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| OTP_WRONG | \nThe OTP could not be validated successfully. | \n
\n
\n
\n
Possible next step:
OTP_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"
\n\n| OTP_WRONG | \nThe OTP could not be validated successfully. | \n
\n\n| OTP_EXPIRED | \nThe OTP has expired. | \n
\n
\n
\n
The current transaction approval flow has been aborted.\n
Possible next step: none.\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"checkOtp_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/selection/options/{id}/select":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"Select option","description":"Selects the given option if available.\n
The selected next step or an error if the option is invalid.
","operationId":"selectOption","responses":{"200":{"description":"Selected the chosen step and requires next step actions.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceDocument"}}}},"400":{"description":"
\n\n| SELECTION_FAILED | \nThe selected option is not available. | \n
\n
\n
\n
Possible next step:
SELECTION_REQUIRED (as documented
here).\n","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}}},"options":{"operationId":"selectOptionCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]},"parameters":[{"name":"id","in":"path","description":"option to select.","required":true,"schema":{"maxLength":1000,"minLength":1,"type":"string"}}]},"/transaction-approval/airlock-2fa/devices/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as
additional attribute with the\n
AIRLOCK_2FA_DEVICE_CHOICE_REQUIRED next step code.\n
Retrieves all applicable Airlock 2FA devices.
\n
The collection of applicable Airlock 2FA devices
","operationId":"retrieveDeviceChoices","responses":{"200":{"description":"Available devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FADeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FADeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/airlock-2fa/mobile-only/challenge/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Get mobile-only challenge","description":"> [!caution]\n> This endpoint is deprecated. The mobile authentication URI is returned as
additional attribute with the\n
AIRLOCK_2FA_MOBILE_ONLY_CHALLENGE_RETRIEVAL_REQUIRED or
AIRLOCK_2FA_POLLING_REQUIRED next step codes.\n
Retrieves the challenge for transaction approval in case of mobile-only.
\n
a challenge in the form of a URI.
","operationId":"retrieveMobileOnlyChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAMobileOnlyChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAMobileOnlyChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveMobileOnlyChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/airlock-2fa/challenge/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Airlock 2FA"],"summary":"Get QR challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge is returned as
additional attribute with the
AIRLOCK_2FA_OTP_REQUIRED\nnext step code.\n
Returns the Offline QR Code challenge for Airlock 2FA.
\n
The challenge is delivered as a base64-encoded image.\nThe OTP returned by the user after scanning the image needs to be checked manually (POST /airlock-2fa/otp/check).
\n
A challenge for Airlock 2FA.
","operationId":"retrieveOfflineQrCodeChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAOfflineChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAOfflineChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveOfflineQrCodeChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/cronto/challenge/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"Get challenge","description":"> [!caution]\n> This endpoint is deprecated. The challenge information is returned as\n
additional attribute with the
CRONTO_OTP_REQUIRED next step code.\n
Returns a challenge for Cronto.
\n
The challenge is delivered as a base64-encoded image ('cryptogram') and as a string representation for\napp-to-app authentication.
\n
\nThe two attributes \"onlineValidation\" and \"pushed\" have only informative character and indicate\nthe recommended behavior for clients:\n
\n- If the \"onlineValidation\" attribute is true, the client application should not ask the user for the\nresponse OTP, as the app will send the response directly to the server (Scan&Login or Push use-cases).\nInstead, the client application should regularly poll (POST /cronto/otp/poll) to check if a response\nhas been received. There should be an option for the user to fall back to entering the OTP manually. Sending the\nmanually entered OTP to (POST /cronto/otp/check) cancels the online validation
\n- If also the \"pushed\" attribute is true, the challenge has been pushed to a Cronto app. In this case also\nthe cryptogram should not be displayed. Instead, the user should be informed about this and asked to confirm\nthe transaction on their Cronto app. Again, a fallback for offline situations should be available.\nIf \"pushed\" is true, \"onlineValidation\" is always also true.
\n
\n\n
A Cronto challenge.
","operationId":"retrieveChallenge","responses":{"200":{"description":"A challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalCrontoChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalCrontoChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveChallengeCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/cronto/push-devices/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Cronto"],"summary":"List devices","description":"> [!caution]\n> This endpoint is deprecated. The device choices are returned as\n
additional attributes with the
CRONTO_DEVICE_CHOICE_REQUIRED next step code.\n
Retrieves the set of active Cronto push devices.
\n
The collection of active Cronto push devices
","operationId":"retrievePushDeviceChoices","responses":{"200":{"description":"Available push devices retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalCrontoPushDeviceDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalCrontoPushDeviceDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrievePushDeviceChoicesCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/matrix/challenge/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Matrix Cards"],"summary":"Get challenges","description":"> [!caution]\n> This endpoint is deprecated. The challenges are returned as\n
additional attribute with the
MATRIX_RESPONSE_REQUIRED next step code.\n
Returns one or more challenges for matrix/index list transaction approval.
\n
A list of one or more matrix coordinates or index list indexes.
","operationId":"retrieveChallenge_1","responses":{"200":{"description":"The challenge has been returned.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalMatrixChallengeDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalMatrixChallengeDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveChallenge_1CorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/mtan/tokens/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_SMS/mTAN"],"summary":"List tokens","description":"> [!caution]\n> This endpoint is deprecated. The number choices are returned as\n
additional attributes with the
MTAN_TOKEN_CHOICE_REQUIRED next step code.\n
Retrieves the set of active mTAN tokens.
\n
The collection of active mTAN tokens.
","operationId":"retrieveMtanTokens","responses":{"200":{"description":"Available mTAN tokens retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalMtanTokenDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalMtanTokenDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveMtanTokensCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/mtan/otp/resend-info/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_SMS/mTAN"],"summary":"Verify OTP resend possible","description":"> [!caution]\n> This endpoint is deprecated. The resend information is returned as\n
additional attribute with the
MTAN_OTP_REQUIRED next step code.\n
Returns whether a new OTP can be resent by SMS.
\n
Whether an OTP resend is possible or not.
","operationId":"retrieveResendInfo","responses":{"200":{"description":"Returns information about a possible OTP resend.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalResendMtanOtpPossibleDataResourceDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalResendMtanOtpPossibleDataResourceDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveResendInfoCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}},"/transaction-approval/selection/options/retrieve":{"post":{"tags":["transaction-approval-rest-docs-openapi_Flow Control"],"summary":"List options","description":"> [!caution]\n> This endpoint is deprecated. The selection options are returned as\n
additional attribute with the
SELECTION_REQUIRED next step code.\n
Retrieval of available options for selection.
\n
Retrieves the available selection options in a transaction approval flow.
\n
The available options.
","operationId":"retrieveOptions","responses":{"200":{"description":"Available selection options retrieved.","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalSelectionOptionDataCollectionDocument"}},"application/json":{"schema":{"$ref":"#/components/schemas/TransactionApprovalSelectionOptionDataCollectionDocument"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"deprecated":true},"options":{"operationId":"retrieveOptionsCorsPreflight","responses":{"200":{"description":"Default response for CORS preflight requests.","headers":{"Access-Control-Allow-Origin":{"schema":{"type":"string"}},"Access-Control-Max-Age":{"schema":{"type":"integer","format":"int32"}},"Access-Control-Allow-Credentials":{"schema":{"type":"boolean"}},"Access-Control-Allow-Methods":{"schema":{"type":"string"}},"Access-Control-Allow-Headers":{"schema":{"type":"string"}}}},"400":{"description":"The request was invalid","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"401":{"description":"Invalid or missing authentication","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"403":{"description":"Access to the requested service is forbidden. Authentication will not help","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"500":{"description":"The service call did not succeed","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}},"501":{"description":"The active configuration does not support the requested operation","content":{"application/vnd.api+json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}},"application/json":{"schema":{"$ref":"#/components/schemas/ErrorDocumentResponse"}}}}},"x-cors":"true","tags":["transaction-approval-rest-docs-openapi_other"]}}},"components":{"schemas":{"TransactionApprovalParameterRequestMessageParametersOverride":{"minProperties":1,"type":"object","additionalProperties":{"type":"string","description":"Parameters that will be used to generate the transaction approval message.","nullable":true}},"TransactionApprovalFlowResultDataOverride":{"type":"object","properties":{"nextStep":{"type":"string","description":"Expected next step. See
table for corresponding endpoints."}},"additionalProperties":{"nullable":true}},"TransactionApprovalStepResponseOverride":{"type":"object","properties":{"nextStep":{"type":"string"}},"additionalProperties":{"nullable":true}},"Links":{"type":"object","description":"Represents links.","additionalProperties":{"$ref":"#/components/schemas/Link"}},"Relationships":{"description":"Members of the relationships object (\"relationships\") represent references from the resource object in which it's defined to other resource objects.","type":"object","additionalProperties":{"$ref":"#/components/schemas/Relationship"}},"TransactionApprovalFlowResultDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalFlowResultDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalFlowResultDataOverride"},"id":{"type":"string","description":"Authentication session identifier"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.session"]}},"description":"An included resource to which the primary data refers."},"TransactionApprovalDynamicStepActivationData":{"required":["activatable","activated","deactivatable"],"type":"object","properties":{"activatable":{"type":"boolean","description":"Whether this step is activatable from the current step."},"deactivatable":{"type":"boolean","description":"Whether this step is deactivatable from the current step."},"activated":{"type":"boolean","description":"Whether this step is currently activated."}},"description":"Attributes of this resource."},"TransactionApprovalDynamicStepActivationDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalDynamicStepActivationDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalDynamicStepActivationDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalDynamicStepActivationData"},"id":{"type":"string","description":"The target step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.dynamic-step"]}},"description":"A collection of included resources to which the primary data refers."},"TransactionApprovalGotoTargetAttributesData":{"type":"object","properties":{"treatedAsFailure":{"type":"boolean","description":"Whether an interactive goto to this target is treated as a failure (e.g. failed attempt counters are increased if applicable)."}},"description":"Attributes of this resource."},"TransactionApprovalGotoTargetAttributesDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalGotoTargetAttributesDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalGotoTargetAttributesDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalGotoTargetAttributesData"},"id":{"type":"string","description":"The step ID."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.goto-target"]}},"description":"A collection of included resources to which the primary data refers."},"TransactionApprovalParameterRequest":{"required":["messageParameters"],"type":"object","properties":{"authTokenId":{"maxLength":100000,"minLength":0,"type":"string","description":"The id that will be used to determine which devices can or can not be used for the further transaction approval process.","nullable":true},"messageParameters":{"$ref":"#/components/schemas/TransactionApprovalParameterRequestMessageParametersOverride"}}},"Airlock2FAPasscodeCheckRequest":{"required":["passcode"],"type":"object","properties":{"passcode":{"maxLength":40,"minLength":0,"type":"string","description":"The passcode to be checked."}}},"TransactionApprovalAirlock2FADeviceData":{"required":["capabilities"],"type":"object","properties":{"displayName":{"type":"string","description":"A short string which can be used to identify the device in a prompt. By default, the display name is the device model."},"capabilities":{"type":"array","description":"Deprecated for removal without replacement.","items":{"type":"string","enum":["ONE_TOUCH","TOTP","MOBILE_TOTP","QR_CODE"]}}},"description":"Attributes of this resource."},"TransactionApprovalAirlock2FADeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FADeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalAirlock2FADeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FADeviceData"},"id":{"type":"string","description":"The temporary id of this Airlock 2FA device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.airlock-2fa.device"]}},"description":"A collection of included resources to which the primary data refers."},"TransactionApprovalAirlock2FAMobileOnlyChallengeData":{"required":["authUri"],"type":"object","properties":{"authUri":{"type":"string","description":"URI that contains the challenge to be used by the authenticating mobile app to perform transaction approval. In scenarios where the authentication is performed by a dedicated authentication app, such as the Airlock 2FA app, the URI can also be used to perform the switch from the initiating app to the authentication app."}},"description":"Attributes of this resource."},"TransactionApprovalAirlock2FAMobileOnlyChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAMobileOnlyChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalAirlock2FAMobileOnlyChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAMobileOnlyChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.airlock-2fa.mobile-only.challenge"]}},"description":"An included resource to which the primary data refers."},"TransactionApprovalAirlock2FAOfflineChallengeData":{"required":["challengeImage"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image in format \"image/png\" encoded into a base64 string."}},"description":"Attributes of this resource."},"TransactionApprovalAirlock2FAOfflineChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAOfflineChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalAirlock2FAOfflineChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalAirlock2FAOfflineChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.airlock-2fa.challenge"]}},"description":"An included resource to which the primary data refers."},"GenericOtpCheckRequest":{"required":["otp"],"type":"object","properties":{"otp":{"maxLength":200,"minLength":1,"type":"string","description":"The OTP to be verified."}}},"CrontoPushDeviceData":{"type":"object","properties":{"id":{"type":"string","description":"The device ID."},"label":{"type":"string","description":"Optional label of the push device."},"platform":{"type":"string","description":"The device platform. One of 'IOS' or 'ANDROID'."}}},"TransactionApprovalCrontoChallengeData":{"required":["challengeImage","onlineValidation","pushed","secureChannelChallenge"],"type":"object","properties":{"challengeImage":{"type":"string","description":"Challenge image (cryptogram) in format \"image/png\" encoded into a base64 string."},"secureChannelChallenge":{"type":"string","description":"The secure channel challenge (for use in app-to-app scenarios)."},"onlineValidation":{"type":"boolean","description":"Indicates whether \"online validation\" is available (if true, the Cronto app can directly send the OTP to the server)."},"pushed":{"type":"boolean","description":"Indicates whether the challenge has been pushed directly to the device / Cronto app."},"pushDevices":{"type":"array","description":"Contains information about the device if the challenge has been pushed.","items":{"$ref":"#/components/schemas/CrontoPushDeviceData"}}},"description":"Attributes of this resource."},"TransactionApprovalCrontoChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalCrontoChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalCrontoChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalCrontoChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.cronto.challenge"]}},"description":"An included resource to which the primary data refers."},"TransactionApprovalCrontoPushDeviceData":{"type":"object","properties":{"id":{"type":"string","description":"The device ID."},"label":{"type":"string","description":"Label of the push device."},"defaultDevice":{"type":"boolean","description":"Indicates, whether this is the default device."}},"description":"Attributes of this resource."},"TransactionApprovalCrontoPushDeviceDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalCrontoPushDeviceDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalCrontoPushDeviceDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalCrontoPushDeviceData"},"id":{"type":"string","description":"The temporary id of this Cronto push device. To be used in the follow-up call to select a device."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.cronto.push-device"]}},"description":"A collection of included resources to which the primary data refers."},"FidoClientFailureRequest":{"required":["message","reason"],"type":"object","properties":{"reason":{"type":"string","description":"The reason for the client failure.","enum":["ABORTED","NOT_ALLOWED","NO_WEB_AUTHN","UNKNOWN"]},"message":{"maxLength":2000,"minLength":0,"type":"string","description":"A message describing the client failure."}}},"FidoAssertionPublicKeyCredentialData":{"required":["id","response","type"],"type":"object","properties":{"id":{"type":"string","description":"Base64url encoding of the FIDO credential ID used for this authentication attempt."},"type":{"type":"string","description":"Type of the FIDO credential."},"response":{"$ref":"#/components/schemas/FidoAuthenticatorAssertionData"}},"description":"Information about the assertion to be checked."},"FidoAuthenticationPublicKeyCredentialRequest":{"required":["publicKeyCredential"],"type":"object","properties":{"publicKeyCredential":{"$ref":"#/components/schemas/FidoAssertionPublicKeyCredentialData"}}},"FidoAuthenticatorAssertionData":{"required":["authenticatorData","clientDataJSON","signature"],"type":"object","properties":{"clientDataJSON":{"type":"string","description":"Contains the JSON-serialized client data passed to the authenticator by the client in order to generate this credential. The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it."},"authenticatorData":{"type":"string","description":"This attribute contains the authenticator data returned by the authenticator."},"signature":{"type":"string","description":"This attribute contains the raw signature returned from the authenticator."},"userHandle":{"maxLength":2147483647,"minLength":1,"type":"string","description":"This attribute contains the user handle returned from the authenticator, or null if the authenticator did not return a user handle."}},"description":"Data sent by the authenticator in response to the challenge."},"TransactionApprovalUsernameCheckRequest":{"required":["username"],"type":"object","properties":{"username":{"maxLength":500,"minLength":1,"type":"string"}}},"TransactionApprovalMatrixChallengeCheckRequest":{"required":["challengeResponse"],"type":"object","properties":{"challengeResponse":{"type":"object","additionalProperties":{"type":"string","description":"Map of the original challenge coordinate to the respective challenge response."},"description":"Map of the original challenge coordinate to the respective challenge response."}}},"TransactionApprovalMatrixChallengeData":{"required":["challenges"],"type":"object","properties":{"listId":{"type":"string","description":"The ID of the list being used (if available)."},"challenges":{"type":"array","description":"The challenge(s) containing the matrix coordinates or indexes.","items":{"type":"string"}}},"description":"Attributes of this resource."},"TransactionApprovalMatrixChallengeDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalMatrixChallengeDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalMatrixChallengeDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalMatrixChallengeData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.matrix.challenge"]}},"description":"An included resource to which the primary data refers."},"TransactionApprovalMtanTokenData":{"required":["number"],"type":"object","properties":{"label":{"type":"string","description":"Optional label of the phone number."},"number":{"type":"string","description":"The phone number with masked digits."},"defaultNumber":{"type":"boolean","description":"Indicates, whether this is the default number."}},"description":"Attributes of this resource."},"TransactionApprovalMtanTokenDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalMtanTokenDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalMtanTokenDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalMtanTokenData"},"id":{"type":"string","description":"The temporary id of this mTAN token. To be used in the follow-up call to select a token."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.mtan.token"]}},"description":"A collection of included resources to which the primary data refers."},"TransactionApprovalResendMtanOtpPossibleData":{"required":["otpResendPossible"],"type":"object","properties":{"otpResendPossible":{"type":"boolean","description":"Indicates whether an OTP resend may be requested by the client. An OTP resend is not possible, if the maximum amount of resends has already been exceeded."}},"description":"Attributes of this resource."},"TransactionApprovalResendMtanOtpPossibleDataResourceDocument":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/TransactionApprovalResendMtanOtpPossibleDataResourceObject"},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalResendMtanOtpPossibleDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalResendMtanOtpPossibleData"},"id":{"type":"string","description":"Identifies the instance of this resource; type and id together make a resource unique.\nWhile the server always returns a valid ID value, it MAY accept a client-generated ID in a request to create\na resource."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.mtan.otp.resend.information"]}},"description":"An included resource to which the primary data refers."},"TransactionApprovalSelectionOptionData":{"type":"object","properties":{"lastSelected":{"type":"boolean","description":"Flag indicating whether this selection was last selected. This flag is only sent if true."}},"description":"Attributes of this resource."},"TransactionApprovalSelectionOptionDataCollectionDocument":{"type":"object","properties":{"data":{"type":"array","items":{"$ref":"#/components/schemas/TransactionApprovalSelectionOptionDataResourceObject"}},"included":{"uniqueItems":true,"type":"array","description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","items":{"$ref":"#/components/schemas/ResourceObjectBase"}},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"TransactionApprovalSelectionOptionDataResourceObject":{"required":["id","type"],"type":"object","properties":{"attributes":{"$ref":"#/components/schemas/TransactionApprovalSelectionOptionData"},"id":{"type":"string","description":"The identifier of this option."},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"},"relationships":{"$ref":"#/components/schemas/Relationships"},"type":{"type":"string","description":"Identifies the type of this resource; type and id together make a resource unique.","enum":["transaction-approval.selection.option"]}},"description":"A collection of included resources to which the primary data refers."},"Meta":{"description":"Non-standard meta-information that can not be represented as an attribute or relationship.","type":"object","additionalProperties":{"nullable":true}},"Link":{"description":"A link **MUST** be represented as either: a string containing the link's URL or a link object.","oneOf":[{"description":"A string containing the link's URL.","type":"string","format":"uri-reference"},{"type":"object","required":["href"],"properties":{"href":{"description":"A string containing the link's URL.","type":"string","format":"uri-reference"},"meta":{"$ref":"#/components/schemas/Meta"}}}]},"ResourceIdentifierRef":{"description":"An object that identifies an individual resource","type":"object","nullable":true,"required":["id","type"],"properties":{"type":{"description":"The type of the resource","type":"string"},"id":{"description":"The unique identifier of the resource","type":"string"},"meta":{"$ref":"#/components/schemas/Meta"}}},"LinkageToOne":{"oneOf":[{"$ref":"#/components/schemas/ResourceIdentifierRef"}]},"LinkageToMany":{"type":"array","items":{"$ref":"#/components/schemas/ResourceIdentifierRef"},"minItems":0,"uniqueItems":true},"Linkage":{"oneOf":[{"$ref":"#/components/schemas/LinkageToOne"},{"$ref":"#/components/schemas/LinkageToMany"}]},"Relationship":{"type":"object","properties":{"links":{"$ref":"#/components/schemas/Links"},"data":{"$ref":"#/components/schemas/Linkage"},"meta":{"$ref":"#/components/schemas/Meta"}}},"ResourceObjectBase":{"type":"object","required":["type"],"properties":{"type":{"type":"string"},"id":{"type":"string"},"attributes":{"type":"object"},"relationships":{"$ref":"#/components/schemas/Relationships"},"links":{"$ref":"#/components/schemas/Links"},"meta":{"$ref":"#/components/schemas/Meta"}}},"Pagination":{"type":"object","properties":{"first":{"$ref":"#/components/schemas/Link"},"last":{"$ref":"#/components/schemas/Link"},"prev":{"$ref":"#/components/schemas/Link"},"next":{"$ref":"#/components/schemas/Link"}}},"Jsonapi":{"description":"An object describing the server's implementation.","type":"object","properties":{"version":{"description":"A string indicating the highest JSON:API version supported.","type":"string"},"ext":{"description":"An array of URIs for all applied extensions.","type":"array","items":{"type":"string","format":"uri-reference"}},"profile":{"description":"An array of URIs for all applied profiles.","type":"array","items":{"type":"string","format":"uri-reference"}},"meta":{"$ref":"#/components/schemas/Meta"}},"additionalProperties":false},"ResponseDocumentBase":{"type":"object","properties":{"meta":{"$ref":"#/components/schemas/Meta"},"included":{"description":"To reduce the number of HTTP requests, servers **MAY** allow responses that include related resources along with the requested primary resources. Such responses are called \"compound documents\".","type":"array","items":{"$ref":"#/components/schemas/ResourceObjectBase"},"uniqueItems":true},"links":{"description":"Link members related to the primary data.","allOf":[{"$ref":"#/components/schemas/Links"},{"$ref":"#/components/schemas/Pagination"}]},"jsonapi":{"$ref":"#/components/schemas/Jsonapi"}}},"JsonApiError":{"type":"object","description":"A list containing the specific errors.","properties":{"id":{"description":"A unique identifier for this particular occurrence of the problem.","type":"string"},"links":{"$ref":"#/components/schemas/Links"},"status":{"description":"The HTTP status code applicable to this problem, expressed as a string value.","type":"number"},"code":{"description":"An application-specific error code, expressed as a string value.","type":"string"},"title":{"description":"A short, human-readable summary of the problem. It **SHOULD NOT** change from occurrence to occurrence of the problem, except for purposes of localization.","type":"string"},"detail":{"description":"A human-readable explanation specific to this occurrence of the problem.","type":"string"},"source":{"type":"object","properties":{"pointer":{"description":"A JSON Pointer [RFC6901] to the associated entity in the request document [e.g. \"/data\" for a primary data object, or \"/data/attributes/title\" for a specific attribute].","type":"string"},"parameter":{"description":"A string indicating which query parameter caused the error.","type":"string"},"header":{"description":"A string indicating the name of a single request header which caused the error.","type":"string"}}},"meta":{"$ref":"#/components/schemas/Meta"}},"additionalProperties":false},"ErrorDocumentResponse":{"type":"object","additionalProperties":false,"allOf":[{"$ref":"#/components/schemas/ResponseDocumentBase"},{"type":"object","required":["errors"],"properties":{"errors":{"type":"array","items":{"$ref":"#/components/schemas/JsonApiError"},"uniqueItems":true}}}]}}},"x-tagGroups":[{"name":"Airlock IAM Transaction Approval REST API","tags":["transaction-approval-rest-docs-openapi-base_Airlock 2FA","transaction-approval-rest-docs-openapi-base_Cronto","transaction-approval-rest-docs-openapi-base_Email OTP","transaction-approval-rest-docs-openapi-base_FIDO","transaction-approval-rest-docs-openapi-base_Flow Control","transaction-approval-rest-docs-openapi-base_Generic OTP","transaction-approval-rest-docs-openapi-base_Matrix Cards","transaction-approval-rest-docs-openapi-base_Message Acknowledgement","transaction-approval-rest-docs-openapi-base_Message Parameters","transaction-approval-rest-docs-openapi-base_SMS/mTAN","transaction-approval-rest-docs-openapi-base_User","transaction-approval-rest-docs-openapi_Airlock 2FA","transaction-approval-rest-docs-openapi_Cronto","transaction-approval-rest-docs-openapi_Email OTP","transaction-approval-rest-docs-openapi_FIDO","transaction-approval-rest-docs-openapi_Flow Control","transaction-approval-rest-docs-openapi_Generic OTP","transaction-approval-rest-docs-openapi_Matrix Cards","transaction-approval-rest-docs-openapi_Message Acknowledgement","transaction-approval-rest-docs-openapi_Message Parameters","transaction-approval-rest-docs-openapi_SMS/mTAN","transaction-approval-rest-docs-openapi_User","transaction-approval-rest-docs-openapi_other"]}]}