Release Notes

This page documents updates to the Konsentus API.

As changes are deployed this page will be updated.

Any breaking changes will be communicated separately.

[V1.7] - 23rd April 2019

More information on the transition from V1.6 to V1.7 is available on the Important Changes page.

  • Changes to Core PSD2 & OBIE Consents Services
    • Endpoint pluralisation is consistent across all endpoints.
    • Removed x- prefix from custom headers.
    • Removed references psd2_role in all endpoint responses.
    • Removed required properties tpp_id and psd2_role from request bodies.
    • References to error property across all endpoints have been corrected to reflect that errors are returned as an array of objects.
    • References to the values allowed in scope have been updated to payments and accounts.
    • CCG Token will return a warning property when a PSP does not have correct payment service or has been withdrawn.
  • Changes to PSP Checking Service (formerly TPP Checking Service)
    • Removed data wrappers.
    • Requests now takes a required jurisdiction query parameter.
    • Updated registerEntries schema
      • Returns the homeRegister record of the PSP and hostRegister record for the PSP if it exists in the requested jurisdiction.
      • homeRegister and hostRegister have an array of categoryEntries to reduce duplication.
    • Introduction of new fields ncaCountryCode, registerType, categoryName.
    • Renamed:
      • eIDAS/values to eIDAS/data
      • QTSP to QTSPCommonName
      • legalName to pspSubjectName
      • NCA/Name to ncaName under homeRegister and hostRegister.
      • legalName to pspLegalName.
      • authorized to pspAuthStatus.
      • roles to pspPaymentServices.

[V1.6] - 6 March 2019

  • Additional resources deployed for Konsentus NCA capabilities
  • Update all endpoints to use eIDAS certificate checking service as authentication.
  • Generated and documented new Konsentus test eIDAS certificates for a range of scenarios.
  • GET /tpp/eidas/
    • Updated roles to match PSD2 specification:
      • 1 (PSP_PI) becomes 7 (Payment Initiation services),
      • 2 (PSP_AI) becomes 8 (Account Information services),
      • 3 (PSP_CBPII) becomes 5 (Issuing of payment instruments and/or acquiring of payment transactions).
      • Other roles as per PSD2 specification.
  • GET /oauth2/tokens/account/{account_id}
    • Returns the most recent 400 tokens related to a PSU account.

[v1.5] - 30th January 2019

  • Improvements made to user and API security
  • Konsentus can generate test eIDAS certificates

[v1.4] - 16th January 2019

  • GET /tpp/eidas
    • Documented bad request (200) scenarios
    • Expanded rules for eIDAS QTSP checks
  • Additional network security rules applied to infrastructure

[v1.3] - 18th December 2018

  • Tighter security controls applied to Konsentus private network
  • Improved application monitoring
  • Additional resources deployed for Konsentus NCA capabilities

[v1.2] - 21st November 2018

  • Security updates: Improved site resilience
  • Improved application monitoring
  • Increased TPP coverage

[v1.1] - 11th October 2018

  • Addition of OBIE endpoint:
    • /v1/obie/payment_order_consents (GET)
  • More TPPs data collected and updates to already existing TPPs in the system

[v1.0] - 9th October 2018


  • Remove example request data as endpoints are no longer 'stubbed'
  • Remove Content-Type Header from /v1/obie/token (GET)


  • General Updates:

    • Remove Content-Type Header from all GET and DELETE endpoints
    • Update TPP id to use GB instead of UK
  • /v1/obie/account_access_consents (POST & GET)

    • Remove references to risk object
    • Update response data (GET)
  • /v1/oauth2/token

    • Update response data (GET & DELETE)

[v0.1] - 5th October 2018

  • Addition of OBIE endpoint:

    • /v1/obie/payment_order_consents (POST) - First endpoint in the PISP consent grant journey
  • Update contract of:

    • /v1/obie/account_access_consents (GET) to accept a CCG Token instead of eIDAS certificate

[v0.1] - 28th September 2018

  • Addition of OBIE endpoints:
    • /v1/obie/token (GET)
    • /v1/obie/account_access_consents (DELETE)

[v0.1] - 13th September 2018

  • Early release of OBIE endpoints
    • /v1/obie/token
    • /v1/obie/authorization_code (Persistence added)
  • Documentation URL's deprecated
    • (old) —> (new)
    • (old) —> (new)

[v0.1] - 6th September 2018

  • Early release of OBIE endpoints
    • /v1/obie/ccg_token (POST)
    • /v1/obie/account_access_consents (POST)
    • /v1/obie/account_access_consents/{consent_id} (GET)
    • /v1/obie/authorization_code (POST)
  • Documentation URL's updated to subdomain (Old paths to be deprecated on 13th September)
    • (old) —> (new)
    • (old) —> (new)
  • Security Updates
    • Removal of unused HTTP methods
    • Mandatory passing of "content-type" required ("application/json")
    • Rate limiting applied per IP (max of 15,000 requests per 5 minutes)

[v0.1] - 30th August 2018

  • Documentation authentication removed for both swagger and customer documentation

[v0.1] - 17th August 2018

  • Updated request and response property for all endpoints from: client_id to tpp_id.
  • Reformat URL namespace for account ID tokens from v1/account/{account_id}/oauth2/tokens to /v1/oauth2/tokens/account/{account_id}
  • Add filter for FI when retrieving tokens by account_id.
  • Updated country codes for NCAs (part of TPP service)
    • UK to GB,
    • EL to GR (Greece)
    • SL to SI (Slovenia)
  • Updated test eIDAS certificates to reference afforementioned country code updates.
Last Updated: 6/25/2020, 11:35:40 AM