# Release Notes
This page documents updates to the Konsentus API.
As changes are deployed this page will be updated.
Any breaking changes will be communicated separately.
# [V1.7] - 23rd April 2019
More information on the transition from V1.6 to V1.7 is available on the Important Changes page.
- Changes to Core PSD2 & OBIE Consents Services
- Endpoint pluralisation is consistent across all endpoints.
- Removed
x-
prefix from custom headers. - Removed references
psd2_role
in all endpoint responses. - Removed required properties
tpp_id
andpsd2_role
from request bodies. - References to error property across all endpoints have been corrected to reflect that errors are returned as an array of objects.
- References to the values allowed in
scope
have been updated topayments
andaccounts
. - CCG Token will return a
warning
property when a PSP does not have correct payment service or has been withdrawn.
- Changes to PSP Checking Service (formerly TPP Checking Service)
- Removed data wrappers.
- Requests now takes a required jurisdiction query parameter.
- Updated
registerEntries
schema- Returns the
homeRegister
record of the PSP andhostRegister
record for the PSP if it exists in the requested jurisdiction. homeRegister
andhostRegister
have an array ofcategoryEntries
to reduce duplication.
- Returns the
- Introduction of new fields
ncaCountryCode
,registerType
,categoryName
. - Renamed:
eIDAS
/values
toeIDAS
/data
QTSP
toQTSPCommonName
legalName
topspSubjectName
NCA
/Name
toncaName
underhomeRegister
andhostRegister
.legalName
topspLegalName
.authorized
topspAuthStatus
.roles
topspPaymentServices
.
# [V1.6] - 6 March 2019
- Additional resources deployed for Konsentus NCA capabilities
- Update all endpoints to use eIDAS certificate checking service as authentication.
- Generated and documented new Konsentus test eIDAS certificates for a range of scenarios.
- GET /tpp/eidas/
- Updated roles to match PSD2 specification:
- 1 (PSP_PI) becomes 7 (Payment Initiation services),
- 2 (PSP_AI) becomes 8 (Account Information services),
- 3 (PSP_CBPII) becomes 5 (Issuing of payment instruments and/or acquiring of payment transactions).
- Other roles as per PSD2 specification.
- Updated roles to match PSD2 specification:
- GET /oauth2/tokens/account/{account_id}
- Returns the most recent 400 tokens related to a PSU account.
# [v1.5] - 30th January 2019
- Improvements made to user and API security
- Konsentus can generate test eIDAS certificates
# [v1.4] - 16th January 2019
- GET /tpp/eidas
- Documented bad request (200) scenarios
- Expanded rules for eIDAS QTSP checks
- Additional network security rules applied to infrastructure
# [v1.3] - 18th December 2018
- Tighter security controls applied to Konsentus private network
- Improved application monitoring
- Additional resources deployed for Konsentus NCA capabilities
# [v1.2] - 21st November 2018
- Security updates: Improved site resilience
- Improved application monitoring
- Increased TPP coverage
# [v1.1] - 11th October 2018
- Addition of OBIE endpoint:
- /v1/obie/payment_order_consents (GET)
- More TPPs data collected and updates to already existing TPPs in the system
# [v1.0] - 9th October 2018
Swagger
- Remove example request data as endpoints are no longer 'stubbed'
- Remove Content-Type Header from /v1/obie/token (GET)
Documentation
General Updates:
- Remove Content-Type Header from all GET and DELETE endpoints
- Update TPP id to use GB instead of UK
/v1/obie/account_access_consents (POST & GET)
- Remove references to
risk
object - Update response data (GET)
- Remove references to
/v1/oauth2/token
- Update response data (GET & DELETE)
# [v0.1] - 5th October 2018
Addition of OBIE endpoint:
- /v1/obie/payment_order_consents (POST) - First endpoint in the PISP consent grant journey
Update contract of:
- /v1/obie/account_access_consents (GET) to accept a CCG Token instead of eIDAS certificate
# [v0.1] - 28th September 2018
- Addition of OBIE endpoints:
- /v1/obie/token (GET)
- /v1/obie/account_access_consents (DELETE)
# [v0.1] - 13th September 2018
- Early release of OBIE endpoints
- /v1/obie/token
- /v1/obie/authorization_code (Persistence added)
- Documentation URL's deprecated
- https://sandbox.konsentus.com/api-docs (old) —> https://swagger.sandbox.konsentus-dev.com (new)
- https://sandbox.konsentus.com/docs (old) —> https://docs.sandbox.konsentus-dev.com (new)
# [v0.1] - 6th September 2018
- Early release of OBIE endpoints
- /v1/obie/ccg_token (POST)
- /v1/obie/account_access_consents (POST)
- /v1/obie/account_access_consents/{consent_id} (GET)
- /v1/obie/authorization_code (POST)
- Documentation URL's updated to subdomain (Old paths to be deprecated on 13th September)
- https://sandbox.konsentus.com/api-docs (old) —> https://swagger.sandbox.konsentus-dev.com (new)
- https://sandbox.konsentus.com/docs (old) —> https://docs.sandbox.konsentus-dev.com (new)
- Security Updates
- Removal of unused HTTP methods
- Mandatory passing of "content-type" required ("application/json")
- Rate limiting applied per IP (max of 15,000 requests per 5 minutes)
# [v0.1] - 30th August 2018
- Documentation authentication removed for both swagger and customer documentation
# [v0.1] - 17th August 2018
- Updated request and response property for all endpoints from:
client_id
totpp_id
. - Reformat URL namespace for account ID tokens from
v1/account/{account_id}/oauth2/tokens
to/v1/oauth2/tokens/account/{account_id}
- Add filter for FI when retrieving tokens by account_id.
- Updated country codes for NCAs (part of TPP service)
- UK to GB,
- EL to GR (Greece)
- SL to SI (Slovenia)
- Updated test eIDAS certificates to reference afforementioned country code updates.