# Release Notes

This page documents updates to the Konsentus API.

As changes are deployed this page will be updated.

Any breaking changes will be communicated separately.

# [V1.7] - 23rd April 2019

More information on the transition from V1.6 to V1.7 is available on the Important Changes page.

• Changes to Core PSD2 & OBIE Consents Services
  • Endpoint pluralisation is consistent across all endpoints.
  • Removed x- prefix from custom headers.
  • Removed references psd2_role in all endpoint responses.
  • Removed required properties tpp_id and psd2_role from request bodies.
  • References to error property across all endpoints have been corrected to reflect that errors are returned as an array of objects.
  • References to the values allowed in scope have been updated to payments and accounts.
  • CCG Token will return a warning property when a PSP does not have correct payment service or has been withdrawn.
• Changes to PSP Checking Service (formerly TPP Checking Service)
  • Removed data wrappers.
  • Requests now takes a required jurisdiction query parameter.
  • Updated registerEntries schema
    • Returns the homeRegister record of the PSP and hostRegister record for the PSP if it exists in the requested jurisdiction.
    • homeRegister and hostRegister have an array of categoryEntries to reduce duplication.
  • Introduction of new fields ncaCountryCode, registerType, categoryName.
  • Renamed:
    • eIDAS/values to eIDAS/data
    • QTSP to QTSPCommonName
    • legalName to pspSubjectName
    • NCA/Name to ncaName under homeRegister and hostRegister.
    • legalName to pspLegalName.
    • authorized to pspAuthStatus.
    • roles to pspPaymentServices.

# [V1.6] - 6 March 2019

• Additional resources deployed for Konsentus NCA capabilities
• Update all endpoints to use eIDAS certificate checking service as authentication.
• Generated and documented new Konsentus test eIDAS certificates for a range of scenarios.
• GET /tpp/eidas/
  • Updated roles to match PSD2 specification:
    • 1 (PSP_PI) becomes 7 (Payment Initiation services),
    • 2 (PSP_AI) becomes 8 (Account Information services),
    • 3 (PSP_CBPII) becomes 5 (Issuing of payment instruments and/or acquiring of payment transactions).
    • Other roles as per PSD2 specification.
• GET /oauth2/tokens/account/{account_id}
  • Returns the most recent 400 tokens related to a PSU account.

# [v1.5] - 30th January 2019

• Improvements made to user and API security
• Konsentus can generate test eIDAS certificates

# [v1.4] - 16th January 2019

• GET /tpp/eidas
  • Documented bad request (200) scenarios
  • Expanded rules for eIDAS QTSP checks
• Additional network security rules applied to infrastructure

# [v1.3] - 18th December 2018

• Tighter security controls applied to Konsentus private network
• Improved application monitoring
• Additional resources deployed for Konsentus NCA capabilities

# [v1.2] - 21st November 2018

• Security updates: Improved site resilience
• Improved application monitoring
• Increased TPP coverage

# [v1.1] - 11th October 2018

• Addition of OBIE endpoint:
  • /v1/obie/payment_order_consents (GET)
• More TPPs data collected and updates to already existing TPPs in the system

# [v1.0] - 9th October 2018

Swagger

• Remove example request data as endpoints are no longer 'stubbed'
• Remove Content-Type Header from /v1/obie/token (GET)

Documentation

• General Updates:

  • Remove Content-Type Header from all GET and DELETE endpoints
  • Update TPP id to use GB instead of UK

• /v1/obie/account_access_consents (POST & GET)

  • Remove references to risk object
  • Update response data (GET)

• /v1/oauth2/token

  • Update response data (GET & DELETE)

---

# [v0.1] - 5th October 2018

• Addition of OBIE endpoint:

  • /v1/obie/payment_order_consents (POST) - First endpoint in the PISP consent grant journey

• Update contract of:

  • /v1/obie/account_access_consents (GET) to accept a CCG Token instead of eIDAS certificate

# [v0.1] - 28th September 2018

• Addition of OBIE endpoints:
  • /v1/obie/token (GET)
  • /v1/obie/account_access_consents (DELETE)

# [v0.1] - 13th September 2018

• Early release of OBIE endpoints
  • /v1/obie/token
  • /v1/obie/authorization_code (Persistence added)
• Documentation URL's deprecated
  • https://sandbox.konsentus.com/api-docs (old) —> https://swagger.sandbox.konsentus-dev.com (new)
  • https://sandbox.konsentus.com/docs (old) —> https://docs.sandbox.konsentus-dev.com (new)

# [v0.1] - 6th September 2018

• Early release of OBIE endpoints
  • /v1/obie/ccg_token (POST)
  • /v1/obie/account_access_consents (POST)
  • /v1/obie/account_access_consents/{consent_id} (GET)
  • /v1/obie/authorization_code (POST)
• Documentation URL's updated to subdomain (Old paths to be deprecated on 13th September)
  • https://sandbox.konsentus.com/api-docs (old) —> https://swagger.sandbox.konsentus-dev.com (new)
  • https://sandbox.konsentus.com/docs (old) —> https://docs.sandbox.konsentus-dev.com (new)
• Security Updates
  • Removal of unused HTTP methods
  • Mandatory passing of "content-type" required ("application/json")
  • Rate limiting applied per IP (max of 15,000 requests per 5 minutes)

# [v0.1] - 30th August 2018

• Documentation authentication removed for both swagger and customer documentation

# [v0.1] - 17th August 2018

• Updated request and response property for all endpoints from: client_id to tpp_id.
• Reformat URL namespace for account ID tokens from v1/account/{account_id}/oauth2/tokens to /v1/oauth2/tokens/account/{account_id}
• Add filter for FI when retrieving tokens by account_id.
• Updated country codes for NCAs (part of TPP service)
  • UK to GB,
  • EL to GR (Greece)
  • SL to SI (Slovenia)
• Updated test eIDAS certificates to reference afforementioned country code updates.