Change an app data
➤ Prerequisites
In order to be able to use this method, you need to fulfill the eligibility criteria.
To modify at least one app data; the "client_id" is the one received using the method POST /register.
➤ PUT /register/{client_id}
Example (sandbox) : PUT https://www.17515.sandbox.api.89C3.com/stet/setting/v1/register/AGTFR-ACPR-12345001 (see swager "setting" in documentation section of this portal)
with the client_id = the one the TPP received in our response of the enrolment (using the POST /register).
HTTP Headers
| Name | (O)ptionnal / (R)equired | Description |
|---|---|---|
| x-request-id | R | Request correlation id. This id must be a string generated by the TPP. |
| Signature | R | As registration requests must also provide a signature, the TPP must sign this request with the private key corresponding to the QSEALC certificate. |
| digest | R | SHA256 body digest base 64 encoded. |
| Authorization | R | bearer access_token previously received. |
HTTP Body
| Name | (O)ptionnal / (R)equired / (F)orbidden | Description |
|---|---|---|
| redirect_uris | R | String array. It contains all URIs (scheme and authority according to RFC 3986, comma separated) that TPP can use in DSP2 redirect requests. Any URI used afterwards in PSD2 API but not provided in this registration process will be refused. |
| token_endpoint_auth_method | R | String. Value shall be "tls_client_auth". |
| grant_types | R | String array. Value shall be "client_credentials". |
| response_types | R | String array. Value shall be “code”. |
| client_name | R | String. This is the TPP unique legal name. |
| client_uri | O | String. TPP or agent Web page URI. Not used |
| logo_uri | O | String. TPP or agent logo URI. Not used |
| scope | R | String. TPP scopes are comma separated, and possible values are : “aisp” and/or “pisp” and/or “cbpii” Example : “aisp” Example : “aisp, pisp” Note : the scope is also mandatory for agents. In that case, the values included in this field shall be the ones from the TPP. |
| contact | R | String. Data for mandatory contact details : "contact": { "contact_name": "string", "email": "string", "phone_number": "string" } |
| tos_uri | O | String. URI that points to a human-readable terms of service document for the client. Not used. |
| policy_uri | O | String. URI that points to a human-readable policy document for the client. Not used. |
| provider_legal_id | R | String. TPP National Authorization number according to ETSI specification on eIDAS certificates for PSD2 (OID = PSDXX-YYYYYYYY-ZZZZZZZZ, see “Eligibility” section). |
| client_legal_id | R/O(*) | String. (*) Optional for a TPP / Mandatory (required) for an agent. This identifier is therefore left to the discretion of the TPP for an agent. However, its format should comply with the ETSI specification on DSP2 eiDAS certificates with “AGT” suffix + a serial number, e.g. “AGTFR-ACPR-12345001”. Note : in order to avoid rejection due to a duplicated alues, we strongly advise to base it on OID TPP number before the serial number. |
| logo | O | String. Not used. |
| jwks | R | Object. This object contains the following array and shall contain at least one public key (QSEALC) without the chain link to the certification authority. |
| keys | R | JWK objects array. This array should only contain one item (JWK). |
| kty | R | String. Key type. Value shall be "RSA". |
| use | R | String. Key usage. Vallue shall be "sig". |
| alg | R | String. Value shall be "RS256". |
| key_ops | R | String array. Value shall be "verify". |
| kid | R | String. key id. |
| x5u | F | Not used. |
| x5c | R | String array. Must not contain more than one item representing the QSEALC certificate in DER format based on 64. |
| x5t | F | Not used. |
| x5t#S256 | R | String. SHA256 fingerprint of X509 DER certificate. |
| software_id | R | String. Mandatory name of the TPP app OR brand name OR agent name which will be displayed to PSU (it can be different from the client_name). This parameter is dispayed in priority to PSU during SCA redirect process. |
| software_version | O | String. Not used. |
Response
A correct response returns a HTTP 201 status.
Errors
| HTTP Status | Description |
|---|---|
| 400 | Bad request. Error is supplied in fields error and error_description. |
| 404 | Resource not found. |
| 405 | Method not allowed. A method other than those described here was used. |
| 500 | Internal server error. |