berezkin88
commented
3 years ago Hey @jkuptz-ba
We couldn't recreate the same behavior of Unicredit bank neither with production nor sandbox environment. Here is the request/response example on our end:
--> PUT https://api.unicredit.de/hydrogen/v1/consents/******/authorisations/******?correlationId=EP637G HTTP/1.1
--> Correlation-ID: ABC8259E5355613F519B6BC0C3960BFE
--> Accept: */*
--> X-Request-ID: 86f77f50-990d-483d-b8fb-b47f7dcdc516
--> PSU-ID-Type: HVB_ONLINEBANKING
--> X-GTW-ASPSP-ID: 8fbab675-081c-43aa-951f-b22473057d19
--> PSU-ID: ******
--> PSU-IP-Address: 0.0.0.0
--> TPP-Redirect-URI: https://xs2a-adapter-ui-integ-service.cloud.adorsys.de/redirect
--> Content-Type: application/json
-->
--> Request body [application/json; charset=UTF-8]: {"psuData":{"password":"******"}}
-->
<-- HTTP/1.1 200 OK
<-- X-Request-ID: 86f77f50-990d-483d-b8fb-b47f7dcdc516
<-- X-dynatrace-Origin-URL: https://api.unicredit.de/hydrogen/v1/consents/******/authorisations/******?correlationId=EP637G
<-- X-Pickup-Code: EP637G
<-- X-Frame-Options: SAMEORIGIN
<-- Strict-Transport-Security: max-age=15768000; includeSubDomains
<-- tracestate: 264ecef2-2f917731@dt=fw4;12;e90c2142;4672ad;3;0;3;465;8166;2h01;3he90c2142;4h4672ad;5h01
<-- Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
<-- X-dynaTrace-Application: 1%3B1%3Bea7c4b59f27d43eb
<-- Set-Cookie: TS0139efe7=01db226d97a2b185d5d52d10374b16a72b642ffea9787b65cb8325de9b56dd774109209f9bd5a8f57815858b9294e075a41acf453e; Path=/; Domain=.api.unicredit.de
<-- X-ruxit-Apache-ServerNamePorts: my.hypovereinsbank.de:443
<-- X-XSS-Protection: 1; mode=block
<-- Content-Type: application/json
<-- Keep-Alive: timeout=15, max=5000
<-- Transfer-Encoding: chunked
<-- Correlation-ID: ABC8259E5355613F519B6BC0C3960BFE
<-- X-Rate-Limit: [{"window":42,"type":"throttle","remaining":29927}]
<-- Max-Forwards: 19
<-- X-Content-Type-Options: nosniff
<-- X-CorrelationID: Id-8133ec6091d7c6d7a77c0c3d 0; Id-8133ec604a30bf1271d1c9ff 0; Id-8133ec604b308f152629edd1 0
<-- X-Forwarded-Host: api.unicredit.de
<-- Connection: Keep-Alive
<-- Pragma: no-cache
<-- X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
<-- Date: Mon, 12 Jul 2021 12:20:17 GMT
<-- Cache-Control: no-store
<-- traceparent: 00-67faa103107339e0cdb0b673a09facf8-ffa8daa86ebee1a8-01
<-- X-GTW-ASPSP-ID: 8fbab675-081c-43aa-951f-b22473057d19
<-- X-dynaTrace-RequestState: agentId=0xe33ecb16e90c2142&pathDepth=1
<-- Vary: User-Agent
<-- clientless-mode: 1
<-- X-Forwarded-Server: my.hypovereinsbank.de
<--
<-- Response body [application/json]: {"chosenScaMethod":{"authenticationType":"******","authenticationMethodId":"******"},"challengeData":{},"scaStatus":"******","_links":{"authoriseTransaction":{"href":"******"}}}
<--Also, such behavior is not mentioned in their API documentation.
Could you elaborate more details on this merge request issue?
jkuptz-ba
The UniCredit Group returns an invalid response format for updating the psu data for payments:
is returned instead of
The UniCredit support suggested to manage the API response as provided from their system until the fix will be ready for production environment. The final technical solution will require time to be implemented.
This pull request contains a workaround for this problem that needs to be reverted after the UniCredit released the final technical solution.