Closed maisterlein closed 5 years ago
We reviewed pull req and if you agree with our comments we will correct code and try to add these changes to next release.
I checked the existing endpoints and at the moment I don't really get your system of the TPP-uniqueness.
e.g. ASPSP TPP Stop List - get /aspsp-api/v1/tpp/stop-list Returns TPP stop list record by TPP authorisation number and national authority ID
ASPSP Export AIS Consents - get /aspsp-api/v1/ais/consents/tpp/{tpp-id} Returns a list of AIS consent objects by given mandatory TPP ID, optional creation date, PSU ID Data and instance ID
For the first endpoint, the combination of authorisaton number and national authority ID is needed, but for the second only the authorisation number is needed.
Shouldn't there exist one field/column to uniquely identify a TPP? Are you splitting the TPP-Certificate-Data into multiple fields?
Yes, you are right. To get the correct information by TPP we need also send the identifier of authority. And we know that we have some endpoints where authority Id is absent (it was made earlier). It will be fixed soon. But in the case with new endpoints, we will create methods with the mandatory 'authority Id ' parameter
How about making authorityId
parameter optional? then we deliver a list of results if there are more then one. If parameter is used, then list will contain only one record.
For us it is possible
Getting just the concrete/unique TppInfo would be perfectly fine for me, I was just wondering how the uniquess is correctly defined.
Even if it's a little bit off-topic, could you explain me how concrete values (not demo values) would look like in the two columns 'authorisation number' and 'national authority id' and where you get these values from? All in all, I still think it would be easier (overall) if there would be only 1 field with the two values combined.
We addressed the question to Bundesdruckerei (CA in Germany) about the contents of the certificate field and format of TPP Authorisation Number there. As soon as we get an answer, we'll update you and we'll decide the approach we'd use
So the last news is: yes, TPP-ID (which is PSPID field in the QWAC Certificate) contains TPP Authorisation number as well as NCA and Country code. Therefore no need to have an additional check on the AuthorityID. We'll make these changes in version 3.8. You may decide to close this PR or rework it if necessary.
Since v.3.8 XS2A relies on TPP Authorisation number only. I suppose this PR is not actual anymore and therefore closed. Thanks for pointing out the problem.
Thanks! We will review your pull request