mojaloop-specification
mojaloop-specification copied to clipboard
mojaloop
Modifications to Authorizations Resource
Open API for FSP Interoperability - Change Request
Table of Contents
-
1. Preface
- 1.1 Change Request Information
- 1.2 Document Version Information
-
2. Problem Description
- 2.1 Background
- 2.2 Current Behaviour
- 2.3 Requested Behaviour
- 3 Proposed Solution Options
1. Preface
___Modifications to the /authorizations resource to support the PISP use case.
1.1 Change Request Information
| Requested By | Michael Richards | | Change Request Status | In review ☒ / Approved ☐ / Rejected ☐ | | Approved/Rejected Date | |
1.2 Document Version Information
| Version | Date | Author | Change Description |
|---|---|---|---|
| 1.0 | 2020-04-07 | Michael Richards | Initial statement of issue |
2. Problem Description
___2.1 Background
At present, the /authorizations resource only has a GET command associated with it. The information about the transaction for which authorization is required is passed in the query string in a rudimentary form, specifying only the amount and currency of the transaction. This is appropriate for the use case originally considered, which is authorizing a transfer at an ATM or POS terminal.
The work currently being undertaken to extend the API to support the PISP use case also requires use of the /authorizations resource. In this use case, it is used to allow the PISP application to obtain authorization for a transfer from the account holder. In the PISP use case, however, it is important that more information should be provided, so that the PISP application can provide sufficient information the PISP application should possess additional information about the transfer (e.g. about the fees to be charged,) so that it can enable the customer to make an informed choice about whether or not to proceed with the transfer.
2.2 Current Behaviour
Explain how the API currently behaves.
The /authorizations resource currently only supports a GET command, where supporting information is passed to the recipient in the query string.
2.3 Requested Behaviour
The /authorizations request should be extended to support sufficient information to allow the recipient to understand all the characteristics of the transfer for which authorization is being requested, so that it can decide how to represent the transfer to the customer whose authorization is being sought. This information should also include the current balance of the account which will be debited as a consequence of authorization being obtained.
3. Proposed Solution Options
___We could add a POST command to the resource. This command would take a Transaction object as its payload, together with an optional accountBalance field of type Money. The existing PUT could continue to be used as the response.
