--- swagger: "2.0" info: version: 1.13.0 title: Consumer Data Right (CDR) Register - Participant Discovery APIs host: register.cdr.gov.au basePath: /cdr-register/v1 tags: [] schemes: - https paths: /.well-known/openid-configuration: get: tags: - Register summary: Get OpenId Provider Config description: "Endpoint used by participants to discover the CDR Register OpenID configuration and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations." operationId: GetOpenIdProviderConfig produces: - application/json parameters: [] responses: "200": description: The OpenID Provider Configuration Metadata values schema: $ref: '#/definitions/ResponseOpenIDProviderConfigMetadata' /jwks: get: tags: - Register summary: Get JWKS description: JWKS endpoint containing the public keys used by the CDR Register to validate the signature of issued SSAs and authenticate outbound calls to participants in the CDR. operationId: Get JWKS produces: - application/json parameters: [] responses: "200": description: A JSON object that represents a set of JWKs schema: $ref: '#/definitions/ResponseJWKS' /{industry}/data-holders/brands: get: tags: - Register summary: Get Data Holder Brands description: Allows Data Recipients to discover data holder brands available in the CDR ecosystem. operationId: GetDataHolderBrands consumes: - application/json produces: - application/json parameters: - name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking - name: updated-since in: query description: query filter returns data holder brands updated since the specified date-time required: false type: string format: date-time - name: page in: query description: the page number to return required: false type: integer format: int32 - name: page-size in: query description: the number of records to return per page required: false type: integer format: int32 - name: Authorization Endpoint (Register) in: header description: "An Authorisation Token as per [RFC6750](https://tools.ietf.org/html/rfc6750)." required: true type: string - name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string responses: "200": description: Success headers: x-v: type: string description: The version of the API end point that the CDR Register has responded with. schema: $ref: '#/definitions/ResponseRegisterDataHolderBrandList' "400": description: Bad Request
Invalid industry path parameter schema: $ref: '#/definitions/ResponseErrorList' "401": description: Invalid Bearer Token "406": description: Invalid x-v header
Invalid Accept header x-version: "1" x-scopes: - cdr-register:bank:read /{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa: get: tags: - Register summary: Get Data Recipient Software Statement Assertion (SSA) description: Get a Software Statement Assertion (SSA) for a Data Recipient software product on the CDR Register to be used for Dynamic Client Registration with a Data Holder Brand. operationId: GetSoftwareStatementAssertion consumes: - application/json produces: - application/json parameters: - name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking - name: dataRecipientBrandId in: path description: Unique id for the Accredited Data Recipient Brand that the Software Product is associated with in the CDR Register. This field is intended to be deprecated in preference for softwareProductId which has the same value required: true type: string - name: softwareProductId in: path description: Unique id for the Accredited Data Recipient Software Product in the CDR Register required: true type: string - name: Authorization Endpoint (Register) in: header description: "An Authorisation Token as per [RFC6750](https://tools.ietf.org/html/rfc6750)." required: true type: string - name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string responses: "200": description: Success headers: x-v: type: string description: The version of the API end point that the CDR Register has responded with. schema: type: string "400": description: Invalid industry path parameter
Invalid SoftwareProductId schema: $ref: '#/definitions/ResponseErrorList' "401": description: Invalid Bearer Token "403": description: Invalid BrandId schema: $ref: '#/definitions/ResponseErrorList' "406": description: Invalid x-v header
Invalid Accept header "422": description: SSA fields invalid or incomplete schema: $ref: '#/definitions/ResponseErrorList' x-version: "2" x-scopes: - cdr-register:bank:read /{industry}/data-recipients/brands/software-products/status: get: tags: - Register summary: Get Data Recipient Software Products Statuses description: Endpoint used by participants to discover the statuses for software products from the CDR Register. operationId: GetSoftwareProductsStatus consumes: - application/json produces: - application/json parameters: - name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking - name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string responses: "200": description: Success headers: x-v: type: string description: The version of the API end point that the CDR Register has responded with. schema: $ref: '#/definitions/SoftwareProductsStatusList' "400": description: Bad Request
Invalid industry path parameter schema: $ref: '#/definitions/ResponseErrorList' "406": description: Invalid x-v header
Invalid Accept header x-version: "1" /{industry}/data-recipients/status: get: tags: - Register summary: Get Data Recipient Statuses description: Endpoint used by participants to discover the statuses for Data Recipients from the CDR Register. operationId: GetDataRecipientsStatus consumes: - application/json produces: - application/json parameters: - name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking - name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string responses: "200": description: Success headers: x-v: type: string description: The version of the API end point that the CDR Register has responded with. schema: $ref: '#/definitions/DataRecipientsStatusList' "400": description: Bad Request
Invalid industry path parameter schema: $ref: '#/definitions/ResponseErrorList' "406": description: Invalid x-v header
Invalid Accept header x-version: "1" /{industry}/data-recipients: get: tags: - Register summary: Get Data Recipients description: "Endpoint used by participants to discover data recipients and associated brands and software products, available in the CDR ecosystem." operationId: GetDataRecipients consumes: - application/json produces: - application/json parameters: - name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking - name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string responses: "200": description: Success headers: x-v: type: string description: The version of the API end point that the CDR Register has responded with. schema: $ref: '#/definitions/ResponseRegisterDataRecipientList' "400": description: Bad Request
Invalid industry path parameter schema: $ref: '#/definitions/ResponseErrorList' "406": description: Invalid x-v header
Invalid Accept header x-version: "2" definitions: ResponseOpenIDProviderConfigMetadata: type: object required: - claims_supported - code_challenge_methods_supported - grant_types_supported - id_token_signing_alg_values_supported - issuer - jwks_uri - request_object_signing_alg_values_supported - response_types_supported - scopes_supported - subject_types_supported - tls_client_certificate_bound_access_tokens - token_endpoint - token_endpoint_auth_methods_supported properties: issuer: type: string description: URL using the https scheme with no query or fragment component that the CDR Register asserts as its Issuer Identifier jwks_uri: type: string description: "URL of the CDR Register's JSON Web Key Set [JWK] document. This contains the signing key(s) used to validate access tokens issued from the CDR Register. Note that this differs from the JWKS endpoint used to validate SSAs and CDR Register client authentication" token_endpoint: type: string description: URL of the CDR Register's OAuth 2.0 Token Endpoint claims_supported: type: array description: JSON array containing a list of the Claim Names of the Claims that the CDR Register supplies values for items: type: string id_token_signing_alg_values_supported: type: array description: "JSON array containing a list of the JWS signing algorithms (alg values) supported by the CDR Register for the ID Token to encode the Claims in a JWT. Given the CDR Register does not issue ID tokens, this field can be safely ignored" items: type: string subject_types_supported: type: array description: "JSON array containing a list of the Subject Identifier types that the CDR Register supports. Given the CDR Register does not issue ID tokens, this field can be safely ignored" items: type: string code_challenge_methods_supported: type: array description: "JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. Given the CDR Register does not support PKCE, this field can be safely ignored" items: type: string scopes_supported: type: array description: "JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that the CDR Register supports" items: type: string response_types_supported: type: array description: JSON array containing a list of the OAuth 2.0 response_type values that the CDR Registrer supports items: type: string grant_types_supported: type: array description: JSON array containing a list of the OAuth 2.0 Grant Type values that the CDR Register supports items: type: string token_endpoint_auth_methods_supported: type: array description: JSON array containing a list of Client Authentication methods supported by this Token Endpoint items: type: string tls_client_certificate_bound_access_tokens: type: boolean description: Boolean value indicating server support for mutual TLS client certificate bound access tokens request_object_signing_alg_values_supported: type: array description: JSON array containing a list of the JWS signing algorithms (alg values) supported by the CDR Register for Request Objects. items: type: string description: Response containing the Open ID Provider Configuration Metadata ResponseJWKS: type: object required: - keys properties: keys: type: array description: The value of the "keys" parameter is an array of JWK values items: $ref: '#/definitions/JWK' description: Response containing the JSON Web Key Set JWK: type: object required: - alg - e - key_ops - kid - kty - "n" properties: alg: type: string description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key e: type: string description: The "e" RSA public exponent parameter key_ops: type: array description: The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used items: type: string kid: type: string description: The "kid" (key ID) parameter is partially used to match a specific key. Note the "kid" parameter is not guaranteed unique and additional parameters should be used to progressively to identify a key within a set kty: type: string description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key n: type: string description: The "n" RSA public modulus parameter description: Object representing a JSON Web Key ResponseRegisterDataHolderBrandList: type: object required: - data - links - meta properties: data: type: array description: Response data for the query items: $ref: '#/definitions/RegisterDataHolderBrand' links: $ref: '#/definitions/LinksPaginated' meta: $ref: '#/definitions/MetaPaginated' description: Response containing a list of CDR Register Data Holder Brand objects RegisterDataHolderBrand: type: object required: - authDetails - brandName - dataHolderBrandId - endpointDetail - industry - lastUpdated - legalEntity - logoUri - status properties: dataHolderBrandId: type: string description: Unique id of the Data Holder Brand issued by the CDR Register brandName: type: string description: The name of Data Holder Brand industry: type: string description: "The industry the Data Holder brand belongs to (Banking, etc)" enum: - banking logoUri: type: string description: Brand logo URI x-cds-type: URIString legalEntity: $ref: '#/definitions/LegalEntityDetail' status: type: string enum: - ACTIVE - INACTIVE - REMOVED endpointDetail: $ref: '#/definitions/RegisterDataHolderBrandServiceEndpoint' authDetails: type: array items: $ref: '#/definitions/RegisterDataHolderAuth' lastUpdated: type: string format: date-time description: The date/time that the Data Holder Brand data was last updated in the Register x-cds-type: DateTimeString SoftwareProductsStatusList: type: object required: - softwareProducts properties: softwareProducts: type: array uniqueItems: true items: $ref: '#/definitions/SoftwareProductStatus' SoftwareProductStatus: type: object required: - softwareProductId - softwareProductStatus properties: softwareProductId: type: string description: Unique id of the software product issued by the CDR Register softwareProductStatus: type: string description: Software product status in the CDR Register enum: - ACTIVE - INACTIVE - REMOVED DataRecipientsStatusList: type: object required: - dataRecipients properties: dataRecipients: type: array uniqueItems: true items: $ref: '#/definitions/DataRecipientStatus' DataRecipientStatus: type: object required: - dataRecipientId - dataRecipientStatus properties: dataRecipientId: type: string description: Unique id of the Data Recipient issued by the CDR Register dataRecipientStatus: type: string description: Data Recipient status in the CDR Register enum: - ACTIVE - SUSPENDED - REVOKED - SURRENDERED ResponseRegisterDataRecipientList: type: object required: - data properties: data: type: array description: Response data for the query items: $ref: '#/definitions/RegisterDataRecipient' description: Response containing a list of Data Recipients in the CDR Register RegisterDataRecipient: type: object required: - accreditationNumber - industry - lastUpdated - legalEntityId - legalEntityName - logoUri - status properties: legalEntityId: type: string description: Unique id of the Data Recipient Legal Entity issued by the CDR Register legalEntityName: type: string description: Legal name of the Data Recipient accreditationNumber: type: string description: CDR Register issued human readable unique number given to Data Recipients upon accreditation industry: type: string enum: - banking logoUri: type: string description: Legal Entity logo URI x-cds-type: URIString dataRecipientBrands: type: array uniqueItems: true items: $ref: '#/definitions/DataRecipientBrandMetaData' status: type: string enum: - ACTIVE - SUSPENDED - REVOKED - SURRENDERED lastUpdated: type: string format: date-time description: The date/time that the Legal Entity was last updated in the CDR Register x-cds-type: DateTimeString DataRecipientBrandMetaData: type: object required: - brandName - dataRecipientBrandId - logoUri - status properties: dataRecipientBrandId: type: string description: Unique id of the Data Recipient brand issued by the CDR Register brandName: type: string description: Data Recipient Brand name logoUri: type: string description: Data Recipient Brand logo URI x-cds-type: URIString softwareProducts: type: array uniqueItems: true items: $ref: '#/definitions/SoftwareProductMetaData' status: type: string enum: - ACTIVE - INACTIVE - REMOVED description: Metadata related to Data Recipient Brand SoftwareProductMetaData: type: object required: - logoUri - softwareProductId - softwareProductName - status properties: softwareProductId: type: string description: Unique id of the Data Recipient software product issued by the CDR Register softwareProductName: type: string description: Name of the software product softwareProductDescription: type: string description: Description of the software product logoUri: type: string description: Software product logo URI x-cds-type: URIString status: type: string enum: - ACTIVE - INACTIVE - REMOVED description: Data Recipient Brand Software Products LegalEntityDetail: type: object required: - legalEntityId - legalEntityName - logoUri properties: legalEntityId: type: string description: Unique id of the organisation issued by the CDR Register legalEntityName: type: string description: Unique legal name of the organisation logoUri: type: string description: Legal Entity logo URI x-cds-type: URIString registrationNumber: type: string description: Unique registration number (if the company is registered outside Australia) registrationDate: type: string format: date description: Date of registration (if the company is registered outside Australia) x-cds-type: DateString registeredCountry: type: string description: Country of registeration (if the company is registered outside Australia) abn: type: string description: Australian Business Number for the organisation acn: type: string description: Australian Company Number for the organisation arbn: type: string description: Australian Registered Body Number. ARBNs are issued to registrable Australian bodies and foreign companies industryCode: type: string description: "Industry Code for the organisation. [ANZSIC (2006)](http://www.abs.gov.au/anzsic)" organisationType: type: string description: Legal organisation type enum: - SOLE_TRADER - COMPANY - PARTNERSHIP - TRUST - GOVERNMENT_ENTITY - OTHER description: "The data that is common to all organisations, regardless of the type (e.g. company, trust, partnership, government)" RegisterDataHolderBrandServiceEndpoint: type: object required: - infosecBaseUri - publicBaseUri - resourceBaseUri - version - websiteUri properties: version: type: string description: "The major version of the high level standards. This is not the version of the endpoint or the payload being requested but the version of the overall standards being applied. This version number will be \"v\" followed by the major version of the standards as a positive integer (e.g. v1, v12 or v76)" publicBaseUri: type: string description: Base URI for the Data Holder's Consumer Data Standard public endpoints x-cds-type: URIString resourceBaseUri: type: string description: Base URI for the Data Holder's Consumer Data Standard resource endpoints x-cds-type: URIString infosecBaseUri: type: string description: Base URI for the Data Holder's Consumer Data Standard information security endpoints x-cds-type: URIString extensionBaseUri: type: string description: Base URI for the Data Holder extension endpoints to the Consumer Data Standard (optional) x-cds-type: URIString websiteUri: type: string description: Publicly available website or web resource URI x-cds-type: URIString description: Endpoints related to Data Holder Brand services RegisterDataHolderAuth: type: object required: - jwksEndpoint - registerUType properties: registerUType: type: string description: The type of authentication and authorisation mechanism in use enum: - SIGNED-JWT jwksEndpoint: type: string description: JWKS endpoint for private_key_jwt client authentication with Data Recipient x-cds-type: URIString description: Provides details of authorisation endpoints for Data Holders LinksPaginated: type: object required: - self properties: first: type: string description: URI to the first page of this set. Mandatory if this response is not the first page last: type: string description: URI to the last page of this set. Mandatory if this response is not the last page next: type: string description: URI to the next page of this set. Mandatory if this response is not the last page prev: type: string description: URI to the previous page of this set. Mandatory if this response is not the first page self: type: string description: Fully qualified link to this API call MetaPaginated: type: object required: - totalPages - totalRecords properties: totalPages: type: integer format: int32 description: The total number of pages in the full set totalRecords: type: integer format: int32 description: The total number of records in the full set ResponseErrorList: type: object required: - errors properties: errors: type: array items: $ref: '#/definitions/Error' Error: type: object required: - code - detail - title properties: code: type: string description: Error code title: type: string description: Error title detail: type: string description: Error detail meta: type: object description: Optional additional data for specific error types properties: {} parameters: Authorization: name: Authorization Endpoint (Register) in: header description: "An Authorisation Token as per [RFC6750](https://tools.ietf.org/html/rfc6750)." required: true type: string XV: name: x-v in: header description: The version of the API end point requested by the client. Must be set to a positive integer. required: false type: string Industry: name: industry in: path description: "The industry the participant is retrieving data for (Banking, etc)" required: true type: string enum: - banking