Sahamati certification Test Scenarios for Financial Information User
POST /Consent API of AA
Verify that FIU makes valid POST /Consent request to AA
The request body coming from FIU in request should adhere to Spec
POST /Consent/handle of AA
Verify that FIU makes valid POST /Consent/handle request to AA
The consent handle in the api should match with the consent handle provided by AA
POST /Consent/fetch API of AA
Verify that FIU makes valid POST /Consent/fetch request to AA
The consent id in the api should match with the consent id provided by AA
POST /Consent/Notification API
Verify that on making valid POST /Consent/Notification to FIU success response is recevied
Http status code should be 200
POST /Consent/Notification API with Alternate AA id
Verify that on making valid POST /Consent/Notification with alternate AA id error response is received
Http status code should be 400 Error code should be InvalidNotifier
POST /Consent/Notification API with FIP in notifier type
Verify that on making valid POST /Consent/Notification with FIP in notifier type error response is received
Http status code should be 400 Error code should be InvalidNotifier
POST /Consent/Notification API with invalid consent Id
Verify that on making valid POST /Consent/Notification with Invalid consent id error response is received
Http status code should be 400 Error code should be InvalidConsentId
POST /Consent/Notification API with invalid consent handle
Verify that on making valid POST /Consent/Notification with Invalid consent handle error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /Consent/Notification API with invalid schematic value for each field
Verify on making valid request to POST /Consent/Notification API with schematic error for one field each subcase error response is received.
Http status code should be 400 Error code should be InvalidRequest
POST /Consent/Notification API with incorrect timestamp value
Verify on making valid request to POST /Consent/Notification API with 15min variation in timestamp field error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with schematic error for one field each subcase the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with schematic error for one field each subcase the response is discarded by FIU and to validate that check error response is recived for consent notification.
POST /Consent/Notification API with invalid ver
Verify that on making valid POST /Consent/Notification with Invalid ver error response is received
Http status code should be 404 Error code should be NoSuchVersion
POST /Consent/Notification API with invalid timestamp
Verify that on making valid POST /Consent/Notification with Invalid timestamp error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /Consent/Notification API with consent details of alternate AA
Verify that on making valid POST /Consent/Notification with consent details of alternate AA timestamp error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /Consent/Notification API with PAUSED status
Verify that on making valid POST /Consent/Notification with PAUSED status, user is not able to make FI request
POST /Consent/Notification API with EXPIRED status
Verify that on making valid POST /Consent/Notification with EXPIRED status, user is not able to make FI request
POST /Consent/Notification API with REVOKED status
Verify that on making valid POST /Consent/Notification with REVOKED status, user is not able to make FI request
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with invalid ver the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with invalid timestamp the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with txnid not same as txnid in request the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with customer id not same as customer id in request the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent API of AA
Verify on responding to POST /Consent API with invalid JWS signature the response is discarded by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with invalid ver the response is discarded by FIU and to validate that check with FIU spoc the response is discarded.
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with invalid timestamp the response is discarded by FIU and to validate that check with FIU spoc the response is discarded.
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with invalid consentHandle the response is discarded by FIU and to validate that check with FIU spoc the response is discarded.
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with consentStatus as FAILED the consent is considered failed by FIU and to validate that verify on sending valid POST /Consent/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidRequest or InvalidConsentId
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with consentStatus as PENDING the consent is considered PENDING by FIU and to validate that verify on sending valid POST /Consent/Notification and check success response is received.
Http Status code should be 200
Response handling of POST /Consent/Notification API of AA
Verify on responding to POST /Consent/Notification API with invalid JWS Signature the response is discarded by FIU and to validate that check with FIU spoc the response is discarded.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid ver the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid timestamp the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid consentID the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with PAUSED status, user is not able to make FI request
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with REVOKED status, user is not able to make FI request
POST /Consent/Notification API with invalid JWS signature
Verify that on making valid POST /Consent/Notification with Invalid JWS Signature error response is received
Http status code should be 400 Error code should be SignatureDoesNotMatch
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid createTimestamp the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid signedConsent the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid consentUse the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with signedConsent generated using alternate AA private key the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
Response handling of POST /Consent/fetch API of AA
Verify on responding to POST /Consent/fetch API with invalid JWS Signature the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about consent generation failure.
POST /Consent/Notification API with invalid API key
Verify that on making valid POST /Consent/Notification with Invalid API key error response is received
Http status code should be 401
POST /Consent/Notification API with alternate AA API key
Verify that on making valid POST /Consent/Notification with Alternate AA API key error response is received
Http status code should be 400 Error code should be InvalidRequest/SignatureDoesNotMatch.
POST /FI/request API of AA
Verify that FIU makes valid POST /FI/request request to AA
The request body coming from FIU in request should adhere to Spec
POST /FI/Notification API
Verify that on making valid POST /FI/Notification to FIU success response is recevied
Http status code should be 200
POST /FI/Notification API with invalid ver
Verify that on making valid POST /FI/Notification with Invalid ver error response is received
Http status code should be 404 Error code should be NoSuchVersion
POST /FI/Notification API with invalid session id
Verify that on making valid POST /FI/Notification with Invalid session id error response is received
Http status code should be 400 Error code should be InvalidSessionId
POST /FI/Notification API with alternate AA id in notifier id
Verify that on making valid POST /FI/Notification with alternate AA id error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /FI/Notification API with invalid schematic value for each field
Verify on making valid request to POST /FI/Notification API with schematic error for one field each subcase error response is received.
Http status code should be 400 Error code should be InvalidRequest
POST /FI/Notification API with invalid txnid id
Verify that on making valid POST /FI/Notification with invalid txn id error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /FI/Notification API with invalid timestamp
Verify that on making valid POST /FI/Notification with invalid timestamp error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /FI/Notification API with selected details of alternate AA
Verify that on making valid POST /FI/Notification with selected details of alternate AA error response is received
Http status codes should be 400 case 1: Different AA id in notifier Id Error code:InvalidRequest case 2: Session id generated for different AA Error code: invalidSessionId case 3:Account details of different AA error code :InvalidRequest
POST /FI/fetch API of AA
Verify that FIU makes valid POST /FI/fetch request to AA
The request body coming from FIU in request should adhere to Spec
POST /FI/Notification API with FIStatusNotification.sessionStatus as EXPIRED
Verify that on making valid POST /FI/Notification with FIStatusNotification.sessionStatus as EXPIRED, FIU Spoc is not able to make FI/fetch
POST /FI/Notification API with invalid notifier type
Verify that on making valid POST /FI/Notification with invalid notifier type error response is received
Http status code should be 400 Error code should be InvalidRequest
POST /FI/Notification API with FIStatusNotification.sessionStatus as FAILED
Verify that on making valid POST /FI/Notification with FIStatusNotification.sessionStatus as EXPIRED, check with FIU Spoc that no FI/fetch is be processed
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with schematic error for one field each subcase the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with invalid ver the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with invalid timestamp the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with invalid txnid the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with invalid consentId the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/request API of AA
Verify on responding to POST /FI/request API with invalid JWS Siganture the response is discarded by FIU and to validate that verify on sending valid POST /FI/Notification and check error response is received.
Http status code should be 400 Error code should be InvalidSessionID
Response handling of POST /FI/fetch API of AA
Verify on responding to POST /FI/fetch API with invalid ver the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about data fetch failure.
Response handling of POST /FI/fetch API of AA
Verify on responding to POST /FI/fetch API with invalid timestamp the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about data fetch failure.
Response handling of POST /FI/fetch API of AA
Verify on responding to POST /FI/fetch API with invalid FI data object the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about data fetch failure.
Response handling of POST /FI/fetch API of AA
Verify on responding to POST /FI/fetch API with invalid keyMaterial object the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about data fetch failure.
Response handling of POST /FI/fetch API of AA
Verify on responding to POST /FI/fetch API with invalid JWS Signature the response is discarded by FIU and to validate that check with FIU spoc if FIU notify about data fetch failure.
POST /FI/Notification API with invalid JWS Signature
Verify that on making valid POST /FI/Notification with invalid JWS signature error response is received
Http status code should be 400 Error code should be SignatureDoesNotMatch
POST /FI/Notification API with invalid API key
Verify that on making valid POST /FI/Notification with invalid API key error response is received
Http status code should be 401
POST /FI/Notification API with API key of alternate AA
Verify that on making valid POST /FI/Notification with API key of alternate AA error response is received
Http status code should be 400 Error code should be InvalidRequest/SignatureDoesNotMatch.
Full Flow
Verify on consent recevied from FIU
Success response should be received for all apis.
Last updated