Get all software statements for the given organisation

GET /organisations/{OrganisationId}/softwarestatements
oAuth

Headers

  • x-fapi-auth-date string

    The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC

    Format should match the following pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$.

  • x-fapi-customer-ip-address string

    The PSU's IP address if the PSU is currently logged in with the TPP.

  • x-fapi-interaction-id string

    An RFC4122 UID used as a correlation id.

  • x-customer-user-agent string

    Indicates the user-agent that the PSU is using.

Path parameters

  • OrganisationId string Required

    The organisation ID

    Minimum length is 1, maximum length is 40. Format should match the following pattern: ^[^<>]*$.

Responses

  • 200 application/json

    All software statements for the org

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attributes Show response attributes object
    • AdditionalSoftwareMetadata string

      Extra metadata defined by the org admins to be loaded into the software statement and made avaiable during introspection

      Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • ApiWebhookUri array[string(uri)]

      A compliant URI

      Maximum length of each is 255. Format of each should match the following pattern: ^(https:\/\/[^\s/?#]+(?:\/[^\s\/?#]+)*)$.

    • ClientId string

      Software Statement client Id

      Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • ClientName string

      Software Statement client name

      Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • ClientSecret string

      The client secret, only returned when a client is created/updated to have client_secret_basic auth type

      Maximum length is 255.

    • ClientUri string(uri)

      The Software Statement client compliant URI

      Maximum length is 255. Format should match the following pattern: ^(http://|https://).*.

    • CreatedAt string(date-time)
    • Description string

      Software Statement description

      Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • Environment string

      The additional check for software statement, this field can avoid

      Maximum length is 40. Format should match the following pattern: ^[^<>]*$.

    • FederationEndpoint string(uri)

      The federation endpoint for the Authorisation Server

      Maximum length is 255. Format should match the following pattern: ^(https://).*.

    • Flags array[object]
      Hide Flags attributes Show Flags attributes object
      • AccessLevel integer Required

        The access level of a flag as a number. The higher the number, the more sensitive it is

      • Description string

        The description of this flag

        Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

      • Name string Required

        The name of this flag

        Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

      • Status string Required

        Current status of this resource

        Values are Active or Inactive. Default value is Active.

      • Type string Required

        The type of this tag

        Values are Organisation, Software_Statement, or Authorisation_Server.

      • Value string Required

        The value of this flag

        Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • HomepageUri string(uri)

      The URI for the website with details about the application and its services

      Maximum length is 255. Format should match the following pattern: ^(http://|https://).*.

    • IdTokenSignedResponseAlgorithm string

      Signing algorithm that a client expects the server to return an id_token with. Must be PS256

      Values are PS256 or RS256. Default value is PS256.

    • Locked boolean

      Flag shows if assertion has been generated on the software statement - will be set to true when assertion is generated

    • LogoUri string(uri)

      A compliant URI

      Format should match the following pattern: ^(http://|https://).*.(svg|png|jpg|jpeg)$|(data:image/[a-zA-Z0-9;+=-]+,[A-Za-z0-9+/]*={0,2})$.

    • Mode string

      Software Statement mode

      Values are Live or Test. Default value is Live.

    • NotificationWebhook string(uri)

      A compliant URI

      Maximum length is 255. Format should match the following pattern: ^(http://|https://).*.

    • NotificationWebhookStatus string

      Values are Pending, Confirmed, or Deactivated. Default value is Pending.

    • OnBehalfOf string

      A reference to fourth party organisation resource on the RTS Directory if the registering Org is acting on behalf of another

      Maximum length is 255. Format should match the following pattern: ^[^<>]*$.

    • OpenidFederationEnabled boolean

      Is this software statement enabled for federation

      Default value is false.

    • OpenidFederationEntityManagementType string

      The type of federation management that applies to this software statement

      Values are openid_entity_federation_managed or openid_entity_self_managed.

    • OrganisationId string

      Unique ID associated with the organisation

      Minimum length is 1, maximum length is 40. Format should match the following pattern: ^[^<>]*$.

    • OriginUri array[string(uri)]

      A compliant URI

      Maximum length of each is 255. Format of each should match the following pattern: ^https:\/\/(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]+(?::\d+)?(?:\/[a-zA-Z0-9-._~!$&'()*+,;=:@\/?%]*)?(?:\?[a-zA-Z0-9-._~!$&'()*+,;=:@\/?%]*)?(?:#[a-zA-Z0-9-._~!$&'()*+,;=:@\/?%]*)?$|(^android:apk-key-hash:[a-zA-Z0-9-]+)|(^ios:bundle-id:[a-zA-Z][-a-zA-Z0-9]*\.([a-zA-Z][-a-zA-Z0-9]*\.?)+)$.

    • PolicyUri string(uri)

      A compliant URI string that points to a human-readable privacy policy document

      Maximum length is 255. Format should match the following pattern: ^(http://|https://).*.

    • PostLogoutRedirectUris array[string(uri)]

      A compliant URI

      Maximum length of each is 255. Format of each should match the following pattern: ^(http://|https://).*.

    • RedirectUri array[string(uri)]

      A compliant URI

      Maximum length of each is 255. Format of each should match the following pattern: ^(http://|https://).*.

    • RelatedAuthorisationServer string(uuid) | null

      ID of the Authorisation Server that is connected to this Software Statement

    • RequireSignedRequestObject boolean

      Require a signed request object. If this is set to false, the client will not be FAPI compliant

      Default value is true.

    • RtsClientCreated boolean

      Client created flag

    • SoftwareStatementId string

      Unique Software Statement Id

      Maximum length is 40. Format should match the following pattern: ^[^<>]*$.

    • SoftwareVersion string

      Software Statement version as provided by the organisation's software team

      Maximum length is 40.

    • Status string

      Is this software statement Active/Suspended/Inactive

      Values are Active, Suspended, or Inactive. Default value is Active.

    • TermsOfServiceUri string(uri)

      The Software Statement terms of service compliant URI

      Maximum length is 255. Format should match the following pattern: ^(http://|https://).*.

    • TlsClientCertificateBoundAccessTokens boolean

      Are the tokens issued for this client bound to a client tls certificate

      Default value is true.

    • TokenEndpointAuthMethod string

      Token endpoint authentication method

      Minimum length is 1, maximum length is 60. Values are private_key_jwt, tls_client_auth, or client_secret_basic. Default value is private_key_jwt.

    • UpdateFailed boolean

      Flag shows if software statement is in failed update state

    • UpdateFailedReason string

      Error message describing why the update failed

      Format should match the following pattern: ^[^<>]*$.

    • Version number Deprecated

      Software Statement version as provided by the organisation's software team

      Maximum length is 40.
  • 400 application/json

    Bad Request

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attribute Show response attribute object
    • errors array[string]

      Validation Error messages
  • 401

    Unauthorized

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 403

    Forbidden

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 404 application/json

    Not found

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attribute Show response attribute object
    • errors array[string]

      Validation Error messages
  • 406

    Not Acceptable

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 429

    Too many requests, maximum capacity reached. Requests are now throttled.

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 500

    Internal Server Error

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 502

    Bad Gateway

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 504

    Upstream timeout, insufficient capacity to serve request. More capacity being brought online. Please try again.

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

GET /organisations/{OrganisationId}/softwarestatements 
curl \
 -X GET https://matls-api.sandbox.raidiam.io/organisations/{OrganisationId}/softwarestatements \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "x-fapi-auth-date: string" \
 -H "x-fapi-customer-ip-address: string" \
 -H "x-fapi-interaction-id: string" \
 -H "x-customer-user-agent: string"
Response examples (200) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
[
  {
    "AdditionalSoftwareMetadata": "string",
    "ApiWebhookUri": [
      "https://example.com"
    ],
    "ClientId": "string",
    "ClientName": "string",
    "ClientSecret": "string",
    "ClientUri": "https://example.com",
    "CreatedAt": "2025-05-04T09:42:00+00:00",
    "Description": "string",
    "Environment": "string",
    "FederationEndpoint": "https://example.com",
    "Flags": [
      {
        "AccessLevel": 42,
        "Description": "string",
        "Name": "string",
        "Status": "Active",
        "Type": "Organisation",
        "Value": "string"
      }
    ],
    "HomepageUri": "https://example.com",
    "IdTokenSignedResponseAlgorithm": "PS256",
    "Locked": true,
    "LogoUri": "https://example.com",
    "Mode": "Live",
    "NotificationWebhook": "https://example.com",
    "NotificationWebhookStatus": "Pending",
    "OnBehalfOf": "string",
    "OpenidFederationEnabled": false,
    "OpenidFederationEntityManagementType": "openid_entity_federation_managed",
    "OrganisationId": "string",
    "OriginUri": [
      "https://example.com"
    ],
    "PolicyUri": "https://example.com",
    "PostLogoutRedirectUris": [
      "https://example.com"
    ],
    "RedirectUri": [
      "https://example.com"
    ],
    "RelatedAuthorisationServer": "string",
    "RequireSignedRequestObject": true,
    "RtsClientCreated": true,
    "SoftwareStatementId": "string",
    "SoftwareVersion": "string",
    "Status": "Active",
    "TermsOfServiceUri": "https://example.com",
    "TlsClientCertificateBoundAccessTokens": true,
    "TokenEndpointAuthMethod": "private_key_jwt",
    "UpdateFailed": true,
    "UpdateFailedReason": "string",
    "Version": 42.0
  }
]
Response examples (400) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
{
  "errors": [
    "string"
  ]
}
Response examples (404) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
{
  "errors": [
    "string"
  ]
}