Create a custom claim for the given Software Statement.

POST /organisations/{OrganisationId}/softwarestatements/{SoftwareStatementId}/custom-claims
O auth

Headers

  • x-fapi-auth-date string

    The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC

    Format should match the following pattern: ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$.

  • x-fapi-customer-ip-address string

    The PSU's IP address if the PSU is currently logged in with the TPP.

  • x-fapi-interaction-id string

    An RFC4122 UID used as a correlation id.

  • x-customer-user-agent string

    Indicates the user-agent that the PSU is using.

Path parameters

  • OrganisationId string Required

    The organisation ID

    Minimum length is 1, maximum length is 40. Format should match the following pattern: ^[^<>]*$.

  • SoftwareStatementId string Required

    The software statement ID

    Maximum length is 40. Format should match the following pattern: ^[^<>]*$.

application/json

Body

  • Name string Required

    Key value for the custom claim as it will appear in the ID Token

    Maximum length is 255. Format should match the following pattern: ^[A-Za-z0-9_~-]+$.

  • Path string Required

    Valid JSON Path indicating the values in the trust framework profile to be pulled into the claim

    Maximum length is 255. Format should match the following pattern: ^\$[.\[].*. Default value is $..

  • Source string Required

    Source from which the custom claim data is to be pulled. Determines the structure of the path

    Value is TRUST_FRAMEWORK_PROFILE.

Responses

  • 201 application/json

    A single custom claim object

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attributes Show response attributes object
    • Name string Required

      Key value for the custom claim as it will appear in the ID Token

      Maximum length is 255. Format should match the following pattern: ^[A-Za-z0-9_~-]+$.

    • Path string Required

      Valid JSON Path indicating the values in the trust framework profile to be pulled into the claim

      Maximum length is 255. Format should match the following pattern: ^\$[.\[].*. Default value is $..

    • Source string Required

      Source from which the custom claim data is to be pulled. Determines the structure of the path

      Value is TRUST_FRAMEWORK_PROFILE.

    • ClaimKey string

      The claim key as it will appear in identity responses

    • CreatedAt string(date-time)
    • ID string(uuid)

      Unique identifier for a given custom claim object

    • UpdatedAt string(date-time)
  • 400 application/json

    Bad Request

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attribute Show response attribute object
    • errors array[string]

      Validation Error messages
  • 401

    Unauthorized

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 403

    Forbidden

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 404 application/json

    Not found

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

    Hide response attribute Show response attribute object
    • errors array[string]

      Validation Error messages
  • 406

    Not Acceptable

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 429

    Too many requests, maximum capacity reached. Requests are now throttled.

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 500

    Internal Server Error

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 502

    Bad Gateway

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

  • 504

    Upstream timeout, insufficient capacity to serve request. More capacity being brought online. Please try again.

    Hide headers attribute Show headers attribute
    • x-fapi-interaction-id string

      An RFC4122 UID used as a correlation id.

      Minimum length is 1, maximum length is 100. Format should match the following pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-]{0,99}$.

POST /organisations/{OrganisationId}/softwarestatements/{SoftwareStatementId}/custom-claims 
curl \
 --request POST 'https://matls-api.sandbox.raidiam.io/organisations/{OrganisationId}/softwarestatements/{SoftwareStatementId}/custom-claims' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --header "x-fapi-auth-date: string" \
 --header "x-fapi-customer-ip-address: string" \
 --header "x-fapi-interaction-id: string" \
 --header "x-customer-user-agent: string" \
 --data '{"Name":"string","Path":"$.","Source":"TRUST_FRAMEWORK_PROFILE"}'
Request examples 
# Headers
x-fapi-auth-date: string
x-fapi-customer-ip-address: string
x-fapi-interaction-id: string
x-customer-user-agent: string

# Payload
{
  "Name": "string",
  "Path": "$.",
  "Source": "TRUST_FRAMEWORK_PROFILE"
}
Response examples (201) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
{
  "Name": "string",
  "Path": "$.",
  "Source": "TRUST_FRAMEWORK_PROFILE",
  "ClaimKey": "string",
  "CreatedAt": "2026-05-04T09:42:00Z",
  "ID": "string",
  "UpdatedAt": "2026-05-04T09:42:00Z"
}
Response examples (400) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
{
  "errors": [
    "string"
  ]
}
Response examples (404) 
# Headers
x-fapi-interaction-id: 73cac523-d3ae-2289-b106-330a6218710d

# Payload
{
  "errors": [
    "string"
  ]
}