# Create a software statement **POST /organisations/{OrganisationId}/softwarestatements** ## Servers - Raidiam Directory Sandbox Environment: https://matls-api.sandbox.raidiam.io (Raidiam Directory Sandbox Environment) ## Authentication methods - O auth ## Parameters ### Headers - **x-fapi-auth-date** (string) The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC - **x-fapi-customer-ip-address** (string) The PSU's IP address if the PSU is currently logged in with the TPP. - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. - **x-customer-user-agent** (string) Indicates the user-agent that the PSU is using. ### Path parameters - **OrganisationId** (string) The organisation ID ### Body: application/json (object) - **AdditionalSoftwareMetadata** (string) Extra metadata defined by the org admins to be loaded into the software statement and made avaiable during introspection - **ApiWebhookUri** (array[string(uri)]) A compliant URI - **ClientId** (string) Software Statement client Id - **ClientName** (string) Software Statement client name - **ClientUri** (string(uri)) The Software Statement client compliant URI - **Description** (string) Software Statement description - **Environment** (string) The additional check for software statement, this field can avoid environment checks. - **Flags** (array[string]) Unique ID of the flag - **HomepageUri** (string(uri)) The URI for the website with details about the application and its services - **IdTokenSignedResponseAlgorithm** (string) Signing algorithm that a client expects the server to return an id_token with. Must be PS256 - **LogoUri** (string(uri)) A compliant URI - **Mode** (string) Software Statement mode - **NotificationWebhook** (string(uri)) A compliant URI - **OnBehalfOf** (string) A reference to fourth party organisation resource on the RTS Directory if the registering Org is acting on behalf of another - **OpenidFederationEnabled** (boolean) Is this software statement enabled for federation - **OpenidFederationEntityManagementType** (string) The type of federation management that applies to this software statement - **OriginUri** (array[string(uri)]) A compliant URI - **PolicyUri** (string(uri)) A compliant URI string that points to a human-readable privacy policy document - **PostLogoutRedirectUris** (array[string(uri)]) An RFC-compliant redirect URI. Must use the `http` scheme and must be a valid absolute uri - **RedirectUri** (array[string(uri)]) The Software Statement redirect URIs - **RelatedAuthorisationServer** (string(uuid) | null) ID of the Authorisation Server that is connected to this Software Statement - **RequireSignedRequestObject** (boolean) Require a signed request object. If this is set to false, the client will not be FAPI compliant - **Roles** (array[object]) - **SoftwareVersion** (string) Software Statement version as provided by the organisation's software team - **TermsOfServiceUri** (string(uri) | null) A compliant URI - **TlsClientCertificateBoundAccessTokens** (boolean) Are the tokens issued for this client bound to a client tls certificate - **TokenEndpointAuthMethod** (string) Token endpoint authentication method - **Version** (number) Software Statement version as provided by the organisation's software team ## Responses ### 201 Get the software statements with the given id #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. #### Body: application/json (object) - **OperationWarnings** (array[string]) A warning code that describes a warning condition that occurred during the last operation - **SoftwareStatementCertifications** (array[object]) - **AdditionalSoftwareMetadata** (string) Extra metadata defined by the org admins to be loaded into the software statement and made avaiable during introspection - **ApiWebhookUri** (array[string(uri)]) A compliant URI - **ClientId** (string) Software Statement client Id - **ClientName** (string) Software Statement client name - **ClientSecret** (string) The client secret, only returned when a client is created/updated to have client_secret_basic auth type - **ClientUri** (string(uri)) The Software Statement client compliant URI - **CreatedAt** (string(date-time)) - **Description** (string) Software Statement description - **Environment** (string) The additional check for software statement, this field can avoid - **Flags** (array[object]) - **HomepageUri** (string(uri)) The URI for the website with details about the application and its services - **IdTokenSignedResponseAlgorithm** (string) Signing algorithm that a client expects the server to return an id_token with. Must be PS256 - **Locked** (boolean) Flag shows if assertion has been generated on the software statement - will be set to true when assertion is generated - **LogoUri** (string(uri)) A compliant URI - **Mode** (string) Software Statement mode - **NotificationWebhook** (string(uri)) A compliant URI - **NotificationWebhookStatus** (string) - **OnBehalfOf** (string) A reference to fourth party organisation resource on the RTS Directory if the registering Org is acting on behalf of another - **OpenidFederationEnabled** (boolean) Is this software statement enabled for federation - **OpenidFederationEntityManagementType** (string) The type of federation management that applies to this software statement - **OrganisationId** (string) Unique ID associated with the organisation - **OriginUri** (array[string(uri)]) A compliant URI - **PolicyUri** (string(uri)) A compliant URI string that points to a human-readable privacy policy document - **PostLogoutRedirectUris** (array[string(uri)]) An RFC-compliant redirect URI. Must use the `http` scheme and must be a valid absolute uri - **RedirectUri** (array[string(uri)]) An RFC-compliant redirect URI. Must use the `http` scheme and must be a valid absolute uri - **RelatedAuthorisationServer** (string(uuid) | null) ID of the Authorisation Server that is connected to this Software Statement - **RequireSignedRequestObject** (boolean) Require a signed request object. If this is set to false, the client will not be FAPI compliant - **RtsClientCreated** (boolean) Client created flag - **SoftwareStatementId** (string) Unique Software Statement Id - **SoftwareVersion** (string) Software Statement version as provided by the organisation's software team - **Status** (string) Is this software statement Active/Suspended/Inactive - **TermsOfServiceUri** (string(uri)) The Software Statement terms of service compliant URI - **TlsClientCertificateBoundAccessTokens** (boolean) Are the tokens issued for this client bound to a client tls certificate - **TokenEndpointAuthMethod** (string) Token endpoint authentication method - **UpdateFailed** (boolean) Flag shows if software statement is in failed update state - **UpdateFailedReason** (string) Error message describing why the update failed - **Version** (number) Software Statement version as provided by the organisation's software team ### 400 Bad Request #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. #### Body: application/json (object) - **errors** (array[string]) Validation Error messages ### 401 Unauthorized #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. ### 403 Forbidden #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. ### 429 Too many requests, maximum capacity reached. Requests are now throttled. #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. ### 500 Internal Server Error #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. ### 502 Bad Gateway #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. ### 504 Upstream timeout, insufficient capacity to serve request. More capacity being brought online. Please try again. #### Headers - **x-fapi-interaction-id** (string) An RFC4122 UID used as a correlation id. [Powered by Bump.sh](https://bump.sh)