Mastercard

Mastercard ID for Trust Providers

Mastercard ID for Trust Providers is a service that helps businesses and organizations verify the identity of their customers. By utilizing advanced technology and security measures, Mastercard ID for Trust Providers enables businesses to securely authenticate the identities of individuals in real-time, reducing the risk of fraud and ensuring a seamless and secure customer experience.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.mastercard.com/mastercard-id-for-tp/documentation/api-reference/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/mastercard/refs/heads/main/properties/mastercard-id-for-trust-providers-openapi.yml

Code Examples

💻
CodeExamples
https://developer.mastercard.com/mastercard-id-for-tp/documentation/postman-collection/
💻
CodeExamples
https://developer.mastercard.com/mastercard-id-for-tp/documentation/reference-app/

Other Resources

🔗
Security
https://developer.mastercard.com/mastercard-id-for-tp/documentation/api-basics/#api-security
🔗
Security
https://developer.mastercard.com/mastercard-id-for-tp/documentation/api-basics/#encryption
🔗
Sandbox
https://developer.mastercard.com/mastercard-id-for-tp/documentation/api-basics/#environments
🔗
UseCases
https://developer.mastercard.com/mastercard-id-for-tp/documentation/use-cases/
🔗
Tutorials
https://developer.mastercard.com/mastercard-id-for-tp/documentation/tutorials-and-guides/
🔗
Errors
https://developer.mastercard.com/mastercard-id-for-tp/documentation/code-and-formats/
🔗
ChangeLog
https://developer.mastercard.com/mastercard-id-for-tp/documentation/release-history/
🔗
FAQ
https://developer.mastercard.com/mastercard-id-for-tp/documentation/support/#faqs
🔗
Support
https://developer.mastercard.com/mastercard-id-for-tp/documentation/support/#get-help

OpenAPI Specification

mastercard-id-for-trust-providers-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: Mastercard ID for Trust Providers
  description: >-
    Mastercard ID for Trust Providers is a service that helps businesses and
    organizations verify the identity of their customers. By utilizing advanced
    technology and security measures, Mastercard ID for Trust Providers enables
    businesses to securely authenticate the identities of individuals in
    real-time, reducing the risk of fraud and ensuring a seamless and secure
    customer experience. This service allows businesses to confidently verify
    the identities of their customers, streamlining operations and improving
    trust and security in online transactions. With Mastercard ID for Trust
    Providers, businesses can effectively combat fraud and identity theft,
    safeguarding sensitive information and enhancing the overall customer
    experience.
  contact:
    name: API Support
    email: [email protected]
    url: https://developer.mastercard.com/support
  version: 1.1.0
servers:
  - url: https://api.mastercard.com/idservice
    description: Production server (uses USA live data).
  - url: https://sandbox.api.mastercard.com/idservice
    description: Sandbox server (testing USA environment).
  - url: https://api.mastercard.com.au/idservice
    description: Production server  (uses AUS live data).
  - url: https://sandbox.api.mastercard.com.au/idservice
    description: Sandbox server (testing AUS environment).
tags:
  - name: Create a User Identity
    description: Create a user identity.
  - name: Access a User Identity
    description: Access a user identity.
  - name: Manage a User Identity
    description: Manage a user identity.
  - name: Share a User Identity
    description: Share a user's identity attributes with an RP.
  - name: Identity History
    description: Record and provide access to identity activities conducted by the user.
paths:
  /user-profiles/identity-searches:
    post:
      tags:
        - Users
        - Profiles
        - Identity
        - Searches
      responses:
        '200':
          $ref: '#/components/responses/IdentitySearchResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Retrieve decrypted identities along with rotated PDS to present the user

        with the registered identity in the TP app. Does not require a minimum
        authentication standard.   

        **This API is mandatory.**
      summary: View an Identity
      operationId: retrieveIdentities
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/IdentitySearchRequest'
  /user-profiles:
    post:
      tags:
        - Users
        - Profiles
      responses:
        '201':
          $ref: '#/components/responses/UserProfilesResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
      description: |
        - This endpoint registers a user profile using the given
        `user profile ID`.

        - An error will be returned if the user profile already exists.   
        **This API is mandatory.**
      summary: Create a new user.
      operationId: createUserProfile
      requestBody:
        $ref: '#/components/requestBodies/UserProfilesRequest'
    delete:
      tags:
        - Users
        - Profiles
      responses:
        '200':
          $ref: '#/components/responses/UserProfilesResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Enable TP app to mark user account as deleted on Mastercard ID Network.
        Requires GPA authentication.   

        **This API is mandatory.**
      summary: Delete an Identity.
      operationId: deleteUserProfile
      parameters:
        - $ref: '#/components/parameters/UserProfileIdParameter'
        - $ref: '#/components/parameters/UserConsentParameter'
  /user-profiles/identity-attribute-deletions:
    post:
      tags:
        - Users
        - Profiles
        - Identity
        - Deletions
      responses:
        '200':
          $ref: '#/components/responses/IdentityAttributeDeletionsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Delete an identity attribute from a PDS and update the affected
        assurance levels. Requires GPA authentication.   

        **This API is mandatory.**
      summary: Delete Document.
      operationId: deleteIdentityAttribute
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/IdentityAttributeDeletionsRequest'
  /email-otps:
    post:
      tags:
        - Email
        - Manage A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/EmailOtpsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: |
        Take in and code in the request body. It checks if the provided
        code matches the one-time password generated for the OTP request and
        returns the result. Does not require a minimum authentication standard.
        **This API is mandatory.**
      summary: Add & Validate an Email Address   Request an OTP Code.
      operationId: createEmailOTP
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/EmailOtpsRequest'
  /email-otp-verifications:
    post:
      tags:
        - Email
        - Verifications
      responses:
        '200':
          $ref: '#/components/responses/OtpVerificationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: |
        Take in `otpId` and code in the request body. It checks if the provided
        code matches the one-time password generated for the OTP request and
        returns the result. Does not require a minimum authentication standard.
        **This API is mandatory.**
      summary: Add & Validate an Email Address  Verify an OTP Code.
      operationId: verifyEmailOTP
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/EmailOtpVerificationsRequest'
  /sms-otps:
    post:
      tags:
        - Otps
      responses:
        '200':
          $ref: '#/components/responses/SmsOtpsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >
        Generate and send via SMS an OTP along with a message body to the

        provided phone number. Does not require a minimum authentication
        standard.

        **This API is mandatory.**
      summary: "Add & Validate a Phone Number \tRequest an OTP Code."
      operationId: createSMSOTP
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/SmsOtpsRequest'
  /sms-otp-verifications:
    post:
      tags:
        - Verifications
      responses:
        '200':
          $ref: '#/components/responses/OtpVerificationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: |
        Add the `otpId` and code in the request body. It checks if the provided
        code matches the one-time password generated for the OTP request and
        returns the result. Does not require a minimum authentication standard.
        **This API is mandatory.**
      summary: Add & Validate a Phone Number  Verify an OTP Code.
      operationId: verifySMSOTP
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/SmsOtpVerificationsRequest'
  /tp-data-shares:
    post:
      summary: Add an Independently Validated Phone Number.
      tags:
        - Data
        - Shares
      responses:
        '200':
          $ref: '#/components/responses/TPDataShareSuccessResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Used for a TP to share a User's Identity Attributes. Does not require a
        minimum authentication standard.   

        **This API is optional.**
      operationId: updatePdsData
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/TpDataShareRequest'
  /multi-access-tokens:
    post:
      tags:
        - Multi
        - Access
        - Tokens
      responses:
        '200':
          $ref: '#/components/responses/AccessTokensResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
      description: |
        Returns a `SDK Token` used for multiple document enrollment to be passed
        to the `MIDS verification SDK` module.   
        **This API is mandatory.**
      summary: >-
        Add and Validate a Document - Request a token to enroll an additional
        document.
      operationId: getMultiAccessToken
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/MultiAccessTokensRequest'
  /access-tokens:
    post:
      tags:
        - Access
        - Tokens
      responses:
        '200':
          $ref: '#/components/responses/AccessTokensResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
      description: |
        Returns a `SDK Token` token to be passed to the MIDS verification SDK
        module.   
        **This API is mandatory.**
      summary: Request a token to enroll an identity.
      operationId: getAccessToken
      parameters:
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/AccessTokensRequest'
  /document-verifications/document-data-retrievals:
    post:
      tags:
        - Documents
        - Verifications
        - Data
        - Retrievals
      responses:
        '200':
          $ref: '#/components/responses/DocumentDataRetrievalsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: |
        Informs if the document verification is still being processed or is
        processed already. If `SUCCESS`, the document data is returned.   
        **This API is mandatory.**
      summary: Retrieve the details of a document.
      operationId: retrieveDocumentData
      parameters:
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/DocumentDataRetrievalsRequest'
    put:
      tags:
        - Documents
        - Verifications
        - Data
        - Retrievals
      responses:
        '200':
          $ref: '#/components/responses/DocumentDataRetrievalsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Informs if the document verification for the additional document is
        still being processed (PENDING)

        or is processed already (SUCCESS). If SUCCESS, the document data is

        returned.   

        **This API is mandatory.**
      summary: >-
        Add and Validate a Document - Retrieve the details of an additional
        document.
      operationId: retrieveMultiDocumentData
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/MultiDocumentDataRetrievalsRequest'
  /document-verifications/document-data-confirmations:
    post:
      tags:
        - Documents
        - Verifications
        - Data
        - Confirmations
        - Manage A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/DocumentDataConfirmationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: |
        - After the user verifies and checks if the data extracted from the
        documents match the current status (for example, Address).

        - The user sends data back to MIDS to confirm the details.

        - Perform verifications with IVPs and store the data into the PDS.   
        **This API is mandatory.**
      summary: Add and Validate a Document - Confirm the details of a document.
      operationId: confirmDocumentData
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/DocumentDataConfirmationsRequest'
  /document-verifications/identity-attributes:
    put:
      tags:
        - Documents
        - Verifications
        - Identity
        - Manage A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/DocumentDataConfirmationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: |
        After the user verifies and confirms the conflict attribute, the user
        sends data back to MIDS to confirm the details. This API will
        perform verifications with IVPs and store the data into the PDS.   
        **This API is mandatory.**
      summary: >-
        Add and Validate a Document - Resolve a conflict between identity
        attributes.
      operationId: updateIdentityAttribute
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/UpdateIdentityAttributesRequest'
  /document-verifications/update-id-confirmations:
    put:
      tags:
        - Documents
        - Verifications
        - Id
        - Confirmations
        - Manage A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/UpdateIdConfirmationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Delete the document verification data on the Identity verification
        vendor

        once the user confirms the PDS update.   

        **This API is mandatory.**
      summary: >-
        Add and Validate a Document - Confirm the identity was stored to the
        PDS.
      operationId: updateIdConfirmation
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
      requestBody:
        $ref: '#/components/requestBodies/UpdateIdConfirmationsRequest'
  /initiate-authentications:
    post:
      tags:
        - Initiate
        - Access A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/InitiateAuthenticationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: |
        Initialize authentication based on the information provided in PDS.   
        **This API is mandatory.**
      summary: >
        Authenticate a user using Liveness Assurance, this is a more performant,
        but less stringent form of authentication, which will enable the user to
        access, but not change certain details of their identity.
      operationId: initializeAuthentication
      parameters:
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/InitializeAuthenticationsRequest'
  /initiate-premium-authentications:
    post:
      tags:
        - Initiate
        - Premium
        - Access A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/InitiateAuthenticationsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >
        This API returns a token for initiating the premium authentication
        process

        using SDK.   

        **This API is mandatory.**
      summary: >-
        Authenticate a user using Genuine Presence Assurance, this is a less
        performant, but more stringent form of authentication, which will enable
        the user to manage all aspects of their identity.
      operationId: initiateStrongerAuthentication
      parameters:
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/InitializePremiumAuthenticationsRequest'
  /authentication-decisions/scans/{scan_id}:
    put:
      tags:
        - Authentication
        - Decisions
        - Scans
      responses:
        '200':
          $ref: '#/components/responses/AuthenticationDecisionsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Authenticate user identity and retrieve identity attributes without
        updating selfie.   

        **This API is mandatory.**
      summary: Retrieve an outcome for an authentication.
      operationId: authenticationdecisions
      parameters:
        - $ref: '#/components/parameters/ScanIdPathParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/AuthenticationDecisionRequest'
  /audit-events:
    put:
      tags:
        - Audit
        - Events
      responses:
        '201':
          $ref: '#/components/responses/AuditEventsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
      description: >
        Create the audit events with the user profile ID provided by the TP.
        Does not require a minimum authentication standard.

        **This API is mandatory.**
      summary: Provide auditable events for recording against the identity.
      operationId: createAuditEvents
      requestBody:
        $ref: '#/components/requestBodies/AuditEventsRequest'
  /user-account-activity-searches:
    post:
      tags:
        - Users
        - Accounts
        - Activity
        - Searches
      responses:
        '200':
          $ref: '#/components/responses/UserAccountActivitySearchesResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: |
        Retrieve decrypted user activities and present them to the user in the
        TP app. Does not require a minimum authentication standard.
        **This API is mandatory.**
      summary: View identity lifecycle activities which have occurred in a time period.
      operationId: retrieveUserActivities
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/UserAccountActivitySearchRequest'
  /rp-activity-searches:
    post:
      tags:
        - Activity
        - Searches
      responses:
        '200':
          $ref: '#/components/responses/RPActivitySearchResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: |
        Retrieve decrypted RP activities and present them to the user in the TP
        app. Does not require a minimum authentication standard.
        **This API is mandatory.**
      summary: >-
        View identity claim sharing activities which have occurred in a time
        period.
      operationId: searchRpActivity
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/RPActivitySearchRequest'
  /tprp-claims:
    post:
      tags:
        - Claims
      responses:
        '200':
          $ref: '#/components/responses/TPRPClaimsResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
      description: >
        Returns the claims which satisfy the scopes in the request, based on

        information provided in the PDS. Does not require a minimum
        authentication standard.

        **This API is optional.**
      summary: Share an Identity when the TP is also an RP.
      operationId: getClaimsIdentities
      parameters:
        - $ref: '#/components/parameters/XUserIdentityParameter'
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/TPRPClaimsRequest'
  /claims/scopes/{arid}:
    get:
      summary: >-
        Share an Identity with an External RP - Retrieve details of the scope
        request being made by an RP.
      tags:
        - Scopes
        - Share A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/RPScopesSuccessResponse'
        '400':
          $ref: '#/components/responses/BadRequestError'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '404':
          $ref: '#/components/responses/NotFoundError'
      description: >
        Used to retrieve the scopes and RP details associated with the ARID.
        Does not require a minimum authentication standard.   

        **This API is mandatory.**
      operationId: retrieveCSScopes
      parameters:
        - $ref: '#/components/parameters/AridParameter'
  /claims/user-data-extractions:
    post:
      tags:
        - Users
        - Data
        - Extractions
      responses:
        '200':
          $ref: '#/components/responses/RPClaimsDataResponse'
        '400':
          $ref: '#/components/responses/BadRequestErrorClaimSharing'
        '404':
          $ref: '#/components/responses/NotFoundErrorClaimSharing'
      description: >
        Returns the user information from the PDS that is requested by the

        Relying Party based on the ARID. Does not require a minimum
        authentication standard.

        **This API is mandatory.**
      summary: >-
        Share an Identity with an External RP - Provide the PDS to enable ID for
        TP to determine if these satisfy an RPs scope request.
      operationId: extractClaimsUserData
      parameters:
        - $ref: '#/components/parameters/XEncryptedPayload'
      requestBody:
        $ref: '#/components/requestBodies/RPClaimsDataRequestData'
  /claims/user-consents:
    post:
      tags:
        - Users
        - Share A  User  Identity
      responses:
        '200':
          $ref: '#/components/responses/UserConsentResponse'
        '400':
          $ref: '#/components/responses/BadRequestErrorClaimSharing'
        '404':
          $ref: '#/components/responses/NotFoundErrorClaimSharing'
      description: >
        Inform the Trust Party about the user consent. If the consent is given,

        the identity attributes will be shared with Relying Party. Does not
        require a minimum authentication standard. 

        **This API is mandatory.**
      summary: >-
        Share an Identity with an External RP - Provide consent to share the
        identity attributes which satisfy an RPs scope request.
      operationId: getUserConsentStatus
      requestBody:
        $ref: '#/components/requestBodies/UserConsentRequest'
components:
  schemas:
    Configuration:
      required:
        - messageLevelEncryption
        - baseUrl
        - apiKey
        - otpHost
        - certificatePins
      properties:
        messageLevelEncryption:
          type: boolean
          description: >-
            Indicates whether message level encryption is enabled or not for
            Mobile ID.
          example: false
        baseUrl:
          type: string
          description: The Idemia Base URL for the Mobile ID.
          minLength: 1
          maxLength: 500
          example: https://api.app.dev.0.stc.us.idemia.io
        apiKey:
          type: string
          description: The Idemia Api Key for the Mobile ID.
          minLength: 1
          maxLength: 500
          example: 2b6e3ff2-ecd0-4c66-8a5e-716dae42a5d9
        otpHost:
          type: string
          description: The Idemia OTP URL for the Mobile ID.
          minLength: 1
          maxLength: 500
          example: mid-dev.idemia.com
        certificatePins:
          type: array
          description: Certificate Pinnings for IDEMIA domains
          items:
            $ref: '#/components/schemas/CertificatePin'
    CertificatePin:
      type: object
      description: Identity attributes array item.
      properties:
        domain:
          type: string
          description: The Idemia domian for certificate pinning.
          minLength: 1
          maxLength: 500
          example: api.app.dev.0.stc.us.idemia.io
        publicKeyHash:
          type: string
          description: The Idemia certificate hash.
          minLength: 1
          maxLength: 500
          example: sha256/K6ejhsw
    ActivationCode:
      required:
        - transactionId
        - activationCode
        - status
      properties:
        activationCode:
          type: string
          description: >-
            IDEMIA generated QR code, This will be used in MIDS Mobile SDK to
            get user identity attributes from IDEMIA
          minLength: 1
          maxLength: 500
          example: >-
            OGI3MDdmOWMtODhkMC00NmY0LWI2ZmUtNWE5NmI1NTY4NjgyLGV5SmhiR2NpT2lKSVV6STFOaUo5LmV5SmhkV1FpT2lJNFlqY3dOMlk1WXkwNE9HUXdMVFEyWmpRdFlqWm1aUzAxWVRrMllqVTFOamcyT0RJaUxDSmxlSEFpT2pFMk5qUXlPVGM1TWpCOS5hN1BEbE5SYzBVUjh1ZjBkT0NVX29scjNwSW9xS2RwVTBQQlR5TlVyVnRzLGh0dHBzOi8vYXBpLmFwcC5kZXYuMC5zdGMudXMuaWRlbWlhLmlvL2dpcHMvcmVzdC92MS90cmFuc2FjdGlvbnMvLDU0MjE0Ng==
        transactionId:
          type: string
          description: A random 128-bit. UUID represents the MIDS transaction.
          minLength: 36
          maxLength: 36
          example: 1ec14310-e85c-11ea-adc1-0242ac120002
        status:
          type: string
          description: >-
            The status of the Get Activation Code API, possible value is
            PENDING.
          minLength: 1
          maxLength: 50
          example: PENDING
    MobileIdRegistration:
      required:
        - transactionId
        - registrationId
        - status
      properties:
        status:
          type: string
          description: The status of the registration API, possible value is PENDING.
          minLength: 7
          maxLength: 7
          example: PENDING
        transactionId:
          type: string
          description: A random 128-bit. UUID represents the MIDS transaction.
          minLength: 36
          maxLength: 36
          example: 1ec14310-e85c-11ea-adc1-0242ac120002
        registrationId:
          type: string
          description: A random 128-bit. UUID represents the registration.
          minLength: 36
          maxLength: 36
          example: 1ec14310-e85c-11ea-adc1-0242ac120003
    MobileIdUserEligibilityInfo:
      required:
        - countryCode
        - userConsent
        - pds
        - deviceType
        - deviceOS
      properties:
        countryCode:
          $ref: '#/components/schemas/CountryCode'
        pds:
          $ref: '#/components/schemas/PDS'
        userConsent:
          $ref: '#/components/schemas/UserConsent'
        deviceOS:
          type: string
          description: >-
            The OS version of the mobile device that user is using to register
            with.
          maxLength: 20
          minLength: 1
          example: iOS16
        deviceType:
          type: string
          description: >-
            The type of device operating system that user is using to register
            with.
          enum:
            - ANDROID
            - IOS
          example: ANDROID
        sdkVersion:
          $ref: '#/components/schemas/SdkVersion'
    IdentityAttributeDeletions:
      required:
        - pds
        - attributeName
        - userConsent
        - attributeId
      type: object
      properties:
        pds:
          $ref: '#/components/schemas/PDS'
        userConsent:
          $ref: '#/components/schemas/UserConsent'
        attributeName:
          type: string
          description: The name of the attribute to be deleted.
          enum:
            - PASSPORT
            - DRIVER_LICENSE
          example: PASSPORT
        attributeId:
          type: string
          description: >-
            The identifier of the attribute being queried. This can be retrieved
            from a call to either the authentication-decisions API, or the
            user-profiles/identity-searches API.
          pattern: >-
            ^[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}$
          minLength: 1
          example: cf11bb8d-b1b1-49c7-90ed-c63134cd1008
        sdkAuditEvents:
          type: array
          description: >-
            Array of objects containing a record of any auditable steps
            occurring between the App and the SDK. A call must be made by the TP
            App from the MIDS Audit SDK prior to all API calls, with any audit
            events included in the subsequent call.
          items:
            $ref: '#/components/sc

# --- truncated at 32 KB (173 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/mastercard/refs/heads/main/openapi/mastercard-id-for-trust-providers-openapi.yml