...
The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent consents resource, retrieve the status of account-access-consent consents resource and patch the account-access-consent consents resource.
This resource description should be read in conjunction with a compatible Account Information Services API Profile.
...
The API allows the AISP to ask an ASPSP to create a new account-access-consent consents resource.
This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information
An AISP is not able to pre-select a set of accounts for account-access-consent authorisation
An ASPSP creates the account-access-consent consents resource and responds with a unique ConsentId to refer to the resource
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant
...
The user/customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent consents resource that is created successfully must have the following Status code-list enumeration:
...
After authorisation has taken place the account-access-consent consents resource may have these following statuses:
...
An AISP may retrieve an account-access-consent consents resource that they have created to check its status.
...
Once the user/customer authorises the account-access-consent consents resource - the Status of the account-access-consent consents resource will be updated with "Authorised".
The available Status code-list enumerations for the account-access-consent consents resource are.
S. No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected |
2 | AwaitingAuthorisation | The account access consent is awaiting authorisation |
3 | Authorised | The account access consent has been successfully authorised |
4 | Revoked | The account access consent has been revoked via the AISP interface |
...
If the user/customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent consents resource with the ASPSP as soon as is practically possible.
This is done by making a call to PATCH the account-access-consent consents resource
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant
AISP should also clear the Account Access Consent consents resources, from ASPSP’s system, which are:
...
The OBAccountAccessConsentResponse object contains the same information as the OBAccountAccessConsentRequest, but with additional fields:
ConsentId - to uniquely identify the account-access-consent consents resource.
Status.
CreationDateTime.
StatusUpdateDateTime.
...
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes |
OBAccountAccessConsentResponse |
| OBAccountAccessConsentResponse |
| OBAccountAccessConsentResponse |
|
Data | 1..1 | OBAccountAccessConsentResponse/Data |
| OBAccountAccessConsentResponse/Data |
|
ConsentId | 1..1 | OBAccountAccessConsentResponse/Data/ConsentId | Unique identification as assigned to identify the account access consent consents resource. | String |
|
CreationDateTime | 1..1 | OBAccountAccessConsentResponse/Data/CreationDateTime | Date and time at which the resource was created. | DateTime |
|
Status | 1..1 | OBAccountAccessConsentResponse/Data/Status | Specifies the status of consent consents resource in code form. | String | Enum:
|
StatusUpdateDateTime | 1..1 | OBAccountAccessConsentResponse/Data/StatusUpdateDateTime |
| DateTime |
|
Permissions | 1..n | OBAccountAccessConsentResponse/Data/Permissions | Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP | String | Enum:
|
TransactionFromDateTime | 0..1 | OBAccountAccessConsentResponse/Data/TransactionFromDateTime | Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction | DateTime |
|
TransactionToDateTime | 0..1 | OBAccountAccessConsentResponse/Data/TransactionToDateTime | Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction | DateTime |
|
...
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | Pattern |
OBPatchAccountAccessConsentRequest |
| OBPatchAccountAccessConsentRequest |
| OBPatchAccountAccessConsentRequest |
|
|
Data | 1..1 | OBPatchAccountAccessConsentRequest/Data |
| OBPatchAccountAccessConsentRequest/Data |
|
|
Status | 1..1 | OBPatchAccountAccessConsentRequest/Data/Status | Specifies the status of consent consents resource in code form. | String | Enum:
|
|
...