Versions Compared

Version Old Version 29 New Version 30
Changes made by

CBB Admin

CBB Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The AISP connects to the ASPSP that services the user/customer’s account(s) and creates an account-access-consent resource. This informs the ASPSP that one of its user/customers is granting access to account and transaction information to an AISP. The ASPSP responds with an identifier for the resource (the ConsentId - which is the intent identifier). This step is carried out by making a POST request to / account-access-consents endpoint.

  • The account-access-consent resource will include these fields below - which describe the data that the user/customer has consented with the AISP:

    • Permissions - a list of data clusters that have been consented for access.

    • Transaction Validity Period [D1] [D2] - the From/To date range which specifies a historical period for transactions and statements which may be accessed by the AISP.

  • An AISP may be a broker for data to other parties[D3] , and so it is valid for a user/customer to have multiple account-access-consents for the same accounts, with different consent/authorisation parameters agreed.

Step 3: Authorise Consent

...

  • This is carried out by making a GET request the relevant resource.

  • The unique AccountId(s) that are valid for the account-access-consent will be returned with a call to GET /accounts. This will always be the first call once an AISP has a valid access token

2.1.2 Sequence Diagram

...

*CIBA - Client Initiated Backchannel Authentication

2.2 Idempotency

The API endpoints for creating account-access-consent resources are not idempotent.

If a time-out error occurs - then we would expect an AISP to create a new account-access-consent resource - rather than try with the same resource.

2.3 Release Management

This section overviews the release management and versioning strategy for the Account and Transaction API.

...

Permissions

Endpoints

Business Logic

Data Cluster Description

ReadAccountsBasicReadAccountsBasic

/accounts
/accounts/{AccountId}

 

Ability to read basic account information

ReadAccountsDetailReadAccountsDetail

/accounts
/accounts/{AccountId}

Access to additional elements in the payload

Ability to read account identification details

ReadBalances

/balances
/accounts/{AccountId}/balances

 

Ability to read all balance information

ReadBeneficiariesBasicReadBeneficiariesBasic

/beneficiaries
/accounts/{AccountId}/beneficiaries

 

Ability to read basic beneficiary details

ReadBeneficiariesDetailReadBeneficiariesDetail

/beneficiaries
/accounts/{AccountId}/beneficiaries

Access to additional elements in the payload

Ability to read account identification details for the beneficiary

ReadDirectDebits

/direct-debits
/accounts/{AccountId}/direct-debits

 

Ability to read all direct debit information

ReadTransactionsBasicReadTransactionsBasic

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Permissions must also include at least one of:

  • ReadTransactionsCredits

  • ReadTransactionsDebits

Ability to read basic transaction information

ReadTransactionsDetailReadTransactionsDetail

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to additional elements in the payload

Permissions must also include at least one of:

  • ReadTransactionsCredits

  • ReadTransactionsDebits

Ability to read transaction data elements which may hold silent party details

ReadTransactionsCreditsReadTransactionsCredits

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to credit transactions.

Permissions must also include one of:

  • ReadTransactionsBasic

  • ReadTransactionsDetail

Ability to read only credit transactions

ReadTransactionsDebitsReadTransactionsDebits

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to debit transactions.

Permissions must also include one of:

  • ReadTransactionsBasic

  • ReadTransactionsDetail

Ability to read only debit transactions

ReadStatementsBasicReadStatementsBasic

/statements
/accounts/{AccountId}/statements

 

Ability to read basic statement details

ReadStatementsDetailReadStatementsDetail

/statements
/accounts/{AccountId}/statements
/accounts/{AccountId}/statements/{StatementId}/file

Access to additional elements in the payload

Access to download the statement file (if the ASPSP makes this available).

Ability to read statement data elements which may leak other information about the account

ReadProducts

/products
/accounts/{AccountId}/product

 

Ability to read all product information relating to the account

ReadOffers

/offers
/accounts/{AccountId}/offers

 

Ability to read all offer information

ReadParty

/accounts/{AccountId}/party
/accounts/{AccountId}/parties

 

Ability to read party information on the account owner.

ReadPartyCustomerReadPartyCustomer

/party

 

Ability to read party information on the user/customer logged in.

ReadFutureDatedPaymentsBasicReadFutureDatedPaymentsBasic

/future-dated-payments
/accounts/{AccountId}/future-dated-payments

 

Ability to read basic statement details

ReadFutureDatedPaymentsDetailReadFutureDatedPaymentsDetail

/future-dated-payments
/accounts/{AccountId}/future-dated-payments

Access to additional elements in the payload

 

ReadPAN

All API endpoints where PAN is available as a structured field

Request to access to PAN in the clear

Request to access PAN in the clear across the available endpoints.

If this permission code is not in the account-access-consent, the AISP will receive a masked PAN.

While an AISP may request to access PAN in the clear, an ASPSP may still respond with a masked PAN if:

  • The ASPSP does not display PAN in the clear in existing online channels

  • The ASPSP takes a legal view to respond with only the masked PAN

  • ASPSP should return last 4 digits unmasked, or

  • ASPSP should return at max first 6 and last 4 digits unmasked. e.g. 5555 **** **** 4444, **** **** **** 4444 etetc.

 3.3.1.1.a  Detail Permissions

...

If the user/customer has provided permission for ReadTransactionsDebits, the ASPSP must include all debits, including credit reversals.

3.3.1.2  Transaction To/From Date Time

...

 S. No.

Status

Description

1

Authorised

The account access consent has been successfully authorised.

2

Rejected

The account access consent has been rejected.

3

Revoked

The account access consent has been revoked via the ASPSP interface.

3.3.3 Consent Re-authentication

...

A user/customer may revoke AISP's access directly with the ASPSP, via the access dashboard. In such a situation:

  • The ASPSPs maymust revoke the access token provided to the AISP.

  • The status of the account-access-consent must remain unchanged and the AISP must be allowed to request user/customer to re-authenticate the same account-access-consent resource.

  • Upon successful re-authentication by user/customer, an ASPSP may issue new authorisation code and subsequently new access token to the AISP.

...

"Meta": {     "TotalPages": 1,     "FirstAvailableDateTime": "2019-05-03T00:00:00+03:00",     "LastAvailableDateTime": "2019-12-03T00:00:00+03:00"

  }

4.2

...

The Account Info API resources, where possible, have been borrowed from the ISO 20022 camt.052 XML standard. However, has been adapted for APIs based as per our design principles.

Deviations from the camt.052 XML standard are:

  • The camt.052 header section and trailer sections have been removed as these are not required for a RESTful API.

  • Resources have been identified and payload structures have been designed for these resources rather than a full message (i.e., camt.052) that encompasses all resources in a report format. This has meant we have designed separate endpoints and payloads to cover:

    • accounts

    • balances

    • beneficiaries

    • direct-debits

    • offers

    • party

    • products

    • standing-orders

    • statements

    • transactions

    • future-dated-payments

  • New payloads have been designed for beneficiaries, direct-debits, standing-orders, and products resources as these are not in the ISO 20022 standard (or the camt.052 message).

  • A DateTime element has been used instead of a complex choice element of Date and DateTime (across all API endpoints). Where time elements do not exist in ASPSP systems, the expectation is the time portion of the DateTime element will be defaulted to 00:00:00+00:00.

  • Variations for the accounts structure include:

    • Standardised inline with the Payment API account structures.

    • Contains elements to identify an account Nickname.

  • Variations for the balances structure include:

    • Adding a Type into the CreditLine section to allow for multiple credit line types affecting the available balance.

    • DateTime element has been specified instead of a complex choice of Date and DateTime.

  • Variations for the transactions structure include:

    • Renaming "entry" to "transaction" for consistency.

    • DateTime elements used instead of a complex choice of Date and DateTime.

    • Flattening of the structure for BankTransactionCode and ProprietaryBankTransactionCode.

    • Additional information for an AddressLine, MerchantDetails and a running Balance

4.3 Enumerations

4.3.1 Static Enumerations

...

Code Class

...

Name

...

Definition

Enumerations

4.2.1 Static Enumerations

Code Class

Name

Definition

OBAccountStatusCode

Enabled

Account can be used for its intended purpose.

OBAccountStatusCode

Disabled

Account cannot be used for its intended purpose, either temporarily or permanently.

OBAccountStatusCode

RevokedDeleted

Account cannot be used any longer.

OBAccountStatusCode

ProForma

Account is temporary and can be partially used for its intended purpose. The account will be fully available for use when the account servicer has received all relevant documents.

OBAccountStatusCode

Pending

Account change is pending approval.

OBAddressTypeCode

Business

Address is the business address.

OBAddressTypeCode

Correspondence

Address is the address where correspondence is sent.

OBAddressTypeCode

DeliveryTo

Address is the address to which delivery is to take place.

OBAddressTypeCode

MailTo

Address is the address to which mail is sent.

OBAddressTypeCode

POBox

Address is a postal office (PO) box.

OBAddressTypeCode

Postal

Address is the complete postal address.

OBAddressTypeCode

Residential

Address is the home address.

OBAddressTypeCode

Statement

Address is the address where statements are sent.

OBBalanceTypeCode

ClosingAvailable

Closing balance of amount of money that is at the disposal of the account owner on the date specified.

OBBalanceTypeCode

ClosingBooked

Balance of the account at the end of the pre-agreed account reporting period. It is the sum of the opening booked balance at the beginning of the period and all entries booked to the account during the pre-agreed account reporting period.

OBBalanceTypeCode

ClosingCleared

Closing balance of amount of money that is cleared on the date specified.

OBBalanceTypeCode

Expected

Balance, composed of booked entries and pending items known at the time of calculation, which projects the end of day balance if everything is booked on the account and no other entry is posted.

OBBalanceTypeCode

ForwardAvailable

Forward available balance of money that is at the disposal of the account owner on the date specified.

OBBalanceTypeCode

Information

Balance for informational purposes.

OBBalanceTypeCode

InterimAvailable

Available balance calculated in the course of the account servicer's business day, at the time specified, and subject to further changes during the business day. The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period specified.

OBBalanceTypeCode

InterimBooked

Balance calculated in the course of the account servicer's business day, at the time specified, and subject to further changes during the business day. The interim balance is calculated on the basis of booked credit and debit items during the calculation time/period specified.

OBBalanceTypeCode

InterimCleared

Cleared balance calculated in the course of the account servicer's business day, at the time specified, and subject to further changes during the business day.

OBBalanceTypeCode

OpeningAvailable

Opening balance of amount of money that is at the disposal of the account owner on the date specified.

OBBalanceTypeCode

OpeningBooked

Book balance of the account at the beginning of the account reporting period. It always equals the closing book balance from the previous report.

OBBalanceTypeCode

OpeningCleared

Opening balance of amount of money that is cleared on the date specified.

OBBalanceTypeCode

PreviouslyClosedBooked

Balance of the account at the previously closed account reporting period. The opening booked balance for the new period has to be equal to this balance. Usage: the previously booked closing balance should equal (inclusive date) the booked closing balance of the date it references and equal the actual booked opening balance of the current date.

OBCreditDebitCode

Credit

Operation is a credit

OBCreditDebitCode

Debit

Operation is a debit

OBEntryStatusCode

Booked

Booked means that the transfer of money has been completed between account servicer and account owner Usage: Status Booked does not necessarily imply finality of money as this depends on other factors such as the payment system used, the completion of the end- to-end transaction and the terms agreed between account servicer and owner. Status Booked is the only status that can be reversed.

OBEntryStatusCode

Pending

Booking on the account owner's account in the account servicer's ledger has not been completed. Usage: this can be used for expected items, or for items for which some conditions still need to be fulfilled before they can be booked. If booking takes place, the entry will be included with status Booked in subsequent account report or statement. Status Pending cannot be reversed.

OBEntryStatusCode

Interimpending

 

OBExternalAccountSubTypeCode

ChargeCard

Account sub-type is a Charge Card.

OBExternalAccountSubTypeCode

CreditCard

Account sub-type is a Credit Card.

OBExternalAccountSubTypeCode

CurrentAccount

Account sub-type is a Current Account.

OBExternalAccountSubTypeCode

EWallet

Account sub-type is an EWallet

OBExternalAccountSubTypeCode

Loan

Account sub-type is a Loan.

OBExternalAccountSubTypeCode

Mortgage

Account sub-type is a Mortgage.

OBExternalAccountSubTypeCode

PrePaidCard

Account sub-type is a PrePaid Card.

OBExternalAccountSubTypeCode

Savings

Account sub-type is a Savings.

OBExternalAccountTypeCode

Business

Account type is for business.

OBExternalAccountTypeCode

Personal

Account type is for personal.

OBExternalCardAuthorisationTypeCode

ConsumerDevice

Card authorisation was via a Consumer Device Cardholder Verification Method (CDCVM)

OBExternalCardAuthorisationTypeCode

Contactless

Card authorisation was via Contactless.

OBExternalCardAuthorisationTypeCode

None

No card authorisation was used.

OBExternalCardAuthorisationTypeCode

PIN

Card authorisation was via PIN.

OBExternalCardSchemeTypeCode

AmericanExpress

AmericanExpress scheme.

OBExternalCardSchemeTypeCode

Diners

Diners scheme.

OBExternalCardSchemeTypeCode

Discover

Discover scheme.

OBExternalCardSchemeTypeCode

MasterCard

MasterCard scheme.

OBExternalCardSchemeTypeCode

VISA

VISA scheme.

OBExternalLimitTypeCode

Available

The amount of credit limit available to the account holder

OBExternalLimitTypeCode

Credit

The amount of a credit limit that has been agreed with the account holder

OBExternalLimitTypeCode

Emergency

The amount of an arranged lending limit that can be borrowed on top of pre-agreed lending, that has been agreed with the account holder

OBExternalLimitTypeCode

Pre-Agreed

The amount of an arranged lending limit that has been agreed with the account holder

OBExternalLimitTypeCode

Temporary

The amount of a temporary lending limit that has been agreed with the account holder

OBExternalOfferTypeCode

BalanceTransfer

Offer is a balance transfer.

OBExternalOfferTypeCode

LimitIncrease

Offer is a limit increase.

OBExternalOfferTypeCode

MoneyTransfer

Offer is a money transfer.

OBExternalOfferTypeCode

Other

Offer is of other type.

OBExternalOfferTypeCode

PromotionalRate

Offer is a promotional rate.

OBExternalPartyTypeCode

Delegate

Party that has delegated access.

OBExternalPartyTypeCode

Joint

Party is a joint owner of the account.

OBExternalPartyTypeCode

Sole

Party is a sole owner of the account.

OBExternalFutureDateTypeCode

Arrival

Future Dated payment date is specified as the arrival date for the recipient

OBExternalFutureDateTypeCode

Execution

Future Dated payment date is specified as the execution date

OBExternalStandingOrderStatusCode

Active

The standing order is active.

OBExternalStandingOrderStatusCode

Inactive

The standing order is inactive.

OBExternalStatementTypeCode

AccountClosure

Final account closure statement.

OBExternalStatementTypeCode

AccountOpening

First statement provided for an account.

OBExternalStatementTypeCode

Annual

Annual statement report.

OBExternalStatementTypeCode

Interim

Adhoc or customised statement period.

OBExternalStatementTypeCode

RegularPeriodic

Regular pre-agreed reporting statement

...