...
The account-access-consents resource is referred to as an account-request resource in current version (v1) and next version (v2) of this specification. For clarity, it has been generalised to 'Consent' in the detail below
2.3.1.1 POST
An AISP must not create AISP must not create a Consent on a newer version, and use it on a previous version
E.g., A ConsentId for an account-access-consent created in v3, must not be used to access v2 endpoints.
...
accounts: Ability to read Accounts information
products: Ability to read Products information
3.2 Grants Types
AISPs must use a client credentials grant to obtain a token to access the account-access-consents resource. In the specification, this grant type is referred to as "Client Credentials".
...
Permissions | Endpoints | Business Logic | Data Cluster Description | ||||
ReadAccountsBasic | /accounts |
| Ability to read basic account information | ||||
ReadAccountsDetail | /accounts | Access to additional elements in the payload | Ability to read account identification details | ||||
ReadBalances | /balances |
| Ability to read all balance information | ||||
ReadBeneficiariesBasic | /beneficiaries |
| Ability to read basic beneficiary details | ||||
ReadBeneficiariesDetail | /beneficiaries | Access to additional elements in the payload | Ability to read account identification details for the beneficiary | ||||
ReadDirectDebits | /direct-debits |
| Ability to read all direct debit information | ||||
ReadTransactionsBasic | /transactions | Permissions must also include at least one of:
| Ability to read basic transaction information | ||||
ReadTransactionsDetail | /transactions | Access to additional elements in the payload Permissions must also include at least one of:
| Ability to read transaction data elements which may hold silent party details | ||||
ReadTransactionsCredits | /transactions | Access to credit transactions. Permissions must also include one of:
| Ability to read only credit transactions | ||||
ReadTransactionsDebits | /transactions | Access to debit transactions. Permissions must also include one of:
| Ability to read only debit transactions | ||||
ReadStatementsBasic | /statements |
| Ability to read basic statement details | ||||
ReadStatementsDetail | /statements | Access to additional elements in the payload Access to download the statement file (if the ASPSP makes this available). | Ability to read statement data elements which may leak other information about the account | ReadProducts | /products |
| Ability to read all product information relating to the account |
ReadOffers | /offers |
| Ability to read all offer information | ||||
ReadParty | /accounts/{AccountId}/party |
| Ability to read party information on the account owner. | ||||
ReadPartyCustomer | /party |
| Ability to read party information on the user/customer logged in. | ||||
ReadFutureDatedPaymentsBasic | /future-dated-payments |
| Ability to read basic statement details | ||||
ReadFutureDatedPaymentsDetail | /future-dated-payments | Access to additional elements in the payload |
| ||||
ReadPAN | All API endpoints where PAN is available as a structured field | Request to access to PAN in the clear | Request to access PAN in the clear across the available endpoints. If this permission code is not in the account-access-consent, the AISP will receive a masked PAN. While an AISP may request to access PAN in the clear, an ASPSP may still respond with a masked PAN if:
|
...