Versions Compared

Version Old Version 52 New Version 53
Changes made by

CBB Admin

CBB Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The access tokens required for accessing the Account Info APIs must have at least the following scope:

accounts: Ability to read Accounts information

...

Permissions codes will be used to limit the data that is returned in response to a resource request.

When a permission is granted for a "Detail" permission code (e.g., ReadAccountsDetail) it implies that access is also granted to the corresponding "Basic" permission code (e.g., ReadAccountsBasic).

...

  • Account Access Consents with an empty Permissions permissions array

  • Account Access Consents with a permission code that is not supported by the ASPSP (APSPSs are expected to publish which API endpoints are supported)

  • Account Access Consents with a Permissions array that contains ReadTransactionsBasic but does not contain at least one of ReadTransactionsCredits and ReadTransactionsDebits

  • Account Access Consents with a Permissions array that contains ReadTransactionsDetail but does not contain at least one of ReadTransactionsCredits and ReadTransactionsDebits

  • Account Access Consents with a Permissions array that contains ReadTransactionsCredits but does not contain at least one of ReadTransactionsBasic and ReadTransactionsDetail

  • Account Access Consents with a Permissions array that contains ReadTransactionsDebits but does not contain at least one of ReadTransactionsBasic and ReadTransactionsDetail

...

Permissions

Endpoints

Business Logic

Data Cluster Description

ReadAccountsBasic

/accounts
/accounts/{AccountId}

 

Ability to read basic account information

ReadAccountsDetail

/accounts
/accounts/{AccountId}

Access to additional elements in the payload

Ability to read account identification details

ReadBalances

/balances
/accounts/{AccountId}/balances

 

Ability to read all balance information

ReadBeneficiariesBasic

/beneficiaries
/accounts/{AccountId}/beneficiaries

 

Ability to read basic beneficiary details

ReadBeneficiariesDetail

/beneficiaries
/accounts/{AccountId}/beneficiaries

Access to additional elements in the payload

Ability to read account identification details for the beneficiary

ReadDirectDebits

/direct-debits
/accounts/{AccountId}/direct-debits

 

Ability to read all direct debit information

ReadTransactionsBasic

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Permissions must also include at least one of:

  • ReadTransactionsCredits

  • ReadTransactionsDebits

Ability to read basic transaction information

ReadTransactionsDetail

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to additional elements in the payload

Permissions must also include at least one of:

  • ReadTransactionsCredits

  • ReadTransactionsDebits

Ability to read transaction data elements which may hold silent party details

ReadTransactionsCredits

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to credit transactions.

Permissions must also include one of:

  • ReadTransactionsBasic

  • ReadTransactionsDetail

Ability to read only credit transactions

ReadTransactionsDebits

/transactions
/accounts/{AccountId}/transactions
/accounts/{AccountId}/statements/{StatementId}/transactions

Access to debit transactions.

Permissions must also include one of:

  • ReadTransactionsBasic

  • ReadTransactionsDetail

Ability to read only debit transactions

ReadStatementsBasic

/statements
/accounts/{AccountId}/statements

 

Ability to read basic statement details

ReadStatementsDetail

/statements
/accounts/{AccountId}/statements
/accounts/{AccountId}/statements/{StatementId}/file

Access to additional elements in the payload

Access to download the statement file (if the ASPSP makes this available).

Ability to read statement data elements which may leak other information about the account

ReadSupplementaryAccountInfo

/supplementary-account-info
/accounts/{AccountId}/supplementary-account-info

 

Ability to read all product information relating to the account

ReadOffers

/offers
/accounts/{AccountId}/offers

 

Ability to read all offer information

ReadParty

/accounts/{AccountId}/party
/accounts/{AccountId}/parties

 

Ability to read party information on the account owner

ReadPartyCustomer

/party

 

Ability to read party information on the user/customer logged in

ReadFutureDatedPaymentsBasic

/future-dated-payments
/accounts/{AccountId}/future-dated-payments

 

Ability to read basic statement details

ReadFutureDatedPaymentsDetail

/future-dated-payments
/accounts/{AccountId}/future-dated-payments

Access to additional elements in the payload

 

ReadPAN

All API endpoints where PAN is available as a structured field

Request to access to PAN in the clear

Request to access PAN in the clear across the available endpoints.

If this permission code is not in the account-access-consents, the AISP will receive a masked PAN.

While an AISP may request to access PAN in the clear, an ASPSP may still respond with a masked PAN if:

  • The ASPSP does not display PAN in the clear in existing online channels

  • The ASPSP takes a legal view to respond with only the masked PAN

  • ASPSP should return last 4 digits unmasked, or

  • ASPSP should return at max first 6 and last 4 digits unmasked. e.g. 5555 **** **** 4444, **** **** **** 4444 etc.

4.3.1.1.a  Detail Permissions

The additional elements that are granted for "Detail" permissions are listed in this section.

...

Example behaviour of the Permissions for the ReadAccountsBasic and ReadAccountsDetail codes is as follows:

 

...

 

4.3.1.1.b  Reversing Entries

It is expected that transactions will be returned in the payload irrespective of whether they are reversing entries, as long as the user/customer has provided consent for that type of transaction.

...

 S. No.

Status

Description

1

Authorised

The account-access-consents has been successfully authorised.

2

Rejected

The account-access-consents has been rejected.

3

Revoked

The account-access-consents has been revoked via the AISP interface.

4.3.3 Consent Re-authentication

...

Where there is no change in the consent parameters required, AISPs should perform a re-authentication / refresh upon the original consent using the same intent-id as before, instead of issuing a new, duplicate consent.

An AISP and Userthe user/Customer customer may have multiple consents at any point in time.

...