...
The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and delete patch the account-access-consent resource.
...
S.No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Message Signing | Idempotency Key | Request Object | Response Object | |
2.1 | account-access-consents | POST | POST /account-access-consents | Mandatory | accounts | Client CredentialsSigned Request Signed Response | No | OBAccountAccessConsentRequest | OBAccountAccessConsentResponse | 2.1 | |
2.2 | account-access-consents | GET | GET /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | Signed Response | No | NA | OBAccountAccessConsentResponse | 2.2 |
2.3 | account-access-consents | DELETEPATCH | DELETE PATCH /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | Signed ResponseNoNo | OBPatchAccountAccessConsentRequest | NAOBAccountAccessConsentResponseNA | 2.3 |
2.1. POST /account-access-consents
...
This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.
An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. This is because the behaviour of the pre-selected accounts, after authorisation, is not clear from a Legal perspective.
An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status
The PSU customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected. |
2 | Authorised | The account access consent has been successfully authorised. |
3 | Revoked | The account access consent has been revoked via the ASPSP AISP interface. |
2.1.2 Status Flow
...
2.2. GET /account-access-consents/ {ConsentId}
...
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
The usage of this API endpoint will be subject to an ASPSP's fair usage policies.
2.2.1 Account Access Consent Status
Once the PSU customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected. |
2 | AwaitingAuthorisation | The account access consent is awaiting authorisation |
3 | Authorised | The account access consent has been successfully authorised. |
4 | Revoked | The account access consent has been revoked via the ASPSP AISP interface. |
2.3.
...
PATCH /account-access-consents/{ConsentId}
If the PSU customer revokes consent to data access with the AISP, the AISP must delete patch the account-access-consent resource with the ASPSP as soon as is practically possible.
This is done by making a call to DELETE PATCH the account-access-consent resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
TPP should also clear the Account Access Consent resources, from ASPSP's system, which are:
Expired, i.e. ExpirationDateTime is lapsed, or ExpirationDateTime is not lapsed, but PSU doesn't want to refresh/re-authenticate it, and
Consent Resource may never be referenced by the PSU customer in AISP or ASPSP domain.
3. Data Models
...
POST /account-access-consents
3.1.1 UML Diagram
...
3.1.2 Notes
The fields in the OBAccountAccessConsentRequest object are described in the Consent Elements section.
...
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | |||
OBAccountAccessConsentRequest |
| OBAccountAccessConsentRequest |
| OBAccountAccessConsentRequest |
| |||
Data | 1..1 | OBAccountAccessConsentRequest/Data |
| OBAccountAccessConsentRequest/Data |
| |||
Permissions | 1..n | OBAccountAccessConsentRequest/Data/Permissions | Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP | String | Enum:
| ExpirationDateTime | 0..1 | OBAccountAccessConsentRequest/Data/ExpirationDateTime |
Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended | DateTime |
| TransactionFromDateTime | 0..1 | OBAccountAccessConsentRequest/Data/TransactionFromDateTime | Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction | DateTime |
|
TransactionToDateTime | 0..1 | OBAccountAccessConsentRequest/Data/TransactionToDateTime | Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction | DateTime |
| |||
Risk | 1..1 | OBAccountAccessConsentRequest/Risk | The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info | OBRisk |
|
...
POST /account-access-consents
3.2.1 UML Diagram
...
3.2.2 Notes
The domestic-payment-consent request contains these objects:
...
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | |||||||||||
OBAccountAccessConsentResponse |
| OBAccountAccessConsentResponse |
| OBAccountAccessConsentResponse |
| |||||||||||
Data | 1..1 | OBAccountAccessConsentResponse/Data |
| OBAccountAccessConsentResponse/Data |
| |||||||||||
ConsentId | 1..1 | OBAccountAccessConsentResponse/Data/ConsentId | Unique identification as assigned to identify the account access consent resource. | String |
| |||||||||||
CreationDateTime | 1..1 | OBAccountAccessConsentResponse/Data/CreationDateTime | Date and time at which the resource was created. | DateTime |
| |||||||||||
Status | 1..1 | OBAccountAccessConsentResponse/Data/Status | Specifies the status of consent resource in code form. | String | Enum:
| |||||||||||
StatusUpdateDateTime | 1..1 | OBAccountAccessConsentResponse/Data/StatusUpdateDateTime |
| DateTime |
| |||||||||||
Permissions | 1..n | OBAccountAccessConsentResponse/Data/Permissions | Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP | String | Enum:
| |||||||||||
0..1 | OBAccountAccessConsentResponse/Data/ExpirationDateTime | Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended | DateTime |
| TransactionFromDateTime | 0..1 | OBAccountAccessConsentResponse/Data/TransactionFromDateTime | Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction | DateTime |
| ||||||
TransactionToDateTime | 0..1 | OBAccountAccessConsentResponse/Data/TransactionToDateTime | Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction | DateTime |
| |||||||||||
Risk | 1..1 | OBAccountAccessConsentResponse/Risk | The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info | OBRisk |
| Links | 0..1 | OBAccountAccessConsentResponse/Links | Links relevant to the payload | Links | Meta | 0..1 | OBAccountAccessConsentResponse/Meta | Meta Data relevant to the payload | Meta | = |
4. Usage Example
4.1. Post Account Access Consents
...
|
|
4.1.2 Response
|
| 508Z
| 508Z
| ExpirationDateTime
| 508Z", "TransactionFromDateTime": "2020-03-17T07:05:34.508Z
| 508Z
| 508Z
| 508Z
|
4.2. GET /account-access-consents/{ConsentId}
...
|
...
|
| "tbc-0083976
| 508Z
| 508Z
|
| ExpirationDateTime
| 508Z", "TransactionFromDateTime": "2020-03-17T07:05:34.508Z
| 508Z
| 508Z
| 508Z
|
4.3.
...
PATCH /account-access-consents/{ConsentId}
4.3.1 Request
|
|
4.3.2 Response
|
|