Expand

title	POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.
An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.
An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.1.1 Account Access Consent Status

Expand

title	Account Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

_S.No_.

_Status

_{Status Description}

₁

_{AwaitingAuthorisation}

_{The account access consent is awaiting authorisation}

After authorisation has taken place the account-access-consent resource may have these following statuses:



_S.No_.	_Status	_{Status Description}
₁	_Rejected	_{The account access consent has been rejected}
₂	_Authorised	_{The account access consent has been successfully authorised}
₃	_Revoked	_{The account access consent has been revoked via the AISP interface}

2.1.2 Status Flow

Image Modified

After authorisation has taken place the account-access-consent resource may have these following statuses:

2.2. GET /account-access-consents/ {ConsentId}

Expand

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.2.1 Account Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

_S.No_.	_Status	_{Status Description}
₁	_Rejected	_{The account access consent has been rejected.}
₂	_{AwaitingAuthorisation}	_{The account access consent is awaiting authorisation}
₃	_Authorised	_{The account access consent has been successfully authorised.}
₄	_Revoked	_{The account access consent has been revoked via the AISP interface.}

2.3. PATCH /account-access-consents/{ConsentId}

Expand

If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

This is done by making a call to PATCH the account-access-consent resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

TPP should also clear the Account Access Consent resources, from ASPSP's system, which are:

Consent Resource may never be referenced by the customer in AISP or ASPSP domain.

3. Data Models

2.1. POST /account-access-consents

...

_S.No_.	_Status	_{Status Description}
₁	_Rejected	_{The account access consent has been rejected}
₂	_Authorised	_{The account access consent has been successfully authorised}
₃	_Revoked	_{The account access consent has been revoked via the AISP interface}

2.1.2 Status Flow

...

2.2. GET /account-access-consents/ {ConsentId}

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.2.1 Account Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

...

_S.No_.	_Status	_{Status Description}
₁	_Rejected	_{The account access consent has been rejected.}
₂	_{AwaitingAuthorisation}	_{The account access consent is awaiting authorisation}
₃	_Authorised	_{The account access consent has been successfully authorised.}
₄	_Revoked	_{The account access consent has been revoked via the AISP interface.}

2.3. PATCH /account-access-consents/{ConsentId}

If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

...

Consent Resource may never be referenced by the customer in AISP or ASPSP domain.

3. Data Models

3.1. Account Access Consents - Request

...

Version	Old Version 8	New Version 9
Changes made by	CBB Admin	CBB Admin
Saved on	May 07, 2020	May 07, 2020

Versions Compared

Key

2.1.1 Account Access Consent Status

2.1.2 Status Flow

2.2. GET /account-access-consents/ {ConsentId}

2.2.1 Account Access Consent Status

2.3. PATCH /account-access-consents/{ConsentId}

3. Data Models

2.1. POST /account-access-consents

2.1.2 Status Flow

2.2. GET /account-access-consents/ {ConsentId}

2.2.1 Account Access Consent Status

2.3. PATCH /account-access-consents/{ConsentId}

3. Data Models

3.1. Account Access Consents - Request

Page Comparison

Versions Compared

Key

2.1.1 Account Access Consent Status

2.1.2 Status Flow

2.2. GET /account-access-consents/ {ConsentId}

2.2.1 Account Access Consent Status

2.3. PATCH /account-access-consents/{ConsentId}

3. Data Models

2.1. POST /account-access-consents

2.1.2 Status Flow

2.2. GET /account-access-consents/ {ConsentId}

2.2.1 Account Access Consent Status

2.3. PATCH /account-access-consents/{ConsentId}

3. Data Models

3.1. Account Access Consents - Request