Versions Compared

Version Old Version 7 New Version 8
Changes made by

CBB Admin

CBB Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

1.      Overview

The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource.

This resource description should be read in conjunction with a compatible Account Information Services API Profile.

2.      Endpoints

...

Endpoints

S.No.

Resource

HTTP Operation

Endpoint

Mandatory

Scope

Grant TypeMessage Signing

Idempotency Key

Request Object

Response Object

2.1

account-access-consents

POST

POST /account-access-consents

Mandatory

accounts

Client Credentials

No

OBAccountAccessConsentRequest

OBAccountAccessConsentResponse2.1

2.2

account-access-consents

GET

GET /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

NA

OBAccountAccessConsentResponse

2.22.3

account-access-consents

PATCH

PATCH /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

OBPatchAccountAccessConsentRequest

OBAccountAccessConsentResponse

2.1.      POST /account-access-consents

Expand
titlePOST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.1.1        Account Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

S.No.

Status

Status Description

1

AwaitingAuthorisation

The account access consent is awaiting authorisation

 After authorisation has taken place the account-access-consent resource may have these following statuses:

S.No.

Status

Status Description

1

Rejected

The account access consent has been rejected

2

Authorised

The account access consent has been successfully authorised

3

Revoked

The account access consent has been revoked via the AISP interface

2.1.2        Status Flow

Image Added

2.1.      POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.1.1        Account Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

...

S.No.

Status

Status Description

1

Rejected

The account access consent has been rejected

2

Authorised

The account access consent has been successfully authorised

3

Revoked

The account access consent has been revoked via the AISP interface

2.1.2        Status Flow

...

2.2.      GET /account-access-consents/ {ConsentId}

...