...
| Expand |
|---|
|
The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource. This resource description should be read in conjunction with a compatible Account Information Services API Profile. |
2. Endpoints
| Expand |
|---|
S.No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Idempotency Key | Request Object | Response Object | 2.1 | account-access-consents | POST | POST /account-access-consents | Mandatory | accounts | Client Credentials | No | OBAccountAccessConsentRequest | OBAccountAccessConsentResponse | 2.2 | account-access-consents | GET | GET /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | NA | OBAccountAccessConsentResponse | 2.3 | account-access-consents | PATCH | PATCH /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | OBPatchAccountAccessConsentRequest | OBAccountAccessConsentResponse |
2.1. POST /account-access-consentsThe API allows the AISP to ask an ASPSP to create a new account-access-consent resource. This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information. An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration: |
2.1.2 Status Flow| Expand |
|---|
|  Image Added |
|
|---|
2.2. GET /account-access-consents/ {ConsentId}An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. 2.2.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised". The available Status code-list enumerations for the account-access-consent resource are. |
|
|---|
2.3. PATCH /account-access-consents/{ConsentId}If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible. This is done by making a call to PATCH the account-access-consent resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
TPP should also clear the Account Access Consent resources, from ASPSP's system, which are: |
|---|
|
| Expand |
|---|
|
S.No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Idempotency Key | Request Object | Response Object | 2.1 | account-access-consents | POST | POST /account-access-consents | Mandatory | accounts | Client Credentials | No | OBAccountAccessConsentRequest | OBAccountAccessConsentResponse | 2.2 | account-access-consents | GET | GET /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | NA | OBAccountAccessConsentResponse | 2.3 | account-access-consents | PATCH | PATCH /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | OBPatchAccountAccessConsentRequest | OBAccountAccessConsentResponse |
2.1. POST /account-access-consents| Expand |
|---|
title | POST /account-access-consents | The API allows the AISP to ask an ASPSP to create a new account-access-consent resource. This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information. An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration: |
2.1.2 Status Flow| Expand |
|---|
| |
|---|
2.2. GET /account-access-consents/ {ConsentId}| Expand |
|---|
|
|---|
| title | GET /account-access-consents/ {ConsentId} |
|---|
| An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. 2.2.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised". The available Status code-list enumerations for the account-access-consent resource are. |
2.3. PATCH /account-access-consents/{ConsentId}| Expand |
|---|
| title | PATCH /account-access-consents/{ConsentId}
If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible. This is done by making a call to PATCH the account-access-consent resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
TPP should also clear the Account Access Consent resources, from ASPSP's system, which are: . |
|---|
|---|
...
...
2.1. POST /account-access-consents
The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.
This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.
An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.
An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status
The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected |
2 | Authorised | The account access consent has been successfully authorised |
3 | Revoked | The account access consent has been revoked via the AISP interface |
2.1.2 Status Flow
...
2.2. GET /account-access-consents/ {ConsentId}
An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.2.1 Account Access Consent Status
Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected. |
2 | AwaitingAuthorisation | The account access consent is awaiting authorisation |
3 | Authorised | The account access consent has been successfully authorised. |
4 | Revoked | The account access consent has been revoked via the AISP interface. |
2.3. PATCH /account-access-consents/{ConsentId}
If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.
...
Consent Resource may never be referenced by the customer in AISP or ASPSP domain.
3. Data Models
3.1. Account Access Consents - Request
...