...
| Expand |
|---|
|
The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource. This resource description should be read in conjunction with a compatible Account Information Services API Profile. |
2. Endpoints
| Expand |
|---|
S.No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Idempotency Key | Request Object | Response Object | 2.1 | account-access-consents | POST | POST /account-access-consents | Mandatory | accounts | Client Credentials | No | OBAccountAccessConsentRequest | OBAccountAccessConsentResponse | 2.2 | account-access-consents | GET | GET /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | NA | OBAccountAccessConsentResponse | 2.3 | account-access-consents | PATCH | PATCH /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | OBPatchAccountAccessConsentRequest | OBAccountAccessConsentResponse |
2.1. POST /account-access-consentsThe API allows the AISP to ask an ASPSP to create a new account-access-consent resource. This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information. An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration: |
2.1.2 Status Flow| Expand |
|---|
|  Image Removed |
|
|---|
2.2. GET /account-access-consents/ {ConsentId}An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. 2.2.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised". The available Status code-list enumerations for the account-access-consent resource are. |
|
|---|
2.3. PATCH /account-access-consents/{ConsentId}If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible. This is done by making a call to PATCH the account-access-consent resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
TPP should also clear the Account Access Consent resources, from ASPSP's system, which are: |
|---|
|
| Expand |
|---|
|
S.No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Idempotency Key | Request Object | Response Object | 2.1 | account-access-consents | POST | POST /account-access-consents | Mandatory | accounts | Client Credentials | No | OBAccountAccessConsentRequest | OBAccountAccessConsentResponse | 2.2 | account-access-consents | GET | GET /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | NA | OBAccountAccessConsentResponse | 2.3 | account-access-consents | PATCH | PATCH /account-access-consents/{ConsentId} | Mandatory | accounts | Client Credentials | No | OBPatchAccountAccessConsentRequest | OBAccountAccessConsentResponse |
2.1. POST /account-access-consentsThe API allows the AISP to ask an ASPSP to create a new account-access-consent resource. This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information. An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration: |
2.1.2 Status Flow| Expand |
|---|
| |
|
|---|
2.2. GET /account-access-consents/ {ConsentId}An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant. 2.2.1 Account Access Consent Status| Expand |
|---|
| title | Account Access Consent Status |
|---|
| Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised". The available Status code-list enumerations for the account-access-consent resource are. |
|
|---|
2.3. PATCH /account-access-consents/{ConsentId}If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible. This is done by making a call to PATCH the account-access-consent resource. Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
TPP should also clear the Account Access Consent resources, from ASPSP's system, which are: |
|---|
|
2.1. POST /account-access-consents
The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.
This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.
An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.
An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.1.1 Account Access Consent Status
The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected |
2 | Authorised | The account access consent has been successfully authorised |
3 | Revoked | The account access consent has been revoked via the AISP interface |
2.1.2 Status Flow
...
2.2. GET /account-access-consents/ {ConsentId}
An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.
Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.
2.2.1 Account Access Consent Status
Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".
...
S.No. | Status | Status Description |
1 | Rejected | The account access consent has been rejected. |
2 | AwaitingAuthorisation | The account access consent is awaiting authorisation |
3 | Authorised | The account access consent has been successfully authorised. |
4 | Revoked | The account access consent has been revoked via the AISP interface. |
2.3. PATCH /account-access-consents/{ConsentId}
If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.
...