1. Overview

Expand

title	Overview

The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource.

This resource description should be read in conjunction with a compatible Account Information Services API Profile.

2. Endpoints

Expand

title	Endpoints

_S.No_.	_Resource	_{HTTP Operation}	_Endpoint	_Mandatory	_Scope	_{Grant Type}	_{Idempotency Key}	_{Request Object}	_{Response Object}
_2.1	_{account-access-consents}	_POST	_{POST /account-access-consents}	_Mandatory	_accounts	_{Client Credentials}	_No	_{OBAccountAccessConsentRequest}	_{OBAccountAccessConsentResponse}
_2.2	_{account-access-consents}	_GET	_{GET /account-access-consents/{ConsentId}}	_Mandatory	_accounts	_{Client Credentials}	_No	_NA	_{OBAccountAccessConsentResponse}
_2.3	_{account-access-consents}	_PATCH	_{PATCH /account-access-consents/{ConsentId}}	_Mandatory	_accounts	_{Client Credentials}	_No	_{OBPatchAccountAccessConsentRequest}	_{OBAccountAccessConsentResponse}

2.1. POST /account-access-consents

SNo_{Status Description}₁

Expand

title	POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.

An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant

2.1.1 Account Access Consent Status

Expand

title	Account Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

2.

1. 2 Status Flow

Expand

title

_{AwaitingAuthorisation}

_{The account access consent is awaiting authorisation}

_S.No_.

_Status

_{Status Description}

₁

_Rejected

_{The account access consent has been rejected}

₂

_Authorised

_{The account access consent has been successfully authorised}

₃

_Revoked

_{The account access consent has been revoked via the AISP interface}

2.1.2 Status Flow

Image Removed

After authorisation has taken place the account-access-consent resource may have these following statuses:

...

Status Flow

Image Added

2.2. GET /account-access-consents/ {ConsentId}

Expand

title	GET /account-access-consents/ {ConsentId}

...

expand

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by

the ASPSP using a client credentials grant.

2.2.1 Account Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

The account access consent has been revoked via the AISP interface

_S.No_.

_Status

_{Status Description}

₁

_Rejected

_{The account access consent has been rejected.}

₂

_{AwaitingAuthorisation}

_{The account access consent is awaiting authorisation}

₃

_Authorised

_{The account access consent has been successfully authorised.}

₄

_Revoked

the ASPSP using a client credentials grant.

2.2.1 Account Access Consent Status

Expand

title	Account Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

2.3. PATCH /account-access-consents/{ConsentId}

Expand

title	PATCH /account-access-consents/ {ConsentId}

If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

This is done by making a call to PATCH the account-access-consent resource.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

TPP should also clear the Account Access Consent resources, from ASPSP's system, which are:

Consent Resource may never be referenced by the customer in AISP or ASPSP domain.

3. Data Models

2.1. POST /account-access-consents

...

Version	Old Version 9	New Version 10
Changes made by	CBB Admin	CBB Admin
Saved on	May 07, 2020	May 07, 2020

Page Comparison

Versions Compared

Key

1. Overview

2. Endpoints

2.1. POST /account-access-consents

2.1.1 Account Access Consent Status

2.

1.

2 Status Flow

2.1.2 Status Flow

2.2. GET /account-access-consents/ {ConsentId}

2.2.1 Account Access Consent Status

2.2.1 Account Access Consent Status

2.3. PATCH /account-access-consents/{ConsentId}

3. Data Models

2.1. POST /account-access-consents