Versions Compared

Version Old Version 14 New Version 15
Changes made by

CBB Admin

CBB Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1.      Overview

...

titleClick here to expand

The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource.

This resource description should be read in conjunction with a compatible Account Information Services API Profile.

2.      Endpoints

...

S. No.

Resource

HTTP Operation

Endpoint

Mandatory

Scope

Grant Type

Idempotency Key

Request Object

Response Object

2.1

account-access-consents

POST

POST /account-access-consents

Mandatory

accounts

Client Credentials

No

OBAccountAccessConsentRequest

OBAccountAccessConsentResponse

2.2

account-access-consents

GET

GET /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

NA

OBAccountAccessConsentResponse

2.3

account-access-consents

PATCH

PATCH /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

OBPatchAccountAccessConsentRequest

OBAccountAccessConsentResponse

...

2.1.      POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.1.1        Account Access Consent Status

...

titleAccount Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

2.1.2        Status Flow

Expand
titleStatus Flow
Image Removed

2.2.      GET /account-access-consents/ {ConsentId}

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.2.1        Account Access Consent Status

Expand
titleAccount Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

2.3.      PATCH /account-access-consents/{ConsentId}

If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

  • This is done by making a call to PATCH the account-access-consent resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

TPP should also clear the Account Access Consent resources, from ASPSP's system, which are:

...

2.1.      POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.1.1        Account Access Consent Status

The customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

S. No.

Status

Status Description

1

AwaitingAuthorisation

The account access consent is awaiting authorisation

 After authorisation has taken place the account-access-consent resource may have these following statuses:

S. No.

Status

Status Description

1

Rejected

The account access consent has been rejected

2

Authorised

The account access consent has been successfully authorised

3

Revoked

The account access consent has been revoked via the AISP interface

2.1.2        Status Flow

...

2.2.      GET /account-access-consents/ {ConsentId}

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.2.1        Account Access Consent Status

Once the customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

S. No.

Status

Status Description

1

Rejected

The account access consent has been rejected.

2

AwaitingAuthorisation

The account access consent is awaiting authorisation

3

Authorised

The account access consent has been successfully authorised.

4

Revoked

The account access consent has been revoked via the AISP interface.

2.3.      PATCH /account-access-consents/{ConsentId}

If the customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

...