Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

1. Overview

The Account Access Consents API is used by an AISP to request an ASPSP to create a new account-access-consent resource, retrieve the status of account-access-consent resource and patch the account-access-consent resource.

This resource description should be read in conjunction with a compatible Account Information Services API Profile.

2. Endpoints

S. No.

Resource

HTTP Operation

Endpoint

Mandatory

Scope

Grant Type

Idempotency Key

Request Object

Response Object

2.1

account-access-consents

POST

POST /account-access-consents

Mandatory

accounts

Client Credentials

No

OBAccountAccessConsentRequest

OBAccountAccessConsentResponse

2.2

account-access-consents

GET

GET /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

NA

OBAccountAccessConsentResponse

2.3

account-access-consents

PATCH

PATCH /account-access-consents/{ConsentId}

Mandatory

accounts

Client Credentials

No

OBPatchAccountAccessConsentRequest

OBAccountAccessConsentResponse

2.1 POST /account-access-consents

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information

  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant

2.1.1 Account Access Consent Status

The user/customer must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup. The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

S. No.

Status

Status Description

1

AwaitingAuthorisation

The account access consent is awaiting authorisation

After authorisation has taken place the account-access-consent resource may have these following statuses:

S. No.

Status

Status Description

1

Rejected

The account access consent has been rejected

2

Authorised

The account access consent has been successfully authorised

3

Revoked

The account access consent has been revoked via the AISP interface

2.1.2 Status Flow

2.2  GET /account-access-consents/ {ConsentId}

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status.

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

2.2.1 Account Access Consent Status

Once the user/customer authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are.

S. No.

Status

Status Description

1

Rejected

The account access consent has been rejected

2

AwaitingAuthorisation

The account access consent is awaiting authorisation

3

Authorised

The account access consent has been successfully authorised

4

Revoked

The account access consent has been revoked via the AISP interface

2.3 PATCH /account-access-consents/{ConsentId}

If the user/customer revokes consent to data access with the AISP, the AISP must patch the account-access-consent resource with the ASPSP as soon as is practically possible.

  • This is done by making a call to PATCH the account-access-consent resource

  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant

AISP should also clear the Account Access Consent resources, from ASPSP’s system, which are:

  • Expired, i.e. user/customer doesn't want to refresh/re-authenticate it

3. Data Models

3.1 Account Access Consents - Request

The OBAccountAccessConsentRequest object will be used for the call to:

  • POST /account-access-consents

3.1.1 UML Diagram

3.1.2 Notes

  • The fields in the OBAccountAccessConsentRequest object are described in the Consent Elements section.

3.1.3 Data Dictionary

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

OBAccountAccessConsentRequest

 

OBAccountAccessConsentRequest

 

OBAccountAccessConsentRequest

 

Data

1..1

OBAccountAccessConsentRequest/Data

 

OBAccountAccessConsentRequest/Data

 

Permissions

1..n

OBAccountAccessConsentRequest/Data/Permissions

Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP

String

Enum:

  • ReadAccountsBasic

  • ReadAccountsDetail

  • ReadBalances

  • ReadBeneficiariesBasic

  • ReadBeneficiariesDetail

  • ReadDirectDebits

  • ReadOffers

  • ReadPAN

  • ReadParty

  • ReadPartyPS

  • ReadProducts

  • ReadFutureDatedPaymentsBasic

  • ReadFutureDatedPaymentsDetail

  • ReadStandingOrdersBasic

  • ReadStandingOrdersDetail

  • ReadStatementsBasic

  • ReadStatementsDetail

  • ReadTransactionsBasic

  • ReadTransactionsCredits

  • ReadTransactionsDebits

  • ReadTransactionsDetail

TransactionFromDateTime

0..1

OBAccountAccessConsentRequest/Data/TransactionFromDateTime

Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction

DateTime

 

TransactionToDateTime

0..1

OBAccountAccessConsentRequest/Data/TransactionToDateTime

Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction

DateTime

 

3.2  Access Account Consents - Response

The OBAccountAccessConsentResponse object will be used for the call to:

  • GET /account-access-consents/{ConsentId}

And response to:

  • POST /account-access-consents

3.2.1 UML Diagram

3.2.2 Notes

The domestic-payment-consent request contains these objects:

  • The OBAccountAccessConsentResponse object contains the same information as the OBAccountAccessConsentRequest, but with additional fields:

    • ConsentId - to uniquely identify the account-access-consent resource.

    • Status.

    • CreationDateTime.

    • StatusUpdateDateTime.

3.2.3 Data Dictionary

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

OBAccountAccessConsentResponse

 

OBAccountAccessConsentResponse

 

OBAccountAccessConsentResponse

 

Data

1..1

OBAccountAccessConsentResponse/Data

 

OBAccountAccessConsentResponse/Data

 

ConsentId

1..1

OBAccountAccessConsentResponse/Data/ConsentId

Unique identification as assigned to identify the account access consent resource.

String

 

CreationDateTime

1..1

OBAccountAccessConsentResponse/Data/CreationDateTime

Date and time at which the resource was created.

DateTime

 

Status

1..1

OBAccountAccessConsentResponse/Data/Status

Specifies the status of consent resource in code form.

String

Enum:

  • Authorised

  • AwaitingAuthorisation

  • Rejected

  • Revoked

StatusUpdateDateTime

1..1

OBAccountAccessConsentResponse/Data/StatusUpdateDateTime


Date and time at which the resource status was updated.

DateTime

 

Permissions

1..n

OBAccountAccessConsentResponse/Data/Permissions

Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP

String

Enum:

  • ReadAccountsBasic

  • ReadAccountsDetail

  • ReadBalances

  • ReadBeneficiariesBasic

  • ReadBeneficiariesDetail

  • ReadDirectDebits

  • ReadOffers

  • ReadPAN

  • ReadParty

  • ReadPartyPS

  • ReadProducts

  • ReadFutureDatedPaymentsBasic

  • ReadFutureDatedPaymentsDetail

  • ReadStandingOrdersBasic

  • ReadStandingOrdersDetail

  • ReadStatementsBasic

  • ReadStatementsDetail

  • ReadTransactionsBasic

  • ReadTransactionsCredits

  • ReadTransactionsDebits

  • ReadTransactionsDetail

TransactionFromDateTime

0..1

OBAccountAccessConsentResponse/Data/TransactionFromDateTime

Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction

DateTime

 

TransactionToDateTime

0..1

OBAccountAccessConsentResponse/Data/TransactionToDateTime

Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction

DateTime

 

3.3. Access Account Consents - Patch Consent – Request

The OBPatchAccountAccessConsentRequest object will be used for the call to:

  • PATCH /account-access-consents/{ConsentId}

3.3.1 UML Diagram

 

3.3.2 Data Dictionary 

Name

Occurrence

XPath

Definition

Class/ Datatype

Codes

Pattern

OBPatchAccountAccessConsentRequest

 

OBPatchAccountAccessConsentRequest

 

OBPatchAccountAccessConsentRequest

 

 

Data

1..1

OBPatchAccountAccessConsentRequest/Data

 

OBPatchAccountAccessConsentRequest/Data

 

 

Status

1..1

OBPatchAccountAccessConsentRequest/Data/Status

Specifies the status of consent resource in code form.

String

Enum:

  • Revoked

 

 

4. Usage Example

4.1 Post Account Access Consents

4.1.1 Request

POST /account-access-consents

Authorisation: Bearer 2YotnFZFEjr1zCsicMWpAA

x-fapi-auth-date: Sun, 10 Sep 2020 19:43:31 GMT+03:00

x-fapi-customer-ip-address: 104.25.212.99

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Content-Type: application/json

Accept: application/json

{

  "Data": {

    "Permissions": [

      "ReadAccountsBasic"

    ],

    "TransactionFromDateTime": "2020-03-17T07:05:34.327+03:00",

    "TransactionToDateTime": "2020-03-17T07:05:34.327+03:00"

  },

}

4.1.2 Response

201 Created

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Content-Type: application/json

{

  "Data": {

    "ConsentId": "tbc-0083976",

    "CreationDateTime": "2020-03-17T07:05:34.508+03:00",

    "Status": "Authorised",

    "StatusUpdateDateTime": "2020-03-17T07:05:34.508+03:00",

    "Permissions": [

      "ReadAccountsBasic"

    ],

    "TransactionFromDateTime": "2020-03-17T07:05:34.508+03:00",

    "TransactionToDateTime": "2020-03-17T07:05:34.508+03:00"

  },

  "Links": {

    "Self": "www.tbc.com"

  },

  "Meta": {

    "TotalPages": 1,

    "FirstAvailableDateTime": "2020-03-17T07:05:34.508+03:00",

    "LastAvailableDateTime": "2020-03-17T07:05:34.508+03:00"

  }

}

4.2 GET /account-access-consents/{ConsentId}

4.2.1 Request

GET /account-access-consents/0083976

Authorisation: Bearer 2YotnFZFEjr1zCsicMWpAA

x-fapi-auth-date: Sun, 10 Sep 2020 19:43:31 GMT+03:00

x-fapi-customer-ip-address: 104.25.212.99

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Accept: application/json

4.2.2 Response

200 OK

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Content-Type: application/json

{

  "Data": {

    "ConsentId": “0083976",

    "CreationDateTime": "2020-03-17T07:05:34.508+03:00",

    "Status": "Authorised",

    "StatusUpdateDateTime": "2020-03-17T07:05:34.508+03:00",

    "Permissions": [

      "ReadAccountsBasic"

    ],

    "TransactionFromDateTime": "2020-03-17T07:05:34.508+03:00",

    "TransactionToDateTime": "2020-03-17T07:05:34.508+03:00"

  },

  "Links": {

    "Self": "www.tbc.com"

  },

  "Meta": {

    "TotalPages": 1,

    "FirstAvailableDateTime": "2020-03-17T07:05:34.508+03:00",

    "LastAvailableDateTime": "2020-03-17T07:05:34.508+03:00"

  }

}

4.3  PATCH /account-access-consents/{ConsentId}

4.3.1 Request

PATCH /account-access-consents/0083976

Authorisation: Bearer 2YotnFZFEjr1zCsicMWpAA

x-fapi-auth-date:  Sun, 10 Sep 2020 19:43:31 GMT+03:00

x-fapi-customer-ip-address: 104.25.212.99

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

{

  "Data": {

    "Status": "Revoked"

  }

}

4.3.2 Response

200 Account Access Consents Status Updated Successfully

x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d

Content-Type: application/json

{

  "Data": {

    "ConsentId": "0083976",

    "CreationDateTime": "2020-03-17T07:05:34.508+03:00",

    "Status": "Revoked",

    "StatusUpdateDateTime": "2020-03-17T07:05:34.508+03:00",

    "Permissions": [

      "ReadAccountsBasic"

    ],

    "TransactionFromDateTime": "2020-03-17T07:05:34.508+03:00",

    "TransactionToDateTime": "2020-03-17T07:05:34.508+03:00"

  },

  "Links": {

    "Self": "www.tbc.com"

  },

  "Meta": {

    "TotalPages": 1,

    "FirstAvailableDateTime": "2020-03-17T07:05:34.508+03:00",

    "LastAvailableDateTime": "2020-03-17T07:05:34.508+03:00"

  }

}

  • No labels