1. Overview
The File Payment Consent resource is used by a PISP to register an intent to initiate a File Payment.
This resource description should be read in conjunction with a compatible Payment Initiation API Profile.
2. Endpoints
Endpoints for the resources are defined below
S. No. | Resource | HTTP Operation | Endpoint | Mandatory | Scope | Grant Type | Message Signing | Idempotency Key | Request Object | Response Object |
2.1 | file-payment-consents | POST | POST /file-payment-consents | Conditional | payments | Client Credentials | Signed Request Signed Response | Yes | OBWriteFileConsent | OBWriteFileConsentResponse |
2.2 | file-payment-consents | POST | POST /file-payment-consents/{ConsentId}/file | Conditional | payments | Client Credentials | Signed Request Signed Response | Yes | File | NA |
2.3 | file-payment-consents | GET | GET /file-payment-consents/{ConsentId} | Mandatory (if resource POST implemented) | payments | Client Credentials | Signed Response | No | NA | OBWriteFileConsentResponse |
2.4 | file-payment-consents | GET | GET /file-payment-consents/{ConsentId}/file | Conditional | payments | Client Credentials | Signed Response | No | NA | File |
2.1 POST/file-payment-consents
The API endpoint allows the PISP to ask an ASPSP to create a new file-payment-consents resource.
The POST action indicates to the ASPSP that a file payment consents has been staged. At this point, the user/customer may not have been identified by the ASPSP and the request payload may not contain any information of the account(s) that should be debited
The endpoint allows the PISP to send metadata of the consent (between user/customer and PISP) to the ASPSP
The metadata of the consent must include the FileContextFormat of the request
The metadata of the consent must include the FileHash, which is a base64 encoding of a SHA256 hash of the file to be uploaded
The ASPSP creates the file-payment-consents resource and responds with a unique ConsentId to refer to the resource
2.1.1 Status
The default Status is "AwaitingUpload" immediately after the file-payment-consents has been created.
Status |
AwaitingUpload |
2.2 POST/file-payment-consents/{ConsentId}/file
The API endpoint allows the PISP to upload a file to an ASPSP, against a file-payment-consents resource.
The endpoint allows the PISP to send a copy of the consent (between user/customer and PISP) to the ASPSP for the user/customer to authorise. The PISP must upload the file against the ConsentId before redirecting the user/customer to authorise the consent
The file structure must match the FileContextFormat in the file-payment-consents request
An ASPSP must confirm the hash of the file matches with the FileHash provided in the file-payment-consents Metadata
The metadata for the file-payment-consents must match the contents of the uploaded file:
o If the content of the metadata does not match the content of the file, the ASPSP must reject the file-payment-consent
The file is sent in the HTTP request body
HTTP headers (e.g. Content-Type) are used to describe the file
2.2.1 Status
The default Status is "AwaitingAuthorisation" immediately after the file has been uploaded.
Status |
AwaitingAuthorisation |
2.3 GET/file-payment-consents/{ConsentId}
A PISP can optionally retrieve a payment consents resource that they have created to check its status.
2.3.1 Status
Once the user/customer authorises the payment-consents resource, the Status of the payment-consents resource will be updated with "Authorised".
If the user/customer rejects the consent or the file-payment-consents has failed some other ASPSP validation, the Status will be set to "Rejected".
Once a file-payments has been successfully created using the file-payment-consent, the Status of the file-payment-consents will be set to "Consumed".
The available Status codes for the file-payment-consents resource are:
Status |
AwaitingUpload |
AwaitingAuthorisation |
Rejected |
Authorised |
Consumed |
2.4 GET/file-payment-consents/{ConsentId}/file
The API endpoint allows the PISP to download a file (that had been uploaded against a file-payment-consents resource) from an ASPSP.
The file is sent in the HTTP response body
HTTP headers (e.g. Content-Type) are used to describe the file
2.5 State Model
2.5.1 Payment Order Consent
The state model for the file-payment-consents resource follows the generic consent state model
The definitions for the Status:
S.No. | Status | Status Definition |
1 | AwaitingUpload | The file for the consent resource is awaiting upload |
2 | AwaitingAuthorisation | The consent resource is awaiting user/customer authorisation |
3 | Rejected | The consent resource has been rejected |
4 | Authorised | The consent resource has been successfully authorised |
5 | Consumed | The consented action has been successfully completed. This does not reflect the status of the consented action |
3. Data Model
The Data Dictionary section gives the detail on the payload content for the File Payment API flows.
3.1 OBFileInitiation (Reused Classes)
This section describes the OBFileInitiation class, which is reused as the Initiation object in the file-payment-consents resource.
3.1.1 UML Diagram
3.1.2 Notes
For the OBFile Initiation object:
All elements in the Initiation payload that are specified by the PISP must not be changed via the ASPSP, as this is part of formal consent from the user/customer
If the ASPSP is able to establish a problem with payload or any contextual error during the API call, the ASPSP must reject the file-payment-consents request immediately
If the ASPSP establishes a problem with the file-payment-consents after the API call, the ASPSP must set the Status of the file-payment-consents resource to Rejected
The DebtorAccount is optional, as the PISP may not know the account identification details for the user/customer
If the DebtorAccount is specified by the PISP and is invalid for the user/customer - then the file-payment-consents will be set to Rejected after user/customer authentication
An ASPSP may choose which fields must be populated to process a specified FileContextFormat, and may reject the request if the fields are not populated. These ASPSP specific requirements must be documented
An ASPSP may choose which fields must not be populated to process a specified FileContextFormat, and may reject the request if the fields are populated. These ASPSP specific requirements must be documented
3.1.3 Data Dictionary
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | Pattern |
OBFileInitiation |
| OBFileInitiation | The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file | OBFileInitiation |
|
|
FileContextFormat | 1..1 | OBFileInitiation/FileContextFormat | Specifies the payment file context format | String | Enum: · BH.OBF.pain.001.001.08
|
|
FileHash | 1..1 | OBFileInitiation/FileHash | A base64 encoding of a SHA256 hash of the file to be uploaded | String |
|
|
FileReference | 0..1 | OBFileInitiation/FileReference | Reference for the file | String |
|
|
NumberOfTransactions | 0..1 | OBFileInitiation/NumberOfTransactions | Number of individual transactions contained in the payment information group | String |
| [0-9]{1,15} |
ControlSum | 0..1 | OBFileInitiation/ControlSum | Total of all individual amounts included in the group, irrespective of currencies | Number |
|
|
RequestedExecutionDateTime | 0..1 | OBFileInitiation/RequestedExecutionDateTime | Date at which the initiating party requests the clearing agent to process the payment. Usage: This is the date on which the debtor's account is to be debited | DateTime |
|
|
LocalInstrument | 0..1 | OBFileInitiation/LocalInstrument | User community specific instrument. Usage: This element is used to specify a local instrument, local clearing option and/or further qualify the service or service level | String | Enum: · BH.OBF.DNS · BH.OBF.NRT · BH.OBF.BIL |
|
DebtorAccount | 0..1 | OBFileInitiation/DebtorAccount | Unambiguous identification of the account of the debtor to which a debit entry will be made as a result of the transaction | OBFileInitiation/DebtorAccount |
|
|
SchemeName | 1..1 | OBFileInitiation/DebtorAccount/SchemeName | Name of the identification scheme, in a coded form as published in an external list | String | Enum: · BH.OBF.IBAN |
|
Identification | 1..1 | OBFileInitiation/DebtorAccount/Identification | Identification assigned by an institution to identify an account. This identification is known by the account owner | String |
|
|
Name | 0..1 | OBFileInitiation/DebtorAccount/Name | The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP’s online channels. Note, the account name is not the product name or the nickname of the account | String |
|
|
RemittanceInformation | 0..1 | OBFileInitiation/RemittanceInformation | Information supplied to enable the matching of an entry with the items that the transfer is intended to settle, such as commercial invoices in an accounts' receivable system | OBFileInitiation/RemittanceInformation |
|
|
RemittanceDescription | 0..1 | OBFileInitiation/RemittanceInformation/ RemittanceDescription | Information supplied to enable the matching/reconciliation of an entry with the items that the payment is intended to settle, such as commercial invoices in an accounts' receivable system, in an unstructured form | String |
|
|
Reference | 0..1 | OBFileInitiation/RemittanceInformation/Reference | Unique reference, as assigned by the creditor, to unambiguously refer to the payment transaction. Usage: If available, the initiating party should provide this reference in the structured remittance information, to enable reconciliation by the creditor upon receipt of the amount of money. If the business context requires the use of a creditor reference or a payment remit identification, and only one identifier can be passed through the end-to-end chain, the creditor's reference or payment remittance identification should be quoted in the end-to-end transaction identification | String |
|
|
SupplementaryData | 0..1 | OBFileInitiation/SupplementaryData | Additional information that cannot be captured in the structured fields and/or any other specific block | OBSupplementaryData |
|
|
3.2 File Payment Consent – Request
The OBWriteFileConsent object will be used for the call to:
POST /file-payment-consents
3.2.1 UML Diagram
3.2.2 Notes
The file-payment-consents request contains these objects:
Initiation
Authorisation
SCASupportData
For the file-payment-consents request object:
There is no Risk section in the OBWriteFileConsent object - as this is not relevant for a file payment
3.2.3 Data Dictionary
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | Pattern |
OBWriteFileConsent |
| OBWriteFileConsent |
| OBWriteFileConsent |
|
|
Data | 1..1 | OBWriteFileConsent/Data |
| OBWriteFileConsent/Data |
|
|
Initiation | 1..1 | OBWriteFileConsent/Data/Initiation | The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file | OBFileInitiation |
|
|
Authorisation | 0..1 | OBWriteFileConsent/Data/Authorisation | The authorisation type request from the PISP | OBAuthorisation |
|
|
SCASupportData | 0..1 | OBWriteFileConsent/Data/SCASupportData | Supporting Data provided by PISP, when requesting SCA Exemption | OBSCASupportData |
|
|
3.3 File Payment Consent - Response
The OBWriteFileConsentResponse object will be used for a response to a call to:
POST /file-payment-consents
GET /file-payment-consents/{ConsentId}
3.3.1 UML Diagram
3.3.2 Notes
The file-payment-consents response contains the full original payload from the file-payment-consents request with these additional elements:
ConsentId
CreationDateTime the file-payment-consents resource was created
Status and StatusUpdateDateTime of the file-payment-consents resource
CutOffDateTime Behaviour is explained in Payment Initiation API Profile, Section - Payment Restrictions -> CutOffDateTime Behaviour
Charges array - for the breakdown of applicable ASPSP charges
Post successful user/customer Authentication, an ASPSP may provide Debtor/Name in the Payment Order Consent Response, even when the user/customer did not provide the Debtor Account via PISP
3.3.3 Data Dictionary
Name | Occurrence | XPath | Definition | Class/ Datatype | Codes | Pattern |
OBWriteFileConsentResponse |
| OBWriteFileConsentResponse |
| OBWriteFileConsentResponse |
|
|
Data | 1..1 | OBWriteFileConsentResponse/Data |
| OBWriteFileConsentResponse/Data |
|
|
ConsentId | 1..1 | OBWriteFileConsentResponse/Data/ConsentId | OB: Unique identification as assigned by the ASPSP to uniquely identify the consent resource | String |
|
|
CreationDateTime | 1..1 | OBWriteFileConsentResponse/Data/CreationDateTime | Date and time at which the resource was created | DateTime |
|
|
Status | 1..1 | OBWriteFileConsentResponse/Data/Status | Specifies the status of consent resource in code form | String | Enum: · Authorised · AwaitingAuthorisation · AwaitingUpload · Consumed · Rejected |
|
StatusUpdateDateTime | 1..1 | OBWriteFileConsentResponse/Data/StatusUpdateDateTime | Date and time at which the consent resource status was updated | DateTime |
|
|
CutOffDateTime | 0..1 | OBWriteFileConsentResponse/Data/CutOffDateTime | Specified cut-off date and time for the payment consent | DateTime |
|
|
Charges | 0..n | OBWriteFileConsentResponse/Data/Charges | Set of elements used to provide details of a charge for the payment initiation | OBCharge |
|
|
Initiation | 1..1 | OBWriteFileConsentResponse/Data/Initiation | The Initiation payload is sent by the initiating party to the ASPSP. It is used to request movement of funds using a payment file | OBFileInitiation |
|
|
Authorisation | 0..1 | OBWriteFileConsentResponse/Data/Authorisation | The authorisation type request from the PISP | OBAuthorisation |
|
|
SCASupportData | 0..1 | OBWriteFileConsentResponse/Data/SCASupportData | Supporting Data provided by PISP, when requesting SCA Exemption | OBSCASupportData |
|
|
Debtor | 0..1 | OBWriteFileConsentResponse/Data/Debtor | Set of elements used to identify a person or an organisation | OBWriteFileConsentResponse/Data/Debtor |
|
|
Name | 1..1 | OBWriteFileConsentResponse/Data/Debtor/Name | The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP’s online channels | String |
|
|
4. Usage Example
4.1 POST /file-payment-consents
4.1.1 Request
|
|
4.1.2 Response
|
|
4.2 POST /file-payment-consents/{ConsentId}/file
4.2.1 Request
|
4.2.2 Response
|