1. Introduction
1.1 Event Subscription
The Event Notification subscription API Profile describes the flows and common functionality to allow an AISP/ PISP to:
Register an event subscription with an ASPSP to subscribe to event notifications.
A subscription can enable real time event notifications via a HTTP callback from the ASPSP, and aggregated polling by the AISP/PISP.
Specify a list of event types to be notified on.
Optionally read, update or delete a registered event subscription.
AISPs / PISPs can receive all or specific event types via the Real Time Event Notification API and/or the Aggregated Polling API.
This profile should be read in conjunction with the other API profiles which detail the circumstances under which an event notification may be delivered.
1.2 Real Time Notification
The Real Time Event Notification API Profile describes the flows common functionality for the Real Time Event Notification API, which allows ASPSPs to notify an AISP/ PISP that an event has occurred.
Step: Send Event Notification
When an event occurs on a resource that requires a notification, the ASPSP identifies the callback-url associated with the AISP/ PISP owning the affected resource.
The ASPSP sends a signed event notification to the callback URL, detailing the nature of the event and identifying the affected resource.
The AISP/ PISP may optionally initiate a client credential grant to retrieve the resource using the details contained in the event notification.
This functionality enables an ASPSP to notify the AISP/ PISP in real time (i.e. immediately) after the user/ customer revokes their access at their ASPSP dashboard. Upon receipt of this notification, AISPs/ PISPs can notify the users/ customers, if required, that their access at the ASPSP is no longer valid.
1.3 Aggregated Polling
Aggregated Polling is about the provision of notification of revocations from ASPSPs to AISPs/ PISPs, upon AISP/ PISP request, enabling AISPs/ PISPs to update their records and contact the users/ customers, if required, at the point in time of the request. However, the key difference is that rather than focusing on a specific consent resource’s status (via a GET request on that specific resource), aggregated polling allows an AISP/ PISP to request an aggregated set of consent revocations and other account access events related to multiple access consents from multiple users/ customers during a specific period.
This functionality makes much more efficient usage of the ASPSPs and AISPs/ PISPs network bandwidth as multiple single polls, especially with no change of access status, are avoided.
Moreover, it allows AISPs/ PISPs to receive all the required notifications without the need to implement systems with high availability (e.g. systems running 24x7) or systems based on real-time push notifications, providing full flexibility to AISPs/ PISPs about the timing they want to receive the notifications based on their business models. AISPs/ PISPs are able to notify users/ customers immediately after they poll ASPSPs, if required.
Step 1: Initial Polling
This is the first time an AISP/ PISP calls the ASPSP to poll for events:
An AISP/ PISP calls an ASPSP to poll for events.
The ASPSP responds with an array of awaiting events encoded as signed event notifications.
Awaiting events are the events that have not been acknowledgement by the AISP/ PISP, or have been reported as errors by the AISP/ PISP.
Step 2a: Acknowledge Only
Following the initial poll the AISP/ PISP has the option to only acknowledge receipt if they do not wish to receive further events at a given time:
An AISP/ PISP calls an ASPSP to acknowledge the event notifications that have been successfully processed.
If required, the AISP/ PISP also sends indicators of event notifications which they could not process due to an error.
The ASPSP responds positively but sends no further events.
Step 2b: Poll and Acknowledge
Following the initial poll the AISP/ PISP can then repeatedly poll the ASPSP, acknowledging successfully processed event notifications and requesting more:
An AISP/ PISP calls an ASPSP to acknowledge the event notifications that have been successfully processed with appropriate parameters to receive more.
If required, the AISP/ PISP also sends event notifications which they could not process due to an error.
The ASPSP responds positively and responds with an array of awaiting event notifications encoded as signed event notifications.
1.3.1 Acknowledgement by the AISP/ PISP
Recipients of event notifications must acknowledge them. This is manifested in one of two ways:
Through positive acknowledgement in that the event notification has been received and successfully processed.
Through negative acknowledgement where the event notification has been received but the AISP/ PISP encountered an error in processing.
ASPSPs can evict positively acknowledged event notifications from their stores. It is implicit that AISPs/ PISPs are responsible for retaining a record of event notifications appropriate to their needs once positively acknowledged.