To provide account information to the customer, the TPP (AISP) should have authorization from the customer (consent) to view the corresponding account, transaction, balance information, etc.
Related security requirements:
Request to create account access consent:
POST https://bank:8745/api/bobf/release1.0.0/account-access-consents
Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MzI5MzY0MCwiaWF0IjoxNTYzMjA3MjQwfQ.cLMitrej3poizgphcnnxZQjewObJiownqoIGlxh3z1-_38drvGr32tN1z0vAm0maIa7uhQ9qt0ucEkVxnkj46adsdav4w1G7V4DypSTI1LzhtWdqzK2QOm6gpDIbxY13uEovIO2tRdCC9O4-W6AM1O_e00ZbtvWOld9oOrDRo01rj_aZrS2RVCX49H7_n1pD2ORHUbBHh_lRgv6O2IErm75rUOxKEt5QMTAwiBDrHGXnuUz47N-8CX5E44WUHNJMA6uOZNZra2wv3J8jZshvzDlwTpzY0dbxysQYBNQF8kzBacfut3iWlSKyiBrxpPK3R8VBi8gcCpteSL4J4ZMZ3g
UserAgent:B-6t99-yRUGaNOy3otR1cA
{
"Data": {
"Permissions": [
"ReadAccountsBasic",
"ReadAccountsDetail",
"ReadBalances",
"ReadBeneficiariesBasic",
"ReadBeneficiariesDetail",
"ReadStandingOrdersBasic",
"ReadStandingOrdersDetail",
"ReadTransactionsBasic",
"ReadTransactionsCredits",
"ReadTransactionsDebits",
"ReadTransactionsDetail"
],
"TransactionFromDateTime": "2021-06-10T07:00:00.327+03:00",
"TransactionToDateTime": "2020-06-10T18:00:00.327+03:00"
}
}
Response:
HTTP/1.1 201
status: 201
Date: Wed, 10 Jul 2021 16:59:22 GMT
Server: TMSX
Content-Type: application/json;charset=UTF-8
{
"Data": {
"ConsentId": "Ib3N3UjuSC-IlZUqAcbp_w",
"Status": "AwaitingAuthorisation",
"StatusUpdateDateTime": "2021-06-10T16:59:22.059Z",
"CreationDateTime": "2021-06-10T16:59:22.059Z",
"Permissions": [
"ReadAccountsBasic",
"ReadAccountsDetail",
"ReadBalances",
"ReadBeneficiariesBasic",
"ReadBeneficiariesDetail",
"ReadStandingOrdersBasic",
"ReadStandingOrdersDetail",
"ReadTransactionsBasic",
"ReadTransactionsCredits",
"ReadTransactionsDebits",
"ReadTransactionsDetail"
],
"TransactionFromDateTime": "2021-05-17T04:10:27.027Z",
"TransactionToDateTime": "2021-06-17T04:10:27.027Z"
},
"Links": {
"Self": "https://bank:8745/authpage/consentId/Ib3N3UjuSC-IlZUqAcbp_w"
}
}
BBK provides the following Open Banking API for consent management:
Request consent status:
GET https://bank:8745/api/bobf/release1.0.0/account-access-consents/qpvHcyG4QbmWAn1PSuYqwQ
Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MzI5MzY0MCwiaWF0IjoxNTYzMjA3MjQwfQ.cLMitrej3poizgphcnnxZQjewObJiownqoIGlxh3z1-_38drvGr32tN1z0vAm0maIa7uhQ9qt0ucEkVxnkj46adsdav4w1G7V4DypSTI1LzhtWdqzK2QOm6gpDIbxY13uEovIO2tRdCC9O4-W6AM1O_e00ZbtvWOld9oOrDRo01rj_aZrS2RVCX49H7_n1pD2ORHUbBHh_lRgv6O2IErm75rUOxKEt5QMTAwiBDrHGXnuUz47N-8CX5E44WUHNJMA6uOZNZra2wv3J8jZshvzDlwTpzY0dbxysQYBNQF8kzBacfut3iWlSKyiBrxpPK3R8VBi8gcCpteSL4J4ZMZ3g
Response:
HTTP/1.1 200
status: 200
Expires: Thu, 01 Jan 2022 00:00:00 GMT
Date: Mon, 15 Jul 2021 17:05:54 GMT
Server: TMSX
Content-Type: application/json;charset=UTF-8
{
"Data": {
"ConsentId": "von4wel1SVmF8bqVBVzCZA",
"Status": "Authorised",
"StatusUpdateDateTime": "2021-07-15T16:59:32+0000",
"CreationDateTime": "2021-07-15T16:59:32+0000",
"Permissions": [
"ReadAccountsDetail",
"ReadBalances",
"ReadTransactionsDetail",
"ReadTransactionsBasic",
"ReadAccountsBasic",
"ReadBeneficiariesDetail"
],
"ExpirationDateTime": "2021-06-29T00:00:00+0000",
"TransactionFromDateTime": "2021-05-03T00:00:00+0000",
"TransactionToDateTime": "2021-12-03T00:00:00+0000"
},
"Links": {
"Self": "https://bank:9045/authpage/"
}
}
Request to delete consent:
PATCH /api/bobf/release1.0.0/account-access-consents/GIyblDLXTE2xjo8u5DVhnQ
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MjEwMjk2NiwiaWF0IjoxNTYyMDE2NTY2fQ.O0kofzzl5vevkD_PcVsv9-cy-2Gx5NZES7EW_AXR2vqng50o8z65_yn04lB641FfI7EnmKnYviEc4-Yq5MYLwaPPNyD7lG7rOkzo7ZD3eCpOjPgbkeegdPkpKrOktTyoKQJSX4rY0uhUTTGct2leoCdI6lKpjU_zYwFSp9-Te4f_TKQ69pOwMIFJeqi_OjIVjwGmlVLhuSTHPps4hhjCGJCySQCbeZcDcbb1WmISBXIDq2hZnaF2OXnfO4FZooVuh1yg6bbc0bA5Y-_hdTP0kEBRhnrb7m0gBXn9n3G4HKU6X6UnsgN7oK_Hq4MlFAjroFOZzCfChv6m3gCAnDxGLA
x-fapi-auth-date: Sun, 10 Jul 2021 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d