To provide account information to the customer, the TPP (AISP) should have authorization from the customer (consent) to view the corresponding account, transaction and balance information.
Related security requirements:
Request to create account access consent:
POST https://pg:8745/api/account-access-consents
Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MzI5MzY0MCwiaWF0IjoxNTYzMjA3MjQwfQ.cLMitrej3poizgphcnnxZQjewObJiownqoIGlxh3z1-_38drvGr32tN1z0vAm0maIa7uhQ9qt0ucEkVxnkj46adsdav4w1G7V4DypSTI1LzhtWdqzK2QOm6gpDIbxY13uEovIO2tRdCC9O4-W6AM1O_e00ZbtvWOld9oOrDRo01rj_aZrS2RVCX49H7_n1pD2ORHUbBHh_lRgv6O2IErm75rUOxKEt5QMTAwiBDrHGXnuUz47N-8CX5E44WUHNJMA6uOZNZra2wv3J8jZshvzDlwTpzY0dbxysQYBNQF8kzBacfut3iWlSKyiBrxpPK3R8VBi8gcCpteSL4J4ZMZ3g
UserAgent:B-6t99-yRUGaNOy3otR1cA
{
"Data": {
"Permissions": [
"ReadAccountsDetail",
"ReadBalances",
"ReadTransactionsDetail",
"ReadTransactionsBasic",
"ReadAccountsBasic",
"ReadBeneficiariesDetail"
],
"ExpirationDateTime": "2020-06-29T00:00:00+0000",
"TransactionFromDateTime": "2019-05-03T00:00:00+0000",
"TransactionToDateTime": "2019-12-03T00:00:00+0000"
}
}
Response:
HTTP/1.1 201
status: 201
Date: Wed, 10 Jul 2019 16:59:22 GMT
Server: TMSX
Content-Type: application/json;charset=UTF-8
{
"Data": {
"ConsentId": "von4wel1SVmF8bqVBVzCZA",
"Status": "AwaitingAuthorisation",
"StatusUpdateDateTime": "2019-07-15T16:59:32+0000",
"CreationDateTime": "2019-07-15T16:59:32+0000",
"Permissions": [
"ReadAccountsDetail",
"ReadBalances",
"ReadTransactionsDetail",
"ReadTransactionsBasic",
"ReadAccountsBasic",
"ReadBeneficiariesDetail"
],
"ExpirationDateTime": "2020-06-29T00:00:00+0000",
"TransactionFromDateTime": "2019-05-03T00:00:00+0000",
"TransactionToDateTime": "2019-12-03T00:00:00+0000"
},
"Links": {
"Self": "https://pg:9045/authpage/consentId/von4wel1SVmF8bqVBVzCZA"
}
}
BBK provides the following Open Banking API for consent management:
Request consent status:
GET https://pg:8745/api/account-access-consents/von4wel1SVmF8bqVBVzCZA
Content-Type:application/json
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MzI5MzY0MCwiaWF0IjoxNTYzMjA3MjQwfQ.cLMitrej3poizgphcnnxZQjewObJiownqoIGlxh3z1-_38drvGr32tN1z0vAm0maIa7uhQ9qt0ucEkVxnkj46adsdav4w1G7V4DypSTI1LzhtWdqzK2QOm6gpDIbxY13uEovIO2tRdCC9O4-W6AM1O_e00ZbtvWOld9oOrDRo01rj_aZrS2RVCX49H7_n1pD2ORHUbBHh_lRgv6O2IErm75rUOxKEt5QMTAwiBDrHGXnuUz47N-8CX5E44WUHNJMA6uOZNZra2wv3J8jZshvzDlwTpzY0dbxysQYBNQF8kzBacfut3iWlSKyiBrxpPK3R8VBi8gcCpteSL4J4ZMZ3g
Response:
HTTP/1.1 200
status: 200
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Mon, 15 Jul 2019 17:05:54 GMT
Server: TMSX
Content-Type: application/json;charset=UTF-8
{
"Data": {
"ConsentId": "von4wel1SVmF8bqVBVzCZA",
"Status": "Authorised",
"StatusUpdateDateTime": "2019-07-15T16:59:32+0000",
"CreationDateTime": "2019-07-15T16:59:32+0000",
"Permissions": [
"ReadAccountsDetail",
"ReadBalances",
"ReadTransactionsDetail",
"ReadTransactionsBasic",
"ReadAccountsBasic",
"ReadBeneficiariesDetail"
],
"ExpirationDateTime": "2020-06-29T00:00:00+0000",
"TransactionFromDateTime": "2019-05-03T00:00:00+0000",
"TransactionToDateTime": "2019-12-03T00:00:00+0000"
},
"Links": {
"Self": "https://pg:9045/authpage/"
}
}
Request to delete consent:
DELETE /account-access-consents/SynRPCaFSLa_TuvA-D654A HTTP/1.1
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJUUFAxIiwic2NvcGUiOiJhY2NvdW50cyIsImlzcyI6IkFQSV9HVyIsImV4cCI6MTU2MjEwMjk2NiwiaWF0IjoxNTYyMDE2NTY2fQ.O0kofzzl5vevkD_PcVsv9-cy-2Gx5NZES7EW_AXR2vqng50o8z65_yn04lB641FfI7EnmKnYviEc4-Yq5MYLwaPPNyD7lG7rOkzo7ZD3eCpOjPgbkeegdPkpKrOktTyoKQJSX4rY0uhUTTGct2leoCdI6lKpjU_zYwFSp9-Te4f_TKQ69pOwMIFJeqi_OjIVjwGmlVLhuSTHPps4hhjCGJCySQCbeZcDcbb1WmISBXIDq2hZnaF2OXnfO4FZooVuh1yg6bbc0bA5Y-_hdTP0kEBRhnrb7m0gBXn9n3G4HKU6X6UnsgN7oK_Hq4MlFAjroFOZzCfChv6m3gCAnDxGLA
x-fapi-auth-date: Sun, 10 Jul 2019 19:43:31 GMT
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d