Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Register a resource to retrieve account information by creating an account access consent. This registers data that the customer (PSU) has consented to provide to the AISP such as data permissions, expiration and historical period allowed for transactions/statements
  • Subsequently, retrieve account and transaction data

Table of Contents
maxLevel3
minLevel3


Basic flow

The diagram below provides a general outline of an account information request and flow using the Account Info APIs.

...

  1. Request account information  - The PSU consents to allow an AISP(in this case a TPP) to access account information data. 
  2. Create account request -  The AISP connects to the ASPSP that services the PSU's accounts and creates an account-access-consent resource. This informs the ASPSP that one of its PSUs is granting access to account and transaction information to an AISP.    

    1. The AISP makes a POST request to ASPSP's /account-access-consents endpoint

    2. The ASPSP responds with an identifier for the resource (the ConsentId). The account-access-consent resource will include the following fields which describe the data that the PSU has consented with the AISP:

      • Permissions - a list of data clusters that have been consented for access

      • Expiration Date - an optional expiration for when the AISP will no longer have access to the PSU's data

      • Transaction Validity Period - the From/To date range which specifies a historical period for transactions and statements which may be accessed by the AISP
    3. An AISP can be a broker for data to other parties, so it is valid for a PSU to have multiple account-access-consents for the same accounts, with different consent/authorisation parameters agreed

  3. Authorise consent - The AISP requests the PSU to authorise the consent. The ASPSP uses the redirection flow for this.

    1. In a redirection flow, the AISP redirects the PSU to the ASPSP

    2. The redirect includes the ConsentId generated in the previous step

    3. This allows the ASPSP to correlate the account-access-consent that was setup

    4. The ASPSP authenticates the PSU

    5. The ASPSP updates the state of the account-access-consent resource internally to indicate that the account access consent has been authorised

    6. Once the consent has been authorised, the PSU is redirected back to the AISP

  4. Request Data - The AISP makes a GET request the relevant resource. The unique AccountIds that are valid for the account-access-consent will be returned with a call to GET /accounts. This will always be the first call once an AISP has a valid access token.

Sequence Diagram

Endpoints

To access account information and transaction data, you can use the following available API endpoints:

...