Consent Management APIs provide the capability to manage consents in a web application, on behalf of an end-user. A banking service consumer/ Account Servicing Payment Service Provider (ASPSP) may need to develop their own web application or use their own mechanism to deploy the consent management capabilities. At this point, a service provider needs a way to directly present consent resources to the end-user. In order to cater to this requirement, those consent capabilities (for example, consent creation/consent deletion) are presented as API resources in the Consent Management APIs.
In the Confirmation of Funds API flow, the consent is managed between the PSU and the ASPSP. The PSU provides consent to their ASPSP to respond to confirmation of funds requests from a Card Based Payment Instrument Issuer (CBPII). To achieve this, there are several API resources available.
You can find the REST API documentation for Confirmation of Funds Information Sharing Consent Management v3.0.0 here.
Parameters denoted with * are mandatory to configure in the API call.
Create funds confirmation consent
The CBPII connects to the ASPSP that services the PSU's account, and creates a funds-confirmation-consent
resource. In order to use this operation, the CBPII must have an access token issued using a client credentials grant type.
POST /funds-confirmation-consents
The following header parameters need to be provided for the API call:
Parameters | Description |
---|---|
x-fapi-financial-id * | A unique ID of the ASPSP to which the request is issued. This value is issued by WSO2 Open Banking. |
x-fapi-customer-last-logged-time | The time when the PSU logged in with the TPP. |
x-fapi-customer-ip-address | The PSU's IP address. When a PSU logs in, the IP address is sent. |
x-fapi-interaction-id | An RFC4122 UID used as a correlation ID. |
UserId * | The ID of the user initiating this request. |
x-customer-user-agent | The user agent used by the PSU. |
A sample request is shown below:
{ "Data":{ "ExpirationDateTime":"2019-03-21T05:59:55.212Z", "DebtorAccount":{ "SchemeName":"string", "Identification":"string", "Name":"string", "SecondaryIdentification":"string" } } }
A sample successful response is shown below:
Code | Description | Sample Response |
---|---|---|
201 | Created | { "Data":{ "ConsentId":"string", "CreationDateTime":"2019-03-21T05:59:55.324Z", "Status":"Authorised", "StatusUpdateDateTime":"2019-03-21T05:59:55.324Z", "ExpirationDateTime":"2019-03-21T05:59:55.324Z", "DebtorAccount":{ "SchemeName":"string", "Identification":"string", "Name":"string", "SecondaryIdentification":"string" } }, "Links":{ "Self":"string", "First":"string", "Prev":"string", "Next":"string", "Last":"string" }, "Meta":{ "TotalPages":0, "FirstAvailableDateTime":"2019-03-21T05:59:55.324Z", "LastAvailableDateTime":"2019-03-21T05:59:55.324Z" } } |
Once the funds-confirmation-consent
resource is created successfully, one of the following status codes is generated.
Status | Description |
---|---|
AwaitingAuthorisation | The Funds Confirmation Consent is awaiting authorization. |
Authorized | The Funds Confirmation Consent has been successfully authorized. |
Rejected | The Funds Confirmation Consent has been rejected. |
Revoked | An authorized Funds Confirmation Consent has been revoked. |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
401 | Unauthorized | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
403 | Forbidden | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
404 | Not found | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
405 | Method Not Allowed | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
406 | Not Acceptable | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] |
415 | Unsupported Media Type | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
429 | Too Many Requests | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
Search funds confirmation consent
Once the funds confirmation request is created, the GET /funds-confirmation-consents resurce allows you to identify a list of available funds confirmation consents that match the given search. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.
GET /funds-confirmation-consents
The following header parameters need to be provided for the API call:
Parameter | Type | Description |
---|---|---|
limit | Integer | The maximum size of the resource array to return. |
offset | Integer | The starting point within the complete list of qualified items. This has a default value of 0. |
userId | String | The user identifier of the subject. |
clientId | String | The client identifier of the subject. |
status | String | The status of the consent. |
fromTimestamp | string($date-time) | The start date and time for the search. Must be in the ISO 8601 date-time format. |
toTimestamp | string($date-time) | End date and time for the search. Must be in the ISO 8601 date-time format. |
A sample successful response is shown below:
Code | Description | Sample Response |
---|---|---|
200 | OK. List of qualifying Consents is returned. | { "count": 5, "list": [ { "ConsentId": "string", "fundsConfirmationResponseData": { "Data": { "ConsentId": "string", "CreationDateTime": "2019-03-27T05:12:15.066Z", "Status": "Authorised", "StatusUpdateDateTime": "2019-03-27T05:12:15.066Z", "ExpirationDateTime": "2019-03-27T05:12:15.066Z", "DebtorAccount": { "SchemeName": "string", "Identification": "string", "Name": "string", "SecondaryIdentification": "string" } }, "Links": { "Self": "string", "First": "string", "Prev": "string", "Next": "string", "Last": "string" }, "Meta": { "TotalPages": 0, "FirstAvailableDateTime": "2019-03-27T05:12:15.066Z", "LastAvailableDateTime": "2019-03-27T05:12:15.066Z" } }, "initiationTimestamp": "2018-06-07T10:33:18.000Z", "status": "AwaitingAuthorisation", "clientId": "9fj2Fk43n6395ef", "userId": "string", "debtorAccount": "31820", "consentGivenTimestamp": "2018-06-07T10:33:18.000Z", "collectionMethod": "web" } ] } |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
Get funds confirmation consent
Once the funds confirmation resource is created, the card issuer may need to retrieve the funds confirmation consent that has been created. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.
GET /funds-confirmation-consents/{ConsentId}
The following parameters need to be provided for the API call:
Parameter | Type | Description |
---|---|---|
ConsentId * | String | The consent ID for which you need information. |
x-fapi-financial-id * | String | The unique ID of the ASPSP to which the request is issued. |
x-fapi-customer-last-logged-time | String | The time when the PSU last logged in with the TPP. |
x-fapi-customer-ip-address | String | The IP address with which the PSU is logged into the TPP. |
x-fapi-interaction-id | String | An RFC4122 UID used as a correlation ID. |
UserId * | String | The user ID of the user initiating the request. |
x-customer-user-agent | String | The user-agent that the PSU is using. |
A sample successful response is shown below:
Code | Description | Sample Response |
---|---|---|
200 | Funds Confirmation Consent Read | { "Data": { "ConsentId": "string", "CreationDateTime": "2019-03-27T05:21:23.718Z", "Status": "Authorised", "StatusUpdateDateTime": "2019-03-27T05:21:23.718Z", "ExpirationDateTime": "2019-03-27T05:21:23.718Z", "DebtorAccount": { "SchemeName": "string", "Identification": "string", "Name": "string", "SecondaryIdentification": "string" } }, "Links": { "Self": "string", "First": "string", "Prev": "string", "Next": "string", "Last": "string" }, "Meta": { "TotalPages": 0, "FirstAvailableDateTime": "2019-03-27T05:21:23.718Z", "LastAvailableDateTime": "2019-03-27T05:21:23.718Z" } } |
Once the GET /funds-confirmation-consents/{ConsentId}
resource is created successfully, one of the following status codes is generated.
Status | Description |
---|---|
Authorized | The Funds Confirmation Consent has been authorized. |
Rejected | The Funds Conformation Consent has been rejected. |
AwaitingAuthorisation | The Funds Confirmation Consent is awaiting authorization. |
Revoked | The Funds Confirmation Consent has been revoked. |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad Request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
401 | Unauthorized | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
403 | Forbidden | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
404 | Not found | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
405 | Method Not Allowed | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
406 | Not Acceptable | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
429 | Too Many Requests | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
Revoking funds confirmation consent
Once a funds confirmation consent has been created, the PSU may need to revoke the consent granted for confirming funds with the CBPII. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.
DELETE /funds-confirmation-consents/{ConsentId}
The following parameters need to be provided for the API call:
Parameter | Type | Description |
---|---|---|
ConsentId * | String | The consent ID for which you need information. |
x-fapi-financial-id * | String | The unique ID of the ASPSP to which the request is issued. |
x-fapi-customer-last-logged-time | String | The time when the PSU last logged in with the TPP. |
x-fapi-customer-ip-address | String | The IP address with which the PSU is logged into the TPP. |
x-fapi-interaction-id | String | An RFC4122 UID used as a correlation ID. |
UserId * | String | The user ID of the user initiating the request. |
x-customer-user-agent | String | The user-agent that the PSU is using. |
A sample successful response is shown below:
Code | Description |
---|---|
204 | Funds Confirmation Consent Deleted |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad Request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
401 | Unauthorized | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
403 | Forbidden | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
404 | Not found | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
405 | Method Not Allowed | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
406 | Not Acceptable | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
429 | Too Many Requests | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
Including the PSU with the funds confirmation consent
Once the funds confirmation is created, it needs to be bound to the PSU who granted the consent. To achieve this, use the resource described below.
POST /funds-confirmation-user-consent/
A sample request is shown below:
{ "ConsentId": "string", "collectionMethod": "web", "userId": "string", "accountIds": [ "31820" ], "status": "AwaitingAuthorisation", "givenTimeStamp": "2018-06-07T10:33:18.000Z" }
A sample successful response is shown below:
Code | Description | Sample Response |
---|---|---|
204 | Funds Confirmation Created | { "ConsentId": "string", "collectionMethod": "web", "userId": "string", "accountIds": [ "31820" ], "status": "AwaitingAuthorisation", "givenTimeStamp": "2018-06-07T10:33:18.000Z" } |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad Request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
401 | Unauthorized | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
403 | Forbidden | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
405 | Method Not Allowed | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
406 | Not Acceptable | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
429 | Too Many Requests | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
PUT /funds-confirmation-user-consent/
Once the funds confirmation consent resource is created, you may need to update the granted consent.To achieve this, use the resource described below. In order to use this operation, the CBPII must have an access token issued using a client credentials grant type.
A sample request is shown below:
{ "ConsentId": "string", "collectionMethod": "web", "userId": "string", "accountIds": [ "31820" ], "status": "AwaitingAuthorisation", "givenTimeStamp": "2018-06-07T10:33:18.000Z" }
A sample successful response is shown below:
Code | Description | Sample Response |
---|---|---|
204 | Funds Confirmation Created | { "ConsentId": "string", "collectionMethod": "web", "userId": "string", "accountIds": [ "31820" ], "status": "AwaitingAuthorisation", "givenTimeStamp": "2018-06-07T10:33:18.000Z" } |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad Request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
401 | Unauthorized | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
403 | Forbidden | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
405 | Method Not Allowed | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
406 | Not Acceptable | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
429 | Too Many Requests | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
Validate funds confirmation consent
Once the funds confirmation consent is created, you may need to validate the consent for fund confirmation requests. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.
POST /funds-confirmation-validation/
A sample request is shown below:
{ "clientId": "9fj2Fk43n6395ef", "userId": "string", "ConsentId": "string", "scope": "fundsConfirmations", "requestURI": "fundsConfirmations" }
A sample successful response is shown below:
Code | Description |
---|---|
200 | Funds Confirmation resource successfully validated |
A list of possible error responses is given below:
Error Code | Description | Sample Response |
---|---|---|
400 | Bad request | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |
500 | Internal Server Error | { "Code": "string", "Id": "string", "Message": "string", "Errors": [ { "ErrorCode": "string", "Message": "string", "Path": "string", "Url": "string" } ] } |