This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 48 Next »

Consent Management APIs provide the capability to manage consents in a web application, on behalf of an end-user. A banking service consumer/ Account Servicing Payment Service Provider (ASPSP) may need to develop their own web application or use their own mechanism to deploy the consent management capabilities. At this point, a service provider needs a way to directly present consent resources to the end-user. In order to cater to this requirement, those consent capabilities (for example, consent creation/consent deletion) are presented as API resources in the Consent Management APIs.

In the Confirmation of Funds API flow, the consent is managed between the PSU and the ASPSP. The PSU provides consent to their ASPSP to respond to confirmation of funds requests from a Card Based Payment Instrument Issuer (CBPII). To achieve this, there are several API resources available.

You can find the REST API documentation for Confirmation of Funds Information Sharing Consent Management v3.0.0 here.


Parameters denoted with * are mandatory to configure in the API call.

Create funds confirmation consent

The CBPII connects to the ASPSP that services the PSU's account, and creates a funds-confirmation-consent resource. In order to use this operation, the CBPII must have an access token issued using a client credentials grant type.

POST /funds-confirmation-consents

The following header parameters need to be provided for the API call:

ParametersDescription
x-fapi-financial-id *
A unique ID of the ASPSP to which the request is issued. This value is issued by WSO2 Open Banking.
x-fapi-customer-last-logged-time
The time when the PSU logged in with the TPP.
x-fapi-customer-ip-address

The PSU's IP address. When a PSU logs in, the IP address is sent.

x-fapi-interaction-id
An RFC4122 UID used as a correlation ID.
UserId *The ID of the user initiating this request.
x-customer-user-agent
The user agent used by the PSU.

A sample request is shown below:

{ 
   "Data":{ 
      "ExpirationDateTime":"2019-03-21T05:59:55.212Z",
      "DebtorAccount":{ 
         "SchemeName":"string",
         "Identification":"string",
         "Name":"string",
         "SecondaryIdentification":"string"
      }
   }
}

A sample successful response is shown below:

CodeDescriptionSample Response
201Created
{ 
   "Data":{ 
      "ConsentId":"string",
      "CreationDateTime":"2019-03-21T05:59:55.324Z",
      "Status":"Authorised",
      "StatusUpdateDateTime":"2019-03-21T05:59:55.324Z",
      "ExpirationDateTime":"2019-03-21T05:59:55.324Z",
      "DebtorAccount":{ 
         "SchemeName":"string",
         "Identification":"string",
         "Name":"string",
         "SecondaryIdentification":"string"
      }
   },
   "Links":{ 
      "Self":"string",
      "First":"string",
      "Prev":"string",
      "Next":"string",
      "Last":"string"
   },
   "Meta":{ 
      "TotalPages":0,
      "FirstAvailableDateTime":"2019-03-21T05:59:55.324Z",
      "LastAvailableDateTime":"2019-03-21T05:59:55.324Z"
   }
}


Once the funds-confirmation-consent resource is created successfully, one of the following status codes is generated.

Status

Description

AwaitingAuthorisation

The Funds Confirmation Consent is awaiting authorization.

Authorized

The Funds Confirmation Consent has been successfully authorized.

Rejected

The Funds Confirmation Consent has been rejected.

Revoked

An authorized Funds Confirmation Consent has been revoked.

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400
Bad request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
401
Unauthorized
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
403Forbidden
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
404
Not found
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
405
Method Not Allowed
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
406
Not Acceptable
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
415
Unsupported Media Type
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
429
Too Many Requests
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500
Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

Search funds confirmation consent

Once the funds confirmation request is created, the GET /funds-confirmation-consents resurce allows you to identify a list of available funds confirmation consents that match the given search. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.

GET /funds-confirmation-consents

The following header parameters need to be provided for the API call:

ParameterTypeDescription
limitInteger
The maximum size of the resource array to return.
offsetInteger
The starting point within the complete list of qualified items. This has a default value of 0.
userIdString
The user identifier of the subject.
clientIdString
The client identifier of the subject.
status
StringThe status of the consent.
fromTimestamp
string($date-time)
The start date and time for the search. Must be in the ISO 8601 date-time format. 
toTimestamp
string($date-time)
End date and time for the search. Must be in the ISO 8601 date-time format.

A sample successful response is shown below:

CodeDescriptionSample Response
200OK. List of qualifying Consents is returned.
{
  "count": 5,
  "list": [
    {
      "ConsentId": "string",
      "fundsConfirmationResponseData": {
        "Data": {
          "ConsentId": "string",
          "CreationDateTime": "2019-03-27T05:12:15.066Z",
          "Status": "Authorised",
          "StatusUpdateDateTime": "2019-03-27T05:12:15.066Z",
          "ExpirationDateTime": "2019-03-27T05:12:15.066Z",
          "DebtorAccount": {
            "SchemeName": "string",
            "Identification": "string",
            "Name": "string",
            "SecondaryIdentification": "string"
          }
        },
        "Links": {
          "Self": "string",
          "First": "string",
          "Prev": "string",
          "Next": "string",
          "Last": "string"
        },
        "Meta": {
          "TotalPages": 0,
          "FirstAvailableDateTime": "2019-03-27T05:12:15.066Z",
          "LastAvailableDateTime": "2019-03-27T05:12:15.066Z"
        }
      },
      "initiationTimestamp": "2018-06-07T10:33:18.000Z",
      "status": "AwaitingAuthorisation",
      "clientId": "9fj2Fk43n6395ef",
      "userId": "string",
      "debtorAccount": "31820",
      "consentGivenTimestamp": "2018-06-07T10:33:18.000Z",
      "collectionMethod": "web"
    }
  ]
}

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400
Bad request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500
Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

Get funds confirmation consent

Once the funds confirmation resource is created, the card issuer may need to retrieve the funds confirmation consent that has been created. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.

GET /funds-confirmation-consents/{ConsentId}

The following parameters need to be provided for the API call:

ParameterTypeDescription
ConsentId *StringThe consent ID for which you need information.
x-fapi-financial-id *StringThe unique ID of the ASPSP to which the request is issued.
x-fapi-customer-last-logged-timeStringThe time when the PSU last logged in with the TPP.
x-fapi-customer-ip-addressStringThe IP address with which the PSU is logged into the TPP.
x-fapi-interaction-id
String
An RFC4122 UID used as a correlation ID.
UserId *String
The user ID of the user initiating the request.
x-customer-user-agent
String

The user-agent that the PSU is using.

A sample successful response is shown below:

CodeDescriptionSample Response
200Funds Confirmation Consent Read
{
  "Data": {
    "ConsentId": "string",
    "CreationDateTime": "2019-03-27T05:21:23.718Z",
    "Status": "Authorised",
    "StatusUpdateDateTime": "2019-03-27T05:21:23.718Z",
    "ExpirationDateTime": "2019-03-27T05:21:23.718Z",
    "DebtorAccount": {
      "SchemeName": "string",
      "Identification": "string",
      "Name": "string",
      "SecondaryIdentification": "string"
    }
  },
  "Links": {
    "Self": "string",
    "First": "string",
    "Prev": "string",
    "Next": "string",
    "Last": "string"
  },
  "Meta": {
    "TotalPages": 0,
    "FirstAvailableDateTime": "2019-03-27T05:21:23.718Z",
    "LastAvailableDateTime": "2019-03-27T05:21:23.718Z"
  }
}

Once the GET /funds-confirmation-consents/{ConsentId} resource is created successfully, one of the following status codes is generated.

Status

Description

Authorized

The Funds Confirmation Consent has been authorized.

Rejected

The Funds Conformation Consent has been rejected.

AwaitingAuthorisation

The Funds Confirmation Consent is awaiting authorization.

Revoked

The Funds Confirmation Consent has been revoked.


A list of possible error responses is given below:

Error CodeDescriptionSample Response
400Bad Request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
401Unauthorized
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
403Forbidden
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
404
Not found
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
405
Method Not Allowed
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
406
Not Acceptable
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
429
Too Many Requests
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500
Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

Revoking funds confirmation consent

Once a funds confirmation consent has been created, the PSU may need to revoke the consent granted for confirming funds with the CBPII. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.

DELETE /funds-confirmation-consents/{ConsentId}

The following parameters need to be provided for the API call:

ParameterTypeDescription
ConsentId *StringThe consent ID for which you need information.
x-fapi-financial-id *StringThe unique ID of the ASPSP to which the request is issued.
x-fapi-customer-last-logged-timeStringThe time when the PSU last logged in with the TPP.
x-fapi-customer-ip-addressStringThe IP address with which the PSU is logged into the TPP.
x-fapi-interaction-id
String
An RFC4122 UID used as a correlation ID.
UserId *String
The user ID of the user initiating the request.
x-customer-user-agent
String

The user-agent that the PSU is using.

A sample successful response is shown below:

CodeDescription
204Funds Confirmation Consent Deleted

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400Bad Request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
401Unauthorized
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
403Forbidden
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
404Not found
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
405Method Not Allowed
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
406Not Acceptable
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
429Too Many Requests
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

Including the PSU with the funds confirmation consent

Once the funds confirmation is created, it needs to be bound to the PSU who granted the consent. To achieve this, use the resource described below.

POST /funds-confirmation-user-consent/

A sample request is shown below:

{
  "ConsentId": "string",
  "collectionMethod": "web",
  "userId": "string",
  "accountIds": [
    "31820"
  ],
  "status": "AwaitingAuthorisation",
  "givenTimeStamp": "2018-06-07T10:33:18.000Z"
}

A sample successful response is shown below:

CodeDescriptionSample Response
204Funds Confirmation Created
{
  "ConsentId": "string",
  "collectionMethod": "web",
  "userId": "string",
  "accountIds": [
    "31820"
  ],
  "status": "AwaitingAuthorisation",
  "givenTimeStamp": "2018-06-07T10:33:18.000Z"
}

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400Bad Request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
401Unauthorized
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
403Forbidden
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
405Method Not Allowed
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
406Not Acceptable
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
429Too Many Requests
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

PUT /funds-confirmation-user-consent/

Once the funds confirmation consent resource is created, you may need to update the granted consent.To achieve this, use the resource described below. In order to use this operation, the CBPII must have an access token issued using a client credentials grant type.

A sample request is shown below:

{
  "ConsentId": "string",
  "collectionMethod": "web",
  "userId": "string",
  "accountIds": [
    "31820"
  ],
  "status": "AwaitingAuthorisation",
  "givenTimeStamp": "2018-06-07T10:33:18.000Z"
}

A sample successful response is shown below:

CodeDescriptionSample Response
204Funds Confirmation Created
{
  "ConsentId": "string",
  "collectionMethod": "web",
  "userId": "string",
  "accountIds": [
    "31820"
  ],
  "status": "AwaitingAuthorisation",
  "givenTimeStamp": "2018-06-07T10:33:18.000Z"
}

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400Bad Request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
401Unauthorized
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
403Forbidden
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
405Method Not Allowed
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
406Not Acceptable
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
429Too Many Requests
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}

Validate funds confirmation consent

Once the funds confirmation consent is created, you may need to validate the consent for fund confirmation requests. To achieve this, use the resource described below. In order to use this resource, the CBPII must have an access token issued using a client credentials grant type.

POST /funds-confirmation-validation/

A sample request is shown below:

{
  "clientId": "9fj2Fk43n6395ef",
  "userId": "string",
  "ConsentId": "string",
  "scope": "fundsConfirmations",
  "requestURI": "fundsConfirmations"
}

A sample successful response is shown below:

CodeDescription
200Funds Confirmation resource successfully validated

A list of possible error responses is given below:

Error CodeDescriptionSample Response
400
Bad request
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
500
Internal Server Error
{
  "Code": "string",
  "Id": "string",
  "Message": "string",
  "Errors": [
    {
      "ErrorCode": "string",
      "Message": "string",
      "Path": "string",
      "Url": "string"
    }
  ]
}
  • No labels