This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Managing Funds Confirmation Consent
- Former user (Deleted)
Funds confirmation Consent is used to request consent from a PSU. The request is made by an ASPSP when the ASPSP is responsible for responding to a CBPII. The CBPII is asking permission to access the PSU's data. A consentId is generated by the ASPSP that is used in order to respond to CBPII. Following describe the funds-confirmation-consent API endpoint further:
Generate an application access token
When invoking APIs in the CBPII flow, application access tokens must be generated using the client credential grant type.
Generate the client assertion by signing the following JSON payload using the supported algorithms.
{ "alg": "<<This will be the algorithm used for signing>>", "kid": "<<This will be the certificate fingerprint>>", "typ": "JWT" } { "iss": "<<This is the issue of the token, e.g., client ID of your application>>", "sub": "<<This is the subject identifier of the issuer, e.g., client ID of your application>>", "exp": <<This is epoch time of the token expiration date/time>>, "iat": <<This is epoch time of the token issuance date/time>>, "jti": "<<This is an incremental unique value>>", "aud": "<<This is the audience that the ID token is intended for, e.g., https://<<AM_HOST>>:8243/token>>" } <signature>Run the following cURL command in a command prompt to generate the access token. Make sure you update the placeholders with the relevant values.
curl -v POST -H "Content-Type: application/x-www-form-urlencoded;charset=ISO-8859-1" -k -d "grant_type=client_credentials&scope=fundsconfirmations&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=<<pass the signed key generated in the above>>&redirect_uri=<<The callback URL of your application>>" https://<<AM_HOST>>:8243/token
You can use the same cURL command to re-generate the access token.
Endpoints
| Resource | HTTP Operation | Endpoint | Mandatory/Optional | Scope | Grant Type | Message Signing | Idempotency Key | Request Object | Response Object |
|---|---|---|---|---|---|---|---|---|---|
| funds-confirmation-consent | POST | POST /funds-confirmation-consents | Mandatory | fundsconfirmations | Client Credentials | No | No | OBFundsConfirmationConsent1 | OBFundsConfirmationConsentResponse1 |
| funds-confirmation-consent | GET | GET /funds-confirmation-consents/{ConsentId} | Mandatory | fundsconfirmations | Client Credentials | No | No | NA | OBFundsConfirmationConsentResponse1 |
| funds-confirmation-consent | DELETE | DELETE /funds-confirmation-consents/{ConsentId} | Mandatory | fundsconfirmations | Client Credentials | No | No | NA | NA |
POST /funds-confirmation-consents
POST /funds-confirmation-consents
Confirmation of funds (COF) API is a gateway that allows CBPII to request an ASPSP to create a new funds-confirmation-consent resource.
- This endpoint allows the CBPII to propose a consent to be agreed between the ASPSP and PSU, to authorise the CBPII access to confirm funds are available.
- The ASPSP creates the funds-confirmation-consent resource and responds with a unique ConsentId to refer to the resource.
- Prior to calling the operation, the CBPII must have an access token issued by the ASPSP using a client credentials grant.
This is the request generated by CBPII to make an agreement between the PSU and the ASPSP initially.
POST /funds-confirmation-consents HTTP/1.1Content-Type: application/json
Authorization: Bearer 1t1satruthun1v3rs4lly
Accept: application/json; charset=utf-8
x-fapi-financial-id: I4mth3R3-4p3r-411t-hing-5withh33dfu1
x-fapi-customer-last-logged-time: Mon, 13 Nov 2017 19:49:37 GMT
x-fapi-customer-ip-address: 92.11.92.11
x-fapi-interaction-id: hook5i13-ntIg-4th3-rP41-3ro535touch3
{
"Data": {
"DebtorAccount": {
"SchemeName": "UK.OBIE.IBAN",
"Identification": "GB76LOYD30949301273801",
"SecondaryIdentification": "Roll 56988"
},
"ExpirationDateTime": "2017-05-02T00:00:00+00:00"
}
}
This is the response generated by the ASPSP mentioning the status of authorization. The response includes the ConsentId.
HTTP/1.1 201 CreatedContent-Type: application/json
x-fapi-interaction-id: hook5i13-ntIg-4th3-rP41-3ro535touch3
{
"Data": {
"ConsentId": "88379",
"CreationDateTime": "2017-05-02T00:00:00+00:00",
"Status": "AwaitingAuthorisation",
"StatusUpdateDateTime": "2017-05-02T00:00:00+00:00",
"ExpirationDateTime": "2017-05-02T00:00:00+00:00",
"DebtorAccount": {
"SchemeName": "UK.OBIE.IBAN",
"Identification": "GB76LOYD30949301273801",
"SecondaryIdentification": "Roll 56988"
}
},
"Links": {
"Self": "https://api.alphabank.com/open-banking/v3.1/cbpii/funds-confirmation-consents/88379"
},
"Meta": {}
}
GET /funds-confirmation-consents/{ConsentId}
GET /funds-confirmation-consents/{ConsentId}
- A CBPII can check the status of the resource by optionally retrieving the
funds-confirmation-consent resource. - The CBPII must own a token before executing this operation. The token must be issued by the ASPSP using client credential grant.
A CBPII can check the status of the funds confirmation consent resource anytime. Refer, Account access consent status for types of consent statuses.
GET /funds-confirmation-consents/88379 HTTP/1.1Authorization: Bearer Jhingapulaav x-fapi-financial-id: OB/2017/001 x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d Accept: application/json
The relevant ASPSP responds with the details of the authorization status.
HTTP/1.1 200 OKx-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
{
"Data": {
"ConsentId": "88379",
"CreationDateTime": "2017-05-02T00:00:00+00:00",
"Status": "AwaitingAuthorisation",
"StatusUpdateDateTime": "2017-05-02T00:00:00+00:00",
"ExpirationDateTime": "2017-05-02T00:00:00+00:00",
"DebtorAccount": {
"SchemeName": "UK.OBIE.IBAN",
"Identification": "GB76LOYD30949301273801",
"SecondaryIdentification": "Roll 56988"
}
},
"Links": {
"Self": "https://api.alphabank.com/open-banking/v3.1/cbpii/funds-confirmation-consents/88379"
},
"Meta": {}
}
DELETE /funds-confirmation-consents/{ConsentId}
DELETE /funds-confirmation-consents/{ConsentId}
There are the three instances WSO2 Open Banking solution supports:
- A PSU can directly revoke funds confirmation consent through Self-Care app.
- A PSU can request an ASPSP to revoke funds confirmation consent. The ASPSP can revoke funds confirmation consents through Customer-Care app.
- A TPP can revoke funds confirmation consents with as following:
DELETE /funds-confirmation-consents/88379 HTTP/1.1 Authorization: Bearer Jhingapulaav x-fapi-financial-id: OB/2017/001 x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 GMT x-fapi-customer-ip-address: 104.25.212.99 x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
HTTP/1.1 204 No Content x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Once the delete operation is executed, the CBPII must cease to access the funds confirmation consent resource at that point that suggests the CBPII no longer can access the resource created for this particular PSU.
Account access consent status
The PSU must authenticate with the ASPSP and agree the funds-confirmation-consent with the ASPSP in order to funds-confirmation-consent be successfully setup. Once the PSU agrees the consent outlined in the funds-confirmation-consent resource, the Status of the funds-confirmation-consent resource will be updated with Authorised. The possible status code-list enumerations for the funds-confirmation-consent resource are:
| Status | Status description |
|---|---|
| Rejected | The Funds Confirmation Consent has been rejected. |
| AwaitingAuthorisation | The Funds Confirmation Consent is awaiting agreement. |
| Authorised | The Funds Confirmation Consent has been successfully agreed. |
| Revoked | The Funds Confirmation Consent has been revoked via the ASPSP interface. |