Account Consent API for UK

Consent Management APIs provide the capability to manage consents in a web application, on behalf of an end-user. A banking service consumer/ Account Servicing Payment Service Provider (ASPSP) may need to develop their own web application or use their own mechanism to deploy the consent management capabilities. At this point, a service provider needs a way to directly present consent resources to the end-user. In order to cater to this requirement, those consent capabilities (for example, consent creation/consent deletion) are presented as API resources in the Consent Management APIs.

The Account Consent API specifies a RESTful API for consent management for accounts information sharing in WSO2 Open Banking. This API is secured with basic authentication. For more information, see configuring basic authentication for Consent Management APIs.

Create account consent 

This API resource is to send an account initiation request. This allows the AISP to ask an ASPSP to create a new account-access-consent resource.

• This API resource allows the AISP to send a copy of the consent to the ASPSP to authorise access to account information.

• An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

• The status of the consent is set to AwaitingAuthorisation.

POST /account-access-consents

Retrieve account consent 

This API resource is to retrieve the account access consent resource. The ConsentId should be passed as a path parameter.

GET /account-access-consents/{ConsentId}

Revoke account consent 

This API resource is to delete the account access consent resource created.

• The ConsentId should be passed as a path parameter.

• The status of the consent is set to Revoked. 

DELETE /account-access-consents/{ConsentId}