Account access
On this page:
POST[base]/account-access-consents |
|
GET[base]/account-access-consents/{consentId} |
|
DELETE[base]/account-access-consents/{consentId} |
Add an account access consent
Use this method to authorize AISP access to account and transaction information.
By calling this request, the AISP sends a copy of the account access consent to the ASPSP.
The ASPSP creates an account-access-consent
resource and responds with a unique consentId to refer to the resource.
To use this method, the AISP must have an access token issued by the ASPSP using a client credentials grant.
Request
Header parameters:
- Authorization required
The authorization token as per https://tools.ietf.org/html/rfc6750 .
- x-fapi-financial-id required
The unique identifier of the ASPSP issued by the Open Banking system.
- x-fapi-customer-last-logged-time
The date and time when the PSU has last logged in the system using a TPP application.
- x-fapi-customer-ip-address
The IP address of the PSU who has logged in the system using a TPP application.
- x-fapi-interaction-id
The unique identifier of the initiating party (as per RFC 4122 UID) used as a correlation identifier.
- x-customer-user-agent
The user-agent used by the PSU.
Body
- Data object required
This object provides the following data:
Expand fields- permissions array
An array of string values specifying the data types the Open Banking account access.
This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.
Possible values:
ReadAccountsBasic
— read basic account informationReadAccountsDetail
— read account identification detailsReadBalances
— read all balance informationReadBeneficiariesBasic
— read basic beneficiary detailsReadBeneficiariesDetail
— read account identification details for the beneficiaryReadDirectDebits
— read all direct debit informationReadOffers
— read all offer informationReadPAN
— access PAN in the clear across the available endpointsReadParty
— read party information of the account ownerReadPartyPSU
— read party information of the PSU logged inReadProducts
— read all product information relating to the accountReadScheduledPaymentsBasic
— read basic payment detailsReadScheduledPaymentsDetail
— read payment data elements which may leak other informationReadStandingOrdersBasic
— read basic standing order detailsReadStandingOrdersDetail
— read data elements of standing order which may leak other informationReadStatementsBasic
— read basic statement detailsReadStatementsDetail
— read statement data elements which may leak other information about the accountReadTransactionsBasic
— read basic transaction informationReadTransactionsCredits
— read only credit transactionsReadTransactionsDebits
— read only debit transactionsReadTransactionsDetail
— read transaction data elements which may hold silent party details
- ExpirationDateTime string
The date and time when the permissions are due to expire. If not specified, the permissions do not have expiration dates.
- TransactionFromDateTime string
The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.
- TransactionToDateTime string
The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.
- Risk object
The parameters of the Risk section are sent to the ASPSP by the initiating party.
This information is used to specify additional details for risk scoring of the fraud accounts.
POST[base]/account-access-consents
{
"Data": {
"Permissions": [
"ReadAccountsDetail",
"ReadBalances",
"ReadBeneficiariesDetail",
"ReadDirectDebits",
"ReadProducts",
"ReadStandingOrdersDetail",
"ReadTransactionsCredits",
"ReadTransactionsDebits",
"ReadTransactionsDetail",
"ReadOffers",
"ReadPAN",
"ReadParty",
"ReadPartyPSU",
"ReadScheduledPaymentsDetail",
"ReadStatementsDetail"
],
"ExpirationDateTime": "2017-05-02T00:00:00+00:00",
"TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
"TransactionToDateTime": "2017-12-03T00:00:00+00:00"
},
"Risk": {}
}
Response
Body:
- Data object
This object provides the following data:
Expand fields- ConsentId string
The consent identifier.
- CreationDateTime string
The date and time when a consent was created.
- Status string
The status of consent resource in code form.
Possible values:
Authorized
AwaitingAuthorization
Rejected
Revoked
- StatusUpdateDateTime string
The date and time when the status of a consent was updated.
- permissions array
An array of string values specifying the data types the Open Banking account access.
This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.
Possible values:
ReadAccountsBasic
— read basic account informationReadAccountsDetail
— read account identification detailsReadBalances
— read all balance informationReadBeneficiariesBasic
— read basic beneficiary detailsReadBeneficiariesDetail
— read account identification details for the beneficiaryReadDirectDebits
— read all direct debit informationReadOffers
— read all offer informationReadPAN
— access PAN in the clear across the available endpointsReadParty
— read party information of the account ownerReadPartyPSU
— read party information of the PSU logged inReadProducts
— read all product information relating to the accountReadScheduledPaymentsBasic
— read basic payment detailsReadScheduledPaymentsDetail
— read payment data elements which may leak other informationReadStandingOrdersBasic
— read basic standing order detailsReadStandingOrdersDetail
— read data elements of standing order which may leak other informationReadStatementsBasic
— read basic statement detailsReadStatementsDetail
— read statement data elements which may leak other information about the accountReadTransactionsBasic
— read basic transaction informationReadTransactionsCredits
— read only credit transactionsReadTransactionsDebits
— read only debit transactionsReadTransactionsDetail
— read transaction data elements which may hold silent party details
- ExpirationDateTime string
The date and time when the permission are due to expire. If not specified, the permissions do not have expiration dates.
- TransactionFromDateTime string
The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.
- TransactionToDateTime string
The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.
- Risk object
The parameters of the Risk section are sent to the ASPSP by the initiating party.
This information is used to specify additional details for risk scoring of the fraud accounts.
HTTP status codes:
The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.
To view a full list of valid response codes, refer to HTTP response codes.
{
"Data": {
"ConsentId": "urn-bank-intent-88379",
"CreationDateTime": "2022-12-07T12:23:10.279Z",
"Status": "Authorised",
"StatusUpdateDateTime": "2022-12-07T12:23:10.279Z",
"Permissions": [
"ReadAccountsBasic"
],
"ExpirationDateTime": "2022-12-07T12:23:10.279Z",
"TransactionFromDateTime": "2022-12-07T12:23:10.279Z",
"TransactionToDateTime": "2022-12-07T12:23:10.279Z"
},
"Risk": {},
"Links": {
"Self": "https://example.com",
"First": "https://example.com",
"Prev": "https://example.com",
"Next": "https://example.com",
"Last": "https://example.com"
},
"Meta": {
"TotalPages": 5,
"FirstAvailableDateTime": "2022-12-07T12:23:10.279Z",
"LastAvailableDateTime": "2022-12-07T12:23:10.279Z"
}
}
Get account access consent details
Use this method to obtain detailed information about a specified account access consent.
Request
Header parameters:
- Authorization
The authorization token as per https://tools.ietf.org/html/rfc6750.
- x-fapi-financial-id required
The unique identifier of the ASPSP issued by the Open Banking system.
- x-fapi-customer-last-logged-time
The date and time when the PSU has last logged in system using a TPP application.
- x-fapi-customer-ip-address
The IP address of the PSU who has logged in system using a TPP application.
- x-fapi-interaction-id
The unique identifier of the initiating party (as per RFC4122 UID) used as a correlation identifier.
- x-customer-user-agent
The user-agent used by the PSU.
Path parameters:
- ConsentId required
The consent identifier.
GET[base]/account-access-consents/{consentId}
GET /account-access-consents/consent-id-example HTTP/1.1
Authorization: Bearer <token>
x-fapi-financial-id: b621cec4-e775-49ab-980a-1900c6a09620
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json
Response
Body:
- Data object
This object provides the following data:
Expand fields- ConsentId string
The consent identifier.
- CreationDateTime string
The date and time when a consent was created.
- Status string
The status of consent resource in code form.
Possible values:
Authorized
AwaitingAuthorization
Rejected
Revoked
- StatusUpdateDateTime string
The date and time when the status of a consent was updated.
- permissions array
An array of string values specifying the data types the Open Banking account access.
This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.
Possible values:
ReadAccountsBasic
— read basic account informationReadAccountsDetail
— read account identification detailsReadBalances
— read all balance informationReadBeneficiariesBasic
— read basic beneficiary detailsReadBeneficiariesDetail
— read account identification details for the beneficiaryReadDirectDebits
— read all direct debit informationReadOffers
— read all offer informationReadPAN
— access PAN in the clear across the available endpointsReadParty
— read party information of the account ownerReadPartyPSU
— read party information of the PSU logged inReadProducts
— read all product information relating to the accountReadScheduledPaymentsBasic
— read basic payment detailsReadScheduledPaymentsDetail
— read payment data elements which may leak other informationReadStandingOrdersBasic
— read basic standing order detailsReadStandingOrdersDetail
— read data elements of standing order which may leak other informationReadStatementsBasic
— read basic statement detailsReadStatementsDetail
— read statement data elements which may leak other information about the accountReadTransactionsBasic
— read basic transaction informationReadTransactionsCredits
— read only credit transactionsReadTransactionsDebits
— read only debit transactionsReadTransactionsDetail
— read transaction data elements which may hold silent party details
- ExpirationDateTime string
The date and time when the permissions are due to expire. If not specified, the permissions do not have expiration dates.
- TransactionFromDateTime string
The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.
- TransactionToDateTime string
The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.
- Risk object
The parameters of the Risk section are sent to the ASPSP by the initiating party. This information is used to specify additional details for risk scoring of the fraud accounts.
HTTP status codes:
The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.
To view a full list of valid response codes, refer to HTTP response codes.
{
"Data": {
"ConsentId": "urn-bank-intent-88379",
"CreationDateTime": "2022-12-07T12:33:11.290Z",
"Status": "Authorised",
"StatusUpdateDateTime": "2022-12-07T12:33:11.290Z",
"Permissions": [
"ReadAccountsBasic"
],
"ExpirationDateTime": "2022-12-07T12:33:11.290Z",
"TransactionFromDateTime": "2022-12-07T12:33:11.290Z",
"TransactionToDateTime": "2022-12-07T12:33:11.290Z"
},
"Risk": {},
"Links": {
"Self": "https://example.com",
"First": "https://example.com",
"Prev": "https://example.com",
"Next": "https://example.com",
"Last": "https://example.com"
},
"Meta": {
"TotalPages": 5,
"FirstAvailableDateTime": "2022-12-07T12:33:11.290Z",
"LastAvailableDateTime": "2022-12-07T12:33:11.290Z"
}
}
Delete an account consent
Use this method to delete a specified account consent.
Request
Header parameters:
- Authorization
The authorization token as per https://tools.ietf.org/html/rfc6750.
- x-fapi-financial-id required
The unique identifier of the ASPSP issued by the Open Banking system.
- x-fapi-customer-last-logged-time
The date and time when the PSU has last logged in system using a TPP application.
- x-fapi-customer-ip-address
The IP address of the PSU who has logged in system using a TPP application.
- x-fapi-interaction-id
The unique identifier of the initiating party (as per RFC4122 UID) used as a correlation identifier.
- x-customer-user-agent
The user-agent used by the PSU.
Path parameters:
- ConsentId required
The consent identifier.
DELETE[base]/account-access-consents/{consentId}
DELЕTE /account-access-consents/consent-id-example HTTP/1.1
Authorization: Bearer <token>
x-fapi-financial-id: b621cec4-e775-49ab-980a-1900c6a09620
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json
Response
Body:
In case of success, no response body is returned.
HTTP status codes:
The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.
To view a full list of valid response codes, refer to HTTP response codes.