API reference Account access

Account access

On this page:

POST[base]/account-access-consents	Add an account access consent
GET[base]/account-access-consents/{consentId}	Get account access consent details
DELETE[base]/account-access-consents/{consentId}	Delete an account consent

---

Add an account access consent

Use this method to authorize AISP access to account and transaction information.

By calling this request, the AISP sends a copy of the account access consent to the ASPSP.

The ASPSP creates an account-access-consent resource and responds with a unique consentId to refer to the resource.

To use this method, the AISP must have an access token issued by the ASPSP using a client credentials grant.

Request

Header parameters:

Authorization required

The authorization token as per https://tools.ietf.org/html/rfc6750 .

x-fapi-financial-id required

The unique identifier of the ASPSP issued by the Open Banking system.

x-fapi-customer-last-logged-time

The date and time when the PSU has last logged in the system using a TPP application.

x-fapi-customer-ip-address

The IP address of the PSU who has logged in the system using a TPP application.

x-fapi-interaction-id

The unique identifier of the initiating party (as per RFC 4122 UID) used as a correlation identifier.

x-customer-user-agent

The user-agent used by the PSU.

Body

Data object required

This object provides the following data:

Expand fields

permissions array

An array of string values specifying the data types the Open Banking account access.

This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.

Possible values:

• ReadAccountsBasic — read basic account information

• ReadAccountsDetail — read account identification details

• ReadBalances — read all balance information

• ReadBeneficiariesBasic — read basic beneficiary details

• ReadBeneficiariesDetail — read account identification details for the beneficiary

• ReadDirectDebits — read all direct debit information

• ReadOffers — read all offer information

• ReadPAN — access PAN in the clear across the available endpoints

• ReadParty — read party information of the account owner

• ReadPartyPSU — read party information of the PSU logged in

• ReadProducts — read all product information relating to the account

• ReadScheduledPaymentsBasic — read basic payment details

• ReadScheduledPaymentsDetail — read payment data elements which may leak other information

• ReadStandingOrdersBasic — read basic standing order details

• ReadStandingOrdersDetail — read data elements of standing order which may leak other information

• ReadStatementsBasic — read basic statement details

• ReadStatementsDetail — read statement data elements which may leak other information about the account

• ReadTransactionsBasic — read basic transaction information

• ReadTransactionsCredits — read only credit transactions

• ReadTransactionsDebits — read only debit transactions

• ReadTransactionsDetail — read transaction data elements which may hold silent party details

ExpirationDateTime string

The date and time when the permissions are due to expire. If not specified, the permissions do not have expiration dates.

TransactionFromDateTime string

The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.

TransactionToDateTime string

The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.

Risk object

The parameters of the Risk section are sent to the ASPSP by the initiating party.

This information is used to specify additional details for risk scoring of the fraud accounts.

POST[base]/account-access-consents

{
  "Data": {
    "Permissions": [
      "ReadAccountsDetail",
      "ReadBalances",
      "ReadBeneficiariesDetail",
      "ReadDirectDebits",
      "ReadProducts",
      "ReadStandingOrdersDetail",
      "ReadTransactionsCredits",
      "ReadTransactionsDebits",
      "ReadTransactionsDetail",
      "ReadOffers",
      "ReadPAN",
      "ReadParty",
      "ReadPartyPSU",
      "ReadScheduledPaymentsDetail",
      "ReadStatementsDetail"
    ],
    "ExpirationDateTime": "2017-05-02T00:00:00+00:00",
    "TransactionFromDateTime": "2017-05-03T00:00:00+00:00",
    "TransactionToDateTime": "2017-12-03T00:00:00+00:00"
  },
  "Risk": {}
}

Response

Body:

Data object

This object provides the following data:

Expand fields

ConsentId string

The consent identifier.

CreationDateTime string

The date and time when a consent was created.

Status string

The status of consent resource in code form.

Possible values:

• Authorized

• AwaitingAuthorization

• Rejected

• Revoked

StatusUpdateDateTime string

The date and time when the status of a consent was updated.

permissions array

An array of string values specifying the data types the Open Banking account access.

This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.

Possible values:

• ReadAccountsBasic — read basic account information

• ReadAccountsDetail — read account identification details

• ReadBalances — read all balance information

• ReadBeneficiariesBasic — read basic beneficiary details

• ReadBeneficiariesDetail — read account identification details for the beneficiary

• ReadDirectDebits — read all direct debit information

• ReadOffers — read all offer information

• ReadPAN — access PAN in the clear across the available endpoints

• ReadParty — read party information of the account owner

• ReadPartyPSU — read party information of the PSU logged in

• ReadProducts — read all product information relating to the account

• ReadScheduledPaymentsBasic — read basic payment details

• ReadScheduledPaymentsDetail — read payment data elements which may leak other information

• ReadStandingOrdersBasic — read basic standing order details

• ReadStandingOrdersDetail — read data elements of standing order which may leak other information

• ReadStatementsBasic — read basic statement details

• ReadStatementsDetail — read statement data elements which may leak other information about the account

• ReadTransactionsBasic — read basic transaction information

• ReadTransactionsCredits — read only credit transactions

• ReadTransactionsDebits — read only debit transactions

• ReadTransactionsDetail — read transaction data elements which may hold silent party details

ExpirationDateTime string

The date and time when the permission are due to expire. If not specified, the permissions do not have expiration dates.

TransactionFromDateTime string

The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.

TransactionToDateTime string

The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.

Risk object

The parameters of the Risk section are sent to the ASPSP by the initiating party.

This information is used to specify additional details for risk scoring of the fraud accounts.

HTTP status codes:

The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.

To view a full list of valid response codes, refer to HTTP response codes.

RESPONSE EXAMPLE

{
    "Data": {
      "ConsentId": "urn-bank-intent-88379",
      "CreationDateTime": "2022-12-07T12:23:10.279Z",
      "Status": "Authorised",
      "StatusUpdateDateTime": "2022-12-07T12:23:10.279Z",
      "Permissions": [
        "ReadAccountsBasic"
      ],
      "ExpirationDateTime": "2022-12-07T12:23:10.279Z",
      "TransactionFromDateTime": "2022-12-07T12:23:10.279Z",
      "TransactionToDateTime": "2022-12-07T12:23:10.279Z"
    },
    "Risk": {},
    "Links": {
      "Self": "https://example.com",
      "First": "https://example.com",
      "Prev": "https://example.com",
      "Next": "https://example.com",
      "Last": "https://example.com"
    },
    "Meta": {
      "TotalPages": 5,
      "FirstAvailableDateTime": "2022-12-07T12:23:10.279Z",
      "LastAvailableDateTime": "2022-12-07T12:23:10.279Z"
    }
  }

---

Get account access consent details

Use this method to obtain detailed information about a specified account access consent.

Request

Header parameters:

Authorization

The authorization token as per https://tools.ietf.org/html/rfc6750.

x-fapi-financial-id required

The unique identifier of the ASPSP issued by the Open Banking system.

x-fapi-customer-last-logged-time

The date and time when the PSU has last logged in system using a TPP application.

x-fapi-customer-ip-address

The IP address of the PSU who has logged in system using a TPP application.

x-fapi-interaction-id

The unique identifier of the initiating party (as per RFC4122 UID) used as a correlation identifier.

x-customer-user-agent

The user-agent used by the PSU.

Path parameters:

ConsentId required

The consent identifier.

GET[base]/account-access-consents/{consentId}

GET /account-access-consents/consent-id-example HTTP/1.1
Authorization: Bearer <token>
x-fapi-financial-id: b621cec4-e775-49ab-980a-1900c6a09620
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Response

Body:

Data object

This object provides the following data:

Expand fields

ConsentId string

The consent identifier.

CreationDateTime string

The date and time when a consent was created.

Status string

The status of consent resource in code form.

Possible values:

• Authorized

• AwaitingAuthorization

• Rejected

• Revoked

StatusUpdateDateTime string

The date and time when the status of a consent was updated.

permissions array

An array of string values specifying the data types the Open Banking account access.

This is a list of the data clusters being consented by the PSU, and requested for authorization by the ASPSP.

Possible values:

• ReadAccountsBasic — read basic account information

• ReadAccountsDetail — read account identification details

• ReadBalances — read all balance information

• ReadBeneficiariesBasic — read basic beneficiary details

• ReadBeneficiariesDetail — read account identification details for the beneficiary

• ReadDirectDebits — read all direct debit information

• ReadOffers — read all offer information

• ReadPAN — access PAN in the clear across the available endpoints

• ReadParty — read party information of the account owner

• ReadPartyPSU — read party information of the PSU logged in

• ReadProducts — read all product information relating to the account

• ReadScheduledPaymentsBasic — read basic payment details

• ReadScheduledPaymentsDetail — read payment data elements which may leak other information

• ReadStandingOrdersBasic — read basic standing order details

• ReadStandingOrdersDetail — read data elements of standing order which may leak other information

• ReadStatementsBasic — read basic statement details

• ReadStatementsDetail — read statement data elements which may leak other information about the account

• ReadTransactionsBasic — read basic transaction information

• ReadTransactionsCredits — read only credit transactions

• ReadTransactionsDebits — read only debit transactions

• ReadTransactionsDetail — read transaction data elements which may hold silent party details

ExpirationDateTime string

The date and time when the permissions are due to expire. If not specified, the permissions do not have expiration dates.

TransactionFromDateTime string

The date and time indicating the beginning of the period during which a transaction was executed. If not specified, data is returned from the earliest available transaction.

TransactionToDateTime string

The date and time indicating the end of the period during which a transaction was executed. If not specified, data is returned to the latest available transaction.

Risk object

The parameters of the Risk section are sent to the ASPSP by the initiating party. This information is used to specify additional details for risk scoring of the fraud accounts.

HTTP status codes:

The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.

To view a full list of valid response codes, refer to HTTP response codes.

RESPONSE EXAMPLE

{
  "Data": {
    "ConsentId": "urn-bank-intent-88379",
    "CreationDateTime": "2022-12-07T12:33:11.290Z",
    "Status": "Authorised",
    "StatusUpdateDateTime": "2022-12-07T12:33:11.290Z",
    "Permissions": [
      "ReadAccountsBasic"
    ],
    "ExpirationDateTime": "2022-12-07T12:33:11.290Z",
    "TransactionFromDateTime": "2022-12-07T12:33:11.290Z",
    "TransactionToDateTime": "2022-12-07T12:33:11.290Z"
  },
  "Risk": {},
  "Links": {
    "Self": "https://example.com",
    "First": "https://example.com",
    "Prev": "https://example.com",
    "Next": "https://example.com",
    "Last": "https://example.com"
  },
  "Meta": {
    "TotalPages": 5,
    "FirstAvailableDateTime": "2022-12-07T12:33:11.290Z",
    "LastAvailableDateTime": "2022-12-07T12:33:11.290Z"
  }
}

---

Delete an account consent

Use this method to delete a specified account consent.

Request

Header parameters:

Authorization

The authorization token as per https://tools.ietf.org/html/rfc6750.

x-fapi-financial-id required

The unique identifier of the ASPSP issued by the Open Banking system.

x-fapi-customer-last-logged-time

The date and time when the PSU has last logged in system using a TPP application.

x-fapi-customer-ip-address

The IP address of the PSU who has logged in system using a TPP application.

x-fapi-interaction-id

The unique identifier of the initiating party (as per RFC4122 UID) used as a correlation identifier.

x-customer-user-agent

The user-agent used by the PSU.

Path parameters:

ConsentId required

The consent identifier.

DELETE[base]/account-access-consents/{consentId}

DELЕTE /account-access-consents/consent-id-example HTTP/1.1
Authorization: Bearer <token>
x-fapi-financial-id: b621cec4-e775-49ab-980a-1900c6a09620
x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Response

Body:

In case of success, no response body is returned.

HTTP status codes:

The eqwire API uses standard HTTP response codes to indicate the success or failure of a request.

To view a full list of valid response codes, refer to HTTP response codes.