The Account Information consent API performs the PSU authentication and returns a consent resource identifier that will allow you to access the ASPSP accounts that the PSU have provided consent to access.
This API intends to provide an interface to access PSD2 Consent services.
The API is designed on a REST model using JSON structures.
Paths
/{aspsp-cde}/v1-0-4/consents
Account Information Consent Request
Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.
When this Consent Request is a request where the "recurringIndicator" equals “true”, and if it exists already a former consent for recurring access on account information for the addressed PSU, then the former consent automatically expires as soon as the new consent request is authorised by the PSU.
ID of the transaction as determined by the initiating party.
{
"default": ""
}
User identification in ASPSP
{
"default": ""
}
Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
{
"default": ""
}
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
{
"default": ""
}
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
{
"default": ""
}
The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
{
"pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
"default": "GEO:1.111111;-1.111111"
}
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
{
"default": ""
}
Only used for Delegated Authentication Approach. \n "NSCA" - "SCA Not performed"; \n "SUCC" - "SCA Performed with Success"; \n If this data element is not used, there is no information about transaction SCA authentication
{
"enum": [
"NSCA",
"SUCC"
]
}
Corporate User identification in ASPSP
{
"default": ""
}
Might be mandated in the ASPSPs documentation. Only used in a corporate context.
{
"default": ""
}
The forwarded Agent header field of the http request between PSU and TPP.
{
"default": ""
}
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Shall be contained at least if the tppRedirectPreferred parameter is set to true or is missing.
{
"default": ""
}
If it equals "true", the TPP requests a delegated SCA approach. If it equals "false", the TPP do not request a delegated SCA approach. If the parameter is not used, the TPP do not request a delegated SCA approach.
An identification provided by the ASPSP for the later identification of the authentication delegated.
{
"default": ""
}
A signature of the request by the TPP on application level. This might be mandated by ASPSP.
{
"default": ""
}
Hash of the message body. Should be present when Request body exists
{
"default": ""
}
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
{
"default": ""
}
If it equals "true", the TPP prefers a redirect over an embedded SCA approach. \n If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.
If it equals "true", the TPP prefers a decoupled SCA approach. \n depending on the choice of the SCA procedure by the TPP/PSU. \n If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU. \n The parameter might be ignored by the ASPSP. \n If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used. \n RFU: TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility. \n If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach
This header might be used by TPPs to inform the ASPSP about the brand used by the TPP towards the PSU. This information is meant for logging entries to enhance communication between ASPSP and PSU or ASPSP and TPP. This header might be ignored by the ASPSP.
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This may be ignored by the ASPSP. See Section 4.10 for further requirements on this header. \n The same condition as for TPP-Redirect-URI on keeping the URI equal during a transaction lifecycle applies also to this header.
If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. \n If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket.
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
{
"default": ""
}
HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE
{
"enum": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE"
],
"default": "GET"
}
Request date
Identification of the aspsp
{
"default": ""
}
Account Consent Request
{
"schema": {
"description": "Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.",
"type": "object",
"required": [
"access",
"recurringIndicator",
"validUntil",
"frequencyPerDay",
"combinedServiceIndicator"
],
"properties": {
"access": {
"description": "Requested access services. Only the sub attributes with the tags \"accounts\", \"balances\" and \"transactions\" are accepted for this request.",
"$ref": "#\/definitions\/AccountAccess"
},
"recurringIndicator": {
"description": "\"true\", if the consent is for recurring access to the account data.\n\"false\", if the consent is for one access to the account data.\n",
"type": "boolean",
"default": false
},
"validUntil": {
"description": "This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format.\n",
"type": "string",
"format": "date-time",
"default": "1900-01-01T00:00:00Z"
},
"frequencyPerDay": {
"description": "This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to \"1\".\n",
"type": "integer",
"format": "int32",
"minimum": 1,
"default": 1
},
"combinedServiceIndicator": {
"description": "If \"true\" indicates that a payment initiation service will be addressed in the same \"session\".",
"type": "boolean",
"default": false
}
},
"additionalProperties": false
}
}
Created
Bad Request.
Unauthorized.
Forbidden.
Not Found.
Method Not Allowed.
Not Acceptable.
Request Timeout.
Unsupported Media Type.
Too Many Requests.
Internal Server Error.
Service Unavailable.
Gatewaty Timeout.
/{aspsp-cde}/v1-0-4/consents/{consent-id}
Get Consent Request
Returns the content of an account information consent object.
ID of the transaction as determined by the initiating party.
{
"default": ""
}
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
{
"default": ""
}
User identification in ASPSP
{
"default": ""
}
Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
{
"default": ""
}
Corporate User identification in ASPSP
{
"default": ""
}
Might be mandated in the ASPSPs documentation. Only used in a corporate context.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
{
"default": ""
}
HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE
{
"enum": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE"
],
"default": "GET"
}
The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
{
"pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
"default": "GEO:1.111111;-1.111111"
}
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
{
"default": ""
}
Fingerprint of the device used in the request between PSU and TPP, if available.
{
"default": ""
}
A signature of the request by the TPP on application level. This might be mandated by ASPSP.
{
"default": ""
}
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
{
"default": ""
}
Request date
Identification of the aspsp
{
"default": ""
}
Identification of the consent
{
"default": ""
}
Bad Request.
Unauthorized.
Forbidden.
Not Found.
Method Not Allowed.
Not Acceptable.
Request Timeout.
Unsupported Media Type.
Too Many Requests.
Internal Server Error.
Service Unavailable.
Gatewaty Timeout.
Delete Consent Request
Deletes a given consent.
ID of the transaction as determined by the initiating party.
{
"default": ""
}
A signature of the request by the TPP on application level. This might be mandated by ASPSP.
{
"default": ""
}
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
{
"default": ""
}
Request date
Identification of the aspsp
{
"default": ""
}
Identification of the consent
{
"default": ""
}
No Content
Bad Request.
Unauthorized.
Forbidden.
Not Found.
Method Not Allowed.
Not Acceptable.
Request Timeout.
Unsupported Media Type.
Too Many Requests.
Internal Server Error.
Service Unavailable.
Gatewaty Timeout.
/{aspsp-cde}/v1-0-4/consents/{consent-id}/status
Get Status Request
Check the status of an account information consent resource.
ID of the transaction as determined by the initiating party.
{
"default": ""
}
User identification in ASPSP
{
"default": ""
}
Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
{
"default": ""
}
Corporate User identification in ASPSP
{
"default": ""
}
Might be mandated in the ASPSPs documentation. Only used in a corporate context.
{
"default": ""
}
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
{
"default": ""
}
The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
{
"default": ""
}
HTTP method used at the PSU – TPP interface, if available. \n Valid values are: \n - GET \n - POST \n - PUT \n - PATCH \n - DELETE
{
"enum": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE"
],
"default": "GET"
}
The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
{
"pattern": "^GEO:[-?+?(\\d){1,3}.(\\d){6}]{8,11};[-?+?(\\d){1,3}.(\\d){6}]{8,11}$",
"default": "GEO:1.111111;-1.111111"
}
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
{
"default": ""
}
Fingerprint of the device used in the request between PSU and TPP, if available.
{
"default": ""
}
A signature of the request by the TPP on application level. This might be mandated by ASPSP.
{
"default": ""
}
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
{
"default": ""
}
Request date
Identification of the aspsp
{
"default": ""
}
Identification of the consent
{
"default": ""
}
Bad Request.
Unauthorized.
Forbidden.
Not Found.
Method Not Allowed.
Not Acceptable.
Request Timeout.
Unsupported Media Type.
Too Many Requests.
Internal Server Error.
Service Unavailable.
Gatewaty Timeout.
Definitions
Defines the properties of an account data consent request.
{
"type": "object",
"properties": {
"accounts": {
"description": "Is asking for detailed account information. If the array is empty, the TPP is asking for an accessible account list. This may be restricted in a PSU/ASPSP authorization dialogue.\n",
"$ref": "#/definitions/AccountReferenceArray"
},
"balances": {
"description": "Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted\n",
"$ref": "#/definitions/AccountReferenceArray"
},
"transactions": {
"description": "Is asking for balances of the addressed accounts. If the array is empty, the TPP is asking for the balances of all accessible account lists. This may be restricted\n",
"$ref": "#/definitions/AccountReferenceArray"
},
"additionalInformation": {
"description": "Is asking for additional information as added within this structured object.",
"$ref": "#/definitions/AdditionalInformationAccess"
},
"availableAccounts": {
"description": "Only the value \"all-accounts\" is admitted.",
"default": "",
"$ref": "#/definitions/AvailableAccountsEnum"
},
"allPsd2": {
"description": "Only the value \"all-accounts\" is admitted.",
"default": "",
"$ref": "#/definitions/AllPsd2Enum"
},
"authDelegation": {
"description": "Only the value \"selected-accounts\" is admitted.",
"default": "",
"$ref": "#/definitions/AuthDelegationEnum"
}
},
"minProperties": 1,
"additionalProperties": false
}
Identifier of the addressed account.
{
"type": "object",
"properties": {
"iban": {
"description": "International Bank Account Number",
"type": "string",
"pattern": "^[A-Z]{2,2}[0-9]{2,2}[a-zA-Z0-9]{1,30}$",
"default": "PT0000"
},
"bban": {
"description": "This data elements is used for payment accounts which have no IBAN.",
"type": "string",
"default": ""
},
"pan": {
"description": "Primary Account Number (PAN) of a card, can be tokenised by the ASPSP due to PCI DSS requirements.",
"type": "string",
"maxLength": 35,
"default": "1111111111111111111111111111"
},
"maskedPan": {
"description": "Primary Account Number in a masked form.",
"type": "string",
"maxLength": 35,
"default": "111111******************1111"
},
"msisdn": {
"description": "An alias to access a payment account via a registered mobile phone number",
"type": "string",
"maxLength": 35,
"default": ""
},
"currency": {
"description": "ISO 4217 Alpha 3 currency code.",
"type": "string",
"default": ""
}
},
"additionalProperties": false
}
Array of Account References applicable to a consent.
{
"type": "array",
"items": {
"$ref": "#/definitions/AccountReference",
"additionalProperties": false
}
}
Is asking for additional information as added within this structured object.
{
"type": "object",
"properties": {
"ownerName": {
"$ref": "#/definitions/AccountReferenceArray",
"description": "Is asking for account owner name of the accounts referenced within. \\n If the array is empty in the request, the TPP is asking for the account owner name of all accessible accounts. This may be restricted in a PSU/ASPSP authorization dialogue. If the array is empty, also the arrays for accounts, balances or transactions shall be empty, if used. \\n The ASPSP will indicate in the consent resource after a successful authorisation, whether the ownerName consent can be accepted by providing the accounts on which the ownerName will be delivered. This array can be empty."
}
},
"additionalProperties": false
}
The values "all-accounts" and "all-accounts-with-ownerName" are admitted. The support of the "all-accounts-with-ownerName" value by the ASPSP is optional.
{
"type": "string",
"enum": [
"all-accounts",
"all-accounts-with-ownerName"
],
"default": "all-accounts",
"additionalProperties": false
}
Authentication Data.
{
"type": "object",
"required": [
"authenticationType",
"authenticationMethodId"
],
"properties": {
"authenticationType": {
"description": "Type of the authentication method.",
"$ref": "#/definitions/AuthenticationType"
},
"authenticationVersion": {
"description": "Depending on the authenticationType. This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP’s documentation.\n",
"type": "string",
"default": ""
},
"authenticationMethodId": {
"description": "An identification provided by the ASPSP for the later identification of the authentication method selection.\n",
"type": "string",
"maxLength": 35,
"default": ""
},
"name": {
"description": "This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like “SMS OTP on phone +49160 xxxxx 28”. This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.\n",
"type": "string",
"default": ""
},
"explanation": {
"description": "detailed information about the sca method for the PSU.\n",
"type": "string",
"default": ""
}
},
"additionalProperties": false
}
Authentication Data.
{
"type": "array",
"items": {
"$ref": "#/definitions/Authentication"
},
"additionalProperties": false
}
authentication types: SMS_OTP - An SCA method, where an OTP linked to the transaction to be authorised is sent to the PSU through a SMS channel. CHIP_OTP - An SCA method, where an OTP is generated by a chip card, e.g. an TOP derived from an EMV cryptogram. To contact the card, the PSU normally needs a (handheld) device. With this device, the PSU either reads the challenging data through a visual interface like flickering or the PSU types in the challenge through the device key pad. The device then derives an OTP from the challenge data and displays the OTP to the PSU. PHOTO_OTP - An SCA method, where the challenge is a QR code or similar encoded visual data which can be read in by a consumer device or specific mobile app. The device resp. the specific app than derives an OTP from the visual challenge data and displays the OTP to the PSU. PUSH_OTP - An OTP is pushed to a dedicated authentication APP and displayed to the PSU.
{
"type": "string",
"enum": [
"SMS_OTP",
"CHIP_OTP",
"PHOTO_OTP",
"PUSH_OTP"
],
"default": "SMS_OTP",
"additionalProperties": false
}
The values "all-accounts" and "all-accounts-with-ownerName" are admitted. The support of the "all-accounts-with-ownerName" value by the ASPSP is optional.
{
"type": "string",
"enum": [
"all-accounts",
"all-accounts-with-ownerName"
],
"default": "all-accounts",
"additionalProperties": false
}
Only the value "selected-accounts" is admitted.
{
"type": "string",
"enum": [
"selected-accounts"
],
"default": "selected-accounts",
"additionalProperties": false
}
Requested Authentication Data
{
"type": "object",
"properties": {
"image": {
"description": "PNG data (max. 512 kilobyte) to be displayed to the PSU, Base64 encoding , cp. [RFC 4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method.\n",
"type": "string",
"format": "byte",
"default": ""
},
"data": {
"description": "String challenge data",
"type": "string",
"default": ""
},
"imageLink": {
"description": "A link where the ASPSP will provides the challenge image for the TPP.",
"type": "string",
"default": ""
},
"otpMaxLength": {
"description": "The maximal length for the OTP to be typed in by the PSU.",
"type": "number",
"default": 0
},
"otpFormat": {
"description": "The format type of the OTP to be typed in.",
"type": "string",
"enum": [
"characters",
"integer"
],
"default": "characters"
},
"additionalInformation": {
"description": "Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU.",
"type": "string",
"default": ""
}
},
"additionalProperties": false
}
authentication status of the consent. Possible values: \n - received: The consent data have been received and are technically correct. The data is not authorised yet. \n - rejected: The consent data have been rejected e.g. since no successful authorisation has taken place. \n - partiallyAuthorised: The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. \n - valid: The consent is accepted and valid for GET account data calls and others as specified in the consent object. \n - revokedByPsu: The consent has been revoked by the PSU towards the ASPSP. \n - expired: The consent expired. \n - terminatedByTpp: The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.
{
"type": "string",
"enum": [
"received",
"rejected",
"partiallyAuthorised",
"valid",
"revokedByPsu",
"expired",
"terminatedByTpp"
],
"additionalProperties": false
}
Returns the content of an account information consent object.
{
"type": "object",
"required": [
"access",
"recurringIndicator",
"validUntil",
"frequencyPerDay",
"lastActionDate",
"consentStatus",
"_links"
],
"properties": {
"access": {
"description": "Requested access services.",
"$ref": "#/definitions/AccountAccess"
},
"recurringIndicator": {
"description": "True, if the consent is for recurring access to the account data False, if the consent is for one access to the account data",
"type": "boolean",
"default": false
},
"validUntil": {
"description": "Requested validity ISODate for the consent.",
"type": "string",
"format": "date-time",
"default": "1900-01-01T00:00:00Z"
},
"frequencyPerDay": {
"description": "Requested Maximum Frequency for an Access per Day.",
"type": "integer",
"format": "int32",
"default": 0
},
"lastActionDate": {
"description": "This date is containing the date of the last action on the consent object either through the XS2A interface or the PSU/ASPSP interface having an impact on the status.\n",
"type": "string",
"format": "date",
"default": "1900-01-01"
},
"consentStatus": {
"description": "authentication status of the consent. Possible values: \\n - received: The consent data have been received and are technically correct. The data is not authorised yet. \\n - rejected: The consent data have been rejected e.g. since no successful authorisation has taken place. \\n - partiallyAuthorised: The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. \\n - valid: The consent is accepted and valid for GET account data calls and others as specified in the consent object. \\n - revokedByPsu: The consent has been revoked by the PSU towards the ASPSP. \\n - expired: The consent expired. \\n - terminatedByTpp: The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.",
"$ref": "#/definitions/ConsentStatusType"
},
"_links": {
"description": "Hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request.",
"$ref": "#/definitions/ConsentDetailResponseLink"
}
},
"additionalProperties": false
}
Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.
{
"type": "object",
"required": [
"access",
"recurringIndicator",
"validUntil",
"frequencyPerDay",
"combinedServiceIndicator"
],
"properties": {
"access": {
"description": "Requested access services. Only the sub attributes with the tags \"accounts\", \"balances\" and \"transactions\" are accepted for this request.",
"$ref": "#/definitions/AccountAccess"
},
"recurringIndicator": {
"description": "\"true\", if the consent is for recurring access to the account data.\n\"false\", if the consent is for one access to the account data.\n",
"type": "boolean",
"default": false
},
"validUntil": {
"description": "This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format.\n",
"type": "string",
"format": "date-time",
"default": "1900-01-01T00:00:00Z"
},
"frequencyPerDay": {
"description": "This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to \"1\".\n",
"type": "integer",
"format": "int32",
"minimum": 1,
"default": 1
},
"combinedServiceIndicator": {
"description": "If \"true\" indicates that a payment initiation service will be addressed in the same \"session\".",
"type": "boolean",
"default": false
}
},
"additionalProperties": false
}
Hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request.
{
"type": "object",
"properties": {
"account": {
"description": "A link to the resource providing the details of one account",
"type": "string",
"default": ""
},
"cardAccount": {
"description": "A link to the resource providing the details of one card account.",
"type": "string",
"default": ""
}
},
"additionalProperties": false
}
Hyperlinks to be recognised by the TPP. The actual hyperlinks used in the response depend on the dynamical decisions of the ASPSP when processing the request.
{
"type": "object",
"properties": {
"scaRedirect": {
"description": "A link to an ASPSP site where SCA is performed within the Redirect SCA approach",
"type": "string",
"default": ""
},
"startAuthorisation": {
"description": "A link to an endpoint, where the authorisation of a transaction or the authorisation of a transaction cancellation shall be started with a POST command. No specific data is needed for this process start.",
"type": "string",
"default": ""
},
"startAuthorisationWithPsuIdentification": {
"description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU identification shall be uploaded with the corresponding call.",
"type": "string",
"default": ""
},
"updatePsuIdentification": {
"description": "The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in a redirect or decoupled approach, where the PSU ID was missing in the first request.\n",
"type": "string",
"default": ""
},
"startAuthorisationWithProprietaryData": {
"description": "A link to the endpoint, where the authorisation of a transaction or of a transaction cancellation shall be started, and where proprietary data needs to be updated with this call. The TPP can find the scope of missing proprietary data in the ASPSP documentation.",
"type": "string",
"default": ""
},
"updateProprietaryData": {
"description": "The link to the payment initiation or account information resource, which needs to be updated by the proprietary data.",
"type": "string",
"default": ""
},
"startAuthorisationWithPsuAuthentication": {
"description": "The link to an endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where PSU authentication data shall be uploaded with the corresponding call.",
"type": "string",
"default": ""
},
"updatePsuAuthentication": {
"description": "The link to the account information resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in a case of the Embedded SCA approach.\n",
"type": "string",
"default": ""
},
"updateAdditionalPsuAuthentication": {
"description": "The link to the payment initiation or account information resource, which needs to be updated by an additional PSU password.",
"type": "string",
"default": ""
},
"startAuthorisationWithAuthenticationMethodSelection": {
"description": "This is a link to and endpoint where the authorisation of a transaction or of a transaction cancellation shall be started, where the selected SCA method shall be uploaded with the corresponding call.",
"type": "string",
"default": ""
},
"selectAuthenticationMethod": {
"description": "This is a link to a resource, where the TPP can select the applicable SCA for the PSU, if there were several available authentication methods. This link is only contained under exactly the same conditions as the data element “authenticationMethods”, see above.\n",
"type": "string",
"default": ""
},
"startAuthorisationWithTransactionAuthorisation": {
"description": "A link to an endpoint, where an authorisation of a transaction or a cancellation can be started, and where the response data for the challenge is uploaded in the same call for the transaction authorisation or transaction cancellation at the same time in the Embedded SCA Approach.",
"type": "string",
"default": ""
},
"authoriseTransaction": {
"description": "The link to the payment initiation or consent resource, where the “Transaction Authorisation”Request” is sent to.\nThis is the link to the resource which will authorise the payment or the consent by checking the SCA authentication data within the Embedded SCA approach.\n",
"type": "string"
},
"self": {
"description": "The link to the payment initiation resource created by the request itself. This link can be used later to retrieve the transaction status of the payment initiation.",
"type": "string",
"default": ""
},
"status": {
"description": "The link to retrieve the transaction status of the account information consent.\n",
"type": "string",
"default": ""
},
"scaStatus": {
"description": "A link to retrieve the status of the authorisation or cancellation-authorisation sub-resource.",
"type": "string",
"default": ""
}
},
"additionalProperties": false
}
Informs TPP about an account information consent resource.
{
"type": "object",
"required": [
"consentStatus",
"consentId",
"_links"
],
"properties": {
"consentStatus": {
"description": "authentication status of the consent. Possible values: \\n - received: The consent data have been received and are technically correct. The data is not authorised yet. \\n - rejected: The consent data have been rejected e.g. since no successful authorisation has taken place. \\n - partiallyAuthorised: The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. \\n - valid: The consent is accepted and valid for GET account data calls and others as specified in the consent object. \\n - revokedByPsu: The consent has been revoked by the PSU towards the ASPSP. \\n - expired: The consent expired. \\n - terminatedByTpp: The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.",
"$ref": "#/definitions/ConsentStatusType"
},
"consentId": {
"description": "Identification of the consent resource as it is used in the API structure Shall be contained, if a consent resource was generated.\n",
"type": "string",
"default": ""
},
"scaMethods": {
"description": "This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. If this data element is contained, then there is also an hyperlink of type \"selectAuthenticationMethods\" contained in the response body. These methods shall be presented towards the PSU for selection by the TPP.\n",
"items": {
"type": "string"
},
"$ref": "#/definitions/AuthenticationArray"
},
"chosenScaMethod": {
"description": "This data element is only contained in the response if the APSPS has chosen the Embedded SCA Approach, if the PSU is already identified with the first relevant factor or alternatively an access token, if SCA is required and if the authentication method is implicitly selected.\n",
"$ref": "#/definitions/Authentication"
},
"challengeData": {
"description": "It is containded in addition to the data element chosenScaMethod if challenge data is needed for SCA. In rare cases this attribute is also used in the context of the psuAuthentication link.\n",
"$ref": "#/definitions/Challenge"
},
"_links": {
"description": "A list of hyperlinks to be recognised by the TPP.\n",
"$ref": "#/definitions/ConsentResponseLink"
},
"delegationId": {
"description": "An identification provided by the ASPSP for the later identification of the authentication delegated.\n",
"type": "string",
"default": ""
},
"psuMessage": {
"description": "Text to be displayed to the PSU, e.g. in a Decoupled SCA Approach\n",
"type": "string",
"maxLength": 500,
"default": ""
},
"tppMessages": {
"description": "Messages to the TPP on operational issues.",
"$ref": "#/definitions/TppMessageArray"
}
},
"additionalProperties": false
}
Informs TPP about status of an account information consent resource.
{
"type": "object",
"required": [
"consentStatus"
],
"properties": {
"consentStatus": {
"description": "authentication status of the consent. Possible values: \\n - received: The consent data have been received and are technically correct. The data is not authorised yet. \\n - rejected: The consent data have been rejected e.g. since no successful authorisation has taken place. \\n - partiallyAuthorised: The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet. \\n - valid: The consent is accepted and valid for GET account data calls and others as specified in the consent object. \\n - revokedByPsu: The consent has been revoked by the PSU towards the ASPSP. \\n - expired: The consent expired. \\n - terminatedByTpp: The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.",
"$ref": "#/definitions/ConsentStatusType"
},
"psuMessage": {
"description": "Text to be displayed to the PSU",
"type": "string",
"maxLength": 500,
"default": ""
}
},
"additionalProperties": false
}
Error Information.
{
"type": "object",
"properties": {
"tppMessages": {
"$ref": "#/definitions/TppMessageArray",
"description": "Messages to the TPP on operational issues."
}
},
"additionalProperties": false
}
Error and status Information.
{
"type": "object",
"properties": {
"transactionStatus": {
"$ref": "#/definitions/TransactionStatusType",
"description": "The transaction status is filled with codes of the ISO 20022 corresponding element."
},
"tppMessages": {
"$ref": "#/definitions/TppMessageArray",
"description": "Messages to the TPP on operational issues."
}
},
"additionalProperties": false
}
Message error codes.
{
"type": "string",
"enum": [
"SERVICE_BLOCKED",
"CORPORATE_ID_IVALID",
"CONSENT_UNKNOWN",
"CONSENT_INVALID",
"CONSENT_EXPIRED",
"RESOURCE_UNIKNOWN",
"RESOURCE_EXPIRED",
"TIMESTAMP_INVALID",
"PERIOD_INVALID",
"SCA_METHOD_UNKKNOWN",
"TRANSACTION_ID_INVALID",
"PRODUCT_INVALID",
"PRODUCT_UNKNOWN",
"PAYMENT_FAILED",
"REQUIRED_KID_MISSING",
"SESSIONS_NOT_SUPPORTED",
"ACCESS_EXCEEDED",
"REQUESTED_FORMATS_INVALID",
"CARD_INVALID",
"NO_PIIS_ACTIVATION"
],
"default": "SERVICE_BLOCKED",
"additionalProperties": false
}
Transports additional error information.
{
"required": [
"category",
"code"
],
"properties": {
"category": {
"type": "string",
"default": "",
"description": "Category of the error. Only \"ERROR\" or \"WARNING\" permitted."
},
"code": {
"$ref": "#/definitions/MessageCode",
"description": "Message error code."
},
"path": {
"type": "string",
"default": "",
"description": "Path of the element of the request message which provoked this error message."
},
"text": {
"type": "string",
"maxLength": 512,
"default": "",
"description": "Additional explaining text."
}
},
"additionalProperties": false
}
Messages to the TPP on operational issues.
{
"type": "array",
"items": {
"$ref": "#/definitions/TppMessage",
"description": "Transports additional error information."
},
"additionalProperties": false
}
ISO20022: The transaction status is filled with value of the ISO20022 data table. RCVD : RECEIVED PDNG : PENDING PATC : PARTIALLY ACCEPTED TECHNICAL CORRECT ACTC : ACCEPTED TECHNICAL VALIDATION RJCT : REJECTED
{
"type": "string",
"enum": [
"RCVD",
"PDNG",
"PATC",
"ACTC",
"RJCT"
],
"default": "RJCT",
"additionalProperties": false
}