Api documentation

Api documentation get started

References - NextGenPSD2XS2AFramework 2.0 Mar 1st 2019 Json Yaml

Create consent


                            POST /v2/consents/confirmation-of-funds

This method creates a confirmation of funds consent resource at the ASPSP regarding confirmation of funds access to an account specified in this request.

Side Effects In difference to the Establish Account Information Consent as defined in [XS2A-IG], there is no side effect by the Establish Confirmation of Funds Consent Request

Consumes

application/json

Parameter	Type/Format	Description
`X-Request-ID Required`	Header / string	ID of the request, unique to the call, as determined by the initiating party.
`PSU-User-Agent Optional`	Header / string	The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
`TPP-Redirect-URI Optional`	Header / string	URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. Remark for Future: This field might be changed to mandatory in the next version of the specification.
`TPP-Nok-Redirect-URI Optional`	Header / string	If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.
`TPP-Explicit-Authorisation-Preferred Optional`	Header / string	If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket.
`PSU-IP-Address Optional`	Header / string	The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
`PSU-IP-Port Optional`	Header / string	The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
`PSU-Accept Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Charset Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Encoding Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Language Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Http-Method Optional`	Header / string	HTTP method used at the PSU ? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE
`PSU-Device-ID Optional`	Header / string	UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
`PSU-Geo-Location Optional`	Header / string	The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
`TPP-Redirect-Preferred Optional`	Header / string	If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.
`PSU-ID-Type Optional`	Header / string	Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
`PSU-ID Optional`	Header / string	Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.
`TPP-Signature-Certificate Optional`	Header / string	The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
`Signature Optional`	Header / string	A signature of the request by the TPP on application level. This might be mandated by ASPSP.
`Digest Optional`	Header / string	Is contained if and only if the "Signature" element is contained in the header of the request.
`PSU-Corporate-ID Optional`	Header / string	Might be mandated in the ASPSP's documentation. Only used in a corporate context.
`PSU-Corporate-ID-Type Optional`	Header / string	Might be mandated in the ASPSP's documentation. Only used in a corporate context.
`consentsConfirmationOfFunds Required`	body / object	Requestbody for a consent confirmation of funds request.

Sample Request

{
  "access": {
    "balances": [
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE02100100109307118603",
        "currency": "USD"
      },
      {
        "iban": "DE02100100109307118603",
        "currency": "USD"
      },
      {
        "iban": "DE67100100101306118605"
      },
      {
        "iban": "DE67100100101306118605"
      }
    ],
    "transactions": [
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE40100100103307118608"
      },
      {
        "maskedPan": "123456xxxxxx1234"
      },
      {
        "maskedPan": "123456xxxxxx1234"
      }
    ]
  },
  "recurringIndicator": "true",
  "validUntil": "2017-11-01",
  "frequencyPerDay": "4"
}

Response

201 - Created

400 - Bad Request

401 - Unauthorized

403 - Forbidden

404 - Not found

405 - Method Not Allowed

406 - Not Acceptable

409 - Conflict

429 - Too Many Requests

Get Consent Status


                            GET /v2/consents/confirmation-of-funds/{consentId}/status

Can check the status of an account information consent resource.

Parameter	Type/Format	Description
`PSU-Geo-Location Optional`	Header / string	The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
`PSU-Device-ID Optional`	Header / string	UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
`PSU-Http-Method Optional`	Header / string	HTTP method used at the PSU ? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE
`PSU-User-Agent Optional`	Header / string	The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
`PSU-Accept-Language Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Encoding Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Charset Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-IP-Port Optional`	Header / string	The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
`PSU-IP-Address Optional`	Header / string	The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
`TPP-Signature-Certificate Optional`	Header / string	The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
`X-Request-ID Required`	Header / string	ID of the request, unique to the call, as determined by the initiating party.
`Digest Optional`	Header / string	Is contained if and only if the "Signature" element is contained in the header of the request.
`Signature Optional`	Header / string	A signature of the request by the TPP on application level. This might be mandated by ASPSP.
`consentId Required`	Path /	ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

200 - Get consent status

400 - Bad Request

401 - Unauthorized

403 - Forbidden

404 - Not found

405 - Method Not Allowed

406 - Not Acceptable

409 - Conflict

429 - Too Many Requests

Get Consent Content


                            GET /v2/consents/confirmation-of-funds/{consentId}

Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.

Parameter	Type/Format	Description
`X-Request-ID Required`	Header / string	ID of the request, unique to the call, as determined by the initiating party.
`PSU-Geo-Location Optional`	Header / string	The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
`PSU-Device-ID Optional`	Header / string	UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
`PSU-Http-Method Optional`	Header / string	HTTP method used at the PSU ? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE
`PSU-User-Agent Optional`	Header / string	The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
`PSU-Accept-Language Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Encoding Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Charset Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-IP-Port Optional`	Header / string	The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
`PSU-IP-Address Optional`	Header / string	The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
`TPP-Signature-Certificate Optional`	Header / string	The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
`Signature Optional`	Header / string	A signature of the request by the TPP on application level. This might be mandated by ASPSP.
`Digest Optional`	Header / string	Is contained if and only if the "Signature" element is contained in the header of the request.
`consentId Required`	Path /	ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

200 - Get consent status

400 - Bad Request

401 - Unauthorized

403 - Forbidden

404 - Not found

405 - Method Not Allowed

406 - Not Acceptable

409 - Conflict

429 - Too Many Requests

Delete Consent Content


                            DELETE /v2/consents/confirmation-of-funds/{consentId}

Deletes a given consent.

Parameter	Type/Format	Description
`TPP-Signature-Certificate Optional`	Header / string	The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.
`PSU-IP-Address Optional`	Header / string	The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.
`PSU-IP-Port Optional`	Header / string	The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.
`PSU-Accept Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Charset Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Encoding Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-Accept-Language Optional`	Header / string	The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.
`PSU-User-Agent Optional`	Header / string	The forwarded Agent header field of the HTTP request between PSU and TPP, if available.
`Signature Optional`	Header / string	A signature of the request by the TPP on application level. This might be mandated by ASPSP.
`Digest Optional`	Header / string	Is contained if and only if the "Signature" element is contained in the header of the request.
`X-Request-ID Required`	Header / string	ID of the request, unique to the call, as determined by the initiating party.
`PSU-Geo-Location Optional`	Header / string	The forwarded Geo Location of the corresponding http request between PSU and TPP if available.
`PSU-Device-ID Optional`	Header / string	UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.
`PSU-Http-Method Optional`	Header / string	HTTP method used at the PSU ? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE
`consentId Required`	Path /	ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

400 - Bad Request

401 - Unauthorized

403 - Forbidden

404 - Not found

405 - Method Not Allowed

406 - Not Acceptable

409 - Conflict

429 - Too Many Requests

consentConfirmationOfFundsStartAuth


                            POST /v2/consents/confirmation-of-funds/{consentId}/authorisations

consentConfirmationOfFundsStartAuth

Parameter	Type/Format	Description

Response

consentConfirmationOfFundsUpdatePSUData


                            PUT /v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}

consentConfirmationOfFundsUpdatePSUData

Parameter	Type/Format	Description

Response

⇧