Api documentation
Api documentation get started
Api documentation
References - NextGenPSD2XS2AFramework 2.0 Mar 1st 2019 Json Yaml
Create consent
POST /v2/consents/confirmation-of-funds
This method creates a confirmation of funds consent resource at the ASPSP regarding confirmation of funds access to an account specified in this request.
Side Effects In difference to the Establish Account Information Consent as defined in [XS2A-IG], there is no side effect by the Establish Confirmation of Funds Consent Request
Parameter | Type/Format | Description |
---|---|---|
X-Request-ID
|
Header / string |
ID of the request, unique to the call, as determined by the initiating party. |
PSU-User-Agent
|
Header / string |
The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
TPP-Redirect-URI
|
Header / string |
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field. Remark for Future: This field might be changed to mandatory in the next version of the specification. |
TPP-Nok-Redirect-URI
|
Header / string |
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. |
TPP-Explicit-Authorisation-Preferred
|
Header / string |
If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality. If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket. |
PSU-IP-Address
|
Header / string |
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. |
PSU-IP-Port
|
Header / string |
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. |
PSU-Accept
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Charset
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Encoding
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Language
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Http-Method
|
Header / string |
HTTP method used at the PSU ? TPP interface, if available. Valid values are:
|
PSU-Device-ID
|
Header / string |
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
PSU-Geo-Location
|
Header / string |
The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
TPP-Redirect-Preferred
|
Header / string |
If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. |
PSU-ID-Type
|
Header / string |
Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. |
PSU-ID
|
Header / string |
Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session. |
TPP-Signature-Certificate
|
Header / string |
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. |
Signature
|
Header / string |
A signature of the request by the TPP on application level. This might be mandated by ASPSP. |
Digest
|
Header / string |
Is contained if and only if the "Signature" element is contained in the header of the request. |
PSU-Corporate-ID
|
Header / string |
Might be mandated in the ASPSP's documentation. Only used in a corporate context. |
PSU-Corporate-ID-Type
|
Header / string |
Might be mandated in the ASPSP's documentation. Only used in a corporate context. |
consentsConfirmationOfFunds
|
body / object |
Requestbody for a consent confirmation of funds request. |
Sample Request
{
"access": {
"balances": [
{
"iban": "DE40100100103307118608"
},
{
"iban": "DE40100100103307118608"
},
{
"iban": "DE02100100109307118603",
"currency": "USD"
},
{
"iban": "DE02100100109307118603",
"currency": "USD"
},
{
"iban": "DE67100100101306118605"
},
{
"iban": "DE67100100101306118605"
}
],
"transactions": [
{
"iban": "DE40100100103307118608"
},
{
"iban": "DE40100100103307118608"
},
{
"maskedPan": "123456xxxxxx1234"
},
{
"maskedPan": "123456xxxxxx1234"
}
]
},
"recurringIndicator": "true",
"validUntil": "2017-11-01",
"frequencyPerDay": "4"
}
Response
201 - Created
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests
Get Consent Status
GET /v2/consents/confirmation-of-funds/{consentId}/status
Can check the status of an account information consent resource.
Parameter | Type/Format | Description |
---|---|---|
PSU-Geo-Location
|
Header / string |
The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
PSU-Device-ID
|
Header / string |
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
PSU-Http-Method
|
Header / string |
HTTP method used at the PSU ? TPP interface, if available. Valid values are:
|
PSU-User-Agent
|
Header / string |
The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Accept-Language
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Encoding
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Charset
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-IP-Port
|
Header / string |
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. |
PSU-IP-Address
|
Header / string |
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. |
TPP-Signature-Certificate
|
Header / string |
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. |
X-Request-ID
|
Header / string |
ID of the request, unique to the call, as determined by the initiating party. |
Digest
|
Header / string |
Is contained if and only if the "Signature" element is contained in the header of the request. |
Signature
|
Header / string |
A signature of the request by the TPP on application level. This might be mandated by ASPSP. |
consentId
|
Path / |
ID of the corresponding consent object as returned by an Account Information Consent Request. |
Response
200 - Get consent status
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests
Get Consent Content
GET /v2/consents/confirmation-of-funds/{consentId}
Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.
Parameter | Type/Format | Description |
---|---|---|
X-Request-ID
|
Header / string |
ID of the request, unique to the call, as determined by the initiating party. |
PSU-Geo-Location
|
Header / string |
The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
PSU-Device-ID
|
Header / string |
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
PSU-Http-Method
|
Header / string |
HTTP method used at the PSU ? TPP interface, if available. Valid values are:
|
PSU-User-Agent
|
Header / string |
The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
PSU-Accept-Language
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Encoding
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Charset
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-IP-Port
|
Header / string |
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. |
PSU-IP-Address
|
Header / string |
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. |
TPP-Signature-Certificate
|
Header / string |
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. |
Signature
|
Header / string |
A signature of the request by the TPP on application level. This might be mandated by ASPSP. |
Digest
|
Header / string |
Is contained if and only if the "Signature" element is contained in the header of the request. |
consentId
|
Path / |
ID of the corresponding consent object as returned by an Account Information Consent Request. |
Response
200 - Get consent status
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests
Delete Consent Content
DELETE /v2/consents/confirmation-of-funds/{consentId}
Deletes a given consent.
Parameter | Type/Format | Description |
---|---|---|
TPP-Signature-Certificate
|
Header / string |
The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained. |
PSU-IP-Address
|
Header / string |
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU. |
PSU-IP-Port
|
Header / string |
The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. |
PSU-Accept
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Charset
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Encoding
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-Accept-Language
|
Header / string |
The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. |
PSU-User-Agent
|
Header / string |
The forwarded Agent header field of the HTTP request between PSU and TPP, if available. |
Signature
|
Header / string |
A signature of the request by the TPP on application level. This might be mandated by ASPSP. |
Digest
|
Header / string |
Is contained if and only if the "Signature" element is contained in the header of the request. |
X-Request-ID
|
Header / string |
ID of the request, unique to the call, as determined by the initiating party. |
PSU-Geo-Location
|
Header / string |
The forwarded Geo Location of the corresponding http request between PSU and TPP if available. |
PSU-Device-ID
|
Header / string |
UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. |
PSU-Http-Method
|
Header / string |
HTTP method used at the PSU ? TPP interface, if available. Valid values are:
|
consentId
|
Path / |
ID of the corresponding consent object as returned by an Account Information Consent Request. |
Response
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests
Start authorisation for Confirmation of Funds Consent
POST /v2/consents/confirmation-of-funds/{consentId}/authorisations
Start auth for consent confirmation of funds
Parameter | Type/Format | Description |
---|
Response
Confirmation of Funds Consent Update PSU Data
PUT /v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}
Update PSU Data on PIIS consent authorization
Parameter | Type/Format | Description |
---|
Response
get account list
GET v1/account-list
get account list
Parameter | Type/Format | Description |
---|