Api documentation

Api documentation get started

Api documentation

References - NextGenPSD2XS2AFramework 2.0 Mar 1st 2019 Json Yaml

Create consent

POST /v2/consents/confirmation-of-funds

This method creates a confirmation of funds consent resource at the ASPSP regarding confirmation of funds access to an account specified in this request.

Side Effects In difference to the Establish Account Information Consent as defined in [XS2A-IG], there is no side effect by the Establish Confirmation of Funds Consent Request

Consumes
application/json
Parameter Type/Format Description
X-Request-ID
Required

Header / string

ID of the request, unique to the call, as determined by the initiating party.

PSU-User-Agent
Optional

Header / string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

TPP-Redirect-URI
Optional

Header / string

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically when TPP-Redirect-Preferred equals "true". It is recommended to always use this header field.

Remark for Future: This field might be changed to mandatory in the next version of the specification.

TPP-Nok-Redirect-URI
Optional

Header / string

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.

TPP-Explicit-Authorisation-Preferred
Optional

Header / string

If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality.

If it equals "false" or if the parameter is not used, there is no preference of the TPP. This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step, without using a signing basket.

PSU-IP-Address
Optional

Header / string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
Optional

Header / string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Http-Method
Optional

Header / string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE

PSU-Device-ID
Optional

Header / string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
Optional

Header / string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

TPP-Redirect-Preferred
Optional

Header / string

If it equals "true", the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.

PSU-ID-Type
Optional

Header / string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

PSU-ID
Optional

Header / string

Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.

TPP-Signature-Certificate
Optional

Header / string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Signature
Optional

Header / string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

Digest
Optional

Header / string

Is contained if and only if the "Signature" element is contained in the header of the request.

PSU-Corporate-ID
Optional

Header / string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

PSU-Corporate-ID-Type
Optional

Header / string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

consentsConfirmationOfFunds
Required

body / object

Requestbody for a consent confirmation of funds request.

Sample Request

{
  "access": {
    "balances": [
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE02100100109307118603",
        "currency": "USD"
      },
      {
        "iban": "DE02100100109307118603",
        "currency": "USD"
      },
      {
        "iban": "DE67100100101306118605"
      },
      {
        "iban": "DE67100100101306118605"
      }
    ],
    "transactions": [
      {
        "iban": "DE40100100103307118608"
      },
      {
        "iban": "DE40100100103307118608"
      },
      {
        "maskedPan": "123456xxxxxx1234"
      },
      {
        "maskedPan": "123456xxxxxx1234"
      }
    ]
  },
  "recurringIndicator": "true",
  "validUntil": "2017-11-01",
  "frequencyPerDay": "4"
}

Response

201 - Created
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests

Get Consent Status

GET /v2/consents/confirmation-of-funds/{consentId}/status

Can check the status of an account information consent resource.

Parameter Type/Format Description
PSU-Geo-Location
Optional

Header / string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

PSU-Device-ID
Optional

Header / string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Http-Method
Optional

Header / string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE

PSU-User-Agent
Optional

Header / string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Accept-Language
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-IP-Port
Optional

Header / string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-IP-Address
Optional

Header / string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

TPP-Signature-Certificate
Optional

Header / string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

X-Request-ID
Required

Header / string

ID of the request, unique to the call, as determined by the initiating party.

Digest
Optional

Header / string

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
Optional

Header / string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

consentId
Required

Path /

ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

200 - Get consent status
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests

Get Consent Content

GET /v2/consents/confirmation-of-funds/{consentId}

Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach.

Parameter Type/Format Description
X-Request-ID
Required

Header / string

ID of the request, unique to the call, as determined by the initiating party.

PSU-Geo-Location
Optional

Header / string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

PSU-Device-ID
Optional

Header / string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Http-Method
Optional

Header / string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE

PSU-User-Agent
Optional

Header / string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Accept-Language
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-IP-Port
Optional

Header / string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-IP-Address
Optional

Header / string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

TPP-Signature-Certificate
Optional

Header / string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

Signature
Optional

Header / string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

Digest
Optional

Header / string

Is contained if and only if the "Signature" element is contained in the header of the request.

consentId
Required

Path /

ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

200 - Get consent status
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests

Delete Consent Content

DELETE /v2/consents/confirmation-of-funds/{consentId}

Deletes a given consent.

Parameter Type/Format Description
TPP-Signature-Certificate
Optional

Header / string

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
Optional

Header / string

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
Optional

Header / string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
Optional

Header / string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
Optional

Header / string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

Signature
Optional

Header / string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

Digest
Optional

Header / string

Is contained if and only if the "Signature" element is contained in the header of the request.

X-Request-ID
Required

Header / string

ID of the request, unique to the call, as determined by the initiating party.

PSU-Geo-Location
Optional

Header / string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

PSU-Device-ID
Optional

Header / string

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Http-Method
Optional

Header / string

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE

consentId
Required

Path /

ID of the corresponding consent object as returned by an Account Information Consent Request.

Response

400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not found
405 - Method Not Allowed
406 - Not Acceptable
409 - Conflict
429 - Too Many Requests

Start authorisation for Confirmation of Funds Consent

POST /v2/consents/confirmation-of-funds/{consentId}/authorisations

Start auth for consent confirmation of funds

Consumes
application/json
Parameter Type/Format Description

Response

Confirmation of Funds Consent Update PSU Data

PUT /v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}

Update PSU Data on PIIS consent authorization

Consumes
application/json
Parameter Type/Format Description

Response

get account list

GET v1/account-list

get account list

Parameter Type/Format Description

Response