Consents Service - SMBC NextGenPSD2

Transcription

1 Consents Service - SMBC NextGenPSD2 1.3.SMBC February 2019 Framework (Berlin Group V1.3) Summary OAS3 SMBC offers third party access to accounts (XS2A) in a safe and efficient way using Application Programming Interfaces (APIs) in line with the Berlin Group's NextGenPSD2 Framework Version 1.3. SMBC supports the following NextGenPSD2 services: Consents Accounts Payments Signing-baskets Funds-confirmations SMBC uses an OAuth authentication approach for which the following service is supported: Tokens The NextGenPSD2 framework supports a number of SCA approaches for granting TPPs safe and secure access to accounts as well as SCA approaches for submitting payments. SMBC supports the following approach: Redirect SCA Approach Under our implementation, TPPs will first use our Token service to obtain a TPP Access Token via a Client Credentials Grant Flow which will then be used to create a Consent Resource using our Consents service. The creation of the Consent Resource starts an OAuth Grant Flow resulting in the PSU performing SCA via redirect and the TPP obtaining a PSU Access Token and Refresh Token. PSU Access Tokens are short lived while Refresh Tokens will remain valid for the duration of the requested access (maximum of 90 days). Using a valid PSU Access Token and accompanying Consent-Id, the TPP may make unlimited AISP requests using our Accounts service and may create Payments and read Payment data using our Payments and Signing-baskets services. In addition to holding a valid PSU Access Token, every Payment requires two PSUs to undergo an additional SCA using the Redirect SCA Approach for authorisation. PSUs may provide their authorisation to multiple Payments at once using a Signing-basket.

2 Consents This document, based on the NextGenPSD2 YAML, which itself is based on the NextGenPSD2 Implementation Guidelines, defines SMBC's Consents service. In this document we describe which endpoints are supported and the request and response specifications for each. According to the OpenAPI-Specification [ "If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored." The element "Accept" will not be defined in this file at any place. The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security". We omit the definition of all standard HTTP header elements (mandatory/optional/conditional) except they are mention in the Implementation Guidelines. Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file. General Remarks on Data Types The Berlin Group definition of UTF-8 s in context of the PSD2 API have to support at least the following characters a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z / -? : ( )., ' + Space The Berlin Group - A European Standards Initiative - Website Send to The Berlin Group - A European Standards Initiative Creative Commons Attribution 4.0 International Public License Full Documentation of NextGenPSD2 Access to Account Interoperability Framework (General Introduction Paper, Operational Rules, Implementation Guidelines) Servers

3 - SMBC Sandbox PSD2 Project Authorize Consents Concents Details POST /berlingroup/v1/consents Create consent This method creates a consent resource, defining access rights to dedicated accounts of a given PSU-ID. SMBC uses the NextGenPSD2 'Bank offered consent' model where the Account access is configured as a pre-step directly between the PSU and SMBC. The Access access for this request is then empty and will be populated by SMBC once SCA is completed. The TPP can then retrieve the Consent Resource to read the Account access. Side Effects If a valid Consent Resource already exists for the TPP for the PSU then it will be expired by this request. Remark: ValidUntil dates beyond 90 days will be amended by SMBC to 90 days. Remark: RecurringIndicator will be ignoredby SMBC and always treated as "true". Remark: CombinedServicesIndicator will be ignoredby SMBC and always treated as "true". Parameters Try it out Name Description X-Requestrequired ID * PSU-ID * required ID of the request, unique to the call, as determined by the initiating party. Client ID of the PSU in the ASPSP client interface. Might be mandated in the ASPSP's documentation. Is not contained if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceeding AIS service in the same session.

4 Name Description TPP-Redirectrequired URI * PSU-IP- Address * PSU-IP-Port PSU-Accept PSU-Devicerequired ID * PSU-Accept- Charset PSU-Accept- Encoding required URI of the TPP, where the transaction flow shall be redirected to after a Redirect. The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP. UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device. The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

5 Name Description PSU-Accept- Language The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. PSU-User-Agent The forwarded Agent header field of the HTTP request between PSU and TPP, if available. PSU-Http- Method HTTP method used at the PSU? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE Available values : GET, POST, PUT, PATCH, DELETE PSU-Geo- Location The forwarded Geo Location of the corresponding http request between PSU and TPP if available. Request body application/json Requestbody for a consents request Example Value Schema consents Content of the body of a consent request. access accountaccess Requested access services for a consent.

6 accounts [ Is asking for detailed account information. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9]2,2}[a-zA- Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a

7 customer. currency currencycode pattern: [A-Z]3} example: EUR entity entity maxlength: 35 ISO 4217 Alpha 3 currency code Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]3,3})0,1} example: AAAADEBBXXX BICFI balances }] [ Is asking for balances of the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9]2,2}[a-zA- Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC

8 Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR entity entity maxlength: 35 ISO 4217 Alpha 3 currency code Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]3,3})0,1} example: AAAADEBBXXX BICFI transactions }] [ Is asking for transactions of the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC

9 will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9]2,2}[a-zA- Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency code

10 entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]3,3})0,1} example: AAAADEBBXXX BICFI paymentcreations }] [ Is asking for payment creation for the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9]2,2}[a-zA- Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account

11 access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR entity entity maxlength: 35 ISO 4217 Alpha 3 currency code Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]3,3})0,1} example: AAAADEBBXXX BICFI paymentauthorisations }] [ Is asking for payment authorisation for the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using:

12 iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9]2,2}[a-zA- Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR entity entity maxlength: 35 ISO 4217 Alpha 3 currency code Title of the account holder, given by the bank in online banking.

13 bic bicfi pattern: [A-Z]6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]3,3})0,1} example: AAAADEBBXXX BICFI }] } recurringindicator recurringindicator boolean example: true "true", if the consent is for recurring access to the account data. "false", if the consent is for one access to the account data. validuntil* validuntil ($date) example: This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISO-Date Format, e.g Future dates might get adjusted by ASPSP. If a maximal available date is requested, a date in far future is to be used: " ". In both cases the consent object to be retrieved by the GET Consent Request will contain the adjusted date. frequencyperday frequencyperday integer example: 4 combinedserviceindicator boolean example: false This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to "1". If "true" indicates that a payment initiation service will be addressed in the same "session". }

14 Responses 201 Created application/json Controls Accept header. Example Value Schema consentsresponse-201 Body of the JSON response for a successful conset request. consentstatus* consentstatus example: received This is the overall lifecycle status of the consent. Enum: [ received, rejected, valid, revokedbypsu, expired, terminatedbytpp ] consentid* consentid ID of the corresponding consent object as returned by an Account Information Consent Request. _* _Consents A list of hyper to be recognised by the TPP. documentation): 'scaredirect': In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to redirect the PSU browser. 'self': The link to the Establish Account Information Consent resource created by this request. This link can be used to retrieve the resource data. 'status': The link to retrieve the status of the account information consent. 'scastatus': The link to retrieve

15 Code Description the scastatus of the corresponding authorisation sub-resource. This link is only contained, if an authorisation sub-resource has been already created. Links scaredirect hreftype example: /v1/payments/sepa-credittransfers/1234-wertiq-983 Link to a resource self hreftype example: /v1/payments/sepa-credittransfers/1234-wertiq-983 Link to a resource status hreftype example: /v1/payments/sepa-credittransfers/1234-wertiq-983 Link to a resource scastatus hreftype example: /v1/payments/sepa-credittransfers/1234-wertiq-983 Link to a resource } } Location Location of the created resource. X-Request-ID ID of the request, unique to the call, as determined by the initiating party. ASPSP-SCA- Approach This data element must be contained, if the SCA Approach is already fixed. Example: EMBEDDED

16 Date Current time in UTC datetime 400 Bad Request application/json Example Value Schema Error400_AIS_SMBC Error definition for additional SMBC validation. error* MessageCode400_AIS_SMBC Error attribute defining the type of error encountered. Enum: error_description* [ invalid_request, invalid_client ] ($uri) maxlength: 70 A description of the cause of the error, e.g. a mandatory request header is missing. }

17 401 Unauthorized application/problem+json Example Value Schema Error401_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for AIS. ($uri) maxlength: 70 A NextGeNPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode401_AIS Message codes defined for AIS for HTTP Error code 401 (UNAUTHORIZED). Enum: [ PSU_CREDENTIALS_INVALID, TOKEN_UNKNOWN, TOKEN_INVALID, TOKEN_EXPIRED ] }

18 405 Method t Allowed application/problem+json Example Value Schema Error405_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode405_AIS Message codes defined for AIS for HTTP Error code 405 (METHOD NOT ALLOWED). Enum: [ SERVICE_INVALID ] }

19 429 Too Many Requests 500 Internal Server Error 503 Service Unavailable GET /berlingroup/v1/consents/consentid} Get Consent Request Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between ASPSP and PSU e.g. in a re-direct SCA Approach. Parameters Try it out

20 Name Description consentid * (path) PSU-IP-Address PSU-Device-ID PSU-IP-Port PSU-Accept X-Requestrequired ID * PSU-Accept- Charset required ID of the corresponding consent object as returned by an Account Information Consent Request. ID of the request, unique to the call, as determined by the initiating party. The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It must be contained if and only if this request was actively initiated by the PSU. UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. It must be contained if and only if this request was actively initiated by the PSU. The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

21 Name Description PSU-Accept- Encoding PSU-Accept- Language PSU-User-Agent PSU-Http-Method The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded Agent header field of the HTTP request between PSU and TPP, if available. HTTP method used at the PSU? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE Available values : GET, POST, PUT, PATCH, DELETE PSU-Geo-Location The forwarded Geo Location of the corresponding http request between PSU and TPP if available. Responses

22 OK 200 application/json Controls Accept header. Example Value Schema consentinformationresponse-200_json Body of the JSON response for a successfull get consent request. access* accountaccess Requested access services for a consent. accounts [ Is asking for detailed account information. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9] 2,2}[a-zA-Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number

23 (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency code entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9] [A-NP-Z0-9]([A-Z0-9]3,3}) 0,1} example: AAAADEBBXXX BICFI balances }] [ Is asking for balances of the addressed accounts. Should be left empty as the access was

24 agreed as a pre-step between the PSU and Code Description SMBC directly. Once authorised SMBC will Links populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9] 2,2}[a-zA-Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer.

25 Code Description pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency Links code entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9] [A-NP-Z0-9]([A-Z0-9]3,3}) 0,1} example: AAAADEBBXXX BICFI transactions }] [ Is asking for transactions of the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9] 2,2}[a-zA-Z0-9]1,30} example: FR IBAN of an account

26 Code Description pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number Links (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency code entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9] [A-NP-Z0-9]([A-Z0-9]3,3}) 0,1} example: AAAADEBBXXX BICFI paymentcreations }] [

27 Is asking for payment creation for the Code Description addressed accounts. Links Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9] 2,2}[a-zA-Z0-9]1,30} example: FR IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account

28 Numbering Scheme(s), which Code Description uniquely identifies the Links account of a customer. currency currencycode pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency code entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9] [A-NP-Z0-9]([A-Z0-9]3,3}) 0,1} example: AAAADEBBXXX BICFI paymentauthorisations }] [ Is asking for payment authorisation for the addressed accounts. Should be left empty as the access was agreed as a pre-step between the PSU and SMBC directly. Once authorised SMBC will populate the access and it can be retrieved. accountreference Reference to an account using: iban bban bic entity currency iban iban pattern: [A-Z]2,2}[0-9] 2,2}[a-zA-Z0-9]1,30}

29 example: Code Description FR Links IBAN of an account bban bban pattern: [a-za-z0-9]1,30} example: BARC Basic Bank Account Number (BBAN) Identifier This data element can be used in the body of the Consent Request Message for retrieving Account access Consent from this Account. This data elements is used for payment Accounts which have no IBAN. ISO20022: Basic Bank Account Number (BBAN). Identifier used nationally by financial institutions, i.e., in individual countries, generally as part of a National Account Numbering Scheme(s), which uniquely identifies the account of a customer. currency currencycode pattern: [A-Z]3} example: EUR ISO 4217 Alpha 3 currency code entity entity maxlength: 35 Title of the account holder, given by the bank in online banking. bic bicfi pattern: [A-Z]6,6}[A-Z2-9] [A-NP-Z0-9]([A-Z0-9]3,3}) 0,1} example: AAAADEBBXXX BICFI

30 }] } recurringindicator* recurringindicator boolean example: true "true", if the consent is for recurring access to the account data. "false", if the consent is for one access to the account data. validuntil* validuntil ($date) example: This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISO-Date Format, e.g Future dates might get adjusted by ASPSP. If a maximal available date is requested, a date in far future is to be used: " ". In both cases the consent object to be retrieved by the GET Consent Request will contain the adjusted date. frequencyperday* frequencyperday integer example: 4 This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to "1". lastactiondate* lastactiondate ($date) example: This date is containing the date of the last action on the consent object either through the XS2A interface or the PSU/ASPSP interface having an impact on the status. consentstatus* consentstatus example: received This is the overall lifecycle status of the consent. Enum: [ received, rejected, valid, revokedbypsu, expired, terminatedbytpp ] }

31 Date Current time in UTC datetime 400 Bad Request application/json Example Value Schema Error400_AIS_SMBC Error definition for additional SMBC validation. error* MessageCode400_AIS_SMBC Error attribute defining the type of error encountered. Enum: error_description* [ invalid_request, invalid_client ] ($uri) maxlength: 70 A description of the cause of the error, e.g. a mandatory request header is missing. }

32 401 Unauthorized application/problem+json Example Value Schema Error401_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for AIS. ($uri) maxlength: 70 A NextGeNPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode401_AIS Message codes defined for AIS for HTTP Error code 401 (UNAUTHORIZED). Enum: [ PSU_CREDENTIALS_INVALID, TOKEN_UNKNOWN, TOKEN_INVALID, TOKEN_EXPIRED ] }

33 403 Forbidden application/problem+json Example Value Schema Error403_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode403_AIS Message codes defined for AIS for HTTP Error code 403 (FORBIDDEN). Enum: [ CONSENT_UNKNOWN ] }

34 405 Method t Allowed application/problem+json Example Value Schema Error405_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode405_AIS Message codes defined for AIS for HTTP Error code 405 (METHOD NOT ALLOWED). Enum: [ SERVICE_INVALID ] }

35 429 Too Many Requests 500 Internal Server Error 503 Service Unavailable DELETE /berlingroup/v1/consents/consentid} Delete Consent The TPP can delete an account information consent object if needed. Parameters Try it out

36 Name Description consentid * (path) PSU-IP-Address PSU-Device-ID PSU-IP-Port PSU-Accept X-Requestrequired ID * PSU-Accept- Charset required ID of the corresponding consent object as returned by an Account Information Consent Request. ID of the request, unique to the call, as determined by the initiating party. The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It must be contained if and only if this request was actively initiated by the PSU. UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. It must be contained if and only if this request was actively initiated by the PSU. The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

37 Name Description PSU-Accept- Encoding PSU-Accept- Language PSU-User-Agent PSU-Http-Method The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded Agent header field of the HTTP request between PSU and TPP, if available. HTTP method used at the PSU? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE Available values : GET, POST, PUT, PATCH, DELETE PSU-Geo-Location The forwarded Geo Location of the corresponding http request between PSU and TPP if available. Responses

38 204 Content 400 Bad Request application/json Example Value Schema Error400_AIS_SMBC Error definition for additional SMBC validation. error* MessageCode400_AIS_SMBC Error attribute defining the type of error encountered. Enum: error_description* [ invalid_request, invalid_client ] ($uri) maxlength: 70 A description of the cause of the error, e.g. a mandatory request header is missing. }

39 401 Unauthorized application/problem+json Example Value Schema Error401_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for AIS. ($uri) maxlength: 70 A NextGeNPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode401_AIS Message codes defined for AIS for HTTP Error code 401 (UNAUTHORIZED). Enum: [ PSU_CREDENTIALS_INVALID, TOKEN_UNKNOWN, TOKEN_INVALID, TOKEN_EXPIRED ] }

40 403 Forbidden application/problem+json Example Value Schema Error403_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode403_AIS Message codes defined for AIS for HTTP Error code 403 (FORBIDDEN). Enum: [ CONSENT_UNKNOWN ] }

41 405 Method t Allowed application/problem+json Example Value Schema Error405_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode405_AIS Message codes defined for AIS for HTTP Error code 405 (METHOD NOT ALLOWED). Enum: [ SERVICE_INVALID ] }

42 429 Too Many Requests 500 Internal Server Error 503 Service Unavailable GET /berlingroup/v1/consents/consentid}/status Consent status request Read the status of an account information consent resource. Parameters Try it out

43 Name Description consentid * (path) PSU-IP-Address PSU-Device-ID PSU-IP-Port PSU-Accept X-Requestrequired ID * PSU-Accept- Charset required ID of the corresponding consent object as returned by an Account Information Consent Request. ID of the request, unique to the call, as determined by the initiating party. The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It must be contained if and only if this request was actively initiated by the PSU. UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. It must be contained if and only if this request was actively initiated by the PSU. The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

44 Name Description PSU-Accept- Encoding PSU-Accept- Language PSU-User-Agent PSU-Http-Method The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available. The forwarded Agent header field of the HTTP request between PSU and TPP, if available. HTTP method used at the PSU? TPP interface, if available. Valid values are: GET POST PUT PATCH DELETE Available values : GET, POST, PUT, PATCH, DELETE PSU-Geo-Location The forwarded Geo Location of the corresponding http request between PSU and TPP if available. Responses

45 OK 200 application/json Controls Accept header. Example Value Schema consentstatusresponse-200 Body of the JSON response for a successful get status request for a consent. consentstatus* consentstatus example: received This is the overall lifecycle status of the consent. Enum: [ received, rejected, valid, revokedbypsu, expired, terminatedbytpp ] scastatus* scastatus example: started This data element is containing information about the status of the SCA method applied. The following codes are defined for this data type. Enum: 'received': An authorisation or cancellation-authorisation resource has been created successfully. 'started': The addressed SCA routine has been started. 'finalised': The SCA routine has been finalised successfully. 'failed': The SCA routine failed [ received, started, finalised, failed ] }

46 Date Current time in UTC datetime 400 Bad Request application/json Example Value Schema Error400_AIS_SMBC Error definition for additional SMBC validation. error* MessageCode400_AIS_SMBC Error attribute defining the type of error encountered. Enum: error_description* [ invalid_request, invalid_client ] ($uri) maxlength: 70 A description of the cause of the error, e.g. a mandatory request header is missing. }

47 401 Unauthorized application/problem+json Example Value Schema Error401_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 401 for AIS. ($uri) maxlength: 70 A NextGeNPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode401_AIS Message codes defined for AIS for HTTP Error code 401 (UNAUTHORIZED). Enum: [ PSU_CREDENTIALS_INVALID, TOKEN_UNKNOWN, TOKEN_INVALID, TOKEN_EXPIRED ] }

48 403 Forbidden application/problem+json Example Value Schema Error403_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 403 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode403_AIS Message codes defined for AIS for HTTP Error code 403 (FORBIDDEN). Enum: [ CONSENT_UNKNOWN ] }

49 405 Method t Allowed application/problem+json Example Value Schema Error405_AIS type* Standardised definition of reporting error information according to [RFC7807] in case of a HTTP error code 405 for AIS. ($uri) maxlength: 70 A NextGenPSD2 URI reference [RFC3986] that identifies the problem type. code* MessageCode405_AIS Message codes defined for AIS for HTTP Error code 405 (METHOD NOT ALLOWED). Enum: [ SERVICE_INVALID ] }

50 429 Too Many Requests 500 Internal Server Error 503 Service Unavailable

51 Schemas