Consent scope
Account data is only provided with the consent of the account holder. Consent can be given according to three permission groups where a combination of the 3 groups is possible:
- Accounts
- Balances
- Transactions
The consent can be granted to all accounts or to specific accounts depending whether account holder's bank supports the detailed consent.
POST Consents
Endpoint: POST /psus/{psuId}/consents
Base URL: /xs2a/routingservice/services/ob/ais/v3
This endpoint is used to set up a consent for an account holder for a specific bank. Depending on the bank's API the possible combinations of permissions and account references differ. Use Permissions body parameter to specify what information you wish to obtain (accounts and / or balances and / or transactions). In case it was not provided, the default (access to all) is used.
In case recurring consent is needed, you should use the body parameter ‘RecurringIndicator’ = True. The default behavior is to request a recurring consent valid for 180 days unless the ValidUntilDate is provided.
Supported consent flows will be determined by the Links section of the response.
Data model
| Request (click to enlarge) | Response (click to enlarge) |
 |  |
Multi-level SCA
We support the Multi-Level SCA. In this case consent has to be authorized by multiple account holders. There are no specific endpoints defined for this. The single authorizations have to be started explicitly by the POST Authorization endpoint for each single account holder.