Consent Authorisation

API Reference

The authorisation of consents largely depends on the approach chosen by the account holder's bank:

  • In the standard Redirect approach with an implicit start of authorisation, no further endpoint needs to be called. In this case, the account holder’s browser is redirected to the bank, which will handle all authorisation steps. However, banks might also require an explicit start of authorisation for the Redirect Approach. In that case, the endpoint POST Authorisations must be used. 
  • In the Decoupled approach, the authorisation must be explicitly started as well, and typically, identification of the PSU is required. Therefore, the Post Identification endpoint must be called.
  • For the Embedded approach, data must be added to the authorisation through multiple requests to the PUT Authorisation endpoint.

POST Identification

Endpoint: POST /psus/{psuId}/consents/{consentId}/identification 

Base URL: /xs2a/routingservice/services/ob/ais/v3

This endpoint is used in Decoupled approach to start the authorisation explicitly and identifying the account holder at the bank to enable the Push message to be sent to the user’s device.

The Initiating Party will need to poll for status changes, since the authorisation is done in Decoupled approach and no feedback is provided directly by the ASPSP to the TPP.

Data model

RequestResponse
Post identification requestPost identification response

POST Authorisations

Endpoint: POST /psus/{psuId}/consents/{consentId}/authorisations/{authorisationId}

Base URL: /xs2a/routingservice/services/ob/ais/v3

This endpoint is used in 2 approaches

  • Embedded approach to start the authorisation and provide the required information according the first step of the embedded authorization flow.
  • Redirect approach to start explicit redirect authorisation. Mostly is being used in case of multi-level authorisation or when required by end user's bank.

Data model

RequestResponse (click to enlarge)
Post authorisations requestPost authorisations response

PUT Authorisations

Endpoint: PUT /psus/{psuId}/authorisations/{authorisationId}

Base URL: /xs2a/routingservice/services/ob/ais/v3

This endpoint is used in Embedded Approach to provide the required information according to the necessary steps driven by account holder's bank.

Data model

RequestResponse (click to enlarge)
Put authorisations requestPut authorisations response
Enable "on this page" menu on doc section
On