<> API Reference
Documentation<> API ReferenceAccount

Create consent

post
https://test-openbanking.tbcbank.ge/0.6/v1/consents

This method create a consent resource, defining access rights to dedicated accounts of
a given PSU-ID. These accounts are addressed explicitly in the method as
parameters as a core function.

Side Effects
When this Consent Request is a request where the "recurringIndicator" equals "true",
and if it exists already a former consent for recurring access on account information
for the addressed PSU, then the former consent automatically expires as soon as the new
consent request is authorised by the PSU.

Optional Extension:
As an option, an ASPSP might optionally accept a specific access right on the access on all psd2 related services for all available accounts.

As another option an ASPSP might optionally also accept a command, where only access rights are inserted without mentioning the addressed account.
The relation to accounts is then handled afterwards between PSU and ASPSP.
This option is not supported for the Embedded SCA Approach.
As a last option, an ASPSP might in addition accept a command with access rights

  • to see the list of available payment accounts or
  • to see the list of available payment accounts with balances.
Body Params

Requestbody for a consents request

access
object
required

Requested access services for a consent.

boolean
required

"true", if the consent is for recurring access to the account data.

"false", if the consent is for one access to the account data.

date
required

This parameter is requesting a valid until date for the requested consent.
The content is the local ASPSP date in ISO-Date Format, e.g. 2017-10-30.

Future dates might get adjusted by ASPSP.

If a maximal available date is requested, a date in far future is to be used: "9999-12-31".

In both cases the consent object to be retrieved by the GET Consent Request will contain the adjusted date.

integer
required
≥ 1

This field indicates the requested maximum frequency for an access without PSU involvement per day.
For a one-off access, this attribute is set to "1".

The frequency needs to be greater equal to one.

If not otherwise agreed bilaterally between TPP and ASPSP, the frequency is less equal to 4.

boolean
required

If "true" indicates that a payment initiation service will be addressed in the same "session".

Headers
uuid
required

ID of the request, unique to the call, as determined by the initiating party.

string

Is contained if and only if the "Signature" element is contained in the header of the request.

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

string

The certificate used for signing the request, in base64 encoding.
Must be contained if a signature is contained.

string

Client ID of the PSU in the ASPSP client interface.

Might be mandated in the ASPSP's documentation.

It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding
AIS service in the same session.
In this case the ASPSP might check whether PSU-ID and token match,
according to ASPSP documentation.

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

In this case, the mean and use are then defined in the ASPSP’s documentation.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

string
enum

If it equals "true", the TPP prefers a redirect over an embedded SCA approach.
If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled
SCA approach, depending on the choice of the SCA procedure by the TPP/PSU.
If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the
TPP/PSU.

Allowed:
uri

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically
when TPP-Redirect-Preferred equals "true".
It is recommended to always use this header field.

Remark for Future:
This field might be changed to mandatory in the next version of the specification.

uri

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case
of a negative result of the redirect SCA method. This might be ignored by the ASPSP.

string
enum

If it equals "true", the TPP prefers to start the authorisation process separately,
e.g. because of the usage of a signing basket.
This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality.

If it equals "false" or if the parameter is not used, there is no preference of the TPP.
This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step,
without using a signing basket.

Allowed:
string

URI for the Endpoint of the TPP-API to which the status of the payment initiation should be sent.
This header field may by ignored by the ASPSP.

For security reasons, it shall be ensured that the TPP-Notification-URI as introduced above is secured by the TPP eIDAS QWAC used for identification of the TPP. The following applies:

URIs which are provided by TPPs in TPP-Notification-URI shall comply with the domain secured by the eIDAS QWAC certificate of the TPP in the field CN or SubjectAltName of the certificate. Please note that in case of example-TPP.com as certificate entry TPP- Notification-URI like www.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications or notifications.example-TPP.com/xs2a-client/v1/ASPSPidentifcation/mytransaction- id/notifications would be compliant.

Wildcard definitions shall be taken into account for compliance checks by the ASPSP.
ASPSPs may respond with ASPSP-Notification-Support set to false, if the provided URIs do not comply.

string

The string has the form

status=X1, ..., Xn

where Xi is one of the constants SCA, PROCESS, LAST and where constants are not
repeated.
The usage of the constants supports the of following semantics:

SCA: A notification on every change of the scaStatus attribute for all related authorisation processes is preferred by the TPP.

PROCESS: A notification on all changes of consentStatus or transactionStatus attributes is preferred by the TPP.
LAST: Only a notification on the last consentStatus or transactionStatus as available in the XS2A interface is preferred by the TPP.

This header field may be ignored, if the ASPSP does not support resource notification services for the related TPP.

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

string
required

The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP.
If not available, the TPP shall use the IP Address used by the TPP when submitting this request.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

string
enum

HTTP method used at the PSU ? TPP interface, if available.
Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
Allowed:
uuid

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available.
UUID identifies either a device or a device dependant application installation.
In case of an installation identification this ID need to be unaltered until removal from device.

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Updated over 4 years ago

Language
Credentials
Bearer
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json
*/*
Updated over 4 years ago