OBWG PSD2 AIS
OBWG PSD2 AIS APIs
API Name | API Endpoint | API Description |
Account Access Consent | POST /account-access-consent | Creates an account access consent request, after which PSU approval needs to be taken on it using OAuth flow. |
Account Consent Delete | DELETE /account-access-consents/{ConsentId} | Delete the account access consent |
Account Bulk | GET /accounts | Returns list of accounts with the details |
Account Specific | GET /accounts/{AccountId} | Returns details of a specific account |
Balance Bulk | GET /balances | Returns balance details of all the accounts |
Balance Specific | GET /accounts/{AccountId}/balances | Returns balance details of a specific account |
Transactions Bulk | GET /transactions | Returns list of transactions of all the accounts |
Transactions Specific | GET /accounts/{AccountId}/transactions | Returns list of transactions of a specific account |
Implicit Consent
If GET /bank returns AisConsentType as IMPLICIT then implicit flow will be apllicatble.
Step 1: Authorize
- Fintech / TPP will redirect PSU to PSD2 IO ‘/authorize’ URL with TPP Redirect URL, Client Id, State, UserId for authentication and authorization of PSU.
- PSU will get redirected to PSD2 IO authorize URL through browser.
- PSD2 IO will redirect PSU to ASPSP authorize URL through browser.
- ASPSP will redirect PSU to login page for authentication.
- PSU has to authenticate with his credentials on ASPSP’s login page.
- Once authenticated, ASPSP will ask to allow access for authorization.
- PSU will allow access.
- ASPSP will return auth code (B) & state on the callback URL of PSD2 IO.
- PSD2 IO will return auth code (P) & state on the callback URL of TPP.
Step 2: Access Token
- Fintech / TPP will call the ‘/token’ API of PSD2 IO with auth code (P) received on callback.
- PSD2 IO will return the access token to TPP.
Step 3: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to TPP.
- TPP will show the response to PSU on TPP UI.
Explicit Consent - OAuth SCA
If GET /bank returns AisConsentType as EXPLICIT then Explicit flow will be apllicatble.
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to TPP.
Step 3: Authorize
- Fintech / TPP will redirect PSU to PSD2 IO ‘/authorize’ URL with TPP Redirect URL, Client Id, State, UserId for authentication and authorization of PSU.
- PSU will get redirected to PSD2 IO authorize URL through browser.
- PSD2 IO will redirect PSU to ASPSP authorize URL through browser.
- ASPSP will redirect PSU to login page for authentication.
- PSU has to authenticate with his credentials on ASPSP’s login page.
- Once authenticated, ASPSP will ask to allow access for authorization.
- PSU will allow access.
- ASPSP will return auth code (B) & state on the callback URL of PSD2 IO.
- PSD2 IO will return auth code (P) & state on the callback URL of TPP.
Step 4: Access Token
- Fintech / TPP will call the ‘/token’ API of PSD2 IO with auth code (P) received on callback.
- PSD2 IO will return the access token to TPP.
Step 5: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to Fintech / TPP.
- Fintech / TPP will show the response to PSU on Fintech / TPP UI.
Explicit Consent - Redirect SCA
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to TPP.
Step 3: Redirect
- Fintech / TPP will redirect PSU to ‘/redirect’ URL with Client Id, ConsentId to authenticate the ConsentId from PSU.
- PSU will get redirected to PSD2 IO redirect URL through browser.
- PSD2 IO will redirect PSU to ASPSP redirect URL through browser.
- ASPSP will redirect PSU to login page for authentication.
- PSU has to authenticate with his credentials on ASPSP’s login page.
- Once authenticated, ASPSP will ask to allow access for authorization.
- PSU will allow access.
- ASPSP will return success along with ConsentId on the success URL of PSD2 IO.
- PSD2 IO will return success along with ConsentId on the success URL of TPP.
Step 4: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to Fintech / TPP.
- Fintech / TPP will show the response to PSU on Fintech / TPP UI.
Explicit Consent - Embedded SCA
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.
Step 3: Embedded SCA
- Fintech / TPP will ask PSU to provide answer of the challenge received in the account access consent response. Here for e.g.: OTP is taken.
- PSU will enter and submit the challenge data e.g.: OTP
- Fintech / TPP will call authorize consent API with the A.C./C.C. access token, challenge data e.g. OTP.
- PSD2 IO will give the response to Fintech / TPP.
Step 4: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to Fintech / TPP.
- Fintech / TPP will show the response to PSU on Fintech / TPP UI.
Explicit Consent - Embedded SCA with SCA Method Selection
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.
Step 3: Embedded SCA with SCA Method Selection
- Fintech / TPP will ask PSU to select SCA method out of those received in the response.
- PSU will select the SCA method.
- TPP will call select authentication API using the A.C./C.C. access token and selected SCA method.
- PSD2 IO will give the response to TPP.
- Fintech / TPP will ask PSU to provide answer of the challenge received in the select authentication API response. Here for e.g.: OTP is taken.
- PSU will enter and submit the challenge data e.g.: OTP
- Fintech / TPP will call authorize consent API with the A.C./C.C. access token, challenge data e.g. OTP.
- PSD2 IO will give the response to Fintech / TPP.
Step 4: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to TPP.
- Fintech / TPP will show the response to PSU on Fintech / TPP UI.
Explicit Consent - Decoupled SCA
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, Fintech / TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.
Step 3: Provide accounts access consent on ASPSP application
- Fintech / TPP will show the message to PSU to provide an accounts access consent on ASPSP application.
- PSU will provide an accounts access consent on the ASPSP application.
- PSD2 IO will return success along with ConsentId on the success URL of Fintech / TPP.
Step 4: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to TPP.
- Fintech / TPP will show the response to PSU on Fintech / TPP UI.
Explicit Consent - Decoupled SCA with Update Identification
Step 1: Pre-step OAuth
- PSU will request to fetch accounts from ASPSP.
- Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.
Step 2: Account Access Consent Request
- Fintech / TPP will send the account access consent request with A.C / C.C. access token to PSD2 IO.
- PSD2 IO will return response containing ConsentId, OAuth SCA approach to TPP.
Step 3: Decoupled SCA with Update Identification
- Fintech / TPP will ask PSU to update his identification data.
- PSU will enter his identification data e.g. PSU-Id.
- Fintech / TPP will call update identification API with the PSU identification data, C.C. access token
- PSD2 IO will give the response to Fintech / TPP.
Step 4: Provide accounts access consent on ASPSP application
- Fintech / TPP will show the message to PSU to provide an accounts access consent on ASPSP application.
- PSU will provide an accounts access consent on the ASPSP application.
- PSD2 IO will return success along with ConsentId on the success URL of Fintech / TPP.
Step 5: Get Accounts/Balances/Transactions
- Fintech / TPP will call get ‘/accounts’ API using the access token received.
- PSD2 IO will give the response to Fintech / TPP.
- TPP will show the response to PSU on TPP UI.