This API includes the account information and transaction API flows and payloads. The Account Information Service Provider (AISP) can use the endpoints described in this section to do the following:
- Register a consent to retrieve account information by creating an account access consent. This registers the data permissions, expiration and historical period allowed for transactions/statements that the customer (PSU) has consented to provide to the AISP.
- Subsequently, retrieve account and transaction data.
The diagram below shows the basic flow of a request for account information using the account information API.
- Request account information - The PSU consents to allow an AISP to access account information data.
- Create account request - The AISP creates an account-request resource by connecting to the ASPSP that services the PSU's account(s). The ASPSP gets alerted that a PSU has granted access to account and transaction information to an AISP. The ASPSP responds with an identifier (
AccountRequestId) for the resource.
- A POST request is sent to the /account-requests endpoint.
- The payload includes the following fields that the PSU consents to share with the AISP:
- Permissions - a list of data clusters that have been consented for access
- Expiration Date - an optional expiration for when the AISP will no longer have access to the PSU's data
- Transaction Validity Period - the From/To date range that specifies a transaction history period, which can be accessed by the AISP
- An AISP may be a broker for data to other stakeholders, and so it is valid for a customer to have multiple account-requests for the same accounts, with different consent/authorisation parameters that have been agreed on.
- Authorise consent - The AISP redirects the PSU to the ASPSP. The redirect includes the
AccountRequestIdgenerated in the previous step. This allows the ASPSP to correlate the account-request that was created. The ASPSP authenticates the PSU. The ASPSP updates the state of the account-request resource internally to indicate that the account request has been authorised. As the consent is managed between the PSU and the AISP, the account-request details cannot be changed (by the ASPSP) in this step. The PSU will only be able to authorise or reject the account-request details in its entirety. The PSU is then redirected back to the AISP.
- Request data - A GET request is sent to the relevant resource. The unique
AccountId(s)that are valid for the account-request are returned with a call to GET /accounts. This will always be the first call once an AISP has a valid access token.
To access account information and transaction data, you can use the following available API endpoints:
|Endpoint Name||Supported Version||Resource||Endpoint URL||Mandatory/Optional|
|Account Access Consents||v3.0, v3.1||account-access-consents|
|Direct Debits||v3.0, v3.1||direct-debits|
|Standing Orders||v3.0, v3.1||standing-orders|
|Scheduled Payments||v3.0, v3.1||scheduled-payments|