This documentation is for WSO2 Open Banking version 1.3.0. View documentation for the latest release.
Confirmation of Funds API - WSO2 Open Banking 1.3.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata
Some content in this documentation is subject to the MIT Open Licence. For further information, see Copyright and Licence.

Confimation of Funds API is newly introduced in WSO2 Open Banking v3.0. The Confirmation of Funds API allows users to create a funds confirmation consent request, and manage the funds confirmation consents by checking, and revoking the status. The Card Based Payment Instrument Issuer (CBPII) must request to create the resource to create a funds confirmation consent request.

Endpoints for the API allows the Card Based Payment Instrument Issuer (CBPII) to:

  • Request fund confirmation by creating a funds confirmation consent resource with an Account Servicing Payment Service Provider (ASPSP). There must be an agreement between the Customer (PSU) and ASPSP. It consists of an expiration date for the funds consent granted by the PSU to the CBPII.
  • Confirm the funds that are available from time to time. Funds can only be confirmed against the currency of the account.

The sections below describe the following:

Basic flow

The diagram below shows the request flow of the Confirmation of Funds API. It is assumed that the CBPII has issued a PSU a card and that the PSU would like to use the card adhering to PSD2. 

  1. Initiate funds confirmation - PSU commits to give explicit consent to the ASPSP to respond to the CBPII for the confirmation of funds request.
  2. Create funds confirmation consent - The CBPII requests to create a funds-confirmation-consent resource by connecting to the ASPSP that supports the PSU's funds. The ConsentId (Consent identifier) is generated by the ASPSP to respond to the resource.
  3. Agree funds confirmation consent - The CBPII requests the PSU to provide consent. The ASPSP carries out the agreement of consent in a decoupled or a redirect flow. 
    1. Currently, WSO2 Open Banking supports the redirect flow. Thereby, the CBPII redirects the PSU to the ASPSP. In the redirect flow:
      1. The ASPSP can co-relate the funds confirmation consent resource created by the CBPII using the ConsentID generated in step 2.
      2. The ASPSP authenticates the the PSU.
      3. The PSU grants explicit consent to the ASPSP to respond to the confirmation of funds request.
      4. The ASPSP updates the funds-confirmation-consent resource internally to authorise the resource.
      5. Once the consent is authorised, the PSU is redirected back to the CBPII.
    2. In a decoupled flow, the PSU must authorise the consent from an authentication device. This request is made by the ASPSP to the PSU.
      1. The decoupled flow is initiated by the CBPII calling a back-channel authorisation request.
      2. The request has a hint that indicates that the PSU is paired with a to-be-authorised consent.
      3. The ASPSP authenticates the PSU.
      4. The PSU grants explicit consent to the ASPSP to respond to the confirmation of funds request.
      5. The ASPSP updates the funds-confirmation-consent resource internally to authorize the resource.
      6. Once the consent is authorised, the ASPSP can make a callback to the PISP to provide an access token.
  4. Initiate card payment - A card payment is directly or indirectly initiated by the PSU.
  5. Confirm funds - The CBPII requests to create a funds-confirmation resource by connecting to the ASPSP where the PSU's account is supported. 
    1. This indicates to the ASPSP that the PSU would confirm that the payments are available for the specific payment account.
    2. The ASPSP responds with a boolean (YES/NO) to the funds-confirmation-consent resource.
    3. The step is carried out in a POST request to the funds-confirmation endpoint with an authorisation code grant.
    4. The payload will include these fields, which describe the data that the PSU has consented with the CBPII:
      • Amount - the amount to be confirmed available.
      • ConsentId - an ID that relates the request to a funds-confirmation-consent, and specific account with the ASPSP. This ID must match the intent identifier.
  6. Get Funds Confirmation Consent Status - The CBPII checks the status of funds-confirmation-consent resource with the consentId. This step is carried out by a GET request to the funds-confirmation-consents endpoint with the client credentials grant.

Sequence diagram

Endpoints

To access confirmation on consents and funds data, you can use the following available API endpoints:

Endpoint NameSupported VersionResourceEndpoint URLMandatory/Optional
Funds Confirmation Consentv3.0, v3.1funds-confirmation-consent

POST /funds-confirmation-consents

GET /funds-confirmation-consents/{ConsentId}

DELETE /funds-confirmation-consents/{ConsentId}

Mandatory

Mandatory

Mandatory

Funds Confirmationv3.0, v3.1funds-confirmationPOST /funds-confirmationsMandatory
  • No labels