This documentation is for WSO2 Open Banking version 1.5.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

Consent Management APIs provide the capability to manage consents in a web application, on behalf of an end-user. A banking service consumer/ Account Servicing Payment Service Provider (ASPSP) may need to develop their own web application or use their own mechanism to deploy the consent management capabilities. At this point, a service provider needs a way to directly present consent resources to the end-user. In order to cater to this requirement, those consent capabilities (for example, consent creation/consent deletion) are presented as API resources in the Consent Management APIs.

The Account Consent API specifies a RESTful API for consent management for accounts information sharing in WSO2 Open Banking. This API is secured with basic authentication. For more information, see configuring basic authentication for Consent Management APIs.

You can find the REST API documentation for Accounts Information Sharing Consent Management APIs below:

Accounts Information Sharing Consent Management APIs v1.1.0 (/consent/uk110) and v2.0.0 (/consent/uk200) are deprecated in Open Banking 1.5.0. These features and functionalities will be unavailable from the next release (Open Banking 2.0.0).


Create account consent 

This API resource is to send an account initiation request. This allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API resource allows the AISP to send a copy of the consent to the ASPSP to authorise access to account information.

  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.

  • The status of the consent is set to AwaitingAuthorisation.

POST /account-access-consents

curl -X POST \
  https://localhost:9446/consent/uk300/account-access-consents \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'Transfer-Encoding: chunked' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -H 'x-fapi-financial-id: open-bank' \
  -H 'x-idempotency-key: 72633979' \
  -H 'x-jws-signature: eyJiNjQiOmZhbHNlLCJodHRwOlwvXC9vcGVuYmFua2luZy5vcmcudWtcL2lhdCI6MTUwMTQ5NzY3MSwiaHR0cDpcL1wvb3BlbmJhbmtpbmcub3JnLnVrXC90YW4iOiJvcGVuYmFua2luZy5vcmcudWsiLCJjcml0IjpbImI2NCIsImh0dHA6XC9cL29wZW5iYW5raW5nLm9yZy51a1wvaWF0IiwiaHR0cDpcL1wvb3BlbmJhbmtpbmcub3JnLnVrXC90YW4iLCJodHRwOlwvXC9vcGVuYmFua2luZy5vcmcudWtcL2lzcyJdLCJraWQiOiJ6UGEwYm5vanJYaGZSQXhlcHl6eDFJY2ltX1ZoVDgyMjR4SWFVVnVaSXlFIiwiaHR0cDpcL1wvb3BlbmJhbmtpbmcub3JnLnVrXC9pc3MiOiJFTUFJTEFERFJFU1M9bWFsc2hhbmlAd3NvMi5jb20sIENOPXRlc3RpbmcsIE9VPVFBLCBPPXdzbzIsIEw9TG9uZG9uLCBTVD1XZXN0ZXJuLCBDPVVLIiwiYWxnIjoiUFMyNTYifQ..FIUtqWg_3iwpZZWZFoSxTiPVKFbe6nxo6MGoMTmk3HoQ2DBkIUV9tsYRIFM7ODzc1b920S7ErjRAvS1kUYSh0QAJgnbh-sOoAgrSZrIu5VTszZJAyNAOGaOOpIlQuNT6tMwhoTK9t_ltuXUrMkg9K7z06tMQ32CQR3wYHmwyEJ3d67WJVJX2CumCYRvyreeXYqWN-k9WqtdS1u0w0tmJJIXkoHW4b_Z2P1QfRbCMBuOaIq2HBiFQV8WXCWvbGjPcz3dicENnh6de7gm9Y9MZYxLBlTqSdeMx5Z1YQOoymvdfCEUBt4FtltgIDkD8YtbdWb5oyeVFQbxBQchG8cM_rw' \
  -H 'x-wso2-client-id: TGWt8fqozunC1MVw8mAJSdO1eqIa' \
  -d '{
  "Data": {
    "Permissions": [
      "ReadAccountsBasic",
      "ReadAccountsDetail"
    ],
    "ExpirationDateTime": "2019-12-31T00:00:00+00:00",
    "TransactionFromDateTime": "2018-04-02T00:00:00+00:00",
    "TransactionToDateTime": "2018-08-02T00:00:00+00:00"
  },
  "Risk": {}
}'
{
   "Data":{
      "ConsentId":"df18ddc3-ef67-48ad-bcb4-ffe9001f0273",
      "Status":"AwaitingAuthorisation",
      "CreationDateTime":"2019-10-23T12:54Z",
      "Permissions":[
         "ReadAccountsBasic",
         "ReadAccountsDetail"
      ],
      "ExpirationDateTime":"2019-12-31T00:00Z",
      "TransactionFromDateTime":"2018-04-02T00:00Z",
      "TransactionToDateTime":"2018-08-02T00:00Z",
      "StatusUpdateDateTime":"2019-10-23T12:54Z"
   },
   "Risk":{

   },
   "Links":{
      "Self":"https://localhost:8243/open-banking/{version}/aisp/account-access-consents/df18ddc3-ef67-48ad-bcb4-ffe9001f0273"
   },
   "Meta":{
      "TotalPages":1
   }
}

Retrieve account consent 

This API resource is to retrieve the account access consent resource. The ConsentId should be passed as a path parameter.

GET /account-access-consents/{ConsentId}

curl -X GET \
  https://localhost:9446/consent/uk300/account-access-consents/e5db888a-e95d-4112-bb04-82d5c011d266 \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -H 'x-fapi-financial-id: open-bank' \
  -H 'x-idempotency-key: 72633979' \
  -H 'x-wso2-client-id: TGWt8fqozunC1MVw8mAJSdO1eqIa'
{
   "Data":{
      "ConsentId":"e5db888a-e95d-4112-bb04-82d5c011d266",
      "Status":"AwaitingAuthorisation",
      "CreationDateTime":"2019-10-23T12:50Z",
      "Permissions":[
         "ReadAccountsBasic",
         "ReadAccountsDetail"
      ],
      "ExpirationDateTime":"2019-12-31T00:00Z",
      "TransactionFromDateTime":"2018-04-02T00:00Z",
      "TransactionToDateTime":"2018-08-02T00:00Z",
      "StatusUpdateDateTime":"2019-10-23T12:50Z"
   },
   "Risk":{

   },
   "Links":{
      "Self":"https://localhost:8243/open-banking/{version}/aisp/account-access-consents/e5db888a-e95d-4112-bb04-82d5c011d266"
   },
   "Meta":{
      "TotalPages":1
   }
}

Revoke account consent 

This API resource is to delete the account access consent resource created.

  • The ConsentId should be passed as a path parameter.

  • The status of the consent is set to Revoked

DELETE /account-access-consents/{ConsentId}

curl -X DELETE \
  https://localhost:9446/consent/uk300/account-access-consents/e5db888a-e95d-4112-bb04-82d5c011d266 \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Host: localhost:9446' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -H 'x-fapi-financial-id: open-bank' \
  -H 'x-idempotency-key: 72633979' \
  -H 'x-wso2-client-id: TGWt8fqozunC1MVw8mAJSdO1eqIa'
204 No Content

Persist account consent 

This API resource is to persist an account consent given by the PSU.

  • The ConsentId should be passed to the request body.

  • The status of the consent is set to Authorised.

POST /account-confirmation

curl -X POST \
  https://localhost:9446/consent/uk300/account-confirmation \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'Transfer-Encoding: chunked' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -d '{
  "ConsentId": "b78fd75c-431c-4557-b81e-3fd73d13719c",
  "CollectionMethod": "web",
  "UserId": "john@wso2.com",
  "AccountIds": [
    "31820"
  ],
  "Status": "Authorised",
  "GivenTimeStamp": "2019-06-07T10:33:18.000Z"
}'
{
   "ConsentId":"b78fd75c-431c-4557-b81e-3fd73d13719c",
   "CollectionMethod":"web",
   "UserId":"john@wso2.com",
   "AccountIds":[
      "31820"
   ],
   "Status":"Authorised",
   "GivenTimeStamp":"2019-10-23 20:00:18.0"
}

Retrieve account consent 

This API resource is to retrieve a consent resource using the ConsentId. The ConsentId should be passed as a path parameter.

GET /account-confirmation/{ConsentId}

curl -X GET \
  https://localhost:9446/consent/uk300/account-access-consents/b78fd75c-431c-4557-b81e-3fd73d13719c \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -H 'x-fapi-financial-id: open-bank' \
  -H 'x-wso2-client-id: TGWt8fqozunC1MVw8mAJSdO1eqIa'
{
   "Data":{
      "ConsentId":"b78fd75c-431c-4557-b81e-3fd73d13719c",
      "Status":"Authorised",
      "CreationDateTime":"2019-10-23T14:29Z",
      "Permissions":[
         "ReadAccountsBasic",
         "ReadAccountsDetail"
      ],
      "ExpirationDateTime":"2019-12-31T00:00Z",
      "TransactionFromDateTime":"2018-04-02T00:00Z",
      "TransactionToDateTime":"2018-08-02T00:00Z",
      "StatusUpdateDateTime":"2019-10-23T14:30Z"
   },
   "Risk":{

   },
   "Links":{
      "Self":"https://localhost:8243/open-banking/{version}/aisp/account-access-consents/b78fd75c-431c-4557-b81e-3fd73d13719c"
   },
   "Meta":{
      "TotalPages":1
   }
}

Retrieve a list of account consents

This API resource is to retrieve a list of available account consent resources that match the given search condition.

GET /account-confirmation

curl -X GET \
  'https://localhost:9446/consent/uk300/account-confirmation?clientId=TGWt8fqozunC1MVw8mAJSdO1eqIa&fromTime=2019-09-22T06:29:47+0000&limit=25&offset=0&status=Authorised&toTime=2019-11-22T06:28:04+0000&userId=john@wso2.com&excludeExpiredConsents=false' \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' -k \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'x-fapi-financial-id: open-bank'
{
   "count":1,
   "list":[
      {
         "accountRequestId":"b78fd75c-431c-4557-b81e-3fd73d13719c",
         "accountResponseData":{
            "AccountRequestId":"b78fd75c-431c-4557-b81e-3fd73d13719c",
            "Status":"Authorised",
            "CreationDateTime":"2019-10-23T14:29Z",
            "Permissions":[
               "ReadAccountsBasic",
               "ReadAccountsDetail"
            ],
            "ExpirationDateTime":"2019-12-31T00:00Z",
            "TransactionFromDateTime":"2018-04-02T00:00Z",
            "TransactionToDateTime":"2018-08-02T00:00Z",
            "StatusUpdateDateTime":"2019-10-23T14:30Z"
         },
         "initiationTimestamp":"2019-10-23T14:29:44Z",
         "status":"Authorised",
         "clientId":"TGWt8fqozunC1MVw8mAJSdO1eqIa",
         "userId":"john@wso2.com",
         "debtorAccount":"31820",
         "consentGivenTimestamp":"2019-10-23T14:30:18Z",
         "collectionMethod":"web"
      }
   ]
}

Update account consent 

This API resource is to update an account consent given by the PSU.

  • The ConsentId should be passed to the request body.

  • The status of the consent will be set accordingly.

PUT /account-confirmation

curl -X PUT \
  https://localhost:9446/consent/uk300/account-confirmation \
  -H 'Accept: application/json' -k \
  -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: Keep-Alive' \
  -H 'Content-Type: application/json' \
  -H 'Host: localhost:9446' \
  -H 'Transfer-Encoding: chunked' \
  -H 'User-Agent: Synapse-PT-HttpComponents-NIO' \
  -H 'charset: utf-8' \
  -H 'x-fapi-financial-id: open-bank' \
  -H 'x-wso2-client-id: TGWt8fqozunC1MVw8mAJSdO1eqIa' \
  -d '{
  "ConsentId": "b78fd75c-431c-4557-b81e-3fd73d13719c",
  "CollectionMethod": "web",
  "UserId": "john@wso2.com",
  "AccountIds": [
    "31820"
  ],
  "Status": "Authorised",
  "GivenTimeStamp": "2020-06-07T10:33:18.000Z"
}


'
{
   "ConsentId":"b78fd75c-431c-4557-b81e-3fd73d13719c",
   "CollectionMethod":"web",
   "UserId":"john@wso2.com",
   "AccountIds":[
      "31820"
   ],
   "Status":"Authorised",
   "GivenTimeStamp":"2019-10-23 20:29:29.621"
}
  • No labels