5.1.6 "establishConsent" interface

From CBI GLOBE Wiki
Revision as of 18:56, 4 March 2019 by Admin (talk | contribs)

Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.

Input parameters

Attribute Description
psu-id The ID of the PSU in the ASPSP client interface. Mandatory if “psu-corporate-id” is valorized
psu-id-type Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.
psu-corporate-id Identification of a Corporate, only used in a corporate context.
psu-corporate-id-type This is describing the type of the identification needed by the ASPSP to identify the PSU-Corporate-ID content.
consent-id This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the “consentId” of the related AIS consent, which was performed prior to this payment initiation.
tpp-redirect-preferred Only “true” or “false” values are accepted.

If it equals “true”, the TPP prefers a redirect over an embedded SCA approach. If it equals “false”, the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU.

tpp-nok-redirect-uri If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP.
tpp-signature-certificate This is a X509 certificate that the TPP uses for signing the request, in base64 encoding.

This certificate is in PEM format without the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". Must be contained if a signature is contained, see above.

signature A signature of the request by the TPP on application level. This might be mandated by ASPSP.
digest Is contained if and only if the “Signature” element is contained in the header of the

request. The “digest” Header contains a Hash of the message body. The only hash algorithms that may be used to calculate the digest within the context of this specification are SHA-256 and SHA-512.

tpp-role The third party payment service provider can have one or more of the following roles:

AISP (Account Information Service Provider) PISP (Payment Initiation Service Provider) PIISP (Payment Instrument Issuing Service Provider)

aspsp-code The account servicing payment service provider code
aspsp-product-code The account servicing payment service provider product code.
access The consent identification assigned to the created resource.
recurringIndicator Set if the consent is for recurring access to the account data or if the consent must be given only for a single access to the account data.
validUntil This parameter is requesting a valid until date for the requested consent.
frequencyPerDay This field indicates the requested maximum accesses per day.
combinedServiceIndicator Indicates if a payment initiation service will be addressed in the same session or in a different one.

Output parameters

Attribute Description
Result Code Result of the establish consent.
Error Management Description of the type of error obtained in the event that the outcome is negative.
consentStatus The status of the consent established.
consentId Identification of the consent resource as it is used in the API structure.
psuCredentials PSU Credentials on the ASPSP system.
scaMethods This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported.
chosenScaMethod This data element is only contained in the response: if the APSPS has chosen the Embedded SCA Approach; if the PSU is already identified with the first relevant factor or alternatively an access token; if SCA is required and if the authentication method is implicitly selected.