5.1.6 "establishConsent" interface
Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request.
Input parameters
| Attribute | Description |
|---|---|
| psu-id | The ID of the PSU in the ASPSP client interface. Mandatory if “psu-corporate-id” is valorized |
| psu-id-type | Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility. |
| psu-corporate-id | Identification of a Corporate, only used in a corporate context. |
| psu-corporate-id-type | This is describing the type of the identification needed by the ASPSP to identify the PSU-Corporate-ID content. |
| consent-id | This data element may be contained, if the payment initiation transaction is part of a session, i.e. combined AIS/PIS service. This then contains the “consentId” of the related AIS consent, which was performed prior to this payment initiation. |
| tpp-redirect-preferred | Only “true” or “false” values are accepted.
If it equals “true”, the TPP prefers a redirect over an embedded SCA approach. If it equals “false”, the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled SCA approach, depending on the choice of the SCA procedure by the TPP/PSU. If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the TPP/PSU. |
| tpp-nok-redirect-uri | If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method. This might be ignored by the ASPSP. |
| tpp-signature-certificate | This is a X509 certificate that the TPP uses for signing the request, in base64 encoding.
This certificate is in PEM format without the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". Must be contained if a signature is contained, see above. |
| signature | A signature of the request by the TPP on application level. This might be mandated by ASPSP. |
| digest | Is contained if and only if the “Signature” element is contained in the header of the
request. The “digest” Header contains a Hash of the message body. The only hash algorithms that may be used to calculate the digest within the context of this specification are SHA-256 and SHA-512. |
| aspsp-product-code | The account servicing payment service provider product code. |
| access | The consent identification assigned to the created resource. |
| recurringIndicator | Set if the consent is for recurring access to the account data or if the consent must be given only for a single access to the account data. |
| validUntil | This parameter is requesting a valid until date for the requested consent. |
| frequencyPerDay | This field indicates the requested maximum accesses per day. |
| combinedServiceIndicator | Indicates if a payment initiation service will be addressed in the same session or in a different one. |
Output parameters
| Attribute | Description |
|---|---|
| Result Code | Result of the establish consent. |
| Error Management | Description of the type of error obtained in the event that the outcome is negative. |
| consentStatus | The status of the consent established. |
| consentId | Identification of the consent resource as it is used in the API structure. |
| psuCredentials | PSU Credentials on the ASPSP system. |
| scaMethods | This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods. Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor, or if an access token is transported. |
| chosenScaMethod | This data element is only contained in the response: if the APSPS has chosen the Embedded SCA Approach; if the PSU is already identified with the first relevant factor or alternatively an access token; if SCA is required and if the authentication method is implicitly selected. |
