Start Consent Authorisation Process

post https://test-openbanking.tbcbank.ge/0.8/v1/consents/{consentId}/authorisations

Create an authorisation sub-resource and start the authorisation process of a consent.
The message might in addition transmit authentication and authorisation related data.

This method is iterated n times for a n times SCA authorisation in a
corporate context, each creating an own authorisation sub-endpoint for
the corresponding PSU authorising the consent.

The ASPSP might make the usage of this access method unnecessary,
since the related authorisation resource will be automatically created by
the ASPSP after the submission of the consent data with the first POST consents call.

The start authorisation process is a process which is needed for creating a new authorisation
or cancellation sub-resource.

This applies in the following scenarios:

The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceding Payment
initiation response that an explicit start of the authorisation process is needed by the TPP.
The 'startAuthorisation' hyperlink can transport more information about data which needs to be
uploaded by using the extended forms:
- 'startAuthorisationWithPsuIdentfication',
- 'startAuthorisationWithPsuAuthentication'
- 'startAuthorisationWithEncryptedPsuAuthentication'
- 'startAuthorisationWithAuthentciationMethodSelection'
The related payment initiation cannot yet be executed since a multilevel SCA is mandated.
The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceding
payment cancellation response that an explicit start of the authorisation process is needed by the TPP.
The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded
by using the extended forms as indicated above.
The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for
executing the cancellation.
The signing basket needs to be authorised yet.

Path Params

consentId

string

required

ID of the corresponding consent object as returned by an account information consent request.

Headers

X-Request-ID

uuid

required

ID of the request, unique to the call, as determined by the initiating party.

Digest

string

required

Is contained if and only if the "Signature" element is contained in the header of the request.

X-JWS-Signature

string

required

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

PSU-ID

string

Identity number of user to identify client in ASPSP systems.

PSU-Corporate-ID

string

Identity number of corporate user to identify corporate client in ASPSP systems.

PSU-IP-Address

string

required

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port

string

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Geo-Location

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Accept-Language

string

HTTP header indicates the natural language and locale that the client prefers.

TPP-Redirect-URI

uri

required

URI of the TPP, where user will be redirected to after accepting consent.

TPP-Redirect-Preferred

boolean

If it equals "true", the TPP prefers a redirect SCA approach.
If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will consider the Decoupled SCA approach, depending on the parameter TPP-Decoupled-Preferred.

The parameter is required to be false, if TPP prefers to use decoupled SCA aproach and TPP-Decoupled-Preferred is "true".

If the parameter is not used, ASPSP will consider Redirect SCA Approach.

TPP-Decoupled-Preferred

boolean

If it equals "true", the TPP prefers a decoupled SCA approach.
If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will consider redirect as SCA approach.

The parameter is required if TPP prefers to use decoupled SCA aproach.

If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected and ASPSP will consider Redirect SCA Approach.

Responses

Response body

object

scaStatus

string

required

This data element is containing information about the status of the SCA method applied.

The following codes are defined for this data type.

'received':
An authorisation or cancellation-authorisation resource has been created successfully.
'psuIdentified':
The PSU related to the authorisation or cancellation-authorisation resource has been identified.
'psuAuthenticated':
The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token.
'scaMethodSelected':
The PSU/TPP has selected the related SCA routine.
If the SCA method is chosen implicitly since only one SCA method is available,
then this is the first status to be reported instead of 'received'.
'unconfirmed':
SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet.
'started':
The addressed SCA routine has been started.
'finalised':
The SCA routine has been finalised successfully (including a potential confirmation command).
This is a final status of the authorisation resource.
'failed':
The SCA routine failed.
This is a final status of the authorisation resource.
'exempted':
SCA was exempted for the related transaction, the related authorisation is successful.
This is a final status of the authorisation resource.

received psuIdentified psuAuthenticated scaMethodSelected started unconfirmed finalised failed exempted

authorisationId

string

required

Resource identification of the related SCA.

_links

object

required

A list of hyperlinks to be recognised by the TPP. The actual hyperlinks used in the
response depend on the dynamical decisions of the ASPSP when processing the request.

Remark: All links can be relative or full links, to be decided by the ASPSP.

Type of links admitted in this response, (further links might be added for ASPSP defined
extensions):

'scaRedirect':
In case of an SCA Redirect Approach, the ASPSP is transmitting the link to which to
redirect the PSU browser.
'scaOAuth':
In case of a SCA OAuth2 Approach, the ASPSP is transmitting the URI where the configuration of the Authorisation Server can be retrieved. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification.
'updatePsuIdentification':
The link to the authorisation or cancellation authorisation sub-resource,
where PSU identification data needs to be uploaded.
'scaStatus':
The link to retrieve the scaStatus of the corresponding authorisation sub-resource.

scaRedirect

object

Link to a resource.

scaOAuth

object

Link to a resource.

updatePsuIdentification

object

Link to a resource.

scaStatus

object

Link to a resource.

psuMessage

string

Text to be displayed to the PSU. Used only during Decoupled Authorisation.

Headers

object

X-Request-ID

uuid

ID of the request, unique to the call, as determined by the initiating party.

ASPSP-SCA-Approach

string

This data element must be contained, if the SCA Approach is already fixed.
Possible values are

DECOUPLED
REDIRECT
The OAuth SCA approach will be subsumed by REDIRECT.

Location

uri

URI where the client can view and accept consent. In case of errron will be returned redirect uri with error and error description

Examples:

success example with Location:

https://customerconsent.tbcbank.ge/loginappsandbox/session?sessionid=219d20e1-a34e-4608-89bc-0d55c66dd576
error example:

https://tempuri.org/callback?error=server_error&error_description=The authorization server encountered an unexpected condition that&state=e09bd498-262d-41be-8744-6a706ab3426a

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://test-openbanking.tbcbank.ge/0.8/v1/consents/consentId/authorisations \
3
     --header 'accept: application/json'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

application/problem+json

201Created

400Bad Request

403Forbidden

404NotFound

409Conflict

500Server Error