Create consent

This method create a consent resource, defining access rights to dedicated accounts of
a given PSU-ID. These accounts are addressed explicitly in the method as
parameters as a core function.

Side Effects
When this consent request is a request where the "recurringIndicator" equals "true",
and if it exists already a former consent for recurring access on account information
for the addressed PSU, then the former consent automatically expires as soon as the new
consent request is authorised by the PSU.

Optional Extension:
As an option, an ASPSP might optionally accept a specific access right on the access on all PSD2 related services for all available accounts.

As another option an ASPSP might optionally also accept a command, where only access rights are inserted without mentioning the addressed account.
The relation to accounts is then handled afterwards between PSU and ASPSP.
This option is not supported for the Embedded SCA Approach.
As a last option, an ASPSP might in addition accept a command with access rights

  • to see the list of available payment accounts or
  • to see the list of available payment accounts with balances.
Log in to see full request history
Body Params

Request body for a consents request.

access
object
required

Requested access services for a consent.

boolean
required

"true", if the consent is for recurring access to the account data.

"false", if the consent is for one access to the account data.

date
required

This parameter is defining a valid until date (including the mentioned date) for the requested consent.
The content is the local ASPSP date in ISO-Date format, e.g. 2017-10-30.

Future dates might get adjusted by ASPSP.

If a maximal available date is requested, a date in far future is to be used: "9999-12-31".

In both cases the consent object to be retrieved by the get consent request will contain the adjusted date.

integer
required
≥ 1

This field indicates the requested maximum frequency for an access without PSU involvement per day.
For a one-off access, this attribute is set to "1".

The frequency needs to be greater equal to one.

If not otherwise agreed bilaterally between TPP and ASPSP, the frequency is less equal to 4.

boolean
required

If "true" indicates that a payment initiation service will be addressed in the same "session".

Headers
uuid
required

ID of the request, unique to the call, as determined by the initiating party.

string

Is contained if and only if the "Signature" element is contained in the header of the request.

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

string

The certificate used for signing the request, in base64 encoding.
Must be contained if a signature is contained.

string

Client ID of the PSU in the ASPSP client interface.

Might be mandated in the ASPSP's documentation.

It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding
AIS service in the same session.
In this case the ASPSP might check whether PSU-ID and token match,
according to ASPSP documentation.

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

In this case, the mean and use are then defined in the ASPSP’s documentation.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

boolean

If it equals "true", the TPP prefers a redirect over an embedded SCA approach.
If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled
SCA approach, depending on the parameter TPP-Decoupled-Preferred and the choice of the SCA procedure by the TPP/PSU.
If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the
TPP/PSU.

boolean

If it equals "true", the TPP prefers a decoupled SCA approach.
If it equals "false", the TPP prefers not to use the decoupled approach for SCA. The ASPSP will then choose between the embedded or the redirect SCA approach, depending on the choice of the SCA procedure by the TPP/PSU.
If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the parameter TPP-Redirect-Preferred and the SCA method chosen by the TPP/PSU.
The parameter might be ignored by the ASPSP.
If both parameters TPP-Redirect-Preferred and TPP-Decoupled-Preferred are present and true, the request is still not rejected, but it is up to the ASPSP, which approach will actually be used.

Remark for Future:
TPP-Redirect-Preferred and TPP-Decoupled-Preferred will be revised in future versions, maybe merged. Currently kept separate for downward compatibility.

uri

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically
when TPP-Redirect-Preferred equals "true".
It is recommended to always use this header field.

Remark for Future:
This field might be changed to mandatory in the next version of the specification.

uri

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case
of a negative result of the redirect SCA method. This might be ignored by the ASPSP.

boolean

If it equals "true", the TPP prefers to start the authorisation process separately,
e.g. because of the usage of a signing basket.
This preference might be ignored by the ASPSP, if a signing basket is not supported as functionality.

If it equals "false" or if the parameter is not used, there is no preference of the TPP.
This especially indicates that the TPP assumes a direct authorisation of the transaction in the next step,
without using a signing basket.

string
required

The forwarded IP Address header field consists of the corresponding http request IP Address field between PSU and TPP.
If not available, the TPP shall use the IP Address used by the TPP when submitting this request.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

string

HTTP method used at the PSU ? TPP interface, if available.
Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
uuid

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available.
UUID identifies either a device or a device dependant application installation.
In case of an installation identification this ID needs to be unaltered until removal from device.

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

Language
Credentials
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json
*/*