Start the authorisation process for a consent

Create an authorisation sub-resource and start the authorisation process of a consent.
The message might in addition transmit authentication and authorisation related data.

his method is iterated n times for a n times SCA authorisation in a
corporate context, each creating an own authorisation sub-endpoint for
the corresponding PSU authorising the consent.

The ASPSP might make the usage of this access method unnecessary,
since the related authorisation resource will be automatically created by
the ASPSP after the submission of the consent data with the first POST consents call.

The start authorisation process is a process which is needed for creating a new authorisation
or cancellation sub-resource.

This applies in the following scenarios:

  • The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceding Payment
    initiation response that an explicit start of the authorisation process is needed by the TPP.
    The 'startAuthorisation' hyperlink can transport more information about data which needs to be
    uploaded by using the extended forms:
    • 'startAuthorisationWithPsuIdentfication',
    • 'startAuthorisationWithPsuAuthentication'
    • 'startAuthorisationWithEncryptedPsuAuthentication'
    • 'startAuthorisationWithAuthentciationMethodSelection'
  • The related payment initiation cannot yet be executed since a multilevel SCA is mandated.
  • The ASPSP has indicated with an 'startAuthorisation' hyperlink in the preceding
    payment cancellation response that an explicit start of the authorisation process is needed by the TPP.
    The 'startAuthorisation' hyperlink can transport more information about data which needs to be uploaded
    by using the extended forms as indicated above.
  • The related payment cancellation request cannot be applied yet since a multilevel SCA is mandate for
    executing the cancellation.
  • The signing basket needs to be authorised yet.
Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required

ID of the corresponding consent object as returned by an account information consent request.

Body Params
Headers
uuid
required

ID of the request, unique to the call, as determined by the initiating party.

string

Is contained if and only if the "Signature" element is contained in the header of the request.

string

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

string

The certificate used for signing the request, in base64 encoding.
Must be contained if a signature is contained.

string

Client ID of the PSU in the ASPSP client interface.

Might be mandated in the ASPSP's documentation.

It might be contained even if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding
AIS service in the same session.
In this case the ASPSP might check whether PSU-ID and token match,
according to ASPSP documentation.

string

Type of the PSU-ID, needed in scenarios where PSUs have several PSU-IDs as access possibility.

In this case, the mean and use are then defined in the ASPSP’s documentation.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

string

Might be mandated in the ASPSP's documentation. Only used in a corporate context.

boolean

If it equals "true", the TPP prefers a redirect over an embedded SCA approach.
If it equals "false", the TPP prefers not to be redirected for SCA. The ASPSP will then choose between the Embedded or the Decoupled
SCA approach, depending on the parameter TPP-Decoupled-Preferred and the choice of the SCA procedure by the TPP/PSU.
If the parameter is not used, the ASPSP will choose the SCA approach to be applied depending on the SCA method chosen by the
TPP/PSU.

uri

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach, specifically
when TPP-Redirect-Preferred equals "true".
It is recommended to always use this header field.

Remark for Future:
This field might be changed to mandatory in the next version of the specification.

uri

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case
of a negative result of the redirect SCA method. This might be ignored by the ASPSP.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

string

HTTP method used at the PSU ? TPP interface, if available.
Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
uuid

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available.
UUID identifies either a device or a device dependant application installation.
In case of an installation identification this ID needs to be unaltered until removal from device.

string

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

Language
Credentials
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json
*/*