Create Consent – Account
In order to retrieve a user’s account data, explicit consent has to be created and confirmed by the user. User’s account data are provided only for valid consents.
Prerequisite: Authorization flow
Begin with an oauth/authorize
request, during which the Payment Service User (PSU) is redirected to their bank’s login page. The PSU logs into their bank account and selects the IBAN they wish to use (if multiple IBANs are available). After the selection is made, an authorization code will be redirected to the URL you have provided.
Using the obtained authorization code, call the oauth/token
endpoint to retrieve the access_token
. The access_token
is a JWT token. The sub claim within this token contains the IBAN selected by the PSU. We support only one IBAN per consent.
With the valid access_token
and the IBAN information, you can proceed to call the POST /consents
endpoint to initiate the consent creation process.
For more information, see section API authorization and authentication.
.
By following the below listed steps a valid consent would be created:
1st step: POST /consents
– Create consent
This method creates a consent resource that defines access rights to dedicated accounts associated with a given PSU-ID. For details, please refer to the description of the call parameters. After a successful consent creation (POST Create Consent), the TPP must redirect the PSU to the authorization server using the URL provided in the response. This redirect enables the PSU to complete Strong Customer Authentication (SCA) and confirm the consent authorization.
Important: Consent can be created to obtain account data, transaction data, and/or balance data with a single method.
To obtain account data only,
"accounts"
must contain valid account identifiers.To obtain transaction data, both
"accounts"
and"transactions"
must contain valid account identifiers.To obtain balance data, both
"accounts"
and"balances"
must contain valid account identifiers.
2nd step: GET /consents/{consentId}/status
– Consent status request
This method retrieves the current status of an account information consent resource. When the response returns "consentStatus": "valid"
, it indicates that the consent was successfully authorized by the PSU and can be used in further flows for retrieving account data.
Optional methods:
GET /consents/{consentId}
– Get Consent RequestDELETE/consents/{consentId}
– Delete ConsentGET /consents/{consentId}/authorisations
– Get Consent Authorisation Sub-Resources RequestGET /consents/{consentId}/authorisations/{authorisationId}
– Read the SCA status of the consent authorisation
Get Account List and/or Account Details
Prerequisite: A valid consent (see Create consent) with a valid IBAN included in "accounts"
during consent creation.
Steps to get account data details:
1st step: GET /accounts
– Read Account List
Retrieve the identifiers (resource ID) of available payment account along with booking balance information, depending on the consent granted. This method requires the consentId
to be provided as a header parameter and will return the account authorized by that consent.
2nd step: GET /accounts/{account-id}
– Read Account Details
Retrieve detailed information about a specific account identified by account-id
, which is obtained from the Read Account List method. This includes balances where applicable.
Get Account Transaction List and/or Transaction details
Prerequisite: A valid consent (see Create consent) with valid IBAN included in both "accounts"
and "transactions"
during the consent creation.
Steps to get transaction list and details data:
1st step: GET /accounts – Read Account List
Retrieve the identifiers (resource ID) of the available payment account along with booking balance information, depending on the consent granted. This method requires the consentId
to be provided as a header parameter, which determines the account returned.
2nd step: GET /accounts/{account-id}/transactions – Read Transaction List
Retrieve transaction reports or transaction lists for the specified account (account-id
), optionally filtered by the query parameter "bookingStatus"
, along with balances.
Important: The Read Transaction List call supports query parameters that can be used to narrow down the returned data. Please refer to the API specifications for details.
Transaction list requests are limited to a period of 90 days from the time the request is made. However, during the first 5 minutes of an AIS consent lifecycle, any GET /transactions request is not subject to this limitation. After this initial period, requests for transactions older than 90 days will be rejected.
3rd step: GET /accounts/{account-id}/transactions/{transactionId} – Read Transaction Details
Retrieve detailed information for a specific transaction identified by transactionId
within the given account (account-id
). This call returns transaction details in JSON format and is only available for transactions reported in that format.
Read Account Balances
Prerequisite: A valid consent (see Create consent) with a valid IBAN included in both "accounts"
and "balances"
fields during the consent creation.
Steps to get balance data:
1st step: GET /accounts – Read Account List
Retrieve the identifiers (resource ID) of the available payment account along with booking balance information, depending on the consent granted. This method requires a consentId
to be provided as a header parameter, which determines the account returned.
2nd step: GET /accounts/{account-id}/balances – Read Balance
Retrieve account balance data for the specified account identified by account-id
.