-
API
-
The terms `API` (Application Programming Interface) and `Endpoint` are used somewhat interchangeablyMore...
- Get JSON Web Key (JWK)
-
-
Account
-
The thing that tokens of value (money) come in and out of. An account has one or more `owners` whichMore...
- Get Account Balances
- Get Account by Id (Core)
- Get Accounts Balances
- Get Accounts Held
- Get Accounts at Bank (IDs only)
- Get Accounts at Bank (Minimal)
- Get Accounts at all Banks (private)
-
-
Bank
-
A Bank (aka Space) represents a financial institution, brand or organizational unit under which resMore...
- Get Bank
- Get Banks
- Get Transaction Types at Bank
-
-
Consent
-
Consents provide a mechanism by which a third party App or User can access resources on behalf of aMore...
- Add User to a Consent
- Answer Consent Challenge
- Create Consent (EMAIL)
- Create Consent (SMS)
- Create Consent By CONSENT_REQUEST_ID (EMAIL)
- Create Consent By CONSENT_REQUEST_ID (SMS)
- Create Consent Request
- Get Consent By Consent Request Id
- Get Consent Request
- Get Consents
- Get Consents Info
- Provide client's certificate info of a current call
- Revoke Consent
- Revoke Consent at Bank
- Revoke Consent used in the Current Call
- Update Consent Status
-
-
Transaction
-
Transactions are records of successful movements of value into or out of an `Account`. OBP TransacMore...
- Get Transactions for Account (Core)
-
-
API
-
Account
- Get Account Balances
- Get Account by Id (Core)
- Get Accounts Balances
- Get Accounts Held
- Get Accounts at Bank (IDs only)
- Get Accounts at Bank (Minimal)
- Get Accounts at all Banks (private)
-
Bank
-
Consent
- Add User to a Consent
- Answer Consent Challenge
- Create Consent (EMAIL)
- Create Consent (SMS)
- Create Consent By CONSENT_REQUEST_ID (EMAIL)
- Create Consent By CONSENT_REQUEST_ID (SMS)
- Create Consent Request
- Get Consent By Consent Request Id
- Get Consent Request
- Get Consents
- Get Consents Info
- Provide client's certificate info of a current call
- Revoke Consent
- Revoke Consent at Bank
- Revoke Consent used in the Current Call
- Update Consent Status
-
Transaction
v5.1.0 filtered by tag: Account%20Information%20Service%20(AIS) (28 APIs)
Get JSON Web Key (JWK)
{
"kty":"RSA",
"e":"AQAB",
"use":"sig",
"kid":"fr6-BxXH5gikFeZ2O6rGk0LUmJpukeswASN_TMW8U_s",
"n":"hrB0OWqg6AeNU3WCnhheG18R5EbQtdNYGOaSeylTjkj2lZr0_vkhNVYvase-CroxO4HOT06InxTYwLnmJiyv2cZxReuoVjTlk--olGu-9MZooiFiqWez0JzndyKxQ27OiAjFsMh0P04kaUXeHKhXRfiU7K2FqBshR1UlnWe7iHLkq2p9rrGjxQc7ff0w-Uc0f-8PWg36Y2Od7s65493iVQwnI13egqMaSvgB1s8_dgm08noEjhr8C5m1aKmr5oipWEPNi-SBV2VNuiCLR1IEPuXq0tOwwZfv31t34KPO-2H2bbaWmzGJy9mMOGqoNrbXyGiUZoyeHRELaNtm1GilyQ"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-50000: Unknown Error.
Get Account Balances
Get the Balances for one Account of the current User at one bank.
Authentication is Mandatory
URL Parameters:
ACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
BANK_ID: gh.29.uk
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
amount: 10.12
balances: balances
bank_id: gh.29.uk
currency: EUR
label: My Account
scheme: scheme value
type:
{
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"bank_id":"gh.29.uk",
"account_routings":[{
"scheme":"accountNumber",
"address":"123456"
}],
"label":"My Account",
"balances":[{
"type":"",
"currency":"EUR",
"amount":"10"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-30065: Cannot find account access.
- OBP-50000: Unknown Error.
Get Account by Id (Core)
Information returned about the account specified by ACCOUNT_ID:
- Number - The human readable account number given by the bank that identifies the account.
- Label - A label given by the owner of the account
- Owners - Users that own this account
- Type - The type of account
- Balance - Currency and Value
- Account Routings - A list that might include IBAN or national account identifiers
- Account Rules - A list that might include Overdraft and other bank specific rules
- Tags - A list of Tags assigned to this account
This call returns the owner view and requires access to that view.
Authentication is Mandatory
URL Parameters:
ACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
BANK_ID: gh.29.uk
JSON response body fields:
amount: 10.12
balance: 10
bank_id: gh.29.uk
currency: EUR
id: d8839721-ad8f-45dd-9f78-2080414b93f9
label: My Account
product_code: 1234BW
scheme: scheme value
{
"id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"bank_id":"gh.29.uk",
"label":"My Account",
"number":"546387432",
"product_code":"AC",
"balance":{
"currency":"EUR",
"amount":"0"
},
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}],
"views_basic":["owner"]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30018: Bank Account not found. Please specify valid values for BANK_ID and ACCOUNT_ID.
- OBP-50000: Unknown Error.
Get Accounts Balances
Get the Balances for the Accounts of the current User at one bank.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
amount: 10.12
balances: balances
bank_id: gh.29.uk
currency: EUR
label: My Account
scheme: scheme value
type:
{
"accounts":[{
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"bank_id":"gh.29.uk",
"account_routings":[{
"scheme":"accountNumber",
"address":"123456"
}],
"label":"My Account",
"balances":[{
"type":"",
"currency":"EUR",
"amount":"10"
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Get Accounts Held
Get Accounts held by the current User if even the User has not been assigned the owner View yet.
Can be used to onboard the account to the API - since all other account and transaction endpoints require views to be assigned.
optional request parameters:
- account_type_filter: one or many accountType value, split by comma
- account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE
whole url example:
/banks/BANK_ID/accounts-held?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
bank_id: gh.29.uk
id: d8839721-ad8f-45dd-9f78-2080414b93f9
label: My Account
scheme: scheme value
{
"accounts":[{
"id":"12314",
"label":"My Account",
"bank_id":"123",
"number":"123",
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Accounts at Bank (IDs only)
Returns only the list of accounts ids at BANK_ID that the user has access to.
Each account must have at least one private View.
For each account the API returns its account ID.
If you want to see more information on the Views, use the Account Detail call.
optional request parameters:
- account_type_filter: one or many accountType value, split by comma
- account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE
whole url example:
/banks/BANK_ID/accounts/account_ids/private?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
id: d8839721-ad8f-45dd-9f78-2080414b93f9
{
"accounts":[{
"id":"5995d6a2-01b3-423c-a173-5481df49bdaf"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Get Accounts at Bank (Minimal)
Returns the minimal list of private accounts at BANK_ID that the user has access to.
For each account, the API returns the ID, routing addresses and the views available to the current user.
If you want to see more information on the Views, use the Account Detail call.
optional request parameters:
- account_type_filter: one or many accountType value, split by comma
- account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE
whole url example:
/banks/BANK_ID/accounts/private?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
account_type: AC
bank_id: gh.29.uk
description: This an optional field. Maximum length is 2000. It can be any characters here.
id: d8839721-ad8f-45dd-9f78-2080414b93f9
is_public: true
label: My Account
scheme: scheme value
{
"accounts":[{
"id":"5995d6a2-01b3-423c-a173-5481df49bdaf",
"label":"String",
"bank_id":"gh.29.uk",
"account_type":"330",
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}],
"views":[{
"id":"owner",
"short_name":"Owner",
"description":"This view is for the owner for the account.",
"is_public":false
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Get Accounts at all Banks (private)
Returns the list of accounts containing private views for the user.
Each account lists the views available to the user.
optional request parameters:
- account_type_filter: one or many accountType value, split by comma
- account_type_filter_operation: the filter type of account_type_filter, value must be INCLUDE or EXCLUDE
whole url example:
/my/accounts?account_type_filter=330,CURRENT+PLUS&account_type_filter_operation=INCLUDE
Authentication is Mandatory
JSON response body fields:
account_type: AC
bank_id: gh.29.uk
description: This an optional field. Maximum length is 2000. It can be any characters here.
id: d8839721-ad8f-45dd-9f78-2080414b93f9
is_public: true
label: My Account
scheme: scheme value
{
"accounts":[{
"id":"5995d6a2-01b3-423c-a173-5481df49bdaf",
"label":"String",
"bank_id":"gh.29.uk",
"account_type":"330",
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}],
"views":[{
"id":"owner",
"short_name":"Owner",
"description":"This view is for the owner for the account.",
"is_public":false
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Bank
Get the bank specified by BANK_ID
Returns information about a single bank specified by BANK_ID including:
- Bank code and full name of bank
- Logo URL
- Website
Authentication is Optional
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
bank_code: CGHZ
bank_routings: bank routing in form of (scheme, address)
full_name: full name string
id: d8839721-ad8f-45dd-9f78-2080414b93f9
logo: logo url
name: ACCOUNT_MANAGEMENT_FEE
scheme: scheme value
value: 5987953
website: www.openbankproject.com
attributes: attribute value in form of (name, value)
{
"id":"gh.29.uk",
"bank_code":"CGHZ",
"full_name":"bank fullName string",
"logo":"bank logoUrl string",
"website":"bank logoUrl string",
"bank_routings":[{
"scheme":"scheme value",
"address":""
}],
"attributes":[{
"name":"ACCOUNT_MANAGEMENT_FEE",
"value":"5987953"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-50000: Unknown Error.
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
Get Banks
Get banks on this API instance
Returns a list of banks supported on this server:
- ID used as parameter in URLs
- Short and full name of bank
- Logo URL
- Website
Authentication is Optional
JSON response body fields:
bank_routings: bank routing in form of (scheme, address)
full_name: full name string
id: d8839721-ad8f-45dd-9f78-2080414b93f9
logo: logo url
name: ACCOUNT_MANAGEMENT_FEE
scheme: scheme value
value: 5987953
website: www.openbankproject.com
attributes: attribute value in form of (name, value)
{
"banks":[{
"id":"gh.29.uk",
"short_name":"short_name ",
"full_name":"full_name",
"logo":"logo",
"website":"www.openbankproject.com",
"bank_routings":[{
"scheme":"scheme value",
"address":""
}],
"attributes":[{
"name":"ACCOUNT_MANAGEMENT_FEE",
"value":"5987953"
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-50000: Unknown Error.
Get Transaction Types at Bank
Get Transaction Types for the bank specified by BANK_ID:
Lists the possible Transaction Types available at the bank (as opposed to Transaction Request Types which are the possible ways Transactions can be created by this API Server).
- id : Unique transaction type id across the API instance. SHOULD be a UUID. MUST be unique.
- bank_id : The bank that supports this TransactionType
- short_code : A short code (SHOULD have no-spaces) which MUST be unique across the bank. May be stored with Transactions to link here
- summary : A succinct summary
- description : A longer description
- charge : The charge to the customer for each one of these
Authentication is Optional
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
amount: 10.12
bank_id: gh.29.uk
currency: EUR
description: This an optional field. Maximum length is 2000. It can be any characters here.
id: d8839721-ad8f-45dd-9f78-2080414b93f9
value: 5987953
{
"transaction_types":[{
"id":{
"value":"123"
},
"bank_id":"gh.29.uk",
"short_code":"PlaceholderString",
"summary":"PlaceholderString",
"description":"PlaceholderString",
"charge":{
"currency":"EUR",
"amount":"0"
}
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Add User to a Consent
This endpoint is used to add the User of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"AUTHORISED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-20057: User not found by userId.
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-35024: The Consent's User is already added.
- OBP-10001: Incorrect json format.
- OBP-35001: Consent not found by CONSENT_ID.
- OBP-50000: Unknown Error.
Answer Consent Challenge
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
This endpoint is used to confirm a Consent previously created.
The User must supply a code that was sent out of band (OOB) for example via an SMS.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON request body fields:
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent (EMAIL)
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
URL Parameters:
BANK_ID: gh.29.uk
JSON request body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS and EMAIL are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent (SMS)
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
URL Parameters:
BANK_ID: gh.29.uk
SMS:
JSON request body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS and EMAIL are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent By CONSENT_REQUEST_ID (EMAIL)
This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON request body fields:
JSON response body fields:
jwt:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS and EMAIL are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent By CONSENT_REQUEST_ID (SMS)
This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
SMS:
JSON request body fields:
JSON response body fields:
jwt:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35029: The CONSENT_REQUEST_ID is invalid.
- OBP-35009: Only SMS and EMAIL are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent Request
Client Authentication (mandatory)
It is used when applications request an access token to access their own resources, not on behalf of a user.
The client needs to authenticate themselves for this request.
In case of public client we use client_id and private kew to obtain access token, otherwise we use client_id and client_secret.
The obtained access token is used in the HTTP Bearer auth header of our request.
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
Authentication is Optional
JSON request body fields:
account_access: account_access
bank_id: gh.29.uk
scheme: scheme value
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"everything":false,
"account_access":[{
"account_routing":{
"scheme":"AccountNumber",
"address":"4930396"
},
"view_id":"owner"
}],
"phone_number":"+44 07972 444 876",
"valid_from":"2022-06-14T12:42:00Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35020: You exceeded max value of time to live of consents.
- OBP-50000: Unknown Error.
Get Consent By Consent Request Id
This endpoint gets the Consent By consent request id.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON response body fields:
jwt:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Consent Request
Authentication is Optional
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"everything":false,
"account_access":[{
"account_routing":{
"scheme":"AccountNumber",
"address":"4930396"
},
"view_id":"owner"
}],
"phone_number":"+44 07972 444 876",
"valid_from":"2022-06-14T12:42:00Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-35028: Consent Request not found by CONSENT_REQUEST_ID.
- OBP-50000: Unknown Error.
Get Consents
This endpoint gets the Consents that the current User created.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
api_standard: api_standard
jwt:
{
"consents":[{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"api_standard":"Berlin Group",
"api_version":"v1.3"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Get Consents Info
This endpoint gets the Consents that the current User created.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
api_standard: api_standard
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
last_action_date: last_action_date
last_usage_date: last_usage_date
{
"consents":[{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"created_by_user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1",
"last_action_date":"2020-01-27",
"last_usage_date":"2021-04-08T09:12:27Z",
"status":"INITIATED",
"api_standard":"Berlin Group",
"api_version":"v1.3"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Provide client's certificate info of a current call
Provide client's certificate info of a current call specified by PSD2-CERT value at Request Header
Authentication is Mandatory
JSON response body fields:
issuer_domain_name: issuer_domain_name
not_after: not_after
not_before: not_before
subject_domain_name: subject_domain_name
roles: CanCreateMyUser
roles_info: roles_info
{
"subject_domain_name":"OID.2.5.4.41=VPN, EMAILADDRESS=admin@tesobe.com, CN=TESOBE CA, OU=TESOBE Operations, O=TESOBE, L=Berlin, ST=Berlin, C=DE",
"issuer_domain_name":"CN=localhost, O=TESOBE GmbH, ST=Berlin, C=DE",
"not_before":"2022-04-01T10:13:00.000Z",
"not_after":"2032-04-01T10:13:00.000Z",
"roles_info":"PEM Encoded Certificate does not contain PSD2 roles."
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Revoke Consent
Revoke Consent for current user specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
Please note that this endpoint only supports the case:: "The user explicitly wishes to revoke the application’s access"
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Revoke Consent at Bank
Revoke Consent specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
-
CanRevokeConsentAtBank
- Please login to request this Role
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
- OBP-20006: User is missing one or more roles:
Revoke Consent used in the Current Call
Revoke Consent specified by Consent-Id at Request Header
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Update Consent Status
This endpoint is used to update the Status of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"AUTHORISED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Get Transactions for Account (Core)
Returns transactions list (Core info) of the account specified by ACCOUNT_ID.
Authentication is Mandatory
Possible custom url parameters for pagination:
- limit=NUMBER ==> default value: 50
- offset=NUMBER ==> default value: 0
eg1:?limit=100&offset=0
- sort_direction=ASC/DESC ==> default value: DESC.
eg2:?limit=100&offset=0&sort_direction=ASC
- from_date=DATE => example value: 1970-01-01T00:00:00.000Z. NOTE! The default value is one year ago (1970-01-01T00:00:00.000Z).
- to_date=DATE => example value: 2024-04-26T00:00:38.604Z. NOTE! The default value is now (2024-04-26T00:00:38.604Z).
Date format parameter: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'(1100-01-01T01:01:01.000Z) ==> time zone is UTC.
eg3:?sort_direction=ASC&limit=100&offset=0&from_date=1100-01-01T01:01:01.000Z&to_date=1100-01-01T01:01:01.000Z
URL Parameters:
ACCOUNT_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
BANK_ID: gh.29.uk
JSON response body fields:
amount: 10.12
completed: 2020-01-27
currency: EUR
description: This an optional field. Maximum length is 2000. It can be any characters here.
id: d8839721-ad8f-45dd-9f78-2080414b93f9
name: ACCOUNT_MANAGEMENT_FEE
new_balance: 20
posted: 2020-01-27
scheme: scheme value
transaction_attribute_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
type:
value: 5987953
{
"transactions":[{
"id":"5995d6a2-01b3-423c-a173-5481df49bdaf",
"this_account":{
"id":"String",
"bank_routing":{
"scheme":"scheme value",
"address":""
},
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}],
"holders":[{
"name":"OBP",
"is_alias":true
}]
},
"other_account":{
"id":"5995d6a2-01b3-423c-a173-5481df49bdaf",
"holder":{
"name":"OBP",
"is_alias":true
},
"bank_routing":{
"scheme":"scheme value",
"address":""
},
"account_routings":[{
"scheme":"AccountNumber",
"address":"4930396"
}]
},
"details":{
"type":"AC",
"description":"OBP",
"posted":"1100-01-01T00:00:00Z",
"completed":"1100-01-01T00:00:00Z",
"new_balance":{
"currency":"EUR",
"amount":"0"
},
"value":{
"currency":"EUR",
"amount":"0"
}
},
"transaction_attributes":[{
"transaction_attribute_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"name":"HOUSE_RENT",
"type":"DATE_WITH_DAY",
"value":"123456789"
}]
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-10023: obp_sort_direction parameter can only take two values: DESC or ASC!
- OBP-10024: wrong value for obp_offset parameter. Please send a positive integer (=>0)!
- OBP-10025: wrong value for obp_limit parameter. Please send a positive integer (=>1)!
- OBP-10026: Failed to parse date string. Please use this format yyyy-MM-dd'T'HH:mm:ss.SSS'Z'!
- OBP-20001: User not logged in. Authentication is required!
- OBP-30018: Bank Account not found. Please specify valid values for BANK_ID and ACCOUNT_ID.
- OBP-30005: View not found for Account. Please specify a valid value for VIEW_ID
- OBP-50000: Unknown Error.