Documentation - 89C3 API

/stet/psd2/v1.4.2/consents

PUT - consentsPut_v1.4.2

Abstract

Forwarding the PSU consent (AISP)

Description

In the mixed detailed consent on accounts - the AISP captures the consent of the PSU - then it forwards this consent to the ASPSP This consent replaces any prior consent that was previously sent by the AISP. - The TPP has been registered by the Registration Authority for the AISP role. - The TPP and the PSU have a contract that has been enrolled by the ASPSP - At this step, the ASPSP has delivered an OAUTH2 "Authorization Code" or "Resource Owner Password" access token to the TPP (cf. § 3.4.2). - The TPP and the ASPSP have successfully processed a mutual check and authentication - The TPP has presented its OAUTH2 "Authorization Code" or "Resource Owner Password" access token which allows the ASPSP to identify the relevant PSU and retrieve the linked PSU context (cf. § 3.4.2) if any. - The ASPSP takes into account the access token that establishes the link between the PSU and the AISP. The PSU specifies to the AISP which of his/her accounts will be accessible and which functionalities should be available. The AISP forwards these settings to the ASPSP. The ASPSP answers by HTTP201 return code.

Scopes

cbpii
aisp
extended_transaction_history

Parameters

Authorization (required)	string header Access token to be passed as a header
access (required)	Access body Model Example { "balances (array)": "List of accessible accounts for one given functionality", "transactions (array)": "List of accessible accounts for one given functionality", "trustedBeneficiaries (boolean)": "Indicator that access to the trusted beneficiaries list was granted or not to the AISP by the PSU\n- true: the access was granted\n- false: the access was not granted\n", "psuIdentity (boolean)": "Indicator that access to the PSU identity, first name and last name, was granted or not to the AISP by the PSU\n- true: the access was granted\n- false: the access was not granted\n" } `{ "balances": "", "transactions": "", "trustedBeneficiaries": "", "psuIdentity": "" }` Click to set as parameter value List of consents granted to the AISP by the PSU.
PSU-IP-Address	string header IP address used by the PSU's terminal when connecting to the TPP
PSU-IP-Port	string header IP port used by the PSU's terminal when connecting to the TPP
PSU-HTTP-Method	string header Http method for the most relevant PSU’s terminal request to the TTP
PSU-Date	string header Timestamp of the most relevant PSU’s terminal request to the TTP
PSU-GEO-Location	string header Geographical location of the PSU as provided by the PSU mobile terminal if any to the TPP
PSU-User-Agent	string header "User-Agent" header field sent by the PSU terminal when connecting to the TPP
PSU-Referer	string header "Referer" header field sent by the PSU terminal when connecting to the TPP. Notice that an initial typo in RFC 1945 specifies that "referer" (incorrect spelling) is to be used. The correct spelling "referrer" can be used but might not be understood.
PSU-Accept	string header "Accept" header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Charset	string header "Accept-Charset" header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Encoding	string header "Accept-Encoding" header field sent by the PSU terminal when connecting to the TPP
PSU-Accept-Language	string header "Accept-Language" header field sent by the PSU terminal when connecting to the TPP
PSU-Device-ID	string header UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of installation identification this ID need to be unaltered until removal from device.
Digest	string header Digest of the body
Signature (required)	string header [http-signature of the request](https://datatracker.ietf.org/doc/draft-cavage-http-signatures/) The keyId must specify the way to get the relevant qualified certificate. It is requested that this identifier is an URL aiming to provide the relevant Qualified Certificate.
X-Request-ID (required)	string header Correlation header to be set in a request and retrieved in the relevant response

Return codes

201	Created
400	Invalid status value
401	Unauthorized, authentication failure.
403	Forbidden, authentication successful but access to resource is not allowed.
405	Method Not Allowed.
406	Not Acceptable.
408	Request Timeout.
429	Too many requests.
500	Internal server error.
501	Not Implemented. This code should be used when the entry point is implemented but cannot provide a result, given the context. When the entry point is not implemented at all, HTTP400 will be returned.
503	Service unavailable.

Input

application/json

Output

application/hal+json; charset=utf-8

application/json; charset=utf-8

Available authentification

OAuth 2.0