-
Consent
-
Consents provide a mechanism by which a third party App or User can access resources on behalf of aMore...
- Create Consent By CONSENT_REQUEST_ID (EMAIL)
- Create Consent Request VRP
-
v5.1.0 filtered by tag: VRP (2 APIs)
Create Consent By CONSENT_REQUEST_ID (EMAIL)
This endpoint continues the process of creating a Consent.
It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges of the logged in user.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON request body fields:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent Request VRP
This endpoint is used to begin the process of creating a consent that may be used for Variable Recurring Payments (VRPs).
VRPs are useful in situations when a beneficiary needs to be paid different amounts on a regular basis.
Once granted, the consent allows its holder to initiate multiple Transaction Requests to the Counterparty defined in this endpoint as long as the
Counterparty Limits are respected.
Client, Consumer or Application Authentication is mandatory for this endpoint.
i.e. the caller of this endpoint is the API Client, Consumer or Application rather than a specific User.
At the end of the process the following objects are created in OBP or connected backend systems:
- An automatically generated View which controls access.
- A Counterparty that is the Beneficiary of the Variable Recurring Payments. The Counterparty specifies the Bank Account number or other routing address.
- Limits for the Counterparty which constrain the amount of money that can be sent to it in various periods (yearly, monthly, weekly).
The Account holder may modify the Counterparty or Limits e.g. to increase or decrease the maximum possible payment amounts or the frequencey of the payments.
In the case of a public client we use the client_id and private key to obtain an access token, otherwise we use the client_id and client_secret.
The obtained access token is used in the HTTP Authorization header of the request as follows:
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
After successfully creating the VRP consent request, you need to call the Create Consent By CONSENT_REQUEST_ID endpoint to finalize the consent using the CONSENT_REQUEST_ID returned by this endpoint.
Authentication is Optional
JSON request body fields:
counterparty_name: John Smith Ltd.
currency: EUR
from_account: from_account
limit: 100
max_monthly_amount: 10000
max_number_of_monthly_transactions: 10
max_number_of_yearly_transactions: 100
max_single_amount: 1000
max_yearly_amount: 12000
scheme: OBP
to_account: to_account
valid_from: 2020-01-27
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"from_account":{
"bank_routing":{
"scheme":"OBP",
"address":"gh.29.uk"
},
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"branch_routing":{
"scheme":"OBP",
"address":"DERBY6"
}
},
"to_account":{
"bank_routing":{
"scheme":"OBP",
"address":"gh.29.uk"
},
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"branch_routing":{
"scheme":"OBP",
"address":"DERBY6"
},
"limit":{
"currency":"EUR",
"max_single_amount":1000,
"max_monthly_amount":10000,
"max_number_of_monthly_transactions":10,
"max_yearly_amount":12000,
"max_number_of_yearly_transactions":100
}
},
"valid_from":"2024-07-10T09:22:06Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-10001: Incorrect json format.
- OBP-35020: You exceeded max value of time to live of consents.
- OBP-20306: PEM Encoded Certificate cannot be found at request header.
- OBP-20300: PEM Encoded Certificate issue.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.