-
API
-
The terms `API` (Application Programming Interface) and `Endpoint` are used somewhat interchangeablyMore...
- Create Bank Level Endpoint Tag
- Create System Level Endpoint Tag
- Delete Bank Level Endpoint Tag
- Delete System Level Endpoint Tag
- Get API Configuration
- Get API Info (root)
- Get API Tags
- Get Adapter Info
- Get Adapter Info for a bank
- Get Bank Level Endpoint Tags
- Get Connector Status (Loopback)
- Get JSON Web Key (JWK)
- Get JSON Web Key (JWK) URIs
- Get Mapper Database Info
- Get Rate Limiting Info
- Get Suggested Session Timeout
- Get System Level Endpoint Tags
- Get the Call Context of a current call
- Update Bank Level Endpoint Tag
- Update System Level Endpoint Tag
- Verify Request and Sign Response of a current call
- Waiting For Godot
-
-
ATM
- Create ATM
- Create ATM Attribute
- Delete ATM
- Delete ATM Attribute
- Get ATM Attribute By ATM_ATTRIBUTE_ID
- Get ATM Attributes
- Get Bank ATM
- Get Bank ATMS
- Head Bank ATMS
- UPDATE ATM
- Update ATM Accessibility Features
- Update ATM Attribute
- Update ATM Location Categories
- Update ATM Notes
- Update ATM Services
- Update ATM Supported Currencies
- Update ATM Supported Languages
-
Account
-
The thing that tokens of value (money) come in and out of. An account has one or more `owners` whichMore...
- Check Available Funds
- Create Account (POST)
- Create Account (PUT)
- Create Account Attribute
- Create or Update Account Attribute Definition
- Delete Account Attribute Definition
- Delete Account Cascade
- Get Account Access by USER_ID
- Get Account Attribute Definition
- Get Account Balances
- Get Account Balances by BANK_ID
- Get Account Balances by BANK_ID
- Get Account Balances by BANK_ID and ACCOUNT_ID through the VIEW_ID
- Get Account by Account Routing
- Get Account by Id (Core)
- Get Account by Id (Core) through the VIEW_ID
- Get Account by Id (Full)
- Get Accounts Held
- Get Accounts Minimal for a Customer
- Get Accounts at Bank
- Get Accounts at Bank (IDs only)
- Get Accounts at Bank (Minimal)
- Get Accounts at all Banks (private)
- Get Accounts by Account Routing Regex
- Get Agent
- Get Agents at Bank
- Get Checkbook orders
- Get Fast Firehose Accounts at Bank
- Get Firehose Accounts at Bank
- Update Account
- Update Account Attribute
- Update Account Label
- Validate and check IBAN
-
-
Account Access
-
Account Access governs access to Bank Accounts by end Users. It is an intersecting entity between tMore...
- Create (DAuth) User with Account Access
- Grant User access to View
- Revoke User access to View
-
-
Api Collection
- Create My Api Collection
- Create My Api Collection Endpoint
- Create My Api Collection Endpoint By Id
- Delete My Api Collection
- Delete My Api Collection Endpoint
- Delete My Api Collection Endpoint By Id
- Delete My Api Collection Endpoint By Id
- Get All API Collections
- Get Api Collection Endpoints
- Get Api Collections for User
- Get Featured Api Collections
- Get My Api Collection By Id
- Get My Api Collection By Name
- Get My Api Collection Endpoint
- Get My Api Collection Endpoints
- Get My Api Collection Endpoints By Id
- Get My Api Collections
- Get Sharable Api Collection By Id
- Update My Api Collection By API_COLLECTION_ID
-
Bank
-
A Bank (aka Space) represents a financial institution, brand or organizational unit under which resMore...
- Create Bank
- Create Bank Attribute
- Create Settlement Account
- Create Transaction Type at bank
- Create or Update Bank Attribute Definition
- Delete Bank Attribute
- Delete Bank Cascade
- Get Bank
- Get Bank Attribute By BANK_ATTRIBUTE_ID
- Get Bank Attributes
- Get Banks
- Get Settlement accounts at Bank
- Get Transaction Types at Bank
- Update Bank
- Update Bank Attribute
-
-
Connector Method
-
Developers can override all the existing Connector methods. This function needs to be used togethMore...
- Create Connector Method
- Get Connector Method by Id
- Get all Connector Methods
- Update Connector Method
-
-
Consent
-
Consents provide a mechanism by which a third party App or User can access resources on behalf of aMore...
- Add User to a Consent
- Answer Consent Challenge
- Create Consent (EMAIL)
- Create Consent (IMPLICIT)
- Create Consent (SMS)
- Create Consent By CONSENT_REQUEST_ID (EMAIL)
- Create Consent By CONSENT_REQUEST_ID (IMPLICIT)
- Create Consent By CONSENT_REQUEST_ID (SMS)
- Create Consent Request
- Create Consent Request VRP
- Get Consent By Consent Id
- Get Consent By Consent Id
- Get Consent By Consent Request Id
- Get Consent Request
- Get Consents at Bank
- Get My Consents
- Get My Consents Info
- Provide client's certificate info of a current call
- Revoke Consent
- Revoke Consent at Bank
- Revoke Consent used in the Current Call
- Update Consent Status
-
-
Consumer
-
The "consumer" of the API, i.e. the web, mobile or serverside "App" that calls on the OBP API on beMore...
- Create a Consumer
- Enable or Disable Consumers
- Get Call Limits for a Consumer
- Get Consumer
- Get Consumers
- Get Consumers (logged in User)
- Set Rate Limits / Call Limits per Consumer
- Update Consumer LogoURL
- Update Consumer RedirectURL
-
-
Counterparty
- Create Counterparty (Explicit)
- Create Counterparty for any account (Explicit)
- Delete Counterparty (Explicit)
- Delete Counterparty for any account (Explicit)
- Get Counterparties (Explicit)
- Get Counterparties for any account (Explicit)
- Get Counterparty by Id (Explicit)
- Get Counterparty by Id for any account (Explicit)
- Get Counterparty by name for any account (Explicit)
- Get Other Account by Id
- Get Other Accounts of one Account
-
Counterparty Metadata
- Add Corporate Location to Counterparty
- Add Counterparty More Info
- Add Open Corporates URL to Counterparty
- Add image url to other bank account
- Add physical location to other bank account
- Add public alias to other bank account
- Add url to other bank account
- Create Other Account Private Alias
- Delete Counterparty Corporate Location
- Delete Counterparty Image URL
- Delete Counterparty Open Corporates URL
- Delete Counterparty Physical Location
- Delete Counterparty Private Alias
- Delete Counterparty Public Alias
- Delete more info of other bank account
- Delete url of other bank account
- Get Other Account Metadata
- Get Other Account Private Alias
- Get public alias of other bank account
- Update Counterparty Corporate Location
- Update Counterparty Image Url
- Update Counterparty More Info
- Update Counterparty Physical Location
- Update Counterparty Private Alias
- Update Open Corporates Url of Counterparty
- Update public alias of other bank account
- Update url of other bank account
-
Customer
-
The legal entity that has the relationship to the bank. Customers are linked to Users via `User CusMore...
- Create Address
- Create Agent
- Create Customer
- Create Customer Account Link
- Create Customer Attribute
- Create Customer Social Media Handle
- Create Tax Residence
- Create User Customer Link
- Create or Update Customer Attribute Definition
- Delete Customer Account Link
- Delete Customer Address
- Delete Customer Attribute
- Delete Customer Attribute Definition
- Delete Customer Cascade
- Delete Tax Residence
- Delete User Customer Link
- Get CRM Events
- Get Correlated Entities for the current User
- Get Correlated User Info by Customer
- Get Customer Account Link by Id
- Get Customer Account Links by ACCOUNT_ID
- Get Customer Account Links by CUSTOMER_ID
- Get Customer Addresses
- Get Customer Attribute By Id
- Get Customer Attribute Definition
- Get Customer Attributes
- Get Customer Overview
- Get Customer Overview Flat
- Get Customer Social Media Handles
- Get Customer by CUSTOMER_ID
- Get Customer by CUSTOMER_NUMBER
- Get Customers Minimal at Any Bank
- Get Customers Minimal at Bank
- Get Customers at Any Bank
- Get Customers at Bank
- Get Customers by Legal Name
- Get Customers by MOBILE_PHONE_NUMBER
- Get Customers for Current User
- Get Customers for Current User (IDs only)
- Get Firehose Customers
- Get My Customers
- Get My Customers at Bank
- Get Tax Residences of Customer
- Get User Customer Links by Customer
- Get User Customer Links by User
- Update Agent status
- Update Customer Account Link by Id
- Update Customer Attribute
- Update the Address of a Customer
- Update the Branch of a Customer
- Update the credit limit of a Customer
- Update the credit rating and source of a Customer
- Update the email of a Customer
- Update the identity data of a Customer
- Update the mobile number of a Customer
- Update the number of a Customer
- Update the other data of a Customer
-
-
Dynamic Endpoint Manage
-
If you want to create endpoints from Swagger / Open API specification files, use Dynamic EndpointsMore...
- Delete Bank Level Dynamic Endpoint
- Delete Dynamic Endpoint
- Get Bank Level Dynamic Endpoint
- Get Dynamic Endpoints
- Update Bank Level Dynamic Endpoint Host
- Update Dynamic Endpoint Host
- Create Bank Level Dynamic Endpoint
- Create Dynamic Endpoint
- Delete My Dynamic Endpoint
- Get Bank Level Dynamic Endpoints
- Get Dynamic Endpoint
- Get My Dynamic Endpoints
-
-
Dynamic Entity Manage
-
Dynamic Entities can be used to store and retrieve custom data objects (think your own tables andMore...
- Create Bank Level Dynamic Entity
- Create System Level Dynamic Entity
- Delete Bank Level Dynamic Entity
- Delete My Dynamic Entity
- Delete System Level Dynamic Entity
- Get Bank Level Dynamic Entities
- Get My Dynamic Entities
- Get System Dynamic Entities
- Update Bank Level Dynamic Entity
- Update My Dynamic Entity
- Update System Level Dynamic Entity
-
-
Dynamic Message Doc
-
In OBP we represent messages sent by a Connector method / function as MessageDocs. A MessageDoc dMore...
- Create Bank Level Dynamic Message Doc
- Create Dynamic Message Doc
- Delete Bank Level Dynamic Message Doc
- Delete Dynamic Message Doc
- Get Bank Level Dynamic Message Doc
- Get Dynamic Message Doc
- Get all Bank Level Dynamic Message Docs
- Get all Dynamic Message Docs
- Update Bank Level Dynamic Message Doc
- Update Dynamic Message Doc
-
-
Dynamic Resource Doc
- A test endpoint
- Create Bank Level Dynamic Resource Doc
- Create Dynamic Resource Doc
- Create Dynamic Resource Doc endpoint code
- Delete Bank Level Dynamic Resource Doc
- Delete Dynamic Resource Doc
- Get Bank Level Dynamic Resource Doc by Id
- Get Dynamic Resource Doc by Id
- Get all Bank Level Dynamic Resource Docs
- Get all Dynamic Resource Docs
- Update Bank Level Dynamic Resource Doc
- Update Dynamic Resource Doc
-
Endpoint Mapping
-
Endpoint Mapping can be used to map each JSON field in a Dynamic Endpoint to different Dynamic EntiMore...
- Create Bank Level Endpoint Mapping
- Create Endpoint Mapping
- Delete Bank Level Endpoint Mapping
- Delete Endpoint Mapping
- Get Bank Level Endpoint Mapping
- Get Endpoint Mapping by Id
- Get all Bank Level Endpoint Mappings
- Get all Endpoint Mappings
- Update Bank Level Endpoint Mapping
- Update Endpoint Mapping
-
-
JSON Schema Validation
-
JSON Schema is "a vocabulary that allows you to annotate and validate JSON documents". By applyinMore...
- Create a JSON Schema Validation
- Delete a JSON Schema Validation
- Get a JSON Schema Validation
- Get all JSON Schema Validations
- Get all JSON Schema Validations - public
- Update a JSON Schema Validation
-
-
Method Routing
-
Open Bank Project can have different connectors, to connect difference data sources. We supportMore...
- Create MethodRouting
- Delete MethodRouting
- Get MethodRoutings
- Update MethodRouting
-
-
Product
- Create Product
- Create Product Attribute
- Create Product Fee
- Create or Update Product Attribute Definition
- Delete Product Attribute
- Delete Product Attribute Definition
- Delete Product Cascade
- Delete Product Fee
- Get Bank Product
- Get Product Attribute
- Get Product Attribute Definition
- Get Product Fee
- Get Product Fees
- Get Product Tree
- Get Products
- Update Product Attribute
- Update Product Fee
-
Role
- Add Entitlement for a User
- Create (DAuth) User with Roles
- Create Entitlement Request for current User
- Delete Entitlement
- Delete Entitlement Request
- Get Entitlement Requests for a User
- Get Entitlement Requests for the current User
- Get Entitlements and Permissions for a User
- Get Entitlements for One Bank
- Get Entitlements for User
- Get Entitlements for User at Bank
- Get Entitlements for the current User
- Get Roles
- Get all Entitlement Requests
- Get all Entitlements
-
Transaction
-
Transactions are records of successful movements of value into or out of an `Account`. OBP TransacMore...
- Create Transaction Attribute
- Create or Update Transaction Attribute Definition
- Delete Transaction Attribute Definition
- Delete Transaction Cascade
- Get Balancing Transaction
- Get Double Entry Transaction
- Get Firehose Transactions for Account
- Get Other Account of Transaction
- Get Transaction Attribute By Id
- Get Transaction Attribute Definition
- Get Transaction Attributes
- Get Transaction by Id
- Get Transactions for Account (Core)
- Get Transactions for Account (Full)
- Update Transaction Attribute
-
-
Transaction Metadata
- Add a Transaction Comment
- Add a Transaction Image
- Add a Transaction Narrative
- Add a Transaction Tag
- Add a Transaction where Tag
- Delete a Transaction Comment
- Delete a Transaction Image
- Delete a Transaction Narrative
- Delete a Transaction Tag
- Delete a Transaction Tag
- Get Transaction Comments
- Get Transaction Images
- Get Transaction Tags
- Get a Transaction Narrative
- Get a Transaction where Tag
- Update a Transaction Narrative
- Update a Transaction where Tag
-
Transaction Request
- Answer Transaction Request Challenge
- Create Historical Transactions
- Create Transaction Request (ACCOUNT)
- Create Transaction Request (ACCOUNT_OTP)
- Create Transaction Request (AGENT_CASH_WITHDRAWAL)
- Create Transaction Request (CARD)
- Create Transaction Request (COUNTERPARTY)
- Create Transaction Request (FREE_FORM)
- Create Transaction Request (REFUND)
- Create Transaction Request (SANDBOX_TAN)
- Create Transaction Request (SEPA)
- Create Transaction Request (SIMPLE)
- Create Transaction Request Attribute
- Create or Update Transaction Request Attribute Definition
- Delete Transaction Request Attribute Definition
- Get Transaction Request
- Get Transaction Request Attribute By Id
- Get Transaction Request Attribute Definition
- Get Transaction Request Attributes
- Get Transaction Request Types at Bank
- Get Transaction Request Types for Account
- Get Transaction Requests
- Save Historical Transactions
- Update Transaction Request Attribute
-
User
-
The entity that accesses the API with a login / authorisation token and has access to zero or moreMore...
- Answer User Auth Context Update Challenge
- Create My Personal User Attribute
- Create Non Personal User Attribute
- Create User
- Create User Auth Context
- Create User Auth Context Update Request
- Create password reset url
- Delete Non Personal User Attribute
- Delete User Auth Context
- Delete User's Auth Contexts
- Delete a User
- Get Logout Link
- Get My Personal User Attributes
- Get My Spaces
- Get Non Personal User Attributes
- Get User (Current)
- Get User Auth Contexts
- Get User Id (Current)
- Get User Lock Status
- Get User by USERNAME
- Get User by USER_ID
- Get User with Attributes by USER_ID
- Get Users by Email Address
- Get all Users
- Lock the user
- Refresh User
- Unlock the user
- Update My Personal User Attribute
-
-
API
- Create Bank Level Endpoint Tag
- Create System Level Endpoint Tag
- Delete Bank Level Endpoint Tag
- Delete System Level Endpoint Tag
- Get API Configuration
- Get API Info (root)
- Get API Tags
- Get Adapter Info
- Get Adapter Info for a bank
- Get Bank Level Endpoint Tags
- Get Connector Status (Loopback)
- Get JSON Web Key (JWK)
- Get JSON Web Key (JWK) URIs
- Get Mapper Database Info
- Get Rate Limiting Info
- Get Suggested Session Timeout
- Get System Level Endpoint Tags
- Get the Call Context of a current call
- Update Bank Level Endpoint Tag
- Update System Level Endpoint Tag
- Verify Request and Sign Response of a current call
- Waiting For Godot
-
ATM
- Create ATM
- Create ATM Attribute
- Delete ATM
- Delete ATM Attribute
- Get ATM Attribute By ATM_ATTRIBUTE_ID
- Get ATM Attributes
- Get Bank ATM
- Get Bank ATMS
- Head Bank ATMS
- UPDATE ATM
- Update ATM Accessibility Features
- Update ATM Attribute
- Update ATM Location Categories
- Update ATM Notes
- Update ATM Services
- Update ATM Supported Currencies
- Update ATM Supported Languages
-
Account
- Check Available Funds
- Create Account (POST)
- Create Account (PUT)
- Create Account Attribute
- Create or Update Account Attribute Definition
- Delete Account Attribute Definition
- Delete Account Cascade
- Get Account Access by USER_ID
- Get Account Attribute Definition
- Get Account Balances
- Get Account Balances by BANK_ID
- Get Account Balances by BANK_ID
- Get Account Balances by BANK_ID and ACCOUNT_ID through the VIEW_ID
- Get Account by Account Routing
- Get Account by Id (Core)
- Get Account by Id (Core) through the VIEW_ID
- Get Account by Id (Full)
- Get Accounts Held
- Get Accounts Minimal for a Customer
- Get Accounts at Bank
- Get Accounts at Bank (IDs only)
- Get Accounts at Bank (Minimal)
- Get Accounts at all Banks (private)
- Get Accounts by Account Routing Regex
- Get Agent
- Get Agents at Bank
- Get Checkbook orders
- Get Fast Firehose Accounts at Bank
- Get Firehose Accounts at Bank
- Update Account
- Update Account Attribute
- Update Account Label
- Validate and check IBAN
-
Account Access
-
Account Application
- Create Account Application
- Get Account Application by Id
- Get Account Applications
- Update Account Application Status
-
Account Metadata
-
Account Public
-
Api Collection
- Create My Api Collection
- Create My Api Collection Endpoint
- Create My Api Collection Endpoint By Id
- Delete My Api Collection
- Delete My Api Collection Endpoint
- Delete My Api Collection Endpoint By Id
- Delete My Api Collection Endpoint By Id
- Get All API Collections
- Get Api Collection Endpoints
- Get Api Collections for User
- Get Featured Api Collections
- Get My Api Collection By Id
- Get My Api Collection By Name
- Get My Api Collection Endpoint
- Get My Api Collection Endpoints
- Get My Api Collection Endpoints By Id
- Get My Api Collections
- Get Sharable Api Collection By Id
- Update My Api Collection By API_COLLECTION_ID
-
Authentication Type Validation
- Create an Authentication Type Validation
- Delete an Authentication Type Validation
- Get all Authentication Type Validations
- Get all Authentication Type Validations - public
- Get an Authentication Type Validation
- Update an Authentication Type Validation
-
Bank
- Create Bank
- Create Bank Attribute
- Create Settlement Account
- Create Transaction Type at bank
- Create or Update Bank Attribute Definition
- Delete Bank Attribute
- Delete Bank Cascade
- Get Bank
- Get Bank Attribute By BANK_ATTRIBUTE_ID
- Get Bank Attributes
- Get Banks
- Get Settlement accounts at Bank
- Get Transaction Types at Bank
- Update Bank
- Update Bank Attribute
-
Branch
-
Card
- Create Card
- Create Card Attribute
- Create or Update Card Attribute Definition
- Delete Card
- Delete Card Attribute Definition
- Get Card Attribute Definition
- Get Card By Id
- Get Cards for the specified bank
- Get cards for the current user
- Get status of Credit Card order
- Update Card
- Update Card Attribute
-
Connector Method
- Create Connector Method
- Get Connector Method by Id
- Get all Connector Methods
- Update Connector Method
-
Consent
- Add User to a Consent
- Answer Consent Challenge
- Create Consent (EMAIL)
- Create Consent (IMPLICIT)
- Create Consent (SMS)
- Create Consent By CONSENT_REQUEST_ID (EMAIL)
- Create Consent By CONSENT_REQUEST_ID (IMPLICIT)
- Create Consent By CONSENT_REQUEST_ID (SMS)
- Create Consent Request
- Create Consent Request VRP
- Get Consent By Consent Id
- Get Consent By Consent Id
- Get Consent By Consent Request Id
- Get Consent Request
- Get Consents at Bank
- Get My Consents
- Get My Consents Info
- Provide client's certificate info of a current call
- Revoke Consent
- Revoke Consent at Bank
- Revoke Consent used in the Current Call
- Update Consent Status
-
Consumer
- Create a Consumer
- Enable or Disable Consumers
- Get Call Limits for a Consumer
- Get Consumer
- Get Consumers
- Get Consumers (logged in User)
- Set Rate Limits / Call Limits per Consumer
- Update Consumer LogoURL
- Update Consumer RedirectURL
-
Counterparty
- Create Counterparty (Explicit)
- Create Counterparty for any account (Explicit)
- Delete Counterparty (Explicit)
- Delete Counterparty for any account (Explicit)
- Get Counterparties (Explicit)
- Get Counterparties for any account (Explicit)
- Get Counterparty by Id (Explicit)
- Get Counterparty by Id for any account (Explicit)
- Get Counterparty by name for any account (Explicit)
- Get Other Account by Id
- Get Other Accounts of one Account
-
Counterparty Limits
- Create Counterparty Limit
- Delete Counterparty Limit
- Get Counterparty Limit
- Update Counterparty Limit
-
Counterparty Metadata
- Add Corporate Location to Counterparty
- Add Counterparty More Info
- Add Open Corporates URL to Counterparty
- Add image url to other bank account
- Add physical location to other bank account
- Add public alias to other bank account
- Add url to other bank account
- Create Other Account Private Alias
- Delete Counterparty Corporate Location
- Delete Counterparty Image URL
- Delete Counterparty Open Corporates URL
- Delete Counterparty Physical Location
- Delete Counterparty Private Alias
- Delete Counterparty Public Alias
- Delete more info of other bank account
- Delete url of other bank account
- Get Other Account Metadata
- Get Other Account Private Alias
- Get public alias of other bank account
- Update Counterparty Corporate Location
- Update Counterparty Image Url
- Update Counterparty More Info
- Update Counterparty Physical Location
- Update Counterparty Private Alias
- Update Open Corporates Url of Counterparty
- Update public alias of other bank account
- Update url of other bank account
-
Customer
- Create Address
- Create Agent
- Create Customer
- Create Customer Account Link
- Create Customer Attribute
- Create Customer Social Media Handle
- Create Tax Residence
- Create User Customer Link
- Create or Update Customer Attribute Definition
- Delete Customer Account Link
- Delete Customer Address
- Delete Customer Attribute
- Delete Customer Attribute Definition
- Delete Customer Cascade
- Delete Tax Residence
- Delete User Customer Link
- Get CRM Events
- Get Correlated Entities for the current User
- Get Correlated User Info by Customer
- Get Customer Account Link by Id
- Get Customer Account Links by ACCOUNT_ID
- Get Customer Account Links by CUSTOMER_ID
- Get Customer Addresses
- Get Customer Attribute By Id
- Get Customer Attribute Definition
- Get Customer Attributes
- Get Customer Overview
- Get Customer Overview Flat
- Get Customer Social Media Handles
- Get Customer by CUSTOMER_ID
- Get Customer by CUSTOMER_NUMBER
- Get Customers Minimal at Any Bank
- Get Customers Minimal at Bank
- Get Customers at Any Bank
- Get Customers at Bank
- Get Customers by Legal Name
- Get Customers by MOBILE_PHONE_NUMBER
- Get Customers for Current User
- Get Customers for Current User (IDs only)
- Get Firehose Customers
- Get My Customers
- Get My Customers at Bank
- Get Tax Residences of Customer
- Get User Customer Links by Customer
- Get User Customer Links by User
- Update Agent status
- Update Customer Account Link by Id
- Update Customer Attribute
- Update the Address of a Customer
- Update the Branch of a Customer
- Update the credit limit of a Customer
- Update the credit rating and source of a Customer
- Update the email of a Customer
- Update the identity data of a Customer
- Update the mobile number of a Customer
- Update the number of a Customer
- Update the other data of a Customer
-
Customer Meeting
-
Customer Message
- Create Customer Message
- Create Customer Message
- Get Customer Messages for a Customer
- Get Customer Messages for all Customers
-
Data Warehouse
-
Direct Debit
-
Directory
- Create Regulated Entity
- Create a Consumer(Dynamic Registration)
- Delete Regulated Entity
- Get Regulated Entities
- Get Regulated Entity
-
Documentation
- Get Bank Level Dynamic Resource Docs
- Get Glossary of the API
- Get Message Docs
- Get Message Docs Swagger
- Get Resource Docs
- Get Resource Docs
- Get Swagger documentation
- Get scanned API Versions
-
Dynamic Endpoint Manage
- Delete Bank Level Dynamic Endpoint
- Delete Dynamic Endpoint
- Get Bank Level Dynamic Endpoint
- Get Dynamic Endpoints
- Update Bank Level Dynamic Endpoint Host
- Update Dynamic Endpoint Host
- Create Bank Level Dynamic Endpoint
- Create Dynamic Endpoint
- Delete My Dynamic Endpoint
- Get Bank Level Dynamic Endpoints
- Get Dynamic Endpoint
- Get My Dynamic Endpoints
-
Dynamic Entity Manage
- Create Bank Level Dynamic Entity
- Create System Level Dynamic Entity
- Delete Bank Level Dynamic Entity
- Delete My Dynamic Entity
- Delete System Level Dynamic Entity
- Get Bank Level Dynamic Entities
- Get My Dynamic Entities
- Get System Dynamic Entities
- Update Bank Level Dynamic Entity
- Update My Dynamic Entity
- Update System Level Dynamic Entity
-
Dynamic Message Doc
- Create Bank Level Dynamic Message Doc
- Create Dynamic Message Doc
- Delete Bank Level Dynamic Message Doc
- Delete Dynamic Message Doc
- Get Bank Level Dynamic Message Doc
- Get Dynamic Message Doc
- Get all Bank Level Dynamic Message Docs
- Get all Dynamic Message Docs
- Update Bank Level Dynamic Message Doc
- Update Dynamic Message Doc
-
Dynamic Resource Doc
- A test endpoint
- Create Bank Level Dynamic Resource Doc
- Create Dynamic Resource Doc
- Create Dynamic Resource Doc endpoint code
- Delete Bank Level Dynamic Resource Doc
- Delete Dynamic Resource Doc
- Get Bank Level Dynamic Resource Doc by Id
- Get Dynamic Resource Doc by Id
- Get all Bank Level Dynamic Resource Docs
- Get all Dynamic Resource Docs
- Update Bank Level Dynamic Resource Doc
- Update Dynamic Resource Doc
-
Endpoint Mapping
- Create Bank Level Endpoint Mapping
- Create Endpoint Mapping
- Delete Bank Level Endpoint Mapping
- Delete Endpoint Mapping
- Get Bank Level Endpoint Mapping
- Get Endpoint Mapping by Id
- Get all Bank Level Endpoint Mappings
- Get all Endpoint Mappings
- Update Bank Level Endpoint Mapping
- Update Endpoint Mapping
-
FX
-
JSON Schema Validation
- Create a JSON Schema Validation
- Delete a JSON Schema Validation
- Get a JSON Schema Validation
- Get all JSON Schema Validations
- Get all JSON Schema Validations - public
- Update a JSON Schema Validation
-
KYC
- Add KYC Check
- Add KYC Document
- Add KYC Media
- Add KYC Status
- Get Customer KYC Checks
- Get Customer KYC Documents
- Get Customer KYC statuses
- Get KYC Media for a customer
-
Method Routing
-
Metric
- Get Aggregate Metrics
- Get Connector Metrics
- Get Metrics
- Get Metrics at Bank
- Get Top APIs
- Get Top Consumers
- Search API Metrics via Elasticsearch
-
Product
- Create Product
- Create Product Attribute
- Create Product Fee
- Create or Update Product Attribute Definition
- Delete Product Attribute
- Delete Product Attribute Definition
- Delete Product Cascade
- Delete Product Fee
- Get Bank Product
- Get Product Attribute
- Get Product Attribute Definition
- Get Product Fee
- Get Product Fees
- Get Product Tree
- Get Products
- Update Product Attribute
- Update Product Fee
-
Product Collection
-
Role
- Add Entitlement for a User
- Create (DAuth) User with Roles
- Create Entitlement Request for current User
- Delete Entitlement
- Delete Entitlement Request
- Get Entitlement Requests for a User
- Get Entitlement Requests for the current User
- Get Entitlements and Permissions for a User
- Get Entitlements for One Bank
- Get Entitlements for User
- Get Entitlements for User at Bank
- Get Entitlements for the current User
- Get Roles
- Get all Entitlement Requests
- Get all Entitlements
-
Sandbox
-
Scope
-
Standing Order
-
System Integrity
- Check Custom View Names
- Check System View Names
- Check Unique Index at Account Access
- Check for Orphaned Accounts
- Check for Sensible Currencies
-
Transaction
- Create Transaction Attribute
- Create or Update Transaction Attribute Definition
- Delete Transaction Attribute Definition
- Delete Transaction Cascade
- Get Balancing Transaction
- Get Double Entry Transaction
- Get Firehose Transactions for Account
- Get Other Account of Transaction
- Get Transaction Attribute By Id
- Get Transaction Attribute Definition
- Get Transaction Attributes
- Get Transaction by Id
- Get Transactions for Account (Core)
- Get Transactions for Account (Full)
- Update Transaction Attribute
-
Transaction Metadata
- Add a Transaction Comment
- Add a Transaction Image
- Add a Transaction Narrative
- Add a Transaction Tag
- Add a Transaction where Tag
- Delete a Transaction Comment
- Delete a Transaction Image
- Delete a Transaction Narrative
- Delete a Transaction Tag
- Delete a Transaction Tag
- Get Transaction Comments
- Get Transaction Images
- Get Transaction Tags
- Get a Transaction Narrative
- Get a Transaction where Tag
- Update a Transaction Narrative
- Update a Transaction where Tag
-
Transaction Request
- Answer Transaction Request Challenge
- Create Historical Transactions
- Create Transaction Request (ACCOUNT)
- Create Transaction Request (ACCOUNT_OTP)
- Create Transaction Request (AGENT_CASH_WITHDRAWAL)
- Create Transaction Request (CARD)
- Create Transaction Request (COUNTERPARTY)
- Create Transaction Request (FREE_FORM)
- Create Transaction Request (REFUND)
- Create Transaction Request (SANDBOX_TAN)
- Create Transaction Request (SEPA)
- Create Transaction Request (SIMPLE)
- Create Transaction Request Attribute
- Create or Update Transaction Request Attribute Definition
- Delete Transaction Request Attribute Definition
- Get Transaction Request
- Get Transaction Request Attribute By Id
- Get Transaction Request Attribute Definition
- Get Transaction Request Attributes
- Get Transaction Request Types at Bank
- Get Transaction Request Types for Account
- Get Transaction Requests
- Save Historical Transactions
- Update Transaction Request Attribute
-
User
- Answer User Auth Context Update Challenge
- Create My Personal User Attribute
- Create Non Personal User Attribute
- Create User
- Create User Auth Context
- Create User Auth Context Update Request
- Create password reset url
- Delete Non Personal User Attribute
- Delete User Auth Context
- Delete User's Auth Contexts
- Delete a User
- Get Logout Link
- Get My Personal User Attributes
- Get My Spaces
- Get Non Personal User Attributes
- Get User (Current)
- Get User Auth Contexts
- Get User Id (Current)
- Get User Lock Status
- Get User by USERNAME
- Get User by USER_ID
- Get User with Attributes by USER_ID
- Get Users by Email Address
- Get all Users
- Lock the user
- Refresh User
- Unlock the user
- Update My Personal User Attribute
-
User Invitation
-
View Custom
- Create Custom View
- Create Custom View
- Delete Custom View
- Delete Custom View
- Get Account access for User
- Get Custom View
- Get Views for Account
- Get access
- Update Custom View
- Update Custom View
-
View System
-
WebUi Props
-
Webhook
- Create an Account Webhook
- Create bank level Account Notification Webhook
- Create system level Account Notification Webhook
- Enable/Disable an Account Webhook
- Get Account Webhooks
v5.1.0 (538 APIs)
Add User to a Consent
This endpoint is used to add the User of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"AUTHORISED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-20057: User not found by userId.
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-35024: The Consent's User is already added.
- OBP-10001: Incorrect json format.
- OBP-35001: Consent not found by CONSENT_ID.
- OBP-50000: Unknown Error.
Answer Consent Challenge
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
This endpoint is used to confirm a Consent previously created.
The User must supply a code that was sent out of band (OOB) for example via an SMS.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON request body fields:
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent (EMAIL)
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS","EMAIL" or "IMPLICIT". "EMAIL" is used for testing purposes. OBP mapped mode "IMPLICIT" is "EMAIL".
Other mode, bank can decide it in the connector method 'getConsentImplicitSCA'.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"phone_number": "+49 170 1234567"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"phone_number": "+49 170 1234567"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"phone_number": "+49 170 1234567"
}
URL Parameters:
BANK_ID: gh.29.uk
JSON request body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent (IMPLICIT)
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS","EMAIL" or "IMPLICIT". "EMAIL" is used for testing purposes. OBP mapped mode "IMPLICIT" is "EMAIL".
Other mode, bank can decide it in the connector method 'getConsentImplicitSCA'.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
}
URL Parameters:
BANK_ID: gh.29.uk
IMPLICIT: IMPLICIT
JSON request body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent (SMS)
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS","EMAIL" or "IMPLICIT". "EMAIL" is used for testing purposes. OBP mapped mode "IMPLICIT" is "EMAIL".
Other mode, bank can decide it in the connector method 'getConsentImplicitSCA'.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
URL Parameters:
BANK_ID: gh.29.uk
SMS:
JSON request body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
view_id: owner
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent By CONSENT_REQUEST_ID (EMAIL)
This endpoint continues the process of creating a Consent.
It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges of the logged in user.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON request body fields:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent By CONSENT_REQUEST_ID (IMPLICIT)
This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
IMPLICIT: IMPLICIT
JSON request body fields:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35029: The CONSENT_REQUEST_ID is invalid.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent By CONSENT_REQUEST_ID (SMS)
This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent you are creating cannot exceed the entitlements that the User creating this consents already has.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
SMS:
JSON request body fields:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-35029: The CONSENT_REQUEST_ID is invalid.
- OBP-35009: Only SMS, EMAIL and IMPLICIT are supported as SCA methods.
- OBP-35013: Consents can only contain Roles that you already have access to.
- OBP-35014: Consents can only contain Views that you already have access to.
- OBP-30019: Consumer not found. Please specify a valid value for CONSUMER_ID.
- OBP-20058: Consumer is disabled.
- OBP-00010: Missing props value at this API instance -
- OBP-35010: SMS server is not working or SMS server can not send the message to the phone number:
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent Request
Client Authentication (mandatory)
It is used when applications request an access token to access their own resources, not on behalf of a user.
The client needs to authenticate themselves for this request.
In case of public client we use client_id and private key to obtain access token, otherwise we use client_id and client_secret.
The obtained access token is used in the HTTP Bearer auth header of our request.
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
After successfully creating the VRP consent request, you need to call the Create Consent By CONSENT_REQUEST_ID
endpoint to finalize the consent.
Authentication is Optional
JSON request body fields:
account_access: account_access
bank_id: gh.29.uk
scheme: OBP
view_id: owner
bank_id: gh.29.uk
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
valid_from: 2020-01-27
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"everything":false,
"account_access":[{
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"view_id":"owner"
}],
"phone_number":"+44 07972 444 876",
"valid_from":"2022-06-14T12:42:00Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-10001: Incorrect json format.
- OBP-35020: You exceeded max value of time to live of consents.
- OBP-20306: PEM Encoded Certificate cannot be found at request header.
- OBP-20300: PEM Encoded Certificate issue.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Create Consent Request VRP
This endpoint is used to begin the process of creating a consent that may be used for Variable Recurring Payments (VRPs).
VRPs are useful in situations when a beneficiary needs to be paid different amounts on a regular basis.
Once granted, the consent allows its holder to initiate multiple Transaction Requests to the Counterparty defined in this endpoint as long as the
Counterparty Limits are respected.
Client, Consumer or Application Authentication is mandatory for this endpoint.
i.e. the caller of this endpoint is the API Client, Consumer or Application rather than a specific User.
At the end of the process the following objects are created in OBP or connected backend systems:
- An automatically generated View which controls access.
- A Counterparty that is the Beneficiary of the Variable Recurring Payments. The Counterparty specifies the Bank Account number or other routing address.
- Limits for the Counterparty which constrain the amount of money that can be sent to it in various periods (yearly, monthly, weekly).
The Account holder may modify the Counterparty or Limits e.g. to increase or decrease the maximum possible payment amounts or the frequencey of the payments.
In the case of a public client we use the client_id and private key to obtain an access token, otherwise we use the client_id and client_secret.
The obtained access token is used in the HTTP Authorization header of the request as follows:
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
After successfully creating the VRP consent request, you need to call the Create Consent By CONSENT_REQUEST_ID
endpoint to finalize the consent using the CONSENT_REQUEST_ID returned by this endpoint.
Authentication is Optional
JSON request body fields:
counterparty_name: John Smith Ltd.
currency: EUR
from_account: from_account
limit: 100
max_monthly_amount: 10000
max_number_of_monthly_transactions: 10
max_number_of_yearly_transactions: 100
max_single_amount: 1000
max_yearly_amount: 12000
scheme: OBP
to_account: to_account
valid_from: 2020-01-27
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"from_account":{
"bank_routing":{
"scheme":"OBP",
"address":"gh.29.uk"
},
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"branch_routing":{
"scheme":"OBP",
"address":"DERBY6"
}
},
"to_account":{
"bank_routing":{
"scheme":"OBP",
"address":"gh.29.uk"
},
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"branch_routing":{
"scheme":"OBP",
"address":"DERBY6"
},
"limit":{
"currency":"EUR",
"max_single_amount":1000,
"max_monthly_amount":10000,
"max_number_of_monthly_transactions":10,
"max_yearly_amount":12000,
"max_number_of_yearly_transactions":100
}
},
"valid_from":"2024-07-10T09:22:06Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-10001: Incorrect json format.
- OBP-35020: You exceeded max value of time to live of consents.
- OBP-20306: PEM Encoded Certificate cannot be found at request header.
- OBP-20300: PEM Encoded Certificate issue.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Get Consent By Consent Id
This endpoint gets the Consent By consent id.
Authentication is Mandatory
URL Parameters:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Consent By Consent Id
This endpoint gets the Consent By consent id.
Authentication is Mandatory
URL Parameters:
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Consent By Consent Request Id
This endpoint gets the Consent By consent request id.
Authentication is Mandatory
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
bank_id: gh.29.uk
counterparty_id: 9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh
helper_info: helper_info
jwt:
view_id: owner
account_access: account_access
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"account_access":{
"bank_id":"gh.29.uk",
"account_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id":"owner",
"helper_info":{
"counterparty_id":["9fg8a7e4-6d02-40e3-a129-0b2bf89de8uh"]
}
}
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-50000: Unknown Error.
Get Consent Request
Authentication is Optional
URL Parameters:
CONSENT_REQUEST_ID: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
JSON response body fields:
consent_request_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
payload: payload
{
"consent_request_id":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"payload":{
"everything":false,
"account_access":[{
"account_routing":{
"scheme":"OBP",
"address":"8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0"
},
"view_id":"owner"
}],
"phone_number":"+44 07972 444 876",
"valid_from":"2022-06-14T12:42:00Z",
"time_to_live":3600
},
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-10001: Incorrect json format.
- OBP-35020: You exceeded max value of time to live of consents.
- OBP-20306: PEM Encoded Certificate cannot be found at request header.
- OBP-20300: PEM Encoded Certificate issue.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.
Get Consents at Bank
This endpoint gets the Consents at Bank by BANK_ID.
Authentication is Mandatory
1 limit (for pagination: defaults to 50) eg:limit=200
2 offset (for pagination: zero index, defaults to 0) eg: offset=10
3 consumer_id (ignore if omitted)
4 user_id (ignore if omitted)
5 status (ignore if omitted)
eg: /management/consents/banks/BANK_ID?&consumer_id=78&limit=10&offset=10
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
account_id: 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0
api_standard: api_standard
aud: String
bank_id: gh.29.uk
consent_reference_id: consent_reference_id
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
createdByUserId: createdByUserId
exp: String
iat: String
iss: String
jti: String
jwt:
jwt_payload: jwt_payload
last_action_date: last_action_date
last_usage_date: last_usage_date
nbf: String
sub: felixsmith
view_id: owner
access: access
allPsd2: allPsd2
availableAccounts: availableAccounts
balances: balances
bban: bban
currency: EUR
iban: DE91 1000 0000 0123 4567 89
maskedPan: maskedPan
msisdn: msisdn
name: ACCOUNT_MANAGEMENT_FEE
pan: pan
{
"consents":[{
"consent_reference_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"created_by_user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1",
"status":"INITIATED",
"last_action_date":"2020-01-27",
"last_usage_date":"2021-04-08T09:12:27Z",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiIiLCJzdWIiOiJmY2YzNDZkMi0xNTNiLTQ0MzAtOWE4Zi1mMzU3Njg1MzM5ODciLCJhdWQiOiIyNjY0NjUwYy04MDkwLTQ4MWUtOGJkOC0wM2E5MmY5Yzg3ZWEiLCJuYmYiOjE3MzAzNzMyNzEsImFjY2VzcyI6eyJhY2NvdW50cyI6W3siaWJhbiI6IlJTMzUyNjAwMDU2MDEwMDE2MTEzNzkifV19LCJpc3MiOiJodHRwczovLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNzMwOTM3NjAwLCJpYXQiOjE3MzAzNzMyNzEsImp0aSI6ImQzM2Y3NDYzLWVlNDktNGU4YS04YTkyLTYxMzhkYzE4M2QxNiIsInZpZXdzIjpbeyJiYW5rX2lkIjoibmxia2IiLCJhY2NvdW50X2lkIjoiOTUzODkyOTctNDVjNC00MGViLTllZmQtMzMxYmExOTQzZGE0Iiwidmlld19pZCI6IlJlYWRBY2NvdW50c0Jlcmxpbkdyb3VwIn1dfQ.SXE4W34596lrSXqZrA8cvQs_fvhjWYilU8VDpXZ3C3Y",
"jwt_payload":{
"createdByUserId":"",
"sub":"fcf346d2-153b-4430-9a8f-f35768533987",
"iss":"https://127.0.0.1:8080",
"aud":"2664650c-8090-481e-8bd8-03a92f9c87ea",
"jti":"d33f7463-ee49-4e8a-8a92-6138dc183d16",
"iat":1730373271,
"nbf":1730373271,
"exp":1730937600,
"entitlements":[],
"views":[{
"bank_id":"nlbkb",
"account_id":"95389297-45c4-40eb-9efd-331ba1943da4",
"view_id":"ReadAccountsBerlinGroup"
}],
"access":{
"accounts":[{
"iban":"RS35260005601001611379"
}]
}
},
"api_standard":"Berlin Group",
"api_version":"v1.3"
}]
}
-
CanGetConsentsAtOneBank
- Please login to request this Role
-
CanGetConsentsAtAnyBank
- Please login to request this Role
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
- OBP-20006: User is missing one or more roles:
Get My Consents
This endpoint gets the Consents created by a current User.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
api_standard: api_standard
jwt:
{
"consents":[{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"INITIATED",
"api_standard":"Berlin Group",
"api_version":"v1.3"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Get My Consents Info
This endpoint gets the Consents that the current User created.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
api_standard: api_standard
consumer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh
last_action_date: last_action_date
last_usage_date: last_usage_date
{
"consents":[{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"consumer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"created_by_user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1",
"last_action_date":"2020-01-27",
"last_usage_date":"2021-04-08T09:12:27Z",
"status":"INITIATED",
"api_standard":"Berlin Group",
"api_version":"v1.3"
}]
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Provide client's certificate info of a current call
Provide client's certificate info of a current call specified by PSD2-CERT value at Request Header
Authentication is Mandatory
JSON response body fields:
issuer_domain_name: issuer_domain_name
not_after: not_after
not_before: not_before
subject_domain_name: subject_domain_name
roles: CanCreateMyUser
roles_info: roles_info
{
"subject_domain_name":"OID.2.5.4.41=VPN, EMAILADDRESS=admin@tesobe.com, CN=TESOBE CA, OU=TESOBE Operations, O=TESOBE, L=Berlin, ST=Berlin, C=DE",
"issuer_domain_name":"CN=localhost, O=TESOBE GmbH, ST=Berlin, C=DE",
"not_before":"2022-04-01T10:13:00.000Z",
"not_after":"2032-04-01T10:13:00.000Z",
"roles_info":"PEM Encoded Certificate does not contain PSD2 roles."
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Revoke Consent
Revoke Consent for current user specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
Please note that this endpoint only supports the case:: "The user explicitly wishes to revoke the application’s access"
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Revoke Consent at Bank
Revoke Consent specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
-
CanRevokeConsentAtBank
- Please login to request this Role
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
- OBP-20006: User is missing one or more roles:
Revoke Consent used in the Current Call
Revoke Consent specified by Consent-Id at Request Header
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"REJECTED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-50000: Unknown Error.
Update Consent Status
This endpoint is used to update the Status of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
URL Parameters:
BANK_ID: gh.29.uk
JSON response body fields:
jwt:
{
"consent_id":"9d429899-24f5-42c8-8565-943ffa6a7945",
"jwt":"eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOltdLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIyMWUxYzhjYy1mOTE4LTRlYWMtYjhlMy01ZTVlZWM2YjNiNGIiLCJhdWQiOiJlanpuazUwNWQxMzJyeW9tbmhieDFxbXRvaHVyYnNiYjBraWphanNrIiwibmJmIjoxNTUzNTU0ODk5LCJpc3MiOiJodHRwczpcL1wvd3d3Lm9wZW5iYW5rcHJvamVjdC5jb20iLCJleHAiOjE1NTM1NTg0OTksImlhdCI6MTU1MzU1NDg5OSwianRpIjoiMDlmODhkNWYtZWNlNi00Mzk4LThlOTktNjYxMWZhMWNkYmQ1Iiwidmlld3MiOlt7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAxIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifSx7ImFjY291bnRfaWQiOiJtYXJrb19wcml2aXRlXzAyIiwiYmFua19pZCI6ImdoLjI5LnVrLngiLCJ2aWV3X2lkIjoib3duZXIifV19.8cc7cBEf2NyQvJoukBCmDLT7LXYcuzTcSYLqSpbxLp4",
"status":"AUTHORISED"
}
- Required JSON Validation: No
- Allowed Authentication Types: Not set
- OBP-20001: User not logged in. Authentication is required!
- OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
- OBP-10001: Incorrect json format.
- OBP-50200: Connector cannot return the data we requested.
- OBP-50000: Unknown Error.