PSD2SB
Page tree
ConfigureSpace tools
Skip to end of metadata
Go to start of metadata
Contents

PISP - Payment Initiation Service Provider

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
domestic-payment-consentsPOSTPOST /domestic-payment-consentsYespaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteDomesticConsent1OBWriteDomesticConsentResponse1
domestic-payment-consentsGETGET /domestic-payment-consents/{ConsentId}Yespayments

Client Credentials

Signed ResponseNoNAOBWriteDomesticConsentResponse1
domestic-paymentsPOSTPOST /domestic-paymentsYespaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteDomestic1OBWriteDomesticResponse1
domestic-paymentsGETGET /domestic-payments/{DomesticPaymentId}Yespayments

Client Credentials

Signed ResponseNoNAOBWriteDomesticResponse1

Payment Initiation

Domestic Payments

POST /domestic-payment-consents

The API endpoint allows the PISP to ask an ASPSP to create a new domestic-payment-consent resource.

  • The POST action indicates to the ASPSP that a domestic payment consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.
  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.
  • The ASPSP creates the domestic-payment-consent resource and responds with a uniqueConsentIdto refer to the resource.

Status Code

Icon
 AwaitingAuthorisation

The default Status is "AwaitingAuthorisation" immediately after the domestic-payment-consent has been created

GET /domestic-payment-consents/{ConsentId}

A PISP can optionally retrieve a payment consent resource that they have created to check its status. 

Status Code

Icon

The available Status codes for the domestic-payment-consent resource are:

AwaitingAuthorisation
Rejected
Authorised
Consumed
  • Once the PSUauthorisesthe payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".
  • If the PSU rejects the consent or the domestic-payment-consent has failed some other ASPSP validation, the Status will be set to "Rejected".
  • Once a domestic-payment has been successfully created using the domestic-payment-consent, the Status of the domestic-payment-consent will be set to "Consumed".

/domestic-payment-consents/{ConsentId}/funds-confirmation

The API endpoint allows the PISP to ask an ASPSP to confirm funds on a domestic-payment-consent resource.

Status Code

Icon

 

POST /domestic-payments

Once the domestic-payment-consent has been authorised by the PSU, the PISP can proceed to submitting the domestic-payment for processing.

  • This is done by making a POST request to the domestic-payments endpoint.
  • This request is an instruction to the ASPSP to begin the domestic single immediate payment journey. The domestic payment must be submitted immediately, however, there are some scenarios where the domestic payment may not be executed immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the domestic-payment match the corresponding Initiation and Risk sections of the domestic-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the domestic-payment resource will not result in a Status change for the domestic-payment resource.

Status Code

Icon

The domestic-payment resource that is created successfully must have one of the following PaymentStatusCodecode-set enumerations:

Pending
Rejected
AcceptedSettlementInProcess 
Icon

A domestic-payment can only be created if its corresponding domestic-payment-consent resource has the status code "Authorised". 

GET /domestic-payments/{DomesticPaymentId}

A PISP can retrieve the domestic-payment to check its status.

Status Code

Icon

The domestic-payment resource that is created successfully must have one of the following PaymentStatusCodecode-set enumerations:

Pending
Rejected
AcceptedSettlementInProcess 

Domestic Scheduled Payments

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
domestic-scheduled-payment-consentsPOSTPOST /domestic-scheduled-payment-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteDomesticScheduledConsent1OBWriteDomesticScheduledConsentResponse1
domestic-scheduled-payment-consentsGETGET /domestic-scheduled-payment-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteDomesticScheduledConsentResponse1
domestic-scheduled-paymentsPOSTPOST /domestic-scheduled-paymentsConditionalpaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteDomesticScheduled1OBWriteDomesticScheduledResponse1
domestic-scheduled-paymentsGETGET /domestic-scheduled-payments/{DomesticScheduledPaymentId}Mandatory (if resource POST implemented)paymentsClient CredentialsSigned ResponseNoNAOBWriteDomesticScheduledResponse1

POST /domestic-scheduled-payment-consents

The API endpoint allows the PISP to ask an ASPSP to create a new domestic-scheduled-payment-consent resource.

  • The POST action indicates to the ASPSP that a domestic scheduled payment consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.
  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.
  • The ASPSP creates the domestic-scheduled-payment-consent resource and responds with a unique ConsentId to refer to the resource.

Status Code

Icon
 AwaitingAuthorisation

The default Status is "AwaitingAuthorisation" immediately after the domestic-payment-consent has been created

GET /domestic-scheduled-payment-consents/{ConsentId}

A PISP can optionally retrieve a payment consent resource that they have created to check its status.

Status Code

Icon

The available Status codes for the domestic-scheduled-payment-consent resource are:

AwaitingAuthorisation
Rejected
Authorised
Consumed
  • Once the PSUauthorisesthe payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".
  • If the PSU rejects the consent or the domestic-payment-consent has failed some other ASPSP validation, the Status will be set to "Rejected".
  • Once a domestic-payment has been successfully created using the domestic-payment-consent, the Status of the domestic-payment-consent will be set to "Consumed".

POST /domestic-scheduled-payments

Once the domestic-scheduled-payment-consent has been authorised by the PSU, the PISP can proceed to submitting the domestic-scheduled-payment for processing:

  • This is done by making a POST request to the domestic-scheduled-payments endpoint.
  • This request is an instruction to the ASPSP to begin the domestic scheduled payment journey. The PISP must submit the domestic scheduled payment immediately, however, there are some scenarios where the ASPSP may not warehouse the domestic scheduled payment immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the domestic-scheduled-payment match the corresponding Initiation and Risk sections of the domestic-scheduled-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the domestic-scheduled-payment resource will not result in a Status change for the domestic-scheduled-payment resource.

Status Code

Icon

The domestic-scheduled-payment resource that is created successfully must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

A domestic-scheduled-payment can only be created if its corresponding domestic-scheduled-payment-consent resource has the status of "Authorised". 

GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}

A PISP can retrieve the domestic-scheduled-payment to check its status.

Status Code

Icon

The domestic-scheduled-payment resource must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

 

Domestic Standing Orders

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
domestic-standing-order-consentsPOSTPOST /domestic-standing-order-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteDomesticStandingOrderConsent1OBWriteDomesticStandingOrderConsentResponse1
domestic-standing-order-consentsGETGET /domestic-standing-order-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteDomesticStandingOrderConsentResponse1
domestic-standing-ordersPOSTPOST /domestic-standing-ordersConditionalpaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteDomesticStandingOrder1OBWriteDomesticStandingOrderResponse1
domestic-standing-ordersGETGET /domestic-standing-orders/{DomesticStandingOrderId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteDomesticStandingOrderResponse1

POST /domestic-standing-order-consents

The API endpoint allows the PISP to ask an ASPSP to create a new domestic-standing-order-consent resource.

  • The POST action indicates to the ASPSP that a domestic standing order consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.

  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.

  • The ASPSP creates the domestic-standing-order-consent resource and responds with a uniqueConsentIdto refer to the resource.

Status Code

Icon
 AwaitingAuthorisation

The default Status is "AwaitingAuthorisation" immediately after the domestic-payment-consent has been created

GET /domestic-standing-order-consents/{ConsentId}

A PISP can optionally retrieve a payment consent resource that they have created to check its status. .

Status Code

Icon

The available Status codes for the domestic-scheduled-payment-consent resource are:

AwaitingAuthorisation
Rejected
Authorised
Consumed
  • Once the PSU authorises the payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".
  • If the PSU rejects the consent or the domestic-standing-order-consent has failed some other ASPSP validation, the Status will be set to "Rejected".
  • Once a domestic-standing-order has been successfully created using the domestic-standing-order-consent, the Status of the domestic-standing-order-consent will be set to "Consumed".

POST /domestic-standing-orders

Once the domestic-standing-order-consent has been authorised by the PSU, the PISP can proceed to submitting the domestic-standing-order for processing:

  • This is done by making a POST request to the domestic-standing-orders endpoint.
  • This request is an instruction to the ASPSP to begin the domestic standing order journey. The PISP must submit the domestic standing order immediately, however, there are some scenarios where the ASPSP may not warehouse the domestic standing order immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the domestic-standing-order match the corresponding Initiation and Risk sections of the domestic-standing-order-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the domestic-standing-order resource will not result in a Status change for the domestic-standing-order resource..

Status Code

Icon

The domestic-standing-order resource that is created successfully must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

A domestic-standing-order can only be created if its corresponding domestic-standing-order-consent resource has the status of "Authorised". 

GET /domestic-standing-orders/{DomesticStandingOrderId}

A PISP can retrieve the domestic-standing-order to check its status.

 

Status Code

Icon

The domestic-standing-order resource must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

File Payments

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
file-payment-consentsPOSTPOST /file-payment-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteFileConsent1OBWriteFileConsentResponse1
file-payment-consentsGETGET /file-payment-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteFileConsentResponse1
file-payment-consentsPOSTPOST /file-payment-consents/{ConsentId}/fileConditionalpayments

Client Credentials

 

Signed Request

Signed Response

YesFileNA
file-payment-consentsGETGET /file-payment-consents/{ConsentId}/fileConditionalpayments

Client Credentials

Signed ResponseNoNAFile
file-paymentsPOSTPOST /file-paymentsConditionalpaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteFile1OBWriteFileResponse1
file-paymentsGETGET /file-payments/{FilePaymentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteFileResponse1
file-paymentsGETGET /file-payments/{FilePaymentId}/report-fileConditionalpayments

Client Credentials

Signed ResponseNoNAFile

POST /file-payment-consents

The API endpoint allows the PISP to ask an ASPSP to create a new file-payment-consent resource.

  • The POST action indicates to the ASPSP that a file payment consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account(s) that should be debited.

  • The endpoint allows the PISP to send metadata of the consent (between PSU and PISP) to the ASPSP.

  • The metadata of the consent must include the FileType of the request.

  • The metadata of the consent must include the FileHash, which is a base64 encoding of a SHA256 hash of the file to be uploaded

  • The ASPSP creates the file-payment-consent resource and responds with a unique ConsentId to refer to the resource.

Status Code

Icon

The domestic-standing-order resource that is created successfully must have one of the following Status codes:

AwaitingUpload

The default Status is "AwaitingUpload" immediately after the file-payment-consent has been created.

POST /file-payment-consents/{ConsentId}/file

The API endpoint allows the PISP to upload a file to an ASPSP, against a file-payment-consent resource.

  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise. The PISP must upload the file against the ConsentId before redirecting the PSU to authorise the consent.

  • The file structure must match the FileType in the file-payment-consent request.

  • An ASPSP must confirm the hash of the file matches with the FileHash provided in the file-payment-consent Metadata
  • The metadata for the file-payment-consent must match the contents of the uploaded file.
    • If the content of the metadata does not match the content of the file, the ASPSP must reject the file-payment-consent.
  • The file is sent in the HTTP request body.
  • HTTP headers (e.g. Content-Type) are used to describe the file.

Status Code

Icon
AwaitingAuthorisation

The default Status is "AwaitingAuthorisation" immediately after the file has been uploaded.

GET /file-payment-consents/{ConsentId}

A PISP can optionally retrieve a payment consent resource that they have created to check its status.

Status Code

Icon

The available Status codes for the file-payment-consent resource are:

AwaitingUpload
AwaitingAuthorisation
Rejected
Authorised
Consumed
  • Once the PSU authorises the payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".
  • If the PSU rejects the consent or the file-payment-consent has failed some other ASPSP validation, the Status will be set to "Rejected".
  • Once a file-payment has been successfully created using the file-payment-consent, the Status of the file-payment-consent will be set to "Consumed".

GET /file-payment-consents/{ConsentId}/file

The API endpoint allows the PISP to download a file (that had been uploaded against a file-payment-consent resource) from an ASPSP.

 

  • The file is sent in the HTTP response body.
  • HTTP headers (e.g. Content-Type) are used to describe the file.

 

POST /file-payments

Once the file-payment-consent has been authorised by the PSU, the PISP can proceed to submit the file-payment for processing:

  • This is done by making a POST request to the file-payments endpoint.
  • This request is an instruction to the ASPSP to begin the file payment journey. The PISP must submit the file payment immediately, however, there are some scenarios where the ASPSP may not stage the file payment immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation section of the file-payment match the corresponding Initiation section of the file-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the file-payment resource will not result in a Status change for the file-payment resource.

Status Code

Icon

The file-payments resource that is created successfully must have one of the following Status codes::

InitiationPending
InitiationFailed
InitiationCompleted 

GET /file-payments/{FilePaymentId}

A PISP can retrieve the file-payment to check its status.

Status Code

Icon

The file-payments resource must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

POST /file-payments

Once the file-payment-consent has been authorised by the PSU, the PISP can proceed to submit the file-payment for processing:

  • This is done by making a POST request to the file-payments endpoint.
  • This request is an instruction to the ASPSP to begin the file payment journey. The PISP must submit the file payment immediately, however, there are some scenarios where the ASPSP may not stage the file payment immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation section of the file-payment match the corresponding Initiation section of the file-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the file-payment resource will not result in a Status change for the file-payment resource.

Status Code

Icon

The file-payments resource that is created successfully must have one of the following Status codes::

InitiationPending
InitiationFailed
InitiationCompleted 

GET /file-payments/{FilePaymentId}

A PISP can retrieve the file-payment to check its status.

Status Code

Icon

The file-payments resource must have one of the following Status codes:

InitiationPending
InitiationFailed
InitiationCompleted 

GET /file-payments/{FilePaymentId}/report-file

A PISP can retrieve the file-payment to check its status.

Status Code

Icon

The API endpoint allows the PISP to download a payment report file from an ASPSP.

  • This endpoint enables ASPSP to return a report on the processing results of Payments in the file
  • The file is sent in the HTTP response body.
  • The file structure may match a payment execution report for the corresponding FileType in the file-payment-consent request.
  • HTTP headers (e.g. Content-Type) are used to describe the file.

International Payments

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
international-payment-consentsPOSTPOST /international-payment-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteInternationalConsent1OBWriteInternationalConsentResponse1
international-payment-consentsGETGET /international-payment-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalConsentResponse1
international-paymentsPOSTPOST /international-paymentsConditionalpayments

Authorization Code

Signed Request

Signed Response

YesOBWriteInternational1OBWriteInternationalResponse1
international-paymentsGETGET /international-payments/{InternationalPaymentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalResponse1

POST /international-payment-consents 

 

1
POST /international-payment-consents

 

The API endpoint allows the PISP to ask an ASPSP to create a new international-payment-consent resource.

  • The POST action indicates to the ASPSP that a payment consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.
  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.
  • The ASPSP creates the international-payment-consent resource and responds with a unique ConsentId to refer to the resource.

The default Status is "AwaitingAuthorisation" immediately after the international-payment-consent has been created.

Status

AwaitingAuthorisation

GET /international-payment-consents/{ConsentId}

 

1
GET /international-payment-consents/{ConsentId}

 

A PISP can optionally retrieve a payment consent resource that they have created to check its status. 

Status

Once the PSU authorises the payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".

If the PSU rejects the consent or the international-payment-consent has failed some other ASPSP validation, the Status will be set to "Rejected".

Once an international-payment has been successfully created using the international-payment-consent, the Status of the international-payment-consent will be set to "Consumed".

The available Status codes for the international-payment-consent resource are:

Status
AwaitingAuthorisation
Rejected
Authorised
Consumed

POST /international-payments

 

1
POST /international-payments

 

Once the international-payment-consent has been authorised by the PSU, the PISP can proceed to submit the international-payment for processing:

  • This is done by making a POST request to the international-payments endpoint.
  • This request is an instruction to the ASPSP to begin the international single immediate payment journey. The international payment must be submitted immediately, however, there are some scenarios where the international payment may not be executed immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the international-payment match the corresponding Initiation and Risk sections of the international-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the international-payment resource will not result in a Status change for the international-payment resource.

Status

An international-payment can only be created if its corresponding international-payment-consent resource has the status of "Authorised". 

The international-payment resource that is created successfully must have one of the following PaymentStatusCode code-set enumerations:

Status
Pending
Rejected
AcceptedSettlementInProcess 

GET /international-payments/{InternationalPaymentId}

 

1
GET /international-payments/{InternationalPaymentId}

 

A PISP can retrieve the international-payment to check its status.

Status

The international-payment resource must have one of the following PaymentStatusCode code-set enumerations:

Status
Pending
Rejected
AcceptedSettlementInProcess 
AcceptedSettlementCompleted

International Scheduled Payments

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
international-scheduled-payment-consentsPOSTPOST /international-scheduled-payment-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteInternationalScheduledConsent1OBWriteInternationalScheduledConsentResponse1
international-scheduled-payment-consentsGETGET /international-scheduled-payment-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalScheduledConsentResponse1
international-scheduled-paymentsPOSTPOST /international-scheduled-paymentsConditionalpaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteInternationalScheduled1OBWriteInternationalScheduledResponse1
international-scheduled-paymentsGETGET /international-scheduled-payments/{InternationalScheduledPaymentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalScheduledResponse1

POST /international-scheduled-payment-consents

 

1
POST /international-scheduled-payment-consents

 

The API endpoint allows the PISP to ask an ASPSP to create a new international-scheduled-payment-consent resource.

  • The POST action indicates to the ASPSP that an international scheduled payment consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.
  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.
  • The ASPSP creates the international-scheduled-payment-consent resource and responds with a unique ConsentId to refer to the resource.

Status

The default Status is "AwaitingAuthorisation" immediately after the international-scheduled-payment-consent has been created.

Status
AwaitingAuthorisation

GET /international-scheduled-payment-consents/{ConsentId}

 

1
GET /international-scheduled-payment-consents/{ConsentId}

 

A PISP can optionally retrieve a payment consent resource that they have created to check its status. 

Status

Once the PSU authorises the payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".

If the PSU rejects the consent or the international-scheduled-payment-consent has failed some other ASPSP validation, the Status will be set to "Rejected".

Once an international-scheduled-payment has been successfully created using the international-scheduled-payment-consent, the Status of the international-scheduled-payment-consent will be set to "Consumed".

The available Status codes for the international-scheduled-payment-consent resource are:

Status
AwaitingAuthorisation
Rejected
Authorised
Consumed

POST /international-scheduled-payments

 

1
POST /international-scheduled-payments

 

Once the international-scheduled-payment-consent has been authorised by the PSU, the PISP can proceed to submit the international-scheduled-payment for processing:

  • This is done by making a POST request to the international-scheduled-payments endpoint.
  • This request is an instruction to the ASPSP to begin the international scheduled payment journey. The PISP must submit the international scheduled payment immediately, however, there are some scenarios where the ASPSP may not warehouse the international scheduled payment immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the international-scheduled-payment match the corresponding Initiation and Risk sections of the international-scheduled-payment-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the international-scheduled-payment resource will not result in a Status change for the international-scheduled-payment resource.

Status

An international-scheduled-payment can only be created if its corresponding international-scheduled-payment-consent resource has the status of "Authorised". 

The international-scheduled-payment resource that is created successfully must have one of the following Status codes:

Status
InitiationPending
InitiationFailed
InitiationCompleted 

GET /international-scheduled-payments/{InternationalScheduledPaymentId}

 

1
GET /international-scheduled-payments/{InternationalScheduledPaymentId}

 

A PISP can retrieve the international-scheduled-payment to check its status.

Status

The international-scheduled-payment resource must have one of the following Status codes:

Status
InitiationPending
InitiationFailed
InitiationCompleted 

International Standing Orders

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory ?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
international-standing-order-consentsPOSTPOST /international-standing-order-consentsConditionalpaymentsClient Credentials

Signed Request

Signed Response

YesOBWriteInternationalStandingOrderConsent1OBWriteInternationalStandingOrderConsentResponse1
international-standing-order-consentsGETGET /international-standing-order-consents/{ConsentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalStandingOrderConsentResponse1
international-standing-ordersPOSTPOST /international-standing-ordersConditionalpaymentsAuthorization Code

Signed Request

Signed Response

YesOBWriteInternationalStandingOrder1OBWriteInternationalStandingOrderResponse1
international-standing-ordersGETGET /international-standing-orders/{InternationalStandingOrderPaymentId}Mandatory (if resource POST implemented)payments

Client Credentials

Signed ResponseNoNAOBWriteInternationalStandingOrderResponse1

POST /international-standing-order-consents

 

1
POST /international-standing-order-consents

 

The API endpoint allows the PISP to ask an ASPSP to create a new international-standing-order-consent resource.

  • The POST action indicates to the ASPSP that an international standing order consent has been staged. At this point, the PSU may not have been identified by the ASPSP, and the request payload may not contain any information of the account that should be debited.
  • The endpoint allows the PISP to send a copy of the consent (between PSU and PISP) to the ASPSP for the PSU to authorise.
  • The ASPSP creates the international-standing-order-consent resource and responds with a unique ConsentId to refer to the resource.

Status

The default Status is "AwaitingAuthorisation" immediately after the international-standing-order-consent has been created.

Status
AwaitingAuthorisation

GET /international-standing-order-consents/{ConsentId}

 

1
GET /international-standing-order-consents/{ConsentId}

 

A PISP can optionally retrieve a payment consent resource that they have created to check its status. 

Status

Once the PSU authorises the payment-consent resource - the Status of the payment-consent resource will be updated with "Authorised".

If the PSU rejects the consent or the international-standing-order-consent has failed some other ASPSP validation, the Status will be set to "Rejected".

Once an international-standing-orders has been successfully created using the international-standing-order-consent, the Status of the international-standing-order-consent will be set to "Consumed".

The available Status codes for the international-standing-order-consent resource are:

Status
AwaitingAuthorisation
Rejected
Authorised
Consumed

POST /international-standing-orders

 

1
POST /international-standing-orders

 

Once the international-standing-order-consent has been authorised by the PSU, the PISP can proceed to submit the international-standing-orders for processing:

  • This is done by making a POST request to the international-standing-orders endpoint.
  • This request is an instruction to the ASPSP to begin the international standing order journey. The PISP must submit the international standing order immediately, however, there are some scenarios where the ASPSP may not warehouse the international standing order immediately (e.g. busy periods at the ASPSP).
  • The PISP must ensure that the Initiation and Risk sections of the international-standing-orders match the corresponding Initiation and Risk sections of the international-standing-order-consent resource. If the two do not match, the ASPSP must not process the request and must respond with a 400 (Bad Request).
  • Any operations on the international-standing-orders resource will not result in a Status change for the international-standing-orders resource.

Status

An international-standing-orders can only be created if its corresponding international-standing-order-consent resource has the status of "Authorised". 

The international-standing-orders resource that is created successfully must have one of the following Status codes

Status
InitiationPending
InitiationFailed
InitiationCompleted 

GET /international-standing-orders/{InternationalStandingOrderPaymentId}

 

1
GET /international-standing-orders/{InternationalStandingOrderPaymentId}

 

A PISP can retrieve the international-standing-orders to check its status.

Status

The international-standing-orders resource must have one of the following Status codes:

Status
InitiationPending
InitiationFailed
InitiationCompleted 

Authenticate

Method TypeMethod NameDescription
GETauthenticate 

Login

Method TypeMethod NameDescription
GETloginpage 
POSTconsent 
POSTauthenticate 

Generate Token

Method TypeMethod NameDescription
POSTgeneratetoken 

AISP - Account Information Service Provider

Account Information

Account Access

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1account-access-consentsPOSTPOST /account-access-consentsMandatoryaccountsClient CredentialsNo OBReadConsent1OBReadConsentResponse1
2account-access-consentsGETGET /account-access-consents/{ConsentId}MandatoryaccountsClient CredentialsNo  OBReadConsentResponse1
3account-access-consentsDELETEDELETE /account-access-consents/{ConsentId}MandatoryaccountsClient CredentialsNo   

POST /account-access-consents 

The API allows the AISP to ask an ASPSP to create a new account-access-consent resource.

  • This API effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information.
  • An AISP is not able to pre-select a set of accounts for account-access-consent authorisation. This is because the behaviour of the pre-selected accounts, after authorisation, is not clear from a Legal perspective.
  • An ASPSP creates the account-access-consent resource and responds with a unique ConsentId to refer to the resource.
  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

GET /account-access-consents/{ConsentId}

The PSU must authenticate with the ASPSP and authorise the account-access-consent for the account-access-consent to be successfully setup.

The account-access-consent resource that is created successfully must have the following Status code-list enumeration:

 
Status
Status Description
1AwaitingAuthorisationThe account access consent is awaiting authorisation.

After authorisation has taken place the account-access-consent resource may have these following statuses.

 

 
Status
Status Description
1RejectedThe account access consent has been rejected.
2AuthorisedThe account access consent has been successfully authorised.
3RevokedThe account access consent has been revoked via the ASPSP interface.

 

GET /account-access-consents/{ConsentId}

An AISP may optionally retrieve an account-access-consent resource that they have created to check its status. 

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

The usage of this API endpoint will be subject to an ASPSP's fair usage policies.

Account Access Consent Status

Once the PSU authorises the account-access-consent resource - the Status of the account-access-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the account-access-consent resource are:

 
Status
Status Description
1RejectedThe account access consent has been rejected.
2AwaitingAuthorisationThe account access consent is awaiting authorisation.
3AuthorisedThe account access consent has been successfully authorised.
4RevokedThe account access consent has been revoked via the ASPSP interface.

DELETE /account-access-consents/{ConsentId}

If the PSU revokes consent to data access with the AISP - the AISP must delete the account-access-consent resource with the ASPSP before confirming consent revocation with the PSU.

  • This is done by making a call to DELETE the account-access-consent resource.
  • Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

Accounts

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1accountsGET

GET /accounts

Mandatory

accountsAuthorization CodeNoPagination OBReadAccount2
2accountsGETGET /accounts/{AccountId}MandatoryaccountsAuthorization CodeNo  OBReadAccount2

GET /accounts

 

The first step for an AISP after an account-request is authorised - is to call the GET /accounts endpoint. 

An AISP will be given the full list of accounts (the AccountId(s)) that the PSU has authorised the AISP to access. The AccountId(s) returned may then be used to retrieve other resources for a specific AccountId. The selection of authorised accounts happens only at the ASPSP's interface.

GET /accounts/{AccountId}

An AISP may retrieve the account information resources for the AccountId (which is retrieved in the call to GET /accounts).

Balances

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1balancesGETGET /accounts/{AccountId}/balancesMandatoryaccountsAuthorization CodeNo  OBReadBalance1
2balancesGETGET /balancesOptionalaccountsAuthorization CodeNoPagination OBReadBalance1

GET /accounts/{AccountId}/balances

An AISP may retrieve the account balance information resource for a specific AccountId (which is retrieved in the call to GET /accounts).

GET /balances

If an ASPSP has implemented the bulk retrieval endpoints - an AISP may optionally retrieve the account information resources in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

Beneficiaries

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1beneficiariesGETGET /accounts/{AccountId}/beneficiariesConditionalaccountsAuthorization CodeNo  OBReadBeneficiary2
2beneficiaries


GET

GET /beneficiaries

OptionalaccountsAuthorization CodeNoPagination OBReadBeneficiary2

GET /accounts/{AccountId}/beneficiaries

An AISP may retrieve the account beneficiaries information resource for a specific AccountId (which is retrieved in the call to GET /accounts).

GET /beneficiaries

If an ASPSP has implemented the bulk retrieval endpoints for beneficiaries - an AISP may optionally retrieve the beneficiaries information in bulk.

This endpoint will retrieve the beneficiaries resources for all authorised accounts linked to a specific account-request.

Partys

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1partyGETGET /accounts/{AccountId}/partyConditionalaccountsAuthorization CodeNo  OBReadParty1
2partyGETGET /partyConditionalaccountsAuthorization CodeNo  OBReadParty1

GET /accounts/{AccountId}/party

If the ASPSP has chosen to implement the /accounts/{AccountId}/party endpoint - the ASPSP must return details on the account owner:

  • In the case of a business - this will be the details of the business
  • In the case of a joint account - this will be the party that has given authorisation to the AISP to view the account. If the AISP wishes to access details of other parties linked to the AccountId, the AISP must go through an authorisation flow with the other parties.

GET /party

If the ASPSP has chosen to implement the the /party endpoint - the ASPSP must return details on the user that has authorised the account-request with the ASPSP:

  • In the case of a business account - this will be the details of the party that has given authorisation to the AISP to view the account
  • In the case of a joint account - this will be the party that has given authorisation to the AISP to view the account

Products

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1productsGETGET /accounts/{AccountId}/productConditionalaccountsAuthorization CodeNo  OBReadProduct2
2productsGETGET /productsOptionalaccountsAuthorization CodeNoPagination OBReadProduct2

GET /accounts/{AccountId}/product

An AISP may retrieve the account product information for a specific AccountId (which is retrieved in the call to GET /accounts).

While this endpoint is marked as Conditional, it will be Mandatory for ASPSPs and account types covered in the CMA Order.

GET /products

If an ASPSP has implemented the bulk retrieval endpoints for products - an AISP may optionally retrieve the products information in bulk.

This endpoint will retrieve the products resources for all authorised accounts linked to a specific account-request.

Scheduled Payments

Endpoints for the resource - and available methods.

 

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1scheduled-paymentsGETGET /accounts/{AccountId}/scheduled-paymentsConditionalaccountsAuthorization CodeNo

 

 OBReadScheduledPayment1
2scheduled-paymentsGETGET /scheduled-paymentsOptionalaccountsAuthorization CodeNo

Pagination

 OBReadScheduledPayment1

GET /accounts/{AccountId}/scheduled-payments

An ASPSP may provide this endpoint for AISPs to retrieve the scheduled-payments for a specific AccountId (which is retrieved in the call to GET /accounts).

GET /scheduled-payments

If an ASPSP has implemented the bulk retrieval endpoints - an AISP may optionally retrieve the scheduled-payments resources in bulk.

This will retrieve the scheduled-payments resources for all authorised accounts linked to the account-request.

Standing Orders

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1standing-ordersGETGET /accounts/{AccountId}/standing-ordersConditionalaccountsAuthorization CodeNo  OBReadStandingOrder3
2standing-ordersGETGET /standing-ordersOptionalaccountsAuthorization CodeNoPagination OBReadStandingOrder3

GET /accounts/{AccountId}/standing-orders

An AISP may retrieve the standing-order resource for a specific AccountId (which is retrieved in the call to GET /accounts).

GET /standing-orders

If an ASPSP has implemented the bulk retrieval endpoints - an AISP may optionally retrieve the standing-order resources in bulk.

This will retrieve the resources for all authorised accounts linked to the account-request.

Statements

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1statementsGETGET /accounts/{AccountId}/statementsConditionalaccountsAuthorization CodeNo

Pagination

Filtering

 OBReadStatement1
2statementsGETGET /accounts/{AccountId}/statements/{StatementId}ConditionalaccountsAuthorization CodeNo

Pagination

 OBReadStatement1
3statementsGETGET /accounts/{AccountId}/statements/{StatementId}/fileOptionalaccountsAuthorization CodeNo  File
4transactionsGETGET /accounts/{AccountId}/statements/{StatementId}/transactionsConditionalaccountsAuthorization CodeNo

Pagination

 OBReadTransaction3
5statementsGETGET /statementsOptionalaccountsAuthorization CodeNo

Pagination

Filtering

 OBReadStatement1

GET /accounts/{AccountId}/statements

An ASPSP may provide this endpoint for AISPs to retrieve the statements information resource for the AccountId (which is retrieved in the call to GET /accounts).

GET /accounts/{AccountId}/statements/{StatementId}

An ASPSP may provide this endpoint for AISPs to retrieve the statement information resource for a specific statement in the AccountId (which is retrieved in the call to GET /accounts).

GET /accounts/{AccountId}/statements/{StatementId}/file

An ASPSP may provide this endpoint for AISPs to retrieve a non-json representation of a specific statement.

GET /accounts/{AccountId}/statements/{StatementId}/transactions

An ASPSP may provide this endpoint for AISPs to retrieve transactions that appear on the selected statement.

The data model for the returned objects is documented in the transactions resource.

GET /statements

An ASPSP may provide this endpoint for AISPs to retrieve statement information for all accounts that the PSU has consented to. This will retrieve the statement resources for all authorised accounts linked to the account-request.

Transactions

Endpoints for the resource - and available methods.

Endpoints
 
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Idempotency Key
Parameters
Request Object
Response Object
1transactionsGETGET /accounts/{AccountId}/transactionsMandatoryaccountsAuthorization CodeNo

Pagination

Filtering

 OBReadTransaction3
2transactionsGET

GET /transactions

Optional

accountsAuthorization CodeNo

Pagination

Filtering

 OBReadTransaction3

GET /accounts/{AccountId}/transactions

An AISP may retrieve the transaction resource for a specific AccountId (which is retrieved in the call to GET /accounts).

GET /transactions

If an ASPSP has implemented the bulk retrieval endpoints - an AISP may optionally retrieve the transactions in bulk. 

This will retrieve the resources for all authorised accounts linked to the account-request.

Generate Token

Method TypeMethod NameDescription
POSTgeneratetoken 

Authenticate

Method TypeMethod NameDescription
GETauthenticate 

Login

Method TypeMethod NameDescription
GETloginpage 
POSTconsent 
POSTauthenticate 

Confirmation of Funds

Confirmation of funds

Endpoints
Resource
HTTP Operation
Endpoint
Mandatory?
Scope
Grant Type
Message Signing
Idempotency Key
Request Object
Response Object
funds-confirmation-consentPOSTPOST /funds-confirmation-consentsMandatoryfundsconfirmationsClient CredentialsNoNoOBFundsConfirmationConsent1

OBFundsConfirmationConsentResponse1

funds-confirmation-consentGETGET /funds-confirmation-consents/{ConsentId}MandatoryfundsconfirmationsClient CredentialsNoNoNA

OBFundsConfirmationConsentResponse1

funds-confirmation-consentDELETEDELETE /funds-confirmation-consents/{ConsentId}MandatoryfundsconfirmationsClient CredentialsNoNoNANA
funds-confirmationPOSTPOST /funds-confirmationsMandatoryfundsconfirmationsAuthorization CodeNoNoOBFundsConfirmation1OBFundsConfirmationResponse1

POST /funds-confirmation-consents

 

1
POST /funds-confirmation-consents

The API allows the CBPII to ask an ASPSP to create a new funds-confirmation-consent resource.

  • This endpoint allows the CBPII to propose a consent to be agreed between the ASPSP and PSU, to authorise the CBPII access to confirm funds are available.
  • The ASPSP creates the funds-confirmation-consent resource and responds with a unique ConsentId to refer to the resource.
  • Prior to calling the operation, the CBPII must have an access token issued by the ASPSP using a client credentials grant.

Status

The PSU must authenticate with the ASPSP and agree the funds-confirmation-consent with the ASPSP, for the funds-confirmation-consent to be successfully setup.

The funds-confirmation-consent resource that is created successfully must have one of the following Status code-list enumerations:

 
Status
Status Description
1AwaitingAuthorisationThe Funds Confirmation Consent is awaiting agreement.

After consent has been agreed the funds-confirmation-consent resource may have these following statuses.

 

 
Status
Status Description
1RejectedThe Funds Confirmation Consent has been rejected.
2AuthorisedThe Funds Confirmation Consent has been successfully agreed.
3RevokedThe Funds Confirmation Consent has been revoked via the ASPSP interface.

 

GET /funds-confirmation-consents/{ConsentId}

 

1
GET /funds-confirmation-consents/{ConsentId}

A CBPII may optionally retrieve an funds-confirmation-consent resource that they have created to check its status. 

Prior to calling the operation, the CBPII must have an access token issued by the ASPSP using a client credentials grant.

Status

Once the PSU agrees the consent outlined in the funds-confirmation-consent resource - the Status of the funds-confirmation-consent resource will be updated with "Authorised".

The available Status code-list enumerations for the funds-confirmation-consent resource are:

 
Status
Status Description
1RejectedThe Funds Confirmation Consent has been rejected.
2AwaitingAuthorisationThe Funds Confirmation Consent is awaiting agreement.
3AuthorisedThe Funds Confirmation Consent has been successfully agreed.
4RevokedThe Funds Confirmation Consent has been revoked via the ASPSP interface.

DELETE /funds-confirmation-consents/{ConsentId}

 

1
DELETE /funds-confirmation-consents/{ConsentId}

 

If the PSU revokes consent to confirm funds with the CBPII - the CBPII must delete the funds-confirmation-consent resource.

  • This is done by making a call to DELETE the funds-confirmation-consent resource.
  • Prior to calling the operation, the CBPII must have an access token issued by the ASPSP using a client credentials grant.

POST /funds-confirmations

 

1
POST /funds-confirmations

If the CBPII would like to confirm funds with the ASPSP, it should create a new funds-confirmation resource, and check the funds available flag in the response.

  • The ASPSP creates the funds-confirmation resource and responds with a unique FundsConfirmationId to refer to the resource, and a flag confirming if funds are available.
  • The CBPII must use a token issued via authorization code grant and specify the ConsentId in the request payload.
  • This CBPII must use a currency of the account.

Login

Method TypeMethod NameDescription
GETloginpage 
POSTconsent 
POSTauthenticate 

Authenticate

Method TypeMethod NameDescription
GETauthenticate 

Generate Token

Method TypeMethod NameDescription
POSTgeneratetoken 
  • No labels
Adaptavist ThemeBuilder EngineAtlassian Confluence