I am developing for the

market, looking for the

API Documentation.

Home

>

API Products

>

United Kingdom - Accounts and Transactions PSD2 API Documentation

Accounts and Transactions PSD2

Summary

The Account and Transaction API allows a TPP to retrieve account and transaction data for CPB Customers through a secure interface.

The sandbox provides synthetic data to enable a TPP to explore the API and perform preliminary functional testing on a simulated environment. The calls to the API will be validated for correctness and compliance with the API specification to help the TPP uncover issues early when integrating with the API.

Below are some sample test data and unique identifiers that can be used for invoking the APIs and for recreating specific scenarios for validation and testing by the TPP.

To simulate the ReadAccountBasic and ReadAccountDetail permissions, the accounts have been mapped to the permissions as follows so that the Balances, Standing Order, Schedule Payments and Transactions APIs will return the required level of detail in the responses based on the account that is being queried:

Sample Account IDsPermission
111001ReadAccountDetail
111002ReadAccountBasic

Some of the notable differences between the sandbox and market integrated interface are listed below:

  • Sandbox uses a primarily stateless interaction model where some states such as the account balance is kept constant.
  • In the case of the Account & Transaction API, the invocations to retrieve the account information and balances will assume that a consent has been authorized for the list of accounts below for the purpose of demonstration. However, if the user wishes to test out the full end-to-end consent authorization flow, the user is free to do so by invoking the Authorize API or using the API Playground's 3-Legged Authentication Flow. In the fully functional market integrated version of the API, the consent context will be bound to the access token so that no additional changes would need to be done by the TPP to transfer the consent context to the API, and everything works seamlessly.
  • The sandbox implements an OAuth 2.0 based Authentication and Authorization flow. In addition to using the API Playground to invoke the APIs, the API keys retrieved while registering an application can be used for calling the APIs from any REST client, such as curl, Postman, SoapUI, or programmatically through REST calls using access tokens retrieved either through a Client Credential or Authorization Code grant types depending on the API being invoked.
  • As the sandbox is open to both TPPs and the general public, the following validations will be deferred to the integration environments: verification of TPP identity, SSA, EIDAS, QSEAL, QWAC certificates, mutual TLS. These validations will be available in the fully functional market integrated interfaces with valid Competent Authority issued certificates.
  • 3-legged authentication requests for this API must be of the 'cpb_ob_accounts' scope whereas in market integrated version 'accounts' scope must be used.

The Accounts and Transactions PSD2 API uses the authorization_code grant type, for authorization details CLICK HERE

Want to try this API out on our Playground?

Go play now
Endpoints on this page
post /open-banking/v3.1/aisp/account-access-consents Creates an account access consent
get /open-banking/v3.1/aisp/account-access-consents/{ConsentId} Retrieve an account access consent
delete /open-banking/v3.1/aisp/account-access-consents/{ConsentId} Delete an account access consent
get /open-banking/v3.1/aisp/accounts Retrieve the list of accounts
get /open-banking/v3.1/aisp/accounts/{AccountId} Retrieve account information for a given account
get /open-banking/v3.1/aisp/accounts/{AccountId}/balances Retrieve balance information for a given account
get /open-banking/v3.1/aisp/accounts/{AccountId}/beneficiaries Get beneficiaries
get /open-banking/v3.1/aisp/accounts/{AccountId}/direct-debits Get direct debits
get /open-banking/v3.1/aisp/accounts/{AccountId}/offers Get offers
get /open-banking/v3.1/aisp/accounts/{AccountId}/party Get parties linked to the account
get /open-banking/v3.1/aisp/accounts/{AccountId}/product Get products
get /open-banking/v3.1/aisp/accounts/{AccountId}/scheduled-payments Retrieve scheduled payments
get /open-banking/v3.1/aisp/accounts/{AccountId}/standing-orders Retrieve standing orders for an account
get /open-banking/v3.1/aisp/accounts/{AccountId}/statements Get statements for an account
get /open-banking/v3.1/aisp/accounts/{AccountId}/statements/{StatementId} Get statement details
get /open-banking/v3.1/aisp/accounts/{AccountId}/statements/{StatementId}/file Get statement details in non-json format
get /open-banking/v3.1/aisp/accounts/{AccountId}/statements/{StatementId}/transactions Get transactions
get /open-banking/v3.1/aisp/accounts/{AccountId}/transactions Retrieve transactions for an account
get /open-banking/v3.1/aisp/balances Returns the account balances for all authorised accounts
get /open-banking/v3.1/aisp/beneficiaries Returns the list of beneficiaries
get /open-banking/v3.1/aisp/direct-debits Get direct debits
get /open-banking/v3.1/aisp/offers Get offers
get /open-banking/v3.1/aisp/party Get party
get /open-banking/v3.1/aisp/products Get products
get /open-banking/v3.1/aisp/scheduled-payments Retrieve the scheduled payments
get /open-banking/v3.1/aisp/standing-orders Retrieve the list of standing orders
get /open-banking/v3.1/aisp/statements Get statements
get /open-banking/v3.1/aisp/transactions Retrieve the transactions for all authorized accounts

Creates an account access consent

post /open-banking/v3.1/aisp/account-access-consents
Description

Request CPB to create a new account-access-consent resource and which effectively allows the TPP to send a copy of the consent to CPB to authorise access to account and transaction information. The TPP is not able to pre-select a set of accounts for account-access-consent authorization from CPB. CPB will create the account-access-consent resource and responds with a unique ConsentId to refer to the resource. Prior to calling the API, the TPP must have an access token issued by CPB using a client credential grant.

Body Parameters
OBReadConsent1Param
required
Default
Show schema
Header Parameters
Accept
string required
application/json
x-fapi-financial-id
string required
The unique id of CPB to which the request is issued. The unique id will be issued by OB.
x-fapi-customer-last-logged-time
string Optional
The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address
string Optional
The PSU's IP address if the PSU is currently logged in with the TPP.
x-fapi-interaction-id
string Optional
An RFC4122 UID used as a correlation id.
Authorization
string required
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
x-customer-user-agent
string Optional
Indicates the user-agent that the PSU is using.
client_id
string required
Client Id generated during application registration
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
201

Account Access Consents Created
Definitions
  • Data
      • ConsentId
        • Unique identification as assigned to identify the account access consent resource.
        • type : string
        • minLength : 1
        • maxLength : 128
      • CreationDateTime
        • Date and time at which the resource was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • StatusUpdateDateTime
        • Date and time at which the resource status was updated. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • Permissions
        • properties : Array
      • ExpirationDateTime
        • Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • TransactionFromDateTime
        • Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • TransactionToDateTime
        • Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
  • Risk
  • Links
  • Meta
      • TotalPages
        • type : integer
        • format : int32
      • FirstAvailableDateTime
        • All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • LastAvailableDateTime
        • All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
Example Response for post /open-banking/v3.1/aisp/account-access-consents
{
    "Data": {
        "ConsentId": "2134564645646",
        "CreationDateTime": "2017-04-05T10:43:07+00:00",
        "StatusUpdateDateTime": "2017-04-05T10:43:07+00:00",
        "Permissions": [],
        "ExpirationDateTime": "2017-04-05T10:43:07+00:00",
        "TransactionFromDateTime": "2017-04-05T10:43:07+00:00",
        "TransactionToDateTime": "2017-04-05T10:43:07+00:00"
    },
    "Risk": [],
    "Links": [],
    "Meta": {
        "TotalPages": "1",
        "FirstAvailableDateTime": "2017-04-05T10:43:07+00:00",
        "LastAvailableDateTime": "2017-04-05T10:43:07+00:00"
    },
    "additionalProperties": false
}
400

Bad request
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for post /open-banking/v3.1/aisp/account-access-consents
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}
401

Unauthorized
This operation returns no content.
403

Forbidden
This operation returns no content.
404

Not found
This operation returns no content.
405

Method Not Allowed
This operation returns no content.
406

Not Acceptable
This operation returns no content.
415

Unsupported Media Type
This operation returns no content.
429

Too Many Requests
This operation returns no content.
500

Internal Server Error
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for post /open-banking/v3.1/aisp/account-access-consents
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}

Retrieve an account access consent

get /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
Description

Retrieve an account-access-consent resource for a given ConsentId. Prior to calling the API, the TPP must have an access token issued by CPB using a client credentials grant.

Path Parameters
ConsentId
string required
ConsentId
Header Parameters
Accept
string required
application/json
x-fapi-financial-id
string required
The unique id of CPB to which the request is issued. The unique id will be issued by OB.
x-fapi-customer-last-logged-time
string Optional
The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address
string Optional
The PSU's IP address if the PSU is currently logged in with the TPP.
x-fapi-interaction-id
string Optional
An RFC4122 UID used as a correlation id.
Authorization
string required
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
x-customer-user-agent
string Optional
Indicates the user-agent that the PSU is using.
client_id
string required
Client Id generated during application registration
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

Account Access Consents Read
Definitions
  • Data
      • ConsentId
        • Unique identification as assigned to identify the account access consent resource.
        • type : string
        • minLength : 1
        • maxLength : 128
      • CreationDateTime
        • Date and time at which the resource was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • StatusUpdateDateTime
        • Date and time at which the resource status was updated. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • Permissions
        • properties : Array
      • ExpirationDateTime
        • Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • TransactionFromDateTime
        • Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • TransactionToDateTime
        • Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
  • Risk
  • Links
  • Meta
      • TotalPages
        • type : integer
        • format : int32
      • FirstAvailableDateTime
        • All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • LastAvailableDateTime
        • All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
Example Response for get /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
{
    "Data": {
        "ConsentId": "2134564645646",
        "CreationDateTime": "2017-04-05T10:43:07+00:00",
        "StatusUpdateDateTime": "2017-04-05T10:43:07+00:00",
        "Permissions": [],
        "ExpirationDateTime": "2017-04-05T10:43:07+00:00",
        "TransactionFromDateTime": "2017-04-05T10:43:07+00:00",
        "TransactionToDateTime": "2017-04-05T10:43:07+00:00"
    },
    "Risk": [],
    "Links": [],
    "Meta": {
        "TotalPages": "1",
        "FirstAvailableDateTime": "2017-04-05T10:43:07+00:00",
        "LastAvailableDateTime": "2017-04-05T10:43:07+00:00"
    },
    "additionalProperties": false
}
400

Bad request
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for get /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}
401

Unauthorized
This operation returns no content.
403

Forbidden
This operation returns no content.
404

Not found
This operation returns no content.
405

Method Not Allowed
This operation returns no content.
406

Not Acceptable
This operation returns no content.
429

Too Many Requests
This operation returns no content.
500

Internal Server Error
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for get /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}

Delete an account access consent

delete /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
Description

Request CPB to revoke a given account access consent for the TPP. TPP must delete the account-access-consent resource with the CPB after getting confirmation about consent revocation from the CPB client. This can be done by making a call to DELETE the account-access-consent-resource. Prior to calling the API, the TPP must have an access token issued by CPB using a client credentials grant.

Path Parameters
ConsentId
string required
ConsentId
Header Parameters
Accept
string required
application/json
x-fapi-financial-id
string required
The unique id of CPB to which the request is issued. The unique id will be issued by OB.
x-fapi-customer-last-logged-time
string Optional
The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address
string Optional
The PSU's IP address if the PSU is currently logged in with the TPP.
x-fapi-interaction-id
string Optional
An RFC4122 UID used as a correlation id.
Authorization
string required
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
x-customer-user-agent
string Optional
Indicates the user-agent that the PSU is using.
client_id
string required
Client Id generated during application registration
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
204

Account Access Consents Deleted
This operation returns no content.
400

Bad request
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for delete /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}
401

Unauthorized
This operation returns no content.
403

Forbidden
This operation returns no content.
404

Not found
This operation returns no content.
405

Method Not Allowed
This operation returns no content.
406

Not Acceptable
This operation returns no content.
429

Too Many Requests
This operation returns no content.
500

Internal Server Error
Definitions
  • Code
    • High level textual error code, to help categorize the errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Id
    • A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.
    • type : string
    • minLength : 1
    • maxLength : 40
  • Message
    • Brief Error message, e.g., 'There is something wrong with the request parameters provided'
    • type : string
    • minLength : 1
    • maxLength : 500
  • Errors
      • ErrorCode
        • Low level textual error code, e.g., UK.OBIE.Field.Missing
        • type : string
        • minLength : 1
        • maxLength : 128
      • Message
        • A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' OBIE doesn't standardise this field
        • type : string
        • minLength : 1
        • maxLength : 500
Response Schema for delete /open-banking/v3.1/aisp/account-access-consents/{ConsentId}
{
    "description": "An array of detail error codes, and messages, and URLs to documentation to help remediation.",
    "type": "object",
    "properties": {
        "Code": {
            "description": "High level textual error code, to help categorize the errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "RequestValidationError"
        },
        "Id": {
            "description": "A unique reference for the error instance, for audit purposes, in case of unknown\/unclassified errors.",
            "type": "string",
            "minLength": 1,
            "maxLength": 40,
            "example": "c09206d3-9d44-49a7-99c3-277386cadd1c"
        },
        "Message": {
            "description": "Brief Error message, e.g., 'There is something wrong with the request parameters provided'",
            "type": "string",
            "minLength": 1,
            "maxLength": 500,
            "example": "There is something wrong with the request paramaters provided"
        },
        "Errors": {
            "items": {
                "type": "object",
                "properties": {
                    "ErrorCode": {
                        "description": "Low level textual error code, e.g., UK.OBIE.Field.Missing",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 128,
                        "example": "UK.OBIE.Field.Invalid"
                    },
                    "Message": {
                        "description": "A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'\nOBIE doesn't standardise this field",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500,
                        "example": "RequestedExecutionDateTime must be in future"
                    },
                    "Path": {
                        "description": "Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency",
                        "type": "string",
                        "minLength": 1,
                        "maxLength": 500
                    },
                    "Url": {
                        "description": "URL to help remediate the problem, or provide more information, or to API Reference, or help etc",
                        "type": "string"
                    }
                },
                "required": [
                    "ErrorCode",
                    "Message"
                ],
                "additionalProperties": false,
                "minProperties": 1
            },
            "type": "array",
            "minItems": 1
        }
    },
    "required": [
        "Code",
        "Message",
        "Errors"
    ],
    "additionalProperties": false
}

Retrieve the list of accounts

get /open-banking/v3.1/aisp/accounts
Description

TPP will be given the full list of accounts (the AccountId(s)) that the CPB Client has authorised the TPP to access. The AccountId(s) returned may then be used to retrieve other resources for a specific AccountId. The selection of accounts happens only on a CPB application.

Header Parameters
Accept
string required
application/json
x-fapi-financial-id
string required
The unique id of CPB to which the request is issued. The unique id will be issued by OB.
x-fapi-customer-last-logged-time
string Optional
The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address
string Optional
The PSU's IP address if the PSU is currently logged in with the TPP.
x-fapi-interaction-id
string Optional
An RFC4122 UID used as a correlation id.
Authorization
string required
An Authorisation Token as per https://tools.ietf.org/html/rfc6750
x-customer-user-agent
string Optional
Indicates the user-agent that the PSU is using.
client_id
string required
Client Id generated during application registration
  • cURL
  • Ruby
  • Python
  • PHP
  • Java
  • Node
  • Go
  • Swift

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Example Request

Responses
200

Accounts Read
Definitions
  • Data
      • Account
        • properties : Array
  • Links
  • Meta
      • TotalPages
        • type : integer
        • format : int32
      • FirstAvailableDateTime
        • All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00
        • type : string
        • format : date-time
      • LastAvailableDateTime
        • All dates in the JSON payloads are represented