Account

Overview

The Account product allows access to payment Account information (e.g. details, balances and transactions). The product is PSD2 compliant.

Step-by-step how to use the Account product

Initial activities

Enrollment and TPP security need to be in place.

For every end user

This flow shows how to initiate and authorize a consent (including Strong Customer Authentication) and then access account information.

Account access flow

After 90 days the 3-Legg token will expire. To obtain a new token the OAuth2 redirect Strong Customer flow needs to be repeated with the same consentId.

Consent - Try it out

Before the TPP can access Account information, the end user needs to give consent that the TPP can do so by using Strong Customer Authentication. The consent is usually only given once.

The consent initiation results in a consentID to access Account information for the actual end user.

Try out the initiation of a consent and consent authorization by using our Postman collection.
Please note that the consent authorization is posted explicitly.

In order to try our Consent Postman collection, please open your Postman and import the file:

Consent Postman collection file

We recommend you read the short description in Postman for both the collection and each request. This will help you understand the purpose of each request.
Remember to update your Postman environment settings with a valid token

Using the scaOAuth link from the consent-authorization response, the Strong Customer Authentication of the consent uses the standard redirect OAuth2 flow, where the scope contains AIS:consentId.

For more details, click here.

Global consent
The solution covers only the consent model of Global consent as described in the Berlin Group's implementation guide Chapter 6.
The Global consent gives general access to all the user’s payment Accounts and related Account information.
If the end user wants to restrict the access so it applies to fewer Accounts, it is a matter between the user and the TPP. 

Access Account information - Try it out

Use the consentID and standard OAuth2 token belonging to the end user to access Account information by using this Postman collection.

In order to try our Account Postman collection, please open your Postman and import these two files:

Account environment file

Account Postman collection file

We recommend you read the short description in Postman for both the collection and each request. This will help you understand the purpose of each request.
Remember to update your Postman environment settings with a valid token

Mockdata

The sandbox environment uses mockdata for all endpoints.
The IDs (e.g. consentId and accountID) to be used when accessing data are described as part of the Postman collections and the examples in the YAML-files. 

Detailed documentation

For more detailed documentation, the Consent and Account YAML-file can be seen and downloaded here:

View our Open API for Consent

View our Open API for Account