Consents

Consents Service Description

Creates a consent request at the ASPSP and gets information about account consents

API Profile

Attribute

Value

Name Consents
Version V1
Synopsis Consents
Description Creates a consent request at the ASPSP and gets information about account consents.
Pre-Conditions HTTP GET, POST and DELETE method is allowed.
Authentication OAuth 2.0 with Authorization Code

Before your application can access the API, it must obtain a new an access token for each request. The access token can be used only one time.

 

Endpoint Definition

Account API’s development live and mock environments routing data

EndPoint SERVICE

URI /consents/v1
Base URL https://apis.garantibbva.ro:443


Technology

Technology Stack / DESIGN TIME

Property Value
HTTP Call Method GET,POST,DELETE
Response Content Type application/json; charset=utf-8


APIS


Creates a consent request at the ASPSP.


Request Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.
Consent-ID String Mandatory For establishing a new consent, Intent ID generated in previous step (see Authentication page) should be sent as Consent-ID.
Client-ID String Mandatory TPP's Client ID, generated in Dynamic Registration.
Client-Secret String Mandatory TPP's Client Secret, generated in Dynamic Registration.
TPP-Redirect-URI String Mandatory URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandatory for response link scaOAuth field.
apikey String Mandatory API Key value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan.

Request Body

Attribute

Type

Condition

Description

access Array of Account Access Conditional No need for account initialization, all available accounts of PSU will be listed for selection at consent creation stage.
recurringIndicator Boolean Mandatory true, if the consent is for recurring access to the account data false, if the consent is for one access to the account data Currently, always assumed as "false" by Garanti BBVA Romania.
validUntil ISODate Mandatory This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISODate Format, e.g. 2017-10-30. If a maximal available date is requested, a date in far future is to be used: "9999-12-31". The consent object to be retrieved by the GET Consent Request will contain the adjusted date.
frequencyPerDay Integer Mandatory This field indicates the requested maximum frequency for an access per day. For a one-off access, this attribute is set to "1".
combinedService-Indicator Boolean Optional If true indicates that a payment initiation service will be addressed in the same "session". Currently this feature is not supported by Garanti BBVA Romania.

Response Header

Attribute

Type

Condition

Description

Location String Mandatory Location of the created resource (if created)
X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.
ASPSP-SCA-Approach String Mandatory REDIRECT

Response Body

Attribute

Type

Condition

Description

consentStatus Consent Status Mandatory Authentication status of the consent
consentId UUID Mandatory Identification of the consent resource as it is used in the API structure
_links Links Mandatory A list of hyperlinks to be recognised by the TPP. Type of links admitted in this response; "scaOAuth": The link which must be used for PSU login. After login is completed, PSU will be redirected to next stage, consent approval account list. "self": The link to the Establish Account Information Consent resource created by this request. This link can be used to retrieve the resource data. "status": The link to retrieve the status of the Account Information Consent.


Sample Request


		
{ "recurringIndicator":true, "validUntil":"2019-10-10", "frequencyPerDay":"1" }


Sample Response


		
{ "consentStatus": "received", "consentId": "092by59b-968a-43c8-91d3-47e2c6bdbcfe", "_links": {"scaOAuth": {"href": "https://sso.garantibbva.ro/mga/sps/oauth/oauth20/authorize?response_type=code&client_id=jf9uzXRwWOnBkUc48Ax5&scope=openid&redirect_uri=https://www.TPPurl.com&id=092by59b-968a-43c8-91d3-47e2c6bdbcfe&type=c"}, "self": {"href": "/consents/v1/092by59b-968a-43c8-91d3-47e2c6bdbcfe"}, "status": {"href": "/consents/v1/092by59b-968a-43c8-91d3-47e2c6bdbcfe/status" }

 

 

Check the status of an account information consent.

Path Parameters

Attribute

Type

Description

consentId UUID The consent identification assigned to the created resource.

Request Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.
Authorization String Conditional Is contained only, if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in the current PIS transaction or in a preceding AIS service in the same session, if no such OAuth2 SCA approach was chosen in the current PIS transaction.
Client-ID String Mandatory TPP's Client ID, generated in Dynamic Registration.
Client-Secret String Mandatory TPP's Client Secret, generated in Dynamic Registration.
apikey String Mandatory API Key value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan.

Response Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.

Response Body

Attribute

Type

Condition

Description

consentStatus Consent Status Mandatory This is the overall lifecycle status of the consent.


Sample Response


		
{ "consentStatus": "valid" }

 

Returns the content of a consent object.

Path Parameters

Attribute

Type

Description

consentId UUID ID of the corresponding consent object as returned by an Account Information Consent Request

Request Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.
Authorization String Conditional If OAuth2 has been chosen as pre-step to authenticate the PSU.
Client-ID String Mandatory TPP's Client ID, generated in Dynamic Registration.
Client-Secret String Mandatory TPP's Client Secret, generated in Dynamic Registration.
apikey String Mandatory API Key value obtained from Dashboard/Applications page in API Store, for SANDBOX/PRODUCTION plan.

Response Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.

Response Body

Attribute

Type

Condition

Description

access Array of Account Access Mandatory  
recurringIndicator Boolean Mandatory  
validUntil ISODate Mandatory  
frequencyPerDay Integer Mandatory  
consentStatus Consent Status Mandatory The status of the consent resource.

 


Sample Response


		
{ "access": [{"accountId": "RO92UGBI0000012004307RON", "hasAllTransactions": true, "hasAllBalances": true}, {"accountId": "RO46UGBI0000102025863EUR", "hasAllTransactions": false, "hasAllBalances": true}], "recurringIndicator": false, "validUntil": "2020-02-10", "frequencyPerDay": "1", "combinedServiceIndicator": false, "consentStatus": "valid", "_links": {"account": {"href": "/accounts/v1" }

 

Deletes a given consent.

Path Parameters

Attribute

Type

Description

consentId UUID Contains the resource-ID of the consent to be deleted.

Request Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.
Authorization String Conditional Is contained only, if an OAuth2 based SCA was performed in the corresponding consent transaction or if OAuth2 has been used in a pre-step.
Client-ID String Mandatory TPP's Client ID, generated in Dynamic Registration.
Client-Secret String Mandatory TPP's Client Secret, generated in Dynamic Registration.

Response Header

Attribute

Type

Condition

Description

X-Request-ID UUID Mandatory ID of the request, unique to the call, as determined by the initiating party.


	

	


Types


	
	

Account Access

Attribute

Type

Condition

Description

accountId IBAN Mandatory Access to account information of "accoundId" is allowed.
hasAllTransactions Boolean Mandatory "true" means that access to transaction information of account "accoundId" is allowed.
hasAllBalances Boolean Mandatory "true" means that access to balance information of account "accoundId" is allowed.

 


Consent Status

Attribute

Description

received The consent data have been received and are technically correct. The data is not authorised yet.
rejected The consent data have been rejected e.g. since no successful authorisation has taken place.
partiallyAuthorised The consent is due to a multi-level authorisation, some but not all mandated authorisations have been performed yet.
valid The consent is accepted and valid for GET account data calls and others as specified in the consent object.
revokedByPsu The consent has been revoked by the PSU towards the ASPSP.
expired The consent expired.
terminatedByTpp The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource.

 


Response Codes

Code

Description

Type

200 OK ACCEPTED SUCCESS
201 OK RESOURCE CREATED
405 {http.method} Method Not Allowed CALL METHOD ERROR
400 Bad Request MISSING PARAMETERS
401 Invalid Credentials UNAUTHORIZED
404 Not Found NOT FOUND
500 Internal Server Error SYSTEM ERROR