Description

To access all AIS APIs, it is necessary to establish a consent between the TPP, the PSU and the ASPSP.

Redirect OAuth2

In this approach, the AISP has to proceed with an OAuth2 authorization in order to retrieve a time-limited access token.
This access token is mandatory to access all the AIS PSD2 APIs. It is associated to the consent established and validate thanks to a redirection of the PSU towards the ASPSP Authentication platform.

Consent Establishment

Establish AIS Consent

POST /xs2a-service/v1/consents

Creates a consent resource at the ASPSP regarding access to accounts specified in this request. Specificities for this API are listed in the dedicated How to .

Authorise consent

Create an authorisation resource on a specific consent. Create a link descibed in section Build your authorize URL and follow to the online banking.

After successful authorisation, the PSU will be redirected to the redirect URI provided in the request with the following parameters :

https://your_redirect_uri?code=authorization_code&state=test

Access Token Request

POST /xs2a-service/oauth2/token

Requests an access token using the authorization code retrieved from the PSU authorization. This Access Token can be refreshed. The duration of access token is 1 hour, and the duration of refresh token is 90 days.

Consent Management

Retrieve the Consent

GET /xs2a-service/v1/consents/{consentId}

The TPP can retrieve the consent resource using the API above.

Retrieve the Consent’s status

GET /xs2a-service/v1/consents/{consentId}/status

The TPP can retrieve the consent's status using the API above.

Get the authorisations of a specific consent resource

Delete a Consent resource

DELETE /xs2a-service/v1/consents/{consentId}

The TPP can use this API to terminate a consent.

Specific BerlinGroup Implementation on Account Information Service

For specific BerlinGroup Implementation on the Account Information Service, please refer to the Specific BerlinGroup Implementation