Description and Details
This API initiates the authorization process for a previously created AISP (Account Information Service Provider) consent. The user provides consent to allow third-party providers (TPPs) to access account information. The endpoint redirects the user to authenticate and authorize the consent using a one-time password (OTP) and other verification parameters.
Endpoint
https://api-dev-isolution.xyz/aisp/authorize
VERB Method
GET
Request Headers Parameters
| Header Key | Value | Description |
|---|---|---|
| Content-Type | application/json | Indicates the request body format |
| Accept | application/json | Expected response format |
| Cache-Control | no-cache | Disables caching of the response |
| User-Agent | PostmanRuntime/7.x | Identifier for the HTTP client |
| Accept-Encoding | gzip, deflate, br | Supported content encoding |
| Connection | keep-alive | Maintains TCP connection |
| Host | (auto-generated) | Hostname of the API server |
| Postman-Token | (auto-generated) | Used for request tracking |
Body Request Parameters
| Parameter | Type | Description |
|---|---|---|
| consentType | string | Type of consent, e.g., "AISP" |
| expirationDateTime | string | Expiry time of the consent in ISO format |
| userId | string | Unique identifier for the user |
| userName | string | Username or email of the user |
| tppName | string | Name of the Third-Party Provider |
| tppRedirectURI | string | Redirect URI after authorization |
| tppState | string | Optional state parameter for redirection validation |
| tppKey | string | Key or identifier for the TPP |
| transactionFromDateTime | string | Start date for transaction data access (ISO format) |
| transactionToDateTime | string | End date for transaction data access (ISO format) |
| status | string | Authorization status, e.g., "Authorised" |
| permissions | array | List of access permissions (e.g., ReadAccountsDetail) |
| risk | object | Risk information object (can be empty {}) |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| code | string | Authorization code to be exchanged for a token |
| state | string | Echoes the original state parameter for validation |
HTTP Codes
| Code | Meaning |
|---|---|
| 302 | Found – Redirects user after consent |
| 400 | Bad Request – Invalid or missing fields |
| 401 | Unauthorized – Invalid credentials/OTP |
| 403 | Forbidden – Consent not approved |
| 500 | Internal Server Error – Server issue |