Description and Details
This API allows the creation of an access consent intent, enabling third-party providers (TPPs) to request user authorization for access to account information. It is a critical part of the Account Information Service Provider (AISP) flow, typically used before redirecting the user for consent authorization.
Endpoint
https://api-dev-isolution.xyz/opentest/v1/access-consent
Verb Method
POST
Headers Request Parameters
| Header Key | Value | Description |
|---|---|---|
| Content-Type | application/json | Specifies the media type of the request body |
| Accept | application/json | Indicates expected response format |
| Authorization | Bearer {access_token} | Required bearer token obtained via /token |
Body Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| consentType | string | Yes | Type of consent (e.g., "AISP") |
| expirationDateTime | string | Yes | Expiry of the consent (ISO 8601 format) |
| userId | string | Yes | Unique user identifier |
| userName | string | Yes | Username or user email |
| tppName | string | Yes | Name of third-party provider |
| tppRedirectURI | string | Yes | Redirect URI after consent authorization |
| tppState | string | Optional | State string to validate redirection |
| tppKey | string | Optional | Key or reference identifier for the TPP |
| transactionFromDateTime | string | Yes | Start date for transaction data access |
| transactionToDateTime | string | Yes | End date for transaction data access |
| status | string | Yes | Initial status (e.g., "AwaitingAuthorisation") |
| permissions | array | Yes | Permissions being requested (e.g., ReadBalances) |
| risk | object | Yes | Risk evaluation object (can be an empty object) |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| consent_id | string | Unique identifier for the consent |
| status | string | Status of the consent |
| statusUpdateDateTime | string | Timestamp of latest update |
| creationDateTime | string | Consent creation timestamp |
| expirationDateTime | string | Consent expiration date |
| transactionFromDateTime | string | Data access start date |
| transactionToDateTime | string | Data access end date |
| meta | object | Optional meta block (can be null) |
HTTP Codes
| Code | Meaning |
|---|---|
| 200 | OK – Consent created successfully |
| 400 | Bad Request – Missing/invalid parameters |
| 401 | Unauthorized – Token missing/invalid |
| 403 | Forbidden – Scope or permission denied |
| 500 | Internal Server Error |