How to Create and Authorise a Confirmation of Funds Consent
Creation and Authorisation of a Confirmation of Funds Consent in Steps
This article gives an example of the creation and authorisation of a consent that allows a TPP to request confirmation of available funds on a single account of a PSU.
Learn more about the funds confirmation service How to Request Information about Available Funds.
In this example, the embedded SCA approach is used. Learn more about SCA approaches that are supported in XS2A Supported Authentication Methods.
Prerequisites
Your certificate must contain the PSP role = PSP_IC.
Step 1 - Consent creation
In this step, a request to create a consent with consent data is sent to XS2A.
XS2A validates the role from the certificate, PSU-ID, and request syntax. If all the validations have been completed successfully, XS2A returns a consentId.
It means that a consent resource has been created and must be authorised by PSU.
The created consent resource will be accessible under the given consentId during 30 minutes from the moment of creation. Authorisation of given consent must be completed within this time.
If a consent is not authorised and its validity time is over, access to this resource will be canceled, and the consent creation flow will be terminated.
Flow
Go to
/v2/consents/confirmation-of-fundsFill in mandatory data
Data field | Value |
|---|---|
HTTP-Method |
|
Header | one of PSU-IDs from Sandbox Test Accounts and Test Data |
Header | Random UUID for this request |
Fill in consent data according to the consent model
Execute the request.
The response should have the HTTP status code:
201- CreatedFor examples of the response payload, see XS2A OpenAPI Reference
Step 2 - Consent authorisation initiation
In this step, consent authorisation is initiated.
XS2A validates the role from the certificate, consentId, and request syntax. If all the validations have been completed successfully, XS2A returns an authorisationId inside the updatePsuAuthentication link.
It means that an authorisation sub-resource has been created for given consentId.
The created authorisation sub-resource will be accessible under the given authorisationId during 30 minutes from the moment of creation. Authorisation of given consent must be completed within this time.
If a consent is not authorised and its validity time is over, access to this resource will be canceled, and the consent creation flow will be terminated.
Flow
Go to
/v2/consents/confirmation-of-funds/{consentId}/authorisationsor follow thestartAuthorisationlink from the response in Step 1.Fill in mandatory data
Data field | Value |
|---|---|
HTTP-Method |
|
Header | same as in Step 1 |
Header | Random UUID for this request |
URL path variable |
|
Body | no body |
Execute the request.
The response should have the HTTP status code:
201- CreatedFor examples of the response payload, see XS2A OpenAPI Reference
Step 3 - Provide PSU password
In this step, PSU password must be provided.
Please, use the correspondent password from Sandbox Test Accounts and Test Data.
Flow
Go to
/v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}or follow theupdatePsuAuthenticationlink from the response in Step 2.Fill in mandatory data
Data field | Value |
|---|---|
HTTP-Method |
|
Header | same as in Step 1 |
Header | Random UUID for this request |
URL path variable |
|
URL path variable |
|
Fill in the body of
psuDataExecute the request.
The response should have the HTTP status code:
200- OkFor examples of the response payload, see XS2A OpenAPI Reference
Step 4 - Select the SCA method
PSU was authenticated successfully with its PSU-ID and password in the previous step, and now XS2A offers a selection of authentication methods.
An authentication method is a format of the 2nd factor that must be provided by PSU in order to complete the authorisation of a consent.
To trigger Decoupled SCA please use authenticationMethodId where authenticationType = PUSH_OTP in the response in Step 3.
Flow
Go to
/v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}or follow theselectAuthenticationMethodlink from the response in Step 3.Fill in mandatory data
Data field | Value |
|---|---|
HTTP-Method |
|
Header | same as in Step 1 |
Header | Random UUID for this request |
URL path variable |
|
URL path variable |
|
Fill in the body of
authenticationMethodIdExecute the request.
The response should have the HTTP status code:
200- OkFor examples of the response payload, see XS2A OpenAPI Reference
authoriseTransaction link will only be returned if EMBEDDED SCA has been chosen.
Step 5 - Provide 2nd factor
This is the final step where PSU completes consent authorisation by providing the 2nd factor.
In real-life operations, a Bank will generate and send the 2nd factor to PSU.
In the Sandbox the behaviour of a bank is simulated: XS2A doesn't generate and sent any 2nd factors but offers a default format of authentication data. Please see Sandbox Test Accounts and Test Data.
Flow
Go to
/v2/consents/confirmation-of-funds/{consentId}/authorisations/{authorisationId}or follow theauthoriseTransactionlink from the response in Step 4.Fill in mandatory attributes
Data field | Value |
|---|---|
HTTP-Method |
|
Header | same as in Step 1 |
Header | Random UUID for this request |
URL path variable |
|
URL path variable |
|
Fill in the body of
scaAuthenticationDataaccording to the authentication method selected in the previous step. Please see Sandbox Test Accounts and Test Data.The response should have the HTTP status code:
200- OkFor examples of the response payload, see XS2A OpenAPI Reference