To access all AIS APIs, it is necessary to establish a consent between the TPP, the PSU and the ASPSP.
In this approach, the AISP has to proceed with an OAuth2 authorization in order to retrieve a time-limited access token.
This access token is mandatory to access all the AIS PSD2 APIs. It is associated to the consent established and validate thanks to a redirection of the PSU towards the ASPSP Authentication platform.
See How to Perform a Strong Customer Authentication for details.
Creates a consent resource at the ASPSP regarding access to accounts specified in this request. Specificities for this API are listed in the dedicated HowTo.
Creates an authorisation sub-resource of the consent resource and start the authorisation process.
The usage of this access method is only necessary if the TPP has asked to start the authorisation process separately from the consent establishment (using the “TPP-Explicit-Authorisation-Preferred” Header)
Requests an authorisation from a PSU following the OAuth2 protocol. Details of the authentication workflow and user interfaces are described in the dedicated HowTo section.
Our specificities regarding the OAuth2 protocol are listed below.
response_type : code
code_challenge_method : S256
After successful authorisation, the user will be redirected to the redirect URI provided in the request with the following parameters :
Requests an access token using the authorization code retrieved from the PSU authorization. This Access Token can be refreshed. The duration of access token is 1 hour, and the duration of refresh token is 90 days.
The TPP can retrieve the consent resource using the API above.
The TPP can retrieve the consent's status using the API above.
The TPP can retrieve the list of all the autorisations linked to the consent resource using the API above.
The TPP can retrieve the status of an autorisation linked to the consent resource using the API above.
The TPP can use this API to terminate a consent.
For specific BerlinGroup Implementation on the Account Information Service, please refer to the specific implementation How To.