Consents (1.0)

Download OpenAPI specification:Download

API Support: info-api@abanca.com

Authentication

BearerAuthOAuth

Bearer Token. Is needed, if an OAuth2 based authentication was performed in a pre-step or an OAuth2 based SCA was performed in an preceding AIS service in the same session.

Security scheme type: HTTP
HTTP Authorization Scheme bearer

The Consents API offers the following services

· Consent request with accounts list and access type · Consent details · Status information of a consent · Delete of active consent · Authorisation process for a given consen

Consents

Create consent

This method create a consent resource, defining access rights to dedicated accounts of a given PSU-ID (NBnet username). These accounts are addressed explicitly in the method as parameters as a core function. Side Effects When this Consent Request is a request where the "recurringIndicator" equals "true", and if it exists already a former consent for recurring access on account information for the addressed PSU, then the former consent automatically expires as soon as the new consent request is authorised by the PSU . Optional Extension: As an option, this bank accept a specific access right on the access on all psd2 related services for all available accounts. The relation to accounts is then handled afterwards between PSU and ABANCA. This last option is not supported for the Embedded SCA Approach. As a last option, the bank accept a command with access rights

  • to see the list of available payment accounts or
  • to see the list of available payment accounts with balances.

# Implicit Authorisation Model

An authorisation resource is created automatically by this method.

Authorizations:
header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
required
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%20%20%20%20%20%20%20%20%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-ID
string
Example: {PSU-ID}

Client ID of the PSU. NBnet Username.

  • Required in embedded approach
PSU-ID-Type
string
Example: {PSU-ID-Type}

Type of the PSU-ID. Not used.

PSU-Corporate-ID
string
Example: {PSU-Corporate-ID}

Only used in a corporate context. Corporate CIF

  • Required in embedded approach corporate context
PSU-Corporate-ID-Type
string
Example: {PSU-Corporate-ID-Type}

Only used in a corporate context. Only value 'CIF' is supported

TPP-Redirect-Preferred
string
Enum:"true" "false"

If it equals "true" or is omitted, the TPP prefers a redirect over an embedded SCA approach. If it equals "false", the TPP prefers not to be redirected for SCA. The bank will then choose the Embedded approach.

TPP-Redirect-URI
string <uri>

URI of the TPP, where the transaction flow shall be redirected to after a Redirect.

Mandated for the Redirect SCA Approach (including OAuth2 SCA approach), specifically when TPP-Redirect-Preferred equals "true".

TPP-Nok-Redirect-URI
string <uri>

If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.

TPP-Explicit-Authorisation-Preferred
string
Enum:"true" "false"

This preference will be ignored. Only implicit authorisations process is supported by ABANCA.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Request Body schema: application/json

Requestbody for a consents request

access
required
object (accountAccess)

Requested access services for a consent.

recurringIndicator
required
boolean (recurringIndicator)

"true", if the consent is for recurring access to the account data.

"false", if the consent is for one access to the account data.

validUntil
required
string <date> (validUntil)

This parameter is requesting a valid until date for the requested consent. The content is the local ASPSP date in ISO-Date Format, e.g. 2019-10-30.

In both cases the consent object to be retrieved by the GET Consent Request will contain the adjusted date.

frequencyPerDay
required
integer (frequencyPerDay)

This field indicates the requested maximum frequency for an access without PSU involvement per day. For a one-off access, this attribute is set to "1".

combinedServiceIndicator
required
boolean

If "true" indicates that a payment initiation service will be addressed in the same "session".

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

post /v1/consents

Production server

https://apiserv.novobanco.es/psd2/v1/consents

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents

Request samples

Content type
application/json
Example

Consent request on dedicated accounts

Copy
Expand all Collapse all
{
  • "access":
    {
    },
  • "recurringIndicator": "true",
  • "validUntil": "2019-12-01",
  • "frequencyPerDay": "4"
}

Response samples

Content type
application/json
Example

Response in case of the OAuth2 approach with an implicit generated authorisation resource

Copy
Expand all Collapse all
{
  • "consentStatus": "received",
  • "consentId": "b9460d0a-248e-11e9-ab14-d663bd873d93",
  • "_links":
    {}
}

Get Consent Request

Returns the content of an account information consent object. This is returning the data for the TPP especially in cases, where the consent was directly managed between Bank and PSU e.g. in a re-direct SCA Approach.

Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/consents/{consentId}

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}

Response samples

Content type
application/json

Consent request on account list or without indication of accounts

Copy
Expand all Collapse all
{
  • "access":
    {
    },
  • "recurringIndicator": "true",
  • "validUntil": "2019-11-01",
  • "frequencyPerDay": "4",
  • "consentStatus": "valid",
  • "_links":
    {
    }
}

Delete Consent

The TPP can delete an account information consent object if needed.

Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

delete /v1/consents/{consentId}

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}

Response samples

Content type
Copy
Expand all Collapse all
{
  • "tppMessages":
    [
    ],
  • "_links":
    {
    }
}

Consent status request

Read the status of an account information consent resource.

Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/consents/{consentId}/status

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}/status

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}/status

Response samples

Content type
application/json

Response for a consent status request.

Copy
Expand all Collapse all
{
  • "consentStatus": "valid"
}

Get Consent Authorisation Sub-Resources Request

Return a list of all authorisation subresources IDs which have been created.

This function returns an array of hyperlinks to all generated authorisation sub-resources.

Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/consents/{consentId}/authorisations

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}/authorisations

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}/authorisations

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "authorisationIds":
    [
    ]
}

Read the SCA status of the consent authorisation.

This method returns the SCA status of a consent initiation's authorisation sub-resource.

Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

authorisationId
required
string (authorisationId)
Example: 3696e0c8-248e-11e9-ab14-d663bd873d93

Resource identification of the related SCA.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

get /v1/consents/{consentId}/authorisations/{authorisationId}

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}/authorisations/{authorisationId}

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}/authorisations/{authorisationId}

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "scaStatus": "psuAuthenticated"
}

Update PSU Data for consents

This method update PSU data on the consents resource if needed. Authorise a consent within the Embedded SCA Approach where needed. Independently from the SCA Approach it supports e.g. the selection of the authentication method and a non-SCA PSU authentication. There are several possible Update PSU Data requests in the context of a consent request if needed, which depends on the SCA approach:

  • Embedded SCA Approach: The Update PSU Data Request might be used
    • to add credentials as a first factor authentication data of the PSU and
    • to select the authentication method and
    • transaction authorisation.

The SCA Approach might depend on the chosen SCA method. For that reason, the following possible Update PSU Data request can apply to all SCA approaches:

  • Select an SCA method in case of several SCA methods are available for the customer.

There are the following request types on this access path:

  • Update PSU Authentication
  • Select PSU Autorization Method
  • Transaction Authorisation

Test Requests

X-Request-ID Values to get specific responses
Authorizations:
path Parameters
consentId
required
string (consentId)
Example: b9460d0a-248e-11e9-ab14-d663bd873d93

ID of the corresponding consent object as returned by an Account Information Consent Request.

authorisationId
required
string (authorisationId)
Example: 3696e0c8-248e-11e9-ab14-d663bd873d93

Resource identification of the related SCA.

header Parameters
X-Request-ID
required
string <uuid>
Example: {X-Request-ID}

ID of the request, unique to the call, as determined by the initiating party.

Digest
string
Example: SHA-256%3Dhl1%2FEps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A%3D

Is contained if and only if the "Signature" element is contained in the header of the request.

Signature
string
Example: keyId%3D%22SN%3D9FA1%2CCA%3DCN%3DD-TRUST%2520CA%25202-1%25202015%2CO%3DD-Trust%2520GmbH%2CC%3DDE%22%2Calgorithm%3D%22rsa-sha256%22%2C%20headers%3D%22Digest%20X-Request-ID%20PSU-ID%20TPP-Redirect-URI%20Date%22%2C%20signature%3D%22Base64%28RSA-SHA256%28signing%20string%29%29%22%0A

A signature of the request by the TPP on application level. This might be mandated by ASPSP.

TPP-Signature-Certificate
string <byte>

The certificate used for signing the request, in base64 encoding. Must be contained if a signature is contained.

PSU-ID
string
Example: {PSU-ID}

Client ID of the PSU. NBnet Username.

  • Required in embedded approach
PSU-ID-Type
string
Example: {PSU-ID-Type}

Type of the PSU-ID. Not used.

PSU-Corporate-ID
string
Example: {PSU-Corporate-ID}

Only used in a corporate context. Corporate CIF

  • Required in embedded approach corporate context
PSU-Corporate-ID-Type
string
Example: {PSU-Corporate-ID-Type}

Only used in a corporate context. Only value 'CIF' is supported

PSU-IP-Address
string <ipv4>
Example: {PSU-IP-Address}

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

PSU-IP-Port
string
Example: {PSU-IP-Port}

The forwarded IP Port header field consists of the corresponding HTTP request IP Port field between PSU and TPP, if available.

PSU-Accept
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Charset
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Encoding
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-Accept-Language
string

The forwarded IP Accept header fields consist of the corresponding HTTP request Accept header fields between PSU and TPP, if available.

PSU-User-Agent
string

The forwarded Agent header field of the HTTP request between PSU and TPP, if available.

PSU-Http-Method
string
Enum:"GET" "POST" "PUT" "PATCH" "DELETE"

HTTP method used at the PSU ? TPP interface, if available. Valid values are:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE
PSU-Device-ID
string <uuid>
Example: {PSU-Device-ID}

UUID (Universally Unique Identifier) for a device, which is used by the PSU, if available. UUID identifies either a device or a device dependant application installation. In case of an installation identification this ID need to be unaltered until removal from device.

PSU-Geo-Location
string(GEO:)[0-9]{1,3}\.[-][0-9]{6}\,[-][0-9]{1,3}\.[0-9]{6}
Example: {PSU-Geo-Location}

The forwarded Geo Location of the corresponding http request between PSU and TPP if available.

Request Body schema: application/json
One of
  • any
  • updatePsuAuthentication
  • selectPsuAuthenticationMethod
  • transactionAuthorisation
any

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not found

405

Method Not Allowed

406

Not Acceptable

408

Request Timeout

415

Unsupported Media Type

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable

put /v1/consents/{consentId}/authorisations/{authorisationId}

Production server

https://apiserv.novobanco.es/psd2/v1/consents/{consentId}/authorisations/{authorisationId}

sandbox

https://api.novobanco.es/psd2/sandbox/consents/v1/consents/{consentId}/authorisations/{authorisationId}

Request samples

Content type
application/json
Example

Update PSU Authentication request body for the embedded approach.

Copy
Expand all Collapse all
{
  • "psuData":
    {
    }
}

Response samples

Content type
application/json
Example

Response of an Update PSU Authentication for a consent request for the embedded approach.

Copy
Expand all Collapse all
{
  • "scaStatus": "psuAuthenticated",
  • "_links":
    {
    }
}