Account Information Services (AIS)
Learn more about how Yapily can help you unlock Open Banking for AIS.
In order to access a user's financial data, the user will need to authenticate with their financial institution and give explicit consent. In most cases, this
will involve redirecting users to the Institution authorisation screen either in the web browser or if on a mobile through the user's mobile banking application
by redirecting to the link provided by the Authorisation Url or QR Code Url. In any case, the goal is to obtain a consentToken which is supplied as the Consent
header parameter to sign financial data requests.
Account Authorisation Flow
The Account Authorisation Flow starts when your user (PSU) indicates their intent to share their account data with you.
Depending on the Institution your user wishes to share their account data from, the following flows may be necessary:
- Default One-legged Account Authorisation Flow
- Default Two-legged Account Authorisation Flow
- Decoupled Two-legged Account Authorisation Flow
AIS Consents
The Consent Status value that will be seen for an AIS related consent will depend on
- The type of authorisation required (dependent on the Institution and PSU) during the authorisation flow - e.g. Redirect, Decoupled or Embedded
- The success or failure of the authorisation process
- Actions that are performed by TPP, Instituion or PSU after an
AUTHORIZEDstate has been reached
Status Transitions
Revoked Consents
At any point in time, the user can revoke their consent directly in the Institution which will make the consent token unusable within Yapily.
In this case, the Consent status may still display as AUTHORIZED but will return 403 Forbidden errors when you attempt to use it to obtain financial data.
To resolve, you will need to create a new consent using the appropriate authorisation endpoint.
Re-Authorisation
A re-authorisation can be requested for a consent using Re-authorise Account Authorisation
This is typically to be used when:
- A consent-related failure keeps occuring (e.g. 401 status code) despite it being in
AUTHORIZEDstate - Enable a greater history of financial transactions to be retrieved (i.e. when a bank limits these to the first 5 minutes after consent creation)
- To increase the duration of the consent prior to it expiring. By default, an AIS
consent-tokenis valid for up to 90 days before requiring secure customer authentication (SCA) from the user again
If re-authorisation is not supported by the Institution, then you will need to obtain a new consent using the appropriate authorisation endpoint.
Limited Access
Different Institutions can enforce their own restrictions on some endpoints when obtaining financial data. The main example of this is when requesting transactional
data using GET Transactions where the request is for historical data (older than 90 days). We have seen Institutions limit the time
you can request historical data for as little as five minutes from when the authorisation was made. While you will still be able to use the consent-token to access
current data, your requests for historical data will be rejected. Yapily recommends that if you need historical data, that you retrieve it and store it within the first
five minutes of obtaining the consent-token.
Deleting Consents
Yapily also provides the means to delete a Consent from the api using DELETE Consent. By default, this will attempt to delete the Consent
both in the Yapily system and from the Institution. If this is not supported by the Institution, the Consent will only be deleted from the Yapily system.
Financial Data Features
The following financial data features are used to create or use an AIS consent-token:
| Feature | Description | Endpoint |
|---|---|---|
ACCOUNT |
Get account information for a single account. | GET Account |
ACCOUNTS |
Get account information for a list of accounts. | GET Accounts |
ACCOUNTS_WITHOUT_BALANCE |
Get account information for a list of accounts without any balance information. See CBI Globe Gateway to learn more. | GET Accounts |
ACCOUNT_BALANCES |
Get account balance information. See CBI Globe Gateway to learn more. | GET Balances |
ACCOUNT_DIRECT_DEBITS |
Get direct debits for an account. | GET Account Direct Debits |
ACCOUNT_PERIODIC_PAYMENTS |
Get periodic payments for an account. | GET Account Perioic Payments |
ACCOUNT_SCHEDULED_PAYMENTS |
Get scheduled payments for an account. | GET Account Scheduled Payments |
ACCOUNT_STATEMENT |
Get an account statement from an account. | GET Account Statement |
ACCOUNT_STATEMENTS |
Get a list of account statements from an account. | GET Account Statements |
ACCOUNT_STATEMENT_FILE |
Download an account statement from an account. | GET Account Statement File |
ACCOUNT_TRANSACTIONS |
Get account transactions. | GET Transactions |
ACCOUNT_TRANSACTIONS_WITH_MERCHANT |
Get account transaction including the merchant details associated with the transaction if there is any. e.g. Monzo provides merchant details with each transaction. | GET Transactions |
ACCOUNT_WITHOUT_BALANCE |
Get account information for a single account without any balance information. See CBI Globe Gateway to learn more. | GET Accounts |
IDENTITY |
Get identity information from the bank. | GET Identity |
INITIATE_ACCOUNT_REQUEST |
Create a request to access a user's financial data from their bank. | POST Create Account Authorisation |
INITIATE_PRE_AUTHORISATION |
Initiate a generic pre-authorisation request | POST Create Pre-authorisation |