Learn more about how Yapily can help you unlock Open Banking for AIS.
In order to access a user's financial data, the user will need to authenticate with their financial institution and give explicit consent. In most cases, this will involve redirecting users to the Institution authorisation screen either in the web browser or if on a mobile through the user's mobile banking application by redirecting to the link provided by the Authorisation Url or QR Code Url. In any case, the goal is to obtain a consentToken which is supplied as the Consent header parameter to sign financial data requests.
The Account Authorisation Flow starts when your user (PSU) indicates their intent to share their account data with you. To formally obtain the user's authorisation, simply follow these steps:
institutionIdof their bank and
callback, which is the URL to return the user to after authorisation.
qrCodeUrl, which you should redirect the user to.
consent-tokenwill be returned to your
consent-tokencan be used to call the
Accountendpoint to retrieve the user's financial data.
It is also possible to complete the Account Authorisation Flow without a callback URL. Instead of redirecting the user back to your callback URL, you can poll the
GET consent endpoint. See Decoupled Account Authorisation Flow for more information.
The Dashboard allows you to add multiple callbacks if this is required for your application. If you have multiple callbacks at the same domain, you can simply add one callback at the domain with a trailing forward slash e.g. If your domain was https://tpp-application and you wanted to register the following two callbacks:
You could add
https://tpp-application/ as a single callback rather than individually defining both of these callbacks:
For testing, you can use the small utility created by Yapily (https://display-parameters.herokuapp.com/) as a callback to make consuming the consent-token easier for you when testing the authorisation flows (Remember to first add this as a callback to your application in the Yapily Dashboard).
As an addition, when using the above flow you can make use of the one-time-token when executing POST Create Account Authorisation Request to retrieve a consent-token without exposing it as a query string parameter at the callback:
AIS Consent tokens are valid for 90 days.
Once you have obtained an AIS consent token, you can use it to call the following financial data endpoints:
|ACCOUNT||Get account information for a single account.|
|ACCOUNTS||Get account information for a list of accounts.|
|ACCOUNTS_WITHOUT_BALANCE||Get account information for a list of accounts without any balance information. See CBI Globe Gateway to learn more.|
|ACCOUNT_BALANCES||Get account balance information. See CBI Globe Gateway to learn more.|
|ACCOUNT_DIRECT_DEBITS||Get direct debits for an account.|
|ACCOUNT_PERIODIC_PAYMENTS||Get periodic payments for an account.|
|ACCOUNT_REQUEST_DETAILS||Get account consent details.|
|ACCOUNT_SCHEDULED_PAYMENTS||Get scheduled payments for an account.|
After creating any authorisation request to access a user's financial data, in the event of a failure, Yapily will respond with an
error-description to help identify what went wrong. The following table summarises the list of possible values:
|Error source||Error||Institution Error|