Account Setup Request Sandbox
This API Specification provides details of Account setup request REST API which is part of the Account Information and Transaction API specification. Account setup request API allows Account Information Service Providers (AISPs) to create intent (consent) to access the required account information as specified in the Open Banking specification.
A developer can also invoke the API using a REST client like Postman. To invoke the API, the developer needs to provide dummy data in the input parameters (e.g. Authorization header). The developer must provide a valid Client ID and Client Secret in the clientid and clientsecret header parameters.
Third Party Providers (TPP) needs to be registered with ICS to be able to offer account / balance / transaction information to ICS customers.
Please contact our support team to get registered as a valid TPP. TPP will receive a Client Id/Secret after successful registration.
An AISP starts on an Account Information journey by registering a request to access account information of a PSU (account-request). AISP then has to get the request authorized (Consent) by the PSU to enable it to request the information. Once the request is authorized, the AISP is able to invoke various account and transaction information APIs to retrieve the required data for the PSU’s account(s).
This flow begins with a PSU consenting to allow an AISP to access account information data:
A. Account Setup Request (Consent Setup)
As a first step, AISP connects with the API platform to setup the account request. On successful creation of an account request, AISP receives an account setup request identifier.
B. Authorize Consent*
Once the account setup request is successful, AISP can request PSU to authorize the consent with ICS (International Card Services).
The AISP will redirect the PSU to the ICS (International Card Services) API platform to initiate the consent authorization flow. The redirect includes the AccountRequestId generated in the previous step. This allows the API Platform, to correlate the account-request that was setup to the incoming request.
The ICS (International Card Services) API Platform requests the PSU to select the channel and then authenticates the PSU. It then displays the details of the account Setup Request to the PSU and requests the PSU to select the payment accounts to which the consent should be applied. Based on the PSU’s action, API platform marks the consent as authorized or rejected.
For ICS (International Card Services) only the following Consent permissions are supported:
ICS (International Card Services) specific validations:
ICS Consents are valid for a maximum of 90 days;
ICS allows a PSU to retrieve transaction data to a maximum of 3 years in the past.
On successful authorization of the consent, the AISP will receive an OAuth auth code which AISP can then use to get an Access Token.
C. Get Access Token*
Once the consent is authorized, TPP will receive an auth code which AISP can use to get an Access Token and Refresh Token. Access Token is short lived (5 minutes) and would be used while accessing the APIs. Refresh Token is long lived (90 days) and would be used to get new access token.
D. Request Data (API Invocation)
Once the TPP has the required Access Token, it can invoke the specific account information request API to get the required details.
For more details on the Account & Transaction APIs, please refer to the documentation for Account & Transaction Sandbox.
Before making specific account information API calls, the TPP would also need to invoke the GET /accounts API to get the unique AccountId(s) that are valid for the account-request (consent)
E. Account Setup Request status API Invocation
TPP can invoke the Account setup request API to retrieve the status of the Account request setup resource.
*Note : Features mentioned in above steps are currently not available in the sandbox.