Create PSD2 AIS Consent

Note. ConnectPay does not provide APIs to create and authorize Consent directly. Consent will be created in ConnectPay Auth Web App, to which PSU must be redirected via Get Secured Authorization API

To get PSD2 AIS Consent authorization URL, TPP must provide these parameters:

  • flowId – use value CreateAndAuthorizePSD2AISConsent
  • TPP-Redirect-URI – callback URL to where Person should be redirected back after authentication and authorization. Hostname in parameter will be validated against callback URL list, provided by TPP in APP configuration at Developer Portal.
    • Your callback URL cannot contain query parameters. There are no restrictions on path composition.
  • PSU-IP-Address – IP address of the PSU

Sample Request

curl --location --request POST 'https://api-stage.connectpay.com/auth/v1/oauth2/code' \
 --header 'Accept: application/json;version=2' \
 --header 'Content-Type: application/json' \
 --header 'X-Request-ID: 7ddf730a-d94e-40d4-8f25-1d654b5af404' \
 --header 'Authorization: Bearer b7b4e589-1418-3046-b804-c3ad92bed247' \
 --data-raw '{
   "flowId": "CreateAndAuthorizePSD2AISConsent",
   "TPP-Redirect-URI": "https://localhost/LKpQA0IRO5TqJB",
   "PSU-IP-Address": "12.156.12.214" }'

Sample Response

Response body will contain URL where to redirect PSU for authentication and Conent authorization. Generated URL is valid for one time only and cannot be reused.

{
   "_links": {
       "scaRedirect": {
           "href": "https://auth-stage.connectpay.com/auth/redirect?flowId=CreateAndAuthorizePSD2AISConsent&ApplicationId=b6d45a84-498a-3d98-af7c-64ae75d8d30a&redirectUrl=https://localhost&nonce=d867ed99-876f-4e88-9947-d5e353a7cccd"
       }
   }
}

Consent authorization flow

Login

When redirected, PSU will have to login using his/her ConnectPay credentials.

As TPP will use Access Token issued to certain Person/Customer pair, Person will not be asked to select the Customer.
Depending of existing Consent status, Person will be presented with one of 3 options:

Option 1 – No Consent – create new

If PSU does not have valid Consent (never gave Consent or Consent expired), PSU will be asked to create one with predefined options:

  • Access to all accounts
  • Maximal validity duration (90 days)
  • Multiple usage

PSU must confirm his Consent by entering OTP. Consent will be created and authorized in same procedure.

Option 2 – Existing valid Authorized Consent

In rare cases, Consent can exist, but TPP may not have a record of it on their system and may ask PSU to consent again. If there is a valid Consent registered at ConnectPay, PSU will be presented with details of existing Consent and redirected back to TPP with ConsentId in URL.

As valid Consent already exists, no new Consent is generated and authorization is not required.

Option 3 – Created, but not authorized Consent

In rare cases, Consent could be created but not authorized. In such case, PSUwill be presented with the details of existing Consent and will be asked to Authorize it or create a New one:

If PSU will choose to Create new, existing Consent will be revoked and new Consent will be created and authorized following same Option 1 – No Consent  -Create new flow

If PSU would choose to use Exising Consent, PSU will have to authorize it by entering OTP.

Redirect back to TPP

After Consent authorization procedure, PSU will be presented with Status page. When PSU will press Back to TPP button, he/she will be redirected back to TPP.  Callback URL will contain ConsentId that must be used in AIS API calls along with Access Token.

Sample callback URL

https://app.tpp.com/callback/?consentid=2f632262-0a87-47f6-8f59-abbbffb47851&flowId=CreateAndAuthorizePSD2AISConsent

Scroll to Top