Skip to main content

CreateConsentResponse

Body of the JSON response for a successful consent request.

    consentStatus ConsentStatus (string)required

    Possible values: [received, rejected, valid, revokedByPsu, expired, terminatedByTpp, partiallyAuthorised]

    This is the overall lifecycle status of the consent.

    consentId stringnullable

    ID of the corresponding consent object as returned by an account information consent request.

    scaMethods

    object[]

    nullable

    This data element might be contained, if SCA is required and if the PSU has a choice between different authentication methods.

    Depending on the risk management of the ASPSP this choice might be offered before or after the PSU has been identified with the first relevant factor,

    or if an access token is transported.

    If this data element is contained, then there is also a hyperlink of type 'startAuthorisationWithAuthenticationMethodSelection' contained in the response body.

    These methods shall be presented towards the PSU for selection by the TPP.

  • Array [

    • authenticationType ScaAuthenticationType (string)required

    Possible values: [smS_OTP, chiP_OTP, photO_OTP, pusH_OTP, smtP_OTP]

    Type of the authentication method.

    authenticationVersion stringnullable

    Depending on the "authenticationType". This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP?s documentation.

    authenticationMethodId stringrequired

    Possible values: non-empty and <= 35 characters

    An identification provided by the ASPSP for the later identification of the authentication method selection.

    name stringnullable

    This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like "SMS OTP on phone +49160 xxxxx 28". This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.

    explanation stringnullable

    Detailed information about the SCA method for the PSU.

  • ]

    • challengeData

    object

    It is contained in addition to the data element 'chosenScaMethod' if challenge data is needed for SCA.

    In rare cases this attribute is also used in the context of the 'startAuthorisationWithPsuAuthentication' link.

    myProperty bytenullable

    PNG data(max. 512 kilobyte) to be displayed to the PSU, Base64 encoding, cp. [RFC4648]. This attribute is used only, when PHOTO_OTP or CHIP_OTP is the selected SCA method.

    data stringnullable

    A collection of strings as challenge data.

    imageLink urinullable

    A link where the ASPSP will provides the challenge image for the TPP.

    otpMaxLength int32nullable

    The maximal length for the OTP to be typed in by the PSU.

    otpFormat OtpFormat (string)

    Possible values: [characters, integer]

    The format type of the OTP to be typed in. The admitted values are "characters" or "integer".

    additionalInformation stringnullable

    Additional explanation for the PSU to explain e.g. fallback mechanism for the chosen SCA method. The TPP is obliged to show this to the PSU

    chosenScaMethod

    object

    Authentication object.

    authenticationType ScaAuthenticationType (string)required

    Possible values: [smS_OTP, chiP_OTP, photO_OTP, pusH_OTP, smtP_OTP]

    Type of the authentication method.

    authenticationVersion stringnullable

    Depending on the "authenticationType". This version can be used by differentiating authentication tools used within performing OTP generation in the same authentication type. This version can be referred to in the ASPSP?s documentation.

    authenticationMethodId stringrequired

    Possible values: non-empty and <= 35 characters

    An identification provided by the ASPSP for the later identification of the authentication method selection.

    name stringnullable

    This is the name of the authentication method defined by the PSU in the Online Banking frontend of the ASPSP. Alternatively this could be a description provided by the ASPSP like "SMS OTP on phone +49160 xxxxx 28". This name shall be used by the TPP when presenting a list of authentication methods to the PSU, if available.

    explanation stringnullable

    Detailed information about the SCA method for the PSU.

    psuMessage stringnullable

    Possible values: <= 500 characters

    Text to be displayed to the PSU.

    _links

    object

    A list of hyperlinks to be recognised by the TPP.

    Type of links admitted in this response (which might be extended by single ASPSPs as indicated in its XS2A documentation):

    scaRedirect

    object

    Link to a resource.

    href stringnullable

    href Entry.

    scaOAuth

    object

    Link to a resource.

    href stringnullable

    href Entry.

    confirmation

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisation

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisationWithPsuIdentification

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisationWithPsuAuthentication

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisationWithEncryptedPsuAuthentication

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisationWithAuthenticationMethodSelection

    object

    Link to a resource.

    href stringnullable

    href Entry.

    startAuthorisationWithTransactionAuthorisation

    object

    Link to a resource.

    href stringnullable

    href Entry.

    self

    object

    Link to a resource.

    href stringnullable

    href Entry.

    status

    object

    Link to a resource.

    href stringnullable

    href Entry.

    scaStatus

    object

    Link to a resource.

    href stringnullable

    href Entry.