Create Bank Consent
POST {{base_url}}/banking/v2/consents
Before the user can sign in, a bank consent needs to be created in order to get the consent id and the authorisation date. By default, the consent lasts for 90 days as per Open Banking regulations. After 90 days, consent will have to be requested again.
By default, a bank consent will be created to request all bank data from the user. If you want to request specific data, you can specify that in permissions.
Calling this endpoint will return a signInUrl for the user's bank, and a unique consentId that must be used in the Put bank consent
request.
On successful authentication, a code, id_token, and state will be returned along with the bankId.
Attributes
| Field | Type | Description |
|---|---|---|
| redirect | string (link) | URL to redirect to after the bank account is added |
| permissions | string | {READALLBANKDATA (download all bank data), READACCOUNTSDETAIL (download account details only)} |
| bankId | integer | Unique identifier for the bank |
| code | string | Temporary code to be exchanged for access token with the bank |
| id_token | string | Base64 encoded JSON for verifying state and token’s validity |
| state | string | Base64 encoded JSON containing information about the original request to persist the state throughout the user journey |
| state->nonce | string | String value used to associate a client session with an ID Token, and to mitigate replay attacks (for internal use) |
| state->reRed | string | Redirect URL |
| state->accReq | string | tomato pay consentId |
| state->bId | integer | bankId (Unique identifier for the bank) |
| state->consentId | string | bank consentId |
If a permission is not provided, then READALLBANKDATA permission will be requested by default.
Error Messages
| Condition | Response Status | Response Body |
|---|---|---|
| Missing redirect | 400 Bad Request | {error: "Missing/Invalid redirect”} |
| Invalid redirect | 400 Bad Request | {error: "Missing/Invalid redirect”} |
| Invalid bankId | 403 Forbidden | |
| Bank error | 502 Bad Gateway | {“error”: “Bank error”} |
| Server error | 500 Internal server error |
Request Body
{"redirect"=>"redirect_URL", "permissions"=>"READALLBANKDATA", "bankId"=>"6"}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
X-Partner-Id | string | ||
X-Api-Key | string | ||
Authorization | string | ||
X-Company-Id | string |
RESPONSES
status: Created
{"signInUrl":"Bank's signInUrl","consentId":"ConsentID123","bankId":6,"permissions":"ReadAllBankData"}