2.2.1 Consent Capture
OBDX/ OBAPI support APIs as well as UX for Payment Service User (PSU) consent capture for a request from Third Party provider (TPP)
Prerequisite: TPP has registered with the ASPSP as a client to avail UK Open Banking services.
AISP Flow:
- During data request, TPP contacts ASPSP with their credentials
- ASPSP then directly contacts PSU to acquire consent for sharing the data with the TPP
- During this process, PSU sees the list of accounts that they have with the ASPSP and then selects the account for which the consent needs to be given
- Once consent is given by the PSU to ASPSP, ASPSP generates an authorisation token and shares the same with the TPP
- TPP uses this authorisation token and gets the access token from the ASPSP
- TPP can use this access token to access customer’s data for the specified time
Note:
In UK Open Banking an Account is identified using the Sort Code and Account number combination.Figure 2-2 AISP Consent Capture Screen - UK Open Banking
PISP Flow:
- During payment initiation request, TPP contacts ASPSP with their credentials and payment details
- ASPSP then directly contacts PSU to acquire consent for allowing payment initiation from their accounts.
- During this process, the PSU sees the list of accounts that they have with the ASPSP and then selects the account from which the payment needs to be initiated.
- Once consent is given by the PSU to ASPSP, ASPSP generates an authorisation token and shares the same with the TPP
- TPP uses this authorisation token and gets the access token from the ASPSP
- TPP uses this access token to initiate the payment
Figure 2-4 PISP Consent Capture Screen with Account Selection - UK Open Banking)
Parent topic: Consent Management