Open Banking API
Create an account access consent
api
post
/account-access-consents

Create an account access consent

Before you can access any data from a Revolut user, you must create an access consent to read data from the user's profile.

note

When you create an account access consent, you must include a specific permission that follows the rules in the table below; otherwise, you get a 400 Bad request error.

Request Permissions

PERMISSIONSDEPENDENCIES
ReadAccountsBasicNone
ReadAccountsDetailNone
ReadBalancesNone
ReadBeneficiariesBasicNone
ReadBeneficiariesDetailNone
ReadDirectDebitsNone
ReadScheduledPaymentsBasicNone
ReadScheduledPaymentsDetailNone
ReadStandingOrdersBasicNone
ReadStandingOrdersDetailNone
ReadTransactionsBasicNone
ReadTransactionsCreditsReadTransactionsBasic OR ReadTransactionsDetail
ReadTransactionsDebitsReadTransactionsBasic OR ReadTransactionsDetail
ReadTransactionsDetailNone

See also Tutorials: Get account and transaction information.

Authorization

Each Open Banking API must contain an authorization header in the following format to make a call: Bearer <yourAccessToken>.

Before you start, ensure that you've got an access token with the correct scope using the /token endpoint. You need to get the authorization code first and exchange it for an access token.

danger

Never share your access_token with anyone, as it can be used to access the banking data that you have access to and initiate transactions.

For more information, see Tutorial: Get account and transaction information and Tutorial: Initiate your first payment as examples.

x-jws-signature

Open Banking API Payment requests additionally require a JSON Web Signature (JWS) which needs to be added to the header of the request. The JWS signature must be obtained using the full content of the payload.

Request

Default

Header Parameters
Header Parameters

The unique ID of the ASPSP that the request is issued to. The ID of Revolut is 001580000103UAvAAM.

Possible values: Value must match regular expression ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$

The date and time when the PSU last logged in with the TPP.

All dates in the HTTP headers are represented as RFC 7231 Full Dates. For example: Sun, 10 Sep 2017 19:43:31 UTC.

The IP address of the PSU if the PSU is logged in with the TPP.

An RFC4122 UUID used as a correlation ID.

The access token that you've generated. For more information, see Generate an access token.

The user agent that the PSU is using.

Request body
Body object

Possible values: [ReadAccountsBasic, ReadAccountsDetail, ReadBalances, ReadBeneficiariesBasic, ReadBeneficiariesDetail, ReadDirectDebits, ReadOffers, ReadPAN, ReadParty, ReadPartyPSU, ReadProducts, ReadScheduledPaymentsBasic, ReadScheduledPaymentsDetail, ReadStandingOrdersBasic, ReadStandingOrdersDetail, ReadStatementsBasic, ReadStatementsDetail, ReadTransactionsBasic, ReadTransactionsCredits, ReadTransactionsDebits, ReadTransactionsDetail], >= 1

Specifies the type of data access to the account. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP.

Specifies the date and time the permission expires. If this is not specified, the permission is open ended.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

Specifies the start date and time for the transaction query period. If this is not specified, the start date is open ended, and data is returned from the earliest available transaction.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

Specifies the end date and time for the transaction query period. If this is not specified, the end date is open ended, and data is returned to the latest available transaction.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

The Risk section contains the risk indicators that the initiating party sends to the ASPSP, which can be used to specify additional details for risk scoring for account information.

Response

Account Access Consents Created

HTTP Headers
HTTP Headers

An RFC4122 UUID used as a correlation ID.

Response body
Body object

Possible values: non-empty and <= 128 characters

The unique ID that is assigned to identify the account access consent resource.

The date and time when the account access consent was created.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

Possible values: [Authorised, AwaitingAuthorisation, Rejected, Revoked]

The status of the account access consent.

The date and time when the account access consent was created.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

Possible values: [ReadAccountsBasic, ReadAccountsDetail, ReadBalances, ReadBeneficiariesBasic, ReadBeneficiariesDetail, ReadDirectDebits, ReadOffers, ReadPAN, ReadParty, ReadPartyPSU, ReadProducts, ReadScheduledPaymentsBasic, ReadScheduledPaymentsDetail, ReadStandingOrdersBasic, ReadStandingOrdersDetail, ReadStatementsBasic, ReadStatementsDetail, ReadTransactionsBasic, ReadTransactionsCredits, ReadTransactionsDebits, ReadTransactionsDetail], >= 1

The type of data access to the account.

The date and time when the permission expires. If this is not specified, the permission is open ended.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

The start date and time for the transaction query period. If this is not specified, the start date is open ended, and data is returned from the earliest available transaction.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

The end date and time for the transaction query period. If this is not specified, the end date is open ended, and data is returned to the latest available transaction.

All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.

For example: 2017-04-05T10:43:07+00:00.

The Risk section contains the risk indicators that the initiating party sends to the ASPSP, which can be used to specify additional details for risk scoring for account information.

Links relevant to the payload.

The absolute URI to the resource.

The absolute URI to the next pagination resource.

The absolute URI to the previous pagination resource.

Meta data relevant to the payload.

Used for pagination. Indicates how many pages of results are available.

Was this page helpful?
Loading...