What this API does:
When using our Sandbox, we have a predefined, pre-authorised set of consents to be used within the environment. The predefined authorisation code is provided in the test data.
This API lets you create, remove and check customer consent status.
Before calling the API, you must have an access token issued by Virgin Money using a 'Client Credentials' grant.
This API does not support Readoffers or Readproducts permissions.
Endpoint configuration
Sandbox: cb.sandbox-api-nc.cybservices.co.uk/open-banking/v3.1/aisp/account-access-consents
Production: api.openbanking.virginmoney.com/open-banking/v3.1/aisp/account-access-consents
This API lets you ask Virgin Money to create a new account-access-consent resource:
- It lets you send a copy of the consent to Virgin Money to authorise access to account and transaction information
- You can’t pre-select a set of accounts for account-access-consent authorisation
- Virgin Money will create the account-access-consent resource and provide a unique ConsentID
- Before calling the API, you must have an access token issued by Virgin Money using a client credentials grant
We have a predefined, pre-authorised set of consents to be used within the Sandbox environment. The predefined authorisation code is provided in the test data. Link opens in a new window
Using the authorisation code, create request for a new token using grant type = authorization_code.
The token will return the consent ID as part of ID Token in the token response.
Sandbox: cb.sandbox-api-nc.cybservices.co.uk/open-banking/v3.1/aisp/account-access-consents/{ConsentId}
Production: api.openbanking.virginmoney.com/open-banking/v3.1/aisp/account-access-consents/{ConsentId}
You can retrieve an account-access-consent resource that you’ve created to check its status.
Before calling the API, you must have an access token issued by Virgin Money using a client credentials grant.
Sandbox: cb.sandbox-api-nc.cybservices.co.uk/open-banking/v3.1/aisp/account-access-consents/{ConsentId}
Production: api.openbanking.virginmoney.com/open-banking/v3.1/aisp/account-access-consents/{ConsentId}
If a customer revokes consent to data access you must delete the account-access-consent resource with Virgin Money before you confirm consent revocation with the customer.
API calls
Account Access
Name | Description | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
x-fapi-auth-date string (header) | The time when the PSU last logged in with the TPP. | ||||||||||||||
Content-Type * string (header) | application/json | ||||||||||||||
x-fapi-customer-ip-address string (header) | The PSU's IP address if the PSU is currently logged in with the TPP. | ||||||||||||||
x-fapi-interaction-id string (header) | An RFC4122 UID used as a correlation id. | ||||||||||||||
Authorization * string (header) | An Authorisation Token as per https://tools.ietf.org/html/rfc6750 Link opens in a new window | ||||||||||||||
body * (body) | { #/definitions/OBReadConsent1OBReadConsent1{
|
Responses
Code | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||
201 | Created { #/definitions/OBReadConsentResponse1OBReadConsentResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
401 | Unauthorized Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
404 | Not found Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Name | Description |
---|---|
x-fapi-auth-date string (header) | The time when the PSU last logged in with the TPP. |
x-fapi-customer-ip-address string (header) | The PSU's IP address if the PSU is currently logged in with the TPP. |
x-fapi-interaction-id string (header) | An RFC4122 UID used as a correlation id. |
Authorization * string (header) | An Authorisation Token as per https://tools.ietf.org/html/rfc6750 Link opens in a new window |
ConsentId * string (path) | ConsentId |
Responses
Code | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||
200 | OK { #/definitions/OBReadConsentResponse1OBReadConsentResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
401 | Unauthorized Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
404 | Not found Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
406 | Not Acceptable Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
429 | Too Many Requests Headers:
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Name | Description |
---|---|
x-fapi-auth-date string (header) | The time when the PSU last logged in with the TPP. |
x-fapi-customer-ip-address string (header) | The PSU's IP address if the PSU is currently logged in with the TPP. |
x-fapi-interaction-id string (header) | An RFC4122 UID used as a correlation id. |
Authorization * string (header) | An Authorisation Token as per https://tools.ietf.org/html/rfc6750 Link opens in a new window |
ConsentId * string (path) | ConsentId |
Responses
Code | Description | ||||||||||||||||||||||||
204 | No Content Headers:
| ||||||||||||||||||||||||
400 | Bad request { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||
401 | Unauthorized Headers:
| ||||||||||||||||||||||||
403 | Forbidden { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
| ||||||||||||||||||||||||
404 | Not found Headers:
| ||||||||||||||||||||||||
405 | Method Not Allowed Headers:
| ||||||||||||||||||||||||
406 | Not Acceptable Headers:
| ||||||||||||||||||||||||
429 | Too Many Requests Headers:
| ||||||||||||||||||||||||
500 | Internal Server Error { #/definitions/OBErrorResponse1OBErrorResponse1{
Headers:
|
Models
Date and time at which the resource was created.All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is below:
2017-04-05T10:43:07+00:00
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is below:
2017-04-05T10:43:07+00:00
description: | Links relevant to the payload |
Self* | string |
First | string |
Prev | string |
Next | string |
Last | string |
description: | Meta Data relevant to the payload |
TotalPages | integer($int32) |
FirstAvailableDateTime | ISODateTimestring($date-time) All dates in the JSON payloads are represented in ISO 8601 date-time format. |
LastAvailableDateTime | ISODateTimestring($date-time) All dates in the JSON payloads are represented in ISO 8601 date-time format. |
ErrorCode* | string Low level textual error code, e.g., UK.OBIE.Field.Missing |
Message* | string minLength: 1 maxLength: 500 A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future' |
Path | string minLength: 1 maxLength: 500 Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency |
Url | string URL to help remediate the problem, or provide more information, or to API Reference, or help etc |
description: | An array of detail error codes, and messages, and URLs to documentation to help remediation. | ||||||||
Code* | string minLength: 1 maxLength: 40 High level textual error code, to help categorize the errors. | ||||||||
Id | string minLength: 1 maxLength: 40 A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors. | ||||||||
Message* | string minLength: 1 maxLength: 500 Brief Error message, e.g., 'There is something wrong with the request parameters provided' | ||||||||
Errors* | [ minItems: 1#/definitions/OBError1OBError1{
|
Data* | {
| ||||||||
Risk* | #/definitions/OBRisk2OBRisk2{
|
Data* | {
| ||||||||||||||||
Risk* | #/definitions/OBRisk2OBRisk2{
| ||||||||||||||||
Links | #/definitions/LinksLinks{
| ||||||||||||||||
Meta | #/definitions/MetaMeta{
|
description: | The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info. |
Date and time at which the resource status was updated.All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is below:
2017-04-05T10:43:07+00:00
Having trouble?
Contact our dedicated team members via our ticketing system or via our support mailbox