bLink API - consent flow module (2.0.15.0-six_caas)
Download OpenAPI specification:Download
This is the specification of the bLink 'consent-flow' module API.
createPermission
Create a permission
path Parameters
| providerId required | string <= 30 characters id of the provider |
| userId required | string^([a-zA-Z0-9\-.]{1,250})$ The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously. For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID. Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call. |
header Parameters
| Authorization | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
Request Body schema: application/jsonrequired
When connecting a user, a permission needs to be created for accounts access. The user will be redirected to their chosen provider and will perform SCA - upon successful SCA with the provider, the permission will move to an authorized status. This call returns the details of the permission, including the URL where the user will be redirected for permission authorization. These are details of the implementation but concerning the SCA, each provider needs to be thoroughly tested by the consumer.
| username required | string <= 64 characters |
| csrf | string this property is deprecated and no longer serves any purpose. |
| externalReference | string <= 36 characters ^([a-zA-Z0-9 /\-?:().,']{1,500})$ An optional reference to identify the permission. This reference will be returned in the callback url after the authorization of the permission. |
| instanceId | string^([a-zA-Z0-9\-.]{1,64})$ Application instance id |
| scope required | string <= 256 characters OAuth2 scope to be added to the authorizationUrl. Multiple scopes are space-delimited |
| callback | string <= 256 characters The callback URL to which the resource owner is redirected after the permission creation request is completed. The URL must be registered with bLink. If the callback property is not specified, then the default callback URL is used. |
Responses
Request samples
- Payload
{- "username": "username",
- "csrf": "1234567890",
- "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
- "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3",
- "scope": "urn:blink:abc:srv",
}Response samples
- 201
- 400
- 401
- 403
- 404
- 500
{- "providerId": "1234",
- "username": "username",
- "permissionId": "c46d7cb8-500d-48ba-a085-671173a84cd3",
- "authorizationUri": "http://provider-example.com/authorize?redirect_uri=http%3A%2F%localhost&state=1234",
- "status": "received",
- "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
- "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3"
}retrievePermissions
Retrieve a list of permissions of a given provider and user ID
path Parameters
| providerId required | string <= 30 characters id of the provider |
| userId required | string^([a-zA-Z0-9\-.]{1,250})$ The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously. For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID. Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call. |
header Parameters
| Authorization | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-Instance-ID | string <= 64 characters (Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional). |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
[- {
- "providerId": "1234",
- "username": "hans.muster@six-group.com",
- "permissionId": "c46d7cb8-500d-48ba-a085-671173a84cd3",
- "status": "received",
- "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
- "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3",
- "scope": "urn:blink:abc:srv"
}
]retrievePermission
Retrieve a permission for a given provider, user ID and permission ID
path Parameters
| providerId required | string <= 30 characters id of the provider |
| userId required | string^([a-zA-Z0-9\-.]{1,250})$ The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously. For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID. Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call. |
| permissionId required | string <uuid> permission ID |
header Parameters
| Authorization | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-Instance-ID | string <= 64 characters (Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional). |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
{- "providerId": "1234",
- "username": "hans.muster@six-group.com",
- "permissionId": "c46d7cb8-500d-48ba-a085-671173a84cd3",
- "status": "received",
- "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
- "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3",
- "scope": "urn:blink:abc:srv"
}deletePermission
Revoke a permission for a given provider, user ID and permission ID
path Parameters
| providerId required | string <= 30 characters id of the provider |
| userId required | string^([a-zA-Z0-9\-.]{1,250})$ The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously. For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID. Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call. |
| permissionId required | string <uuid> permission ID |
header Parameters
| Authorization | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-Instance-ID | string <= 64 characters (Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional). |
Responses
Response samples
- 400
- 401
- 403
- 404
- 500
{- "type": "/problems/TECHNICAL_ERROR",
- "title": "This is the general problem description",
- "detail": "Detailed problem description with respect to the current request, e.g., invalid account number format",
- "instance": "path/to/corresponding/resource"
}refreshPermission
trigger token-refresh inside the permission for a given provider, user ID and permission ID
path Parameters
| providerId required | string <= 30 characters id of the provider |
| userId required | string^([a-zA-Z0-9\-.]{1,250})$ The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously. For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID. Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call. |
| permissionId required | string <uuid> permission ID |
header Parameters
| Authorization | string Bearer followed by a base64 encoded OAuth access token |
| X-Correlation-ID required | string <= 64 characters Unique ID (defined by the caller) which will be reflected back in the response. |
| User-Agent required | string Name and version of the of the Client software |
| X-PSU-IP-Address required | string IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-PSU-User-Agent required | string User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required) |
| X-Instance-ID | string <= 64 characters (Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional). |
Responses
Response samples
- 400
- 401
- 403
- 404
- 500
- 503
{- "type": "/problems/TECHNICAL_ERROR",
- "title": "This is the general problem description",
- "detail": "Detailed problem description with respect to the current request, e.g., invalid account number format",
- "instance": "path/to/corresponding/resource"
}