Skip to main content

bLink API - consent flow module (2.0.15.1-six_caas)

Download OpenAPI specification:Download

This is the specification of the bLink 'consent-flow' module API.

permissions

permissions CaaS Permissions Endpoints

createPermission

Create a permission

path Parameters
providerId
required
string <= 30 characters

id of the provider

userId
required
string^([a-zA-Z0-9\-.]{1,250})$

The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously.

For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID.

Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call.

header Parameters
Authorization
string

Bearer followed by a base64 encoded OAuth access token

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-PSU-IP-Address
required
string

IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-PSU-User-Agent
required
string

User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

Request Body schema: application/json
required

When connecting a user, a permission needs to be created for accounts access. The user will be redirected to their chosen provider and will perform SCA - upon successful SCA with the provider, the permission will move to an authorized status. This call returns the details of the permission, including the URL where the user will be redirected for permission authorization. These are details of the implementation but concerning the SCA, each provider needs to be thoroughly tested by the consumer.

username
required
string <= 64 characters
csrf
string

this property is deprecated and no longer serves any purpose.

externalReference
string <= 36 characters ^([a-zA-Z0-9 /\-?:().,']{1,500})$

An optional reference to identify the permission. This reference will be returned in the callback url after the authorization of the permission.

instanceId
string^([a-zA-Z0-9\-.]{1,64})$

Application instance id

scope
required
string <= 256 characters

OAuth2 scope to be added to the authorizationUrl. Multiple scopes are space-delimited

callback
string <= 256 characters

The callback URL to which the resource owner is redirected after the permission creation request is completed. The URL must be registered with bLink. If the callback property is not specified, then the default callback URL is used.

Responses

Request samples

Content type
application/json
{
  • "username": "username",
  • "csrf": "1234567890",
  • "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
  • "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3",
  • "scope": "urn:blink:abc:srv",
}

Response samples

Content type
application/json
{}

retrievePermissions

Retrieve a list of permissions of a given provider and user ID

path Parameters
providerId
required
string <= 30 characters

id of the provider

userId
required
string^([a-zA-Z0-9\-.]{1,250})$

The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously.

For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID.

Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call.

header Parameters
Authorization
string

Bearer followed by a base64 encoded OAuth access token

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-PSU-IP-Address
required
string

IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-PSU-User-Agent
required
string

User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-Instance-ID
string <= 64 characters

(Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional).

Responses

Response samples

Content type
application/json
[
  • {
    }
]

retrievePermission

Retrieve a permission for a given provider, user ID and permission ID

path Parameters
providerId
required
string <= 30 characters

id of the provider

userId
required
string^([a-zA-Z0-9\-.]{1,250})$

The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously.

For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID.

Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call.

permissionId
required
string <uuid>

permission ID

header Parameters
Authorization
string

Bearer followed by a base64 encoded OAuth access token

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-PSU-IP-Address
required
string

IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-PSU-User-Agent
required
string

User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-Instance-ID
string <= 64 characters

(Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional).

Responses

Response samples

Content type
application/json
{
  • "providerId": "1234",
  • "username": "hans.muster@six-group.com",
  • "permissionId": "c46d7cb8-500d-48ba-a085-671173a84cd3",
  • "status": "received",
  • "externalReference": "93398946-b5a4-484c-b759-75eb22d0f40d",
  • "instanceId": "a3cfe345-3106-4548-b1c5-60e1bf263df3",
  • "scope": "urn:blink:abc:srv"
}

deletePermission

Revoke a permission for a given provider, user ID and permission ID

path Parameters
providerId
required
string <= 30 characters

id of the provider

userId
required
string^([a-zA-Z0-9\-.]{1,250})$

The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously.

For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID.

Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call.

permissionId
required
string <uuid>

permission ID

header Parameters
Authorization
string

Bearer followed by a base64 encoded OAuth access token

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-PSU-IP-Address
required
string

IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-PSU-User-Agent
required
string

User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-Instance-ID
string <= 64 characters

(Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional).

Responses

Response samples

Content type
application/problem+json
{
  • "type": "/problems/TECHNICAL_ERROR",
  • "title": "This is the general problem description",
  • "detail": "Detailed problem description with respect to the current request, e.g., invalid account number format",
  • "instance": "path/to/corresponding/resource"
}

refreshPermission

trigger token-refresh inside the permission for a given provider, user ID and permission ID

path Parameters
providerId
required
string <= 30 characters

id of the provider

userId
required
string^([a-zA-Z0-9\-.]{1,250})$

The Service User can choose the User-ID value freely. It is allowed to assign multiple User-ID values to the same Customer. The only requirement is that each User-ID can be traced back to the correct end-user unambiguously.

For a specific User-ID value and Provider ID combination, there can only be one valid Permission at a time. As soon as a new permission is initiated using the same User-ID and Provider ID, the bLink CaaS Service will revoke any previously valid permission of the same User-ID and Provider ID.

Please note: Even when using different User-IDs to create multiple valid permissions, it could still happen that the Service Provider doesn't allow multiple valid Access Tokens in parallel for the same E-Banking Access, which will result in previous permissions being invalidated as soon as they are used in an API-call.

permissionId
required
string <uuid>

permission ID

header Parameters
Authorization
string

Bearer followed by a base64 encoded OAuth access token

X-Correlation-ID
required
string <= 64 characters

Unique ID (defined by the caller) which will be reflected back in the response.

User-Agent
required
string

Name and version of the of the Client software

X-PSU-IP-Address
required
string

IP address of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-PSU-User-Agent
required
string

User agent of the user initiating the operation or AUTO for system triggered processes (SCOPE: SIX required)

X-Instance-ID
string <= 64 characters

(Deprecated) Identifies an on-prem application instance which uses a legacy on-prem certificate in the mTLS connection. Do not use the header otherwise. (SCOPE: SIX_CAAS - optional, SIX_CAAS_INTERNAL - optional).

Responses

Response samples

Content type
application/problem+json
{
  • "type": "/problems/TECHNICAL_ERROR",
  • "title": "This is the general problem description",
  • "detail": "Detailed problem description with respect to the current request, e.g., invalid account number format",
  • "instance": "path/to/corresponding/resource"
}