List Of Transactions

General terms defined in the dictionary

Definition

Request the list of transactions for a given bank account.

If there is any reference to an existing account information consent (AisConsent) stored in the database of the TPP, the TPP will use this consent reference to forward the service request to the OpenBanking interface of the ASPSP.

If there is no such reference in the database of the TPP, the TPP will respond the FinTech to redirect the PSU to the ConsentAuthorizationApi of the TPP.

In order to uniquely identify the requesting PSU, the TPP uses a unique reference made out of: - the fintechId : the unique identifier of this FinTech in the realm of the TPP. This parameter is read from the FinTechContext transported as jwt-Token in the Authorization header of each FinTech request to the TPP. - the psu-id@fintech : the unique identifier of the PSU in the realm of the FinTech. This parameter is transported in the HttpHeader named: Fintech-User-ID

Diagram

Use Cases

LoT-010 FinTechUI.displayBankAccount(BankAccount)

After receiving the list of accounts, the FinTechUI can dsiplay a single bank account to the PSU.

LoT-020 : FinTechUI.selectService(listTransactions)

On of the services available when the FinTechUI present bank account details to the PSU is the "listOfTransactions". If selected by the PSU, the FinTechUI forwards the service call to the FinTechApi. The selection must be accompanied with some mandatory and optional service specifications. For example in the case of listOfTransactions, this the account-id is part of the request path and indicates the target account. The ListTransactionsSpec is used to describe additional optional request parameters.

LoA-021 : FinTechUI.readRedirectUrls(Fintech-Redirect-URL-OK,Fintech-Redirect-URL-NOK)

Read the redirect urls associated with this context. These are URL used to start the UI from the ConsentAuthorizeAPI.

LoT-030 : FinTechApi.listOfTransactions

Call specification: See [](See FinTechApi.listOfAccounts

The FinTechUI issues a listOfTransactions request to the FinTechAPI with: - SessionCookie and X-XSRF-TOKEN: The SessionCookie used to maintain association between FinTechUI and FinTechApi. It holds a session identifier. A corresponding XSRF-TOKEN is sent back and forth though the header and used to authenticate the SessionCookie. - The bank-id: passed as a query parameter and referencing the given BankProfile that contains meta information associated with the selected Bank. - The account-id: is sent as a path parameter and references the target bank account. - dateFrom: Starting date (inclusive the date dateFrom) of the transaction list, mandated if no delta access is required. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. - dateTo: End date (inclusive the data dateTo) of the transaction list, default is "now" if not given. Might be ignored if a delta function is used. For booked transactions, the relevant date is the booking date. For pending transactions, the relevant date is the entry date, which may not be transparent neither in this API nor other channels of the ASPSP. - deltaList: This data attribute indicates that the FinTech is in favour to get all transactions after the last report access for this PSU on the addressed account.
- entryReferenceFrom: This data attribute indicates that the FinTech is in favour to get all transactions after the transaction with identification entryReferenceFrom alternatively to the above defined period. This is an implementation of a delta access. If this data element is contained, the entries "dateFrom" and "dateTo" might be ignored by the ASPSP. - bookingStatus: To support the "pending" and "both" feature is optional for the ASPSP, Error code if not supported in the online banking frontend Default is "booked". - X-Request-ID: unique identifier that identifies this request throughout the entire processing chain. Shall be contained in HTTP Response as well.

LoT-031 : FinTechApi.checkAuthorization

Call specification: : checkAuthorization(SessionCookie,\nX-XSRF-TOKEN):psu-id@fintech Before proceeding with the request, the FinTechApi must validate the request for it authenticity and extract a unique identifier of the PSU in the world of the FinTech (psu-id@fintech). This validation also include the matching of the used cookie against the provided XSRF-Token.

LoT-032 : FinTechApi.userAgentContext

Parses the HTTP request and extract information associated with the user agent (see UserAgentContext). The UserAgentContext describes details associated with the user agent of the PSU. Generally not visible in the API as they are automatically provided by the user agent. The purpose is to transfer context specific information on both current Request and PsuUserAgent. Those information might later be required by the ASPSP like. Below is a non exhaustive list of UserAgent specific context information: * IP-Address, * IP-Port, * Accept, * Accept-Charset, * Accept-Encoding, * Accept-Language, * Device-ID, * User-Agent, * PSU-Geo-Location, * Http-Method.

LoT-033 : FinTechApi.loadServiceSession

Uses the given psu-id and service type to load a corresponding service session if the FinTech judges the request of the PSU is the repetition of an existing service request.

LoT-040 : TppBankingApi.listOfTransactions

Forwards the PSU request to TPP. See TppBankingApi.listOfAccounts.

LoT-041 TppBankingApi.checkAuthorization

verifies the authenticity of the Authorization header "FinTechContext". Returns the extracted fintechId.

LoT-042 TppBankingApi.serviceSpec

Put service parameter in a serviceSpec map for further processing.

LoT-043 TppBankingApi.serviceContext

Put all objects associated with the call into a generic ServiceContext object.

LoT-050 .. LoT-052 BankingProtocolFacade.service

See ListOfAccounts

LoT-060 .. LoT-067 : BankingProtocol.service

See ListOfAccounts

LoA-070 .. -080 : No Suitable Consent Present. Redirect

See ListOfAccounts

LoA-090 Suitable Consent Present

If there is a suitable consent reference in the database of the TPP, this will be loaded and used to forward request to the ASPSP.

LoA-091 : Forward Service Request to ASPSP

Service request is forwarded to the AspspBankingApi together with a reference to an AisConsent. The Associated TppContext contains TPP identifying information.

LoA-092 .. LoA-95 : Returned Service Response

The returned ListOfTransactionsResponse is wrapped into a BankingProtocolResponse that will travel through the call chain back to the FinTechApi.

LoA-096 FinTechApi.storeServiceSessionId

The FinTechApi will first store the service session for future reference.

LoA-096 FinTechApi:200_Accounts

The FinTechApi returns the payload to the FinTechUI together with a new SessionCookie.