Skip to main content
Create Embedded Account Authorisation
curl --request POST \
  --url https://api.yapily.com/embedded-account-auth-requests \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json;charset=UTF-8' \
  --data '
{
  "applicationUserId": "string",
  "institutionId": "fiducia-sandbox",
  "userCredentials": {
    "id": "6154057725",
    "password": "PISPWD12"
  }
}
'
{
  "meta": {
    "tracingId": "a9d8d8c5e6a84b00b8510d90c28cbbc6"
  },
  "data": {
    "id": "149da283-2958-4128-9d72-e3a02e8bb83d",
    "userUuid": "6b082877-b137-4743-bba3-07b6a8148b42",
    "applicationUserId": "string",
    "institutionId": "fiducia-sandbox",
    "status": "AWAITING_SCA_METHOD",
    "createdAt": "2021-06-09T11:47:24.513Z",
    "expiresAt": "2021-09-07T00:00:00Z",
    "timeToExpire": "P89DT12H12M35.472S",
    "featureScope": [
      "ACCOUNT_TRANSACTIONS",
      "ACCOUNTS",
      "ACCOUNT",
      "ACCOUNT_BALANCES"
    ],
    "state": "c99f35c118194737b83487a0e6a48ed9",
    "institutionConsentId": "4514274319060120226PSDLT-BL-LB002045CO9545RW",
    "scaMethods": [
      {
        "id": "962",
        "type": "CHIP_OTP",
        "description": "SmartTAN plus HHD 1.4"
      },
      {
        "id": "952",
        "type": "CHIP_OTP",
        "description": "SmartTAN optic"
      },
      {
        "id": "972",
        "type": "CHIP_OTP",
        "description": "SmartTAN optic/USB HHD 1.4"
      },
      {
        "id": "982",
        "type": "PHOTO_OTP",
        "description": "Smart-TAN photo"
      },
      {
        "id": "932",
        "type": "CHIP_OTP",
        "description": "SmartTAN plus"
      },
      {
        "id": "944",
        "type": "PUSH_OTP",
        "description": "SecureSIGN"
      },
      {
        "id": "942",
        "type": "SMS_OTP",
        "description": "mobile TAN"
      }
    ]
  }
}
Learn more: Embedded Account Flow

Authorizations

Authorization
string
header
required

Use HTTP Basic Authentication with your Application ID as username and Application Secret as password. Manage credentials in the Yapily Console. See Authentication for details.

Headers

psu-id
string

Conditional. Represents the user's login ID for the Institution to a personal account.

See PSU identifiers to see if this header is required.

psu-corporate-id
string

Conditional. Represents the user's login ID for the Institution to a business account.

See PSU identifiers to see if this header is required.

psu-ip-address
string

Conditional. The IP address of the PSU.

See PSU identifiers to see if this header is required.

sub-application
string<uuid>

The sub-application ID to which event type is being subscribed to

Body

application/json;charset=UTF-8
institutionId
string
required

Mandatory. The reference to the Institution which identifies which institution the authorisation request is sent to.

Example:

"yapily-mock"

userUuid
string<uuid>

User for which the authorisation request was created.

applicationUserId
string

Conditional. The user-friendly reference to the User that will authorise the authorisation request. If a User with the specified applicationUserId exists, it will be used otherwise, a new User with the specified applicationUserId will be created and used. Either the userUuid or applicationUserId must be provided.

Example:

"user-234562290"

forwardParameters
string[]

Extra parameters the TPP may want to get forwarded in the callback request after the PSU redirect.

callback
string

Optional. The server to redirect the user to after the user complete the authorisation at the Institution.

See Using a callback (Optional) for more information.

Example:

"https://display-parameters.com"

redirect
object

Optional. The server to redirect the user to after the user complete the authorisation at the Institution.

oneTimeToken
boolean

Conditional. Used to receive a oneTimeToken rather than a consentToken at the callback for additional security. This can only be used when the callback is set.

See Using a callback with an OTT (Optional) for more information.

Example:

false

userCredentials
object

Conditional. Used to capture the user's credentials to allow them to login to an Institution that uses the embedded account authorisation flow.

This is the first step required in the embedded account authorisation flow to authorise the Consent.

selectedScaMethod
object

Conditional. Used to update the authorisation with the sca method of the user's choice for the Institution that uses the embedded authorisation flow. If the user has multiple sca methods configured, the Institution will allow the user to select from each of these options.

When the user has multiple sca methods for the Institution, this is the second step required in the embedded authorisation flow to authorise the Consent.

Example:
{
  "id": "944",
  "type": "PUSH_OTP",
  "description": "SecureSIGN"
}
scaCode
string

Conditional. Used to update the authorisation with the sca code received by the user from the Institution using the embedded account authorisation flow.

This is the penultimate step required in the embedded account authorisation flow to authorise the Consent. After sending the sca code, to obtain an authorised consent, the last step is to poll Get Consent until the Institution authorises the request and the Consent status transitions to AUTHORIZED.

Example:

"325614"

accountRequest
object

Conditional. Used to further specify details of the Consent to request

Conditions:

  1. Mandatory to specify the individual scopes to request from the user at the Institution for an account authorisation
  2. Mandatory to specify an expiry time on the created Consent at which time will render it unusable
  3. Mandatory to specify the date range that the created Consent will be able to access transactions for (given the range is support for the Institution)

Response

Created

meta
object
data
object
links
object
forwardedData
object[]
raw
object[]
deprecated