Update Embedded Account Authorisation
Used to pass the SCA Code received from the Institution (and the SCA method selected by the user where multiple SCA methods are supported by the Institution) in order to complete the embedded authorisation to access the user’s financial data.
Feature: INITIATE_EMBEDDED_ACCOUNT_REQUEST
Authorizations
Use HTTP Basic Authentication with your Application ID as username and Application Secret as password. Manage credentials in the Yapily Console. See Authentication for details.
Headers
Conditional. Represents the user's login ID for the Institution to a personal account.
See PSU identifiers to see if this header is required.
Conditional. Represents the user's login ID for the Institution to a business account.
See PSU identifiers to see if this header is required.
Conditional. The IP address of the PSU.
See PSU identifiers to see if this header is required.
The sub-application ID to which event type is being subscribed to
Path Parameters
Mandatory. The consent Id of the Consent to update.
Body
Mandatory. The reference to the Institution which identifies which institution the authorisation request is sent to.
"yapily-mock"
User for which the authorisation request was created.
Conditional. The user-friendly reference to the User that will authorise the authorisation request. If a User with the specified applicationUserId exists, it will be used otherwise, a new User with the specified applicationUserId will be created and used. Either the userUuid or applicationUserId must be provided.
"user-234562290"
Extra parameters the TPP may want to get forwarded in the callback request after the PSU redirect.
Optional. The server to redirect the user to after the user complete the authorisation at the Institution.
See Using a callback (Optional) for more information.
"https://display-parameters.com"
Optional. The server to redirect the user to after the user complete the authorisation at the Institution.
Conditional. Used to receive a oneTimeToken rather than a consentToken at the callback for additional security. This can only be used when the callback is set.
See Using a callback with an OTT (Optional) for more information.
false
Conditional. Used to capture the user's credentials to allow them to login to an Institution that uses the embedded account authorisation flow.
This is the first step required in the embedded account authorisation flow to authorise the Consent.
Conditional. Used to update the authorisation with the sca method of the user's choice for the Institution that uses the embedded authorisation flow. If the user has multiple sca methods configured, the Institution will allow the user to select from each of these options.
When the user has multiple sca methods for the Institution, this is the second step required in the embedded authorisation flow to authorise the Consent.
{
"id": "944",
"type": "PUSH_OTP",
"description": "SecureSIGN"
}Conditional. Used to update the authorisation with the sca code received by the user from the Institution using the embedded account authorisation flow.
This is the penultimate step required in the embedded account authorisation flow to authorise the Consent. After sending the sca code, to obtain an authorised consent, the last step is to poll Get Consent until the Institution authorises the request and the Consent status transitions to AUTHORIZED.
"325614"
Conditional. Used to further specify details of the Consent to request
Conditions:
- Mandatory to specify the individual scopes to request from the user at the
Institutionfor an account authorisation - Mandatory to specify an expiry time on the created
Consentat which time will render it unusable - Mandatory to specify the date range that the created
Consentwill be able to access transactions for (given the range is support for theInstitution)