Skip to main content
Exchange OAuth2 Code
curl --request POST \
  --url https://api.yapily.com/consent-auth-code \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "authCode": "6b965fbb-ff09-4afa-b897-90c34797cb8f",
  "authState": "1270cb2ffc4842b78953afa2228e0a87"
}
'
{
  "id": "56a42244-414a-4b52-8c4f-4ad2a50e82fe",
  "userUuid": "ca412fdf-5a30-43a2-88b7-5964a24a8e55",
  "applicationUserId": "string",
  "institutionId": "modelo-sandbox",
  "status": "AUTHORIZED",
  "createdAt": "2021-06-08T10:59:35.138Z",
  "featureScope": [
    "ACCOUNT_BENEFICIARIES",
    "ACCOUNT_STATEMENT_FILE",
    "ACCOUNTS",
    "ACCOUNT_PERIODIC_PAYMENTS",
    "ACCOUNT_TRANSACTIONS",
    "ACCOUNT",
    "ACCOUNT_STATEMENTS",
    "ACCOUNT_SCHEDULED_PAYMENTS",
    "IDENTITY",
    "ACCOUNT_DIRECT_DEBITS",
    "ACCOUNT_STATEMENT",
    "ACCOUNT_BALANCES",
    "ACCOUNT_TRANSACTIONS_WITH_MERCHANT"
  ],
  "consentToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJJTlNUSVRVVElPTiI6Im1vZGVsby1zYW5kYm94IiwiQ09OU0VOVCI6IjU2YTQyMjQ0LTQxNGEtNGI1Mi04YzRmLTRhZDJhNTBlODJmZSIsIkFQUExJQ0FUSU9OX1VTRVJfSUQiOiJtb2ZlLTIiLCJVU0VSIjoiY2E0MTJmZGYtNWEzMC00M2EyLTg4YjctNTk2NGEyNGE4ZTU1In0.gorwpnUjSr5dzQJLR32M2geWOj7yK9xMsZmq27ssY9xP_xGmWfUL_aqVHYyQ4r5KWw6Xb6RjvO839st8chJLtg",
  "state": "a09f8ff9c1284444aa635267e05f76e1",
  "authorizedAt": "2021-06-08T10:59:53.288Z",
  "institutionConsentId": "aac-605d48f2-2a0e-4594-81a9-996524fa3b2a"
}
Learn more: Managing Consents

Authorizations

Authorization
string
header
required

Use HTTP Basic Authentication with your Application ID as username and Application Secret as password. Manage credentials in the Yapily Console. See Authentication for details.

Body

application/json

The request body containing the ConsentAuthCodeRequest json payload

authCode
string
required

Mandatory. The authorisation code

Example:

"6b965fbb-ff09-4afa-b897-90c34797cb8f"

authState
string
required

Mandatory. The authorisation state

Example:

"1270cb2ffc4842b78953afa2228e0a87"

Response

Ok

Consent detailing the requested authorisation from a user to a specific Institution.

id
string<uuid>

Unique identifier of the consent.

userUuid
string<uuid>
applicationUserId
string

Conditional. The user-friendly reference to the User that will authorise the authorisation request. If a User with the specified applicationUserId exists, it will be used otherwise, a new User with the specified applicationUserId will be created and used. Either the userUuid or applicationUserId must be provided.

referenceId
string
institutionId
string

Mandatory. The Institution the authorisation request is sent to.

status
enum<string>

Current status of the embedded authorisation request in code form.

Available options:
AWAITING_AUTHORIZATION,
AWAITING_FURTHER_AUTHORIZATION,
AWAITING_RE_AUTHORIZATION,
AUTHORIZED,
CONSUMED,
REJECTED,
REVOKED,
FAILED,
EXPIRED,
UNKNOWN,
INVALID,
AWAITING_DECOUPLED_PRE_AUTHORIZATION,
AWAITING_PRE_AUTHORIZATION,
PRE_AUTHORIZED,
AWAITING_DECOUPLED_AUTHORIZATION,
AWAITING_SCA_METHOD,
AWAITING_SCA_CODE
createdAt
string<date-time>

Date and time of when the consent was created.

transactionFrom
string<date-time>

When performing a transaction query using the consent, this is the earliest date of transaction records that can be retrieved.

transactionTo
string<date-time>

When performing a transaction query using the consent, this is the latest date of transaction records that can be retrieved.

expiresAt
string<date-time>

Date and time of when the authorisation will expire by. Reauthorisation will be needed to retain access.

timeToExpireInMillis
integer<int64>
deprecated
timeToExpire
string<iso8601>
featureScope
enum<string>[]

The set of features that the consent will provide access to.

Used to describe what functions are supported by the associated Institution.

For more information on each feature, see the following links:

Available options:
INITIATE_PRE_AUTHORISATION,
INITIATE_PRE_AUTHORISATION_ACCOUNTS,
INITIATE_PRE_AUTHORISATION_PAYMENTS,
INITIATE_ACCOUNT_REQUEST,
INITIATE_EMBEDDED_ACCOUNT_REQUEST,
ACCOUNT_REQUEST_DETAILS,
ACCOUNTS,
ACCOUNT,
ACCOUNT_TRANSACTIONS,
ACCOUNT_STATEMENTS,
ACCOUNT_STATEMENT,
ACCOUNT_STATEMENT_FILE,
ACCOUNT_SCHEDULED_PAYMENTS,
ACCOUNT_DIRECT_DEBITS,
ACCOUNT_PERIODIC_PAYMENTS,
ACCOUNT_TRANSACTIONS_WITH_MERCHANT,
IDENTITY,
ACCOUNTS_WITHOUT_BALANCE,
ACCOUNT_WITHOUT_BALANCE,
ACCOUNT_BALANCES,
INITIATE_SINGLE_PAYMENT_SORTCODE,
EXISTING_PAYMENT_INITIATION_DETAILS,
CREATE_SINGLE_PAYMENT_SORTCODE,
EXISTING_PAYMENTS_DETAILS,
INITIATE_DOMESTIC_SINGLE_PAYMENT,
INITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT,
CREATE_DOMESTIC_SINGLE_PAYMENT,
INITIATE_EMBEDDED_BULK_PAYMENT,
INITIATE_DOMESTIC_SINGLE_INSTANT_PAYMENT,
CREATE_DOMESTIC_SINGLE_INSTANT_PAYMENT,
INITIATE_DOMESTIC_VARIABLE_RECURRING_PAYMENT,
CREATE_DOMESTIC_VARIABLE_RECURRING_PAYMENT,
INITIATE_DOMESTIC_VARIABLE_RECURRING_PAYMENT_SWEEPING,
CREATE_DOMESTIC_VARIABLE_RECURRING_PAYMENT_SWEEPING,
INITIATE_DOMESTIC_SCHEDULED_PAYMENT,
CREATE_DOMESTIC_SCHEDULED_PAYMENT,
INITIATE_DOMESTIC_PERIODIC_PAYMENT,
CREATE_DOMESTIC_PERIODIC_PAYMENT,
PERIODIC_PAYMENT_FREQUENCY_EXTENDED,
INITIATE_INTERNATIONAL_SCHEDULED_PAYMENT,
CREATE_INTERNATIONAL_SCHEDULED_PAYMENT,
INITIATE_INTERNATIONAL_PERIODIC_PAYMENT,
CREATE_INTERNATIONAL_PERIODIC_PAYMENT,
INITIATE_INTERNATIONAL_SINGLE_PAYMENT,
CREATE_INTERNATIONAL_SINGLE_PAYMENT,
INITIATE_BULK_PAYMENT,
CREATE_BULK_PAYMENT,
TRANSFER,
OPEN_DATA_PERSONAL_CURRENT_ACCOUNTS,
OPEN_DATA_ATMS,
READ_DOMESTIC_SINGLE_REFUND,
READ_DOMESTIC_SCHEDULED_REFUND,
READ_DOMESTIC_PERIODIC_PAYMENT_REFUND,
READ_INTERNATIONAL_SINGLE_REFUND,
READ_INTERNATIONAL_SCHEDULED_REFUND,
ACCOUNT_BENEFICIARIES,
INITIATE_ONETIME_PRE_AUTHORISATION_PAYMENTS,
INITIATE_ONETIME_PRE_AUTHORISATION_ACCOUNTS,
INITIATE_ONETIME_PRE_AUTHORISATION,
VARIABLE_RECURRING_PAYMENT_FUNDS_CONFIRMATION
consentToken
string

Represents the authorisation to gain access to the requested features. Required to access account information or make a payment request.

state
string

Correlation ID used with the Institution during the authorisation process.

authorizedAt
string<date-time>

Date and time of when the request was authorised by the Institution.

lastConfirmedAt
string<date-time>

The time that the PSU last confirmed access to their account information, either through full authentication with the institution, or through reconfirmation with the TPP.

reconfirmBy
string<date-time>

The time by which the consent should be reconfirmed to ensure continued access to the account information.

institutionConsentId
string

Identification of the consent at the Institution.

isDeletedByInstitution
boolean

Denotes whether the consent has been deleted on the institution side or not when a DELETE method is executed on a Yapily consent if that functionality is provided by the institution

Example:

false