...
We have used examples for a Payment Initiation Service journey, but the same principles apply for all Account Information Service journeys.
3.6.1
...
Model A: Static Customer identifier
A Decoupled authentication flow, where the Customer provides a static identifier to the Third Party which is used by the API Provider to notify the Customer, such that the Customer can authenticate using the API Provider app on a separate device or mobile application.
...
| Expand | ||||
|---|---|---|---|---|
| ||||
|
3.6.2
...
Model B: API Provider generated identifier
A Decoupled authentication flow where the Customer provides a dynamic identifier generated with their API Provider to the Third Party which is then used by the API Provider to identify the Customer through the API Provider appto authenticate and action the Third Party request.
...
| Expand | ||||
|---|---|---|---|---|
| ||||
|
3.6.3
...
Model C: Third Party generated identifier
A Decoupled authentication flow where the Customer is provided with an identifier generated by the Third Party, which is then used by the API Provider to identify the Customer through the API Provider app to authenticate and action the Third Party request.
...
| Expand | ||||
|---|---|---|---|---|
| ||||
|
3.6.4
...
Model D: Customer with a previously generated ID token
A Decoupled authentication flow where the Third Party provides the API Provider with an ID Token, generated by the API Provider from a previous consent authentication event. This is used by the API Provider to re-identify the Customer for a new authentication and authorisation event.
...