Skip to end of banner
Go to start of banner

Accounts v2.0.0-rc1

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Current »

Version Control

Version
Date
Author
Comments
1.0.001 March 2019Payments NZ API Working GroupBaseline specification for Accounts resource
v2.0-draft1
 
Gavin Wong (Unlicensed)

Updates:

  • Moved "Resource Definition" to top 42532932 section
  • In 42532932 table - have updated "Idempotent" column to "Idempotency Key" (aligned with OBIE v3.1.2)
  • Reworded 42532932 sections for clarity and consistency
  • Updated 42532932 and ReadPAN guidance (to align with OBIE v3.1.2)
  • Updated "Authorization Code" grant to "authorization flow (either redirect flow or decoupled flow)"
  • Updated 42532932 for consistency

  • Separated response object for /accounts and /accounts/{AccountId} so that response to /accounts/{AccountId} is a single object instead of an array

Errata:

  • Relabelled OBReadAccount1 as OBReadAccount2
  • Removed "When the Third Party request contains an unsupported account SchemeName, API Provider must return a status code of 400 (Bad Request)" as relates to Payment APIs.
  • Removed "When the Third Party request contains an unsupported currency, API Provider must return a status code of 400 (Bad Request)" as relates to Payment APIs.

Definition

The resource that represents the account to which credit and debit entries are made. Each account resource will have a unique and immutable AccountId.

Endpoints

ResourceEndpointMandatory?ScopeGrant TypeIdempotency KeyParametersRequest ObjectResponse Object
accounts

GET /accounts

Mandatory

accounts

Redirect Flow; or

Decoupled Flow


Pagination
OBReadAccount2
accountsGET /accounts/{AccountId}Mandatoryaccounts

Redirect Flow; or

Decoupled Flow




OBReadAccount3

GET /accounts

The first step for a Third Party after an account-access-consent is authorised - is to call the GET /accounts endpoint.

The API endpoint allows a Third Party to retrieve, from an API Provider, the full list of accounts (the AccountId(s)) that a Customer has authorised the Third Party to access.

  • The Third Party does this with the GET /accounts action.
  • The Third Party must have an access token issued by the API Provider using an authorization flow (either redirect flow or decoupled flow). 
  • The AccountId(s) returned from the API call can then be used to retrieve other resources for an account.
  • The Customer is only able to select which of their accounts are linked to the account access consent at the API Provider's interface. 

GET /accounts/{AccountId}

The API endpoint allows a Third Party to retrieve, from an API Provider, a specific account (AccountId) resource that a Customer has authorised the Third Party to access.

  • The Third Party does this with the GET /accounts/{AccountId} action.
  • The Third Party must have an access token issued by the API Provider using an authorization flow (either redirect flow or decoupled flow). 

Data Model

The OBReadAccount2 object will be used for the call to:

  • GET /accounts

The OBReadAccount3 object will be used for the call to:

  • GET /accounts/{AccountId}

Both OBReadAccount2 and OBReadAccount3 use the OBAccount2 class. However, the OBReadAccount3 has a single OBAccount2 object within the Data object; whereas the OBReadAccount2 object allows for an array of OBAccount2 objects.

UML Diagram

OBAccount2

OBReadAccount2

OBReadAccount3

Notes

  • The Account and Servicer blocks replicate what is used consistently throughout the Account Information APIs.
  • This structure has been designed to:
    • Reflect the DebtorAccount and DebtorAgent (and similarly for CreditorAccount and CreditorAgent) structures in the Third Party use case.
    • Having a SchemeName for the Account and Servicer blocks means we can be flexible to accommodate multiple types of accounts in the future.
  • SchemeName for PNZ is "BECSElectronicCredit"
  • Where "BECSElectronicCredit" is specified as the SchemeName in the Account identification section, the Servicer section must not be populated and the identification field must be populated with a structured bank account number in the form of 12-1234-1234567-12 where:
    • the first two digits are the bank number, which tells us which bank the account resides with;
    • the next four digits indicate the branch number, which tells us which branch of that bank the account is domiciled;  
    • the next seven digits indicate the account number; and
    • the last two digits indicate the account number suffix.
  • The SecondaryIdentification element can be used for the roll number for building societies

Permission Codes

The resource differs depending on the permissions (ReadAccountsBasic and ReadAccountsDetail) used to access resource. In the event the resource is accessed with both ReadAccountsBasic and ReadAccountsDetail, the most detailed level (ReadAccountsDetail) must be used.

  • These objects must not be returned without the ReadAccountsDetail permission:
    • OBAccount2/Account
    • OBAccount2/Servicer
  • If the ReadAccountsDetail is granted by the Customer:
    • OBAccount2/Account must be returned (1..1)
    • OBAccount2/Servicer may be returned if applicable to the account and API Provider (0..1)

If the ReadPAN permission is granted by the Customer, the API Provider may choose to populate the OBAccount2/Account/Identification with the unmasked PAN (if the PAN is being populated in the response).

Data Dictionary

OBAccount2

NameOccurrenceXPathEnhancedDefinitionClassCodesPattern
OBAccount2
OBAccount2Provides the details to identify an account.OBAccount2

AccountId1..1OBAccount2/AccountIdA unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.Max40Text

Currency1..1OBAccount2/CurrencyIdentification of the currency in which the account is held.

Usage: Currency should only be used in case one and the same account number covers several currencies
and the initiating party needs to identify which currency needs to be used for settlement on the account.		ActiveOrHistoricCurrencyCode[A-Z]{3,3}
AccountType0..1OBAccount2/AccountTypeSpecifies the type of account (personal or business).OBExternalAccountType1CodeBusiness
Personal
AccountSubType0..1OBAccount2/AccountSubTypeSpecifies the sub type of account (product family group).OBExternalAccountSubType1CodeChargeCard
CreditCard
CurrentAccount
EMoney
Loan
Mortgage
PrePaidCard
Savings
Description0..1OBAccount2/DescriptionSpecifies the description of the account type.Max35Text

Nickname0..1OBAccount2/NicknameThe nickname of the account, assigned by the account owner in order to provide an additional means of identification of the account.Max70Text

Account0..1OBAccount2/AccountProvides the details to identify an account.OBCashAccount2

SchemeName1..1OBAccount2/Account/SchemeNameName of the identification scheme, in a coded form as published in an external list.OBExternalAccountIdentification2CodeBECSElectronicCredit
Identification1..1OBAccount2/Account/IdentificationIdentification assigned by an institution to identify an account. This identification is known by the account owner.Max34Text

Name0..1OBAccount2/Account/NameName of the account, as assigned by the account servicing institution, in agreement with the account owner in order to provide an additional means of identification of the account.

Usage: The account name is different from the account owner name. The account name is used in certain user communities to provide a means of identifying the account, in addition to the account owner's identity and the account number.		Max70Text

SecondaryIdentification0..1OBAccount2/Account/SecondaryIdentificationThis is secondary identification of the account, as assigned by the account servicing institution. Max34Text

Servicer0..1OBAccount2/ServicerParty that manages the account on behalf of the account owner, that is manages the registration and booking of entries on the account, calculates balances on the account and provides information about the account.OBBranchAndFinancialInstitutionIdentification2

SchemeName1..1OBAccount2/Servicer/SchemeNameName of the identification scheme, in a coded form as published in an external list.OBExternalFinancialInstitutionIdentification2CodeBICFI
Identification1..1OBAccount2/Servicer/IdentificationUnique and unambiguous identification of the servicing institution.Max35Text

OBReadAccount2

NameOccurrenceXPathEnhancedDefinitionClassCodesPattern
OBReadAccount2
OBReadAccount2
OBReadAccount2

Data1..1OBReadAccount2/Data
OBReadDataAccount2

Account0..nOBReadAccount2/Data/AccountUnambiguous identification of the account to which credit and debit entries are made.OBAccount2

OBReadAccount3

NameOccurrenceXPathEnhancedDefinitionClassCodesPattern
OBReadAccount3
OBReadAccount3
OBReadAccount3

Data1..1OBReadAccount3/Data
OBReadDataAccount3

Account1..1OBReadAccount3/Data/AccountUnambiguous identification of the account to which credit and debit entries are made.OBAccount2

Enumerations

This section gives the definitions for enumerations used.

Code ClassName Definition 
OBExternalAccountIdentification2CodeBECSElectronicCredit An identifier used to uniquely identify the account of a customer at a financial institution, structured in the form of 12-1234-1234567-12 where:
  • the first two digits are the bank number, which tells us which bank the account resides with;
  • the next four digits indicate the branch number, which tells us which branch of that bank the account is domiciled;
  • the next seven digits indicate the account number; and
  • the last two digits indicate the account number suffix.
OBExternalFinancialInstitutionIdentification2CodeBICFIValid BICs for financial institutions are registered by the ISO 9362 Registration Authority in the BIC directory, and consist of eight (8) or eleven (11) contiguous characters.
OBExternalAccountSubType1CodeChargeCardAccount sub-type is a Charge Card.
OBExternalAccountSubType1CodeCreditCardAccount sub-type is a Credit Card.
OBExternalAccountSubType1CodeCurrentAccountAccount sub-type is a Current Account.
OBExternalAccountSubType1CodeEMoneyAccount sub-type is an EMoney.
OBExternalAccountSubType1CodeLoanAccount sub-type is a Loan.
OBExternalAccountSubType1CodeMortgageAccount sub-type is a Mortgage.
OBExternalAccountSubType1CodePrePaidCardAccount sub-type is a PrePaid Card.
OBExternalAccountSubType1CodeSavingsAccount sub-type is a Savings.
OBExternalAccountType1CodeBusinessAccount type is for business.
OBExternalAccountType1CodePersonalAccount type is for personal.

Usage Examples

Accounts - Bulk - Detail Permission

In this scenario, the ReadAccountsDetail permission has been granted.

The call to GET /accounts is the first step after an account-access-consent is authorised. This will allow the Third Party to discover which accounts (and AccountId values) are linked with the authorisation of consent. 

In this scenario, the ReadAccountsDetail permission has been granted.

Request

GET Accounts Request
GET /accounts HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-auth-date: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Response

GET Accounts Response
HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "Account": [
      {
        "AccountId": "22289",
        "Currency": "NZD",
        "AccountType": "Personal",
        "AccountSubType": "CurrentAccount",
        "Nickname": "Bills",
        "Account": {
          "SchemeName": "BECSElectronicCredit",
          "Identification": "12-1234-1234567-00",
          "Name": "Mr Kevin"
        }
      },
      {
        "AccountId": "31820",
        "Currency": "NZD",
        "AccountType": "Personal",
        "AccountSubType": "CurrentAccount",
        "Nickname": "Household",
        "Account": {
          "SchemeName": "BECSElectronicCredit",
          "Identification": "12-1234-1234567-25",
          "Name": "Mr Kevin"
        }
      }
    ]
  },
  "Links": {
    "Self": "https://examplebank.api.co.nz/open-banking-nz/v2.0/accounts"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Accounts - Specific Account - Detail Permission

A Third Party can also retrieve the account resource details specifically for AccountId 22289.

In this scenario, the ReadAccountsDetail permission has been granted.

Request

GET Accounts Request
GET /accounts/22289 HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-auth-date: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Response

GET Accounts Response
HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "Account": {
      "AccountId": "22289",
      "Currency": "NZD",
      "AccountType": "Personal",
      "AccountSubType": "CurrentAccount",
      "Nickname": "Bills",
      "Account": {
        "SchemeName": "BECSElectronicCredit",
        "Identification": "12-1234-1234567-00",
        "Name": "Mr Kevin"
      }
    }
  },
  "Links": {
    "Self": "https://examplebank.api.co.nz/open-banking-nz/v2.0/accounts/22289"
  },
  "Meta": {
    "TotalPages": 1
  }
}

Accounts - Bulk - Basic Permission

In this scenario, the ReadAccountsBasic permission has been granted.

Request

GET Accounts Request
GET /accounts HTTP/1.1
Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
x-fapi-auth-date: Sun, 10 Sep 2017 19:43:31 UTC
x-fapi-customer-ip-address: 104.25.212.99
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Accept: application/json

Response

GET Accounts Response
HTTP/1.1 200 OK
x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d
Content-Type: application/json
 
{
  "Data": {
    "Account": [
      {
        "AccountId": "22289",
        "Currency": "NZD",
        "AccountType": "Personal",
        "AccountSubType": "CurrentAccount",
        "Nickname": "Bills"
      },
      {
        "AccountId": "31820",
        "Currency": "NZD",
        "AccountType": "Personal",
        "AccountSubType": "CurrentAccount",
        "Nickname": "Household"
      }
    ]
  },
  "Links": {
    "Self": "https://examplebank.api.co.nz/open-banking-nz/v2.0/accounts"
  },
  "Meta": {
    "TotalPages": 1
  }
}


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.