Developer portal
Switch Language
Account Information Services

KBC/CBC/KBC Brussels PSD2 API Account Information Services
3.0.2

PSD2 Payments

PSD2 has opened the door to Account Information Services (AIS), which allow account information to be shared via regulated account information service providers (AISPs) at the specific request of the account holders.

 

What is Account Information Service (AIS)?

An Account Information Service (AIS) is an online service that provides consolidated information on payment accounts held by a payment service user with payment service providers. This will ensure that account information service providers (AISPs) can receive access to payment accounts, whilst also placing requirements on them to ensure security for users.

 

API endpoints

 

Link

Resource

Endpoints

Account Access Consent

account-access-consents

POST /consents

Balances

balances

GET /accounts/{account-id}/balances

Transactions

transactions

GET /accounts/{account-id}/transactions

 

How does it work?

KBC/CBC has developed its APIs according to the Berlin Group NextGenPSD2 Framework Implementation Guidelines. The terminology is therefore based on those guidelines.

Step 1: request account information

  • The process begins with a PSU giving its consent to an AISP accessing certain account information.
     

Step 2: set up account access consent

  • The AISP connects to KBC/CBC’s API Gateway and creates an account-access-consent resource.
  • This informs KBC/CBC that one of its PSUs is giving the AISP access to account and/or transaction information.
  • KBC/CBC responds with a ConsentId, which is an intent identifier for the resource.
  • This step includes a POST request to the /account-access-consents endpoint.
  • The account-access-consents resource includes the following fields:
    • Permissions – a list of data clusters for which access consent has been granted
    • Expiration date – date when the AISP can no longer access the PSU's data
    • Transaction validity period – the from/to date range that specifies a historical period for transactions and statements that can be accessed by the AISP
  • An AISP can act as a data broker for other parties, so a PSU can have multiple account-access-consents resources for the same accounts with different agreed consent/authorisation parameters.
     

Step 3: consent

  • The AISP requests the PSU to authorise the AISP to provide services that enable account information access and to gain access to this information for the specified payment accounts and the corresponding payment transactions.
  • The AISP redirects the PSU to the ASPSP.
  • The redirection includes the ConsentId that was generated in the previous step.
  • This allows the ASPSP to identify the account-access-consent resource that was set up.
  • The ASPSP authenticates the PSU.
  • The ASPSP updates the status of the account-access-consent resource internally to indicate that the account-access-consent resource has been authorised.
  • Once the consent has been authorised, the PSU is redirected back to the AISP.
  • The consent is managed by the PSU and the AISP – the account-access-consent details must not be changed in this step.
  • The PSU can only authorise or reject the entire set of account-access-consent details.
  • During the authorisation, the PSU selects the accounts to be authorised in the AISP request in the ASPSP's banking interface.
     

Step 4: request data

  • The data is requested in a GET request for the relevant resource.
  • The unique AccountIds that are valid for the consent will be returned with a call to GET /accounts.
  • This will always be the first call once an AISP receives a valid access token.

Get In Touch with Us

Would you like to start developing right now?

 

Solution based questions and/or technical based questions

 

 Contact Us

About us

KBC Open Banking & Insurance fosters innovation
to take your business to the next level.

Contact us

Solution based questions / Technical based questions : Contact