Skip to content
API Reference
/
/
RefreshConsent

Aritma Banking API (1.0.0)

API versioning

Over time there will be introduced changes to the API as we continuously introduce improvements. You have the option to use a specific version or the most recent version, supported versions are available in the response header api-supported-versions.

Use a specific version of the API by specifying the api-version header, for example api-version: 1.0. If you don't specify the header, the latest version will be used. If a version has been scheduled to be removed, it will be reported through the api-deprecated-versions header, for example api-deprecated-versions: 1.0, 1.1.

Idempotency

The API supports idempotency for safely retrying POST requests without accidentally performing the operation twice. To perform an idempotent request, specify the Idempotency-Key: UUID header with a value on UUID format, example: Idempotency-Key: 5bfa15da-0969-46a3-820d-be0ec7a16c24.

The idempotency works by storing the status code and body of the first response made for the idempotency key for a short timespan, regardless of whether if succeeds or fails. Subsequent request with the same key returns the response of the previous response. The presence of response header Idempotent-Replayed: true indicates that a previous response has been returned. Note that the replayed responses for created resources would change from status 201 to 200 ok, indicating that no resource was created.

Download OpenAPI description
banking-openapi.json
banking-openapi.yaml
Languages
Servers
Mock server
https://developer.aritma.com/_mock/apis/banking/v4/openapi/banking-openapi
https://banking.dev.zdata.io/api

Accounts

Access account information.

Operations

Banks

Access information about the available banks.

Operations

Consents

Obtaining a consent is the first thing you need to do in order to access bank information.

Start by sending a request to the create consent endpoint which will return a link you can redirect the user to. When the user visits the link, we will gather the necessary information needed to obtain a consent linked to the chosen bank.

When a consent has been obtained you can use it to access data through the available endpoints, keep in mind that a consent can potentially be withdrawn by the user at any point.

Operations

CreateConsent

Request

Security
Api access(Required scopes:
services.banking
api
)
Headers
api-versionstring
Body
bankIdnull or string

Optional unique identifier of the bank you are creating consent for, if not specified the user will be asked to select one. The unique identifiers can be found through the list bank API call (GET /banks).

Example: "89F7F63B-67C0-4F70-A6BE-898BC211DCA0"
channelTypestring

The banking channel.

Enum"unspecified""openBanking""psd2"
Example: "psd2"
expiresnull or string(date-time)

The time the consent should expire. Defaults to:

  • psd2: 90 days
  • openbanking: no expiration
propertiesobject

Additional properties used for creating consents.

redirectSettingsnull

Contains settings for redirects

statenull or string

Can be used by client to keep track of consent flow. Will be returned in response to CreateConsent API call and added to return url as a queryparameter if return url is specified.

Example: "qwerty"
subscriptionIdnull or string

Id of the subscription which this consent will created under.

resourceGroupNamenull or string

Name of the resource-group which this consent will be organized under.

resourceGroupDisplayNamenull or string

Display name of the resource-group which this consent will be organized under.

{
  "bankId": "89F7F63B-67C0-4F70-A6BE-898BC211DCA0",
  "channelType": "psd2",
  "expires": null,
  "properties": {
    "property1": "string",
    "property2": "string"
  },
  "redirectSettings": {
    "success": "https://www.google.com/search?q=success",
    "error": "https://www.google.com/search?q=error"
  },
  "state": "qwerty",
  "subscriptionId": null,
  "resourceGroupName": null,
  "resourceGroupDisplayName": null
}

Responses

Created

Bodyapplication/json
consentIdstring

The consent id

Example: "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3"
resourceIdstring

Fully qualified resource id of the consent

redirectUrlnull or string

Url to redirect the user to. Language can be preselected with query parameter (ui-culture) when redirecting users. Current supported languages are nb (norwegian bokmål) and en (english, default). Ex: https://google.com?ui-culture=nb

Example: "https://google.com"
statusstring

Status of the created consent

Enum ValueDescription
unknown
created
Consent session has been created
started
Consent flow has started
authorized
Consent has been obtained and is ready to be used
expired
The consent has expired
revoked
The consent has been revoked
failure
Failed to retrieve consent
awaitingApproval
Consent is being processed
Example: "Created"
statenull or string

State from the request

Example: "qwerty"
Response
application/json
{
  "consentId": "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3",
  "resourceId": "string",
  "redirectUrl": "https://google.com",
  "status": "Created",
  "state": "qwerty"
}

GetConsents

Request

Security
Api access(Required scopes:
services.banking
api
)
Query
cursorstring

A reference to a specific page

Headers
api-versionstring
No request payload

Responses

OK

Bodyapplication/json
consentsArray of objects(GetConsentResponse)

The consents

_linksobject

Links

Response
application/json
{
  "consents": [
    { … }
  ],
  "_links": {
    "next": { … },
    "previous": { … }
  }
}

RefreshConsent

Request

Security
Api access(Required scopes:
services.banking
api
)
Path
idstringrequired
Headers
api-versionstring
Body
expiresnull or string(date-time)

The time the consent should expire. Defaults to:

  • psd2: 90 days
  • openbanking: no expiration
redirectSettingsnull

Contains settings for redirects

statenull or string

Can be used by client to keep track of consent flow. Will be returned in response to CreateConsent API call and added to return url as a queryparameter if return url is specified.

Example: "qwerty"
{
  "expires": null,
  "redirectSettings": {
    "success": "https://www.google.com/search?q=success",
    "error": "https://www.google.com/search?q=error"
  },
  "state": "qwerty"
}

Responses

Created

Bodyapplication/json
consentIdstring

The consent id

Example: "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3"
resourceIdstring

Fully qualified resource id of the consent

redirectUrlnull or string

Url to redirect the user to. Language can be preselected with query parameter (ui-culture) when redirecting users. Current supported languages are nb (norwegian bokmål) and en (english, default). Ex: https://google.com?ui-culture=nb

Example: "https://google.com"
statusstring

Status of the created consent

Enum ValueDescription
unknown
created
Consent session has been created
started
Consent flow has started
authorized
Consent has been obtained and is ready to be used
expired
The consent has expired
revoked
The consent has been revoked
failure
Failed to retrieve consent
awaitingApproval
Consent is being processed
Example: "Created"
statenull or string

State from the request

Example: "qwerty"
Response
application/json
{
  "consentId": "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3",
  "resourceId": "string",
  "redirectUrl": "https://google.com",
  "status": "Created",
  "state": "qwerty"
}

GetConsent

Request

Security
Api access(Required scopes:
services.banking
api
)
Path
idstringrequired

Id of the consent to retrieve

Headers
api-versionstring
No request payload

Responses

OK

Bodyapplication/json
consentIdstring

The consent id

Example: "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3"
resourceIdstring

Fully qualified resource id of the consent

statusstring

Status of the consent

Enum ValueDescription
unknown
created
Consent session has been created
started
Consent flow has started
authorized
Consent has been obtained and is ready to be used
expired
The consent has expired
revoked
The consent has been revoked
failure
Failed to retrieve consent
awaitingApproval
Consent is being processed
Example: "authorized"
additionalDatanull

Information about the consent that has been obtained

Response
application/json
{
  "consentId": "1E5EFC3B-635E-4973-A605-41D7F0D6D7B3",
  "resourceId": "string",
  "status": "authorized",
  "additionalData": {
    "bankId": null,
    "expiresAtUtc": "2019-08-24T14:15:22Z",
    "consentData": null
  }
}

DeleteConsent

Request

Security
Api access(Required scopes:
services.banking
api
)
Path
idstringrequired

Id of the consent to delete

Headers
api-versionstring
No request payload

Responses

OK

Response
No content

Payments

Operations

SigningBaskets

Signing baskets are short-lived vessels used for authorizing several payments with one SCA operation.

Operations