You can view the full standard and more information about its design principles in Confluence.
How it works
First the customer requests that a Third Party (via a website or app) can access their account information held by an API Provider. The Account Information API then enables the following:
- The Third Party sets up an account information flow with the API Provider (e.g. the customer’s bank).
- The Third Party transfers the customer to their bank to securely authorise access to specific account information. In v2.0 and above of the standard either a redirect or decoupled authentication flow can be used for the customer to authorise access to their account information.
- In v2.1 of the standard, the range of accounts has been broadened to include credit card accounts, and any account a customer can access via their online banking.
- The API Provider gives real-time confirmation to the Third Party that the customer has authorised access to the account and provides the consented information.
The Account Information standard covers 10 types of account information, called ‘resources’. While the standard covers 10 resources, they may not all be available to customers. The resources available will depend on what API Providers and Third Parties have agreed in their bilateral agreement.
Account Information resources included in the standard
- Account requests: Allows a Third Party to check on the status of a customer’s account access request with an API Provider.
- Accounts: Allows a Third Party to retrieve the full list of accounts the customer has authorised the Third Party to access.
- Balances: Allows a Third Party to retrieve the balance of a specified account(s) the customer has authorised the Third Party to access.
- Transaction history: Allows a Third Party to retrieve a list of transactions posted to an account that results in an increase or decrease to a balance with in a defined date range.
- Beneficiaries: Allows a Third Party to retrieve a list of saved recipients of payments linked to a specific account.
- Direct debits: Allows a Third Party to retrieve the list of direct debits that have been set up on a specific account.
- Offers: Allows the Third Party to retrieve the offers available (product features) on a customer account, for example, interest rates, benefits, cash back, etc.
- Standing orders (automatic payments): Allows a Third Party to retrieve the list of ‘standing orders’ (New Zealand terminology is ‘automatic payments’) that have been set up on a specific account.
- Party: Allows a Third Party to retrieve information about a party (customer or owner) linked to a specific account. This can include name, email address, phone, mobile, address, etc.
- Scheduled payments: Allows a Third Party to see the list of scheduled payments set up against a specific account. A scheduled payment is a single one-off payment that has been scheduled for a future date.
- Statements: Allows a Third Party to request all statements associated with a specific account within a specified date range.