Create an account request

Last updated Nov 2, 2020

This article describes how a TPP (Third Party Provider) can get access to user account information by requesting consent from the user.



We recommend that you follow the Accounts API video in parallel with this article to help you understand the sample code. Additionally, you should review the Open Banking standard.

You can request consent from a user using the flow detailed in the Open Banking OIDC Security Profile. In summary, the steps to create an account request are:

  1. Get an access token to represent you as a TPP using the Client credential flow.
  2. Use the access token obtained in step 1 to create an account request.
  3. Initiate a Hybrid flow using the account request ID you received from your account request. This ID corresponds to the intent ID specified in the hybrid flow.

Create an account request

You can create an account request with the access token generated from the client credential JWT flow. This process is described in the Open Banking standard. You can also see an example in the ForgeRock sample project.

Here is an example account request for ForgeRock ASPSP:

$ curl -X POST \ \ -H 'Accept: application/json' \ -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiI1YjhjY2E4NS0xODcwLTQ1MzYtYTAxNi00ZjI2YmJlYWU3NDIiLCJhdWRpdFRyYWNraW5nSWQiOiI5OTg3OTJjOS03NmNkLTRkZGUtYTQzMC1mOGVjZDZlOTdiZDEiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmludGVnLW9iLmZvcmdlcm9jay5maW5hbmNpYWwvb2F1dGgyL29wZW5iYW5raW5nIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiYzE0NjdkMzYtY2JhOS00NjY0LWFmOTgtMjEyZjU3NGJjYjQ0IiwiYXVkIjoiNWI4Y2NhODUtMTg3MC00NTM2LWEwMTYtNGYyNmJiZWFlNzQyIiwibmJmIjoxNTEzNzc1OTY1LCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwic2NvcGUiOlsib3BlbmlkIiwiYWNjb3VudHMiXSwiYXV0aF90aW1lIjoxNTEzNzc1OTY1LCJyZWFsbSI6Ii9vcGVuYmFua2luZyIsImV4cCI6MTUxMzc3OTU2NSwiaWF0IjoxNTEzNzc1OTY1LCJleHBpcmVzX2luIjozNjAwLCJqdGkiOiIzYjhlNzc0OS00ZmM1LTQzMDctYTY0NC0zYmRjMzliZDE4NzEifQ.6qjz6oy9Qer9lFftPkummWaxrO1afPEypp8SxUPKYN2HVsC3vGV68WkDELYuBg01GOT73Ej3OAunlW5dbPPrlA' \ -H 'Content-Type: application/json' \ -H 'x-fapi-customer-ip-address:' \ -H 'x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC' \ -H 'x-fapi-financial-id: 0015800001041REAAY' \ -H 'x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d' \ -H 'x-idempotency-key: FRESCO.21302.GFX.20' \ -d '{ "Data": { "Permissions": [ "ReadAccountsDetail", "ReadBalances", "ReadBeneficiariesDetail", "ReadDirectDebits", "ReadProducts", "ReadStandingOrdersDetail", "ReadTransactionsCredits", "ReadTransactionsDebits", "ReadTransactionsDetail" ], "ExpirationDateTime": "2018-05-02T00:00:00+00:00", "TransactionFromDateTime": "2017-05-03T00:00:00+00:00", "TransactionToDateTime": "2018-12-03T00:00:00+00:00" }, "Risk": {} }'

You will receive an account request ID in the response, which you need to extract and save for later; it is needed for the hybrid flow. For example, the account request ID we received is:



You should now have received an access token after completing the hybrid flow; this access token represents user consent for account information access.

You can use this access token with the accounts API as detailed in Consume the accounts API

Copyright and Trademarks Copyright © 2020 ForgeRock, all rights reserved.