The endpoints and process detailed below relates to the PSD2 Article 65 Confirmation on the availability of funds compliance requirement.
As per Article 65 this process does not cover the settlement of the transaction when sufficient funds are confirmed to be available from the account.
The base URL for all CBPII APIs is: https://rs1.api-oba.salt.bank
As per PSD2 Article 65(1)(b), the payer (customer) must give their explicit consent to the ASPSP to respond to requests for confirmation of funds.
Salt Bank supports the Berlin Group Confirmation of Funds Consent Implementation Guidelines Version 2.0 to enable Card Based Payment Instrument Issuer ('CBPII') to register a confirmation of funds consent resource.
As the PSU cannot directly create a confirmation of funds consent via Salt Bank online channels the following process must be completed.
POST /v2/consents/confirmation-of-funds
As per the Berlin Group specification the account reference for the confirmation of funds check must be provided in the request body.
When multi-currency accounts are supported the fund confirmation must be requested for a specific account currency. If no currency is supplied in the consent request the default sub-account will be used for the funds check.
As the OAuth2 SCA Approach is supported by Salt Bank the following Request Headers should be provided in addition to the attributes flagged as mandatory by the Berlin Group:
TPP-Redirect-URI: The URI of the TPP the PSU will be redirected back to after the successful execution of the PSU SCATPP-Nok-Redirect-URI: If required, this will be the URI the PSU is redirected to when the PSU SCA fails or is cancelled by the PSU.When successfully processed, the response will return the scaOAuth link where the configuration of the OAuth2 Server is defined. The configuration follows the OAuth 2.0 Authorisation Server Metadata specification.
GET /v2/consents/confirmation-of-funds/{consentId}/status
This endpoint can be called to check the status of a confirmation of funds consent.
One of the following status codes will be returned in the response:
| Berlin Group Status Code | Description |
|---|---|
| received | The consent has been received and the data is technically correct. However, the consent has not yet been authorised. |
| rejected | The consent and/or data has been rejected meaning no successful PSU authorisation has taken place or been requested. |
| partiallyAuthorised | The consent requires multi-level PSU authorisation and some but not all mandated authorisations have been performed yet. |
| valid | The consent is accepted and valid for GET account data calls and others as specified in the consent object. |
| revokedByPsu | The consent has been revoked by the PSU towards the ASPSP. |
| expired | The consent expired. |
| terminatedByTpp | The corresponding TPP has terminated the consent by applying the DELETE method to the consent resource. |
GET /v2/consents/confirmation-of-funds/{consentId}
This endpoint will return the details of a confirmation of funds consent.
DELETE /v2/consents/confirmation-of-funds/{consentId}
This endpoint allows the CBPII to revoke a confirmation of funds consent when it is no longer required.
POST /v1/funds-confirmations
This endpoint must be called when a confirmation of funds check is required.
The account reference details provided in the request must match the account reference associated with the confirmation of funds consent.
A true or false will be returned in the response body to confirm if sufficient funds are available at the time of the request.