Retrieve details of an account such as balance transactions, balance and details.
The accounts of ABN AMRO's clients are protected against unauthorized access. You need to authenticate yourself using OAuth2.0 and get authorization to the client's account.
If you are a developer and unfamiliar with OAuth 2.0, you could have a look at the OAuth pages from the Internet Information Task Force
Note: To use our API you first need to be onboarded. If you haven't been onboarded please check our onboarding procedure in Overview.
In this flow OAuth is used for you as a third party payment service provider (TPP) role to access accounts of ABN AMRO clients. ABN AMRO clients need to provide consent to you as a TPP before the account can accessed.
An ABN AMRO client can be requested to provide access through the consent application. As result of this consent an "authorization code" is provided. For security reasons this code is short lived and needs to be exchanged for a long lived "refresh token" and a short lived "access token". This "access token" can be used to get access to the API. The long lived refresh token can be used for future account access, see section "refresh acces code token" for details. The sequence diagram below depicts the Authorization flow for account information.
The consent application is used in the authorization code flow to provide you with an access code. In this application the ABN AMRO client can give consent for access to their account, by using for example their E.dentifier. This is a so-called redirect. In the consent application the ABN AMRO client can review the access (scope) that is requested by you and select an account to which they want to provide access. The ABN AMRO client can either authorize or cancel the requested authorization.
The client consent flow consists of 3 steps:
- Select Account
All account information consents are valid for 90 days.
- The scopes for Account Information cannot be combined with scopes for Payment Initation. See Technical.
- For details on how to access the consent application through the OAuth server, please check OAuth or the Tutorials.
Refresh an Access Token
When the shortlived access token has expired, the long lived "refresh token" can be used to get a new access token and a new refresh token, rendering the used refresh token as invalid. The sequence diagram below depicts this flow.
Consent Info API
With this method you can retrieve the details (account number and scopes) of consent that are associated with given "access token".