Whether your authentication flow is implemented with a regular auth link or with Direct Bank Authentication, a set of space separated scopes need to be included in the scope parameter. Those represent the permissions that the client can request on behalf of the end user. Therefore they will limit the endpoints you are authorised to access in the Data API.

Scope

Description

API Endpoint

info

Allows access to End user’s identity information held by the Provider

/data/v1/info

accounts

Allows access to End user’s account numbers and details

/data/v1/accounts, /data/v1/accounts/${account_id}

accounts + balance

Allows access to End user’s account balances

/data/v1/accounts/${account_id}/balance

accounts + transactions

Allows access to End user’s account transactions

/data/v1/accounts/${account_id}/transactions

accounts + transactions + balance

Allows access to End user’s account transactions along with running balance

/data/v1/accounts/${account_id}/transactions

cards

Allows access to End user’s card numbers and details

/data/v1/cards, /data/v1/cards/${account_id}

cards + balance

Allows access to End user’s card balances

/data/v1/cards/${account_id}/balance

cards + transactions

Allows access to End user’s card transactions

/data/v1/cards/${account_id}/transactions

cards + transactions + balance

Allows access to End user’s card transactions along with running balance

/data/v1/cards/${account_id}/transactions

offline_access

Allows access to End user’s data after the short-lived access_token expires. When this permission is granted a refresh_token will be returned

refresh_token

direct_debits

Allows access to End user’s direct debits (Open Banking providers only)

/data/v1/accounts/${account_id}/direct_debits

standing_orders

Allows access to End user’s standing orders (Open Banking providers only)

/data/v1/accounts/${account_id}/standing_orders


Did this page help you?