Versions Compared

Version Old Version 1 New Version Current
Changes made by

Isla Humphreys

Chris Wood

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Group

Operation

HTTP Status Code

Error Code

Description

Bank Service Initiation

POST /payments

400

Consent.AccountTemporariltyBlockedAccountTemporarilyBlocked

The LFI must return this error if the account from which the payment is to be initiated has been temporarily blocked.

If the account status should not be communicated to the TPP for operational or security reasons (for example, to prevent “sounding off” when the account is under investigation) the LFI may return the more generic Consent.TransientAccountAccessFailure message as stated below.

This error indicates to a TPP that a retry in the future may result in a successful outcome once the transient failure has passed.

Bank Service Initiation

POST /payments

400

Consent.PermanentAccountAccessFailure

The LFI must return this error if the account related to the payment consent is no longer accessible. Scenarios include if the account has been closed, the account holder is under liquidation or for any similar reasons.

The error indicates to a TPP that a retry in the future will not result in a successful outcome.

Please note the LFI may carry out house-keeping on consents and move consents related to such accounts into a Revoked status. In such a situation, the OFP will fail the TPP request before an Ozone Connect call is made.

Bank Service Initiation

POST /payments

400

Consent.TransientAccountAccessFailure

The LFI must return this error when the consented account for a service initiation cannot be accessed due to a transient reason.

The error indicates to a TPP that a retry in the future may result in a successful outcome once the transient failure has passed.

Bank Service Initiation

POST /payments

400

Consent.BusinessRuleViolation

The LFI must return this error when a payment request fails as a result of some business rule failure that is enforced by the LFI.

A textual description of the failed business rule must be provided in the errorDescription field.

An example of a business rule violation would be when a payment exceeds the daily limit for an account, when an account balance is not available or the payment is failed due to some other operational reason such as a lien on the account.

Bank Data Sharing

All (other than GET accounts)

400

Consent.AccountTemporariltyBlockedAccountTemporarilyBlocked

The LFI must return this error code when data is requested for an account that has been temporarily blocked.

If the account status should not be communicated to the TPP for operational or security reasons (for example, to prevent “sounding off” when the account is under investigation) the LFI may return the more generic Consent.TransientAccountAccessFailure message as stated below.

This error indicates to a TPP that a retry in the future may result in a successful outcome once the transient failure has passed.

Calls to GET /accounts must return ALL consented accounts. The data.status of the account must indicate the status of the account.

Bank Data Sharing

All (other than GET accounts)

400

Consent.PermanentAccountAccessFailure

The LFI must return this error if the account related to the consent is no longer accessible. Scenarios include if the account has been closed, the account holder is under liquidation or for any similar reasons.

This error indicates to a TPP that a retry in the future will not result in a successful outcome.

Calls to GET /accounts must return ALL consented accounts. The data.status of the account must indicate the status of the account.

Please note:

  • The LFI may carry out house-keeping on consents and remove such accounts from the consent.

  • The LFI may move the consent into Revoked status when the last account is removed.

In such a situation, the OFP will fail the TPP request before an Ozone Connect call is made.

Bank Data Sharing

All (other than GET accounts)

400

Consent.TransientAccountAccessFailure

The LFI must return this error when the consented account cannot be accessed due to a transient reason.

This error indicates to a TPP that a retry in the future may result in a successful outcome once the transient failure has passed.

Calls to GET /accounts must return ALL consented accounts. The data.status of the account must indicate the status of the account.

Consent Event & Actions

POST /consent/action/validate

See description

See description

The validate API call has the following behaviour:

  • If the LFI completes processing of the validate call, it must return a 200 to indicate that it processed the call.

  • The status should be set to valid if all validation rules passed

  • The status should be set to invalid if the LFI found a validation failure.

    • When the LFI returns an invalid status, it must return a code from following list their corresponding description is propagated to the TPP

    • Code Block
      Consent.TransientAccountAccessFailure
Consent.AccountTemporarilyBlocked, 
Consent.PermanentAccountAccessFailure, 
Consent.BusinessRuleViolation, 
Consent.FailsControlParameters, 
JWE.DecryptionError
JWE.InvalidHeader
GenericRecoverableError
GenericError

    • If the LFI returns an invalid status with a code not in the list above, the specific code is not propagated to the TPP and a 500 error is returned (this is considered unexpected response from the LFI)

  • If the LFI is unable to complete processing due to an unexpected error (such as a badly formatted input), it should return a 400 error code. This is treated as a generic error and a 500 error is sent to the TPP.

...