This is the first request required to initiate an account information request. It contains information such as account permissions and transaction validity dates in the request payload. The third party provider is allowed permission to access the account details that are enclosed within the payload, where the user has consented for.
In order for this API call to be successful, the Third party application who is calling this API on behalf of the user needs to be identified by the bank. Thus, a valid Bearer access token generated through the client_credentials oAuth flow must be provided in the request headers. You can generate the access token by calling the /token oAuth API.
All POST requests MUST be signed with a x-jws-signature header that is comprised of the request payload and the TPP's public/private key pair. For more information on the x-jws-signature, check this link. Alternatively, you can set the jws header by clicking the "Create JWT" button below, it will automatically fetch the payload from the request body editor and create the signature for it given that the private/public key are provided.
Once a successful API call is achieved, the AccountRequestId within the response object will be used in the following step to obtain a user access token for allowing access to all the account information APIs.