General information
The Berlin Group standard strongly recommends to limit the validity time of resources created through the XS2A interface.
During the first request/response interaction, the ASPSP generates a new resource representing this transaction. The default validity time of this resource is 30 minutes.
During this validity time, the TPP may address the resource by means of requests permitted by XS2A API.
Validation rules
In the XS2A interface the validity time check is applied on
- {consentId} where consentStatus = "received"
- consent {authorisationId} where scaStatus <> "finalized"
- payment /{authorisationId} where scaStatus <> "finalized" - for all payment types (single, periodic, bulk) and products. Learn more about payment products at 11. Payment Products and Models.
Consent
Consent authorisation must be completed within defined validity time.
If consent validity time is over and consent status = "received" then the status of the consent is changed to "rejected".
The authorisation of given consent is no longer possible. Means, a new consent creation must be initiated.
Consent authorisation sub-resource
If consent authorisation validity time is over and its scaStatus <> "finalized" then scaStatus is changed to "failed".
The authorisation of consent with given authorisationId is no longer possible. Means, a new consent authorisation must be initiated.
Payment authorisation sub-resource
If payment authorisation validity time is over and its scaStatus <> "finalized" then scaStatus is changed to "failed".
The authorisation of payment with given authorisationId is no longer possible. Means, a new payment authorisation must be initiated.