Skip to main content

16. Consent frequency validation

  • Updated

General information

The Berlin Group standard defines that frequencyPerDay parameter as the indication of the requested maximum frequency for an access without PSU involvement per day.

The frequency needs to be greater equal to one.

In order to identify whether PSU is involved in the request or not for all GET Account Data requests, the PSU-IP-Address has been added to the request header definitions with the Condition "Conditional".

The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. It shall be contained if and only if this request was actively initiated by the PSU.

Validation rules

XS2A  validates the access frequency for a consent if a request to XS2A AIS doesn't contain the header 'PSU-IP-Address'.

XS2A checks the validity of IP address value (at least with the regexp).

 Consent frequency is only validated during the calls to /accounts endpoints!

Examples of XS2A behavior

Example 1

Prerequisites

  1. Consent status = "valid".
  2. Consent frequency = 4.

Case

Within one day XS2A has received 4 requests to AIS with given consent and all 4 requests contain the header 'PSU-IP-Address' with a valid IP address.

Same day later XS2A has received the 5th request to AIS with given consent.

Result

Same day XS2A doesn't reject the 5th request to AIS with given consent no matter whether 'PSU-IP-Address' header is given there or not.

Example 2

Prerequisites

  1. Consent status = "valid".
  2. Consent frequency = 4

Case

Within one day XS2A has received 6 requests to AIS with given consent

  • 2 requests contain the header 'PSU-IP-Address' with a valid IP address.
  • 4 requests don't contain the header 'PSU-IP-Address'.

Same day later XS2A receives 1 more request to AIS with given consent that contains the header 'PSU-IP-Address' with a valid IP address.

Result

XS2A doesn't reject this request.

Example 3

Prerequisites

  1. Consent status = "valid".
  2. Consent frequency = 4

Case

Within one day XS2A has received 6 requests to AIS with given consent

  • 2 requests contain the header 'PSU-IP-Address' with a valid IP address.
  • 4 requests don't contain the header 'PSU-IP-Address'.

Same day later XS2A receives 1 more request to AIS with given consent that doesn't contain the header 'PSU-IP-Address' with a valid IP address.

Result

XS2A rejects it with HTTP status code 429 and corresponding error message.

Related articles

Powered by Zendesk