Back button

Account Broker

/

Overview

/

Glossary

API Diagram

Decision Tree

Overview
1

Client App Integrates with Account Broker API

Client app integration

The third-party client (e.g. fintech app) integrates with the Account Broker API.

plus
AHS licensed AISP

This API is exposed by AHS, which is a licensed AISP.

plus
Account Broker API bridge

The Account Broker API serves as a bridge between client-facing apps and Open Banking-compliant bank APIs (ASPSPs).

2

PSU Accesses Client App

PSU login

The end user (PSU) logs into the client app and initiates the journey to view their banking data.

plus
Invoke Account Broker API

The client app invokes the Account Broker API to begin the data access process.

plus
Consent checkbox

User is shown a checkbox asking "Do you consent to retrieve and reuse your existing banking consent?"

plus
Consent reuse logic

If the user selects it, consent reuse logic is triggered.If not selected, the app may redirect the user to initiate a new consent journey.

3

Consent Management via Core Platform

Consent persistence

Since Account Broker (AHS) is AISP-licensed and operates its own core platform, it securely persists existing consents and access tokens.

plus

If the checkbox was selected, the system

Consent validation

Validates existing consent and token (against OrganisationID, UserID, and ASPSPID).

plus
Consent reuse

Reuses consent only if it’s valid, active, and scoped correctly.

plus
New authorization prompt

If no valid consent exists, the app may prompt for new authorisation.

plus
No redirect

No separate redirect to the bank is initiated unless consent reuse fails.

4

Handling Multiple Consents

Multiple consents

A PSU may grant consent via multiple client apps.

plus
Persist consent

The platform persists each consent uniquely using a composite key:

plus
OrganisationID

OrganisationID

plus
UserID

UserID

plus
ASPSPID

ASPSPID

plus
Consent reference

A unique consent reference is generated and returned to the client app for future API requests.

5

API Call to ASPSP for Data or Payment Execution

API calls to ASPSPs

The Account Aggregation Consumer Service within the core platform is triggered.

plus
API calls to ASPSPs

It makes API calls to the appropriate ASPSPs using the stored consent and access token.

plus
APIs called

The APIs called include:

plus
Accounts API

accounts

plus
Balances API

balances

plus
Transactions API

transactions

6

Core Platform Acts as Proxy – Minimal Business Logic

No business logic

The core platform does not implement critical business logic.

plus
Secure data vehicle

It acts purely as a secure data vehicle, fetching and relaying banking data from ASPSPs to the client app via the Account Broker API.

7

Data Delivered to Client App

Data returned

The requested account data is securely returned via the Account Broker API to the client app.

plus
PSU views data

The PSU can now view their financial data aggregated from multiple ASPSPs.

8

Consent Reuse in Future Calls

Consent reference

On future API requests, the client app uses the unique consent reference to retrieve data without repeating the consent flow.

plus
Validate consent

Core platform validates consent reference and access token behind the scenes.