The first step to requesting account information is to indicate the type of information that you expect to request from your application.
The Account Permissions define the type of account information requests that the customer will agree to when giving consent to their selected accounts.
Currently Metro Bank supports the following permissions (in bold):
ReadProducts - Ability to read all product information relating to the account
ReadBalances - Ability to read all balance information
ReadTransactionsDetails - Ability to read transaction information
Note: The account-request call MUST include a permission called ReadAccountsDetails
The permissions must be supplied before each customer's authentication step.
The permissions sent before customer authentication can be considered the account request before consent is given to selected accounts.
Defining the time period for account access
In addition to Account Permissions you may include an expiration date to define the length of time your application requires access to account information: this is the ExpirationDateTime.
The ExpirationDateTime should be used when your application requires access for only a short period of time, for example, when performing a one-time credit check.
If an ExpirationDateTime is not provided then the Metro Bank default is used to define the length of time for account access.
Defining the account transaction date range
When using the ReadTransactionsDetails permission you may request a date range for the customer transactions data.
The date range is provided in the request using:
A request to create an account request with the ReadTransactionsDetails permission that does not have TransactionFromDateTime and TransactionToDateTime, shall default to the earliest and most recent transaction dates at the time of the actual request for transactions for each of the accounts included in the transactions request.
Accessing the /account-requests resource
To post a request to /account-requests you must have a valid access token.
Your application is expected to persist the AccountRequestId as this is unique to each set of permissions and the customer's consent to selected accounts.
You can make use of the sandbox environment to try this out if you have completed the Metro Bank registration process and have credentials (client_id and secret) for a sandbox app:
The request body to /account/v1/account-requests :
The response may look like:
From the example response above, the newly created account request is identfied by AccountRequestId.
This identifier is used in the authorisation and customer authentication steps described in the next section "Authentication".