jh-a
commented
5 years ago From RBS
"As mentioned previously RBS accept this is a bug and are committed to fixing it. As this has been live for 15months and this is the first report of the bug it is not seen as having a significant impact to the TPP community and has been weighed against other delivery items accordingly.
The fix for this is now scheduled to go in with the other consent changes that are scheduled for delivery in August."
We believe the issue to be as follows The account-request includes an ExpirationDateTime parameter which must follow a date format i.e. ISO8601 format Our client app requests 3 months distant as a date The behaviour exhibited by RBS/Natwest is to enforce 90 days specifically, and reject anything over this. As March and May are 31 days, and April is 30 days, this meant that 3 months time is 92 days, hence the requests were rejected. The API spec says (across versions) ExpirationDateTime should behave as
Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended
As the /account-requests API "effectively allows the AISP to send a copy of the consent to the ASPSP to authorise access to account and transaction information" to reject an expiration date of >90 days is incorrect behaviour, as this reflects the breadth of the consent only