Request Specification

Specification for redirection request from FIU to Account Aggregator

WebView Endpoint

GET https://your-aa.com/webview

Path Parameters

Name
Type
Description

fi*

string

Unique FIU identifier. This will be encrypted using Base64/XOR along with reqdate field.

reqdate*

string

reqdate field format will be ddmmyyyyhh24misss in UTC. For example, 06-Apr-2021, 10:40am and 756 milliseconds in IST should be formatted as 060420210510756 in UTC.The receiving server needs to validate this timestamp to be 180 secs of current time and beyond this request will be invalid

ecreq*

string

Base64 encoded & encrypted request parameters (see below)

ecreq (encrypted path parameters)

Below are the parameters that will be encrypted using AES256 encryption algorithm.

Parameter name

Parameter type

Parameter description

txnid

String

UUID txnid. Uniquely identifies a particular redirection event. This same value will be returned by AA to FIU in the ecres txnid field.

sessionid

String

Value that represents a ‘state’ (or session) on the FIU end. This value is opaque to AA and will be returned as is to the FIU by AA in ecres sessionid field.

userid

String

The AA user id ( Refer to A] below )

redirect

String

FIU Url that AA needs to call back after the user has provided consent in the AA domain. The value of this parameter should be URL encoded if the value contains url parameters. This is required in order to remove ambiguity between the parameters of ecreq (separated by ‘&’ character) with the parameters in the redirect url.

srcref

String

Consent handle id, as returned by AA server to the /Consent request api invoked by FIU on the AA prior to this redirection call.

userid

For new AA user

The userid can be the mobile no with the aa handle e.g. 9999988888@aa

For existing AA user

The userid should be with the AA handle e.g. userid@aa

Last updated