NBFC - Account Aggregator (AA)

API Specification
Version 2.0.0

Version History:
Version: 2.0.0 Date: August 9, 2023
Version: 1.1 Date: November 8, 2019

Contact:
[email protected]

NBFC-Account Aggregator (AA) - API Specification 0|Page

I. Introduction
The Reserve Bank of India (RBI) has published the Master Direction1 for the non-banking
financial companies (NBFC) undertaking the business of Account Aggregator (AA). As

defined in section 3(1) (iv) of the Master Direction1, the business of an account
aggregator means the business of providing under a contract, the service of, retrieving
or collecting such financial information pertaining to its customer, as may be specified
by RBI from time to time; and consolidating, organizing, and presenting such
information to the customer or any other financial information user as may be specified
by RBI.

High-level Architecture
AA acts as an intermediary and helps connect the Customer to multiple Financial
Information Provider (FIP)s through standardized API interfaces. In this process, the
NBFC-AA ecosystem needs an interoperable, consent-driven architecture, and a set of
standard APIs that will facilitate secure, seamless, and consented sharing of various
kinds of financial information. The below diagram is the high-level architecture which
shows various interfaces and system interactions in the AA ecosystem as follows:

1
Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 09 Nov 2017,
https://rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598
NBFC-Account Aggregator (AA) - API Specification 1|Page
As shown above, the Customer interacts with the AA for requesting services. The AA
client component interfaces with the AA either directly or via the API exposed by the AA
to facilitate this interaction. Further, the Customer interacts with the AA to link accounts
and generates consent. All the interactions of account linking, and consent management
must happen directly between the Customer and the AA through AA application or AA
Client.

The AA Client, provided by AA, is authorized software that interacts with the AA service.
It may be implemented as a library, Software Development Kit (SDK) or might interact via
direct authorized AA API calls. The AA Client could be a web-based application, a mobile-
based application offered by the AA, or SDK/library with limited data flow. AA is the
owner of the AA Client.

The architecture uses an asynchronous API design by defining the call-back notification
APIs. This design approach facilitates not to wait for a response from the API provider,
thereby decoupling the execution of when the request is made and when the response
is received by the requester.
NBFC-Account Aggregator (AA) - API Specification 2|Page
As shown in the high-level architecture diagram above, the following Interfaces have
been defined:

Interface Summary

FIP A/C Discovery & This API enables the discovery and linking of FIP account(s)
Linking API of the Customer with an AA account.
A linked FIP account can only be associated using the consent
artefact, and the Customer then allows the FIU to access
his/her financial information.

FIP Data Flow API This API provides an interface for AA to retrieve financial
information of a customer programmatically. The collected
information is based on a digitally signed consent artefact
approved by the customer.

FIP Notification API This API provides an interface for AA to send the consent
artefact and consent status update notifications to FIP.

A/C Linking and FI This interface is hosted by the FIP to notify the Customer
Access Notification about the A/C linking events and FI data access request
events.

AA Consent Flow This AA interface collects Customer consent and enables

management of all consent artefacts throughout its lifecycle.

AA Data Flow A FIU uses this interface to receive financial information from
AA.

AA notification API This interface is hosted by the AA to receive notifications

about the A/C linking events and Financial Information
events.

FIU Notification API This interface, hosted by a Financial Information User (FIU), is
used by AA to send consent status updates and Financial
Information related notifications.

NBFC-Account Aggregator (AA) - API Specification 3|Page

II. High-level Specifications
The high-level specifications of the AA ecosystem have been categorized into the
following flows.
1. Account discovery and linking flow
2. Consent flow
3. Consent handle management flow
4. FI data flow
5. Notification flow
6. Monitoring flow

Below are the functionalities hosted by the participating entities with respect to the
categories.

Category AA FIP FIU

Account N/A • Account Discovery N/A

Discovery • Account
and Linking Linking/Delinking
• Authenticating
Link/Delink Request
Consent • Consent Request • Posting Consent N/A
Consent • Consent Status N/A N/A
Handle Request
Management • Getting Consent
FI Data Flow • FI Data - Request • FI Data - Request N/A
• FI Data - Fetch • FI Data - Fetch
Notification • Linking Status • Consent Status • Consent Status
• Consent Status • FI Data Status
• FI Data Status
Monitoring • Heartbeat API • Heartbeat API N/A

N/A – API is not applicable

NBFC-Account Aggregator (AA) - API Specification 4|Page

Account Aggregator (AA) APIs

The description of AA APIs is given as follows:

Entity Account Aggregator

Method API Path Description

Consent

Consent Request

POST /Consent This API is intended for AA Client/FIU to request

the generation of digitally signed consent
artefacts. The customer uses the AA application
to select accounts and approve the consent
request. Once the customer approves the
consent request on the AA application, AA
generates the digitally signed consent artefact.

Note - The AA Client/FIU never sees the account

of the customer, nor directly participates in the
consent generation.

Consent Handle Management

Consent Status Request

POST /Consent/handle This API is intended for checking the status of a

previously submitted consent artefact creation
request.

Get Consent

POST /Consent/fetch This API is intended for fetching the information

associated with the specific consent id.

NBFC-Account Aggregator (AA) - API Specification 5|Page

 FI Data Flow

FI Data - Request

POST /FI/request The FIU or the customer submits the consent ID

required for fetching financial information from
the FIP(s).
A session ID is generated and returned which
enables the FIU, or the Customer, to fetch the
information from the AA, once it is available.

FI Data - Fetch

POST /FI/fetch This API is used by the FIU to fetch the financial
information from AA.

Notifications

Consent Status

POST /Consent/Notification This API can be used by AA Client, FIU and FIP to
place a request for consent status update to AA
in specific use cases.

FI Data Status

POST /FI/Notification This API is used by FIU and FIP to send

notifications related to FI data flow to AA.

Linking Status

POST /Account/link/Notification This API is intended to be used by FIP to send

account link notifications to AA.

Monitoring

NBFC-Account Aggregator (AA) - API Specification 6|Page

 Heartbeat API

GET /Heartbeat This is the monitoring API Interface for checking

the service availability of AA.

NBFC-Account Aggregator (AA) - API Specification 7|Page

Financial Information Provider (FIP) APIs

The description of FIP APIs is given as follows:

Entity Financial Information Provider

Method API Path Description

Account Discovery and Linking

Account Discovery

POST /Accounts/discover This API enables the AA to discover accounts

belonging to a Customer based on the Customer
identifiers. A set of masked account information
and corresponding link reference number for
each discovered account, is returned based on
identifier matching logic at FIP.

Account Linking

POST /Accounts/link This API is used for initiating an account link

request to link selected account(s) with the AA
customer address.

Account Delinking

POST /Accounts/delink This API is used to delete a previously

established account linkage to the customer’s
profile. Once deleted, the customer cannot
share financial information for these accounts
using Account Aggregator.

Authenticate Link/Delink Request

NBFC-Account Aggregator (AA) - API Specification 8|Page

 POST /Accounts/link/verify This API is used only in the case of token-based
authentication for linking or delinking the
accounts. The AA submits the token (received
from the customer) to the FIP so that account
linkage or de-linkage can be completed. In the
case of FIP direct authentication, this method
will not be used.

Consent

Post Consent

POST /Consent This API enables the AA to send the consent

artefact to the FIP on consent creation.

FI Data Flow

FI Data – Request

POST /FI/request This API enables AA to submit the FI data fetch

request coming from FIU to the FIP. FIP verifies
the request against consent artefact shared by
AA and processes it only if the verification is
successful.

FI Data – Fetch

POST /FI/fetch This API enables the AA to fetch the financial

information from FIP against a given SessionID.

Notification

Consent Status

NBFC-Account Aggregator (AA) - API Specification 9|Page

 POST /Consent/Notification This API is intended to be used by AA to notify
the change in consent status due to the consent
management operations performed by the
customer.

Monitoring

Heartbeat API

GET /Heartbeat This API enables the AAs to check the service
availability of FIPs.

NBFC-Account Aggregator (AA) - API Specification 10 | P a g e

Financial Information User (FIU) APIs

The description of FIU APIs is given as follows:

Entity Financial Information User

Method API Path Description

Notification

Consent Status

POST /Consent/Notification This API is intended to be used by AA to notify

FIU about the change in consent status due to
the consent management operations performed
by the Customer.

FI Data Status

POST /FI/Notification This API is used by AA to send notifications

related to FI data flow to FIU.

For further illustrative information on NBFC-AA ecosystem API Specification, please refer
to https://api.rebit.org.in/

NBFC-Account Aggregator (AA) - API Specification 11 | P a g e

III. Financial Information (FI) Definition

The Account Aggregator (AA) ecosystem supports multiple types of FI as defined in

Section 3 of the Master Direction1. The purpose of developing FI definitions is to enable

the interoperability between the participating entities in AA ecosystem. The FI definition
has the following purposes:
a. Data description: The definition provides a common and uniform format of the
representation of FI in terms of structure (syntax) and meaning (semantics)
interoperability.

b. Data context: The definition defines a minimal set of representational states of

financial information corresponding to the financial information types.

c. Data sharing: The definition provides semantic interoperability in the NBFC-AA

ecosystem.

d. Data harmonization: The definition enables a common format for analysing,

viewing, and processing the transaction of financial information.

The structure of FI type definition adheres with the consent definition that has the
following sections:

• Profile: This includes the basic profile of the Customer having details such as
account owner information, masked account number and linked account
reference numbers, type of account specific to the FI type and other generic
details as might be pertinent for the specified FI type.
• Summary: This includes the value of the account, term of the deposits, if relevant
and any other data that summarizes the funds in the account.
• Transactions: This include the transaction details that are posted in an account.

In this process, the FI type information is defined in XML (Extended Markup Language)
format will be validated against the corresponding XSD (XML Schema Definition).
The XML structure of Financial Instrument is depicted below:

NBFC-Account Aggregator (AA) - API Specification 12 | P a g e

<Account type="">
<Profile />
<Summary />
<Transactions />
</Account>

For further illustrative information, please refer to https://api.rebit.org.in/ or email: aa-

[email protected].

NBFC-Account Aggregator (AA) - API Specification 13 | P a g e