Account Information APIv3.1.2

This is version 3.1 of Account API. Check the Postman collection to see sample data and scenarios to use Account API. Note: version 3 of this API is deprecated, all developers using version 3 must migrate to version 3.1. The hostname for YBS and Chelsea brand is ob-ybs.sandbox.ybs.co.uk and ob-che.sandbox.ybs.co.uk respectively. 

Account and Transaction APIs

Detailed Open Banking specifications for the Account and Transaction API that is available to Account Information Service Providers (AISPs) are available on the Open Banking website.

Yorkshire Building Society supports the following to enable you to securely access account and transaction data:

POST / account-access-requests

Create a new account-request resource. Customer selects the accounts to be included in the account access request.

Permissions we support for AISPs:

  • ReadAccountBasic
  • ReadAccountDetail
  • ReadBalances
  • ReadBeneficiariesBasic
  • ReadBeneficiariesDetail
  • ReadStandingOrdersBasic
  • ReadStandingOrdersDetail
  • ReadTransactionBasic
  • ReadTransactionDetail
  • ReadTransactionCredits
  • ReadTransactionDebits
  • ReadProducts
  • ReadParty

Permissions we don’t support:

  • ReadDirectDebits
  • ReadStatementsBasic
  • ReadStatementsDetail
  • ReadOffers
  • ReadParty
  • ReadPartyPSU
  • ReadScheduledPaymentsBasic
  • ReadScheduledPaymentsDetail
  • ReadPAN

GET / account-access-requests/{AccountRequestID}

Get an existing account-access-request resource detail (date effective, date of expiration and status).

Authentication

Authorisations will be for a maximum of 90 days or up to the Authorisation End Date (if specified) whichever is the earliest date*.

Customers will need to be re-authenticated to continue to share their data with third parties – re-authorisation creates a new Authorisation for 90 days (* see rules above).

As of January 2020 Account Access requests are available to PISP as well as AISPs.

PISP will only be allowed to request Account and Party permissions.

Additional Authorisations

To adhere to regulation for Strong Customer Authentication (SCA) customers will need to re-authorise their consents and pass SCA checks before we can respond to requests for the following endpoints:

  • GET /accounts/{AccountId}/beneficiaries
  • GET /accounts/{AccountId}/product
  • GET /accounts/{AccountId}/standing-orders
  • GET /accounts/{AccountId}/parties
  • GET /accounts/{AccountId}/party

Following a successful re-authorisation and SCA checks, the authorisation will be extended by a maximum 90 days (*see rules above), and the customer will be allowed 5 minutes to request details for Beneficiaries, Standing Orders and products before needing to perform further SCA checks.

DELETE / account-access-requests/{AccountRequestID}

Revoke an existing account-access-request resource.

Note: PSU can revoke existing account-access-requests via ASPSP online systems and via their Contact Centre.

GET / accounts

GET all accounts to which customer has allowed access.

GET / accounts /{AccountId}

GET account information resources for a specific account id

The implemented GET APIs to retrieve account information resources for a specific account are:

The following account information resources can be requested with or without the customer being in attendance.

  • GET /accounts/{AccountId}
  • GET /accounts/{AccountId}/balances
  • GET /accounts/{AccountId}/transactions(Only Recent Transactions)

The following account information resources require that the customer must be in attendance (SCA checks required).

  • GET /accounts/{AccountId}/beneficiaries
  • GET /accounts/{AccountId}/product
  • GET /accounts/{AccountId}/standing-orders
  • GET /accounts/{AccountId}/parties
  • GET /accounts/{AccountId}/party *

The Party endpoint is the only GET API available to PISPs

The following GET APIs to retrieve account information resources for a specific account have not been implemented:

  • GET /accounts/{AccountId}/direct-debits
  • GET /accounts/{AccountId}/scheduled-payments

We do not currently support optional APIs for retrieving the status of account-requests or for bulk requests across a customer's accounts.

Identification - Account Number

Our Account Numbers are 10 digits and referred to as the Roll Number; when we provide the Identification data (Sort Code and Account Number) we will supply the 6 digit Sort Code (including leading zeroes) and the first 8 digits of our Account Number / Roll Number (including leading zeroes). The full 10 digit Account Number (Roll Number) will be supplied in the Secondary Identification data field.

Account - Name

Where there are multiple holders on an account we will concatenate the Title and Surname of each account holder.

Note, where the total number of characters exceed 70 (Open Banking restriction) the account the account names will be truncated.

GET / accounts /{AccountId}/transactions

All historical transaction data is available for account information data request.

The customer can apply date restrictions when setting up the consent.

GET / accounts /{AccountId}/product

Personal Current Account (PCA) Details

  • Tier Band Method                                – Only value supplied is Whole
  • Destination                                          – Only values supplied are Pay Away or Self Credit
  • Tier Value Minimum                           – Defaulted to 0 (Zero)
  • Fixed Variable Interest Rate Type         – Defaulted to Variable
  • AER                                                    – Defaulted to 0 (Zero)    

Data Sets Not Supported

We do not support the following data items.

  • Overdraft
  • Other Fees and Charges
  • Business Current Accounts (BCA)

GET  /accounts/{AccountId}/party 

As of January 2020 GET Party API requests are available to PISP as well as AISPs.

We will provide the following:

  • Main account owner / holder only
  • Main account holder name presented as Title + Surname
  • Account holder full legal name presented as Title + Forename(s) + Surname
  • Party Type – Joint or Sole (Business Accounts not supported therefore Delegate type not applicable)

We will not be providing:

  • Party Id
  • Account Role
  • Beneficial Ownership
  • Contact details (Email, Phone, Email)
  • Address details
  • Relationship details (other Accounts)

GET /accounts/{AccountId}/parties

We will provide the following:

  • Account owners / holders (i.e. Beneficial account owners– not account operators)
  • Main account holder name presented as Title + Surname
  • Account holder full legal name presented as Title + Forename(s) + Surname
  • Party Type – Joint or Sole (Business Accounts not supported therefore Delegate type not applicable)

We will not be providing:

  • Party Id
  • Account Role
  • Beneficial Ownership
  • Contact details (Email, Phone, Email)
  • Address details
  • Relationship details (other Accounts)

About us

Yorkshire Building Society is a member of the Building Societies Association and is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Yorkshire Building Society is entered in the Financial Services Register and its registration number is 106085. Head Office: Yorkshire House, Yorkshire Drive, Bradford BD5 8LJ.

References to 'YBS Group' or 'Yorkshire Group' refer to Yorkshire Building Society, the trading names under which it operates (Chelsea Building Society, the Chelsea, Norwich & Peterborough Building Society, N&P and Egg) and its subsidiary companies.