Configuring Data Sharing for Business Nominated Representatives

This requirement is introduced to the Consumer Data Specification on 22 December 2020 via Competition and Consumer (Consumer Data Right) Amendment Rules (No. 3) 2020.

Nominated Representatives

Non-individual consumers can nominate individuals as nominated representatives who can share Consumer Data Right (CDR) data and manage data sharing on their behalf. Non-individual consumers can make and revoke such nominations.

A non-individual consumer needs to nominate at least one individual as a nominated representative for CDR data to be shared on their behalf.

The nominated representative is responsible for interacting with the data holder and the ADR on behalf of the business. They can give consent for the data holder to share data with the ADR, amend or revoke consent, and manage the data sharing relationship.

Info

This is only available as a WSO2 Update from WSO2 Open Banking Identity Server CDS Toolkit Level 1.0.0.8 onwards. For more information on updating, see Getting WSO2 Updates.

Integrating with the Bank Backend

The bank's back end endpoint for retrieving the user's accounts list returns a response of the shareable account in the following format:

{
   "account_id":"143-000-B1234",
   "display_name":"business_account_1",
   "accountId":"143-000-B1234",
   "accountName":"business_account_1",
   "authorizationMethod":"single",
   "nickName":"not-working",
   "customerAccountType":"Business",
   "profileName":"Organization A",
   "profileId":"00001",
   "type":"TRANS_AND_SAVINGS_ACCOUNTS",
   "isEligible":true,
   "isJointAccount":false,
   "jointAccountConsentElectionStatus":false,
   "isSecondaryAccount":false,
   "businessAccountInfo":{
   "AccountOwners":[
      {
         "memberId":"[email protected]@carbon.super",
         "meta":{}
      },
      {
         "memberId":"[email protected]@carbon.super",
         "meta":{}
      }
   ],
   "NominatedRepresentatives":[
      {
         "memberId":"[email protected]@carbon.super",
         "meta":{}
      },
      {
         "memberId":"[email protected]@carbon.super",
         "meta":{}
      },
      {
         "memberId":"[email protected]@carbon.super",
         "meta":{}
      }
   ]
   }
}

The customerAccountType and businessAccountInfo properties will be added for the business nominated representative feature.

Managing Nominated Representative Permissions

Creating and updating permissions

PUT https://<IS_HOST>/cds/account-metadata/business-stakeholders

This endpoint is secured with basic authentication.

A sample request is given below:

{
   "data": [
      {
         "accountID": "143-000-B1234",
         "accountOwners": [
            "[email protected]@carbon.super",
            "[email protected]@carbon.super"
         ],
         "nominatedRepresentatives": [
            {
               "name": "[email protected]@carbon.super",
               "permission": "AUTHORIZE"
            },
            {
               "name": "[email protected]@carbon.super",
               "permission": "AUTHORIZE"
            },
            {
               "name": "[email protected]@carbon.super",
               "permission": "VIEW"
            }
         ]
      }
   ]
}

Revoking permissions

This endpoint is secured with basic authentication.

DELETE https://<IS_HOST>/cds/account-metadata/business-stakeholders

A sample request is given below:

{
   "data": [
      {
         "accountID": "143-000-B1234",
         "accountOwners": [
            "[email protected]@carbon.super"
         ],
         "nominatedRepresentatives": [
            "[email protected]@carbon.super"
         ]
      }
   ]
}

Retrieve stakeholder permissions

This endpoint is secured with basic authentication.

GET https://<IS_HOST>/cds/account-metadata/business-stakeholders/[email protected]&accountId=143-000-B1234

A sample response is given below:

{
   "userId": "[email protected]@carbon.super",
   "permissionStatus": {
      "143-000-B1234": "AUTHORIZE"
   }
}

Retrieving stakeholder profile type (as business or individual)

This endpoint is secured with basic authentication.

GET https://<IS_HOST>/cds/account-metadata/business-stakeholders/[email protected]

A sample response is given below:

{
   "UserId": "[email protected]@carbon.super",
   "userProfiles": [
      "business",
      "individual"
   ]
}
Top