Payment Refunds — Requirements v2.1
The tables below list the validation rules that apply to the Payment Refunds API. The Validated by column indicates where each rule is enforced.
All requests require an active Trust Framework application with the BSIP role, a valid transport certificate presented on every request via mTLS, and an active signing key for JWT signing.
GET /payment-consents/{ConsentId}/refund — Retrieve Refund Account
| # | Field | Rule | Validated by |
|---|---|---|---|
| 1 | Authorization | Must contain a valid Bearer access token obtained via a client_credentials grant with the payments scope. | API Hub |
| 2 | ConsentId (path) | The consent record linked to the ConsentId must include the ReadRefundAccount permission. | API Hub |
| 3 | Account state | The debtor account must not be blocked from receiving payments. If the account is blocked for a temporary reason (e.g. account status is Suspended, or the account is otherwise unable to receive a credit transaction refund on a transient basis), the response will be 403 with errorCode: Consent.AccountTemporarilyBlocked and errorMessage: The debtor account is blocked from receiving payments. If the account is blocked permanently (e.g. account status is Closed, Deceased, or Unclaimed), the response will be 403 with errorCode: Consent.PermanentAccountAccessFailure and errorMessage: The debtor account is blocked from receiving payments. | LFI |
| 4 | x-fapi-interaction-id | Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible. | N/A |