This standard was introduced with version 3.0 of the API standards, released in January 2024.
You can view the full standard and more information about its design principles in Confluence.
How it works
In order to receive event notifications, first the Third Party establishes a ‘long-lived’ consent with a customer. This is achieved by following the existing standards and can be used with Account Information or Enduring Payment Consent.
The Event Notification API standard then enables the following:
- The Third Party uses the ‘long-lived’ consent established with the customer to set up and provide an API endpoint to receive information from the API Provider as defined in the standards.
- The Third Party establishes a subscription for notifications by sending the API endpoint address to the API Provider and requesting that they provide updates to a given API resource to that endpoint address.
- If the Third Party’s request is valid and can be linked to a previously established consent from the Customer, the API Provider must then provide the response in the defined format when there is a change to the API resource – for instance, a change in the status of a consent from active to revoked.
This API standard enables Third Parties to request and receive ongoing notifications about changes to customer consents, as they happen – rather than needing to actively request this information from the API Provider before providing services to the customer.
Under version 3.0 of the API standards, the event notification function is limited to consent statuses. However future development may build on this to enable notifications about transactions, account balances, or changes to customer contact information.