diff --git a/opba-banking-protocol-facade/src/main/java/de/adorsys/opba/protocol/facade/config/encryption/CmsEncryptionOper.java b/opba-banking-protocol-facade/src/main/java/de/adorsys/opba/protocol/facade/config/encryption/CmsEncryptionOper.java
index b588846f9a..6052c855f4 100644
--- a/opba-banking-protocol-facade/src/main/java/de/adorsys/opba/protocol/facade/config/encryption/CmsEncryptionOper.java
+++ b/opba-banking-protocol-facade/src/main/java/de/adorsys/opba/protocol/facade/config/encryption/CmsEncryptionOper.java
@@ -62,6 +62,10 @@ public static class CmsEncryption implements EncryptionService {
         @Override
         @SneakyThrows
         public byte[] encrypt(byte[] data) {
+            if (null == data) {
+                return new byte[0];
+            }
+
             CMSEnvelopedDataGenerator generator = new CMSEnvelopedDataGenerator();
             generator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(encryptionKeyId.getBytes(StandardCharsets.UTF_8), publicKey));
             return generator.generate(
@@ -72,6 +76,10 @@ public byte[] encrypt(byte[] data) {
         @Override
         @SneakyThrows
         public byte[] decrypt(byte[] data) {
+            if (null == data || 0 == data.length) {
+                return null;
+            }
+
             CMSEnvelopedDataParser parser = new CMSEnvelopedDataParser(data);
             return parser.getRecipientInfos().iterator().next().getContent(new JceKeyTransEnvelopedRecipient(privateKey));
         }
diff --git a/opba-consent-rest-api/src/main/resources/static/tpp_consent_api.yml b/opba-consent-rest-api/src/main/resources/static/tpp_consent_api.yml
index 24051b363b..32d8dd9418 100644
--- a/opba-consent-rest-api/src/main/resources/static/tpp_consent_api.yml
+++ b/opba-consent-rest-api/src/main/resources/static/tpp_consent_api.yml
@@ -185,7 +185,7 @@ paths:
       security:
         - sessionCookie: []
 
-  /v1/consent/{auth-id}/fromAspsp/{redirectState}/ok:
+  /v1/consent/{auth-id}/fromAspsp/{redirectState}/ok/{fromAspspRedirectCode}:
     get:
       operationId: fromAspspOkUsingGET
       tags:
@@ -215,8 +215,8 @@ paths:
         #path
         - $ref: "#/components/parameters/auth-id"
         - $ref: "#/components/parameters/redirectState"
+        - $ref: "#/components/parameters/fromAspspRedirectCode"
         #query
-        - $ref: "#/components/parameters/redirectCode"
         - $ref: "#/components/parameters/code"
       responses:
         "200":
@@ -226,7 +226,7 @@ paths:
       security:
         - redirectCookie: []
 
-  /v1/consent/{auth-id}/fromAspsp/{redirectState}/nok:
+  /v1/consent/{auth-id}/fromAspsp/{redirectState}/nok/{fromAspspRedirectCode}:
     get:
       operationId: fromAspspNokUsingGET
       tags:
@@ -239,8 +239,7 @@ paths:
         #path
         - $ref: "#/components/parameters/auth-id"
         - $ref: "#/components/parameters/redirectState"
-        #query
-        - $ref: "#/components/parameters/redirectCode"
+        - $ref: "#/components/parameters/fromAspspRedirectCode"
       responses:
         "200":
           $ref: "#/components/responses/200_AuthorizeResponse"
@@ -353,7 +352,17 @@ components:
       name: redirectCode
       in: query
       description: Code used to retrieve a redirect session. This is
-        generaly transported as a query parameter
+        generaly transported as a query parameter.
+      example: "faadsf93nlas32wx"
+      schema:
+        type: string
+
+    fromAspspRedirectCode:
+      name: fromAspspRedirectCode
+      in: path
+      description: Code used to retrieve a redirect session. This is
+        generaly transported as a path parameter due to some banks limitiations (ING ASPSP) instead of
+        being transported as query parameter
       example: "faadsf93nlas32wx"
       schema:
         type: string
diff --git a/opba-consent-rest-impl/src/main/java/de/adorsys/opba/consentapi/controller/FromAspspConsentServiceController.java b/opba-consent-rest-impl/src/main/java/de/adorsys/opba/consentapi/controller/FromAspspConsentServiceController.java
index 5ecb42d4f5..2ac7df0639 100644
--- a/opba-consent-rest-impl/src/main/java/de/adorsys/opba/consentapi/controller/FromAspspConsentServiceController.java
+++ b/opba-consent-rest-impl/src/main/java/de/adorsys/opba/consentapi/controller/FromAspspConsentServiceController.java
@@ -22,13 +22,13 @@ public class FromAspspConsentServiceController implements FromAspspConsentAuthor
     public CompletableFuture fromAspspOkUsingGET(
             String authId,
             String redirectState,
-            String redirectCode,
+            String fromAspspRedirectCode,
             String code) {
 
         return fromAspspRedirectHandler.execute(
                 FromAspspRequest.builder()
                         .facadeServiceable(serviceableTemplate.toBuilder()
-                                .redirectCode(redirectCode)
+                                .redirectCode(fromAspspRedirectCode)
                                 .authorizationSessionId(authId)
                                 .build()
                         )
@@ -42,12 +42,12 @@ public CompletableFuture fromAspspOkUsingGET(
     public CompletableFuture fromAspspNokUsingGET(
             String authId,
             String redirectState,
-            String redirectCode) {
+            String fromAspspRedirectCode) {
 
         return fromAspspRedirectHandler.execute(
                 FromAspspRequest.builder()
                         .facadeServiceable(serviceableTemplate.toBuilder()
-                                .redirectCode(redirectCode)
+                                .redirectCode(fromAspspRedirectCode)
                                 .authorizationSessionId(authId)
                                 .build()
                         )
diff --git a/opba-db/src/main/java/de/adorsys/opba/db/domain/entity/Consent.java b/opba-db/src/main/java/de/adorsys/opba/db/domain/entity/Consent.java
index 26dcb1e0f1..43ceffc728 100644
--- a/opba-db/src/main/java/de/adorsys/opba/db/domain/entity/Consent.java
+++ b/opba-db/src/main/java/de/adorsys/opba/db/domain/entity/Consent.java
@@ -84,11 +84,17 @@ public void setContext(EncryptionService encryption, String context) {
     }
 
     public String getConsentId(EncryptionService encryption) {
-        return new String(encryption.decrypt(encConsentId), StandardCharsets.UTF_8);
+        byte[] decryptedConsent = encryption.decrypt(encConsentId);
+        if (null == decryptedConsent) {
+            return null;
+        }
+
+        return new String(decryptedConsent, StandardCharsets.UTF_8);
     }
 
     public void setConsentId(EncryptionService encryption, String consent) {
-        this.encConsentId = encryption.encrypt(consent.getBytes(StandardCharsets.UTF_8));
+        byte[] consentToEncrypt = null == consent ? null : consent.getBytes(StandardCharsets.UTF_8);
+        this.encConsentId = encryption.encrypt(consentToEncrypt);
     }
 }
 
diff --git a/opba-embedded-starter/src/main/resources/application.yml b/opba-embedded-starter/src/main/resources/application.yml
index 8561658f8b..067e2f7005 100644
--- a/opba-embedded-starter/src/main/resources/application.yml
+++ b/opba-embedded-starter/src/main/resources/application.yml
@@ -219,8 +219,8 @@ protocol:
       common:
         to-aspsp: /{authSessionId}/to-aspsp-redirection?redirectCode={redirectCode}
         web-hooks:
-          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
           result: /{authSessionId}/consent-result?redirectCode={redirectCode}
         parameters:
           provide-more: /{authSessionId}?redirectCode={redirectCode}
@@ -254,8 +254,8 @@ protocol:
         redirect:
           to-aspsp: ${facade.urls.embedded-ui-base-url}/ais/{authSessionId}/to-aspsp-redirection
           web-hooks:
-            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
             result: ${facade.urls.embedded-ui-base-url}/ais/{authSessionId}/consent-result?redirectCode={redirectCode}
           parameters:
             max-array-size: 32
@@ -268,8 +268,8 @@ protocol:
         redirect:
           to-aspsp: ${facade.urls.embedded-ui-base-url}/pis/{authSessionId}/to-aspsp-redirection
           web-hooks:
-            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
             result: ${facade.urls.embedded-ui-base-url}/pis/{authSessionId}/consent-result?redirectCode={redirectCode}
           parameters:
             max-array-size: 32
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-sandbox/src/test/resources/application-test-mocked-sandbox.yml b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-sandbox/src/test/resources/application-test-mocked-sandbox.yml
index 71f376232c..e9c326a13e 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-sandbox/src/test/resources/application-test-mocked-sandbox.yml
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-sandbox/src/test/resources/application-test-mocked-sandbox.yml
@@ -15,12 +15,12 @@ protocol:
     urls:
       ais:
         web-hooks:
-          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
       pis:
         web-hooks:
-          ok:  ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok:  ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
 
 # FinTech request signing section:
 security:
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-tests-common/src/main/resources/application-test-one-time-postgres-ramfs.yml b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-tests-common/src/main/resources/application-test-one-time-postgres-ramfs.yml
index 3f485fd8f5..64a8ff3536 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-tests-common/src/main/resources/application-test-one-time-postgres-ramfs.yml
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-tests-common/src/main/resources/application-test-one-time-postgres-ramfs.yml
@@ -210,8 +210,8 @@ protocol:
       common:
         to-aspsp: /{authSessionId}/to-aspsp-redirection?redirectCode={redirectCode}
         web-hooks:
-          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
           result: /{authSessionId}/consent-result?redirectCode={redirectCode}
         parameters:
           provide-more: /{authSessionId}?redirectCode={redirectCode}
@@ -245,8 +245,8 @@ protocol:
         redirect:
           to-aspsp: ${facade.urls.embedded-ui-base-url}/ais/{authSessionId}/to-aspsp-redirection
           web-hooks:
-            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
             result: ${facade.urls.embedded-ui-base-url}/ais/{authSessionId}/consent-result?redirectCode={redirectCode}
           parameters:
             max-array-size: 32
@@ -259,8 +259,8 @@ protocol:
         redirect:
           to-aspsp: ${facade.urls.embedded-ui-base-url}/pis/{authSessionId}/to-aspsp-redirection
           web-hooks:
-            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+            ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+            nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
             result: ${facade.urls.embedded-ui-base-url}/pis/{authSessionId}/consent-result?redirectCode={redirectCode}
           parameters:
             max-array-size: 32
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockAccountInformationRequest.java b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockAccountInformationRequest.java
index d2b8ce3582..d1f1176c3c 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockAccountInformationRequest.java
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockAccountInformationRequest.java
@@ -67,7 +67,7 @@ public SELF open_banking_redirect_from_aspsp_with_static_oauth2_code_to_exchange
                 .given()
                     .cookie(AUTHORIZATION_SESSION_KEY, authSessionCookie)
                 .when()
-                    .get(redirectOkUri + "&code=" + code)
+                    .get(redirectOkUri + "?code=" + code)
                 .then()
                     .statusCode(HttpStatus.SEE_OTHER.value())
                 .extract();
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockPaymentRequest.java b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockPaymentRequest.java
index 0a4fcd333f..b64616fdd4 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockPaymentRequest.java
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/java/de/adorsys/opba/protocol/xs2a/tests/e2e/wiremock/mocks/WiremockPaymentRequest.java
@@ -66,7 +66,7 @@ public SELF open_banking_redirect_from_aspsp_with_static_oauth2_code_to_exchange
                 .given()
                     .cookie(AUTHORIZATION_SESSION_KEY, authSessionCookie)
                 .when()
-                    .get(redirectOkUri + "&code=" + code)
+                    .get(redirectOkUri + "?code=" + code)
                 .then()
                     .statusCode(HttpStatus.SEE_OTHER.value())
                 .extract();
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/application-test-mocked-sandbox.yml b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/application-test-mocked-sandbox.yml
index 93360764d0..071b9d85da 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/application-test-mocked-sandbox.yml
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/application-test-mocked-sandbox.yml
@@ -17,9 +17,9 @@ protocol:
     urls:
       ais:
         web-hooks:
-          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
       pis:
         web-hooks:
-          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${protocol.gateway-base-url}/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
index 366f4a774f..1acbd81f1e 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
index 1d9fd3f57b..454873ac7e 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
index 5153d7cc53..370453a539 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
index ba23119c51..57a74c357a 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord-nonhappy/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/accounts/results-xs2a/mappings/mapping-v1-consents-14841.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/accounts/results-xs2a/mappings/mapping-v1-consents-14841.json
index 39f9ebcc93..2737dae66d 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/accounts/results-xs2a/mappings/mapping-v1-consents-14841.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/accounts/results-xs2a/mappings/mapping-v1-consents-14841.json
@@ -14,13 +14,13 @@
         "equalTo": "anton.brueckner"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/payments/results-xs2a/mappings/mapping-v1-27380.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/payments/results-xs2a/mappings/mapping-v1-27380.json
index 645e4d475b..b0a6f6e415 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/payments/results-xs2a/mappings/mapping-v1-27380.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/integrated/payments/results-xs2a/mappings/mapping-v1-27380.json
@@ -11,13 +11,13 @@
         "equalTo": "anton.brueckner"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-47431.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-47431.json
index cb98d5bfbb..b741b32003 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-47431.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-47431.json
@@ -15,13 +15,13 @@
         "equalTo": "anton.brueckner"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-55757.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-55757.json
index a92286c706..f5ddf7ddf3 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-55757.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/accounts/results-xs2a/mappings/mapping-v1-consents-55757.json
@@ -18,13 +18,13 @@
         "equalTo": "Bearer eyJraWQiOiJFWmtfUDNHd1I2OG9iUEwzSGxDbng0IiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJkMGF1dUlxN1J6QXR6dkNEVDh6bV9vIiwidG9rZW5fdXNhZ2UiOiJMT0dJTiIsInJvbGUiOiJDVVNUT01FUiIsInNjYV9pZCI6Im12RU5SbE5pU3NjcXJuWVNqdnZnYlUiLCJhdXRob3Jpc2F0aW9uX2lkIjoibXZFTlJsTmlTc2Nxcm5ZU2p2dmdiVSIsImV4cCI6MTU5OTY1Mzk5NywibG9naW4iOiJhbnRvbi5icnVlY2tuZXIiLCJpYXQiOjE1OTk2NTM2OTcsImp0aSI6ImdMeVZoZlVLUmdRaU9vbmpaMzVqakkifQ.d3A5uBRFkDcpY8IvYHf3niiDA_BmDgp5aIuoaT2t4xE"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-11840.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-11840.json
index f1805d1b7b..e03e4265c1 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-11840.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-11840.json
@@ -12,13 +12,13 @@
         "equalTo": "anton.brueckner"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-58960.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-58960.json
index 87ce4ac8df..759127d392 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-58960.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/oauth2/prestep/payments/results-xs2a/mappings/mapping-v1-58960.json
@@ -15,13 +15,13 @@
         "equalTo": "Bearer eyJraWQiOiJpc3FyWW04QlNpY2w2ZXhRcEhHREpBIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJkMGF1dUlxN1J6QXR6dkNEVDh6bV9vIiwidG9rZW5fdXNhZ2UiOiJMT0dJTiIsInJvbGUiOiJDVVNUT01FUiIsInNjYV9pZCI6IjBiekJRellmUUZjaWFEdkk2VjZoX28iLCJhdXRob3Jpc2F0aW9uX2lkIjoiMGJ6QlF6WWZRRmNpYUR2STZWNmhfbyIsImV4cCI6MTU5OTY1NDExNCwibG9naW4iOiJhbnRvbi5icnVlY2tuZXIiLCJpYXQiOjE1OTk2NTM4MTQsImp0aSI6InNUMGppVGd2VERvb2NCVnM1YTdMYzAifQ.vejR6GNnsONmxGKj_bPV_Hun0n2iUVmQt6WZ6SAZq5g"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/nok/.+"
       },
       "PSU-IP-Address": {
         "matches": "\\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}\\b"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok\\?redirectCode=.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/STUB_STATE/ok/.+"
       },
       "Content-Type": {
         "equalTo": "application/json; charset=UTF-8"
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
index 36cfad62d2..a10b87e8d4 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24281.json
@@ -20,10 +20,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
index d51a4765bd..5c0939a687 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandbox/mappings/mapping-v1-consents-24283.json
@@ -20,10 +20,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
index 5153d7cc53..370453a539 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-3.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
index ba23119c51..57a74c357a 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/accounts/sandboxnopsu/mappings/mapping-v1-consents-4.json
@@ -17,10 +17,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-8071.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-8071.json
index 5f1109e53b..9a60ade227 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-8071.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-8071.json
@@ -20,10 +20,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-9071.json b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-9071.json
index 58eb34470e..6666c1ded3 100644
--- a/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-9071.json
+++ b/opba-protocols/xs2a-protocol-tests/xs2a-bdd-wiremock/src/main/resources/mockedsandbox/restrecord/redirect/transactions/sandbox/mappings/mapping-v1-consents-9071.json
@@ -20,10 +20,10 @@
         "equalTo": "application/json; charset=UTF-8"
       },
       "TPP-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/ok/.+"
       },
       "TPP-Nok-Redirect-URI": {
-        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok\\?.+"
+        "matches": "http://localhost:\\d+/v1/consent/.+/fromAspsp/.+/nok/.+"
       }
     },
     "bodyPatterns": [
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/constant/GlobalConst.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/constant/GlobalConst.java
index b5a9cdd477..dab619cdc2 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/constant/GlobalConst.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/constant/GlobalConst.java
@@ -48,4 +48,9 @@ public class GlobalConst {
      * Commonly used keyword for DTO mappers.
      */
     public static final String SPRING_KEYWORD = "spring";
+
+    /**
+     * ING-specific xs2a Adapter peculiarity.
+     */
+    public static final String OAUTH_CONSENT = "oauthConsent";
 }
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/context/Xs2aContext.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/context/Xs2aContext.java
index afde006203..16002396f3 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/context/Xs2aContext.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/context/Xs2aContext.java
@@ -74,6 +74,12 @@ public class Xs2aContext extends BaseContext {
      */
     private String consentId;
 
+    /**
+     * For banks that do not support 'consentId' (ING), indicates that consent was acquired.
+     */
+    private boolean consentAcquired;
+
+
     /**
      * Authorization ID (ASPSP facing) to use for current authorization session.
      */
@@ -165,6 +171,11 @@ public class Xs2aContext extends BaseContext {
      */
     private boolean oauth2IntegratedNeeded;
 
+    /**
+     * Indicates that ASPSP requires Oauth2-Consent of special type (ING bank).
+     */
+    private boolean oauth2ConsentNeeded;
+
     /**
      * SCA Oauth2 link to follow.
      */
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aAccountListingService.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aAccountListingService.java
index 96c9adef5a..590e72d737 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aAccountListingService.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aAccountListingService.java
@@ -18,6 +18,7 @@
 import org.flowable.engine.delegate.DelegateExecution;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
 
 /**
  * Calls ASPSP XS2A API to list the accounts using already existing consent.
@@ -38,7 +39,12 @@ public class Xs2aAccountListingService extends ValidatedExecution<Xs2aAisContext
     protected void doValidate(DelegateExecution execution, Xs2aAisContext context) {
         logResolver.log("doValidate: execution ({}) with context ({})", execution, context);
 
+        var consentId = context.getConsentId();
+        if (context.isConsentAcquired() && StringUtils.isEmpty(context.getConsentId())) { // ING specific
+            context.setConsentId("DUMMY");
+        }
         validator.validate(execution, context, this.getClass(), extractor.forValidation(context));
+        context.setConsentId(consentId);
     }
 
     @Override
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aTransactionListingService.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aTransactionListingService.java
index b4cc081416..5443663fd6 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aTransactionListingService.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/ais/Xs2aTransactionListingService.java
@@ -24,6 +24,7 @@
 import org.flowable.engine.delegate.DelegateExecution;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
 
 import java.util.Collections;
 import java.util.Set;
@@ -42,11 +43,17 @@ public class Xs2aTransactionListingService extends ValidatedExecution<Transactio
     private final AccountInformationService ais;
     private final Xs2aConsentErrorHandler handler;
     private final Xs2aLogResolver logResolver = new Xs2aLogResolver(getClass());
+
     @Override
     protected void doValidate(DelegateExecution execution, TransactionListXs2aContext context) {
         logResolver.log("doValidate: execution ({}) with context ({})", execution, context);
 
+        var consentId = context.getConsentId();
+        if (context.isConsentAcquired() && StringUtils.isEmpty(context.getConsentId())) { // ING specific
+            context.setConsentId("DUMMY");
+        }
         validator.validate(execution, context, this.getClass(), extractor.forValidation(context));
+        context.setConsentId(consentId);
     }
 
     @Override
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/BaseCreateAisConsentService.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/BaseCreateAisConsentService.java
index 255a7b6c1f..20527e6f11 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/BaseCreateAisConsentService.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/BaseCreateAisConsentService.java
@@ -2,6 +2,7 @@
 
 import de.adorsys.opba.protocol.bpmnshared.service.exec.ValidatedExecution;
 import de.adorsys.opba.protocol.xs2a.context.Xs2aContext;
+import de.adorsys.opba.protocol.xs2a.service.xs2a.oauth2.OAuth2Util;
 import de.adorsys.opba.protocol.xs2a.util.logresolver.Xs2aLogResolver;
 import de.adorsys.xs2a.adapter.api.Response;
 import de.adorsys.xs2a.adapter.api.model.ConsentsResponse201;
@@ -12,7 +13,6 @@
 
 import static de.adorsys.opba.protocol.bpmnshared.GlobalConst.CONTEXT;
 import static de.adorsys.xs2a.adapter.api.ResponseHeaders.ASPSP_SCA_APPROACH;
-import static de.adorsys.xs2a.adapter.impl.link.bg.template.LinksTemplate.SCA_OAUTH;
 
 public abstract class BaseCreateAisConsentService<T extends Xs2aContext> extends ValidatedExecution<T> {
 
@@ -29,9 +29,8 @@ protected void doMockedExecution(DelegateExecution execution, T context) {
     protected void postHandleCreatedConsent(Response<ConsentsResponse201> consentInit, DelegateExecution execution, Xs2aContext context) {
         context.setWrongAuthCredentials(false);
         context.setConsentId(consentInit.getBody().getConsentId());
-        if (null != consentInit.getBody().getLinks() && consentInit.getBody().getLinks().containsKey(SCA_OAUTH)) {
-            context.setOauth2IntegratedNeeded(true);
-            context.setScaOauth2Link(consentInit.getBody().getLinks().get(SCA_OAUTH).getHref());
+        if (null != consentInit.getBody()) {
+            handleOAuthIfPossible(consentInit, context);
         }
 
         if (null != consentInit.getHeaders() && Strings.isNotBlank(consentInit.getHeaders().getHeader(ASPSP_SCA_APPROACH))) {
@@ -43,4 +42,14 @@ protected void postHandleCreatedConsent(Response<ConsentsResponse201> consentIni
 
         execution.setVariable(CONTEXT, context);
     }
+
+    private void handleOAuthIfPossible(Response<ConsentsResponse201> consentInit, Xs2aContext context) {
+        var links = consentInit.getBody().getLinks();
+        if (null == links && null == consentInit.getBody().getConsentId()) { // NOTE that PIS does not contain similar logic (per ING bank impl)
+            context.setOauth2IntegratedNeeded(true);
+            context.setOauth2ConsentNeeded(true);
+        } else {
+            OAuth2Util.handlePossibleOAuth2(links, context);
+        }
+    }
 }
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/ConsentFinder.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/ConsentFinder.java
index ce2c13bb2b..3705238f93 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/ConsentFinder.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/ConsentFinder.java
@@ -13,6 +13,6 @@
 public class ConsentFinder {
 
     public boolean consentExists(Xs2aContext context) {
-        return !Strings.isNullOrEmpty(context.getConsentId());
+        return context.isConsentAcquired() || !Strings.isNullOrEmpty(context.getConsentId());
     }
 }
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aLoadConsentAndContextFromDb.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aLoadConsentAndContextFromDb.java
index aaf16f3915..f221c475dc 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aLoadConsentAndContextFromDb.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aLoadConsentAndContextFromDb.java
@@ -106,24 +106,28 @@ public interface ContextMerger {
         @Mapping(target = "flowByAction", ignore = true)
         @Mapping(target = "psuPassword", ignore = true)
         @Mapping(target = "lastScaChallenge", ignore = true)
+        @Mapping(target = "consentAcquired", ignore = true)
         void merge(Xs2aAisContext source, @MappingTarget Xs2aAisContext target);
 
         @Mapping(target = "mode", ignore = true)
         @Mapping(target = "flowByAction", ignore = true)
         @Mapping(target = "psuPassword", ignore = true)
         @Mapping(target = "lastScaChallenge", ignore = true)
+        @Mapping(target = "consentAcquired", ignore = true)
         void merge(Xs2aAisContext source, @MappingTarget TransactionListXs2aContext target);
 
         @Mapping(target = "mode", ignore = true)
         @Mapping(target = "flowByAction", ignore = true)
         @Mapping(target = "psuPassword", ignore = true)
         @Mapping(target = "lastScaChallenge", ignore = true)
+        @Mapping(target = "consentAcquired", ignore = true)
         void merge(TransactionListXs2aContext source, @MappingTarget TransactionListXs2aContext target);
 
         @Mapping(target = "mode", ignore = true)
         @Mapping(target = "flowByAction", ignore = true)
         @Mapping(target = "psuPassword", ignore = true)
         @Mapping(target = "lastScaChallenge", ignore = true)
+        @Mapping(target = "consentAcquired", ignore = true)
         void merge(AccountListXs2aContext source, @MappingTarget TransactionListXs2aContext target);
     }
 }
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aPersistConsentAndContext.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aPersistConsentAndContext.java
index e0f8d7011b..18df2de7cb 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aPersistConsentAndContext.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/consent/Xs2aPersistConsentAndContext.java
@@ -30,7 +30,13 @@ protected void doRealExecution(DelegateExecution execution, Xs2aContext context)
         ProtocolFacingConsent consent = context.consentAccess().findSingleByCurrentServiceSession()
                 .orElseGet(() -> context.consentAccess().createDoNotPersist());
 
+        // ING special condition
+        if (null == context.getConsentId()) {
+            context.setConsentAcquired(true);
+        }
+
         consent.setConsentId(context.getConsentId());
+
         consent.setConsentContext(
                 mapper.getMapper().writeValueAsString(
                         ImmutableMap.of(context.getClass().getCanonicalName(), context)
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/dto/oauth2/Xs2aOauth2Parameters.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/dto/oauth2/Xs2aOauth2Parameters.java
index f61d81f58d..c40ea48fc3 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/dto/oauth2/Xs2aOauth2Parameters.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/dto/oauth2/Xs2aOauth2Parameters.java
@@ -28,6 +28,9 @@ public class Xs2aOauth2Parameters {
     // can be blank in pre-step (pre-Authentication), but either consentId/paymentId should be filled in integrated Oauth2
     private String paymentId;
 
+    // Can be blank, only for ING
+    private String scope;
+
     // TODO - MapStruct?
     public Oauth2Service.Parameters toParameters() {
         Oauth2Service.Parameters parameters = new Oauth2Service.Parameters();
@@ -36,6 +39,7 @@ public Oauth2Service.Parameters toParameters() {
         parameters.setConsentId(consentId);
         parameters.setPaymentId(paymentId);
         parameters.setScaOAuthLink(scaOauthLink);
+        parameters.setScope(scope);
         return parameters;
     }
 
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/OAuth2Util.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/OAuth2Util.java
new file mode 100644
index 0000000000..46a7df4930
--- /dev/null
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/OAuth2Util.java
@@ -0,0 +1,24 @@
+package de.adorsys.opba.protocol.xs2a.service.xs2a.oauth2;
+
+import de.adorsys.opba.protocol.xs2a.context.Xs2aContext;
+import de.adorsys.xs2a.adapter.api.model.HrefType;
+import lombok.experimental.UtilityClass;
+
+import java.util.Map;
+
+import static de.adorsys.xs2a.adapter.impl.link.bg.template.LinksTemplate.SCA_OAUTH;
+
+@UtilityClass
+public class OAuth2Util {
+
+    public void handlePossibleOAuth2(Map<String, HrefType> bodyLinks, Xs2aContext context) {
+        if (null == bodyLinks) {
+            return;
+        }
+
+        if (bodyLinks.containsKey(SCA_OAUTH)) {
+            context.setOauth2IntegratedNeeded(true);
+            context.setScaOauth2Link(bodyLinks.get(SCA_OAUTH).getHref());
+        }
+    }
+}
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/Xs2aRedirectUserToOauth2AuthorizationServer.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/Xs2aRedirectUserToOauth2AuthorizationServer.java
index 995e739379..0a8bb5aea0 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/Xs2aRedirectUserToOauth2AuthorizationServer.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/oauth2/Xs2aRedirectUserToOauth2AuthorizationServer.java
@@ -6,6 +6,7 @@
 import de.adorsys.opba.protocol.bpmnshared.service.exec.ValidatedExecution;
 import de.adorsys.opba.protocol.xs2a.config.protocol.ProtocolUrlsConfiguration;
 import de.adorsys.opba.protocol.xs2a.context.Xs2aContext;
+import de.adorsys.opba.protocol.xs2a.context.ais.Xs2aAisContext;
 import de.adorsys.opba.protocol.xs2a.context.pis.Xs2aPisContext;
 import de.adorsys.opba.protocol.xs2a.service.dto.QueryHeadersToValidate;
 import de.adorsys.opba.protocol.xs2a.service.dto.ValidatedQueryHeaders;
@@ -16,6 +17,7 @@
 import de.adorsys.opba.protocol.xs2a.service.xs2a.validation.Xs2aValidator;
 import de.adorsys.opba.protocol.xs2a.util.logresolver.Xs2aLogResolver;
 import de.adorsys.xs2a.adapter.api.Oauth2Service;
+import de.adorsys.xs2a.adapter.api.model.Scope;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.flowable.engine.RuntimeService;
@@ -96,9 +98,25 @@ private void enrichParametersAndContext(DelegateExecution execution, Xs2aContext
             parameters.setPaymentId(((Xs2aPisContext) context).getPaymentId());
         }
 
+        handleOauth2Consent(context, parameters);
+
         ContextUtil.getAndUpdateContext(execution, (Xs2aContext ctx) -> ctx.setOauth2RedirectBackLink(redirectBack));
     }
 
+    private void handleOauth2Consent(Xs2aContext context, Xs2aOauth2Parameters parameters) {
+        // ING special case
+        if (!context.isOauth2ConsentNeeded()) {
+            return;
+        }
+
+        if (context instanceof Xs2aAisContext) {
+            // TODO Better scope mapping
+            parameters.setScope(Scope.AIS.getValue());
+        } else {
+            parameters.setScope(Scope.PIS.getValue());
+        }
+    }
+
     @Service
     public static class Extractor extends QueryHeadersMapperTemplate<Xs2aContext, Xs2aOauth2Parameters, Xs2aOauth2Headers> {
 
diff --git a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/payment/CreateSinglePaymentService.java b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/payment/CreateSinglePaymentService.java
index 9a46aeffc5..a3b21b72c9 100644
--- a/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/payment/CreateSinglePaymentService.java
+++ b/opba-protocols/xs2a-protocol/src/main/java/de/adorsys/opba/protocol/xs2a/service/xs2a/payment/CreateSinglePaymentService.java
@@ -11,6 +11,7 @@
 import de.adorsys.opba.protocol.xs2a.service.xs2a.dto.Xs2aInitialPaymentParameters;
 import de.adorsys.opba.protocol.xs2a.service.xs2a.dto.payment.PaymentInitiateBody;
 import de.adorsys.opba.protocol.xs2a.service.xs2a.dto.payment.PaymentInitiateHeaders;
+import de.adorsys.opba.protocol.xs2a.service.xs2a.oauth2.OAuth2Util;
 import de.adorsys.opba.protocol.xs2a.service.xs2a.quirks.QuirkUtil;
 import de.adorsys.opba.protocol.xs2a.service.xs2a.validation.Xs2aValidator;
 import de.adorsys.opba.protocol.xs2a.util.logresolver.Xs2aLogResolver;
@@ -30,7 +31,6 @@
 
 import static de.adorsys.opba.protocol.xs2a.constant.GlobalConst.CONTEXT;
 import static de.adorsys.xs2a.adapter.api.ResponseHeaders.ASPSP_SCA_APPROACH;
-import static de.adorsys.xs2a.adapter.impl.link.bg.template.LinksTemplate.SCA_OAUTH;
 
 /**
  * Initiates Account list consent by sending mapped {@link de.adorsys.opba.protocol.api.dto.request.authorization.AisConsent}
@@ -91,9 +91,8 @@ protected void doMockedExecution(DelegateExecution execution, Xs2aPisContext con
     protected void postHandleCreatedPayment(Response<PaymentInitationRequestResponse201> paymentInit, DelegateExecution execution, Xs2aPisContext context) {
         context.setWrongAuthCredentials(false);
         context.setPaymentId(paymentInit.getBody().getPaymentId());
-        if (null != paymentInit.getBody().getLinks() && paymentInit.getBody().getLinks().containsKey(SCA_OAUTH)) {
-            context.setOauth2IntegratedNeeded(true);
-            context.setScaOauth2Link(paymentInit.getBody().getLinks().get(SCA_OAUTH).getHref());
+        if (null != paymentInit.getBody()) {
+            OAuth2Util.handlePossibleOAuth2(paymentInit.getBody().getLinks(), context);
         }
 
         if (null != paymentInit.getHeaders() && Strings.isNotBlank(paymentInit.getHeaders().getHeader(ASPSP_SCA_APPROACH))) {
diff --git a/opba-protocols/xs2a-protocol/src/main/resources/application.yml b/opba-protocols/xs2a-protocol/src/main/resources/application.yml
index e15841f1c2..5e47c401ad 100644
--- a/opba-protocols/xs2a-protocol/src/main/resources/application.yml
+++ b/opba-protocols/xs2a-protocol/src/main/resources/application.yml
@@ -92,8 +92,8 @@ protocol:
       common:
         to-aspsp: /{authSessionId}/to-aspsp-redirection?redirectCode={redirectCode}
         web-hooks:
-          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok?redirectCode={aspspRedirectCode}
-          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok?redirectCode={aspspRedirectCode}
+          ok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/ok/{aspspRedirectCode}
+          nok: ${facade.urls.embedded-ui-base-url}/embedded-server/v1/consent/{authSessionId}/fromAspsp/STUB_STATE/nok/{aspspRedirectCode}
           result: /{authSessionId}/consent-result?redirectCode={redirectCode}
         parameters:
           provide-more: /{authSessionId}?redirectCode={redirectCode}