Consents
Manage user consents for accessing account information.
AIS consent management endpoints for accessing banking account information.
Overview
Account Information Services (AIS) allows authorized access to banking data including
accounts, balances, and transactions. Users must authorize access through their bankβs
Strong Customer Authentication (SCA) flow.
Consent Scope
When creating a consent, you can specify which types of data you want to access:
| ["accounts", "balances", "transactions"] | Full access (default) - includes transaction history |
| ["accounts", "balances"] | Accounts and balances only - faster job completion |
Note: Other scope combinations are not supported. If no scope is provided, full scope is assumed.
Consent Lifecycle
- Create consent with desired scope (accounts, balances, or full)
- User authorizes via bankβs SCA flow
- Consent becomes active for data access
- Use data endpoints to retrieve banking information
- Refresh data as needed using background jobs
Consent Statuses
| created | Consent created, not yet accessed |
| started | User accessed consent link |
| sca_url_retrieved | Bank SCA URL obtained |
| awaiting_authz | Waiting for user authorization |
| authorized | User authorized, processing |
| active | Consent active, data accessible |
| expired | Authorization link timed out (user can no longer access WebUI) |
| revoked | Data access explicitly withdrawn via API (/ais/consents/revoke) |
| deactivated | Consent validity period ended (authorized_until reached) - automatic |
| failed | Authorization failed |
| suspended | Consent temporarily suspended |
Understanding Expiration vs Revocation
There are two different time-based concepts for consents:
| Link Expiration | expires_at (from expires_in) | When the authorization link/URL becomes inaccessible. After this time, users cannot access the WebUI to complete bank authorization. Max 45 days. |
| Consent Validity | authorized_until (from consent_validity_days) | When the data access consent expires and is automatically deactivated. After this time, data retrieval is no longer possible. Max 180 days. |
- Expired: The authorization link has timed out - only affects the ability to complete the SCA flow
- Revoked: The data access consent has been explicitly terminated via the
/ais/consents/revokeAPI endpoint (manual/client-driven) - Deactivated: The consent validity period has ended (
authorized_untilreached) - automatic/system-driven, no more access to banking data
Webhooks
Configure webhook_url when creating consents to receive notifications on status changes.
Webhook Payload:
{
"type": "consent_status_update",
"consent_id": "123e4567-e89b-12d3-a456-426614174000",
"status": "active"
}
| type | string | Always consent_status_update |
| consent_id | uuid | The consent that was updated |
| status | string | New consent status (see statuses above) |
What made this section helpful for you?
What made this section unhelpful for you?
Endpoints
/ais/consents/create
/ais/consents/get
/ais/consents/revoke
/ais/consents/redirect
What made this section helpful for you?
What made this section unhelpful for you?