After a successful flow, a consent token can be retrieved from the XS2A API. This consent token allows to fetch current data via the Consent API.

NOTE: This is only available for banks that are connected via a PSD2 API.

To access the Consent API, a consent token has to be retrieved immediately after at least one AIS flow was finished and before the session is closed or a timeout has occurred.

To retrieve the consent token the url specified in the data.consent-field in the response of the create session-call has to be called.


POST /xs2a/v1/sessions/{session-id}/consent/get HTTP/1.1
Content-Type: application/json;charset=utf-8
Authorization: Bearer <Token>
Host: <Host>
curl -X "POST" "/xs2a/v1/sessions/{session-id}/consent/get" \
     -H "Content-Type: application/json;charset=utf-8" \
     -H "Authorization: Bearer <token>"  \

session-id String, required

The identifier of the XS2A Session.


    "data": {
        "consent_id": string,
        "consent_token": string,

data.consent_id String, always present

The identfier of the consent.

data.consent_token String, always present

The token that is required for the actual consent requests.


    "data": {
        "consent_id": "gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk",
        "consent_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IjEyMzQ1Njc4OTAifQ.na71ipK8ASvggoM6C5vMjBKgJlZLxV-m6ElgHBrNtlU"

NOTE: A consent token can only be used once. After using a consent token, a new one is returned.

The returned consent token can be used in the Consent API.

results matching ""

    No results matching ""