After a successful flow, a consent token can be retrieved from the XS2A API. This consent token allows to fetch current data via the Consent API. Keep in mind that a consent with a lifetime of zero is not retrievable.

NOTE: This is only available for banks that are connected via a PSD2 API.

To access the Consent API, a consent token has to be retrieved after at least one flow finished successfully and before the session is closed or a timeout has occurred.

To retrieve the consent token the url specified in the data.consent-field in the response of the create session-call has to be called.


POST /xs2a/v1/sessions/{session-id}/consent/get HTTP/1.1
Content-Type: application/json;charset=utf-8
Authorization: Token <Token>
Host: <Host>
curl -X "POST" "/xs2a/v1/sessions/{session-id}/consent/get" \
     -H "Content-Type: application/json;charset=utf-8" \
     -H "Authorization: Token <token>"  \

session-id String, required

The identifier of the XS2A Session.


HTTP/1.1 200 OK
Content-Type: application/json
    "data": {
        "consent_id": String,
        "consent_token": String,
        "consents": {
            <flow_type>: URL,

data.consent_id String, always present

The identfier of the consent.

data.consent_token String, always present

The token that is required for the actual consent requests.

data.consents Object, always present

The consents property is a map that holds urls to the corresponding consent call. Each entry in the consents property represents a consent call of the type specified by the entry's key (flow_type). The value of an entry is the url that, when called, starts a consent call of the specified type.

Note that only entries which were granted will be displayed. You can set the consent_scope in the session create call.


    "data": {
        "consent_id": "gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk",
        "consent_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IjEyMzQ1Njc4OTAifQ.na71ipK8ASvggoM6C5vMjBKgJlZLxV-m6ElgHBrNtlU",
        "consents": {
            "accounts": "",
            "account_details": "",
            "balances": "",
            "transactions": "",

NOTE: A consent token can only be used once. After using a consent token, a new one is returned.

The returned consent token can be used to retrieve account information using the different requests.

results matching ""

    No results matching ""