Consents

After a successful flow, a consent token can be retrieved from the XS2A API. This consent token allows to fetch current data via the Consent API. Keep in mind that a consent with a lifetime of zero is not retrievable.

NOTE: This is only available for banks that are connected via a PSD2 API.

To access the Consent API, a consent token has to be retrieved after at least one flow finished successfully and before the session is closed or a timeout has occurred.

To retrieve the consent token the url specified in the data.consent-field in the response of the create session-call has to be called.

Request

POST /xs2a/v1/sessions/{session-id}/consent/get HTTP/1.1
Content-Type: application/json;charset=utf-8
Authorization: Token <Token>
Host: <Host>
curl -X "POST" "/xs2a/v1/sessions/{session-id}/consent/get" \
     -H "Content-Type: application/json;charset=utf-8" \
     -H "Authorization: Token <token>"  \

session-id String, required

The identifier of the XS2A Session.

Response

HTTP/1.1 200 OK
Content-Type: application/json
{
    "data": {
        "consent_id": String,
        "consent_token": String,
        "consents": {
            <flow_type>: URL,
            ...
        }
    }
}

data.consent_id String, always present

The identfier of the consent.

data.consent_token String, always present

The token that is required for the actual consent requests.

data.consents Object, always present

The consents property is a map that holds urls to the corresponding consent call. Each entry in the consents property represents a consent call of the type specified by the entry's key (flow_type). The value of an entry is the url that, when called, starts a consent call of the specified type.

Note that only entries which were granted will be displayed. You can set the consent_scope in the session create call.

Example

POST https://api.openbanking.klarna.com/xs2a/v1/sessions/uguh0bcvhskm0v5rdrsfif54cftg034t/consent/get
{
    "data": {
        "consent_id": "gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk",
        "consent_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IjEyMzQ1Njc4OTAifQ.na71ipK8ASvggoM6C5vMjBKgJlZLxV-m6ElgHBrNtlU",
        "consents": {
            "accounts": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/accounts/get",
            "account_details": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/account-details/get",
            "balances": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/balances/get",
            "transactions": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/transactions/get",
        }
    }
}

NOTE: A consent token can only be used once. After using a consent token, a new one is returned.

The returned consent token can be used to retrieve account information using the different requests.

results matching ""

    No results matching ""