Consents

After a successful flow, a consent token can be retrieved from the XS2A API. This consent token allows to fetch current data via the Consent API. Keep in mind that a consent with a lifetime of zero is not retrievable.

NOTE: This is only available for banks that are connected via a PSD2 API.

To access the Consent API, a consent token has to be retrieved after at least one flow finished successfully and before the session is closed or a timeout has occurred.

To retrieve the consent token the url specified in the data.consent-field in the response of the create session-call has to be called.

Request

POST /xs2a/v1/sessions/{session-id}/consent/get HTTP/1.1
Content-Type: application/json;charset=utf-8
Authorization: Token <Token>
Host: <Host>

curl -X "POST" "/xs2a/v1/sessions/{session-id}/consent/get" \
     -H "Content-Type: application/json;charset=utf-8" \
     -H "Authorization: Token <token>"  \

session-id String, required

The identifier of the XS2A Session.

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "data": {
        "consent_id": String,
        "consent_token": String,
        "consents": {
            <flow_type>: URL,
            ...
        }
    }
}

data.consent_id String, always present

The identfier of the consent.

data.consent_token String, always present

The token that is required for the actual consent requests.

data.consents Object, always present

The consents property is a map that holds urls to the corresponding consent call. Each entry in the consents property represents a consent call of the type specified by the entry's key (flow_type). The value of an entry is the url that, when called, starts a consent call of the specified type.

Note that only entries which were granted will be displayed. You can set the consent_scope in the session create call.

Example

POST https://api.openbanking.klarna.com/xs2a/v1/sessions/uguh0bcvhskm0v5rdrsfif54cftg034t/consent/get

{
    "data": {
        "consent_id": "gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk",
        "consent_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6IjEyMzQ1Njc4OTAifQ.na71ipK8ASvggoM6C5vMjBKgJlZLxV-m6ElgHBrNtlU",
        "consents": {
            "accounts": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/accounts/get",
            "account_details": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/account-details/get",
            "balances": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/balances/get",
            "transactions": "https://someurl.com/xs2a/v1/consents/gp4cb0g6d9r3qf4d68fkrlb7ejo8mqqk/transactions/get",
        }
    }
}

NOTE: A consent token can only be used once. After using a consent token, a new one is returned.

The returned consent token can be used to retrieve account information using the different requests.

Consent

Consents

Request

Response

Example

results matching ""

No results matching ""

Consents

Fetching the Consent Token

Request

Response

Example

Fetching data using the Consent Token

results matching ""

No results matching ""