--- title: "Manage consent" description: "Learn how to manege user consent with our dedicated API endpoints." url: "https://docs.adyen.com/business-accounts/consent" source_url: "https://docs.adyen.com/business-accounts/consent.md" canonical: "https://docs.adyen.com/business-accounts/consent" last_modified: "2026-05-26T13:48:55+02:00" language: "en" --- # Manage consent Learn how to manege user consent with our dedicated API endpoints. [View source](/business-accounts/consent.md) After an account holder gives their consent, the third-party provider can check if it is still valid and see what they consented to. If an account holder wants to withdraw their consent, the third party provider can make a call to revoke that consent. This page explains how you, as a third-party provider, use the `/consents` endpoint to: * Check if an account holder's consent is still valid and how a third party provider can use the consent. * Revoke consent on the account holder's behalf. ## Requirements | Requirement | Description | | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Integration type** | Not applicable; this documentation is intended for third-party providers. | | **Setup steps** | Before you begin, you must:- Complete the [Adyen onboarding steps](/business-accounts/open-banking#onboard-with-adyen). - Complete the [get account holder consent](/business-accounts/oauth-flow) steps.. | ## Check if the account holder granted consent To get the status of a previously granted consent: 1. Make a GET `/consents/{consent_id}/status` request, where `consent_id` is a unique identifier for a specific consent. This is the `consent_id` you saved in the [create a consent](/business-accounts/oauth-flow#create-a-consent) step. In the headers, include a UUID for the `X-Request-ID` and the `access_token` you saved in the [get and access token](/business-accounts/oauth-flow#get-an-access-token) step. **Get consent status** ```bash curl 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}/status' \ --header 'X-Request-ID: {your-request-id}' \ --header 'Authorization: Bearer {access-token}' ``` 2. In the response, check the `consentStatus`. This value indicates your current stage in the consent process. See the `consentStatus` for all possible values. | Parameter | Description | | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `consentStatus` | Status of consent. Possible values:- **received**: The consent data have been received. The request will need to be repeated to check if its status updates to "valid" for use. - **rejected**: The consent data have been rejected. This is a final status. - **valid**: The consent is accepted and valid. - **revokedByPsu**: The consent has been revoked by the account holder. - **expired**: The consent expired. - **terminatedByTpp**: The third-party provider has terminated the consent. | | `psuMessage` | Details regarding the account holder's consent. | **Response** ```json { "consentStatus": "valid", "psuMessage": "The consent is accepted and valid for GET account data calls and others as specified in the consent object." } ``` ## Check the authorization status of an account holders consent To get information about consent authorization and to determine where your account holder is in the authentication flow, for accessing account information, or to initiate payments: 1. Make a GET `/consents/{consentId}/authorisations/{authorization-id-consent}` request, where `consent_id` is a unique identifier for a specific consent and `authorization-id-consent` is a unique identifier for a specific consent authorization. * Note that this `authorization-id-consent` can be found in the [create a consent](/business-accounts/oauth-flow#create-a-consent) response. This is the last set of characters at the end of the`scaStatus` link. **Get authorization details** ```bash curl 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}/authorisations/{authorization-id-consent}' \ --header 'X-Request-ID: {your-request-id}' \ --header 'Authorization: Bearer {access-token}' ``` 2. The response contains the authorization status, use this to determine what part of the authentication flow your account holder is currently in. See `scaStatus` for all possible values. | Parameter | Description | | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `scaStatus` | Status of authorization. Possible values:- **scaMethodSelected**: The account holder/third-party provider has selected the related Strong Customer Authentication (SCA) routine. - **started**: The addressed SCA routine has been started. - **finalised**: The SCA routine has been finalized successfully (including a potential confirmation command). This is a final status of the authorization resource. - **failed**: The SCA routine failed. This is a final status of the authorization resource. | **Response** ```json { "scaStatus": "finalised" } ``` ## Check consent details of an account holder To retrieve the details of a previously granted consent, such as the consent status, expiration date, scope, and other related information: 1. Make a GET `/consents/{consent_id}` request, where `consent_id` is a unique identifier for a specific consent. **Get consent details** ```bash curl 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}' \ --header 'X-Request-ID: {your-request-id}' \ --header 'Authorization: Bearer {access-token}' ``` 2. Check the response for details about account access, validity period, consent status, and links to available resources. **Response** ```json { "access": { "accounts": [ { "iban": "NL57INGB4654188101" } ], "balances": [ { "iban": "NL57INGB4654188101" } ], "transactions": [ { "iban": "NL57INGB4654188101" } ] }, "recurringIndicator": true, "validUntil": "2023-10-12", "frequencyPerDay": 10, "lastActionDate": "2023-07-14", "consentStatus": "valid", "_links": { "account": { "href": "aisp/v1/accounts" } } } ``` ## Delete a consent Revoking consent withdraws the account holder's authorization to access account information or initiate payments. To revoke a previously granted consent: 1. Make a DELETE `/consents/{consent_id}` request, where `consent_id` is a unique identifier for a specific consent. **Delete a consent** ```bash curl --request DELETE 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}' \ --header 'X-Request-ID: {your-request-id}' \ --header 'Authorization: Bearer {access-token}' ``` 2. If the deactivation was successful, you'll get an **HTTP 200 OK** response. The `revokedByPsu` status will appear in future calls when you [check if the account holder granted consent](#check-if-the-account-holder-granted-consent). ## Next steps [AISP interface](/business-accounts/aisp) [Learn how to consume our dedicated AISP endpoints.](/business-accounts/aisp) [PISP interface](/business-accounts/pisp) [Learn how to consume our dedicated PISP endpoints.](/business-accounts/pisp) [PIISP interface](/business-accounts/piisp) [Learn how to consume our dedicated PIISP endpoints.](/business-accounts/piisp)