Adyen provides the /consents endpoint for managing and tracking the consents granted by users to third-party providers (TPPs) for accessing their account information or initiating payments. The /consents endpoint allows TPPs to interact with the Adyen's consent management system to create, get, and delete consents.
Create a consent
To create a new consent for accessing a user's account information or initiating payments, make a POST /consents request. Provide the following parameter in the request body:
| Parameter | Description |
|---|---|
access |
The type of access requested. Set allPsd2 to allAccounts. This means you are requesting access to all of the user's accounts with Adyen. |
recurringIndicator |
Indicates that the consent is being requested for recurring access to the user's account information or payment initiation. |
validUntil |
Specifies the date until which the consent is valid. After this date, the consent will expire, and you will need to obtain fresh consent from the user. |
frequencyPerDay |
Indicates the maximum number of times per day that you are allowed to access the user's account information or initiate payments. |
combinedServiceIndicator |
Indicates whether you are requesting access to the user's account information or payment initiation services individually or as a combined service. |
The response contains the consentStatus, consentId, and links to requested resources.
Get consent status
To get the status of a consent, make GET /consents/{consent_id}/status request, where consent_id is a unique identifier for a specific consent. This endpoint allows you to obtain the status of a previously granted consent.
The response contains the status of the consent.
| Parameter | Description |
|---|---|
consentStatus |
Status of consent. Possible values: received, rejected, valid, revokedByPsu, expired, terminatedByTpp, partiallyAuthorised. |
Get authorisation information
To get information about consent authorisation, make a GET /consents/{consentId}/authorisations/{authorization-id-consent} request, where consent_id is a unique identifier for a specific consent and authorization-id-consent is a unique identifier for a specific consent authorisation.
This endpoint is used in the context of consent authorizations and is related to the authorization flow for accessing account information or initiating payments.
The response contains authorisation status.
| Parameter | Description |
|---|---|
scaStatus |
Status of authorisation. Possible values: received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted. |
Get consent details
To retrieve consent information, make a GET /consents/{consent_id} request, where consent_id is a unique identifier for a specific consent. This endpoint allows you to obtain details about a previously granted consent, such as the consent status, expiration date, scope, and other related information.
The response contains the details about account access, validity period, consent status, and and links to available resources.
Delete a consent
To revoke a previously granted consent, make a DELETE /consents/{consent_id} request with the appropriate parameters. Revoking consent means the user's authorization to access their account information or initiate payments on their behalf is withdrawn.
If the deactivation was successful, you'll get an HTTP 200 OK response.