Adyen provides the /consents
endpoint for managing and tracking the consents granted by users to third-party providers (TPPs) for accessing their account information or initiating payments. The /consents
endpoint allows TPPs to interact with the Adyen's consent management system to create, get, and delete consents.
Create a consent
To create a new consent for accessing a user's account information or initiating payments, make a POST /consents
request. Provide the following parameter in the request body:
Parameter | Description |
---|---|
access |
The type of access requested. Set allPsd2 to allAccounts. This means you are requesting access to all of the user's accounts with Adyen. |
recurringIndicator |
Indicates that the consent is being requested for recurring access to the user's account information or payment initiation. |
validUntil |
Specifies the date until which the consent is valid. After this date, the consent will expire, and you will need to obtain fresh consent from the user. |
frequencyPerDay |
Indicates the maximum number of times per day that you are allowed to access the user's account information or initiate payments. |
combinedServiceIndicator |
Indicates whether you are requesting access to the user's account information or payment initiation services individually or as a combined service. |
curl --location --globoff 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents' \ --header 'X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721' \ --header 'TPP-Signature-Certificate: QWACCertificate' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {access-token}' \ --data '{ "access" : { "allPsd2": "allAccounts" }, "recurringIndicator": "true", "validUntil": "2025-12-31", "frequencyPerDay": 10, "combinedServiceIndicator": "false" }'
The response contains the consentStatus
, consentId
, and links to requested resources.
{ "consentStatus": "received", "consentId": "09289d2e-83ae-4a61-8452-ac23cf0055de", "_links": { "self": { "href": "consent/v1/consents/09289d2e-83ae-4a61-8452-ac23cf0055de" }, "status": { "href": "consent/v1/consents/09289d2e-83ae-4a61-8452-ac23cf0055de/status" }, "scaStatus": { "href": "consent/v1/consents/09289d2e-83ae-4a61-8452-ac23cf0055de/authorisations/OBAU4222Z223222P5J6FP7BDG34LW3" } } }
Get consent status
To get the status of a consent, make GET /consents/{consent_id}/status
request, where consent_id
is a unique identifier for a specific consent. This endpoint allows you to obtain the status of a previously granted consent.
curl --location --globoff 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}/status' \ --header 'X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721' \ --header 'Authorization: Bearer {access-token}'
The response contains the status of the consent.
Parameter | Description |
---|---|
consentStatus |
Status of consent. Possible values: received, rejected, valid, revokedByPsu, expired, terminatedByTpp, partiallyAuthorised. |
{ "consentStatus": "valid", "psuMessage": "The consent is accepted and valid for GET account data calls and others as specified in the consent object." }
Get authorisation information
To get information about consent authorisation, make a GET /consents/{consentId}/authorisations/{authorization-id-consent}
request, where consent_id
is a unique identifier for a specific consent and authorization-id-consent
is a unique identifier for a specific consent authorisation.
This endpoint is used in the context of consent authorizations and is related to the authorization flow for accessing account information or initiating payments.
curl --location --globoff 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}/authorisations/{authorization-id-consent}' \ --header 'X-Request-ID: 958f9fc2-c40b-11ed-afa1-0242ac120002' \ --header 'Authorization: Basic e3tjbGllbnQtaWR9fTp7e2NsaWVudC1zZWNyZXR9fQ=='
The response contains authorisation status.
Parameter | Description |
---|---|
scaStatus |
Status of authorisation. Possible values: received, psuIdentified, psuAuthenticated, scaMethodSelected, started, unconfirmed, finalised, failed, exempted. |
{ "scaStatus": "finalised" }
Get consent details
To retrieve consent information, make a GET /consents/{consent_id}
request, where consent_id
is a unique identifier for a specific consent. This endpoint allows you to obtain details about a previously granted consent, such as the consent status, expiration date, scope, and other related information.
curl --location --globoff '/obeu/consent/v1/consents/{consent-id}' \ --header 'X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721' \ --header 'Authorization: Bearer {access-token}'
The response contains the details about account access, validity period, consent status, and and links to available resources.
{ "access": { "accounts": [ { "iban": "NL07ADYX0000000009" } ], "balances": [ { "iban": "NL07ADYX0000000009" } ], "transactions": [ { "iban": "NL07ADYX0000000009" } ] }, "recurringIndicator": true, "validUntil": "2023-10-12", "frequencyPerDay": 10, "lastActionDate": "2023-07-14", "consentStatus": "valid", "_links": { "account": { "href": "aisp/v1/accounts" } } }
Delete a consent
To revoke a previously granted consent, make a DELETE /consents/{consent_id}
request with the appropriate parameters. Revoking consent means the user's authorization to access their account information or initiate payments on their behalf is withdrawn.
curl --location --globoff --request DELETE 'https://openbanking-psd2-test.adyen.com/obeu/consent/v1/consents/{consent-id}' \ --header 'X-Request-ID: 99391c7e-ad88-49ec-a2ad-99ddcb1f7721' \ --header 'Authorization: Bearer {consent-id}'
If the deactivation was successful, you'll get an HTTP 200 OK response.