Skip to main content
POST
/
getconsentslist
Error
A valid request URL is required to generate request examples
{
  "ver": "1.21.0",
  "status": "success",
  "data": [
    {
      "consentID": "20918495-ea9c-4508-a1b4-93ca1fbfd0f3",
      "consentHandle": "8b5b9333-00df-4b99-99d8-b0918f897e7b",
      "status": "ACTIVE",
      "productID": "TESTWM01",
      "accountID": "test123",
      "aaId": "onemoney-aa",
      "createdOn": "2025-09-15T10:30:00.000Z",
      "modifiedOn": "2025-09-15T11:00:00.000Z",
      "consentStart": "2025-09-15T10:30:00.000Z",
      "consentExpiry": "2026-09-15T10:30:00.000Z",
      "fetchType": "PERIODIC",
      "fiTypes": [
        "DEPOSIT",
        "TERM_DEPOSIT"
      ],
      "fipId": "HDFC-FIP",
      "maskedAccountNumber": "XXXXXXXX1234"
    }
  ]
}
Legacy API — This is Consent List V1. We recommend using Consent List V2 or Consent List with Unique Accounts for new integrations.

Overview

The Consent List API allows Financial Information Users (FIUs) to retrieve all consent records associated with a specific customer and product combination. This API provides visibility into the complete consent history, including active, pending, rejected, revoked, and expired consents. This is the foundational version of the consent listing API that uses mobile number as the primary customer identifier. It supports optional filtering by product, account, and status, as well as pagination via limit and pageno parameters. Use this API when you need to:
  • Display all consents to the customer in their account dashboard
  • Check if active consents exist before creating new ones
  • Audit consent history for compliance and record-keeping purposes
  • Verify consent status before initiating data fetch operations

Endpoint

POST {{Base_URL}}/getconsentslist

Authentication

This API requires authentication through the following headers that must be included in every request:
HeaderTypeRequiredDescription
Content-TypestringYesMust be set to application/json to indicate the request body format.
client_idstringYesYour unique client identifier provided by MoneyOne during FIU onboarding. This credential identifies your organization in the FinPro system.
client_secretstringYesYour confidential client secret provided by MoneyOne. This must be kept secure and never exposed in client-side code or public repositories.
organisationIdstringYesYour organization’s unique identifier in the FinPro system. This is assigned during onboarding and links all API calls to your FIU entity.
appIdentifierstringYesApplication-specific identifier that helps track which application or service within your organization is making the API call. Useful for multi-application FIU setups.

Request Body

The request body must be a JSON object containing the following parameters:
ParameterTypeRequiredDescription
mobileNumberstringYesThe customer’s 10-digit mobile number without country code or special characters. This should be the same mobile number used when creating consent requests. The API validates that this is a valid 10-digit numeric string.
productIDstringNoThe unique identifier of the consent template (product) for which you want to retrieve consents. This filters the consent list to only show consents created using this specific product configuration. If omitted, consents across all products are returned.
accountIDstringNoThe account identifier to filter consents for a specific customer interaction or loan application. Use the same value that was provided during consent creation.
statusarray of stringsNoAn array of consent status values to filter the results. Valid values: ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING, REJECTED. If not provided, consents of all statuses are returned.
limitnumberNoThe maximum number of consent records to return per page. Use in combination with pageno for pagination through large result sets.
pagenonumberNoThe page number to retrieve when using pagination. Pages are 1-indexed (first page is 1). Use in combination with limit to paginate results.

Important Notes

  • Mobile Number Format: The mobile number must be exactly 10 digits without any country code, spaces, hyphens, or other special characters. Examples: 9876543210 (correct), +919876543210 (incorrect), 98765-43210 (incorrect).
  • Product Filtering: When productID is provided, the API only returns consents associated with that product. If omitted, consents across all products for the mobile number are returned.
  • Historical Data: The API returns all consents regardless of their status, providing a complete historical view of the consent relationship with the customer.
  • Pagination: Use limit and pageno together to paginate through large result sets. For example, limit: 10 and pageno: 1 returns the first 10 results.

Response

Success Response (200 OK)

When consents are found for the specified mobile number and product ID, the API returns an array of consent objects: 
{
  "ver": "1.21.0",
  "status": "success",
  "data": [
    {
      "consentID": "20918495-ea9c-4508-a1b4-93ca1fbfd0f3",
      "consentHandle": "8b5b9333-00df-4b99-99d8-b0918f897e7b",
      "status": "ACTIVE",
      "productID": "TESTWM01",
      "accountID": "test123",
      "aaId": "onemoney-aa",
      "createdOn": "2025-09-15T10:30:00.000Z",
      "modifiedOn": "2025-09-15T11:00:00.000Z",
      "consentStart": "2025-09-15T10:30:00.000Z",
      "consentExpiry": "2026-09-15T10:30:00.000Z",
      "fetchType": "PERIODIC",
      "fiTypes": ["DEPOSIT", "TERM_DEPOSIT"],
      "fipId": "HDFC-FIP",
      "maskedAccountNumber": "XXXXXXXX1234"
    },
    {
      "consentID": "3f2a8c91-2d4e-4b1a-8c6d-1e5f4a7b8c1d",
      "consentHandle": "7a4b8222-11cd-4a88-88d7-a0817e786d6a",
      "status": "REVOKED",
      "productID": "TESTWM01",
      "accountID": "test123",
      "aaId": "onemoney-aa",
      "createdOn": "2025-08-01T09:00:00.000Z",
      "modifiedOn": "2025-09-01T14:30:00.000Z",
      "consentStart": "2025-08-01T09:00:00.000Z",
      "consentExpiry": "2026-08-01T09:00:00.000Z",
      "fetchType": "ONETIME",
      "fiTypes": ["DEPOSIT"],
      "fipId": "ICICI-FIP",
      "maskedAccountNumber": "XXXXXXXX5678"
    }
  ]
}
FieldTypeDescription
statusstringOverall API call status. Will be success for successful requests.
verstringThe version of the FinPro API that processed this request. Useful for debugging and version tracking.
dataarrayAn array of consent objects. Each object represents one consent record associated with the mobile number and product ID. The array may be empty if no consents exist.
Each consent object in the data array contains the following fields:
FieldTypeDescription
consentIDstringThe unique consent identifier assigned by the Account Aggregator after the customer approves the consent. This is null for consents that are still pending or were rejected. Use this ID for operations like revocation or data fetching.
consentHandlestringThe consent handle that was generated when the consent request was created. This identifies the consent request throughout its lifecycle and is available immediately upon creation.
statusstringCurrent status of the consent. Possible values: PENDING (awaiting customer action), ACTIVE (approved and currently valid), REJECTED (customer declined), REVOKED (customer or FIU cancelled), EXPIRED (validity period ended), PAUSED (temporarily suspended).
productIDstringThe product/consent template identifier that was used to create this consent. Matches the product ID from your request.
accountIDstringThe account identifier that was provided when creating the consent request. This helps correlate consents with your internal customer interactions or loan applications.
aaIdstringIdentifier of the Account Aggregator that processed this consent. Typically onemoney-aa for MoneyOne’s AA service.
createdOnstringISO 8601 timestamp indicating when the consent request was created in the FinPro system.
modifiedOnstringISO 8601 timestamp indicating when the consent record was last updated. This changes when status transitions occur (approval, revocation, etc.).
consentStartstringISO 8601 timestamp indicating when the consent becomes valid and data fetching can begin. Usually matches or is close to the creation time.
consentExpirystringISO 8601 timestamp indicating when the consent will automatically expire. After this time, the consent can no longer be used for data fetching.
fetchTypestringThe type of data fetch allowed by this consent. PERIODIC allows multiple fetches within the validity period. ONETIME allows only a single data fetch, after which the consent becomes unusable.
fiTypesarrayArray of Financial Information types that this consent covers. Examples: DEPOSIT, TERM_DEPOSIT, RECURRING_DEPOSIT, SIP, MUTUAL_FUNDS, INSURANCE_POLICIES, etc.
fipIdstringThe Financial Information Provider (typically a bank or financial institution) identifier for which this consent was approved.
maskedAccountNumberstringThe customer’s account number at the FIP, with most digits masked for privacy. Format typically shows last 4 digits: XXXXXXXX1234.

Empty Result Response

If no consents are found for the specified mobile number and product ID combination: 
{
  "ver": "1.21.0",
  "status": "success",
  "data": []
}

Error Response (400 Bad Request)

When the request contains invalid data or fails validation: 
{
  "ver": "1.21.0",
  "timestamp": "2025-10-01T11:43:37.741Z",
  "errorCode": "InvalidRequest",
  "errorMsg": " [ mobileNumber must be valid 10 digit ] "
}
FieldTypeDescription
verstringThe version of the FinPro API that processed this request.
timestampstringISO 8601 formatted timestamp indicating when the error occurred. Useful for debugging and correlating with server logs.
errorCodestringA human-readable error code indicating the category of error. Common values include InvalidRequest, AuthenticationFailed, etc.
errorMsgstringA detailed error message explaining what went wrong. This provides specific information about which field or validation rule caused the failure.

Common Error Codes

Error CodeStatus CodeDescriptionResolution
InvalidRequest400The request body contains invalid data or missing required fields.Verify that mobileNumber is present and correctly formatted. Check that any optional fields (productID, accountID, status, limit, pageno) are valid if provided.
InvalidMobileNumber400The mobileNumber is not a valid 10-digit number.Ensure the mobile number is exactly 10 digits without country code, spaces, or special characters.
InvalidProductID400The specified productID does not exist or is not configured for your organization.Verify the product ID in the FinPro admin portal and ensure it’s active.
AuthenticationFailed401The provided credentials (client_id, client_secret, organisationId) are invalid or expired.Verify your credentials in the FinPro admin portal. Ensure you’re using the correct credentials for the environment.

Example Request

curl --location '{{Base_URL}}/getconsentslist' \
--header 'Content-Type: application/json' \
--header 'client_id: {{Client_Id}}' \
--header 'client_secret: {{Client_Secret}}' \
--header 'organisationId: {{Organisation_Id}}' \
--header 'appIdentifier: {{App_Identifier}}' \
--data '{
    "mobileNumber": "9876543210",
    "productID": "TESTWM01",
    "accountID": "test123",
    "status": ["ACTIVE", "PENDING"],
    "limit": 10,
    "pageno": 1
}'

Use Cases

Show customers all their consents with different institutions: 
async function loadConsentDashboard(mobileNumber, productID) {
  const response = await getConsentsList(mobileNumber, productID);
  const consents = response.data;

  // Organize by status
  const organized = {
    active: consents.filter(c => c.status === 'ACTIVE'),
    pending: consents.filter(c => c.status === 'PENDING'),
    revoked: consents.filter(c => c.status === 'REVOKED'),
    expired: consents.filter(c => c.status === 'EXPIRED')
  };

  return organized;
}

Checking for Existing Active Consents

Before creating a new consent, check if one already exists: 
def has_active_consent(mobile_number, product_id, fip_id):
    """Check if customer already has an active consent for a specific FIP"""
    response = get_consents_list(mobile_number, product_id)

    for consent in response['data']:
        if consent['status'] == 'ACTIVE' and consent['fipId'] == fip_id:
            return True, consent['consentID']

    return False, None

# Usage
has_consent, consent_id = has_active_consent('9876543210', 'TESTWM01', 'HDFC-FIP')
if has_consent:
    print(f"Active consent already exists: {consent_id}")
else:
    # Proceed to create new consent
    pass
Generate compliance reports showing consent history: 
function generateConsentAuditReport(consents) {
  return consents.map(consent => ({
    consentID: consent.consentID,
    status: consent.status,
    fipName: consent.fipId,
    accountNumber: consent.maskedAccountNumber,
    createdDate: new Date(consent.createdOn).toLocaleDateString(),
    expiryDate: new Date(consent.consentExpiry).toLocaleDateString(),
    daysActive: calculateDaysBetween(consent.createdOn, consent.modifiedOn),
    dataTypes: consent.fiTypes.join(', ')
  }));
}

Best Practices

  1. Cache Consent Lists: The consent list doesn’t change frequently. Cache the results for a reasonable duration (e.g., 5-10 minutes) to reduce API calls.
  2. Status Filtering: After retrieving the list, filter on the client side based on your needs (active consents for data fetching, pending for reminders, etc.).
  3. Combine with Webhooks: Use this API to populate initial state, then rely on webhooks for real-time updates rather than polling repeatedly.
  4. Error Handling: Always check the status field and handle empty arrays gracefully when no consents exist.
  5. Display Masked Data: When showing consent information to customers, use the maskedAccountNumber to protect privacy while allowing customers to identify their accounts.

API Version Comparison

  • V1 (this API): Uses mobile number as identifier. Supports optional filtering by product, account, and status. Supports pagination via limit and pageno.
  • V2: Uses flexible party identifiers (mobile, email, PAN, AADHAR, DOB, GSTIN). Returns similar flat list with enhanced filtering based on identifier type and account ID.
  • V1 Unique Accounts: Provides deduplicated view with unique accounts per FIP. Supports status filtering and pagination for large result sets.
Choose this API when:
  • You need simple, straightforward consent listing by mobile number
  • You want optional filtering by product, account, or status
  • You need basic pagination support via limit and pageno
  • You want the most compatible API version with legacy systems

Authorizations

client_id
string
header
required

Your unique client identifier provided by MoneyOne during FIU onboarding

client_secret
string
header
required

Your confidential client secret provided by MoneyOne

organisationId
string
header
required

Your organization's unique identifier in the FinPro system

appIdentifier
string
header
required

Application-specific identifier for tracking API calls

Body

application/json
mobileNumber
string
required

The customer's 10-digit mobile number without country code or special characters. This should be the same mobile number used when creating consent requests.

Pattern: ^[0-9]{10}$
productID
string

The unique identifier of the consent template (product) for which you want to retrieve consents. This filters the consent list to only show consents created using this specific product configuration. Optional — if omitted, consents across all products are returned.

accountID
string

The account identifier to filter consents for a specific customer interaction or loan application. Use the same value that was provided during consent creation.

status
enum<string>[]

An array of consent status values to filter the results. If not provided, consents of all statuses are returned.

Available options:
ACTIVE,
PAUSED,
REVOKED,
EXPIRED,
PENDING,
REJECTED
limit
integer

The maximum number of consent records to return. Use in combination with pageno for pagination through large result sets.

Required range: x >= 1
pageno
integer

The page number to retrieve when using pagination. Pages are 1-indexed (first page is 1). Use in combination with limit to paginate results.

Required range: x >= 1

Response

Consents retrieved successfully

ver
string

The version of the FinPro API that processed this request.

status
string

Overall API call status. Will be 'success' for successful requests.

data
object[]

An array of consent objects. Each object represents one consent record associated with the mobile number and product ID. The array may be empty if no consents exist.