Consent List V2
Retrieve consents using flexible party identifiers including mobile number, email, PAN, AADHAR, DOB, or GSTIN, with enhanced filtering capabilities.
Overview
The Consent List V2 API provides an enhanced version of consent listing with support for flexible party identifiers. While V1 only supports mobile numbers, V2 allows you to query consents using different identifier types including mobile numbers, email addresses, PAN (Permanent Account Number), AADHAR, DOB (Date of Birth), or GSTIN. This flexibility is particularly valuable when:- Your customer identification strategy varies across products or channels
- You need to support multiple identifier types within the same application
- You’re integrating with systems that use PAN or email as primary identifiers
- You want more precise filtering using the account ID along with party identifiers
Endpoint
Authentication
This API requires authentication through the following headers that must be included in every request:| Header | Type | Required | Description |
|---|---|---|---|
Content-Type | string | Yes | Must be set to application/json to indicate the request body format. |
client_id | string | Yes | Your unique client identifier provided by MoneyOne during FIU onboarding. This credential identifies your organization in the FinPro system. |
client_secret | string | Yes | Your confidential client secret provided by MoneyOne. This must be kept secure and never exposed in client-side code or public repositories. |
organisationId | string | Yes | Your organization’s unique identifier in the FinPro system. This is assigned during onboarding and links all API calls to your FIU entity. |
appIdentifier | string | Yes | Application-specific identifier that helps track which application or service within your organization is making the API call. Useful for multi-application FIU setups. |
Request Body
The request body must be a JSON object containing the following parameters:| Parameter | Type | Required | Description |
|---|---|---|---|
partyIdentifierType | string | Yes | The type of identifier being used to query consents. Valid values are MOBILE, EMAIL, PAN, AADHAR, DOB, or GSTIN. This determines how the partyIdentifierValue will be validated and matched against consent records. |
partyIdentifierValue | string | Yes | The actual identifier value to search for. Format must match the partyIdentifierType (see the validation format table below). |
productID | string | Yes | The unique identifier of the consent template (product) for which you want to retrieve consents. This filters the consent list to only show consents created using this specific product configuration. |
accountID | string | Yes | The account identifier that links consents to specific customer interactions in your system. This provides an additional level of filtering, returning only consents associated with this specific account ID. Use the same value that was provided during consent creation. |
consentHandle | string | No | An optional consent handle to filter results to a specific consent request. Must be alphanumeric (hyphens allowed). Use this when you need to look up a specific consent by its handle. |
status | string | No | An optional consent status value to filter the results. Valid values: ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING. If not provided, consents of all statuses are returned. |
Party Identifier Type Validation
ThepartyIdentifierValue format is validated based on the partyIdentifierType:
partyIdentifierType | Expected Format | Example |
|---|---|---|
MOBILE | 10-digit numeric string (no country code) | 9876543210 |
EMAIL | Valid email address | customer@example.com |
PAN | 5 uppercase letters + 4 digits + 1 uppercase letter | ABCDE1234F |
AADHAR | 12-digit numeric string | 123456789012 |
DOB | Date in YYYY-MM-DD format | 1990-01-15 |
GSTIN | 15-character GSTIN number | 22ABCDE1234F1Z5 |
Important Notes
- Identifier Validation: The API validates that the
partyIdentifierValuematches the expected format for thepartyIdentifierType. Mismatched formats will result in validation errors. - Mobile Format: Mobile numbers must be exactly 10 digits without country code (+91), spaces, hyphens, or other special characters. Example:
9876543210(correct),+919876543210(incorrect). - Email Format: Email addresses must follow standard email format validation. The API checks for valid email structure including @ symbol and domain.
- PAN Format: PAN numbers must follow the Indian PAN format: 5 uppercase letters, 4 digits, and 1 uppercase letter. Example:
ABCDE1234F. - AADHAR Format: Aadhaar numbers must be exactly 12 digits. Example:
123456789012. - DOB Format: Date of birth must follow the
YYYY-MM-DDformat. Example:1990-01-15. - GSTIN Format: GSTIN must be a 15-character alphanumeric string following the standard Indian GSTIN format. Example:
22ABCDE1234F1Z5. - Account ID Filtering: Unlike V1 which returns all consents for a product, V2 requires and filters by
accountID, providing more targeted results for specific customer journeys.
Response
Success Response (200 OK)
When consents are found matching all the specified criteria, the API returns an array of consent objects:| Field | Type | Description |
|---|---|---|
status | string | Overall API call status. Will be success for successful requests. |
ver | string | The version of the FinPro API that processed this request. Useful for debugging and version tracking. |
data | array | An array of consent objects matching the query criteria. Each object represents one consent record. The array may be empty if no matching consents exist. |
Consent Object Fields
Each consent object in thedata array contains the following fields:
| Field | Type | Description |
|---|---|---|
consentID | string | The unique consent identifier assigned by the Account Aggregator after the customer approves the consent. This is null for consents that are still pending or were rejected. Use this ID for operations like revocation or data fetching. |
consentHandle | string | The consent handle that was generated when the consent request was created. This identifies the consent request throughout its lifecycle and is available immediately upon creation. |
status | string | Current status of the consent. Possible values: PENDING (awaiting customer action), ACTIVE (approved and currently valid), REJECTED (customer declined), REVOKED (customer or FIU cancelled), EXPIRED (validity period ended), PAUSED (temporarily suspended). |
productID | string | The product/consent template identifier that was used to create this consent. Matches the product ID from your request. |
accountID | string | The account identifier that was provided when creating the consent request. Matches the account ID from your query, as this is used as a filter. |
aaId | string | Identifier of the Account Aggregator that processed this consent. Typically onemoney-aa for MoneyOne’s AA service. |
createdOn | string | ISO 8601 timestamp indicating when the consent request was created in the FinPro system. |
modifiedOn | string | ISO 8601 timestamp indicating when the consent record was last updated. This changes when status transitions occur (approval, revocation, etc.). |
consentStart | string | ISO 8601 timestamp indicating when the consent becomes valid and data fetching can begin. Usually matches or is close to the creation time. |
consentExpiry | string | ISO 8601 timestamp indicating when the consent will automatically expire. After this time, the consent can no longer be used for data fetching. |
fetchType | string | The type of data fetch allowed by this consent. PERIODIC allows multiple fetches within the validity period. ONETIME allows only a single data fetch, after which the consent becomes unusable. |
fiTypes | array | Array of Financial Information types that this consent covers. Examples: DEPOSIT, TERM_DEPOSIT, RECURRING_DEPOSIT, SIP, MUTUAL_FUNDS, INSURANCE_POLICIES, etc. |
fipId | string | The Financial Information Provider (typically a bank or financial institution) identifier for which this consent was approved. |
maskedAccountNumber | string | The customer’s account number at the FIP, with most digits masked for privacy. Format typically shows last 4 digits: XXXXXXXX1234. |
partyIdentifierType | string | The type of identifier associated with this consent. Matches the query parameter and confirms the identifier type used during consent creation. |
partyIdentifierValue | string | The actual identifier value associated with this consent. For security, sensitive identifiers may be partially masked in some implementations. |
Empty Result Response
If no consents match all the specified criteria:- No consents have been created for this combination of party identifier, product ID, and account ID
- All consents matching the criteria have been deleted or purged from the system
- The party identifier value doesn’t match any consent records (possible typo or incorrect identifier)
Error Response (400 Bad Request)
When the request contains invalid data or fails validation:| Field | Type | Description |
|---|---|---|
ver | string | The version of the FinPro API that processed this request. |
timestamp | string | ISO 8601 formatted timestamp indicating when the error occurred. Useful for debugging and correlating with server logs. |
errorCode | string | A human-readable error code indicating the category of error. Common values include InvalidRequest, AuthenticationFailed, etc. |
errorMsg | string | A detailed error message explaining what went wrong. This provides specific information about which field or validation rule caused the failure. The message indicates which field has validation issues. |
Common Error Codes
| Error Code | Status Code | Description | Resolution |
|---|---|---|---|
InvalidRequest | 400 | The request body contains invalid data or missing required fields. | Verify that all four required fields (partyIdentifierType, partyIdentifierValue, productID, accountID) are present and correctly formatted. |
InvalidPartyIdentifier | 400 | The partyIdentifierValue does not match the format expected by partyIdentifierType. | For MOBILE: 10 digits only. For EMAIL: valid email format. For PAN: 5 letters + 4 digits + 1 letter format. |
InvalidProductID | 400 | The specified productID does not exist or is not configured for your organization. | Verify the product ID in the FinPro admin portal and ensure it’s active. |
InvalidAccountID | 400 | The accountID format is invalid or contains unsupported characters. | Use alphanumeric characters only for account IDs. Avoid special characters that might cause parsing issues. |
AuthenticationFailed | 401 | The provided credentials (client_id, client_secret, organisationId) are invalid or expired. | Verify your credentials in the FinPro admin portal. Ensure you’re using the correct credentials for the environment. |
Example Request
Use Cases
Multi-Channel Customer Identification
Support different identifier types based on the customer acquisition channel:Account-Specific Consent Tracking
Track consents for specific loan applications or customer interactions:Cross-Reference Identifier Types
Validate that the same customer entity has consents across different identifier types:Best Practices
- Choose the Right Identifier: Use the identifier type that best matches your customer data model and acquisition channel. Mobile is most common, but PAN may be required for certain financial products.
-
Account ID Strategy: Design a consistent account ID naming convention that allows you to correlate consents with your internal workflows. Examples:
LOAN_${applicationId},WM_${customerId},INS_${policyId}. - Identifier Validation: Validate identifier formats on the client side before making API calls to reduce unnecessary error responses and improve user experience.
- Caching Strategy: Cache consent lists per account ID for reasonable durations, but ensure cache invalidation when webhook notifications indicate status changes.
- Error Handling: Handle validation errors gracefully by providing clear user feedback about identifier format requirements.
API Version Comparison
- V1: Uses only mobile number as identifier. No account ID filtering. Returns all consents for a product.
- V2 (this API): Supports multiple identifier types (MOBILE, EMAIL, PAN, AADHAR, DOB, GSTIN). Requires account ID for more targeted filtering. Optional
consentHandleandstatusfilters. Recommended for new integrations. - V1 Unique Accounts: Provides deduplicated view with pagination. Best for scenarios needing unique account lists across multiple consents.
- You need flexibility in customer identification methods
- You want more precise filtering using account IDs
- You’re building new integrations and want to future-proof identifier handling
- Your system uses PAN, email, AADHAR, DOB, or GSTIN as primary identifiers alongside or instead of mobile numbers
- You need to filter by specific consent handle or status
Authorizations
Your unique client identifier provided by MoneyOne during FIU onboarding
Your confidential client secret provided by MoneyOne
Your organization's unique identifier in the FinPro system
Application-specific identifier for tracking API calls
Body
The type of identifier being used to query consents. Valid values are MOBILE, EMAIL, PAN, AADHAR, DOB, or GSTIN. This determines how the partyIdentifierValue will be validated and matched against consent records.
MOBILE, EMAIL, PAN, AADHAR, DOB, GSTIN The actual identifier value to search for. Format must match the partyIdentifierType: for MOBILE, provide a 10-digit number; for EMAIL, provide a valid email address; for PAN, provide a 10-character PAN number (5 uppercase letters, 4 digits, 1 uppercase letter); for AADHAR, provide a 12-digit number; for DOB, provide date in YYYY-MM-DD format; for GSTIN, provide a 15-character GSTIN number.
The unique identifier of the consent template (product) for which you want to retrieve consents. This filters the consent list to only show consents created using this specific product configuration.
The account identifier that links consents to specific customer interactions in your system. This provides an additional level of filtering, returning only consents associated with this specific account ID.
An optional consent handle to filter results to a specific consent request. Must be alphanumeric (hyphens allowed). Use this when you need to look up a specific consent by its handle.
^[a-zA-Z0-9-]+$An optional consent status value to filter the results. If not provided, consents of all statuses are returned.
ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING Response
Consents retrieved successfully
The version of the FinPro API that processed this request.
Overall API call status. Will be 'success' for successful requests.
An array of consent objects matching the query criteria. Each object represents one consent record. The array may be empty if no matching consents exist.
