> ## Documentation Index
> Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Consent List V2

> Retrieve consents using flexible party identifiers including mobile number, email, PAN, AADHAR, DOB, or GSTIN, with enhanced filtering capabilities.

## Overview

The Consent List V2 API provides an enhanced version of consent listing with support for flexible party identifiers. While V1 only supports mobile numbers, V2 allows you to query consents using different identifier types including mobile numbers, email addresses, PAN (Permanent Account Number), AADHAR, DOB (Date of Birth), or GSTIN.

This flexibility is particularly valuable when:

* Your customer identification strategy varies across products or channels
* You need to support multiple identifier types within the same application
* You're integrating with systems that use PAN or email as primary identifiers
* You want more precise filtering using the account ID along with party identifiers

V2 maintains the same simple, flat list structure as V1 while providing enhanced querying capabilities through the party identifier system. This makes it the recommended choice for new integrations that need flexible customer identification.

## Endpoint

<CodeGroup>
  ```bash Request theme={null}
  POST {{Base_URL}}/v2/getconsentslist
  ```
</CodeGroup>

## Authentication

This API requires authentication through the following headers that must be included in every request:

| Header           | Type   | Required | Description                                                                                                                                                             |
| ---------------- | ------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `Content-Type`   | string | Yes      | Must be set to `application/json` to indicate the request body format.                                                                                                  |
| `client_id`      | string | Yes      | Your unique client identifier provided by MoneyOne during FIU onboarding. This credential identifies your organization in the FinPro system.                            |
| `client_secret`  | string | Yes      | Your confidential client secret provided by MoneyOne. This must be kept secure and never exposed in client-side code or public repositories.                            |
| `organisationId` | string | Yes      | Your organization's unique identifier in the FinPro system. This is assigned during onboarding and links all API calls to your FIU entity.                              |
| `appIdentifier`  | string | Yes      | Application-specific identifier that helps track which application or service within your organization is making the API call. Useful for multi-application FIU setups. |

## Request Body

The request body must be a JSON object containing the following parameters:

| Parameter              | Type   | Required | Description                                                                                                                                                                                                                                                                  |
| ---------------------- | ------ | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `partyIdentifierType`  | string | Yes      | The type of identifier being used to query consents. Valid values are `MOBILE`, `EMAIL`, `PAN`, `AADHAR`, `DOB`, or `GSTIN`. This determines how the `partyIdentifierValue` will be validated and matched against consent records.                                           |
| `partyIdentifierValue` | string | Yes      | The actual identifier value to search for. Format must match the `partyIdentifierType` (see the validation format table below).                                                                                                                                              |
| `productID`            | string | Yes      | The unique identifier of the consent template (product) for which you want to retrieve consents. This filters the consent list to only show consents created using this specific product configuration.                                                                      |
| `accountID`            | string | Yes      | The account identifier that links consents to specific customer interactions in your system. This provides an additional level of filtering, returning only consents associated with this specific account ID. Use the same value that was provided during consent creation. |
| `consentHandle`        | string | No       | An optional consent handle to filter results to a specific consent request. Must be alphanumeric (hyphens allowed). Use this when you need to look up a specific consent by its handle.                                                                                      |
| `status`               | string | No       | An optional consent status value to filter the results. Valid values: `ACTIVE`, `PAUSED`, `REVOKED`, `EXPIRED`, `PENDING`. If not provided, consents of all statuses are returned.                                                                                           |

### Party Identifier Type Validation

The `partyIdentifierValue` format is validated based on the `partyIdentifierType`:

| `partyIdentifierType` | Expected Format                                     | Example                |
| --------------------- | --------------------------------------------------- | ---------------------- |
| `MOBILE`              | 10-digit numeric string (no country code)           | `9876543210`           |
| `EMAIL`               | Valid email address                                 | `customer@example.com` |
| `PAN`                 | 5 uppercase letters + 4 digits + 1 uppercase letter | `ABCDE1234F`           |
| `AADHAR`              | 12-digit numeric string                             | `123456789012`         |
| `DOB`                 | Date in `YYYY-MM-DD` format                         | `1990-01-15`           |
| `GSTIN`               | 15-character GSTIN number                           | `22ABCDE1234F1Z5`      |

### Important Notes

* **Identifier Validation**: The API validates that the `partyIdentifierValue` matches the expected format for the `partyIdentifierType`. Mismatched formats will result in validation errors.
* **Mobile Format**: Mobile numbers must be exactly 10 digits without country code (+91), spaces, hyphens, or other special characters. Example: `9876543210` (correct), `+919876543210` (incorrect).
* **Email Format**: Email addresses must follow standard email format validation. The API checks for valid email structure including @ symbol and domain.
* **PAN Format**: PAN numbers must follow the Indian PAN format: 5 uppercase letters, 4 digits, and 1 uppercase letter. Example: `ABCDE1234F`.
* **AADHAR Format**: Aadhaar numbers must be exactly 12 digits. Example: `123456789012`.
* **DOB Format**: Date of birth must follow the `YYYY-MM-DD` format. Example: `1990-01-15`.
* **GSTIN Format**: GSTIN must be a 15-character alphanumeric string following the standard Indian GSTIN format. Example: `22ABCDE1234F1Z5`.
* **Account ID Filtering**: Unlike V1 which returns all consents for a product, V2 requires and filters by `accountID`, providing more targeted results for specific customer journeys.

## Response

### Success Response (200 OK)

When consents are found matching all the specified criteria, the API returns an array of consent objects:

<CodeGroup>
  ```json Success Response theme={null}
  {
    "ver": "1.21.0",
    "status": "success",
    "data": [
      {
        "consentID": "8d8dbf30-7057-441a-9486-6e67c70b4b2e",
        "consentHandle": "3a3f2d96-fc3b-42e5-804f-e65d10a4be98",
        "status": "ACTIVE",
        "productID": "TESTWM01",
        "accountID": "test123",
        "aaId": "onemoney-aa",
        "createdOn": "2025-09-15T10:30:00.000Z",
        "modifiedOn": "2025-09-15T11:00:00.000Z",
        "consentStart": "2025-09-15T10:30:00.000Z",
        "consentExpiry": "2026-09-15T10:30:00.000Z",
        "fetchType": "PERIODIC",
        "fiTypes": ["DEPOSIT", "TERM_DEPOSIT"],
        "fipId": "HDFC-FIP",
        "maskedAccountNumber": "XXXXXXXX1234",
        "partyIdentifierType": "MOBILE",
        "partyIdentifierValue": "9876543210"
      }
    ]
  }
  ```
</CodeGroup>

| Field    | Type   | Description                                                                                                                                               |
| -------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `status` | string | Overall API call status. Will be `success` for successful requests.                                                                                       |
| `ver`    | string | The version of the FinPro API that processed this request. Useful for debugging and version tracking.                                                     |
| `data`   | array  | An array of consent objects matching the query criteria. Each object represents one consent record. The array may be empty if no matching consents exist. |

### Consent Object Fields

Each consent object in the `data` array contains the following fields:

| Field                  | Type   | Description                                                                                                                                                                                                                                                                |
| ---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `consentID`            | string | The unique consent identifier assigned by the Account Aggregator after the customer approves the consent. This is null for consents that are still pending or were rejected. Use this ID for operations like revocation or data fetching.                                  |
| `consentHandle`        | string | The consent handle that was generated when the consent request was created. This identifies the consent request throughout its lifecycle and is available immediately upon creation.                                                                                       |
| `status`               | string | Current status of the consent. Possible values: `PENDING` (awaiting customer action), `ACTIVE` (approved and currently valid), `REJECTED` (customer declined), `REVOKED` (customer or FIU cancelled), `EXPIRED` (validity period ended), `PAUSED` (temporarily suspended). |
| `productID`            | string | The product/consent template identifier that was used to create this consent. Matches the product ID from your request.                                                                                                                                                    |
| `accountID`            | string | The account identifier that was provided when creating the consent request. Matches the account ID from your query, as this is used as a filter.                                                                                                                           |
| `aaId`                 | string | Identifier of the Account Aggregator that processed this consent. Typically `onemoney-aa` for MoneyOne's AA service.                                                                                                                                                       |
| `createdOn`            | string | ISO 8601 timestamp indicating when the consent request was created in the FinPro system.                                                                                                                                                                                   |
| `modifiedOn`           | string | ISO 8601 timestamp indicating when the consent record was last updated. This changes when status transitions occur (approval, revocation, etc.).                                                                                                                           |
| `consentStart`         | string | ISO 8601 timestamp indicating when the consent becomes valid and data fetching can begin. Usually matches or is close to the creation time.                                                                                                                                |
| `consentExpiry`        | string | ISO 8601 timestamp indicating when the consent will automatically expire. After this time, the consent can no longer be used for data fetching.                                                                                                                            |
| `fetchType`            | string | The type of data fetch allowed by this consent. `PERIODIC` allows multiple fetches within the validity period. `ONETIME` allows only a single data fetch, after which the consent becomes unusable.                                                                        |
| `fiTypes`              | array  | Array of Financial Information types that this consent covers. Examples: `DEPOSIT`, `TERM_DEPOSIT`, `RECURRING_DEPOSIT`, `SIP`, `MUTUAL_FUNDS`, `INSURANCE_POLICIES`, etc.                                                                                                 |
| `fipId`                | string | The Financial Information Provider (typically a bank or financial institution) identifier for which this consent was approved.                                                                                                                                             |
| `maskedAccountNumber`  | string | The customer's account number at the FIP, with most digits masked for privacy. Format typically shows last 4 digits: `XXXXXXXX1234`.                                                                                                                                       |
| `partyIdentifierType`  | string | The type of identifier associated with this consent. Matches the query parameter and confirms the identifier type used during consent creation.                                                                                                                            |
| `partyIdentifierValue` | string | The actual identifier value associated with this consent. For security, sensitive identifiers may be partially masked in some implementations.                                                                                                                             |

### Empty Result Response

If no consents match all the specified criteria:

<CodeGroup>
  ```json Empty Response theme={null}
  {
    "ver": "1.21.0",
    "status": "success",
    "data": []
  }
  ```
</CodeGroup>

This can occur when:

* No consents have been created for this combination of party identifier, product ID, and account ID
* All consents matching the criteria have been deleted or purged from the system
* The party identifier value doesn't match any consent records (possible typo or incorrect identifier)

### Error Response (400 Bad Request)

When the request contains invalid data or fails validation:

<CodeGroup>
  ```json Error Response theme={null}
  {
    "ver": "1.21.0",
    "timestamp": "2025-10-01T11:43:56.125Z",
    "errorCode": "InvalidRequest",
    "errorMsg": " [ partyIdentifierValue must be valid Mobile number ] "
  }
  ```
</CodeGroup>

| Field       | Type   | Description                                                                                                                                                                                               |
| ----------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `ver`       | string | The version of the FinPro API that processed this request.                                                                                                                                                |
| `timestamp` | string | ISO 8601 formatted timestamp indicating when the error occurred. Useful for debugging and correlating with server logs.                                                                                   |
| `errorCode` | string | A human-readable error code indicating the category of error. Common values include `InvalidRequest`, `AuthenticationFailed`, etc.                                                                        |
| `errorMsg`  | string | A detailed error message explaining what went wrong. This provides specific information about which field or validation rule caused the failure. The message indicates which field has validation issues. |

## Common Error Codes

| Error Code               | Status Code | Description                                                                                   | Resolution                                                                                                                                          |
| ------------------------ | ----------- | --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| `InvalidRequest`         | 400         | The request body contains invalid data or missing required fields.                            | Verify that all four required fields (`partyIdentifierType`, `partyIdentifierValue`, `productID`, `accountID`) are present and correctly formatted. |
| `InvalidPartyIdentifier` | 400         | The `partyIdentifierValue` does not match the format expected by `partyIdentifierType`.       | For MOBILE: 10 digits only. For EMAIL: valid email format. For PAN: 5 letters + 4 digits + 1 letter format.                                         |
| `InvalidProductID`       | 400         | The specified `productID` does not exist or is not configured for your organization.          | Verify the product ID in the FinPro admin portal and ensure it's active.                                                                            |
| `InvalidAccountID`       | 400         | The `accountID` format is invalid or contains unsupported characters.                         | Use alphanumeric characters only for account IDs. Avoid special characters that might cause parsing issues.                                         |
| `AuthenticationFailed`   | 401         | The provided credentials (client\_id, client\_secret, organisationId) are invalid or expired. | Verify your credentials in the FinPro admin portal. Ensure you're using the correct credentials for the environment.                                |

## Example Request

<CodeGroup>
  ```bash cURL (Mobile) theme={null}
  curl --location '{{Base_URL}}/v2/getconsentslist' \
  --header 'Content-Type: application/json' \
  --header 'client_id: {{Client_Id}}' \
  --header 'client_secret: {{Client_Secret}}' \
  --header 'organisationId: {{Organisation_Id}}' \
  --header 'appIdentifier: {{App_Identifier}}' \
  --data '{
      "partyIdentifierType": "MOBILE",
      "partyIdentifierValue": "9876543210",
      "productID": "TESTWM01",
      "accountID": "test123"
  }'
  ```

  ```bash cURL (Email) theme={null}
  curl --location '{{Base_URL}}/v2/getconsentslist' \
  --header 'Content-Type: application/json' \
  --header 'client_id: {{Client_Id}}' \
  --header 'client_secret: {{Client_Secret}}' \
  --header 'organisationId: {{Organisation_Id}}' \
  --header 'appIdentifier: {{App_Identifier}}' \
  --data '{
      "partyIdentifierType": "EMAIL",
      "partyIdentifierValue": "customer@example.com",
      "productID": "TESTWM01",
      "accountID": "test123"
  }'
  ```

  ```bash cURL (PAN) theme={null}
  curl --location '{{Base_URL}}/v2/getconsentslist' \
  --header 'Content-Type: application/json' \
  --header 'client_id: {{Client_Id}}' \
  --header 'client_secret: {{Client_Secret}}' \
  --header 'organisationId: {{Organisation_Id}}' \
  --header 'appIdentifier: {{App_Identifier}}' \
  --data '{
      "partyIdentifierType": "PAN",
      "partyIdentifierValue": "ABCDE1234F",
      "productID": "TESTWM01",
      "accountID": "test123"
  }'
  ```

  ```javascript JavaScript theme={null}
  async function getConsentsV2(identifierType, identifierValue, productID, accountID) {
    const response = await fetch('{{Base_URL}}/v2/getconsentslist', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'client_id': '{{Client_Id}}',
        'client_secret': '{{Client_Secret}}',
        'organisationId': '{{Organisation_Id}}',
        'appIdentifier': '{{App_Identifier}}'
      },
      body: JSON.stringify({
        partyIdentifierType: identifierType,
        partyIdentifierValue: identifierValue,
        productID: productID,
        accountID: accountID
      })
    });

    return await response.json();
  }

  // Usage examples
  const mobileConsents = await getConsentsV2('MOBILE', '9876543210', 'TESTWM01', 'test123');
  const emailConsents = await getConsentsV2('EMAIL', 'customer@example.com', 'TESTWM01', 'test123');
  const panConsents = await getConsentsV2('PAN', 'ABCDE1234F', 'TESTWM01', 'test123');
  ```

  ```python Python theme={null}
  import requests

  def get_consents_v2(identifier_type, identifier_value, product_id, account_id):
      """Get consents using flexible party identifiers"""
      url = "{{Base_URL}}/v2/getconsentslist"
      headers = {
          "Content-Type": "application/json",
          "client_id": "{{Client_Id}}",
          "client_secret": "{{Client_Secret}}",
          "organisationId": "{{Organisation_Id}}",
          "appIdentifier": "{{App_Identifier}}"
      }
      payload = {
          "partyIdentifierType": identifier_type,
          "partyIdentifierValue": identifier_value,
          "productID": product_id,
          "accountID": account_id
      }

      response = requests.post(url, json=payload, headers=headers)
      return response.json()

  # Usage examples
  mobile_consents = get_consents_v2('MOBILE', '9876543210', 'TESTWM01', 'test123')
  email_consents = get_consents_v2('EMAIL', 'customer@example.com', 'TESTWM01', 'test123')
  pan_consents = get_consents_v2('PAN', 'ABCDE1234F', 'TESTWM01', 'test123')
  ```
</CodeGroup>

## Use Cases

### Multi-Channel Customer Identification

Support different identifier types based on the customer acquisition channel:

```javascript theme={null}
async function getCustomerConsents(customer, productID, accountID) {
  // Determine which identifier to use based on what's available
  if (customer.mobile) {
    return await getConsentsV2('MOBILE', customer.mobile, productID, accountID);
  } else if (customer.email) {
    return await getConsentsV2('EMAIL', customer.email, productID, accountID);
  } else if (customer.pan) {
    return await getConsentsV2('PAN', customer.pan, productID, accountID);
  } else {
    throw new Error('No valid identifier available for customer');
  }
}
```

### Account-Specific Consent Tracking

Track consents for specific loan applications or customer interactions:

```python theme={null}
def get_loan_application_consents(application_id, customer_mobile, product_id):
    """Get consents specific to a loan application"""
    account_id = f"LOAN_{application_id}"

    response = get_consents_v2(
        identifier_type='MOBILE',
        identifier_value=customer_mobile,
        product_id=product_id,
        account_id=account_id
    )

    # Check if active consents exist for this application
    active_consents = [
        c for c in response['data']
        if c['status'] == 'ACTIVE'
    ]

    return {
        'application_id': application_id,
        'has_active_consents': len(active_consents) > 0,
        'consent_count': len(active_consents),
        'consents': active_consents
    }
```

### Cross-Reference Identifier Types

Validate that the same customer entity has consents across different identifier types:

```javascript theme={null}
async function validateCustomerConsents(customer) {
  const results = {};

  // Query with different identifiers
  if (customer.mobile) {
    const mobileResults = await getConsentsV2(
      'MOBILE',
      customer.mobile,
      'TESTWM01',
      customer.accountID
    );
    results.mobile = mobileResults.data;
  }

  if (customer.pan) {
    const panResults = await getConsentsV2(
      'PAN',
      customer.pan,
      'TESTWM01',
      customer.accountID
    );
    results.pan = panResults.data;
  }

  // Verify consistency - same consents should appear in both queries
  const mobileConsentIDs = new Set(results.mobile?.map(c => c.consentID) || []);
  const panConsentIDs = new Set(results.pan?.map(c => c.consentID) || []);

  const isConsistent =
    mobileConsentIDs.size === panConsentIDs.size &&
    [...mobileConsentIDs].every(id => panConsentIDs.has(id));

  return {
    isConsistent,
    mobileCount: mobileConsentIDs.size,
    panCount: panConsentIDs.size,
    consents: results
  };
}
```

## Best Practices

1. **Choose the Right Identifier**: Use the identifier type that best matches your customer data model and acquisition channel. Mobile is most common, but PAN may be required for certain financial products.

2. **Account ID Strategy**: Design a consistent account ID naming convention that allows you to correlate consents with your internal workflows. Examples: `LOAN_${applicationId}`, `WM_${customerId}`, `INS_${policyId}`.

3. **Identifier Validation**: Validate identifier formats on the client side before making API calls to reduce unnecessary error responses and improve user experience.

4. **Caching Strategy**: Cache consent lists per account ID for reasonable durations, but ensure cache invalidation when webhook notifications indicate status changes.

5. **Error Handling**: Handle validation errors gracefully by providing clear user feedback about identifier format requirements.

## API Version Comparison

* **V1**: Uses only mobile number as identifier. No account ID filtering. Returns all consents for a product.
* **V2 (this API)**: Supports multiple identifier types (MOBILE, EMAIL, PAN, AADHAR, DOB, GSTIN). Requires account ID for more targeted filtering. Optional `consentHandle` and `status` filters. Recommended for new integrations.
* **V1 Unique Accounts**: Provides deduplicated view with pagination. Best for scenarios needing unique account lists across multiple consents.

Choose V2 when:

* You need flexibility in customer identification methods
* You want more precise filtering using account IDs
* You're building new integrations and want to future-proof identifier handling
* Your system uses PAN, email, AADHAR, DOB, or GSTIN as primary identifiers alongside or instead of mobile numbers
* You need to filter by specific consent handle or status


## OpenAPI

````yaml POST /v2/getconsentslist
openapi: 3.0.3
info:
  title: FinPro API
  description: MoneyOne FinPro - Account Aggregator FIU Platform APIs
  version: 1.21.0
servers:
  - url: '{baseUrl}'
    description: FinPro API Server
    variables:
      baseUrl:
        default: https://scramblerpay-uat.moneyone.in
        description: API Base URL - change this to your environment
security:
  - clientId: []
    clientSecret: []
    organisationId: []
    appIdentifier: []
paths:
  /v2/getconsentslist:
    post:
      tags:
        - Consent Management
      summary: Get Consents List V2
      description: >-
        Retrieve consents using flexible party identifiers including mobile
        number, email, or PAN, with enhanced filtering capabilities. While V1
        only supports mobile numbers, V2 allows you to query consents using
        different identifier types including mobile numbers, email addresses, or
        PAN (Permanent Account Number).
      operationId: getConsentsListV2
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GetConsentsListV2Request'
            example:
              partyIdentifierType: MOBILE
              partyIdentifierValue: '9876543210'
              productID: TESTWM01
              accountID: test123
              consentHandle: 3a3f2d96-fc3b-42e5-804f-e65d10a4be98
              status: ACTIVE
      responses:
        '200':
          description: Consents retrieved successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetConsentsListV2SuccessResponse'
              example:
                ver: 1.21.0
                status: success
                data:
                  - consentID: 8d8dbf30-7057-441a-9486-6e67c70b4b2e
                    consentHandle: 3a3f2d96-fc3b-42e5-804f-e65d10a4be98
                    status: ACTIVE
                    productID: TESTWM01
                    accountID: test123
                    aaId: onemoney-aa
                    createdOn: '2025-09-15T10:30:00.000Z'
                    modifiedOn: '2025-09-15T11:00:00.000Z'
                    consentStart: '2025-09-15T10:30:00.000Z'
                    consentExpiry: '2026-09-15T10:30:00.000Z'
                    fetchType: PERIODIC
                    fiTypes:
                      - DEPOSIT
                      - TERM_DEPOSIT
                    fipId: HDFC-FIP
                    maskedAccountNumber: XXXXXXXX1234
                    partyIdentifierType: MOBILE
                    partyIdentifierValue: '9876543210'
        '400':
          description: Bad Request - Invalid data or validation failure
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                ver: 1.21.0
                timestamp: '2025-10-01T11:43:56.125Z'
                errorCode: InvalidRequest
                errorMsg: ' [ partyIdentifierValue must be valid Mobile number ] '
        '401':
          description: Authentication Failed - Invalid credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - clientId: []
          clientSecret: []
          organisationId: []
          appIdentifier: []
components:
  schemas:
    GetConsentsListV2Request:
      type: object
      required:
        - partyIdentifierType
        - partyIdentifierValue
        - productID
        - accountID
      properties:
        partyIdentifierType:
          type: string
          enum:
            - MOBILE
            - EMAIL
            - PAN
            - AADHAR
            - DOB
            - GSTIN
          description: >-
            The type of identifier being used to query consents. Valid values
            are MOBILE, EMAIL, PAN, AADHAR, DOB, or GSTIN. This determines how
            the partyIdentifierValue will be validated and matched against
            consent records.
        partyIdentifierValue:
          type: string
          description: >-
            The actual identifier value to search for. Format must match the
            partyIdentifierType: for MOBILE, provide a 10-digit number; for
            EMAIL, provide a valid email address; for PAN, provide a
            10-character PAN number (5 uppercase letters, 4 digits, 1 uppercase
            letter); for AADHAR, provide a 12-digit number; for DOB, provide
            date in YYYY-MM-DD format; for GSTIN, provide a 15-character GSTIN
            number.
        productID:
          type: string
          description: >-
            The unique identifier of the consent template (product) for which
            you want to retrieve consents. This filters the consent list to only
            show consents created using this specific product configuration.
        accountID:
          type: string
          description: >-
            The account identifier that links consents to specific customer
            interactions in your system. This provides an additional level of
            filtering, returning only consents associated with this specific
            account ID.
        consentHandle:
          type: string
          pattern: ^[a-zA-Z0-9-]+$
          description: >-
            An optional consent handle to filter results to a specific consent
            request. Must be alphanumeric (hyphens allowed). Use this when you
            need to look up a specific consent by its handle.
        status:
          type: string
          enum:
            - ACTIVE
            - PAUSED
            - REVOKED
            - EXPIRED
            - PENDING
          description: >-
            An optional consent status value to filter the results. If not
            provided, consents of all statuses are returned.
    GetConsentsListV2SuccessResponse:
      type: object
      properties:
        ver:
          type: string
          description: The version of the FinPro API that processed this request.
        status:
          type: string
          description: Overall API call status. Will be 'success' for successful requests.
        data:
          type: array
          description: >-
            An array of consent objects matching the query criteria. Each object
            represents one consent record. The array may be empty if no matching
            consents exist.
          items:
            $ref: '#/components/schemas/ConsentListV2Item'
    ErrorResponse:
      type: object
      properties:
        ver:
          type: string
          description: API version
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        errorCode:
          type: string
          description: Error category code
        errorMsg:
          type: string
          description: Detailed error message
        status:
          type: string
          description: FinPro-specific error code (FPxxxx format)
    ConsentListV2Item:
      type: object
      description: A consent record returned in the V2 consent list response.
      properties:
        consentID:
          type: string
          format: uuid
          description: >-
            The unique consent identifier assigned by the Account Aggregator
            after the customer approves the consent. This is null for consents
            that are still pending or were rejected.
        consentHandle:
          type: string
          format: uuid
          description: >-
            The consent handle that was generated when the consent request was
            created. This identifies the consent request throughout its
            lifecycle.
        status:
          type: string
          enum:
            - PENDING
            - ACTIVE
            - REJECTED
            - REVOKED
            - EXPIRED
            - PAUSED
          description: >-
            Current status of the consent. Possible values: PENDING (awaiting
            customer action), ACTIVE (approved and currently valid), REJECTED
            (customer declined), REVOKED (customer or FIU cancelled), EXPIRED
            (validity period ended), PAUSED (temporarily suspended).
        productID:
          type: string
          description: >-
            The product/consent template identifier that was used to create this
            consent.
        accountID:
          type: string
          description: >-
            The account identifier that was provided when creating the consent
            request.
        aaId:
          type: string
          description: >-
            Identifier of the Account Aggregator that processed this consent.
            Typically 'onemoney-aa' for MoneyOne's AA service.
        createdOn:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp indicating when the consent request was created
            in the FinPro system.
        modifiedOn:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp indicating when the consent record was last
            updated. This changes when status transitions occur.
        consentStart:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp indicating when the consent becomes valid and
            data fetching can begin.
        consentExpiry:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp indicating when the consent will automatically
            expire.
        fetchType:
          type: string
          enum:
            - PERIODIC
            - ONETIME
          description: >-
            The type of data fetch allowed by this consent. PERIODIC allows
            multiple fetches within the validity period. ONETIME allows only a
            single data fetch.
        fiTypes:
          type: array
          items:
            type: string
          description: >-
            Array of Financial Information types that this consent covers.
            Examples: DEPOSIT, TERM_DEPOSIT, RECURRING_DEPOSIT, SIP,
            MUTUAL_FUNDS, INSURANCE_POLICIES, etc.
        fipId:
          type: string
          description: >-
            The Financial Information Provider (typically a bank or financial
            institution) identifier for which this consent was approved.
        maskedAccountNumber:
          type: string
          description: >-
            The customer's account number at the FIP, with most digits masked
            for privacy. Format typically shows last 4 digits: XXXXXXXX1234.
        partyIdentifierType:
          type: string
          enum:
            - MOBILE
            - EMAIL
            - PAN
          description: The type of identifier associated with this consent.
        partyIdentifierValue:
          type: string
          description: The actual identifier value associated with this consent.
  securitySchemes:
    clientId:
      type: apiKey
      in: header
      name: client_id
      description: Your unique client identifier provided by MoneyOne during FIU onboarding
    clientSecret:
      type: apiKey
      in: header
      name: client_secret
      description: Your confidential client secret provided by MoneyOne
    organisationId:
      type: apiKey
      in: header
      name: organisationId
      description: Your organization's unique identifier in the FinPro system
    appIdentifier:
      type: apiKey
      in: header
      name: appIdentifier
      description: Application-specific identifier for tracking API calls

````