Skip to main content
POST
/
v3
/
getconsentslist
Error
A valid request URL is required to generate request examples
{
  "ver": "1.21.0",
  "status": "success",
  "data": [
    {
      "consentID": "a21d747a-c166-46f2-b0d6-4c22c575fb14",
      "consentHandle": "8814cd61-bf02-4548-87d8-5d1c0211cd91",
      "status": "ACTIVE",
      "productID": "MP9",
      "accountID": "1234",
      "aaId": "onemoney-aa",
      "consentCreationData": "2026-05-18T10:22:48.000Z",
      "consent_expiry": "2027-05-18 10:22:48",
      "vua": "9876543210@onemoney",
      "accounts": [
        {
          "fipName": "HDFC Bank",
          "fipId": "HDFC-FIP",
          "accountType": "SAVINGS",
          "linkReferenceNumber": "0ffc1696-38d2-4ef1-8c87-d3835d1f50a1",
          "maskedAccountNumber": "XXXX1234",
          "fiType": "DEPOSIT"
        }
      ]
    }
  ]
}
{
"ver": "1.21.0",
"timestamp": "2026-05-18T11:43:56.125Z",
"errorCode": "InvalidRequest",
"errorMsg": " [ \"partyIdentifierValue\" must be valid Mobile number ] "
}
{
"ver": "<string>",
"timestamp": "2023-11-07T05:31:56Z",
"errorCode": "<string>",
"errorMsg": "<string>",
"status": "<string>"
}

Overview

The Consent List V3 API is the most flexible version of consent listing. It supports three distinct lookup modes:
  1. Party identifier lookup — query by customer identifier (MOBILE, EMAIL, PAN, AADHAR, DOB, or GSTIN) along with productID and accountID
  2. Consent handle lookup — query directly by one or more consent handle UUIDs
  3. Consent ID lookup — query directly by one or more consent ID UUIDs
Modes 2 and 3 are useful when you already have a consent handle or consent ID and want to fetch its current state without needing to know the party identifier. They are mutually exclusive — you cannot pass both consentHandle and consentID in the same request. The response includes a nested accounts array per consent, giving you FIP-level account details alongside the consent metadata.

Endpoint

POST {{Base_URL}}/v3/getconsentslist

Authentication

HeaderTypeRequiredDescription
Content-TypestringYesMust be application/json.
client_idstringYesYour unique client identifier provided during FIU onboarding.
client_secretstringYesYour confidential client secret. Never expose this in client-side code.
organisationIdstringYesYour organisation’s unique identifier in the FinPro system.
appIdentifierstringYesApplication-specific identifier for the calling service.

Request Body

The request body depends on which lookup mode you use.

Mode 1 — Party Identifier Lookup

All four fields below are required together. If consentHandle or consentID is absent, these fields become mandatory.
ParameterTypeRequiredDescription
partyIdentifierTypestringYesThe type of identifier. Valid values: MOBILE, EMAIL, PAN, AADHAR, DOB, GSTIN.
partyIdentifierValuestringYesThe identifier value, validated against the format for partyIdentifierType (see table below).
productIDstringYesThe consent template identifier to filter by.
accountIDstringYesThe account identifier to filter by.
statusstringNoFilter by consent status. Valid values: ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING.
ParameterTypeRequiredDescription
consentHandlestring[]YesArray of one or more consent handle UUIDs (v4). Cannot be combined with consentID.
statusstringNoFilter by consent status. Valid values: ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING.
ParameterTypeRequiredDescription
consentIDstring[]YesArray of one or more consent ID UUIDs (v4). Cannot be combined with consentHandle.
statusstringNoFilter by consent status. Valid values: ACTIVE, PAUSED, REVOKED, EXPIRED, PENDING.

Party Identifier Format Reference

partyIdentifierTypeExpected FormatExample
MOBILE10-digit numeric string, no country code9876543210
EMAILValid email addresscustomer@example.com
PAN5 uppercase letters + 4 digits + 1 uppercase letterABCDE1234F
AADHAR12-digit numeric string123456789012
DOBISO date in YYYY-MM-DD format1990-01-15
GSTIN15-character GSTIN number22ABCDE1234F1Z5

Response

Success Response (200 OK)

{
  "ver": "1.21.0",
  "status": "success",
  "data": [
    {
      "consentID": "a21d747a-c166-46f2-b0d6-4c22c575fb14",
      "consentHandle": "8814cd61-bf02-4548-87d8-5d1c0211cd91",
      "status": "ACTIVE",
      "productID": "MP9",
      "accountID": "1234",
      "aaId": "onemoney-aa",
      "consentCreationData": "2026-05-18T10:22:48.000Z",
      "consent_expiry": "2027-05-18 10:22:48",
      "vua": "9876543210@onemoney",
      "accounts": [
        {
          "fipName": "HDFC Bank",
          "fipId": "HDFC-FIP",
          "accountType": "SAVINGS",
          "linkReferenceNumber": "0ffc1696-38d2-4ef1-8c87-d3835d1f50a1",
          "maskedAccountNumber": "XXXX1234",
          "fiType": "DEPOSIT"
        }
      ]
    }
  ]
}
{
  "ver": "1.21.0",
  "status": "success",
  "data": [
    {
      "consentID": "eb460772-e89a-462d-b9e3-24a712a43e64",
      "consentHandle": "7dedf596-67b3-41f5-a3f9-55ceca43f31f",
      "status": "ACTIVE",
      "productID": "MP9",
      "accountID": "1234",
      "aaId": "onemoney-aa",
      "consentCreationData": "2026-05-18T10:24:53.000Z",
      "consent_expiry": "2027-05-18 10:24:53",
      "vua": "9876543210@onemoney",
      "accounts": [
        {
          "fipName": "HDFC Bank",
          "fipId": "HDFC-FIP",
          "accountType": "SAVINGS",
          "linkReferenceNumber": "0ffc1696-38d2-4ef1-8c87-d3835d1f50a1",
          "maskedAccountNumber": "XXXX1234",
          "fiType": "DEPOSIT"
        }
      ]
    }
  ]
}

Response Fields

FieldTypeDescription
verstringFinPro API version that processed the request.
statusstringsuccess for all 200 responses.
dataarrayArray of consent objects. Empty array if no matches found.
FieldTypeDescription
consentIDstring | nullUnique consent identifier assigned by the Account Aggregator after the customer approves. null for pending or rejected consents.
consentHandlestringConsent handle generated when the consent request was created. Available immediately upon creation.
statusstringCurrent consent status: ACTIVE, PAUSED, REVOKED, EXPIRED, or PENDING.
productIDstringThe consent template used to create this consent.
accountIDstringThe account identifier associated with this consent.
aaIdstringIdentifier of the Account Aggregator that processed this consent.
consentCreationDatastringISO 8601 timestamp of when the consent was created.
consent_expirystringTimestamp of when the consent expires. After this, data fetching is no longer possible.
vuastringThe customer’s virtual user address at the AA (e.g., 9876543210@onemoney).
accountsarrayList of linked financial accounts covered by this consent.

Account Object Fields

FieldTypeDescription
fipNamestringHuman-readable name of the Financial Information Provider (bank/institution).
fipIdstringUnique identifier of the FIP in the AA ecosystem.
accountTypestringType of account, e.g. SAVINGS, CURRENT, RECURRING_DEPOSIT.
linkReferenceNumberstringThe AA-assigned reference number for the linked account.
maskedAccountNumberstringAccount number with most digits masked for privacy, e.g. XXXX1234.
fiTypestringFinancial information type, e.g. DEPOSIT, MUTUAL_FUNDS, INSURANCE_POLICIES.

Empty Result (200 OK)

{
  "ver": "1.21.0",
  "status": "success",
  "data": []
}

Error Response (400 Bad Request)

{
  "ver": "1.21.0",
  "timestamp": "2026-05-18T11:43:56.125Z",
  "errorCode": "InvalidRequest",
  "errorMsg": " [ \"partyIdentifierValue\" must be valid Mobile number ] "
}

Common Error Codes

Error CodeHTTP StatusDescriptionResolution
InvalidRequest400Missing or invalid fields, or both consentHandle and consentID provided together.Check that exactly one lookup mode is used. For party identifier mode, all four fields must be present.
InvalidPartyIdentifier400partyIdentifierValue does not match the expected format for partyIdentifierType.See the Party Identifier Format Reference table above.
InvalidProductID400The productID does not exist or is not configured for your organisation.Verify the product ID in the FinPro admin portal.
InvalidAccountID400The accountID is invalid or not associated with the given product.Confirm the account ID was used during consent creation.
AuthenticationFailed401Invalid or missing authentication credentials.Verify client_id, client_secret, and organisationId.

Example Requests

curl --location '{{Base_URL}}/v3/getconsentslist' \
--header 'Content-Type: application/json' \
--header 'client_id: {{Client_Id}}' \
--header 'client_secret: {{Client_Secret}}' \
--header 'organisationId: {{Organisation_Id}}' \
--header 'appIdentifier: {{App_Identifier}}' \
--data '{
    "partyIdentifierType": "MOBILE",
    "partyIdentifierValue": "9876543210",
    "productID": "MP9",
    "accountID": "1234"
}'
curl --location '{{Base_URL}}/v3/getconsentslist' \
--header 'Content-Type: application/json' \
--header 'client_id: {{Client_Id}}' \
--header 'client_secret: {{Client_Secret}}' \
--header 'organisationId: {{Organisation_Id}}' \
--header 'appIdentifier: {{App_Identifier}}' \
--data '{
    "consentHandle": ["8814cd61-bf02-4548-87d8-5d1c0211cd91"]
}'
curl --location '{{Base_URL}}/v3/getconsentslist' \
--header 'Content-Type: application/json' \
--header 'client_id: {{Client_Id}}' \
--header 'client_secret: {{Client_Secret}}' \
--header 'organisationId: {{Organisation_Id}}' \
--header 'appIdentifier: {{App_Identifier}}' \
--data '{
    "consentID": ["a21d747a-c166-46f2-b0d6-4c22c575fb14"]
}'
async function getConsentsV3(payload) {
  const response = await fetch('{{Base_URL}}/v3/getconsentslist', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'client_id': '{{Client_Id}}',
      'client_secret': '{{Client_Secret}}',
      'organisationId': '{{Organisation_Id}}',
      'appIdentifier': '{{App_Identifier}}'
    },
    body: JSON.stringify(payload)
  });
  return await response.json();
}

// Party identifier lookup
const byMobile = await getConsentsV3({
  partyIdentifierType: 'MOBILE',
  partyIdentifierValue: '9876543210',
  productID: 'MP9',
  accountID: '1234'
});

// Consent handle lookup
const byHandle = await getConsentsV3({
  consentHandle: ['8814cd61-bf02-4548-87d8-5d1c0211cd91']
});

// Consent ID lookup
const byId = await getConsentsV3({
  consentID: ['a21d747a-c166-46f2-b0d6-4c22c575fb14']
});
import requests

def get_consents_v3(payload):
    url = "{{Base_URL}}/v3/getconsentslist"
    headers = {
        "Content-Type": "application/json",
        "client_id": "{{Client_Id}}",
        "client_secret": "{{Client_Secret}}",
        "organisationId": "{{Organisation_Id}}",
        "appIdentifier": "{{App_Identifier}}"
    }
    response = requests.post(url, json=payload, headers=headers)
    return response.json()

# Party identifier lookup
by_mobile = get_consents_v3({
    "partyIdentifierType": "MOBILE",
    "partyIdentifierValue": "9876543210",
    "productID": "MP9",
    "accountID": "1234"
})

# Consent handle lookup
by_handle = get_consents_v3({
    "consentHandle": ["8814cd61-bf02-4548-87d8-5d1c0211cd91"]
})

# Consent ID lookup
by_id = get_consents_v3({
    "consentID": ["a21d747a-c166-46f2-b0d6-4c22c575fb14"]
})

Authorizations

client_id
string
header
required

Your unique client identifier provided by MoneyOne during FIU onboarding

client_secret
string
header
required

Your confidential client secret provided by MoneyOne

organisationId
string
header
required

Your organization's unique identifier in the FinPro system

appIdentifier
string
header
required

Application-specific identifier for tracking API calls

Body

application/json

Request body for v3 consent list. Use party identifier mode OR consentHandle OR consentID — consentHandle and consentID are mutually exclusive.

partyIdentifierType
enum<string>

Required when using party identifier lookup mode. The type of customer identifier.

Available options:
MOBILE,
EMAIL,
PAN,
AADHAR,
DOB,
GSTIN
partyIdentifierValue
string

Required when using party identifier lookup mode. The identifier value, validated against the format for partyIdentifierType.

productID
string

Required when using party identifier lookup mode. The consent template identifier.

accountID
string

Required when using party identifier lookup mode. The account identifier.

Array of consent handle UUIDs for direct lookup. Mutually exclusive with consentID.

Minimum array length: 1

Array of consent ID UUIDs for direct lookup. Mutually exclusive with consentHandle.

Minimum array length: 1
status
enum<string>

Optional filter by consent status.

Available options:
ACTIVE,
PAUSED,
REVOKED,
EXPIRED,
PENDING

Response

Consents retrieved successfully

ver
string

FinPro API version.

status
string

Always 'success' for 200 responses.

data
object[]

Array of consent objects. Empty if no matches found.