> ## Documentation Index
> Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Consent Request V3

> Create a consent request with automatic web redirection URL for seamless customer journey to the Account Aggregator interface.

## Overview

The Consent Request V3 API builds upon V2 by providing an enhanced consent initiation experience. In addition to creating a consent request and generating a consent handle, V3 returns a secure `webRedirectionUrl` that can be used to automatically redirect customers to the Account Aggregator consent interface.

This API is ideal for web-based integrations where you want to provide a seamless consent journey without building custom redirection logic. The web redirection URL is a pre-authenticated, encrypted link that maintains security while simplifying the customer experience.

V3 also supports additional features including FIP filtering (allowing you to specify which Financial Information Providers the customer can link accounts from) and custom redirect URLs (where customers should be sent after completing the AA journey).

## Endpoint

<CodeGroup>
  ```bash Request theme={null}
  POST {{Base_URL}}/v3/requestconsent
  ```
</CodeGroup>

## Authentication

This API requires authentication through the following headers that must be included in every request:

| Header           | Type   | Required | Description                                                                                                                                                             |
| ---------------- | ------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `client_id`      | string | Yes      | Your unique client identifier provided by MoneyOne during FIU onboarding. This credential identifies your organization in the FinPro system.                            |
| `client_secret`  | string | Yes      | Your confidential client secret provided by MoneyOne. This must be kept secure and never exposed in client-side code or public repositories.                            |
| `organisationId` | string | Yes      | Your organization's unique identifier in the FinPro system. This is assigned during onboarding and links all API calls to your FIU entity.                              |
| `appIdentifier`  | string | Yes      | Application-specific identifier that helps track which application or service within your organization is making the API call. Useful for multi-application FIU setups. |

## Request Body

The request body must be a JSON object containing the following parameters:

| Parameter              | Type             | Required | Description                                                                                                                                                                                                                                                                                                              |
| ---------------------- | ---------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `productID`            | string           | Yes      | The unique identifier of the consent template configured in the FinPro admin portal. This template defines the purpose code, consent validity, FI types, fetch frequency, and other consent parameters that will govern the data sharing relationship.                                                                   |
| `vua`                  | string           | Yes      | The customer's Virtual User Address (VUA) in the format `mobile@onemoney`. This is the unique identifier used by Account Aggregators to identify the customer across the AA ecosystem.                                                                                                                                   |
| `partyIdentifierType`  | string           | Yes      | The type of identifier being provided for the customer. Valid values are `MOBILE`, `EMAIL`, or `PAN`. This should match the format of the `partyIdentifierValue` field.                                                                                                                                                  |
| `partyIdentifierValue` | string           | Yes      | The actual identifier value for the customer. For `MOBILE` type, this should be a 10-digit Indian mobile number without country code. For `EMAIL`, provide the email address. For `PAN`, provide the 10-character PAN number.                                                                                            |
| `accountID`            | string           | Yes      | A unique identifier from your system that links this consent request to a specific customer interaction, loan application, or transaction in your backend. This helps you correlate consent lifecycle events with your internal workflows. Use alphanumeric values to ensure compatibility.                              |
| `pan`                  | string           | No       | The customer's Permanent Account Number (PAN). Required for certain consent types and helps in identity verification across the AA ecosystem. Must be a valid 10-character Indian PAN format.                                                                                                                            |
| `fipID`                | array of strings | No       | An array of Financial Information Provider identifiers that restricts which FIPs the customer can link accounts from. If not provided, the customer can discover and link accounts from all available FIPs in the AA ecosystem. Use this to limit choices based on your business requirements or partnership agreements. |
| `redirectUrl`          | string           | No       | The URL where the customer should be redirected after completing the consent journey in the AA interface. This should be a valid HTTPS URL that can handle the callback with consent status information. If not provided, the default redirect URL configured in your FinPro portal will be used.                        |

### Important Notes

* **VUA Format**: The VUA must follow the exact format `identifier@onemoney` where the identifier matches the party identifier value. The domain `@onemoney` is case-sensitive and required.
* **FIP Filtering**: When `fipID` array is provided, only those specific FIPs will be available during the customer's account discovery journey. This is useful for scenarios where you have partnerships with specific banks or want to limit options for regulatory or business reasons.
* **Redirect URL Security**: The `redirectUrl` should be a secure HTTPS endpoint that you control. Avoid using dynamic or user-provided URLs to prevent open redirect vulnerabilities.
* **PAN Validation**: When provided, the PAN will be validated against standard format (5 uppercase letters, 4 digits, 1 uppercase letter). Invalid PAN formats will result in a validation error.

## Response

### Success Response (200 OK)

When the consent request is successfully created, the API returns a response with a web redirection URL that can be used to redirect the customer to the AA interface:

<CodeGroup>
  ```json Success Response theme={null}
  {
    "ver": "1.21.0",
    "status": "success",
    "data": {
      "webRedirectionUrl": "https://webrd.onemoney.in/uat/v2/?ecreq=luBWxKb9cUczWlDX3GgkW1Z8MfF2hVFUPAu4yrYamw5PqsZTtB63VYdEsAquR0G4qTVHIgLwyWFPtloc5FYOqajGrLkZnWQ0UOlZ_R4L9p9nM_qafwDXioAEORNfwDbeh6NKpt3ksnzy4GGHSXcw5to8Tmby9EVEwswBlIQB..."
    }
  }
  ```
</CodeGroup>

| Field                    | Type   | Description                                                                                                                                                                                                                                                                                                         |
| ------------------------ | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `status`                 | string | Overall API call status. Will be `success` for successful requests.                                                                                                                                                                                                                                                 |
| `ver`                    | string | The version of the FinPro API that processed this request. Useful for debugging and version tracking.                                                                                                                                                                                                               |
| `data.webRedirectionUrl` | string | A secure, pre-authenticated URL that redirects the customer to the Account Aggregator consent interface. This URL contains an encrypted request parameter (`ecreq`) that includes all consent details and maintains security during the redirect. The URL is time-limited and single-use to prevent replay attacks. |

### Important Notes About Web Redirection URL

* **Single-Use Token**: The `webRedirectionUrl` contains a one-time token that expires after use or after a configured time period (typically 24 hours). Do not reuse the same URL for multiple attempts.
* **Secure Redirect**: The encrypted request parameter ensures that consent details cannot be tampered with during the redirect. The AA will validate the signature before displaying the consent interface.
* **URL Expiry**: If the customer does not complete the journey within the expiry window, you'll need to create a new consent request to generate a fresh URL.

### Error Response (400 Bad Request)

When the request contains invalid data or fails validation, the API returns an error response with details about what went wrong:

<CodeGroup>
  ```json Error Response theme={null}
  {
    "ver": "1.21.0",
    "timestamp": "2025-10-01T11:41:43.027Z",
    "errorCode": "InvalidRequest",
    "errorMsg": "Request has Invalid ProductID  2",
    "status": "FP0001"
  }
  ```
</CodeGroup>

| Field       | Type   | Description                                                                                                                                         |
| ----------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| `ver`       | string | The version of the FinPro API that processed this request.                                                                                          |
| `timestamp` | string | ISO 8601 formatted timestamp indicating when the error occurred. This helps with debugging and correlating errors with logs.                        |
| `errorCode` | string | A human-readable error code indicating the category of error. Common values include `InvalidRequest`, `InvalidStatus`, `AuthenticationFailed`, etc. |
| `errorMsg`  | string | A detailed error message explaining what went wrong. This provides specific information about which field or validation rule caused the failure.    |
| `status`    | string | FinPro-specific error code for categorization and tracking. Format is typically `FPxxxx` where the number indicates the error category.             |

## Common Error Codes

| Error Code               | Status Code | Description                                                                                   | Resolution                                                                                                                               |
| ------------------------ | ----------- | --------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| `InvalidRequest`         | 400         | The request body contains invalid data or missing required fields.                            | Verify that all required fields are present and correctly formatted. Check that the `productID` exists in your portal configuration.     |
| `InvalidProductID`       | 400         | The specified `productID` does not exist or is not configured for your organization.          | Log into the FinPro admin portal and verify that the product/consent template exists and is active.                                      |
| `InvalidPartyIdentifier` | 400         | The `partyIdentifierValue` does not match the format expected by `partyIdentifierType`.       | For MOBILE type, ensure the value is a 10-digit number. For PAN, ensure it follows the standard format.                                  |
| `InvalidFIPID`           | 400         | One or more FIP identifiers in the `fipID` array are not recognized or not available.         | Verify the FIP IDs against the list of available FIPs in your FinPro portal. FIP IDs are case-sensitive.                                 |
| `InvalidRedirectUrl`     | 400         | The provided `redirectUrl` is not a valid URL or uses an insecure protocol.                   | Ensure the redirect URL is a valid HTTPS URL that you control. HTTP URLs are not allowed for security reasons.                           |
| `AuthenticationFailed`   | 401         | The provided credentials (client\_id, client\_secret, organisationId) are invalid or expired. | Verify your credentials in the FinPro admin portal. Ensure you're using the correct credentials for the environment (UAT vs Production). |

## Example Request

<CodeGroup>
  ```bash cURL theme={null}
  curl --location '{{Base_URL}}/v3/requestconsent' \
  --header 'client_id: {{Client_Id}}' \
  --header 'client_secret: {{Client_Secret}}' \
  --header 'organisationId: {{Organisation_Id}}' \
  --header 'appIdentifier: {{App_Identifier}}' \
  --header 'Content-Type: application/json' \
  --data '{
      "productID": "TESTWM01",
      "vua": "9876543210@onemoney",
      "partyIdentifierType": "MOBILE",
      "partyIdentifierValue": "9876543210",
      "accountID": "test123",
      "pan": "ABCDE1234F",
      "fipID": [
          "ACME-FIP",
          "finsharebank"
      ],
      "redirectUrl": "https://yourapp.com/consent/callback"
  }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('{{Base_URL}}/v3/requestconsent', {
    method: 'POST',
    headers: {
      'client_id': '{{Client_Id}}',
      'client_secret': '{{Client_Secret}}',
      'organisationId': '{{Organisation_Id}}',
      'appIdentifier': '{{App_Identifier}}',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      productID: 'TESTWM01',
      vua: '9876543210@onemoney',
      partyIdentifierType: 'MOBILE',
      partyIdentifierValue: '9876543210',
      accountID: 'test123',
      pan: 'ABCDE1234F',
      fipID: ['ACME-FIP', 'finsharebank'],
      redirectUrl: 'https://yourapp.com/consent/callback'
    })
  });

  const data = await response.json();
  console.log(data.data.webRedirectionUrl);
  ```

  ```python Python theme={null}
  import requests

  url = "{{Base_URL}}/v3/requestconsent"
  headers = {
      "client_id": "{{Client_Id}}",
      "client_secret": "{{Client_Secret}}",
      "organisationId": "{{Organisation_Id}}",
      "appIdentifier": "{{App_Identifier}}",
      "Content-Type": "application/json"
  }
  payload = {
      "productID": "TESTWM01",
      "vua": "9876543210@onemoney",
      "partyIdentifierType": "MOBILE",
      "partyIdentifierValue": "9876543210",
      "accountID": "test123",
      "pan": "ABCDE1234F",
      "fipID": ["ACME-FIP", "finsharebank"],
      "redirectUrl": "https://yourapp.com/consent/callback"
  }

  response = requests.post(url, json=payload, headers=headers)
  data = response.json()
  print(data['data']['webRedirectionUrl'])
  ```
</CodeGroup>

## Integration Patterns

### Web Application Integration

For web applications, you can redirect the user to the `webRedirectionUrl` directly:

```javascript theme={null}
// After getting the API response
const { webRedirectionUrl } = response.data;

// Option 1: Full page redirect
window.location.href = webRedirectionUrl;

// Option 2: Open in new tab/window
window.open(webRedirectionUrl, '_blank');

// Option 3: Embed in iframe (if your AA supports it)
document.getElementById('aa-iframe').src = webRedirectionUrl;
```

### Mobile Application Integration

For mobile apps, you can use the web redirection URL with in-app browsers or deep links:

```swift theme={null}
// iOS (Swift)
if let url = URL(string: webRedirectionUrl) {
    let safariVC = SFSafariViewController(url: url)
    present(safariVC, animated: true)
}
```

```kotlin theme={null}
// Android (Kotlin)
val intent = Intent(Intent.ACTION_VIEW, Uri.parse(webRedirectionUrl))
startActivity(intent)
```

## Next Steps

After successfully creating a consent request with V3:

1. **Redirect the Customer**: Use the `webRedirectionUrl` to redirect the customer to the Account Aggregator interface. Choose the integration pattern that best fits your application type (web, mobile, etc.).

2. **Configure Webhooks**: Ensure you have webhook endpoints configured in the FinPro admin portal to receive consent lifecycle notifications (Approve, Reject, Revoke, Expire). The webhook will be triggered when the customer completes the journey.

3. **Handle Redirect Callback**: Implement the callback handler at your `redirectUrl` endpoint to process the customer's return after completing the AA journey. Parse any status information included in the callback URL parameters.

4. **Monitor Consent Status**: Listen for webhook notifications to get real-time updates on consent status changes. Alternatively, use the Consent List APIs to poll for status updates.

5. **Request FI Data**: Once you receive a consent approval webhook, use the Data Management APIs to request and retrieve financial information from the linked accounts.

## API Version Comparison

* **V2**: Returns only a consent handle with PENDING status. Requires manual customer redirection mechanism.
* **V3 (this API)**: Returns a `webRedirectionUrl` for automatic customer redirect. Supports FIP filtering and custom redirect URLs. Single consent handle for all FIPs.
* **V4**: Returns separate consent handles per FIP when multiple FIPs are specified. Best for scenarios requiring granular tracking of multi-FIP consent journeys.

Choose V3 when you need automated redirection with simple consent tracking, and V4 when you need individual consent handles per FIP for more granular control.


## OpenAPI

````yaml POST /v3/requestconsent
openapi: 3.0.3
info:
  title: FinPro API
  description: MoneyOne FinPro - Account Aggregator FIU Platform APIs
  version: 1.21.0
servers:
  - url: '{baseUrl}'
    description: FinPro API Server
    variables:
      baseUrl:
        default: https://scramblerpay-uat.moneyone.in
        description: API Base URL - change this to your environment
security:
  - clientId: []
    clientSecret: []
    organisationId: []
    appIdentifier: []
paths:
  /v3/requestconsent:
    post:
      tags:
        - Consent Management
      summary: Create Consent Request V3
      description: >-
        Create a consent request with automatic web redirection URL for seamless
        customer journey to the Account Aggregator interface. Returns a
        webRedirectionUrl that can be used to automatically redirect customers
        to the AA consent interface. Supports FIP filtering and custom redirect
        URLs.
      operationId: requestConsentV3
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ConsentRequestV3'
            example:
              productID: TESTWM01
              vua: 9876543210@onemoney
              partyIdentifierType: MOBILE
              partyIdentifierValue: '9876543210'
              accountID: test123
              pan: ABCDE1234F
              fipID:
                - ACME-FIP
                - finsharebank
              redirectUrl: https://yourapp.com/consent/callback
      responses:
        '200':
          description: Consent request created successfully with web redirection URL
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConsentResponseV3Success'
              example:
                ver: 1.21.0
                status: success
                data:
                  webRedirectionUrl: >-
                    https://webrd.onemoney.in/uat/v2/?ecreq=luBWxKb9cUczWlDX3GgkW1Z8MfF2hVFUPAu4yrYamw5PqsZTtB63VYdEsAquR0G4qTVHIgLwyWFPtloc5FYOqajGrLkZnWQ0UOlZ_R4L9p9nM_qafwDXioAEORNfwDbeh6NKpt3ksnzy4GGHSXcw5to8Tmby9EVEwswBlIQB...
        '400':
          description: Bad Request - Invalid data or validation failure
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                ver: 1.21.0
                timestamp: '2025-10-01T11:41:43.027Z'
                errorCode: InvalidRequest
                errorMsg: Request has Invalid ProductID  2
                status: FP0001
        '401':
          description: Authentication Failed - Invalid credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - clientId: []
          clientSecret: []
          organisationId: []
          appIdentifier: []
components:
  schemas:
    ConsentRequestV3:
      type: object
      required:
        - productID
        - vua
        - partyIdentifierType
        - partyIdentifierValue
        - accountID
      properties:
        productID:
          type: string
          description: >-
            The unique identifier of the consent template configured in the
            FinPro admin portal. This template defines the purpose code, consent
            validity, FI types, fetch frequency, and other consent parameters
            that will govern the data sharing relationship.
        vua:
          type: string
          description: >-
            The customer's Virtual User Address (VUA) in the format
            mobile@onemoney. This is the unique identifier used by Account
            Aggregators to identify the customer across the AA ecosystem.
        partyIdentifierType:
          type: string
          enum:
            - MOBILE
            - EMAIL
            - PAN
          description: >-
            The type of identifier being provided for the customer. Valid values
            are MOBILE, EMAIL, or PAN. This should match the format of the
            partyIdentifierValue field.
        partyIdentifierValue:
          type: string
          description: >-
            The actual identifier value for the customer. For MOBILE type, this
            should be a 10-digit Indian mobile number without country code. For
            EMAIL, provide the email address. For PAN, provide the 10-character
            PAN number.
        accountID:
          type: string
          description: >-
            A unique identifier from your system that links this consent request
            to a specific customer interaction, loan application, or transaction
            in your backend. This helps you correlate consent lifecycle events
            with your internal workflows. Use alphanumeric values to ensure
            compatibility.
        pan:
          type: string
          description: >-
            The customer's Permanent Account Number (PAN). Required for certain
            consent types and helps in identity verification across the AA
            ecosystem. Must be a valid 10-character Indian PAN format.
        fipID:
          type: array
          items:
            type: string
          description: >-
            An array of Financial Information Provider identifiers that
            restricts which FIPs the customer can link accounts from. If not
            provided, the customer can discover and link accounts from all
            available FIPs in the AA ecosystem. Use this to limit choices based
            on your business requirements or partnership agreements.
        redirectUrl:
          type: string
          format: uri
          description: >-
            The URL where the customer should be redirected after completing the
            consent journey in the AA interface. This should be a valid HTTPS
            URL that can handle the callback with consent status information. If
            not provided, the default redirect URL configured in your FinPro
            portal will be used.
    ConsentResponseV3Success:
      type: object
      properties:
        ver:
          type: string
          description: >-
            The version of the FinPro API that processed this request. Useful
            for debugging and version tracking.
        status:
          type: string
          description: Overall API call status. Will be 'success' for successful requests.
        data:
          type: object
          properties:
            webRedirectionUrl:
              type: string
              format: uri
              description: >-
                A secure, pre-authenticated URL that redirects the customer to
                the Account Aggregator consent interface. This URL contains an
                encrypted request parameter (ecreq) that includes all consent
                details and maintains security during the redirect. The URL is
                time-limited and single-use to prevent replay attacks.
    ErrorResponse:
      type: object
      properties:
        ver:
          type: string
          description: API version
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        errorCode:
          type: string
          description: Error category code
        errorMsg:
          type: string
          description: Detailed error message
        status:
          type: string
          description: FinPro-specific error code (FPxxxx format)
  securitySchemes:
    clientId:
      type: apiKey
      in: header
      name: client_id
      description: Your unique client identifier provided by MoneyOne during FIU onboarding
    clientSecret:
      type: apiKey
      in: header
      name: client_secret
      description: Your confidential client secret provided by MoneyOne
    organisationId:
      type: apiKey
      in: header
      name: organisationId
      description: Your organization's unique identifier in the FinPro system
    appIdentifier:
      type: apiKey
      in: header
      name: appIdentifier
      description: Application-specific identifier for tracking API calls

````