Skip to main content
DELETE
/
fidata
Delete FI Data
curl --request DELETE \
  --url https://api.example.com/fidata

Overview

The Delete FI Data API allows Financial Information Users (FIUs) to permanently remove Financial Information that has been fetched and stored in the FinPro system for a specific consent. This API is a critical component of data lifecycle management and privacy compliance, ensuring that customer financial data is not retained longer than necessary or permitted by the consent terms. This API is essential when you need to:
  • Comply with data retention policies and regulatory requirements that mandate deletion of customer data after specific time periods
  • Honor customer requests to delete their financial information under data protection regulations such as GDPR or India’s Digital Personal Data Protection Act
  • Clean up data after completing processing workflows such as loan underwriting, credit assessment, or investment advisory services
  • Free up storage resources by removing financial data that is no longer needed for operational purposes
  • Ensure that revoked or expired consents no longer have associated financial data stored in the system

Authentication

This API requires organization-level authentication credentials to be passed in the request headers. All credentials should be provisioned through the FinPro admin portal.

Required Headers

HeaderTypeDescription
Content-TypestringMust be set to application/json for proper request processing
client_idstringThe unique client identifier assigned to your FIU organization during onboarding
client_secretstringThe secret key paired with your client_id for secure authentication
organisationIdstringYour organization’s unique identifier in the FinPro system
appIdentifierstringThe application identifier that distinguishes different applications within your organization

Request

Endpoint

DELETE {{Base_URL}}/fidata

Request Body Parameters

ParameterTypeRequiredDescription
consentIdstringMandatoryThe unique consent identifier for which all associated Financial Information should be permanently deleted. This is the consent ID returned when the consent was approved and is also included in webhook notifications.

Request Example

{
  "consentId": "3c92001e-57ea-4320-bbb8-66d524bfb435"
}

Response

Success Response (200 OK)

When the deletion request is successfully processed, the API returns a confirmation indicating whether the data was deleted or if the operation encountered issues.

Response Fields

FieldTypeDescription
statusstringThe outcome of the API call. Possible values: success, failure
verstringThe version of the FinPro API that processed the request
data.statusstringThe specific outcome of the data deletion operation. SUCCESS indicates data was deleted successfully, FAILURE indicates the deletion could not be completed
data.messagestringA human-readable message providing additional context about the deletion operation result

Response Example

{
  "status": "success",
  "ver": "1.15.0",
  "data": {
    "status": "SUCCESS",
    "message": "FI data deleted successfully"
  }
}

Error Responses

Authentication Errors

401 Unauthorized - Invalid Headers

Returned when the authentication headers are missing, malformed, or do not match registered credentials. 
{
  "ver": "1.21.0",
  "timestamp": "2025-10-01T11:58:00.111Z",
  "errorCode": "Unauthorized",
  "errorMsg": "Invalid headers"
}
Common causes:
  • One or more required headers (client_id, client_secret, organisationId, appIdentifier) are missing from the request
  • The header values contain typos or incorrect credential information
  • The credentials have expired or been rotated in the FinPro admin portal without updating your application
  • Using UAT credentials against a production endpoint or vice versa
Resolution:
  • Verify all required headers are included in the DELETE request
  • Cross-check header values against credentials provided in your FinPro admin portal
  • Ensure you are using credentials from the correct environment (UAT vs Production)
  • If credentials were recently rotated, update your application configuration with the new values

Validation Errors

If the provided consentId does not exist in the FinPro system or does not belong to your organization, the API may return a failure response or a 404 error. Resolution:
  • Verify the consentId matches the ID from a successfully approved consent in your system
  • Ensure the consent belongs to your organization and was not created under a different FIU
  • Check if the consent was previously deleted or never successfully created

Usage Notes

Data Deletion Scope

When you call this API with a valid consentId, the following data is permanently deleted:
  • All Financial Information (FI) artefacts fetched from Financial Information Providers (FIPs) for this consent
  • Decrypted JSON, XML, and any other formatted representations of the financial data
  • Linked account information including masked account numbers and FIP-specific references
  • Any derived or processed data stored by FinPro related to this consent’s financial information
Important: This operation does NOT delete:
  • The consent record itself, which remains for audit and compliance purposes
  • Webhook event logs and consent lifecycle history
  • Customer profile information or VUA details
  • Data that you have already downloaded and stored in your own systems

Irreversible Operation

Data deletion through this API is permanent and irreversible. Once the deletion is confirmed:
  • The financial data cannot be recovered from FinPro’s systems
  • You will need to initiate a new consent and data fetch to obtain the information again
  • Customers will need to re-approve consent through the Account Aggregator flow
  • There is no “soft delete” or temporary retention period—deletion is immediate and complete
Before calling this API, ensure that:
  • You have completed all necessary processing of the financial data
  • The data has been exported or archived in your systems if required for future reference
  • The deletion aligns with your data retention policies and compliance requirements

Best Practices for Data Lifecycle Management

  1. Automated deletion workflows: Implement scheduled jobs that automatically delete FI data after the retention period specified in your privacy policy or consent terms expires.
  2. Consent expiry handling: When you receive a CONSENT_EXPIRED webhook notification, trigger a deletion workflow to remove the associated financial data within a reasonable timeframe.
  3. Customer-initiated deletion: Provide customers with a self-service option to request deletion of their financial data, which should trigger this API call after appropriate verification.
  4. Audit logging: Maintain logs of all deletion operations in your systems, recording the consentId, timestamp, reason for deletion, and the user or process that initiated it.
  5. Retention policy alignment: Configure your deletion workflows to align with your organization’s data retention policies, regulatory requirements, and the data life parameters configured in your consent templates.
  6. Error handling: Implement retry logic with exponential backoff for deletion requests that fail due to transient errors, but also log failures that require manual investigation.

Regulatory Compliance Considerations

Different regulations impose varying requirements on data deletion:
  • RBI Account Aggregator Guidelines: Financial data should be retained only for the duration specified in the consent and deleted thereafter unless otherwise required by law.
  • Digital Personal Data Protection Act (DPDPA): Customers have the right to request deletion of their personal data, and organizations must comply within reasonable timeframes.
  • Internal Compliance Policies: Many financial institutions have internal data governance policies that specify maximum retention periods for customer financial data.
Ensure your deletion workflows account for these regulatory requirements and that you can demonstrate compliance through audit logs and documentation.

Handling Bulk Deletions

If you need to delete financial data for multiple consents:
  • Implement batch processing with appropriate rate limiting to avoid overwhelming the API
  • Process deletions in parallel where possible, but respect the API rate limits
  • Implement comprehensive error handling to track which deletions succeeded and which failed
  • Consider spreading bulk deletions over time to minimize system load
  • Maintain detailed logs of bulk deletion operations for audit purposes

Rate Limiting

This API is subject to rate limiting controls to ensure fair usage across all FIU organizations:
  • Rate limit headers are included in every response to help you track your usage
  • X-RateLimit-Limit: The maximum number of requests allowed in the time window
  • X-RateLimit-Remaining: The number of requests remaining in the current window
  • X-RateLimit-Reset: The Unix timestamp when the rate limit window resets
If you exceed the rate limit, subsequent requests will receive a 429 (Too Many Requests) response until the window resets.