Delete FI Data
Permanently delete Financial Information (FI) data associated with a specific consent from the FinPro system.
Overview
The Delete FI Data API allows Financial Information Users (FIUs) to permanently remove Financial Information that has been fetched and stored in the FinPro system for a specific consent. This API is a critical component of data lifecycle management and privacy compliance, ensuring that customer financial data is not retained longer than necessary or permitted by the consent terms. This API is essential when you need to:- Comply with data retention policies and regulatory requirements that mandate deletion of customer data after specific time periods
- Honor customer requests to delete their financial information under data protection regulations such as GDPR or India’s Digital Personal Data Protection Act
- Clean up data after completing processing workflows such as loan underwriting, credit assessment, or investment advisory services
- Free up storage resources by removing financial data that is no longer needed for operational purposes
- Ensure that revoked or expired consents no longer have associated financial data stored in the system
Authentication
This API requires organization-level authentication credentials to be passed in the request headers. All credentials should be provisioned through the FinPro admin portal.Required Headers
| Header | Type | Description |
|---|---|---|
Content-Type | string | Must be set to application/json for proper request processing |
client_id | string | The unique client identifier assigned to your FIU organization during onboarding |
client_secret | string | The secret key paired with your client_id for secure authentication |
organisationId | string | Your organization’s unique identifier in the FinPro system |
appIdentifier | string | The application identifier that distinguishes different applications within your organization |
Request
Endpoint
Request Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
consentId | string | Mandatory | The unique consent identifier for which all associated Financial Information should be permanently deleted. This is the consent ID returned when the consent was approved and is also included in webhook notifications. |
Request Example
Response
Success Response (200 OK)
When the deletion request is successfully processed, the API returns a confirmation indicating whether the data was deleted or if the operation encountered issues.Response Fields
| Field | Type | Description |
|---|---|---|
status | string | The outcome of the API call. Possible values: success, failure |
ver | string | The version of the FinPro API that processed the request |
data.status | string | The specific outcome of the data deletion operation. SUCCESS indicates data was deleted successfully, FAILURE indicates the deletion could not be completed |
data.message | string | A human-readable message providing additional context about the deletion operation result |
Response Example
Error Responses
Authentication Errors
401 Unauthorized - Invalid Headers
Returned when the authentication headers are missing, malformed, or do not match registered credentials.- One or more required headers (client_id, client_secret, organisationId, appIdentifier) are missing from the request
- The header values contain typos or incorrect credential information
- The credentials have expired or been rotated in the FinPro admin portal without updating your application
- Using UAT credentials against a production endpoint or vice versa
- Verify all required headers are included in the DELETE request
- Cross-check header values against credentials provided in your FinPro admin portal
- Ensure you are using credentials from the correct environment (UAT vs Production)
- If credentials were recently rotated, update your application configuration with the new values
Validation Errors
Consent Not Found
If the providedconsentId does not exist in the FinPro system or does not belong to your organization, the API may return a failure response or a 404 error.
Resolution:
- Verify the consentId matches the ID from a successfully approved consent in your system
- Ensure the consent belongs to your organization and was not created under a different FIU
- Check if the consent was previously deleted or never successfully created
Usage Notes
Data Deletion Scope
When you call this API with a validconsentId, the following data is permanently deleted:
- All Financial Information (FI) artefacts fetched from Financial Information Providers (FIPs) for this consent
- Decrypted JSON, XML, and any other formatted representations of the financial data
- Linked account information including masked account numbers and FIP-specific references
- Any derived or processed data stored by FinPro related to this consent’s financial information
- The consent record itself, which remains for audit and compliance purposes
- Webhook event logs and consent lifecycle history
- Customer profile information or VUA details
- Data that you have already downloaded and stored in your own systems
Irreversible Operation
Data deletion through this API is permanent and irreversible. Once the deletion is confirmed:- The financial data cannot be recovered from FinPro’s systems
- You will need to initiate a new consent and data fetch to obtain the information again
- Customers will need to re-approve consent through the Account Aggregator flow
- There is no “soft delete” or temporary retention period—deletion is immediate and complete
- You have completed all necessary processing of the financial data
- The data has been exported or archived in your systems if required for future reference
- The deletion aligns with your data retention policies and compliance requirements
Best Practices for Data Lifecycle Management
- Automated deletion workflows: Implement scheduled jobs that automatically delete FI data after the retention period specified in your privacy policy or consent terms expires.
- Consent expiry handling: When you receive a CONSENT_EXPIRED webhook notification, trigger a deletion workflow to remove the associated financial data within a reasonable timeframe.
- Customer-initiated deletion: Provide customers with a self-service option to request deletion of their financial data, which should trigger this API call after appropriate verification.
- Audit logging: Maintain logs of all deletion operations in your systems, recording the consentId, timestamp, reason for deletion, and the user or process that initiated it.
- Retention policy alignment: Configure your deletion workflows to align with your organization’s data retention policies, regulatory requirements, and the data life parameters configured in your consent templates.
- Error handling: Implement retry logic with exponential backoff for deletion requests that fail due to transient errors, but also log failures that require manual investigation.
Regulatory Compliance Considerations
Different regulations impose varying requirements on data deletion:- RBI Account Aggregator Guidelines: Financial data should be retained only for the duration specified in the consent and deleted thereafter unless otherwise required by law.
- Digital Personal Data Protection Act (DPDPA): Customers have the right to request deletion of their personal data, and organizations must comply within reasonable timeframes.
- Internal Compliance Policies: Many financial institutions have internal data governance policies that specify maximum retention periods for customer financial data.
Handling Bulk Deletions
If you need to delete financial data for multiple consents:- Implement batch processing with appropriate rate limiting to avoid overwhelming the API
- Process deletions in parallel where possible, but respect the API rate limits
- Implement comprehensive error handling to track which deletions succeeded and which failed
- Consider spreading bulk deletions over time to minimize system load
- Maintain detailed logs of bulk deletion operations for audit purposes
Rate Limiting
This API is subject to rate limiting controls to ensure fair usage across all FIU organizations:- Rate limit headers are included in every response to help you track your usage
X-RateLimit-Limit: The maximum number of requests allowed in the time windowX-RateLimit-Remaining: The number of requests remaining in the current windowX-RateLimit-Reset: The Unix timestamp when the rate limit window resets
Related APIs
- Get FI Data - Retrieve financial information before deletion
- Consent Status - Check consent status and validity
- Consent Revoke - Revoke an active consent
Authorizations
Your unique client identifier provided by MoneyOne during FIU onboarding
Your confidential client secret provided by MoneyOne
Your organization's unique identifier in the FinPro system
Application-specific identifier for tracking API calls
Body
Request body for permanently deleting Financial Information data associated with a specific consent.
The unique consent identifier for which all associated Financial Information should be permanently deleted. This is the consent ID returned when the consent was approved and is also included in webhook notifications.
Response
FI data deletion processed successfully
Response confirming the outcome of the FI data deletion operation.
