> ## Documentation Index
> Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete FI Data

> Permanently delete Financial Information (FI) data associated with a specific consent from the FinPro system.

## Overview

The Delete FI Data API allows Financial Information Users (FIUs) to permanently remove Financial Information that has been fetched and stored in the FinPro system for a specific consent. This API is a critical component of data lifecycle management and privacy compliance, ensuring that customer financial data is not retained longer than necessary or permitted by the consent terms.

This API is essential when you need to:

* Comply with data retention policies and regulatory requirements that mandate deletion of customer data after specific time periods
* Honor customer requests to delete their financial information under data protection regulations such as GDPR or India's Digital Personal Data Protection Act
* Clean up data after completing processing workflows such as loan underwriting, credit assessment, or investment advisory services
* Free up storage resources by removing financial data that is no longer needed for operational purposes
* Ensure that revoked or expired consents no longer have associated financial data stored in the system

## Authentication

This API requires organization-level authentication credentials to be passed in the request headers. All credentials should be provisioned through the FinPro admin portal.

### Required Headers

| Header           | Type   | Description                                                                                   |
| ---------------- | ------ | --------------------------------------------------------------------------------------------- |
| `Content-Type`   | string | Must be set to `application/json` for proper request processing                               |
| `client_id`      | string | The unique client identifier assigned to your FIU organization during onboarding              |
| `client_secret`  | string | The secret key paired with your client\_id for secure authentication                          |
| `organisationId` | string | Your organization's unique identifier in the FinPro system                                    |
| `appIdentifier`  | string | The application identifier that distinguishes different applications within your organization |

## Request

### Endpoint

```
DELETE {{Base_URL}}/fidata
```

### Request Body Parameters

| Parameter   | Type   | Required  | Description                                                                                                                                                                                                              |
| ----------- | ------ | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `consentId` | string | Mandatory | The unique consent identifier for which all associated Financial Information should be permanently deleted. This is the consent ID returned when the consent was approved and is also included in webhook notifications. |

### Request Example

```json theme={null}
{
  "consentId": "3c92001e-57ea-4320-bbb8-66d524bfb435"
}
```

## Response

### Success Response (200 OK)

When the deletion request is successfully processed, the API returns a confirmation indicating whether the data was deleted or if the operation encountered issues.

### Response Fields

| Field          | Type   | Description                                                                                                                                                     |
| -------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `status`       | string | The outcome of the API call. Possible values: `success`, `failure`                                                                                              |
| `ver`          | string | The version of the FinPro API that processed the request                                                                                                        |
| `data.status`  | string | The specific outcome of the data deletion operation. `SUCCESS` indicates data was deleted successfully, `FAILURE` indicates the deletion could not be completed |
| `data.message` | string | A human-readable message providing additional context about the deletion operation result                                                                       |

### Response Example

```json theme={null}
{
  "status": "success",
  "ver": "1.15.0",
  "data": {
    "status": "SUCCESS",
    "message": "FI data deleted successfully"
  }
}
```

## Error Responses

### Authentication Errors

#### 401 Unauthorized - Invalid Headers

Returned when the authentication headers are missing, malformed, or do not match registered credentials.

```json theme={null}
{
  "ver": "1.21.0",
  "timestamp": "2025-10-01T11:58:00.111Z",
  "errorCode": "Unauthorized",
  "errorMsg": "Invalid headers"
}
```

**Common causes:**

* One or more required headers (client\_id, client\_secret, organisationId, appIdentifier) are missing from the request
* The header values contain typos or incorrect credential information
* The credentials have expired or been rotated in the FinPro admin portal without updating your application
* Using UAT credentials against a production endpoint or vice versa

**Resolution:**

* Verify all required headers are included in the DELETE request
* Cross-check header values against credentials provided in your FinPro admin portal
* Ensure you are using credentials from the correct environment (UAT vs Production)
* If credentials were recently rotated, update your application configuration with the new values

### Validation Errors

#### Consent Not Found

If the provided `consentId` does not exist in the FinPro system or does not belong to your organization, the API may return a failure response or a 404 error.

**Resolution:**

* Verify the consentId matches the ID from a successfully approved consent in your system
* Ensure the consent belongs to your organization and was not created under a different FIU
* Check if the consent was previously deleted or never successfully created

## Usage Notes

### Data Deletion Scope

When you call this API with a valid `consentId`, the following data is permanently deleted:

* All Financial Information (FI) artefacts fetched from Financial Information Providers (FIPs) for this consent
* Decrypted JSON, XML, and any other formatted representations of the financial data
* Linked account information including masked account numbers and FIP-specific references
* Any derived or processed data stored by FinPro related to this consent's financial information

**Important:** This operation does NOT delete:

* The consent record itself, which remains for audit and compliance purposes
* Webhook event logs and consent lifecycle history
* Customer profile information or VUA details
* Data that you have already downloaded and stored in your own systems

### Irreversible Operation

Data deletion through this API is **permanent and irreversible**. Once the deletion is confirmed:

* The financial data cannot be recovered from FinPro's systems
* You will need to initiate a new consent and data fetch to obtain the information again
* Customers will need to re-approve consent through the Account Aggregator flow
* There is no "soft delete" or temporary retention period—deletion is immediate and complete

Before calling this API, ensure that:

* You have completed all necessary processing of the financial data
* The data has been exported or archived in your systems if required for future reference
* The deletion aligns with your data retention policies and compliance requirements

### Best Practices for Data Lifecycle Management

1. **Automated deletion workflows**: Implement scheduled jobs that automatically delete FI data after the retention period specified in your privacy policy or consent terms expires.

2. **Consent expiry handling**: When you receive a CONSENT\_EXPIRED webhook notification, trigger a deletion workflow to remove the associated financial data within a reasonable timeframe.

3. **Customer-initiated deletion**: Provide customers with a self-service option to request deletion of their financial data, which should trigger this API call after appropriate verification.

4. **Audit logging**: Maintain logs of all deletion operations in your systems, recording the consentId, timestamp, reason for deletion, and the user or process that initiated it.

5. **Retention policy alignment**: Configure your deletion workflows to align with your organization's data retention policies, regulatory requirements, and the data life parameters configured in your consent templates.

6. **Error handling**: Implement retry logic with exponential backoff for deletion requests that fail due to transient errors, but also log failures that require manual investigation.

### Regulatory Compliance Considerations

Different regulations impose varying requirements on data deletion:

* **RBI Account Aggregator Guidelines**: Financial data should be retained only for the duration specified in the consent and deleted thereafter unless otherwise required by law.

* **Digital Personal Data Protection Act (DPDPA)**: Customers have the right to request deletion of their personal data, and organizations must comply within reasonable timeframes.

* **Internal Compliance Policies**: Many financial institutions have internal data governance policies that specify maximum retention periods for customer financial data.

Ensure your deletion workflows account for these regulatory requirements and that you can demonstrate compliance through audit logs and documentation.

### Handling Bulk Deletions

If you need to delete financial data for multiple consents:

* Implement batch processing with appropriate rate limiting to avoid overwhelming the API
* Process deletions in parallel where possible, but respect the API rate limits
* Implement comprehensive error handling to track which deletions succeeded and which failed
* Consider spreading bulk deletions over time to minimize system load
* Maintain detailed logs of bulk deletion operations for audit purposes

### Rate Limiting

This API is subject to rate limiting controls to ensure fair usage across all FIU organizations:

* Rate limit headers are included in every response to help you track your usage
* `X-RateLimit-Limit`: The maximum number of requests allowed in the time window
* `X-RateLimit-Remaining`: The number of requests remaining in the current window
* `X-RateLimit-Reset`: The Unix timestamp when the rate limit window resets

If you exceed the rate limit, subsequent requests will receive a 429 (Too Many Requests) response until the window resets.

## Related APIs

* [Get FI Data](/api-reference/data/get-fi-data) - Retrieve financial information before deletion
* [Consent Status](/api-reference/consent/consent-status) - Check consent status and validity
* [Consent Revoke](/api-reference/consent/consent-revoke) - Revoke an active consent


## OpenAPI

````yaml DELETE /fidata
openapi: 3.0.3
info:
  title: FinPro API
  description: MoneyOne FinPro - Account Aggregator FIU Platform APIs
  version: 1.21.0
servers:
  - url: '{baseUrl}'
    description: FinPro API Server
    variables:
      baseUrl:
        default: https://scramblerpay-uat.moneyone.in
        description: API Base URL - change this to your environment
security:
  - clientId: []
    clientSecret: []
    organisationId: []
    appIdentifier: []
paths:
  /fidata:
    delete:
      tags:
        - Miscellaneous
      summary: Delete FI Data
      description: >-
        Permanently delete Financial Information (FI) data associated with a
        specific consent from the FinPro system. This API is essential for data
        lifecycle management and privacy compliance, ensuring that customer
        financial data is not retained longer than necessary or permitted by the
        consent terms.
      operationId: deleteFIData
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DeleteFIDataRequest'
            example:
              consentId: 3c92001e-57ea-4320-bbb8-66d524bfb435
      responses:
        '200':
          description: FI data deletion processed successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DeleteFIDataResponse'
              example:
                status: success
                ver: 1.15.0
                data:
                  status: SUCCESS
                  message: FI data deleted successfully
        '401':
          description: Authentication Failed - Invalid headers
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                ver: 1.21.0
                timestamp: '2025-10-01T11:58:00.111Z'
                errorCode: Unauthorized
                errorMsg: Invalid headers
        '404':
          description: >-
            Consent Not Found - The provided consentId does not exist or does
            not belong to your organization
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '429':
          description: Too Many Requests - Rate limit exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - clientId: []
          clientSecret: []
          organisationId: []
          appIdentifier: []
components:
  schemas:
    DeleteFIDataRequest:
      type: object
      description: >-
        Request body for permanently deleting Financial Information data
        associated with a specific consent.
      required:
        - consentId
      properties:
        consentId:
          type: string
          format: uuid
          description: >-
            The unique consent identifier for which all associated Financial
            Information should be permanently deleted. This is the consent ID
            returned when the consent was approved and is also included in
            webhook notifications.
    DeleteFIDataResponse:
      type: object
      description: Response confirming the outcome of the FI data deletion operation.
      properties:
        status:
          type: string
          description: 'The outcome of the API call. Possible values: success, failure.'
          enum:
            - success
            - failure
        ver:
          type: string
          description: The version of the FinPro API that processed the request.
        data:
          $ref: '#/components/schemas/DeleteFIDataResponseData'
    ErrorResponse:
      type: object
      properties:
        ver:
          type: string
          description: API version
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        errorCode:
          type: string
          description: Error category code
        errorMsg:
          type: string
          description: Detailed error message
        status:
          type: string
          description: FinPro-specific error code (FPxxxx format)
    DeleteFIDataResponseData:
      type: object
      description: Contains the specific outcome of the data deletion operation.
      properties:
        status:
          type: string
          description: >-
            The specific outcome of the data deletion operation. SUCCESS
            indicates data was deleted successfully, FAILURE indicates the
            deletion could not be completed.
          enum:
            - SUCCESS
            - FAILURE
        message:
          type: string
          description: >-
            A human-readable message providing additional context about the
            deletion operation result.
  securitySchemes:
    clientId:
      type: apiKey
      in: header
      name: client_id
      description: Your unique client identifier provided by MoneyOne during FIU onboarding
    clientSecret:
      type: apiKey
      in: header
      name: client_secret
      description: Your confidential client secret provided by MoneyOne
    organisationId:
      type: apiKey
      in: header
      name: organisationId
      description: Your organization's unique identifier in the FinPro system
    appIdentifier:
      type: apiKey
      in: header
      name: appIdentifier
      description: Application-specific identifier for tracking API calls

````