> ## Documentation Index
> Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Web Redirection Encryption

> Generate an encrypted web redirection URL for Account Aggregator consent flow

## Overview

This API is used by the Financial Information User (FIU) to generate an encrypted web redirection URL for the Account Aggregator (AA). The generated URL enables users to provide consent for data sharing through the AA's application interface. The URL can be embedded in an iframe within your application or opened directly in a web browser, allowing users to complete their consent approval or rejection on the AA platform.

## Authentication

This API requires the following authentication headers to be included with every request:

| Header           | Type   | Required | Description                                                                       |
| ---------------- | ------ | -------- | --------------------------------------------------------------------------------- |
| `client_id`      | string | Yes      | An API key issued to your organisation for authentication purposes                |
| `client_secret`  | string | Yes      | A secret API key issued to your server-side application for secure authentication |
| `organisationId` | string | Yes      | A unique identifier assigned to your organisation by the platform                 |
| `appIdentifier`  | string | Yes      | A unique identifier assigned to your client application for tracking API usage    |
| `Content-Type`   | string | Yes      | Must be set to `application/json` to specify the request body format              |

## Request Body

<ParamField body="consentHandle" type="string or array" required>
  The unique consent handle identifier received in response to a consent request. This can be either a single consent handle string for one consent, or an array of consent handle strings for multiple consents.

  **Format**: Must be a valid UUIDv4 format (e.g., `3a3f2d96-fc3b-42e5-804f-e65d10a4be98`)

  **Note**: When passing multiple consent handles, they must all belong to the same user's Virtual User Account (VUA).
</ParamField>

<ParamField body="redirectUrl" type="string" optional>
  The URL where the user should be redirected after completing their consent journey on the Account Aggregator platform. Use this parameter when you need to override the default redirect URL configured for your FIU organisation.

  **Example**: `https://www.yourapp.com/consent-callback`
</ParamField>

<ParamField body="pan" type="string" optional>
  The Permanent Account Number (PAN) of the user. This is required for certain Financial Information Providers (FIPs) that mandate PAN for account discovery purposes.

  **Format**: Must match the pattern `^[A-Z]{5}[0-9]{4}[A-Z]{1}$` (e.g., `ABCDE1234F`)

  **Note**: Only provide this when integrating with FIPs that require PAN for account linking.
</ParamField>

## Response

<ResponseField name="status" type="string">
  Indicates the overall status of the API request. Possible values include `success` or `failure`.
</ResponseField>

<ResponseField name="ver" type="string">
  The current version of the API being used for this request.
</ResponseField>

<ResponseField name="message" type="string">
  A human-readable message describing the result of the API call, providing success confirmation or failure details.
</ResponseField>

<ResponseField name="data" type="object">
  <Expandable title="data properties">
    <ResponseField name="webRedirectionURL" type="string" required>
      The encrypted web redirection URL containing all necessary parameters for the AA consent flow. This URL includes encrypted parameters in the `ecreq` field, along with the AA URL, request date (`reqdate`), and FI identifier fields. You can embed this URL in an iframe or open it in a browser for the user to complete their consent.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="timestamp" type="string">
  The timestamp indicating when the transaction was processed, in ISO 8601 format.
</ResponseField>

## Example Request

```json theme={null}
{
  "consentHandle": "3a3f2d96-fc3b-42e5-804f-e65d10a4be98",
  "redirectUrl": "https://www.yourapp.com/consent-callback"
}
```

## Example Response

```json theme={null}
{
  "ver": "1.15.0",
  "status": "success",
  "data": {
    "webRedirectionURL": "https://aa-platform.com/consent?ecreq=encrypted_data_here&reqdate=040320211217240&fi=encoded_entity_id"
  },
  "message": "Success",
  "timestamp": "2025-04-07T12:21:16.000Z"
}
```

## Error Responses

When an error occurs, the API returns a JSON object with the following structure:

```json theme={null}
{
  "ver": "1.15.0",
  "timestamp": "2025-04-07T12:21:16.000Z",
  "errorCode": "FP0021",
  "errorMsg": "Required parameters missing : Both consentID and consentHandle are empty",
  "status": "failure",
  "txnid": "f32503c5-0af0-4831-a443-7adc500ccd22"
}
```

### Error Code Catalogue

| Error Code       | Status                   | Description                                        | Common Causes                                                                                  |
| ---------------- | ------------------------ | -------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| `FP0021`         | missingConsentInfo       | Required parameters are missing from the request   | The `consentHandle` field is empty, null, or not provided in the request body                  |
| `InvalidRequest` | InvalidRequest           | The consent handle format is invalid               | The `consentHandle` is not a valid UUIDv4 format, or contains all zeros                        |
| `FP0024`         | InvalidRequest           | Multiple consent handles belong to different users | When passing an array of consent handles, they must all be associated with the same user's VUA |
| `FP0024`         | invalid\_consent\_handle | The provided consent handle does not exist         | The consent handle is not found in the system or does not have a valid customer VUA            |
| `FP0029`         | InvalidAA                | The Account Aggregator handle is invalid           | The AA handle derived from the user's VUA does not exist in the account aggregators registry   |
| `InvalidRequest` | InvalidRequest           | The redirect URL format is incorrect               | The `redirectUrl` field must be a valid string when provided                                   |
| `InvalidRequest` | InvalidRequest           | The PAN format does not match requirements         | The `pan` field does not follow the required pattern `^[A-Z]{5}[0-9]{4}[A-Z]{1}$`              |

## Usage Notes

* **Security Consideration**: The encrypted URL contains sensitive parameters. Ensure you transmit this URL over HTTPS only and do not log or cache it in plain text format.

* **Single vs Multiple Consents**: You can pass either a single consent handle string or an array of consent handle strings. When using multiple consent handles, ensure all of them belong to the same user to avoid errors.

* **Iframe Integration**: When embedding the URL in an iframe, ensure your application has the appropriate `X-Frame-Options` and Content Security Policy settings to allow iframe embedding from the AA domain.

* **Browser Compatibility**: If opening the URL in a new browser window or tab, inform users that they may need to allow pop-ups for your application domain.

* **Redirect URL Override**: The `redirectUrl` parameter is optional and should only be used when you need to override the default redirect URL configured for your organisation. If not provided, the system will use the default redirect URL set during your FIU onboarding.

* **PAN Requirements**: Only include the `pan` parameter when integrating with Financial Information Providers that require PAN for account discovery. Providing PAN when not needed may cause unnecessary data exposure.

* **Consent Handle Validation**: Always ensure the consent handle is in valid UUIDv4 format before making the API call to avoid validation errors.

## Rate Limiting

This API is subject to rate limiting with the following limits:

* **Limit**: 1000 requests per time window
* **Remaining**: Returned in the `X-RateLimit-Remaining` header
* **Reset**: The time when the rate limit resets, returned in the `X-RateLimit-Reset` header

Monitor these headers in the API response to ensure you stay within the allowed rate limits.


## OpenAPI

````yaml POST /webRedirection/getEncryptedUrl
openapi: 3.0.3
info:
  title: FinPro API
  description: MoneyOne FinPro - Account Aggregator FIU Platform APIs
  version: 1.21.0
servers:
  - url: '{baseUrl}'
    description: FinPro API Server
    variables:
      baseUrl:
        default: https://scramblerpay-uat.moneyone.in
        description: API Base URL - change this to your environment
security:
  - clientId: []
    clientSecret: []
    organisationId: []
    appIdentifier: []
paths:
  /webRedirection/getEncryptedUrl:
    post:
      tags:
        - Web Redirection
      summary: Web Redirection Encryption
      description: >-
        Generate an encrypted web redirection URL for Account Aggregator consent
        flow. The generated URL enables users to provide consent for data
        sharing through the AA's application interface. The URL can be embedded
        in an iframe within your application or opened directly in a web
        browser, allowing users to complete their consent approval or rejection
        on the AA platform.
      operationId: getEncryptedUrl
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebRedirectionEncryptionRequest'
            example:
              consentHandle: 3a3f2d96-fc3b-42e5-804f-e65d10a4be98
              redirectUrl: https://www.yourapp.com/consent-callback
      responses:
        '200':
          description: Encrypted URL generated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebRedirectionEncryptionResponse'
              example:
                ver: 1.15.0
                status: success
                data:
                  webRedirectionURL: >-
                    https://aa-platform.com/consent?ecreq=encrypted_data_here&reqdate=040320211217240&fi=encoded_entity_id
                message: Success
                timestamp: '2025-04-07T12:21:16.000Z'
        '400':
          description: Bad Request - Invalid parameters or validation failure
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebRedirectionEncryptionErrorResponse'
              examples:
                missingConsentInfo:
                  summary: Missing consent handle
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: FP0021
                    errorMsg: >-
                      Required parameters missing : Both consentID and
                      consentHandle are empty
                    status: failure
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
                invalidConsentHandle:
                  summary: Invalid consent handle format
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: InvalidRequest
                    errorMsg: The consent handle format is invalid
                    status: failure
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
                differentUsers:
                  summary: Multiple consent handles belong to different users
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: FP0024
                    errorMsg: Multiple consent handles belong to different users
                    status: failure
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
                invalidPan:
                  summary: Invalid PAN format
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: InvalidRequest
                    errorMsg: The PAN format does not match requirements
                    status: failure
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
        '401':
          description: Authentication Failed - Invalid credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Not Found - Consent handle or Account Aggregator not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebRedirectionEncryptionErrorResponse'
              examples:
                invalidConsentHandle:
                  summary: Consent handle not found
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: FP0024
                    errorMsg: The provided consent handle does not exist
                    status: invalid_consent_handle
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
                invalidAA:
                  summary: Invalid Account Aggregator
                  value:
                    ver: 1.15.0
                    timestamp: '2025-04-07T12:21:16.000Z'
                    errorCode: FP0029
                    errorMsg: The Account Aggregator handle is invalid
                    status: InvalidAA
                    txnid: f32503c5-0af0-4831-a443-7adc500ccd22
        '429':
          description: Too Many Requests - Rate limit exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - clientId: []
          clientSecret: []
          organisationId: []
          appIdentifier: []
components:
  schemas:
    WebRedirectionEncryptionRequest:
      type: object
      description: >-
        Request body for generating an encrypted web redirection URL for Account
        Aggregator consent flow.
      required:
        - consentHandle
      properties:
        consentHandle:
          oneOf:
            - type: string
              format: uuid
              description: A single consent handle identifier in UUIDv4 format.
            - type: array
              items:
                type: string
                format: uuid
              description: >-
                An array of consent handle identifiers in UUIDv4 format. All
                handles must belong to the same user's VUA.
          description: >-
            The unique consent handle identifier received in response to a
            consent request. This can be either a single consent handle string
            for one consent, or an array of consent handle strings for multiple
            consents. Must be a valid UUIDv4 format.
        redirectUrl:
          type: string
          format: uri
          description: >-
            The URL where the user should be redirected after completing their
            consent journey on the Account Aggregator platform. Use this
            parameter when you need to override the default redirect URL
            configured for your FIU organisation.
          example: https://www.yourapp.com/consent-callback
        pan:
          type: string
          pattern: ^[A-Z]{5}[0-9]{4}[A-Z]{1}$
          description: >-
            The Permanent Account Number (PAN) of the user. This is required for
            certain Financial Information Providers (FIPs) that mandate PAN for
            account discovery purposes.
          example: ABCDE1234F
    WebRedirectionEncryptionResponse:
      type: object
      description: >-
        Response containing the encrypted web redirection URL for Account
        Aggregator consent flow.
      properties:
        status:
          type: string
          description: Indicates the overall status of the API request.
          enum:
            - success
            - failure
        ver:
          type: string
          description: The current version of the API being used for this request.
        message:
          type: string
          description: >-
            A human-readable message describing the result of the API call,
            providing success confirmation or failure details.
        data:
          type: object
          description: Container for the encrypted URL data.
          properties:
            webRedirectionURL:
              type: string
              description: >-
                The encrypted web redirection URL containing all necessary
                parameters for the AA consent flow. This URL includes encrypted
                parameters in the ecreq field, along with the AA URL, request
                date (reqdate), and FI identifier fields. You can embed this URL
                in an iframe or open it in a browser for the user to complete
                their consent.
          required:
            - webRedirectionURL
        timestamp:
          type: string
          format: date-time
          description: >-
            The timestamp indicating when the transaction was processed, in ISO
            8601 format.
    WebRedirectionEncryptionErrorResponse:
      type: object
      description: Error response for web redirection encryption API.
      properties:
        ver:
          type: string
          description: API version
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        errorCode:
          type: string
          description: Error category code (e.g., FP0021, FP0024, FP0029, InvalidRequest)
        errorMsg:
          type: string
          description: Detailed error message
        status:
          type: string
          description: >-
            Error status indicator (e.g., failure, missingConsentInfo,
            InvalidRequest, invalid_consent_handle, InvalidAA)
        txnid:
          type: string
          format: uuid
          description: Transaction ID for tracking the failed request
    ErrorResponse:
      type: object
      properties:
        ver:
          type: string
          description: API version
        timestamp:
          type: string
          format: date-time
          description: When the error occurred
        errorCode:
          type: string
          description: Error category code
        errorMsg:
          type: string
          description: Detailed error message
        status:
          type: string
          description: FinPro-specific error code (FPxxxx format)
  securitySchemes:
    clientId:
      type: apiKey
      in: header
      name: client_id
      description: Your unique client identifier provided by MoneyOne during FIU onboarding
    clientSecret:
      type: apiKey
      in: header
      name: client_secret
      description: Your confidential client secret provided by MoneyOne
    organisationId:
      type: apiKey
      in: header
      name: organisationId
      description: Your organization's unique identifier in the FinPro system
    appIdentifier:
      type: apiKey
      in: header
      name: appIdentifier
      description: Application-specific identifier for tracking API calls

````