Skip to main content

Overview

FinPro’s Consent Management module provides Financial Information Users with complete control over the customer consent lifecycle, from creation and approval to revocation and expiry. The system handles all aspects of RBI-compliant consent orchestration, including customer redirection to Account Aggregators, real-time status tracking via webhooks, and bulk operations for high-volume use cases. The consent journey follows a well-defined lifecycle with multiple states and transitions:
1

Creation

FIU calls the Consent Request API with customer identifier and product template
2

Pending

Customer receives redirect URL to Account Aggregator for approval
3

Active

Customer approves consent within the AA interface
4

Paused / Resumed

Customer temporarily pauses or resumes data sharing
5

Revoked / Expired

Consent ends due to customer revocation or validity expiry
StateDescriptionNext Possible States
PENDINGConsent created, awaiting customer approvalACTIVE, REJECTED
ACTIVECustomer approved, data fetch authorizedPAUSED, REVOKED, EXPIRED
REJECTEDCustomer declined consent request(Terminal state)
PAUSEDCustomer temporarily stopped data sharingRESUMED, REVOKED
RESUMEDCustomer reactivated previously paused consentPAUSED, REVOKED, EXPIRED
REVOKEDCustomer permanently withdrew consent(Terminal state)
EXPIREDConsent validity period elapsed(Terminal state)
FinPro offers multiple API versions to support different integration patterns and use cases. The V2 API provides basic consent creation with essential parameters. Key Parameters:
  • productID: Reference to pre-configured consent template
  • vua: Customer’s Virtual User Address (mobile@aa or pan@aa)
  • accountID: FIU’s internal customer/journey identifier
  • redirect: Boolean indicating if redirect URL should be generated
Use Case: Simple consent journeys with minimal customization

API Documentation

View V2 Consent Request Details
 The V3 API adds support for enhanced customer attributes and custom configurations. Additional Parameters:
  • name: Customer’s full name
  • email: Customer’s email address
  • accountRef: Additional reference numbers for tracking
  • customAttributes: Free-form metadata for journey tracking
Use Case: Consent journeys requiring customer identification and enhanced tracking

API Documentation

View V3 Consent Request Details
 The V4 API provides maximum flexibility with template overrides and dynamic consent configuration. Advanced Capabilities:
  • Override consent template parameters at request time
  • Specify custom FI types, date ranges, and fetch frequencies
  • Apply transaction-level filters (amount, type, narration patterns)
  • Support for multi-product consent bundles
Use Case: Complex consent scenarios with dynamic requirements

API Documentation

View V4 Consent Request Details
 Consent templates define the structure, scope, and behavior of consent requests. Templates are pre-configured in the FinPro admin portal and referenced by productID in API calls.

Template Configuration

Purpose Code: RBI/SEBI/NPCI-defined purpose codes (e.g., 101 for personal loans, 102 for housing loans)Template Name: Customer-facing name displayed in AA interfaceDescription: Detailed explanation of why data is being requestedRegulatory Compliance: Automatic validation against RBI AA framework requirements
Select which types of financial data can be fetched:
  • Savings Accounts
  • Current Accounts
  • Term Deposits (FD/RD)
  • Mutual Funds
  • Equities and Debentures
  • Insurance Policies (Life, General)
  • NPS Accounts
  • Bonds and Government Securities
  • GST Returns
From Date: Historical data start point (e.g., 6 months ago, 1 year ago)To Date: Data end point (typically current date)Maximum Range: Configurable based on use case (regulatory limits apply)
Transaction Amount Filters: Specify minimum/maximum transaction amounts to fetchCredit/Debit Filters: Restrict to only credits, only debits, or bothNarration Patterns: Include/exclude transactions based on description keywordsDate Filters: Fetch data only from specific date ranges within the overall consent period

Template Management

Creating Templates:
  1. Navigate to Admin Portal → Consent Templates
  2. Click Create New Template
  3. Configure all template parameters
  4. Save and note the generated productID
Updating Templates:
  • Template updates apply only to new consent requests
  • Existing active consents continue using the original template configuration
  • Version control tracks all template changes for audit purposes
Deleting Templates:
  • Templates with active consents cannot be deleted
  • Mark templates as inactive to prevent new consent creation while preserving historical records
For high-volume operations, FinPro provides batch APIs and admin interfaces to manage consents at scale. Use Cases:
  • Pre-approval campaigns where customer lists are uploaded
  • Loan portfolio monitoring requiring consent setup for multiple borrowers
  • Collections campaigns targeting specific customer segments
Process:
  1. Upload CSV file with customer details (VUA, accountID, productID)
  2. FinPro processes batch and creates consent requests
  3. Redirect URLs are generated for each customer
  4. Webhooks notify of approval/rejection for each consent
Best Practices:
  • Batch size should not exceed 10,000 records per upload
  • Include valid email/mobile for customer communication
  • Ensure VUA format is correct (mobile@aa or pan@aa)
Use Cases:
  • Loan closure scenarios where ongoing monitoring is no longer needed
  • Compliance requirements to cease data collection
  • Customer request to revoke multiple consents
Process:
  1. Navigate to Admin Portal → Bulk Operations
  2. Upload list of consent IDs or accountIDs to revoke
  3. Confirm bulk revocation action
  4. System sends revocation requests to respective AAs
  5. Webhook notifications confirm completion

API Documentation

View Consent Revocation API

Webhook Notifications

FinPro sends real-time webhook notifications for all consent lifecycle events, enabling FIUs to react immediately to customer actions.

Supported Events

EventTriggerRecommended Action
CONSENT_APPROVEDCustomer approves consent in AATrigger FI data fetch
CONSENT_REJECTEDCustomer declines consent requestUpdate application status, notify user
CONSENT_REVOKEDCustomer withdraws active consentCease data fetching, update records
CONSENT_EXPIREDConsent validity period endsPrompt customer for renewal if needed
CONSENT_PAUSEDCustomer pauses data sharingSuspend recurring fetches
CONSENT_RESUMEDCustomer reactivates paused consentResume recurring data fetches

Webhook Security

HMAC Signature Verification: Every webhook payload includes an X-Webhook-Signature header containing an HMAC-SHA256 signature. Verification Process: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const computedSignature = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(computedSignature)
  );
}
Best Practices:
  • Always verify signatures before processing webhook data
  • Reject requests with missing or invalid signatures
  • Rotate webhook secrets periodically via admin portal
  • Log all webhook receipts for audit trails

Webhook Payload Examples

{
  "timestamp": "2023-03-10T06:26:02.035Z",
  "consentHandle": "5eada97a-9852-4227-9558-45849b2800a3",
  "eventType": "CONSENT",
  "eventStatus": "CONSENT_APPROVED",
  "consentId": "3c92001e-57ea-4320-bbb8-66d524bfb435",
  "vua": "9876543210@onemoney",
  "productID": "PERSONAL_LOAN_V1",
  "accountID": "LOAN_APP_12345",
  "fetchType": "PERIODIC",
  "consentExpiry": "2024-03-10T06:25:13.000Z"
}
FinPro provides APIs to query consent status and history for individual customers or across the entire portfolio.

Consent List

Retrieve all consents for a customer or accountID

Consent List V2

Enhanced listing with pagination and filtering

Unique Accounts

Get distinct linked accounts across all consents

Query Parameters

Filter by:
  • accountID: FIU’s internal customer identifier
  • vua: Customer’s Virtual User Address
  • consentId: Specific consent identifier
  • productID: Consent template reference
  • status: Filter by consent state (ACTIVE, EXPIRED, etc.)
Pagination:
  • page: Page number (default: 1)
  • limit: Results per page (default: 20, max: 100)
Sorting:
  • sortBy: Field to sort by (createdAt, expiryDate, status)
  • sortOrder: ASC or DESC
FIUs can programmatically revoke consents on behalf of customers or in response to business logic.

Revocation Scenarios

Loan Closure: When a loan is fully repaid, revoke recurring monitoring consents to cease data collection. Non-Disbursal: If a loan application is rejected, revoke the consent to avoid unnecessary data fetching. Customer Request: Honor customer requests to stop data sharing by revoking consents via API. Compliance: Revoke consents in response to regulatory requirements or data deletion requests.

Revocation API

API Documentation

View Consent Revocation API Details
 Request Example: 
{
  "consentId": "3c92001e-57ea-4320-bbb8-66d524bfb435",
  "reason": "Loan fully repaid, monitoring no longer required"
}
Response: 
{
  "status": "SUCCESS",
  "message": "Consent revoked successfully",
  "consentId": "3c92001e-57ea-4320-bbb8-66d524bfb435",
  "revokedAt": "2023-08-20T14:30:00.000Z"
}

Best Practices

Ensure webhook endpoints are highly available, respond quickly (within 5 seconds), and implement retry logic for failed processing.
Immediately cease data fetching upon receiving revocation webhooks. Failure to honor revocations can result in compliance violations.

Integration Checklist

1

Configure Consent Templates

Create templates in FinPro admin portal for each product journey
2

Set Up Webhook Endpoints

Deploy webhook handlers with signature verification
3

Integrate Consent Request APIs

Call appropriate API version (V2/V3/V4) based on requirements
4

Handle Redirect Flow

Redirect customers to AA using provided URL or deep link
5

Process Webhook Events

React to consent lifecycle events in real-time
6

Implement Consent Revocation

Add logic to revoke consents when business conditions require
7

Test End-to-End Flows

Validate consent creation, approval, data fetch, and revocation in UAT

Support

For questions about consent configuration, webhook troubleshooting, or API integration, contact Moneyone support through the FinPro admin portal.

API Reference

Complete API documentation

Admin Portal Guide

Learn template and webhook configuration