FiskilFiskilFiskil DocsFiskil Docs
Log InSign Up
GuidesAPI ReferenceChangelog

Mobile menu

HomeFiskilFiskil
Log InSign Up
Introduction

Getting Started

AuthenticationErrorsPagination

CORE RESOURCES

Linking Accounts

BANKING API

ENERGY API

IDENTITY

Consents

View and manage data sharing consents in the Fiskil API.

AI Actions

A Consent represents the access period and scope of data an End User allows your application to access. Fiskil handles a lot of the compliance requirements around consents, but you should also alert your customers about their consents. These APIs will help you embed an end user's personalized consents into your application.

Endpoints

MethodEndpointDescription
GET/v1/consentList all consents for an end user
DELETE/v1/consent/{arrangement_id}Revoke a consent

The Consent Model

AttributeTypeRequiredDescription
arrangement_idstringYesCDR arrangement ID provided by the data holder
activebooleanYesIndicates whether consent is active
app_namestringYesYour application name
app_logostringYesURL to your application logo
created_atstringYesWhen the consent was created (ISO 8601)
durationintegerYesThe time period access was granted, in seconds
end_user_idstringYesID of the end user that authorized the consent
end_user_emailstringYesEnd user's email
expires_atstringYesWhen the consent expires (ISO 8601)
institution_idstringYesThe identifier for the institution the consent is held with
institution_namestringYesInstitution name
institution_logostringYesInstitution logo URL
institution_typestringYesInstitution type (e.g., "banking", "energy")
last_accessedstringYesThe last time the consent was used to access data
last_consentstringYesThe last time the consent was acknowledged by the end user
permissionsarrayYesA list of the data permissions granted
termination_reasonstringYesReason for consent termination (if applicable)

Example Response

{
  "active": true,
  "app_logo": "https://acme.com/app-logo.png",
  "app_name": "MyCoolApp",
  "arrangement_id": "94549a73-a554-4b76-b824-d96898829751",
  "created_at": "2021-03-18T02:46:42Z",
  "duration": 7776000,
  "end_user_email": "tony.stark@example.com",
  "end_user_id": "482c0e2b-5866-46b1-b795-220b7bba45b5",
  "expires_at": "2023-01-01T10:42:40Z",
  "institution_id": "11",
  "institution_logo": "https://example.com/images/gringotts-logo.png",
  "institution_name": "Gringotts",
  "institution_type": "banking",
  "last_accessed": "2023-01-02T10:42:42Z",
  "last_consent": "2023-01-01T10:42:40Z",
  "permissions": [
    "accounts",
    "balances",
    "transactions"
  ],
  "termination_reason": "Expired or Revoked"
}

List Consents

Retrieve all consents for a specific end user.

GET https://api.fiskil.com/v1/consent

Query Parameters

ParameterTypeRequiredDescription
end_user_idstringNoThe ID of the end user to list consents for
activebooleanNoFilter to include only active or inactive (revoked/expired) consents

Example Request

curl --request GET \
  --url 'https://api.fiskil.com/v1/consent?end_user_id=482c0e2b-5866-46b1-b795-220b7bba45b5&active=true' \
  --header 'Authorization: Bearer {access_token}' \
  --header 'accept: application/json; charset=UTF-8'
const response = await fetch(
  'https://api.fiskil.com/v1/consent?end_user_id=482c0e2b-5866-46b1-b795-220b7bba45b5&active=true',
  {
    method: 'GET',
    headers: {
      'Authorization': 'Bearer {access_token}',
      'accept': 'application/json; charset=UTF-8'
    }
  }
);

const consents = await response.json();
import requests

response = requests.get(
    'https://api.fiskil.com/v1/consent',
    params={
        'end_user_id': '482c0e2b-5866-46b1-b795-220b7bba45b5',
        'active': 'true'
    },
    headers={
        'Authorization': 'Bearer {access_token}',
        'accept': 'application/json; charset=UTF-8'
    }
)

consents = response.json()

Example Response

[
  {
    "active": true,
    "app_logo": "https://acme.com/app-logo.png",
    "app_name": "MyCoolApp",
    "arrangement_id": "94549a73-a554-4b76-b824-d96898829751",
    "created_at": "2021-03-18T02:46:42Z",
    "duration": 7776000,
    "end_user_email": "tony.stark@example.com",
    "end_user_id": "482c0e2b-5866-46b1-b795-220b7bba45b5",
    "expires_at": "2023-01-01T10:42:40Z",
    "institution_id": "11",
    "institution_logo": "https://example.com/images/gringotts-logo.png",
    "institution_name": "Gringotts",
    "institution_type": "banking",
    "last_accessed": "2023-01-02T10:42:42Z",
    "last_consent": "2023-01-01T10:42:40Z",
    "permissions": [
      "accounts",
      "balances",
      "transactions"
    ],
    "termination_reason": null
  }
]

Revoke Consent

Revoke an active consent. This immediately terminates the end user's data sharing agreement.

DELETE https://api.fiskil.com/v1/consent/{arrangement_id}

Path Parameters

ParameterTypeRequiredDescription
arrangement_idstringYesCDR arrangement ID as returned by the list consents API

Example Request

curl --request DELETE \
  --url https://api.fiskil.com/v1/consent/94549a73-a554-4b76-b824-d96898829751 \
  --header 'Authorization: Bearer {access_token}' \
  --header 'accept: application/json; charset=UTF-8'
const response = await fetch(
  'https://api.fiskil.com/v1/consent/94549a73-a554-4b76-b824-d96898829751',
  {
    method: 'DELETE',
    headers: {
      'Authorization': 'Bearer {access_token}',
      'accept': 'application/json; charset=UTF-8'
    }
  }
);
import requests

response = requests.delete(
    'https://api.fiskil.com/v1/consent/94549a73-a554-4b76-b824-d96898829751',
    headers={
        'Authorization': 'Bearer {access_token}',
        'accept': 'application/json; charset=UTF-8'
    }
)

Revoking a consent is permanent. Once revoked, you will no longer be able to access the end user's data from that institution until they create a new consent.

Consent Lifecycle

Consents follow a specific lifecycle:

  1. Created: Consent is established when end user completes the authorization flow
  2. Active: Consent is active and data can be accessed
  3. Expired: Consent has passed its expiration date
  4. Revoked: Consent has been manually revoked by you or the end user

Consent Duration

The duration field indicates how long the consent was granted for, in seconds. Common durations:

Duration (seconds)Human readable
864001 day
6048001 week
259200030 days
777600090 days
315360001 year

Best Practices

  1. Display Consents to Users: Build a consent management UI that allows users to view and revoke their consents.

  2. Monitor Expiration: Set up reminders or workflows to prompt users to re-consent before their consents expire.

  3. Handle Revocation Gracefully: When a consent is revoked, update your application state accordingly and inform the user.

  4. Use Webhooks: Subscribe to consent-related webhooks to get real-time updates about consent status changes.

Was this page helpful?

ConcessionsDER

On this page

EndpointsThe Consent ModelExample ResponseList ConsentsQuery ParametersExample RequestExample ResponseRevoke ConsentPath ParametersExample RequestConsent LifecycleConsent DurationBest Practices