FiskilFiskilFiskil DocsFiskil Docs
Log InSign Up
GuidesAPI ReferenceChangelog

Mobile menu

HomeFiskilFiskil
Log InSign Up
Introduction

Getting Started

AuthenticationErrorsPagination

CORE RESOURCES

Linking Accounts

BANKING API

ENERGY API

IDENTITY

Permissions

Understanding data permissions and scopes in the Fiskil API.

AI Actions

Permissions define what data your application can access from an end user's accounts. When an end user authorizes your application, they grant specific permissions that determine which API endpoints you can call.

Permission Scopes

Fiskil organizes permissions into logical groups based on the type of data they provide access to.

Banking Permissions

PermissionDescriptionRelated Endpoints
accountsAccess to account detailsAccounts
balancesAccess to account balancesBalance
transactionsAccess to transaction historyTransactions
payeesAccess to payee informationPayee
direct_debitsAccess to direct debit informationDirect Debits
scheduled_paymentsAccess to scheduled payment informationScheduled Payments

Energy Permissions

PermissionDescriptionRelated Endpoints
energy_accountsAccess to energy account detailsEnergy Accounts
energy_balancesAccess to energy account balancesEnergy Balances
usageAccess to energy usage dataUsage
billingAccess to billing informationBilling
invoicesAccess to invoice dataInvoices
concessionsAccess to concession informationConcessions
service_pointsAccess to service point informationService Points
derAccess to Distributed Energy Resources dataDER
payment_scheduleAccess to payment schedule informationPayment Schedule

Common Permissions

PermissionDescriptionRelated Endpoints
identityAccess to identity informationIdentity

Requesting Permissions

Permissions are requested during the auth session creation. The end user will see which permissions your application is requesting and can choose to grant or deny access.

Example: Requesting Permissions

When creating an auth session, you can specify which permissions to request:

{
  "end_user_id": "482c0e2b-5866-46b1-b795-220b7bba45b5",
  "permissions": ["accounts", "balances", "transactions"],
  "redirect_uri": "https://yourapp.com/callback"
}

Checking Granted Permissions

You can check which permissions have been granted for a specific consent by using the Consents API. The permissions field in the consent response will list all granted permissions.

Example Consent Response

{
  "arrangement_id": "94549a73-a554-4b76-b824-d96898829751",
  "end_user_id": "482c0e2b-5866-46b1-b795-220b7bba45b5",
  "permissions": [
    "accounts",
    "balances",
    "transactions"
  ],
  "active": true,
  "expires_at": "2023-01-01T10:42:40Z"
}

Best Practices

  1. Request Only What You Need: Only request permissions for data you actually need. This improves user trust and conversion rates.

  2. Explain Why You Need Each Permission: In your UI, explain to users why you need each permission before they start the consent flow.

  3. Handle Missing Permissions Gracefully: If an API call fails due to missing permissions, provide clear guidance to users on how to grant additional permissions.

  4. Monitor Permission Usage: Track which permissions you're actively using and consider removing unused ones from your requests.

Was this page helpful?

Payment SchedulePlans

On this page

Permission ScopesBanking PermissionsEnergy PermissionsCommon PermissionsRequesting PermissionsExample: Requesting PermissionsChecking Granted PermissionsExample Consent ResponseBest Practices