Guides
Application DashboardSystem Status
Start typing to search…

Consent Lifecycle

Overview

A Consent represents a long-lived authorisation between your application, the customer, and their bank. Throughout its lifecycle, a Consent transitions through several statuses that describe its current validity and usability. The initial status after creation is AWAITING_AUTHORISATION, and subsequent changes are communicated via webhooks.

Consent lifecycle

AWAITING_AUTHORISATION - Consent created but not yet approved by the customer. The Consent has been successfully registered with Lean but must be authorised through the LinkSDK flow. Until authorised, no payments can be initiated under this Consent.

AUTHORISED - Customer has completed authorisation with their bank. The Consent is now active and can be used for initiating payments within the defined limits and validity period. This is the standard active state for Account on File (AoF) consents.

REVOKED (final) - Customer or bank has revoked the consent. No further payments may be initiated under this Consent.

REJECTED (final) - Customer did not approve or the bank declined the Consent request. This state is returned when the authorisation flow ends unsuccessfully. You may prompt the customer to re-initiate a new Consent if appropriate.

EXPIRED (final) - The Consent has reached its configured expiration date. Payments can no longer be initiated under this Consent. To continue using Account-on-file payments, a new Consent must be created and authorised.

CONSUMED (final) - Consent limits have been reached. The Consent is automatically marked as consumed once it has reached one or more of its configured control parameter limits (e.g., cumulative amount or number of payments). A new Consent is required to continue initiating payments.

SUSPENDED - Temporarily unavailable due to compliance conditions. This status may occur if the Consent has been temporarily disabled by the customer’s bank.

Webhook notifications

Lean sends webhook events whenever a Consent’s status changes. These notifications allow your system to stay synchronised without the need for polling.

"type": "consent.status.updated"

{
  "event_id": "cce42859-055b-4271-b4c0-b94d54a3b894",
  "type": "consent.status.updated",
  "message": "A payment consent has been updated.",
  "timestamp": "2025-10-07T10:32:39.691593783Z",
  "payload": {
    "id": "f8668fb8-62fa-4dae-b8a6-ac6a5d5a88eb",
    "status": "SUSPENDED",
    "customer_id": "69b33353-79f8-42ca-9bfe-a3d742cc353c",
    "account_id": "69b33353-79f8-42ca-9bfe-a3d742cc353c",
    "consent_type": "PAYMENT",
    "application_id": "69b33353-79f8-42ca-9bfe-a3d742cc353c",
    "updated_at": "2025-10-07T14:17:34.342847Z",
  }
}

Updated 4 days ago

What’s Next