Guides
Application DashboardSystem Status

Consent Management

Overview

When using Account-on-file payments, Open Finance rules require that customers (your end users) must be able to access, view and manage their long lived consents they have authorized between their account with their bank and your application via a dedicated management interface.

To facilitate this, your application can call the manageConsents()function in the Link SDK to present the dedicated management interface to the customer. By calling this function your customers will be able to view and manage all the long lived consents they have between their bank account and your application.

manageConsents({
    app_token: "your_app_token",
    customer_id: "your_customer_id",
    access_token: "your_customer_scoped_access_token"
  })

See UX example below:

Consent revocation

Open Finance rules mean that it is mandatory that customers must be able to 'Revoke' (Cancel) an 'Authorised' long lived consent at anytime including Account-on-file payments consents. Customers can do this via the Consent Management Interface called from your application via the Link SDK.

In the scenario, that a customers does 'revoke' a consent, Lean will notify you with a consent.status.updated web hook to ensure you are kept updated.

See UX example below:

👍

Customers can also 'revoke' consent directly with their bank; in this scenario Lean will also communicate the consent status change to you via consent.status.updated web hook

Customers may need to revoke an Account-on-file payments consent directly in certain scenarios, for example:

  • The end user has permanently closed their account with the customer
  • Fraudulent activity has been detected
  • Revoking an existing consent nearing expiry once a replacement consent has been authorised, ensuring a seamless renewal experience for the end user.

For this Lean, provides an optional consents/v1/id/revocation endpoint.

❗️

consents/v1/id/revocation is for customer-initiated revocations only and does not replace the manageConsents()` SDK function. Providing end users the ability to view and revoke their own consents at any time is a mandatory regulatory requirement and must be implemented as part of any Account on File payments integration.

{
  "reason": "CONSENT_RENEWAL", // mandatory
  "additional_context": "USER_CANCELLED" // optional
}

Updated 6 days ago