Handling invalid consents

When making a call to any of the Data APIs, we will check if the consent is valid. Consents might no longer be valid because the date of expiry you set has passed, because you have revoked it or because the bank has revoked it. When this happens, a CONSENT_EXPIRED response will be returned:

{
    "status": "CONSENT_EXPIRED",
    "metadata": null,
    "message": "Consent was revoked or is expired. New consent is required, please connect the entity once again.",
    "timestamp": "2020-12-30T16:40:49.779695Z"
}

When this happens you should trigger the connect() flow again. Once the user has successfully granted you consent again, you will receive a webhook.

{
    "type": "entity.updated",
    "message": "An entity object has been updated.",
    "payload": {
        "id": "f08fb010-878f-407a-9ac2-a7840fb56185",
        "customer_id": "6bc2336a-6d74-4e59-a492-65313423a8f",
        "permissions": [
          "identity","accounts","balance","transactions", "identities", 
          "scheduled_payments", "standing_orders", "direct_debits", "beneficiaries"
        ],
        "bank_details": {
          "name": "Lean SAMA Open Banking MockBank",
          "bank_type": "RETAIL",
      		"identifier": "LEA1_SAMAOB_SAU",
          "logo": "https://cdn.leantech.me/img/banks/white-lean.png",
          "main_color": "#1beb75",
          "background_color": "#001E26"
        }
    },
    "timestamp": "2020-10-10T17:19:00.059933Z"
}

You can then retry the API call you made before to retrieve all the necessary data.

📘
You can also proactively update a consent (including its expiry date, transaction date range and permissions) by asking your customer to go through the connect() flow at any time. In that case, any active consents will be revoked and a new active consent will be generated.