API Reference
  1. Authentication

API Explorer

Once you have figured which digital property to integrate, web or mobile, and also figured out from which screen you will redirect your customer to approve a consent, simply start the journey by calling our “Authenticate” API.

  1. Authentication Process:

    • Begin by calling the "Authenticate" API with simple 'username-password' credentials provided by our team.
    • Upon successful authentication, you will receive a token and session ID valid for 10 minutes.

  2. Redirecting for Consent:

    • After authentication, call the "REDIRECTAA" API. Include a 'GUID' (clienttxnid) from your side as a unique transaction identifier.
    • The API will return a redirect URL as output.

📘

For a much-standardized experience, we are helping our clients with the necessary JAVASCRIPT for opening the child browser, in a fixed aspect ratio.

  1. User Interaction:
  • Redirect your user to the URL received in step 2.
  • The consumer will take action (approve, reject, or close the browser).
  1. Notification Handling:

Depending on the consumer's action:

  • If the customer approves the consent, then TSP will pass the consent status = 'Approved' to FIU via webhook. If it’s a browser-based journey, you also get notified in your browser console.
  • If the customer rejects the consent, then TSP will pass the consent status = 'Rejected' to FIU via webhook. If it’s a browser-based journey, you also get notified in your browser console.
  • If the customer does not take action on the consent (Consent =Pending) then TSP will not pass any consent status to webhook. If it’s a browser-based journey, you also get notified in your browser console.
  • If the consent got 'Approved' then Finduit will push to data (subject to uptime and availability of FIPs) via the webhook/call-back URLs, you have configured. This happens in an auto pilot mode, FYI.
  1. Post-Approval Data Transfer:
  • Upon customer action on consent, apart from receiving consent notification, you can also check the status by decrypting EC Response. For EC Response and data decryption logic, kindly contact respective CSMs
  • Upon approval, Finduit (FIP aggregator) initiates data transfer to FIPs through configured webhook/callback URLs automatically.

Anything else I need to know?

  • Sit together with our team and brainstorm on periodicity, validity, and frequency of your consent parameters. This is what we call a 'USE_CASE_ID' which varies from industry to industry.
  • There is a Sahamati certification which we strongly recommend you take- This ensures standardization of all participants.
  • Let us know your other preferences like “what format of data is needed? Encryption needed or not. Color combination on AA page, Logo on AA page”

Begin by exploring the Authentication API up next.

Updated over 1 year ago

Updated over 1 year ago