Account Aggregator - Consent Request API
This document highlights the Account Aggregator - Consent Request API details.
API Description
Objective
The Account Aggregator (AA) Consent Request API initiates the consent process for accessing financial data. A URL is returned in the response, which redirects the user to a web page for consent approval.
API URL
https://ind-engine.thomas.hyperverge.co/v1/AAConsentRequest
API Endpoint
AAConsentRequest
Overview
The API is RESTful and uses standard HTTP verbs and status codes. The responses are in JSON format and you should upload all images and files as form-data through a POST request.
Method - POST
Authentication
You need a unique pair of application ID ( appId ) and application key (appKey) from HyperVerge to verify your identity for accessing the API.
| Parameter | Mandatory or Optional | Description | Allowed Values |
|---|---|---|---|
| content-type | Mandatory | This parameter defines the media type for the request payload | application/json |
| appId | Mandatory | The application identifier shared by HyperVerge. You can find the details in the dashboard's credentials tab. | This should be a unique value. |
| appKey | Mandatory | The application key shared by HyperVerge. You can find the details in the dashboard's credentials tab. | This should be a unique value. |
| transactionId | Mandatory | A unique identifier for tracking a user journey | This should be both unique and easily associated with the user's journey in your application(s) |
Inputs
The following table provides the details of the parameters required for the API's request body:
| Parameter | Mandatory or Optional | Description | Allowed Values | Default Value |
|---|---|---|---|---|
redirectUrl | Mandatory | This would be the URL the user has to get redirected to post consent request completion from the account aggregator | Not Applicable | Not Applicable |
custID | Mandatory | The 10 digit contact number of the user | Not Applicable | Not Applicable |
Request
The following code snippet demonstrates a standard curl request for the API:
curl --location --request POST 'https://ind-engine.thomas.hyperverge.co/v1/AAConsentRequest' \
--header 'appId: <Enter_the_HyperVerge_appId>' \
--header 'appKey: <Enter_the_HyperVerge_appKey>' \
--header 'x-hv-hide-on-portal: yes' \
--header 'Content-Type: application/json' \
--data '{
"redirectUrl": "<Enter_redirect_URL>",
"custId": "<Enter_Customer_ID>"
}'
Success Response
The following code snippet demonstrates a success response from the API:
| Parameter | Type | Description |
|---|---|---|
| statusCode | integer | The status code of the response |
| status | string | The status of the request |
| AAUserLogin | object | The details of the AA user login process |
| rid | string | The unique request identifier, which is a system generated UUID |
| ts | string | The timestamp of the request in UTC, indicating when the response was fetched. (Format: ISO 8601) |
| channelId | string | The identifier for a specific channel, allowing data to be pushed to different URLs based on distinct use cases, such as personal loans and insurance |
| body | object | The body details of the AA user login response |
| token | string | The unique JWT token, with a 24-hour validity |
| AAConsentRequestPlus | object | The details of the AA consent request |
| encryptedRequest (ecreq) | string | The request parameters in an encrypted and base64-encoded format |
| requestDate (reqdate) | string | The date of the consent request in ddmmyyyyhhmimisss format (UTC), used for request validation |
| encryptedFiuId (fi) | string | The unique identifier of the Financial Information User (FIU) or requestor, encrypted using Base64/XOR along with the requestDate field |
| ConsentHandle | string | A unique identifier for each user journey, used for tracking and retrieving user data during the verification process |
| url | string | The URL for the AA consent flow |