Skip to main content

Consent Management

bLink offers two ways to integrate the consent module:

Developers Hint

To start with the integration the postman collection gives a great toolbox to try out the initial flow. The detailed documentation of the consent module is available here.

In general, the difference in the consent flow with or without CaaS is not visible to the end customer. Instead, the CaaS-handling allows the Service User to rely on the security expertise of SIX, which increases the security of the integration while lowering the amount of corresponding admission criteria and audit requirements to connect to the bLink platform.

CaaS and bLink Admission Criteria

Find out how CaaS connects to the admission criteria you have to fulfill in order to onboard to bLink.

As CaaS is a service provided by SIX independently from bLink, it also includes a separate contract. You can view it in the chapter Contracts.

Depending on the setup of the Service User, both options can be beneficial. You can find out more about this in our chapter Architectural Decisions for Service Users. The following table summarizes the main differences between the Consent Management 2.0 requirements with and without CaaS:

Consent Management 2.0Consent Management 2.0 with CaaS
Authentication MethodTokensPermissions
Difference in authentication methodThe token allows direct access to the service providerPermission allows access to tokens
Token storageService User securely stores tokensTokens are stored by SIX
Role of SIX in authentication flow-Token handling for Service User and serves as an additional instance to verify requests
Consequence for Service UserYearly external audit required according to the admission criteria without CaaSYearly review of admission criteria with CaaS
Admission CriteriaAnnex 1: Admission Criteria of bLink Platform Participation Contract
Annex 1: Admission Criteria of Consent-as-a-Service (CaaS)
Last updated on