Retrieve a list of consents

GET 
/consents

The consents endpoint allows the client (e.g., a third party provider) to query the consents for a given user. The provider (e.g., a financial institution) must return the consents linked with the access token supplied with the request.

Request

Responses

200

List of consents

Response Headers

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

X-Next-Cursor

An opaque string value used for pagination. Include this value in the cursor parameter of the subsequent request to fetch the next page of results. An empty string indicates that there are no more results.

400

Bad Request - The format of the request was invalid.

Examples:

• InvalidPayload: type: /problems/INVALID_PAYLOAD title: Payload does not comply with API specification detail: Malformed JSON instance: path/to/corresponding/resource

• InvalidParameter: type: /problems/INVALID_PAYLOAD title: Invalid parameter values have been detected detail: Sent data could not processed instance: path/to/corresponding/resource

• MissingId: type: /problems/INVALID_PAYLOAD title: The payload was not valid detail: ID is missing instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

WWW-Authenticate

i.e. "Bearer error='invalid_token'" according to RFC6750 section-3

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

401

Unauthorized - The request has not been applied because it provides no valid authentication credentials for the target resource.

Response Headers

Content-Language

always en

WWW-Authenticate

i.e. "Bearer error='invalid_token'" according to RFC6750 section-3

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

403

Forbidden - A valid OAuth Token was received, but access was denied. (Depending on the security requirements, providers can return 404 instead)

Examples:

• InsufficientPrivileges: type: /problems/INSUFFICIENT_PRIVILEGES title: No privileges for the requested operation detail: Insufficient privileges for the requested operation instance: path/to/corresponding/resource

• ExpiredToken: type: /problems/EXPIRED_TOKEN title: The OAuth Token is expired detail: The token is no longer valid instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

WWW-Authenticate

i.e. "Bearer error='invalid_token'" according to RFC6750 section-3

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

404

Not Found - Either the endpoint does not exist or a requested resource is not yet available (e.g., account statements)

Examples:

• InvalidAccounts: type: /problems/INSUFFICIENT_PRIVILEGES title: Insufficient privileges to access resource detail: The provided token does not grant access to the requested account instance: path/to/corresponding/resource

• InvalidToken: type: /problems/INSUFFICIENT_PRIVILEGES title: Insufficient privileges to access resource detail: The provided token is not valid instance: path/to/corresponding/resource

• WrongEndpointUrl: type: /problems/TECHNICAL_ERROR title: URL not found detail: The requested endpoint does not exist instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

405

Method Not Allowed - The method received in the request-line is known by the origin server but not supported by the target resource.

Examples:

• NotSupportedOperation: type: /problems/WRONG_METHOD title: This HTTP operation is not allowed on this endpoint detail: Only GET operations are allowed instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

500

Internal Server Error - The server encountered an unexpected condition that prevented it from fulfilling the request.

Examples:

• TechnicalServerError: type: /problems/TECHNICAL_ERROR title: Technical error on server side detail: Processing yielded a technical error instance: path/to/corresponding/resource

• ResourceTooLarge: type: /problems/RESOURCE_TOO_LARGE title: Generated resource was too large detail: The generated resource exceeded the size limit instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

501

Not Implemented - The server does not support the functionality required to fulfill the request.

Examples:

• EndpointNotImplemented: type: /problems/NOT_IMPLEMENTED title: Target endpoint is not implemented detail: This endpoint is not implemented instance: path/to/corresponding/resource

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

502

Bad Gateway - The upstream gateway or proxy issued an invalid response.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

503

Service Unavailable - The server is currently unable to handle the request due to a temporary overload or scheduled maintenance.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server

504

Gateway Timeout - The upstream gateway or proxy did not provide a response in time.

Response Headers

Content-Language

always en

X-Correlation-ID

Client defined ID from request to correlate HTTP requests between a client and a server