Data Flow as a Consent Manager

Click here to run Postman

Follow these steps, as an FIU, to get consent-based data in real-time through Onemoney AA.
For test purposes only, we offer a choice of either using the Onemoney SDK (Coming soon...) or directly accessing Onemoney APIs through these flows.

When you move to production, direct API access will not be allowed as that is prohibited under current RBI guidelines. All user registration and consent management activities HAVE to happen through an AA client (i.e. an SDK or app owned by the AA itself).

Verify VUA

When your customer provides a VUA to you (or if you have his mobile number), you may check with Onemoney to see if he already has a VUA set up. Your application may call the Verify VUA API in Postman.

Register Customer

If the customer is new to Onemoney and is interested in setting up a profile with Onemoney, you may quickly create his profile by passing basic details such as his mobile number and name. Onemoney will independently verify the customer's identity (required under current RBI guidelines), by sending an OTP to the provided mobile number. Your app may then pass the OTP back to Onemoney for verification.
Onemoney registers the consumer and generates a recommended VUA. Once the customer sets the VUA, the registration process is complete. For further interactions, a session ID is required to be obtained.
To achieve this flow, your application needs to call the following APIs:
1. To request registration: User Registration API in Postman.
2. To verify the OTP: Verify OTP API in Postman
3. To set the VUA: Set VUA API in Postman.
4. To get a session ID: Initialize session API in Postman.


If the customer already has a profile, you may initiate a Onemoney session by "logging" him into Onemoney. To do this, you may send the customer's mobile number to Onemoney. Onemoney verifies if there exists an existing VUA assigned to that number and sends an OTP to the number, for authentication.
Your app may then pass the OTP back to Onemoney for verification. If successful, Onemoney logs in the customer and returns a session ID.
To achieve, your application needs to call the following APIs:
1. To request a login session: Login with OTP/Send in Postman.
2. To authenticate the customer: Login with OTP/Verify in Postman.

Discovery and Linking of Accounts

Once a customer has set up a profile with Onemoney, you may enable him to discover and link his bank accounts, insurance accounts, MF accounts and the like. To do this, the following activities would typically be performed:

Show a list of FIPs

The customer needs to be shown the list of FIPs that are currently in the AA ecosystem.
Call List FIP API in Postman to do this.

Discover Accounts with a Selected FIP

The customer would typically select one or more FIPs that he has accounts with, on your interface. You may then initiate a discovery request with Onemoney. Onemoney, in turn, connects to the FIPs and returns the list of discovered accounts.
Call the Discovery API in Postman to facilitate this interaction.

Link One or More Discovered Accounts

Once the discovered accounts are presented to the customer, he may select to link one or more of those accounts with his Onemoney profile. Linking involves a one-time authorization by the FIP managing the accounts that the customer wishes to link. This authorization may be done either via the FIP sending an OTP to the registered mobile number of the account owner, or via the FIP asking for netbanking or debit card credentials of the account owner.
These interactions may be faciliated as follows:
1. Call the Linking OTP Send API in Postman to enable OTP-based authorization.
2. Call the Linking OTP Verify API in Postman to verify OTP-based authorization.
The "Netbanking/Debit card" based authorization flow is currently not supported.

Consent Request Approval

When a consent request is placed by you (or any other FIU, if you are purely building a consent management interface), the customer needs to view and approve/reject the consent request.
Present the Consent Request details to the consumer by calling the Get Consent Request Details API in Postman.
Faciliate customer approval by calling the Approve Consent Request Details API in Postman.
If the customer rejects the request, use the Reject Consent Request details API in Postman..

Consent Modification

At any point in time, the customer may wish to revoke, pause (or resume) his consent.
Call Revoke Consent API in Postman to faciliate the revocation.

Pause/Resume/View Timeline APIs.
[Coming soon...]