Data Flow as a Consent Manager
Click here to run Postman
Follow these steps, as an FIU, to get consent-based data in real-time through
For test purposes only, we offer a choice of either using the Onemoney SDK (Coming soon...) or directly accessing Onemoney APIs through these flows.
When you move to production, direct API access will not be allowed as that is prohibited under current RBI guidelines. All user registration and consent management activities HAVE to happen through an AA client (i.e. an SDK or app owned by the AA itself).
When your customer provides a VUA to you (or if you have his mobile number), you may check with Onemoney to see if he already has a VUA set up. Your application may call the Verify VUA API in Postman.
If the customer is new to Onemoney and is interested in setting up a profile with
Onemoney, you may quickly create his profile by passing basic details such as his
mobile number and name. Onemoney will independently verify the customer's identity
(required under current RBI guidelines), by sending an OTP to the provided mobile
number. Your app may then pass the OTP back to Onemoney for verification.
Onemoney registers the consumer and generates a recommended VUA. Once the customer sets the VUA, the registration process is complete. For further interactions, a session ID is required to be obtained.
To achieve this flow, your application needs to call the following APIs:
1. To request registration: User Registration API in Postman.
2. To verify the OTP: Verify OTP API in Postman
3. To set the VUA: Set VUA API in Postman.
4. To get a session ID: Initialize session API in Postman.
If the customer already has a profile, you may initiate a Onemoney session by
"logging" him into Onemoney. To do this, you may send the customer's mobile number
to Onemoney. Onemoney verifies if there exists an existing VUA assigned to that
number and sends an OTP to the number, for authentication.
Your app may then pass the OTP back to Onemoney for verification. If successful, Onemoney logs in the customer and returns a session ID.
To achieve, your application needs to call the following APIs:
1. To request a login session: Login with OTP/Send in Postman.
2. To authenticate the customer: Login with OTP/Verify in Postman.
Discovery and Linking of Accounts
Once a customer has set up a profile with Onemoney, you may enable him to discover and link his bank accounts, insurance accounts, MF accounts and the like. To do this, the following activities would typically be performed:
Show a list of FIPs
The customer needs to be shown the list of FIPs that are currently in the AA
Call List FIP API in Postman to do this.
Discover Accounts with a Selected FIP
The customer would typically select one or more FIPs that he has accounts with, on
your interface. You may then initiate a discovery request with Onemoney. Onemoney,
in turn, connects to the FIPs and returns the list of discovered accounts.
Call the Discovery API in Postman to facilitate this interaction.
Link One or More Discovered Accounts
Once the discovered accounts are presented to the customer, he may select to link one
or more of those accounts with his Onemoney profile. Linking involves a one-time
authorization by the FIP managing the accounts that the customer wishes to link.
This authorization may be done either via the FIP sending an OTP to the registered
mobile number of the account owner, or via the FIP asking for netbanking or debit
card credentials of the account owner.
These interactions may be faciliated as follows:
1. Call the Linking OTP Send API in Postman to enable OTP-based authorization.
2. Call the Linking OTP Verify API in Postman to verify OTP-based authorization.
The "Netbanking/Debit card" based authorization flow is currently not supported.
Consent Request Approval
When a consent request is placed by you (or any other FIU, if you are purely building
a consent management interface), the customer needs to view and approve/reject the
Present the Consent Request details to the consumer by calling the Get Consent Request Details API in Postman.
Faciliate customer approval by calling the Approve Consent Request Details API in Postman.
If the customer rejects the request, use the Reject Consent Request details API in Postman..
At any point in time, the customer may wish to revoke, pause (or resume) his
Call Revoke Consent API in Postman to faciliate the revocation.
Pause/Resume/View Timeline APIs.