Data Flow as an FIU
Click here to run in Postman.
Follow these steps, as an FIU, to get consent-based data in real-time through Onemoney AA.
Place a consent request
The customer agrees to provide his data through Onemoney AA, through your website or mobile application, by providing his Onemoney VUA (Virtual User Address), also known as his Onemoney handle.
A consent request is then created by your server and sent to Onemoney's server. In response to each consent request ID sent by you, Onemoney returns a Consent handle ID. Click here to know more about consent requests.
Placing a consent request requires your server calling the Post Consent API in postman.
Receive the customer's approval
The customer is notified by Onemoney AA about your consent request, through an SMS sent by Onemoney to his mobile number. The customer approves your consent request after verifying all the consent parameters. While approving the consent request, the customer selects one or more of his linked financial accounts as included in his approval.
Consent request approval has to be done by the customer using a Onemoney client interface. Click here to know more about integration options between your website or mobile applications and Onemoney clients to provide a smooth approval process.
On receipt of the customer's approval, a consent artefact is then created by Onemoney's servers and sent to you. An almost identical copyof the same is also sent to each of the financial institutions (also known as Financial Information Providers or FIPs) managing any of the linked financial accounts included in it. Each consent artefact has a unique Consent ID. Click here to know more about consent artefacts.
To receive a consent artefact, your server needs to implement a Post Consent Notification API. Onemoney will use this API to notify you once the consumer approves your consent request and the consent artefact is ready. The notification contains the Consent ID.
Your server then needs to call the Get Consent Artefact in postman to fetch the consent artefact.
Place a data request
Your server, upon receipt of the consent artefact, can place a request for data through Onemoney using the information about financial information types, consent types and financial information data range mentioned in the artefact. A data request can be placed one or more times within the Consent Validity Period, depending on the fetch type approved by the customer in the artefact - whether single or periodic.
Click here to know more about Data Requests.
To place a Data Request, your server needs to call the Onemoney Post Request Data API in postman.
Data requests are processed asynchronously within the AA network. Onemoney generates a session ID upon receipt of your data request. It then generates a data request, in turn, on each of the FIPs mentioned in the consent artefact. Each FIP responds with its own session ID in response to the data request.
Once data is ready, each FIP notifies Onemoney about data being available. Onemoney connects to each FIP, upon receiving such a notification, to fetch the financial information and aggregate it as per your data request.
When aggregated data is ready to be delivered, it notifies you about the same using the same session ID it gave you in response to your data request.
To fetch data now from Onemoney, your server needs to call the Get Fetch Data API in postman of Onemoney.
Financial information received from Onemoney will always be in encrypted form. Onemoney is data-blind, i.e. it can neither store nor view or process data on its servers. All data aggregated is deleted immediately after you fetch it from Onemoney.
To decrypt data, your server needs to implement the Diffie Hellman Key Exchange mechanism.
Click here to get access to an open-source implementation of a library that implements encryption and decryption in compliance with AA specifications.
You are now ready to use your customer's data. Usage of data must strictly be in accordance with consent parameters. It must be used in accordance with the purpose stated in the consent artefact. Your usage of the data is limited to the duration of data life mentioned in the consent artefact.
You may however archive the data, beyond data life, strictly for audit purposes, in accordance with regulations prescribed by your regulatory authority.
Take a Consent Modification Request
Your customer may decide to modify one or more consent parameters or perform any of the following activities: pause (and resume), or revoke completely the consent provided to you. As an FIU, you may allow the customer to perform such consent management activities through your web or mobile front-end applications.
Your server-side communicates the customer's intention to Onemoney by calling the Post Consent Notification API in postman.
Onemoney then notifies the customer about the receipt of such a request, by sending an SMS to the customer's mobile number. The customer then uses a Onemoney Client interface to approve the modification request related by you. Click here to know about various integration options available to integrate your front-end applications with Onemoney Client interfaces.