Multiple roles for you to choose
As a FIU
Will be able to get consent-based data in real-time through Onemoney AA
As a FIP
Will be able to share your customer’s data with Onemoney AA when presented with a valid consent artefact
Data Flow as a FIU
Follow these steps, as an FIU, to get consent-based data in real-time through Onemoney AA.
Place a consent request
The customer agrees to provide his data through Onemoney AA, through your website or mobile application, by providing his Onemoney VUA (Virtual User Address), also known as his Onemoney handle.
A consent request is then created by your server and sent to Onemoney‘s server. In response to each
consent request ID sent by you, Onemoney returns a
Consent handle ID. Click here to know more about consent requests.
Placing a consent request requires your server calling the Post Consent API in postman.
Receive the customer’s approval
The customer is notified by Onemoney AA about your consent request, through an SMS sent by Onemoney to his mobile number. The customer approves your consent request after verifying all the consent parameters. While approving the consent request, the customer selects one or more of his linked financial accounts as included in his approval.
Consent request approval has to be done by the customer using a Onemoney client interface. Click here to know more about integration options between your website or mobile applications and Onemoney clients to provide a smooth approval process.
On receipt of the customer’s approval, a consent artefact is then created by Onemoney‘s servers and sent to you. An almost identical copy of the same is also sent to each of the financial institutions (also known as Financial Information Providers or FIPs) managing any of the linked financial accounts included in it. Each consent artefact has a unique
Consent ID. Click here to know more about consent artefacts.
To receive a consent artefact, your server needs to implement a Post Consent Notification API. Onemoney will use this API to notify you once the consumer approves your consent request and the consent artefact is ready. The notification contains the
Your server then needs to call the Get Consent Artefact in postman to fetch the consent artefact.
Place a data request
Your server, upon receipt of the consent artefact, can place a request for data through Onemoney using the information about financial information types, consent types and financial information data range mentioned in the artefact. A data request can be placed one or more times within the Consent Validity Period, depending on the fetch type approved by the customer in the artefact – whether single or periodic.
Click here to know more about Data Requests.
To place a Data Request, your server needs to call the Onemoney Post Request Data API in postman.
Data requests are processed asynchronously within the AA network. Onemoney generates a
session ID upon receipt of your data request. It then generates a data request, in turn, on each of the FIPs mentioned in the consent artefact. Each FIP responds with its own
session ID in response to the data request.
Once data is ready, each FIP notifies Onemoney about data being available. Onemoney connects to each FIP, upon receiving such a notification, to fetch the financial information and aggregate it as per your data request.
When aggregated data is ready to be delivered, it notifies you about the same using the same
session ID it gave you in response to your data request.
To fetch data now from Onemoney, your server needs to call the Get Fetch Data API in postman of Onemoney.
Financial information received from Onemoney will always be in encrypted form. Onemoney is data-blind, i.e. it can neither store nor view or process data on its servers. All data aggregated is deleted immediately after you fetch it from Onemoney.
To decrypt data, your server needs to implement the Diffie Hellman Key Exchange mechanism.
Click here to get access to an open-source implementation of a library that implements encryption and decryption in compliance with AA specifications.
You are now ready to use your customer’s data. Usage of data must strictly be in accordance with consent parameters. It must be used in accordance with the purpose stated in the consent artefact. Your usage of the data is limited to the duration of data life mentioned in the consent artefact.
You may however archive the data, beyond data life, strictly for audit purposes, in accordance with regulations prescribed by your regulatory authority.
Data Flow as a FIP
Follow these steps, as an FIP, to share your customer’s data with Onemoney AA when presented with a valid consent artefact.
Receive a Consent Artefact
When your customer approves an FIU’s consent request on Onemoney AA and includes accounts managed by you in his consent, you will receive a Consent Artefact from Onemoney AA. As a FIP, you have to store and manage the Consent Artefact securely.
Your server-side has to implement an API that allows you to Receive notification about consent approval
Account Discovery at FIP
When your customer tries to discover his account via Onemoney, a request is sent to the FIP from Onemoney with the required identifiers. As a FIP, you have to send the list of accounts discovered by the customer based on the customer’s identifiers sent by Onemoney.
When your customer tries to link his account via Onemoney, an account link request is sent to FIP from Onemoney. As an FIP, you can either opt for a Direct based authentication or a short lived Token is sent to customer to link the account in either case a refNumber is generated and sent to Onemoney as a response to account link request.
- In case of a Direct based authentication, account linking request will be confirmed at FIP end by an interaction with the customer directly.
- In case of a Token based authentication, a short lived OTP is sent to the customer’s registered mobile number at FIP used for discovering of accounts. Upon customer submitting the OTP it is sent to FIP as a request to link account along with the refNumber.
A successful linking results in generation of linkRefNumber by FIP and sent to Onemoney to correlate the account linking.
Customer can delink his linked accounts via the delink option available in Onemoney application. An account delink request is sent to the FIP with the customer address at Onemoney along with linkRefNumber.
Status of the delink request is sent by the FIP to Onemoney along with the customer, account details.
Financial Information Request
As a FIP, you need to validate the Onemoney‘s request for Financial Information on behalf of your customer using the FI request API. A data pull request is sent by Onemoney to FIP with the required details for data fetch.
Upon validating, FIP generates and sends a sessionId to Onemoney which can be used for pulling the requested financial data.
Once the data is ready from FIP’s server side, a notification needs to be sent to Onemoney.
Financial Information Fetch
Once Onemoney receives notification about data readiness, Onemoney uses the sessionId which is sent as a response during Financial Information Request to pull the encrypted data available at the FIP end.
Onemoney AA should be able to check the availability of FIP all the time. FIP must implement the Heartbeat API which will be used by AAs to monitor the health of FIP.
Kindly note currently sandbox environment is not available for FIP. Please get in touch to learn more firstname.lastname@example.org