Account Information Consent & Permissions
Consent expiration and transactions
The time for which an AIS connection consent can live for, and for how far in the past it can access transactions from can be specified as part of the mh:consent
claims value.
To set these values in the claims, they need to be set in the mh:consent
value in the claims, with these properties:
expirationDateTime
- the date time at which the banking connection will expire with the banking provider (maximum 90 days in the future)transactionFromDateTime
- the date time at which transactions will be pulled from. The earliest time we allow for this value is the closest to the current time of these values:- 72 months in the past
- The value specified for
monthsInitialConsent
for the given provider.
Setting expirationDateTime and reconsent
If
expirationDateTime
is set, this means that the connection will not be able to use the shortened reconsent journey and will have to go through full re-authentication with the provider. ThetppConsent
will be false for connections usingexpirationDateTime
. Please see the guide on 90 day reconsent changes for more information.
Setting transactionFromDateTime limitations
When setting
transactionFromDateTime
, please be aware that some providers may have a limit on how far back transactions can be fetched. When limits are known, these will appear in the well known connections endpoint (https://identity.moneyhub.co.uk/oidc/.well-known/api-connections) in eithermonthsInitialConsent
ordaysInitialConsent
When making a connection without specifying a user ID (One time access scenario) the default time for the expiration date time will be 24 hours in the future.
{
"id_token": {
"sub": {
"essential": true
},
"mh:con_id": {
"essential": true
},
"mh:consent": {
"essential": true,
"value": {
"expirationDateTime": "2022-05-02T00:00:00+00:00",
"transactionFromDateTime": "2021-05-02T00:00:00+00:00"
}
}
}
}
Additional permissions
There are some additional permissions that can be requested when connecting to an account. These should be shown on the consent page if they are being requested
ReadStandingOrdersBasic permission will grant access to basic standing order information, such as the reference, amounts and dates payments will be made.
ReadStandingOrdersDetail permission will grant access to the basic standing order information as well as the payee account information.
ReadBeneficiariesDetail permission will grant access to beneficiaries, which are payment or transfer destination accounts which have been authorized by the bank.
The additional permissions must be requested via the mh-consent
claim along with any other claims in the following way:
{
"id_token":{
"mh:consent":{
"value":{
"permissions":[
"ReadStandingOrdersBasic",
"ReadBeneficiariesDetail"
]
}
}
}
}
NodeJS Library
Prerequisites
You will need v4.17.0 of the Moneyhub API Client to make use of this feature
If you use our NodeJS client library, you can make connections with these claims by specifying expirationDateTime
, transactionFromDateTime
and permissions
in the authorisation URL generating methods.
const url = await moneyhub.getAuthorizeUrl({
scope: "openid id:api",
state: " your state value",
nonce: "your nonce value",
expirationDateTime: "2022-09-01T00:00:00.000Z",
transactionFromDateTime: "2020-09-01T00:00:00.000Z",
permissions: ["ReadBeneficiariesDetail"]
})
Updated 11 months ago