> For the complete documentation index, see [llms.txt](https://developer.sahamati.org.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.sahamati.org.in/sahamatinet-poc/integration-steps/rebit-workflows-using-router/consent-workflow.md).

# Consent Workflow

The consent workflow is a fundamental part of the Account Aggregator (AA) ecosystem. It ensures that Financial Information Users (FIUs) can access user data from Financial Information Providers (FIPs) only after obtaining explicit consent from the user. This workflow is governed by a series of secure and standardized interactions using the ReBIT APIs.

### **Steps Involved in Consent Workflow:**

#### Pre-requisites:

The [Account Discovery & Linking](/sahamatinet-poc/integration-steps/rebit-workflows-using-router/account-discovery-and-linking.md) is handled by the user to execute the Consent workflow.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfldUHurAqJFFUH1yDIOAEoxa2n666KTxfbGkOHF3XeDubtIhV0stST_y65hQEC1jYNxSbFRfsn_I-IHBqe9vkFIAHMRNK48ni2m0xjTKTe-ezJAQyys4rr2t1Uo-0KXfizZi7_Dw?key=bdSmp_LkiJMKaUQLHEN9__RS" alt=""><figcaption><p>Consent Workflow</p></figcaption></figure>

#### **1. FIU Initiates Consent Request&#x20;**<mark style="color:green;">**through Router**</mark>**:**

The FIU initiates the process by sending a consent request to the Account Aggregator (AA). The request specifies the type of financial data, the duration, and the purpose for which it is being requested. This consent request is made by the FIU to the AA through Router, following these steps:

* Retrieve the FIP identifier from the Central Registry.
* Construct the request header (`x-request-meta`) using the retrieved identifier for Router compatibility.
* Transmit the request to the Router along with the prepared header.

***ReBIT API: /Consent (POST)*****&#x20;with 'x-request-meta' header***:* The FIU sends the consent request to the AA using this API through Router. The request includes the data access requirements, purpose, and duration for which access is required.

***API (AA Internal Spec): /Consent/create (POST):*** The AA create the consent artefact and stores for future use with pending status.

#### **2. AA Presents Consent to User:**

After receiving the consent request, the AA communicates with the user via its mobile app or web portal, presenting the consent details. The user reviews and either approves or denies the request.

***API (AA Internal Spec): /Consent/read (GET)**:* The AA retrieves the consent artefact details to present to the user for approval.

#### **3. User Grants Consent:**

If the user approves the consent request, the AA generates a consent artefact. This artefact is a formal document containing all the details of the user’s consent, such as the scope, purpose, and validity.

***API (AA Internal Spec): /Consent/accept (POST)**:* The AA update the status and stores the consent artefact after the user grants approval.

#### **4. AA Shares Consent with FIU & FIP&#x20;**<mark style="color:green;">**through Router**</mark>**:**

Once consent is granted, the AA sends the consent artefact to both the FIU and the relevant FIP. The FIP uses this consent artefact to validate requests for financial data.

***ReBIT API: /Consent/Notification (POST)*****&#x20;with 'x-request-meta' header***:* The FIU & FIP is notified about the granted consent via this API. It helps,&#x20;

* FIU to fetch the consent artefact from AA and use it for FI request.
* FIP to validate the future FI data requests from the FIU.

***ReBIT API: /Consent/fetch (POST)*****&#x20;with 'x-request-meta' header***:* The FIU fetches the Consent artefact from AA through Router to use it for future FI data requests.

#### **5. Consent Revocation (Optional):**

The user has the ability to revoke consent at any time, cutting off access to their data.

***API (AA Internal Spec): /Consent/revoke (POST)**:* This API allows the user to revoke previously granted consent.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://developer.sahamati.org.in/sahamatinet-poc/integration-steps/rebit-workflows-using-router/consent-workflow.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.