Reconfirmation
Get access to your user's account information for longer by allowing your user to reconfirm the consent. This feature is only available in the UK.
Atto Connect allows reconfirmation of consents to extend the lifetime of the consent. This flow should be started when a consent is about to expire. Regulation enforced by PSD2 states that consents can last up to 90 days and to continue to access the data, reconfirmation has to be received after every 90 days by the end-user.
Atto provides both Webhooks and Email notification V2 to notify of upcoming consent expirations, each of which can be configured for how many days prior to consent expiration they should be triggered.
Starting reconfirmation flow
To reconfirm a consent:
Get an access token for Consent API using the Authorization API (Scope should be
api:consent).Append the consent ID that needs to be reconfirmed as query parameter and add the access token as a fragment to the Atto Connect url. eg:
https://connect.atto.co?consent_id=<ConsentID>#access_token=<AccessToken>and send it to the end user.User will be prompted to reconfirm the details of their access:
Note: api:consent Access Token validity period is about 1 hour. Attaching Reconfirmation URL straight to the email would not end up with good user experience as URL would not be usable after 1 hour. Recommended approach is to redirect end user to your page, where end user can continue with Reconfirmation and new Access Token can be requested.
Based on a bank’s internal criteria, users may be required to re-authenticate their consent with the bank at certain times. See how this flow will look like in Re-authentication docs.
Disconnect flow
If a user doesn't wish to prolong access to the data, then they can revoke access to the bank data.
Notifications
Atto dispatches Webhook evenType : Consent when the journey finishes. consentJourney value is set to Reconfirmation. Once the journey finishes and a notification is received indicating success, you may resume fetching the data from the APIs.
API Flow
