Archived 2022.11.20. Content moved to error scenarios and responses.
This article answers questions regarding consent and accounts.
Question
At what point are accounts attached to a consent?
Answer
This is described from the user experience (UX) point of view in the CX Guidelines. On the Accredited Data Recipient (ADR) dashboard, the customer selects a Data Holder (DH). Then the ADR passes the customer to the DH. The customer connects securely to the DH and on the DH dashboard gives consent for the DH to supply the requested data to the ADR. The customer selects the accounts from which data is to be shared during this process.
See CX Guidelines.
The Authorise | Account selection section describes how a DH dashboard might present accounts for selection. When the customer has selected accounts and consented, the DH then records the accounts that are attached to the consent.
Question
How does the DH record the attachment of accounts to consents?
Answer
The method for recording account attachment to a consent is at the discretion of the DH.
Question
Can consent be active without any attached accounts?
Answer
Consent can be active without any attached accounts. For example, sharing requests can include only data clusters that do not involve accounts.
Question
If a valid consent is available but does not cover all the accounts and properties specified in a request, what is the response to the request?
Answer
When accounts are involved in a request, consent must be supplied for all of the accounts and properties specified in the request. If one or more of those accounts is not included in the consent structure, then the request is invalid and a 422 - Unprocessable Entity
error response must be returned, along with error code 0001
. No data is returned.
Source: Issue 117: Clarification on consent request scenarios.
Comments
0 comments
Please sign in to leave a comment.