# Account Information Consent Deletion source: https://developer.mastercard.com/open-banking-connect/documentation/aisfeatures/delete-ais-consent/index.md ## Overview {#overview} The goal of this request is to revoke previously obtained consent, so that the Account Information Service (AIS) information can no longer be accessed. For more information, see [Account Information Consent Request](https://developer.mastercard.com/open-banking-connect/documentation/aisfeatures/account-information-consent/index.md). ### Endpoint details {#endpoint-details} | **Endpoints/Resources** | **Method** | **API Profiles** | **Description** | |---------------------------|------------|--------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------| | /accounts/consents/delete | `POST` | CMA9, Polish API, NextGenPSD2, STET, Budapest Bank, Czech Open Banking Standard API Profile, Slovak Banking API Standard API Profile | The token corresponding to the consent becomes unusable as a result of this operation. | The following sequence diagram shows the flow for canceling consent after it has been given by the PSU. Diagram delete_ais_consent ## Request scenario {#request-scenario} API Reference: `POST /accounts/consents/delete` #### Request header {#request-header} N/A #### Request body {#request-body} | **Name** | **Purpose** | **Required by** | **How it can be used** | **Condition** | **Multiplicity** | **Type** | **Description** | **Limitations/Parameters** | |--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|------------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------| | `requestInfo` | Includes information about the request being processed | MC | This element encapsulates all request information sent to the API Service | M | 1..1 | Object | A set of elements used to define the request details | N/A | | `xRequestId` | ID of the request, unique to the call, as determined by the TPP | TPP | A memorable ID could be used to support in a dispute | M | 1..1 | String UUID | Free field that allows for the addition of information that can be referenced for future use | 36 pattern: `^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$` | | `aspspId` | ID of a financial institution servicing the accounts of the PSU | ASPSP | Identification of ASPSP | M | 1..1 | String UUID | This element is used to specify the identification code of a financial institution that holds PSU accounts | 36 pattern: `^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$` | | `isLivePsuRequest` | Indicates if PSU actively initiated the request | ASPSP | Type of PSU request | O | 0..1 | Boolean | PSU request type | Applicable for Polish API profile only Boolean: true or false | | `psuIPAddress` | The forwarded IP address field consists of the corresponding HTTP request IP address field between PSU and TPP. | ASPSP | It shall be contained only if the PSU actively initiated this request | C | 0..1 | String | IP address of PSU's terminal device. | Applicable for Polish API profile only 1-256 Required when isLivePsuRequest=true | | `psuAgent` | Indicates the user-agent for the PSU. If the PSU is using the TPP's mobile app, make sure the mobile app user-agent string is different than browser-based user-agent strings. | ASPSP | If a user-agent is supplied to ASPSP, then this information can be used by ASPSP's security mechanisms. To avoid rejections, it is recommended to include this field when providing isLivePsuRequest and psuIPAddress. | O | 0..1 | String | PSU's browser agent details | Applicable for Polish API profile only 1-256 | | `psuTppCustomerId` | For billing purposes. | MC | Used for identifying the number of transactions related to a certain PSU | O | 0..1 | String | Identifier of the PSU in the TPP system used for billing. | 1-256 | | `merchant` | Collect merchant data for reporting purposes | MC | Merchant data is used for reporting or reconciliation purposes | O | 0..1 | Object | A set of elements used to define the merchant details | N/A | | `id` | Merchant identification code to identify the merchant | MC | Unique merchant identifier per TPP, which could be used for reporting/reconciliation purposes | M | 1..1 | String | Field is available for TPPs to enable capturing of a merchant ID | 1-256 | | `name` | Merchant name to identify the merchant | MC | Name of merchant | M | 1..1 | String | Field is available for TPPs to enable capturing of a merchant name | 1-256 | | `consentId` | A unique reference to the account information consent stored by the ASPSP. This is required to enable subsequent account information requests related to the consent (for example, to request account or transaction details) | ASPSP | Pass this value as part of the account information requests related to the consent. | M | 1..1 | String | A unique reference to the account information consent stored by the ASPSP. Please note that this is not the original value generated by the ASPSP but a generated 'proxy' value related to that. | 1-256 | Tip: For an explanation of notations used, refer to **Open Banking General FAQ** in our [Frequently Asked Questions](https://developer.mastercard.com/open-banking-connect/documentation/frequently-asked-questions/index.md) section. ### Response -- Success {#response--success} HTTP Response Code = 200, OK Tip: For a list of general response codes and error code structure see [Response and Error Codes](https://developer.mastercard.com/open-banking-connect/documentation/response-and-error-codes/index.md). For specific error codes for this feature, see **Feature specific error codes** below. #### Response header {#response-header} N/A #### Response body {#response-body} | **Name** | **Purpose** | **Required by** | **How it can be used** | **Condition** | **Multiplicity** | **Type** | **Description** | **Limitations/Parameters** | |-----------------------|-----------------------------------------------------------|-----------------|----------------------------------------------------------|---------------|------------------|-------------|------------------------------------------------------|---------------------------------------------------------------------------------------------| | `originalRequestInfo` | Returns original request information to the TPP | MC | This object contains original request information | M | 1..1 | Object | Original request information received from the TPP | N/A | | `xRequestId` | A memorable ID that could be used to support in a dispute | TPP | This element could be used for request-response tracking | M | 1..1 | String UUID | Original `xRequestId` given by the client on request | 36 pattern: `^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$` | ## Feature-specific error codes {#feature-specific-error-codes} Tip: For a list of general response codes and error code structure see [Response and Error Codes](https://developer.mastercard.com/open-banking-connect/documentation/response-and-error-codes/index.md). | **Message** | **Reason Code** | **Description** | **Developer Details** | **Typical Occurrences** | **Next Steps** | |--------------------------------------------------------|-----------------|------------------------------------------------------|-----------------------|------------------------------------------------------------------------------------------------|-------------------------------------| | "Access Token associated with the Request has expired" | `INVALID_TOKEN` | Access Token associated with the Request has expired | | Typically occurs when the consent that the TPP has previously obtained from a PSU has expired. | PSU needs to provide a new consent. | **Error example code** ```json { "Errors": { "Error": [ { "ReasonCode": " INVALID_TOKEN ", "Description": "Access Token associated with the Request has expired" } ] } } ``` | **Message** | **Reason Code** | **Description** | **Developer Details** | **Typical Occurrences** | **Next Steps** | |---------------------------------------------------------------------------|-----------------|----------------------------------------------------------|-----------------------|-------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------| | "Access Token associated with the Request is invalid or has been revoked" | `INVALID_TOKEN` | The consent ID used in the request is invalid or revoked | | Typically occurs when the consent ID is invalid or revoked. | Ensure a valid consent ID is used in the request. If you think the specified consent id is valid, please contact the Open Banking Connect API support team. | **Error example code** ```json { "Errors": { "Error": [ { "Source": "OBC", "ReasonCode": "INVALID_TOKEN", "Description": "Access Token associated with the Request is invalid or has been revoked" } ] } } ``` | **Message** | **Reason Code** | **Description** | **Developer Details** | **Typical Occurrences** | **Next Steps** | |-------------------------------------------------|------------------|-----------------------------------------------|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------| | "Delete consent not implemented for this ASPSP" | `PROVIDER_ERROR` | Delete consent not implemented for this ASPSP | | Typically occurs when Delete Consent capability is not implemented for ASPSP. In this case consent would not be available anymore, still it was not removed from the ASPSP either. | If consent needs to be removed from the ASPSP, the PSU can handle this directly with the ASPSP. | **Error example code** ```json { "Errors": { "Error": [ { "ReasonCode": "PROVIDER_ERROR", "Description": "Delete consent not implemented for this ASPSP", "Recoverable": false } ] } } ```