# Consent APIs source: https://developer.mastercard.com/open-finance-au/documentation/consent/consent-apis/index.md Mastercard provides APIs for consent creation, amendment and consent management. These APIs mirror the functionality of the Connect Application but allow full control of the user experience. Note: Depending on the regulatory model, API-based consent may not be permitted for obtaining, amending, or managing connections to financial institutions. Contact your sales representative for more information. As with the Connect Application, consent events are emitted through the lifecycle of each consent: * Refer to [Consent Notifications](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications/index.md) for information about consent notification event types. * Refer to [Consent Notifications Structure](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications-structure/index.md) for information about the structure of consent notifications. ## Obtain Consent {#obtain-consent} As an alternative to using [Connect Full or Connect Lite](https://developer.mastercard.com/open-finance-au/documentation/connect/index.md), Mastercard offers APIs that can be used to obtain consent. These allow partners to customise the consent flow fully with their own user experience where permitted by Mastercard. Contact your sales representative for more information in relation to these APIs. Before using obtain consent APIs, you should subscribe to [consent webhooks](https://developer.mastercard.com/open-finance-au/documentation/connect/webhooks/webhooks-event-connect/index.md) and work with your solution engineer to create a [connect experience](https://developer.mastercard.com/open-finance-au/documentation/connect/configure-connect-experience/index.md) with an approved data sharing purpose. Note: Connect webhooks are not available when using an API to obtain consent. The following steps can be used to obtain consent via API: 1. Use the Get Institutions API to present a list of financial institutions to the end user. API Reference: `GET /institution/v2/institutions` 2. Customer selects an institution with an associated `institution_id`. 3. Use the Get Application Details and Get Consents Purpose APIs to obtain details and display them to the end user on the consent screen. API Reference: `GET /applications` API Reference: `GET /data-sharing-consents/purposes` API Reference: `GET /data-sharing-consents/purposes/{purpose_id}` 4. Obtain consent from the end user. Create a consent record in our system using the Create Data Sharing Consent endpoint. Store the consent receipt ID that is returned. API Reference: `POST /data-sharing-consents` 5. Receive a `CONSENT_CREATED` webhook. 6. Use the Data Sharing Consent By Institution API to generate and display a URL to allow the user to authenticate with the bank. API Reference: `POST /data-sharing-consents/{consent_receipt_id}/institutions/{institution_id}/urls` 7. The user authenticates, selects accounts, and authorizes data sharing at the financial institution. 8. Receive `INSTITUTIONS_ADDED` webhook 9. Repeat steps 6 to 8 as needed until the user has connected all their financial institutions. 10. Access account data. ### Flow Diagram {#flow-diagram} The following flow diagram is applicable for obtaining consent for one or more financial institutions: Diagram obtainconsent ## Amend Consent {#amend-consent} Consent amendments allow you to extend the duration of an existing consent or update the account selection at the user's financial institution. Use the expiry date provided through [consent webhooks](https://developer.mastercard.com/open-finance-au/documentation/connect/webhooks/webhooks-event-connect/index.md) or our [consent management APIs](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-apis/index.md#managing-consent) to identify when a consent is nearing expiry and trigger an amendment. For more complex changes, such as modifying the consent purpose, a new consent is required. To amend a consent, repeat steps 6 and 7 from the Obtain Consent process using the existing consent receipt ID and institution ID. The Data Sharing Consent by Institution API generates and displays a URL that enables the user to re-authenticate with their bank and extend the consent. Once successful, an `INSTITUTIONS_AMENDED` consent webhook will be sent. During the amendment process, the user may select different accounts. The consent will be extended by the duration configured in the Connect experience, and the user will be prompted to update their account selection on the bank's side. ### Flow Diagram {#flow-diagram-1} The following flow diagram is applicable for obtaining consent for one or more financial institutions: Diagram amendconsent ## Managing Consent {#managing-consent} Mastercard provides endpoints that can be used to query consent records: API Reference: `GET /data-sharing-consents` API Reference: `GET /data-sharing-consents/{consent_receipt_id}` The following endpoint can be used to obtain information about consent events including amendments: API Reference: `GET /data-sharing-consents/{consent_receipt_id}/events` We also provide these endpoints to revoke consent records: API Reference: `DELETE /data-sharing-consents/{consent_receipt_id}` API Reference: `DELETE /data-sharing-consents/{consent_receipt_id}/institutionLogins/{institution_login_id}` These endpoints may not be suitable for all partners. Contact your sales representative for more information.