# Processing Consent Notifications source: https://developer.mastercard.com/open-finance-au/documentation/consent/processing-consent-notifications/index.md When a notification event is received, it is important to check its type and act accordingly if this is a Consent Notification event. The easiest way to analyze what notification event has been received is to analyze its header, for example: ```sh Event-Signature: {{"notification event signing key"}} Event-Id: {{"notification event id"}} Event-Type: {{"notification event type"}} Event-Context: "CONSENT" Content-Type: "application/json" ... {{"standard HTTPS headers"}} ``` 1. Check that `Event-Context` is `CONSENT`. 2. If yes, get the value of the `Event-Type` field and perform required action if any: | | **Consent Notification Event Type** | **Description** | **Action required** | |---|-------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 | `CONSENT_CREATED` | This event is triggered when a customer initiates consent. At this point consent is in DRAFT state. Such consent does not have any institution added yet and is not usable for retrieving the customer's financial data yet. | No action required. You may use this event for dispute resolution and troubleshooting. | | 2 | `INSTITUTIONS_ADDED` | This event is triggered whenever a customer successfully consents to share accounts for a specific Financial Institution. At this point, overall consent is ACTIVE and the data from the added accounts can be requested. | No action required. You may use this event to start gathering data from the shared accounts. | | 3 | `INSTITUTIONS_AMENDED` | This event is triggered when an existing institution arrangement is amended. This occurs when the customer re-authenticates to extend the consent duration or update account selections. After amendment, the arrangement remains ACTIVE, and updated account data can be accessed. | Account for the updated account list based on the user's selection. | | 4 | `INSTITUTIONS_NOT_ADDED` | This event is triggered when an attempt to add or amend an institution fails or is canceled. This event signals that no changes were applied to the consent for the targeted institution. | You may wish to prompt the user again to add an institution. | | 5 | `INSTITUTIONS_REVOKED` | This event is triggered whenever a customer revokes arrangement to access accounts for particular institution(s). The revoked institutions become INACTIVE in consent and no more data can be requested from them. If there are no more active institutions left, the overall consent also becomes INACTIVE. | Action is required: 1. Check the `changes` structure inside the event [payload](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications-structure/index.md#details-of-the-consent-changes) to see which institutions the revoked arrangements relate to. 2. Delete all the customer's data collected from these institutions, as well as the data derived from it. | | 6 | `INSTITUTIONS_EXPIRED` | This event is triggered whenever the arrangement to access the accounts of the specific institution(s) expires. The expired institutions become INACTIVE in consent and no more data can be requested from them. If there are no more active institutions left, then the overall consent becomes INACTIVE as well. | Action is required: 1. Check the `changes` structure inside the event [payload](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications-structure/index.md#details-of-the-consent-changes) to see which institutions the expired arrangements relate to. 2. Delete all the customer's data collected from these institutions, as well as the data derived from it. | For more details on the Consent Notification event structure, refer to [Consent Notification Structure](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications-structure/index.md).