# AIS Consent Management source: https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/accounts/ais-consent-management/index.md We have added two new endpoints to enhance your ability to manage Account Information Service (AIS) consents. These endpoints enable you to: * Check the status of active consent * Revoke access to a consent ## Checking the Status of a Consent {#checking-the-status-of-a-consent} In the AIS session lifecycle, you in the role of a Third Party Provider (TPP) might need to verify the current status of a Payment Service User's (PSU) consent. ### Prerequisite {#prerequisite} You will need to have an initialized AIS session with the PSU who authorizes the session. Once you have an active session, you can use the loginToken associated with that session to retrieve its details. ### Checking the status of the consent {#checking-the-status-of-the-consent} 1. Ensure you have a valid [loginToken](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md#login-token) for the session you want to check. If you need more information about obtaining a login token, refer to our [Codes and Tokens](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/api-basics/code-and-tokens/index.md) documentation. 2. Execute the `GET /consents` endpoint. You will need to include the X-Login-Token header in your request, populated with the [loginToken](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md#login-token) from step 1. * The API will respond with detailed information about the consent, including: * The consent identifier held with the bank * The current status of the consent * The expiration details for the consent * If a consent has already been revoked by the user either via the TPP platform or with their ASPSP, the `GET /consents` endpoint response will be "Access Denied" with status code 403. ### Supported Providers {#supported-providers} This feature is currently available for select providers in the UK, and we're working on expanding support to more providers in the near future. Currently supported providers: * AIB GB * American Express * Bank of Scotland * Barclays * Bank of Ireland UK * Chase * Coutts \& Company * Danske Bank * First Direct * Halifax Bank * HSBC * Lloyds Bank * Monzo * Nationwide Building Society * NatWest * The Cooperative Bank * The Royal Bank of Scotland * Revolut * Santander * Starling * Tesco Bank * TSB Bank * Ulster Bank * Virgin Money #### Request {#request} ```shell curl --location --request GET 'https://api.nordicapigateway.com/v2/consents' \ --header 'X-Login-Token: ' \ --header 'X-Client-Id: example-id' \ --header 'X-Client-Secret: example-secret' ``` #### Response {#response} ```shell HTTP 200 OK { "consentId": "5d5bcLTPv-HH-pV26cT67lrIY8kwz59whYjEJasHyUc.5ef85601bc3b", "status": "Active", "expirationDateTime": "2021-12-24T00:00:00Z", "providerId": "DemoBank" } ``` ## Revoking a Consent {#revoking-a-consent} There are various scenarios where you or the PSU may want to notify the ASPSP that a PSU has revoked a consent. Perhaps the intended use of the consent has been fulfilled, or a user has requested that their consent be removed. Whatever the reason, our new endpoint makes it easy to revoke a consent when needed. ### Prerequisite {#prerequisite-1} You will need to have an initialized AIS session with the PSU who authorizes the session. Once you have an active session, you can use the [loginToken](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md#login-token) associated with that session to trigger a consent revocation. ### Revoking a consent {#revoking-a-consent-1} * Ensure you have the [loginToken](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md#login-token) for the session associated with the consent you want to revoke. * Execute the DELETE /consents endpoint, including the X-Login-Token header populated with your [loginToken](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md#login-token). * If the deletion is successful, you will receive a 204 response code from the `DELETE /consents` endpoint. Note: Once a consent is deleted, you will no longer have access to the AIS data associated with that consent, nor will you be able to refresh the consent. If you need to access the data again in the future, you will need to establish a new consent. #### Request {#request-1} ```shell curl --location --request DELETE 'https://api.nordicapigateway.com/v2/consents' \ --header 'X-Login-Token: ' \ --header 'X-Client-Id: example-id' \ --header 'X-Client-Secret: example-secret' ``` #### Response {#response-1} ```shell HTTP 204 OK ``` ### Supported Providers {#supported-providers-1} This feature is currently available for select providers in the UK, and we're working on expanding support to more providers in the near future. Currently supported providers: * AIB GB * American Express * Bank Of Scotland * Barclays * Bank of Ireland UK * Chase * Coutts \& Company * Danske Bank * First Direct * Halifax Bank * HSBC * Lloyds Bank * Monzo * Nationwide Building Society * NatWest * The Cooperative Bank * The Royal Bank of Scotland * Revolut * Santander * Starling * Tesco Bank * TSB Bank * Ulster Bank * Virgin Money ## Best Practices and Considerations {#best-practices-and-considerations} When working with these endpoints, keep the following points in mind: * Always handle the responses appropriately in your application. For example, if you receive a successful deletion response, make sure to update your local state accordingly. * Be mindful of when and why you are checking consent status or revoking consents. * Remember that after revoking a consent, you will need to go through the consent establishment process again if you need to access that PSU's data in the future.