# Consent Management
source: https://developer.mastercard.com/open-finance-us/documentation/consent-management/index.md

## Understanding User Consent {#understanding-user-consent}

User Consent refers to explicit permission granted by a customer (end user),
typically through [Mastercard Data Connect](https://developer.mastercard.com/open-finance-us/documentation/connect/index.md),
for Mastercard Open Finance to access the customer's financial account data
and share it with a third party.

Customers retain the ability to review,
update, or revoke this access at any time.

Data Connect offers a user experience that enables customers to connect to their
financial institutions and permission access to the data they want
to share. For further details, refer to the
[Mastercard Data Connect](https://developer.mastercard.com/open-finance-us/documentation/connect/index.md)
documentation.

If the customer decides not to share their consented financial data any
longer, they can either revoke the entire consent or remove a specific
financial institution.

Upon revocation of consent, Open Finance will discontinue
collecting the customer's data associated with that consent.
Warning: After consent is revoked, you will no longer be able to retrieve any data or reports based on that data.

## Consent Records {#consent-records}

A consent record documents the details of a consent.

Each consent record includes information about the following:

* **Accounts shared:** institution details with specific accounts the customer selected
* **Data types:** the type of data to be accessed (transactions, balances, identity, and so on)
* **Consent access timestamp:** the duration for which the data recipient will have access to the data
* **Connection status:** whether the financial institution connection is active or inactive

Note: Consent records are available from 28 June 2023.

## Consent Management Endpoints {#consent-management-endpoints}

You can use these endpoints to retrieve consent records
and revoke consent on behalf of a customer.

### Retrieving Consent Records {#retrieving-consent-records}


API Reference: `GET /data-sharing-consents`


API Reference: `GET /data-sharing-consents/{consent_receipt_id}`

### Revoking Consent {#revoking-consent}


API Reference: `DELETE /data-sharing-consents/{consent_receipt_id}`


API Reference: `DELETE /data-sharing-consents/{consent_receipt_id}/institutionLogins/{institution_login_id}`

These endpoints may not be suitable for all partners. Contact your sales representative for more information.
