# Manage Access Keys source: https://developer.mastercard.com/open-finance-us/documentation/participant-model/partner-linked/client/manage-access-keys/index.md Clients use the following APIs to manage consent receipts for processors. * Generate Access Key: Request access and create a consent receipt for a processor. * Update Access Key: Update the parameters of an active consent receipts. * Revoke Access Key: Consent receipts revoke access to our platform despite the consent receipt's expiration date and time. These are described below. ## Generate Access Key {#generate-access-key} Used to create a consent receipt on behalf of a processor wanting to access consented data on our API platform. Specify the thirdPartyPartnerId, customerId, product, accountId, timeframe and all other fields of the objects that the processor needs to automate processing payments. Note: The timeframe value is in ISO-8601 format while all other APIs are in Epoch format. ### Considerations {#considerations} * Only one customerId per consent receipt request. * Only one thirdPartyPartnerId per consent receipt. * You can specify multiple products for one customerId per the same thirdPartyPartnerId. API Reference: `POST /aggregation/v1/partners/accessKey` ## Update Access Key {#update-access-key} Used to update a consent receipt to change what the processor is allowed to retrieve from our API platform. The ThirdPartyAccessReceipt version number increments so that the processor knows the latest version of what they are authorized to access. Specify the thirdPartyPartnerId, customerId, product, accountId, timeframe and all other fields of the objects that the processor needs to automate processing payments. Note: The timeframe value is in ISO-8601 format while all other APIs are in Epoch format. ### Considerations {#considerations-1} * Only active consent receipts get updated. * Only one customerId per consent receipt request. * Only one thirdPartyPartnerId per consent receipt. * You can specify multiple products for one customerId per the same thirdPartyPartnerId. API Reference: `PUT /aggregation/v1/partners/accessKey/{consentReceiptId}` ## Delete Access Key {#delete-access-key} The Recipient can revoke the Requester's Access Key at any time regardless of its expiration date and time. The access receiptId is deleted from the platform, and the Requester no longer has access to retrieve Access Key related data from our platform. An HTTP status code of 204 (no content) response is generated if the access key was successfully found and deleted. A 404 (not found) response is returned if the specified key does not exist. API Reference: `DELETE /aggregation/v1/partners/accessKey/{consentReceiptId}` ## Error Codes {#error-codes} Requesters may encounter errors requesting or using the Access Key. The error code responses and descriptions are the same error codes received for all clients. The error code data is in the following data structure. ```JSON { "code": 12001, "message": "An unexpected error has occurred. No consent receipts for receiptId" } ``` | HTTP status code | Reason code | Description | |------------------|-------------|---------------------------------------------------------------------------------------------------| | 404 | 12000 | No information found for the partner. | | 404 | 10304 | Consent receipt not found. | | 409 | 12003 | MFA/OTP encountered. Note: Data Connect must resolve the MFA question. | | 401 | 12004 | Access consent is revoked for the current product of the account. | | 401 | 12005 | Access consent has expired for the current product of the account. | | 401 | 12006 | Access consent usage has reached the allowed usage limits for the current product of the account. | | 401 | 12007 | Access consent is not yet processed for the current product of the account. | | 500 | 12001 | An unexpected error has occurred. |