Manage the user consent from the website when we receive a TPP connection request to read accounts

A client requests to access their account and pull the data from a third party, be this another bank application, an account aggregator, or any other application or service. These requests will redirect the user to the customer’s website to log in and validate the user.

Once the user has been granted access to the application, if has the appropriate permissions to see accounts, they will find an account selector. From this view, they will be able to select one or multiple accounts to be read by the third party asking for consent. The following step will inform the user of the permissions that are been granted to the third party.

As a last security step, a One Time Password will be sent to the end user’s registered device to ensure the identity. Finally, the user will be redirected to the third party requesting consent.