Consents

Learn about consents and how they should be managed.

What's SCA?

SCA stands for Strong Customer Authentication, it is the process where a customer goes through their banking provider's systems authenticating themselves.

In the context of this guide, SCA is encountered when customers initially connect their banking provider to Bud and when the connected banking provider tells Bud the customer needs to reconnect. This is indicated by the field reconnect_required being returned as true in the response when calling Retrieve Refresh Status V2 or when calling Reconfirm Consent.

What's a consent?

A consent represents the authorisation given by a customer using SCA, for Bud to fetch data from a given banking provider for a period of time.

What does it mean to reconfirm a consent?

When a consent is reconfirmed by a customer, the duration for which Bud can fetch data is extended by 90 days from the date of reconfirmation.

For clients using Bud’s Authorisation Gateway (Bud Connect), a reconfirm can be executed calling Retrieve Authorisation Gateway URL (v2) with the field initial_screen in the request body set to reconfirm_consent. This will prompt the customer to reconfirm their account.

The screenshot below demonstrates the display the customer is presented with. This consent was reconfirmed on the 25th of June, 15 days after the Reconfirm by date was reached. The customer was not redirected to the bank to go through SCA.

For client's not using Bud’s Authorisation Gateway (Bud Connect), reconfirm can be executed using the Reconfirm Consent endpoint. Please note, if using the reconfirm consent endpoint you must first get explicit consent from your customer, consent cannot be automatically extended.

The consent lifecycle

Consents are transient and allow Bud to fetch data for up to 90 days; however, a consent can be reconfirmed up to 180 days from the date of authorisation or the latest reconfirm, and Bud will be able to fetch data from the expiration_date of the consent before it was reconfirmed. This ensures that there are no gaps in the data, which is important for many of Bud's services.

In this scenario, the consent was not confirmed within 90 days of the `expiration_date`. This means the consent cannot be reconfirmed anymore, and the customer must go through SCA and reconnect their account.

In this scenario, the consent was not reconfirmed within 90 days of the expiration_date. This means the consent cannot be reconfirmed anymore, and the customer must go through SCA and reconnect their account.

To view a list of consents for a customer you should use the Retrieve Customer Consents endpoint. Its possible to filter consents by status using the status query parameter. The different status parameters filter the data as follows:

  • active (Default if not set in the request)- Active consents connected to the customer (Day 0 - Day 90).
  • reconfirm_due - Consents that can are either due to be reconfirmed or within 30 days of expiring (Day 60 Onwards).
  • all - all consents connected to the customer.

📘

Integration Recommendation

Bud recommends that clients encourage their customers to reconfirm their consents as soon as they are available for reconfirmation (from 30 days of expiring). This allows customers to reconfirm at a time convenient to them before Bud is unable to fetch more data.

Examples of the consent lifecycle

Consent not reconfirmed and left to expire

In this scenario, the consent was not confirmed within 90 days of the `expiration_date`. This means the consent cannot be reconfirmed anymore, and the customer must go through SCA and reconnect their account.

In this scenario, the consent was not reconfirmed within 90 days of the expiration_date. This means the consent cannot be reconfirmed anymore, and the customer must go through SCA and reconnect their account.

Consent reconfirmed early at 60 days (recommended integration)

In this scenario, the consent was reconfirmed at 60 days after the date of creation (30 days before the `expiration_date`. This is the earliest a consent can be reconfirmed.

The consent it reconfirmed until the response from the reconfirm endpoint indicates `reconnect_required`, at this point the consent is expired and the customer must reconnect their account.

In this scenario, the consent was reconfirmed 60 days after the date of creation (30 days before the expiration_date. This is the earliest a consent can be reconfirmed.

The consent is reconfirmed until the response from the reconfirm endpoint indicates reconnect_required, at this point, the consent is expired and the customer must reconnect their account.

Consent reconfirmed at 90 days

In this scenario, the consent was reconfirmed at 90 days after the date of creation. This is the date at which bud cannot refresh data for the connected account until a reconfirm has been completed.

The consent is reconfirmed until the response form the reconfirm endpoint indicates `reconnect_required`, at this point the consent is expired and the customer must reconnect their account.

In this scenario, the consent was reconfirmed at 90 days after the date of creation. This is the date at which Bud cannot refresh data for the connected account until a reconfirm has been completed.

The consent is reconfirmed until the response from the reconfirm endpoint indicates reconnect_required, at this point, the consent is expired and the customer must reconnect their account.




If you have any questions, please contact us via the chatbot (bottom-right of screen 👉) or via a support request or check our FAQs.