Consent UI

For a data recipient (Basiq) to collect, use and disclose CDR data they must have consent from the consumer to do so. The Basiq Consent UI renders the defined application consent policy within a flow that aligns with the rules and requirements proposed by the CDR, and the latest CX Guidelines. Partners wishing to access v3.0 of the Basiq API are required to use the Basiq Consent UI in their application.

Once a user has given consent, the Consent UI flow will take them to the institution picker to continue connecting their accounts, and on completion will be redirected back to the partner application. Consumers can manage all of their provided consents through a consent dashboard owned by Basiq.

📘

Application configuration

How the Basiq Consent UI is presented to users is defined by the applications consent policy and institutions selection. Partners can manage this in the dashboard configuration.

Basiq Consent UI flow

 

 

Using the Basiq Consent UI

The Consent UI is hosted by Basiq, so the user flow will be as follows:

  1. User is presented with the applications pre consent (in partner app)
  2. On accepting the pre consent, partners should then redirect their users to:https://consent.basiq.io/home?userId={{userId}}&token={{client_token_bound_to_userId}}
  3. Upon confirmation from the user they they have finished connecting their institutions, they will be redirected back to the partners application along with the JobId in the header for that connection. The redirect URL can be configured via the dashboard, but will default to the origin if this is not set.

🚧

Authentication params

Authentication params are required and include:

  • userId, and
  • CLIENT_SCOPE access token. Note: The userId must also be bound to this token to access the Consent UI for security reasons. E.g.
  const { data } = await axios.post('https://au-api.basiq.io/token', qs.stringify({ scope: 'CLIENT_ACCESS', userId: "123456789" }), {
    headers: {
      Authorization: `Basic ${process.env.BASIQ_API_KEY}`,
      'Content-Type': 'application/x-www-form-urlencoded',
      'basiq-version': '3.0',
    },
  });
  return data.access_token;

These can be created and obtained via the Basiq API (See the quick start guide)

Action parameters

Partners can pass an optional action param for alternate flows. The action you pass will be determined by the state of the user and what the user needs to do via the Consent UI.

Action

When to use

Screen

No action parameter (default state)

Your user is onboarding for the first time so will need to complete the user journey from giving consent to connecting their institutions in its entirety.

[F1]

action=manage

Your user needs to manage the consent they have granted for your application. This state allows them to view and manage their current consent including the connections that have been made under this and also.

Using this action when a user does not have an active user consent will result in an error.

[F2]

action=connect

Your user already has an existing valid consent, but would like to make additional connections.

[F3]

action=extend

Your user's consent is about to expire and they need to extend it in order to allow your application to continue to access their data.

[F4]

action=update

Your user needs to update their consent. E.g. The applications consent policy has been amended.

[F5]

Institution parameters

Partners can pass an optional institutionId param for alternate flows. If the partner knows which institution they wish to obtain credentials for, they can add the ?institutionId=AU00000 parameter to the URL. This will bypass Select institution screen for certain flows.

 

Consent UI Actions Flow

 

Alternative UI flows


Did this page help you?