Consent Creation

Last changes: 09-25-2019

1. Consent Creation Requesting

A customer is requesting consent creation in your webpage or app is redirected via a HTTP POST request to the "Add Consent" Page of the KontoCloud E-Wallet Portal. You will retrieve the "Base URL" of the E-Wallet Portal together with your API user (see Getting Started).

As depicted in the sample below, the parameters "thirdPartyProviderId" and "callBackURL" must be provided as form data. While you set your API user identifier as "thirdPartyProviderId", the "callbackURL" specifies your endpoint to which the customer will be redirected after the consent creation process.

POST HTML sample

<html>
  <body>
    <form action="{Base URL}/ewallet/consents/add" method="post">
      thirdPartyProviderId <input type="text" name="thirdPartyProviderId" value="user@example.com"><br>
      callBackUrl <input type="text" name="callBackUrl" value="https://www.example.com"><br>
      <input type="submit">
    </form>
  </body>
</html>

2.a Consent Rejection

If the customer rejects the consent creation in the E-Wallet Portal, he/she is redirected to your previously specified "callBackUrl" and the parameter "result" in the form data returns "cancelled".

2.b Consent Acceptance

Initialize Consent Creation

If the customer accepts the consent creation, the E-Wallet Portal initializes the consent creation process and displays a QR-code on the "Action Confirmation Page".

Two Factor Authentication (2FA)

Here, the customer uses his/her KC Authenticator app for a second factor authentication. After successfully scanning the QR-code the app shows a one-time password. This is subsequently entered on the "Action Confirmation Page" and triggeres the following process step.

Confirm Consent Creation

The KontoCloud API valides the provided one-time password and redirects the customer to the "callBackUrl". In case of a successful consent creation, the form data contains the parameter "result" set to "success" and a unqiue consent identifiert in "consentReference".