Allows FIU to support integration with all authorized Account Aggregators in the ecoSystem in a dynamic yet trusted manner and is compliant with RBI's Account Aggregator Technical Standards.It's also innovative in making consumer journey seamless, data usage convenient and complaint.
FinPro (FIU Platform of Moneyone) FIU Integration
Data Governance and Value Management platform for FIU
Features of FinPro FIU Server
Place the Consent request.
Store the Consent artifact.
Place encrypted data request (Onetime or Periodic).
Send/Receive Notifications to and from the account aggregator.
Fetch encrypted financial information from the account aggregator.
Decrypt financial information.
Provide SDK with widgets of account aggregator education screen, account aggregator list, view
balance and transactions.
Provide data APIs for bank account statements, GST statements etc. as per ReBIT schema in JSON
format for end FIU applications consumption.
We have two different integration options for FinPro (FIU)
Moneyone FinPro
Server Integration
Implement the flows server side to call FinPro server APIs
Webhooks
Receive notifications for subscribed consent flow events and data flow events
FinPro (FIU Platform of Moneyone) Server Integration
Implement the following flows on your server-side to call FinPro server APIs. Flows that have to be
implemented on your server side are marked (Server-side only) in parentheses.
- Implement flow to fetch the list of Account Aggregators.
- Implement flow to send VUA provided by the customer and product details to FinPro server, for FinPro to construct a consent request (server-side only).
- Implement flow to get the status of consent requests.
- Implement flow to get data using any of the relevant APIs in the FinPro data catalog. (server-side only).
- Implement flow to allow the customer to modify his consent (coming soon) (server-side only).
Note: If your customer does not have an Account Aggregator set up, use the Web URL parameter provided in the
response to step 1 (List of Account Aggregators) to launch the web application of the AA selected by the
customer on your front-end.
Webhooks Integration to FinPro (FIU Platform of Moneyone)
Webhooks Integration needs to be done for FinPro FIU in the FinPro admin portal.
What is a webhook?
Webhook is a feature to receive notifications for subscribed consent flow events and data flow events.
Notifications to subscribed events are triggered on completion of the subscribed event. For. e.g. if a
webhook has been setup for a Consent approval event then notification would be sent once a user approves
consent. The notification to a subscribed event is sent to a webhook URL setup by a user. The
notification is sent as a plain string message. When setting up the webhook, you will be asked to
specify a secret.Using this secret, you can validate that the webhook is from FinPro(FIU).
| Notification Type | Notification Details |
|---|---|
| Consent Approve Notification | Triggered by Onemoney to FIU when a user approves a raised consent |
| Consent Reject Notification | Triggered by Onemoney to FIU when a user rejects a raised consent |
| Consent Revoke Notification | Triggered by Onemoney to FIU when a user revokes a consent. |
| Consent Expiry Notification | Triggered by Onemoney to FIU when an active consent expires |
| Consent Pause Notification | Triggered by Onemoney to FIU when an active consent has been paused by customer |
| Consent Resume Notification | Triggered by Onemoney to FIU when a Paused consent has been resumed by customer |
| Data Ready Notification | Triggered by Onemoney to FIU when the requested data is ready to be shared with FIU |
| Data Denied Notification | Triggered by Onemoney to FIU when the request data has been denied by the requested FIPs |
| Session Expired Notification | Triggered by Onemoney to FIU when the session between FIU and Onemoney to fetch data expires |
| Session Failed Notification | Triggered by Onemoney to FIU when FIP fails to provide data for the data request received from Onemoney or Onemoney fails to provide data to FIU after fetching data from FIP for whatever reason |
The actual notification messages (event_msg)
- Consent approved – Consent approved for <<ConsenthandleId>>
- Consent Rejected – Consent rejected for <<ConsenthandleId>>
- Consent Pause – Consent Paused for <<ConsentId>>
- Consent Resume – Consent reactivated for <<ConsentId>>
- Consent Revoke – Consent revoked for <<ConsentId>>
- Consent Expire – Consent expired for <<ConsentId>>
- Data Denied – Data denied for <<Consentid>>
- Session Failed – Data fetch session failed for <<Consent Id>>
- Session expired – Data fetch session expired for <<Consent Id>>
Webhook Notification Format
Below is the URL notification format sent by the FinPro to a FIU server to receive notifications about the
events subscribed.
{
"timestamp": "<timestamp>",
"consentHandle": "<consent handle value>",
"eventType": "<event type>",
"eventStatus": "<event status>",
"consentId": "<consent id>",
"eventMessage": "<event message>"
}
As an example:
{
"timestamp": "2020-12-18T09:45:25.325Z",
"consentHandle": "e8beada7-e0d3-473b-a1a2-96fb4b236708",
"eventType": "CONSENT",
"eventStatus": "CONSENT_APPROVED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent approved for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}| Field | Value | Description | Required? |
|---|---|---|---|
| timestamp | string | Current timestamp | Yes |
| consentHandle | string | Consent Handle ID | Yes |
| eventType | string | Type of Event can be "CONSENT" or "DATA" | Yes |
| eventStatus | string | Status of the event. Depends on the eventType | Yes |
| consentId | string | Consent ID. This value will be null if the consent is rejected. | Yes |
| eventMessage | string | Notification Message | Yes |
Mechanism to verify the notification
Generate a signature by using the secret entered when setting up webhooks using the below code.
Generate a X-Webhook-Signature using https://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/
Secret is what FIU has configured in our developer portal.
After secret is generated, the generated signature and the X-Webhook-Signature from request header matches,
the data is said to be coming from the correct source.
Use the below code to verify that the notification is coming from Moneyone server and to generate signature.
requests.get(url, headers={‘X-Webhook-Signature’: })
Integration of Webhooks in FinPro FIU
- Login to the FinProadmin web portal
- Navigate to "webhooks" option on side navigation bar.
- Select event from drop down options
- Select events by selecting checkboxes
- Add the webhook url where notification message is to sent
- Add secret key for generating hash value
- Click on save to save the webhook configuration
Webhook Notification Sample Values for Various Events
CONSENT_APPROVED
{
"timestamp": "2020-12-18T09:45:25.325Z",
"consentHandle": "e8beada7-e0d3-473b-a1a2-96fb4b236708",
"eventType": "CONSENT",
"eventStatus": "CONSENT_APPROVED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent approved for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
DATA_READY
{
"timestamp": "2020-12-19T12:37:35.154Z",
"consentHandle": "f0c41cc1-3b35-4af3-9b43-892db01c4eba",
"eventType": "DATA",
"eventStatus": "DATA_READY",
"consentId": "c0d65536-f0ce-4252-88d0-9a4da8c44127",
"eventMessage": "Data ready for consent id c0d65536-f0ce-4252-88d0-9a4da8c44127",
"linkRefNumber": [
"f7691f6f-8899-4216-9996-da04ba47428f",
"99473156-675c-441a-859b-7a0e702d5c15",
"8cfc9517-e786-4f34-b5c3-6d4c57454555"
]
}
CONSENT_PAUSED
{
"timestamp": "2020-12-18T09:47:33.644Z",
"consentHandle": "e8beada7-e0d3-473b-a1a2-96fb4b236708",
"eventType": "CONSENT",
"eventStatus": "CONSENT_PAUSED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent paused for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
CONSENT_RESUMED
{
"timestamp": "2020-12-18T09:48:58.509Z",
"consentHandle": "e8beada7-e0d3-473b-a1a2-96fb4b236708",
"eventType": "CONSENT",
"eventStatus": "CONSENT_RESUMED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent reactivated for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
CONSENT_REVOKED
{
"timestamp": "2020-12-18T09:50:06.879Z",
"consentHandle": "e8beada7-e0d3-473b-a1a2-96fb4b236708",
"eventType": "CONSENT",
"eventStatus": "CONSENT_REVOKED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent revoked for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
CONSENT_REJECTED
{
"timestamp": "2020-12-18T09:58:12.162Z",
"consentHandle": "26a9b8a5-9396-47d5-a37e-b09b95740337",
"eventType": "CONSENT",
"eventStatus": "CONSENT_REJECTED",
"consentId": "<NULL>",
"eventMessage": "Consent rejected for consent id "<NULL>"
}
SESSION_FAILED
{
"timestamp": "2020-12-18T09:58:12.162Z",
"consentHandle": "26a9b8a5-9396-47d5-a37e-b09b95740337",
"eventType": "DATA",
"eventStatus": "SESSION_FAILED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Data fetch failed for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
SESSION_EXPIRED
{
"timestamp": "2020-12-18T09:58:12.162Z",
"consentHandle": "26a9b8a5-9396-47d5-a37e-b09b95740337",
"eventType": "DATA",
"eventStatus": "SESSION_EXPIRED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Data fetch expired for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
CONSENT_EXPIRED
{
"timestamp": "2020-12-18T09:58:12.162Z",
"consentHandle": "26a9b8a5-9396-47d5-a37e-b09b95740337",
"eventType": "CONSENT",
"eventStatus": "CONSENT_EXPIRED",
"consentId": "a2a5d764-4c00-492f-bed3-d7a0061be4e0",
"eventMessage": "Consent expired for consent id a2a5d764-4c00-492f-bed3-d7a0061be4e0"
}
DATA_DENIED
{
"timestamp": "2020-12-19T12:37:35.154Z",
"consentHandle": "f0c41cc1-3b35-4af3-9b43-892db01c4eba",
"eventType": "DATA",
"eventStatus":"DATA_DENIED",
"consentId": "c0d65536-f0ce-4252-88d0-9a4da8c44127",
"eventMessage": "Data denied for consent id c0d65536-f0ce-4252-88d0-9a4da8c44127",
"linkRefNumber": [
"f7691f6f-8899-4216-9996-da04ba47428f",
"99473156-675c-441a-859b-7a0e702d5c15",
"8cfc9517-e786-4f34-b5c3-6d4c57454555"
]
}