Skip to content


  Less than to read

  1. There may be times when the user authorisation has expired and this needs to be updated.
  2. When authorisation has expired, the provider can invoke the Re-authorisation flow by calling the POST Statements setting account details status to “authRequired”.
  3. Banking Service will then set the bank account to “authRequired”.
  4. When the user’s product next calls in for transactions they will get the current transactions from Banking Service and will be told the account needs to be reauthorised.
  5. An in-product notification is shown to the user to inform which account needs to be updated. The user can then update credentials.
  6. Banking Service sends ‘resource created’ notification to provider.
  7. Banking Service calls the provider’s GET / authrefreshendpoint.
  8. The provider generates UI for authentication.
  9. User authorises.
  10. The provider calls PATCH /authorisations on Provider API, and passes an array of authorised accounts.
  11. The user is advised that the reauthorisation has been successful.

Flow diagram displaying the re-authorisation user flow

What’s next?

Find out about the multi-account linking flow. This allows users to connect multiple accounts from 1 authorisation.

Was this helpful?