Re-authorisation
Less than to read
- There may be times when the user authorisation has expired and this needs to be updated.
- When authorisation has expired, the provider can invoke the Re-authorisation flow by calling the POST Statements setting account details status to “authRequired”.
- Banking Service will then set the bank account to “authRequired”.
- When the user’s product next calls in for transactions they will get the current transactions from Banking Service and will be told the account needs to be reauthorised.
- An in-product notification is shown to the user to inform which account needs to be updated. The user can then update credentials.
- Banking Service sends ‘resource created’ notification to provider.
- Banking Service calls the provider’s GET / authrefreshendpoint.
- The provider generates UI for authentication.
- User authorises.
- The provider calls PATCH /authorisations on Provider API, and passes an array of authorised accounts.
- The user is advised that the reauthorisation has been successful.
What’s next?
Find out about the multi-account linking flow. This allows users to connect multiple accounts from 1 authorisation.