Data with Consent

All data access via the Tapico UI requires the consent of the End-User

Overview

Underpinning all of Tapico's services is a ConsentConsent - The data categories your application will receive regarding an end-users account information. The end-user will review and accept these consents during the consent journey.-based API access model. The ability to access read/write APIs is done so with the End-User's consent.


Consent Capture & Authentication

The End-User of your Application gives consent to Tapico to share personal financial data with your Application. This consent has to be authorised with the Account Servicer.

Tapico provides a ready-made UX flow that can be launched from your Application to:

  1. Present to the End-User a list of Account Servicers that your Application is connected with.
  2. Capture the End-Users Consent to share their data with you.
  3. Redirect the End-User to their selected Account Servicer to authorise the consent request.
  4. Redirect the End-User back to your Application.

Once completed a Consent record with be created. This can be viewed, revoked and in some cases can expire after a set timeframe.

Consent - Authentication FlowConsent - Authentication Flow

Consent - Authentication Flow

Access Control Models

Who is the End-User that is giving consent?

Your Application's End-UserEnd-User - Your application's user, and ultimately the person that has given consent to access account information from accounts they are permissioned to and that are held by an account servicer., is the real world person who executes the Consent JourneyConsent Journey - The workflow provided by Tapico allowing your end-user to give consent for your application to access their financial data., authenticates with their credentials at the Account ServicerAccount Servicer - The entity that holds the account(s) that contains your end-user's account information, e.g. a bank like Natwest or a financial institution like Aviva. Tapico facilitates the connection between your application and the account servicer., and consents to allowing your ApplicationApplication - Your digital application that is represented on and consumes services from the Tapico Platform. to access their data on their behalf.

This End-User is known as the Authorising-userAuthorising-User - A user of your application who is also a user of one or more Account Servicers. The Authorising User is the person who authorises your application to access data on their behalf from Account Servicer Platforms. See also: End-User. on the Tapico Platform. They will be an account holder with an Account ServicerAccount Servicer - The entity that holds the account(s) that contains your end-user's account information, e.g. a bank like Natwest or a financial institution like Aviva. Tapico facilitates the connection between your application and the account servicer. and a user of your ApplicationApplication - Your digital application that is represented on and consumes services from the Tapico Platform..

Tapico supports different access control models that reflect the End-User's relationship with the data subjects in reality.

The End-User is the account holder. e.g. The End-User is an individual in the real world that has consented to give your Application access to Account Information from their bank account. In this scenario they are the customer that has a direct relationship with the account(s).

The End-User is an agent. An agent is someone that has a relationship with the customer that holds the accounts to which the account information relates. e.g. The End-User is a Financial Advisor or Wealth Manager that has consented to give access to their account on an Advisory Platform or Wealth Management System. Through that account they manage 1 to n customer(s) who each have relationships with 1 to n account(s).

End-User TypesEnd-User Types

End-User Types


Did this page help you?