Data with Consent

All the data that can be retrieve via our API requires the consent of the End-User

Overview

Underpinning all of Tapico's services is a ConsentConsent - The data categories your application will receive regarding an end-users account information. The end-user will review and accept these consents during the consent journey.-based API access model. The ability to access read/write APIs is done so with the End-User's consent.


Consent Capture & Authentication

The End-User of your Application gives consent to Tapico to share their personal financial data with your Application. This consent has to be authenticated by the Account Servicer. Tapico provides a ready-made UX flow that can be launched from your Application to:

  1. Present the connect Account Servicers to your End-User
  2. Capture the End-Users Consent to share their data with you
  3. Redirect the End-User to their selected Account Servicer so that they can authenticate that the consent request is valid
  4. Redirect the End-User back to your Application from the Account Servicer's App / Website

Once completed a “Consent record” with be created. This can be viewed, revoked or in some cases expires after a set timeframe.

Consent - Authentication FlowConsent - Authentication Flow

Consent - Authentication Flow

Access Control Models

Who is the End-User that is giving consent?

Your Application's End-UserEnd-User - Your application's user, and ultimately the person that has given consent to access account information from accounts they are permissioned to and that are held by an account servicer., is the real world person who executes the Consent JourneyConsent Journey - The workflow provided by Tapico allowing your end-user to give consent for your application to access their financial data., authenticates with their credentials at the Account ServicerAccount Servicer - The entity that holds the account(s) that contains your end-user's account information, e.g. a bank like Natwest or a financial institution like Aviva. Tapico facilitates the connection between your application and the account servicer. and consents to allowing your ApplicationApplication - Your digital application that is represented on and consumes services from the Tapico Platform. to access their data on their behalf.

This End-User is known as the Authorising-userAuthorising-user - See End User on the Tapico Platform. They will be an account holder with an Account ServicerAccount Servicer - The entity that holds the account(s) that contains your end-user's account information, e.g. a bank like Natwest or a financial institution like Aviva. Tapico facilitates the connection between your application and the account servicer. and a user of your ApplicationApplication - Your digital application that is represented on and consumes services from the Tapico Platform..

Tapico supports different access control models that reflect the End-User's relationship with the data subjects in reality.

The End-User is the account holder. e.g. The End-User is an individual in the real world that has consented to give your Application access to Account Information from their bank account. In this scenario they are the customer that has a direct relationship with the account(s).

The End-User is an agent. An agent is someone that has a relationship with the customer that holds the accounts to which the account information relates. e.g. The End-User is a Financial Advisor or Wealth Manager that has consented to give access to their account on an Advisory Platform or Wealth Management System. Through that account they manage 1 to n customer(s) who each have relationships with 1 to n account(s).

End-User TypesEnd-User Types

End-User Types


Did this page help you?