# Authentication

Two headers are required as part of the authentication process: the authorization header and the FI reference ID.

# 1. Authorization Header (Basic Auth)

The Konsentus Verify APIs use Basic Auth, this document details how to authenticate to the APIs using this method.

The HTTP Authorization request header contains the credentials to authenticate a user agent with the Konsentus server. These credentials are provided as part of the onboarding process. If credentials are invalid or not sent the server will respond with a 401 (opens new window) (Unauthorized) status.

# Syntax

Authorization: <type> <credentials>
Field Description
type Authentication type - this must be set to Basic
credentials The Client ID and Client Secret combined with a colon and base64encoded (see example below).

# Stub Authorization Data

# Stub Authorization Header Values

Field Value Explanation
type Basic Always set to Basic
credentials YXBpLWNvbnN1bWVyLWlkOnBhc3N3b3Jk client-id:client-secret as abase64encoded string

# Example

Authorization: Basic YXBpLWNvbnN1bWVyLWlkOnBhc3N3b3Jk

# References

MDN Basic Auth Documentation (opens new window)

# 2. FI Reference ID Header

This header is a reference to the ASPSP that is requesting the data. The data used to populate this field must be the reference number used to identify that financial institution within their home National Competent Authority (NCA).

This field must be used consistently, such that all requests for a specific financial institution utilise the same reference identifier. This consistency is important as it ensures the Konsentus system is able to correctly identify a financial institution’s data and is able to provide accurate reporting.

When providing fi_reference_id it is best to use the eIDAS authorisation number format. e.g. For an ASPSP in the UK regulated by the FCA with reference "111111", the eIDAS reference would be PSDGB‑FCA‑111111.

Note

If you are consuming the Konsentus Verify APIs as a financial institution directly, this value will be your own NCA reference. If you are consuming the Konsentus Verify APIs on behalf of a financial institution, then this value should be provided to you by the institution.

# Syntax

fi_reference_id: <id>

# Validation requirements

  • characters allowed: any
  • minimum length: 6
  • maximum length: 128
Field Description
fi_reference_id The local National Competent Authority (NCA) reference for the ASPSP making the request

# Stub Authorization Data

# Stub Authorization Header Values

Field Value Explanation
fi_reference_id PSDGB‑FCA‑111111 This must be sent consistently so that it is the same every time the APIs are being used for a particular ASPSP.

# Example

fi_reference_id: PSDGB-FCA-111111

# 3. Transaction Reference Header

This header allows users to insert a Transaction Reference of their choosing. For example, the field could be used to enter internal reference strings for the request sent. transaction_reference - This is an optional custom Transaction Reference that can be used for tracking when performing an audit.

# Syntax

transaction_reference: <string>

# Validation requirements

  • characters allowed: any
  • minimum length: 0
  • maximum length: 128
Field Description
transaction_reference This is an optional custom Transaction Reference that can be used for tracking when performing an audit.

# Stub Authorization Data

# Stub Authorization Header Values

Field Value Explanation
transaction_reference 12345ABC This field is defined by user

# Example

transaction_reference: 12345ABC
Last Updated: 9/9/2024, 8:16:35 AM