# Authentication
Two headers are required as part of the authentication process: the authorization header and the FI reference ID.
# 1. Authorization Header (Basic Auth)
The Konsentus Verify APIs use Basic Auth, this document details how to authenticate to the APIs using this method.
The HTTP Authorization
request header contains the credentials to authenticate a user agent with the Konsentus server. These credentials are provided as part of the onboarding process. If credentials are invalid or not sent the server will respond with a 401
(opens new window) (Unauthorized
) status.
# Syntax
Authorization: <type> <credentials>
Field | Description |
---|---|
type | Authentication type - this must be set to Basic |
credentials | The Client ID and Client Secret combined with a colon and base64 encoded (see example below). |
# Stub Authorization Data
# Stub Authorization Header Values
Field | Value | Explanation |
---|---|---|
type | Basic | Always set to Basic |
credentials | YXBpLWNvbnN1bWVyLWlkOnBhc3N3b3Jk | client-id:client-secret as abase64 encoded string |
# Example
Authorization: Basic YXBpLWNvbnN1bWVyLWlkOnBhc3N3b3Jk
# References
MDN Basic Auth Documentation (opens new window)
# 2. FI Reference ID Header
This header is a reference to the ASPSP that is requesting the data. The data used to populate this field must be the reference number used to identify that financial institution within their home National Competent Authority (NCA).
This field must be used consistently, such that all requests for a specific financial institution utilise the same reference identifier. This consistency is important as it ensures the Konsentus system is able to correctly identify a financial institution’s data and is able to provide accurate reporting.
When providing fi_reference_id
it is best to use the eIDAS authorisation number format.
e.g. For an ASPSP in the UK regulated by the FCA with reference "111111", the eIDAS reference would be PSDGB‑FCA‑111111
.
Note
If you are consuming the Konsentus Verify APIs as a financial institution directly, this value will be your own NCA reference. If you are consuming the Konsentus Verify APIs on behalf of a financial institution, then this value should be provided to you by the institution.
# Syntax
fi_reference_id: <id>
# Validation requirements
- characters allowed: any
- minimum length: 6
- maximum length: 128
Field | Description |
---|---|
fi_reference_id | The local National Competent Authority (NCA) reference for the ASPSP making the request |
# Stub Authorization Data
# Stub Authorization Header Values
Field | Value | Explanation |
---|---|---|
fi_reference_id | PSDGB‑FCA‑111111 | This must be sent consistently so that it is the same every time the APIs are being used for a particular ASPSP. |
# Example
fi_reference_id: PSDGB-FCA-111111
# 3. Transaction Reference Header
This header allows users to insert a Transaction Reference of their choosing. For example, the field could be used to enter internal reference strings for the request sent.
transaction_reference
- This is an optional custom Transaction Reference that can be used for tracking when performing an audit.
# Syntax
transaction_reference: <string>
# Validation requirements
- characters allowed: any
- minimum length: 0
- maximum length: 128
Field | Description |
---|---|
transaction_reference | This is an optional custom Transaction Reference that can be used for tracking when performing an audit. |
# Stub Authorization Data
# Stub Authorization Header Values
Field | Value | Explanation |
---|---|---|
transaction_reference | 12345ABC | This field is defined by user |
# Example
transaction_reference: 12345ABC