Managing and Revoking Consent

Whenever a consent status changes, Plaid will send a CONSENT_STATUS_UPDATE webhook to the webhook listener endpoint that you specified during the /link/token/create call.

You can also retrieve consent status using /payment_initiation/consent/get.

All consents begin in the UNAUTHORISED status.

Once a user has completed the consent flow in Link, the consent status will update to AUTHORISED.

At this point you can make payments within the consent parameters, with no user input required.

If the user exits Link without authorising the payment, or rejects the payment within Link, the consent will still remain in the UNAUTHORISED status.

The end user may decide to revoke their consent, which can be done via their bank, your app or the Plaid Portal. After consent has been revoked, the consent status will be updated to REVOKED, and the consent_id can no longer be used to make payments. There is no way to restore a revoked consent_id; you will need to create a new consent_id and send the user back through Link to grant consent.

To allow end users to revoke consent via your app, implement the /payment_initiation/consent/revoke endpoint and create an entry point for it in your UI.

1const request: PaymentInitiationConsentRevokeRequest = {
2  consent_id: consentID,
3};
4try {
5  const response = await plaidClient.paymentInitiationConsentRevoke(request);
6} catch (error) {
7  // handle error
8}

A consent will enter the REJECTED status only if it is rejected by the bank. Common reasons may include the bank not supporting the scope of the VRP; for example, not all banks support COMMERCIAL scopes.

If the consent was created with an expiration date-time when calling /payment_initiation/consent/create, the consent will move into the EXPIRED status once that date-time has passed. An expired consent cannot be refreshed; you must create a new one instead.