Managing and revoking consent  ============================== #### Learn how to track payment consent status and allow users to revoke consent  #### Tracking consent status  Whenever a consent status changes, Plaid will send a [CONSENT\_STATUS\_UPDATE](https://plaid.com/docs/api/products/payment-initiation/index.html.md#consent_status_update) webhook to the webhook listener endpoint that you specified during the [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) call. You can also retrieve consent status using [/payment\_initiation/consent/get](https://plaid.com/docs/api/products/payment-initiation/index.html.md#payment_initiationconsentget) . #### Consent authorisation  All consents begin in the `UNAUTHORISED` status. Once a user has [completed the consent flow in Link](https://plaid.com/docs/payment-initiation/variable-recurring-payments/add-to-app/index.html.md#launch-the-payment-flow-in-link) , the consent status will update to `AUTHORISED`. At this point you can make payments within the consent parameters, with no user input required. If the user exits Link without authorising the payment, or rejects the payment within Link, the consent will still remain in the `UNAUTHORISED` status. #### Consent revocation  The end user may decide to revoke their consent, which can be done via their bank, your app or the [Plaid Portal](https://my.plaid.com) . After consent has been revoked, the consent status will be updated to `REVOKED`, and the `consent_id` can no longer be used to make payments. There is no way to restore a revoked `consent_id`; you will need to create a new `consent_id` and send the user back through Link to grant consent. To allow end users to revoke consent via your app, implement the [/payment\_initiation/consent/revoke](https://plaid.com/docs/api/products/payment-initiation/index.html.md#payment_initiationconsentrevoke) endpoint and create an entry point for it in your UI. ```python request = PaymentInitiationConsentRevokeRequest(consent_id=consent_id) response = client.payment_initiation_consent_revoke(request) ``` ```go request := plaid.NewPaymentInitiationConsentRevokeRequest(consentID) response, _, err := client.PlaidApi.PaymentInitiationConsentRevoke(ctx).PaymentInitiationConsentRevokeRequest(*request).Execute() ``` ```bash curl -X POST https://sandbox.plaid.com/payment_initiation/consent/revoke \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "consent_id": String }' ``` ```ruby request = Plaid::PaymentInitiationConsentRevokeRequest.new({ consent_id: consent_id }) response = client.payment_initiation_consent_revoke(request) ``` ```java PaymentInitiationConsentRevokeRequest request = new PaymentInitiationConsentRevokeRequest() .consentId(consentId); Response response = client .paymentInitiationConsentRevoke(request) .execute(); ``` ```node const request: PaymentInitiationConsentRevokeRequest = { consent_id: consentID, }; try { const response = await plaidClient.paymentInitiationConsentRevoke(request); } catch (error) { // handle error } ``` #### Consent rejection  A consent will enter the `REJECTED` status only if it is rejected by the bank. Common reasons may include the bank not supporting the scope of the VRP; for example, not all banks support `COMMERCIAL` scopes. #### Consent expiration  If the consent was created with an expiration date-time when calling [/payment\_initiation/consent/create](https://plaid.com/docs/api/products/payment-initiation/index.html.md#payment_initiationconsentcreate) , the consent will move into the `EXPIRED` status once that date-time has passed. An expired consent cannot be refreshed; you must create a new one instead.