Skip to main content
POST
/
api
/
v2.1
/
fintrans
/
{accountId}
/
payment-consents
/
types
/
{operationType}
Create payment consent
curl --request POST \
  --url https://sandbox.finhub.cloud/api/v2.1/fintrans/{accountId}/payment-consents/types/{operationType} \
  --header 'Content-Type: application/json' \
  --header 'X-Tenant-ID: <x-tenant-id>' \
  --data '
{
  "maxAmount": {
    "value": "<string>",
    "scale": 123,
    "currency": "<string>"
  },
  "allowedBeneficiaries": [
    "<string>"
  ],
  "validFrom": "<string>",
  "validUntil": "<string>",
  "description": "<string>",
  "title": "<string>",
  "paymentType": "<string>",
  "parameters": {
    "maxAmount": 123,
    "currency": "<string>",
    "allowedOperations": [
      "<string>"
    ]
  }
}
'
{
  "success": true,
  "data": {
    "consentId": "consent_12345",
    "orderId": "ord_67890",
    "accountId": "acc_12345",
    "operationType": "transfer",
    "status": "PENDING_SIGNATURES",
    "requiredSignatures": 2,
    "collectedSignatures": 0,
    "approvers": ["user_001", "user_002", "user_003"],
    "expiresAt": "2024-01-16T10:30:00Z",
    "createdAt": "2024-01-15T10:30:00Z"
  }
}

Transaction Approvals API

Concept page for transaction authorization. Currently, approvals are handled through payment consents on the FinTransResource.
Multi-Signature Not Yet Implemented — The multi-signature consent endpoints described below (/consents, /consents/pending, /consents/{id}/sign, /consents/{id}/signatures) are not currently available in the BFF. These are planned for a future release.For current consent management, use the Payment Consents API which supports:
  • POST /fintrans/{accountId}/payment-consents/types/{operationType} — create consent
  • GET /fintrans/{accountId}/payment-consents/{consentId} — get consent
  • DELETE /fintrans/{accountId}/payment-consents/{consentId} — revoke consent
  • POST /payment/consent/validate — validate payment against consent
Working Base URL: https://sandbox.finhub.cloud/api/v2.1/fintrans
For complete details on authentication and headers, refer to the Standard HTTP Headers reference documentation.

Current Approval Workflow

The current BFF approval flow uses payment consents + the prepare-execute pattern:
1

Create Payment Consent

POST /fintrans/{accountId}/payment-consents/types/{operationType} — sets limits, validity, beneficiary restrictions
2

Prepare Order

POST /fintrans/{accountId}/types/{operationType}/prepare — validates against consent and reserves funds
3

Execute Order

POST /fintrans/{accountId}/types/{operationType}/execute — pass consentId + otp in the request body

Planned: Multi-Signature Approval Workflow

The endpoints below are planned but not yet implemented.
1

Create Multi-Sig Consent

Initiate approval request for a transaction
2

Collect Signatures

Gather required signatures from approvers
3

Execute

Transaction executes when all required signatures collected
Creates an approval consent request for a transaction that requires authorization.

Request

accountId
string
required
Account identifier
operationType
string
required
Operation type (transfer, withdraw, etc.)
Authorization
string
required
Bearer token for authentication
X-Tenant-ID
string
required
Tenant identifier
orderId
string
required
Order ID requiring approval
requiredSignatures
integer
Number of signatures required (default based on amount/policy)
approvers
array
List of user IDs who can approve

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/fintrans/acc_12345/types/transfer/consents" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809" \
  -d '{
    "orderId": "ord_67890",
    "requiredSignatures": 2,
    "approvers": ["user_001", "user_002", "user_003"]
  }'

{
  "success": true,
  "data": {
    "consentId": "consent_12345",
    "orderId": "ord_67890",
    "accountId": "acc_12345",
    "operationType": "transfer",
    "status": "PENDING_SIGNATURES",
    "requiredSignatures": 2,
    "collectedSignatures": 0,
    "approvers": ["user_001", "user_002", "user_003"],
    "expiresAt": "2024-01-16T10:30:00Z",
    "createdAt": "2024-01-15T10:30:00Z"
  }
}

Get Pending Consents

Retrieves all pending consent requests awaiting signatures.

Request

accountId
string
required
Account identifier

Code Examples

curl -X GET "https://sandbox.finhub.cloud/api/v2.1/fintrans/acc_12345/types/transfer/consents/pending" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809"

{
  "success": true,
  "data": {
    "consents": [
      {
        "consentId": "consent_12345",
        "orderId": "ord_67890",
        "operationType": "transfer",
        "amount": {
          "value": 50000.00,
          "currency": "EUR"
        },
        "status": "PENDING_SIGNATURES",
        "requiredSignatures": 2,
        "collectedSignatures": 1,
        "pendingApprovers": ["user_002", "user_003"],
        "expiresAt": "2024-01-16T10:30:00Z"
      },
      {
        "consentId": "consent_12346",
        "orderId": "ord_67891",
        "operationType": "withdraw",
        "amount": {
          "value": 25000.00,
          "currency": "EUR"
        },
        "status": "PENDING_SIGNATURES",
        "requiredSignatures": 1,
        "collectedSignatures": 0,
        "pendingApprovers": ["user_001"],
        "expiresAt": "2024-01-16T11:00:00Z"
      }
    ]
  }
}
Adds a signature to an approval consent request.

Request

accountId
string
required
Account identifier
consentId
string
required
Consent identifier
signature
string
required
Digital signature or OTP code
signatureType
string
Type of signature: OTP, BIOMETRIC, DIGITAL

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/fintrans/acc_12345/types/transfer/consents/consent_12345/sign" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809" \
  -d '{
    "signature": "123456",
    "signatureType": "OTP"
  }'

{
  "success": true,
  "data": {
    "consentId": "consent_12345",
    "status": "PENDING_SIGNATURES",
    "requiredSignatures": 2,
    "collectedSignatures": 1,
    "signatureAdded": {
      "signerId": "user_001",
      "signedAt": "2024-01-15T10:45:00Z",
      "signatureType": "OTP"
    },
    "remainingApprovers": ["user_002", "user_003"]
  }
}
Retrieves all signatures collected for a consent request.

Code Examples

curl -X GET "https://sandbox.finhub.cloud/api/v2.1/fintrans/acc_12345/types/transfer/consents/consent_12345/signatures" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809"

{
  "success": true,
  "data": {
    "consentId": "consent_12345",
    "signatures": [
      {
        "signatureId": "sig_001",
        "signerId": "user_001",
        "signerName": "John Doe",
        "signerRole": "APPROVER",
        "signatureType": "OTP",
        "signedAt": "2024-01-15T10:45:00Z"
      },
      {
        "signatureId": "sig_002",
        "signerId": "user_002",
        "signerName": "Jane Smith",
        "signerRole": "ADMIN",
        "signatureType": "BIOMETRIC",
        "signedAt": "2024-01-15T11:00:00Z"
      }
    ],
    "requiredSignatures": 2,
    "status": "FULLY_SIGNED"
  }
}

PENDING_SIGNATURES

Awaiting required signatures

FULLY_SIGNED

All signatures collected

EXPIRED

Consent request expired

CANCELLED

Consent was cancelled

Signature Types

TypeDescription
OTPOne-time password via SMS/Email
BIOMETRICFingerprint or face recognition
DIGITALDigital certificate signature
PINPersonal identification number

Response Codes

CodeDescription
200Request successful
400Invalid signature or request
401Unauthorized
403User not authorized to sign
404Consent not found
409Already signed by this user
410Consent expired
500Internal server error

Headers

X-Tenant-ID
string
required

Tenant identifier

Example:

"97e7ff29-15f3-49ef-9681-3bbfcce4f6cd"

X-User-ID
string

Authenticated user identifier

Example:

"87b3af37-4ac1-402b-a0ea-53cfdc695e02"

Path Parameters

accountId
string
required
operationType
string
required

Body

application/json
maxAmount
object
allowedBeneficiaries
string[]
validFrom
string
validUntil
string
description
string
title
string
paymentType
string
parameters
object

Response

200

OK