Revoke Account Access
curl --request POST \
--url https://api.atoa.me/api/bank/auth/revoke \
--header 'Authorization: Bearer <token>'
{
"success": true,
"message": "Consent successfully revoked for the specified account",
"revokedDetails": {
"accountId": "account-id-example"
}
}
Revoke bank account access for a specific account, multiple accounts, or using an account authorization ID.
Authorization
Bearer <token>
Request Body Schema
ID of the user’s bank account. This can be obtained from the redirect URL after account linking or by using the Fetch All Accounts API Reference endpoint.
Refer:- Accounts
Account authorization ID to revoke access for.
Comma-separated list of account IDs to revoke access for (e.g., “id1,id2,id3”). This can be obtained from the redirect URL after account linking or by using the Fetch All Accounts API Reference endpoint.
Refer:- Accounts
Note: Only one parameter can be provided: accountId, accountIds, or accountAuthId. Multiple parameters are not allowed.
Consent Lifecycle & Expiry
- All consents are valid for 90 days.
- If auto-renew is enabled, we will attempt background renewal before expiry.
- Once expired, any call to transactions or account endpoints will return: 404 Consent not found
🧠 Recommendation: Prompt users to re-authenticate as consent expiration nears (e.g., 7 days before expiry).
curl --request POST \
--url https://api.atoa.me/api/bank/auth/revoke \
--header 'Authorization: Bearer <token>'
{
"success": true,
"message": "Consent successfully revoked for the specified account",
"revokedDetails": {
"accountId": "account-id-example"
}
}