POST
/
api
/
bank
/
auth
/
revoke
curl --request POST \
  --url https://api.atoa.me/api/bank/auth/revoke \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "message": "Consent successfully revoked for the specified account",
  "revokedDetails": {
    "accountId": "account-id-example"
  }
}

Revoke bank account access for a specific account, multiple accounts, or using an account authorization ID.

Authorization

Bearer <token>

Request Body Schema

accountId
string

ID of the user’s bank account. This can be obtained from the redirect URL after account linking or by using the Fetch All Accounts API Reference endpoint.

Refer:- Accounts

accountAuthId
string

Account authorization ID to revoke access for.

accountIds
string

Comma-separated list of account IDs to revoke access for (e.g., “id1,id2,id3”). This can be obtained from the redirect URL after account linking or by using the Fetch All Accounts API Reference endpoint.

Refer:- Accounts

Note: Only one parameter can be provided: accountId, accountIds, or accountAuthId. Multiple parameters are not allowed.

  • All consents are valid for 90 days.
  • If auto-renew is enabled, we will attempt background renewal before expiry.
  • Once expired, any call to transactions or account endpoints will return: 404 Consent not found

🧠 Recommendation: Prompt users to re-authenticate as consent expiration nears (e.g., 7 days before expiry).