{"id":"2e9807a5-f18e-44ed-be28-bdd3b43e41aa","task":"Implement FDX v6 consent grant with fine-grained resource permissions and structured consent receipt retrieval","domain":"open-banking/FDX","steps":["Register your data recipient in the FDX directory and obtain a software statement assertion (SSA) with the required FDX scopes","Initiate a PAR request to the FI's pushed authorization endpoint including resource indicators (resource parameter) scoped to specific account clusters rather than all accounts","Complete FAPI 2.0 authorization code flow with PKCE; on callback exchange code for access and refresh tokens and store the consentId returned in the token response or consent endpoint","Retrieve the structured consent receipt from the FI's consent endpoint using the consentId to record exactly what data was granted, which accounts, and the expiry","Implement a consent status poller that calls the consent endpoint before each data fetch to detect if the consumer has revoked or the FI has downgraded the consent scope","On revocation event, purge locally cached account and transaction data per FDX data deletion requirements and notify the end user"],"gotchas":["FDX resource indicators use URN-style identifiers per RFC 8707; sending a plain scope string without a resource parameter may succeed in sandbox but fail in production FIs that enforce resource isolation","Consent receipts vary in structure across FI implementations — do not assume a fixed JSON schema; parse defensively and map to your internal consent model","The 90-day refresh window under FCA rules applies to UK Open Banking, not FDX; FDX consent expiry is set by the FI and may differ — always read the expirationDate field from the consent receipt"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/2e9807a5-f18e-44ed-be28-bdd3b43e41aa"}