Select Page

Securely Expose APIs and manage their access conditions

Blue icon RealTimeOAS

API Consent Management by Qwist

Qwist’s API Consent Management allows you to manage access to your APIs and assets for asset owners, typically your end-customers. Designed for Open Finance, it features configurable consent management. With robust API management and advanced security standards, it enables secure Open Finance or Open Data setups, allowing third-party providers to act as brokers or users while end-customers retain asset control.

Contact us for more information

Control access in complex Open Finance environments

Allow third-parties to access assets under the control of the asset owner

In the realm of Open Finance, banks and financial institutions must expose their backends via APIs to third parties, either for compliance reasons, or to create new revenue streams through data and financial services, embedded in user journeys elsewhere. While secure and governed access for third parties is crucial, the end-customer should always maintain sovereignty over their assets, controlling access to different types of data or services.

API Consent Management Onepager Preview

API Consent Management Onepager

The most important facts, benefits, and how it works at a glance

Download free Onepager

Blue icon RealTimeOAS

Seamlessly integrate and meet common security requirements

Qwist’s API Consent Management ensures that assets like data and services are securely accessible to TPPs via APIs, enabling them to act on behalf of end-customers. The core consent management feature ensures that asset owners always retain control, and TPPs can only access what they are authorized for. This product integrates seamlessly with existing security solutions (e.g., IAM), and supports not just state-of-the-art Open Banking but also broader Open Finance use cases, addressing the essential complexities faced by financial institutions.
Fictional employees looking at data on laptop and tablet

Authorised asset access only

End-customers retain full control over which third party can access their assets and to what extent, thanks to configurable consent and access permission dashboards.

Proven API Security

Rely on proven security solutions by applying state-of-the-art standards like Financial-grade API (FAPI), OIDC, and OAuth2.

Easy to integrate

The modular structure of our product ensures effortless integration with existing IAM, API management, and business API solutions.

Resource efficiency

Our ready-to-use, modular product ensures rapid time-to-market, minimises project risks, and keeps you up-to-date with ease.

Future-proof expandability

Flexible configurability allows for functional adjustments at runtime, supporting any Open Finance use case and upcoming regulatory requirements (e.g., FIDA).

Contact us for more information

How Qwist’s API Consent Management works

turquoise icon process

Managing and enforcing access permissions at runtime

Qwist’s API Consent Management empowers you to manage and enforce various sets of permissions at runtime for third parties accessing your customers’ assets. Permission categories are highly dependent on the current Open Finance use case, and the product allows for individual configuration for each use case. When asset owners grant access to third parties, a specific set of permissions is stored in a consent object. API access is only granted if a consent exists and contains the necessary permissions. Integrating with your existing Identity and Access Management (IAM) systems and multi-factor authentication solutions, this product keeps customer identities and credentials secure and easily reusable. Its flexible architecture not only addresses today’s Open Finance authorisation challenges (as will be required by standards like e.g., Berlin Group Open Finance, UK Open Banking, OpenWealth, SFTI Common API), but also prepares you for future use cases.
Explanation flow of how the real-time api security works

Consent Management

Establish, manage, and revoke consent with an authorization process and permission dashboards, providing full control of third-party access to your end-customer.

Customisable Consent UIs

Offer individualised end-customer UIs for consent management that reflect your brand experience and integrate with existing multi-factor authentication components.

Third-Party Management

Efficiently manage third-party access, allowing for automated, or self-service registration. while retaining control over authorization.

Standardised & Secure API Access

Ensure secure API access with state-of-the-art standards like FAPI, OIDC, and OAuth2, providing out-of-the-box security.

Secure SaaS Hosting

Our SaaS setup is hosted in fully compliant, multi-certified banking data centres in Germany, ensuring secure operations in accordance with ISO27001, ISAE, and more.

Containerised & Configurable On-Premises Option

For environments where SaaS is not an option, our product offers a multi-tenant architecture with flexible and fast deployment options for on-premises setups.

Man using phone
Woman writing on a white board about using APIs
Woman's hands typing on laptop
Fictional colleagues speaking
Man's hands coding on laptop
Real-time API security
Contact us for more information

Demo API Consent Management

Still have questions about our API Consent Management? Please contact us and we will happily provide you with advice!

contact@qwist.com