Permissions

As part of Akahu's dedication to privacy and the security of personal data, we use a permissions system to provide only the data an app requires to function (i.e. Principle of Least Privilege).

As an app developer, you will need to specify and give reasons for which permissions your app requires when you sign up to create an app. These permissions are enforced at the data access level, so your app will never be able to access data for which it doesn't have permission, nor ask users to grant access to data the app is not allowed to view.

For example: If your app provides account summaries to a dashboard, it has no reason to access payment or transfer permissions. If the app tried to access the /payments endpoint it would be denied.

Personal Apps

Personal apps are granted permission to access all data permissions, and also:

  • MULTIPLE
  • TRANSFERS
  • ENDURING_CONSENT

Personal apps are designed as sandboxes for developers to explore Akahu functionality. Because they are granted such extensive permissions, and due to the security and privacy risk if your access token is stolen, we recommend that you revoke access once you have finished using a personal app.

Data Access Permissions

Akahu provides the following data-access permissions.

IDENTITY_BASIC

Gives access to the user's basic identity information (name and primary email). This permission is given to all apps by default.

IDENTITY_FULL

Gives access to all of the identity information pertaining to the user (IDENTITY_BASIC + other emails, phones, addresses and tax_numbers).

ACCOUNTS

Gives access to the user's connected accounts. You will only be able to view the accounts shared with you by the user. The account data visible to your app is also limited, depending on whether your app needs access to balances, metadata, or account holder details.

TRANSACTIONS

Gives access to the user's transactions. You will only be able to view transactions from accounts shared with you by the user. Further restrictions may be applied including limiting the date window viewable for your app or limiting the categories of transactions visible to your app.

STANDING_ORDERS

Gives access to the user's standing orders (also known as automatic payments). You will only be able to view standing orders that leave from accounts shared with you by the user.

Other Permissions

In addition to the data permissions above, you app can apply for the following.

TRANSFERS

Gives access to our transfer API, allowing your app to move money between a user's accounts you have been granted access to.

PAYMENTS

Gives access to our payments API, allowing your app to send money to any account number from accounts you have been granted access to.

MULTIPLE

Gives your app permission to request access to multiple accounts belonging to the user.

Gives your app ongoing permission to access the user's accounts. One-off consent expires after 24 hours. Enduring consent is approved when appropriate for the use case, and can be approved for up to 365 days.

STATEMENTS

Gives your app permission to request access to bank account statements. See the Statements Guide for more details.