Open Finance

Consent Validator API

Validate consent objects against CBUAE Article 22 requirements. Checks purpose specificity, time bounds, data privacy, permissions, and withdrawal methods for Open Finance compliance.

Endpoint:/api/v1/openfinance/consent/validate
Method:POST
Tier:All Plans

Try it out

POST/api/v1/openfinance/consent/validate

Parameters

Code

curl
curl -X POST "https://khaleejiapi.dev/api/v1/openfinance/consent/validate?consent=%7B%22purpose%22%3A%22account_balance%22%2C%22permissions%22%3A%5B%22ReadAccountsBasic%22%5D%2C%22expirationDate%22%3A%222026-01-01T00%3A00%3A00Z%22%7D" \
-H "Authorization: Bearer your_api_key"

Request Body

FieldTypeRequiredDescription
consent.purposestringOptionalConsent purpose (e.g. account_balance, payment_initiation)
consent.purposesstring[]OptionalArray of consent purposes
consent.permissionsstring[]OptionalData permissions (e.g. ReadAccountsBasic, ReadBalances)
consent.expirationDateISO 8601OptionalConsent expiration date
consent.recurringbooleanOptionalWhether consent is for recurring access
consent.sensitiveDatabooleanOptionalWhether consent involves sensitive personal data
consent.consentMethodstringOptionalHow consent is obtained (explicit_opt_in, digital_signature, biometric, two_factor)
consent.thirdPartySharingbooleanOptionalWhether data will be shared with third parties

Response Fields

compliant

Boolean indicating whether the consent object meets all CBUAE requirements

summary

total_issues, errors, warnings count with verdict in English and Arabic

issues[]

Array of compliance issues with rule, severity, article reference, and requirement text (EN/AR)

validPermissions, validPurposes, validConsentMethods

Reference arrays of all accepted values for building compliant consent flows

Rate Limits

PlanRequests/MonthRate Limit
Free1,00010 req/min
Starter10,00060 req/min
Professional100,000300 req/min
Business500,0001,000 req/min

Debugging & Support

Include X-Request-ID when contacting support

Every response from KhaleejiAPI includes an X-Request-ID header — a unique identifier that lets our support team pull the exact log entry for your request within seconds. Always share it when reporting an unexpected error or unexpected result.

How to capture it

JavaScript / fetch

const res = await fetch("https://khaleejiapi.dev/api/v1/...", {
  headers: { Authorization: "******" },
});
const requestId = res.headers.get("x-request-id");
console.log("Request ID:", requestId);
// → e.g. "req_01j9xkz4vp8..."

cURL

curl -si "https://khaleejiapi.dev/api/v1/..." \
  -H "Authorization: ******" | grep -i x-request-id
# → x-request-id: req_01j9xkz4vp8...

Browser DevTools

Open DevTools (F12) → Network tab → click the failing request → scroll to the Response Headers section → copy the value next to x-request-id.

For a full list of error codes and guidance on common issues, see the Troubleshooting guide.