Finpass API Collection
  1. AA-BSA Analyzer
  • Introduction
  • Bank Statement Analyser
    • Upload Statement
      POST
    • Statement Result
      GET
  • Account Aggregator
    • Initialize
      POST
    • Fetch JSON Report
      POST
    • Fetch PDF Report
      POST
    • Refresh Data
      POST
  • Multi Bureau
    • Multi-Bureau Fetch
      POST
  • Corporate
    • CIN Lookup
      POST
    • LLPIN
      POST
    • PAN Lookup
      POST
    • Company Autocomplete
      POST
  • EPFO
    • EPFO-CRIF Combined Report
      POST
  • ITR Analyzer
    • Initialize
      POST
    • Status
      GET
    • ITR Analyzer — Get Full Data
      GET
  • AA-BSA Analyzer
    • Initialize
      POST
    • Status
      GET
    • AA BSA — Statement Result
      GET
    • AA BSA — Analysis JSON
      GET
  1. AA-BSA Analyzer

Initialize

POST
/api/v1/aa-bsa-journey/init

AA BSA — Init Journey#

Endpoint Overview
POST /api/v1/aa-bsa-journey/init

Description#

The AA BSA Init Journey API kicks off the Account Aggregator (AA) powered Bank Statement Analysis (BSA) workflow. It creates a new journey session for a user and returns a client_id to track the session and a journey_url to redirect the user to — where they complete the RBI-regulated consent flow on the AA network.
This is always the first call in the AA BSA workflow. All subsequent steps — polling status, fetching statement data, and retrieving analysis insights — depend on the client_id returned here.
Key Benefits
Start a fully consent-driven bank data fetch in a single API call
Support both one-time loan underwriting and recurring loan monitoring consent types
Receive real-time journey updates via webhook without polling
Fully RBI-compliant — users retain control over their financial data at all times

Use Cases#

Banking & Lending
Fintech & Payments
Enterprise & Compliance
Initiate bank statement collection as part of a digital personal or home loan application
Trigger loan monitoring consent for existing borrowers at disbursement
Replace manual PDF statement uploads with a frictionless AA-powered flow

Technical Implementation#

1
Authentication
All API requests require authentication using your Finpass API credentials passed as request headers.
1.
Obtain API Credentials: Register with Finpass to receive your X-API-KEY and X-API-SECRET.
2.
Include in Requests: Add both keys to every request as HTTP headers.
HeaderValue
X-API-KEYYour assigned API Key
X-API-SECRETYour assigned API Secret
Base URL: https://api.finpass.ai
2
Request Parameters

Request Headers#

HeaderRequiredDescription
Content-TypeYesMust be application/json
X-API-KEYYesYour Finpass API Key
X-API-SECRETYesYour Finpass API Secret

Request Body#

ParameterTypeRequiredDescription
mobile_numberstringYesThe 10-digit mobile number of the user linked to their bank account(s) on the AA network
consent_typestringNoType of consent to request. Accepted values: loan_underwriting (default) or loan_monitoring
redirect_urlstringNoURL to redirect the user after completing the consent flow. Defaults to https://finpass.ai/
webhook_urlstringNoURL to receive a push callback when the journey status changes. Defaults to https://finpass.ai/

Example Request#

{
  "mobile_number": "9876543210",
  "consent_type": "loan_underwriting",
  "redirect_url": "https://yourapp.com/callback",
  "webhook_url": "https://yourapp.com/webhook"
}
3
Process Response

Response Parameters#

ParameterTypeDescription
successbooleanIndicates whether the journey was initialised successfully
messagestringHuman-readable status message
data.client_idstringUnique session identifier for this journey — use this in all subsequent API calls
data.journey_urlstringURL to redirect the user to complete the AA consent flow
data.statusstringCurrent journey status — will be initiated at this stage
data.consent_typestringThe consent type for this session (loan_underwriting or loan_monitoring)
data.expires_atstringTimestamp at which this session expires if the user does not complete consent (ISO 8601)

Example Successful Response#

{
  "success": true,
  "message": "AA BSA journey initiated successfully",
  "data": {
    "client_id": "bsa_clnt_a1b2c3d4e5f6",
    "journey_url": "https://aa.finpass.ai/consent?token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.abc123xyz",
    "status": "initiated",
    "consent_type": "loan_underwriting",
    "expires_at": "2024-11-15T14:30:00Z"
  }
}

Possible Error Responses#

Invalid Mobile Number
Invalid Consent Type
Unauthorized
{
  "success": false,
  "message": "Invalid mobile number. Please provide a valid 10-digit Indian mobile number.",
  "error_code": "INVALID_INPUT"
}
Returned when the provided mobile number is not a valid 10-digit Indian number.

Integration Best Practices#

Security Recommendations
Store the client_id securely on your backend and never expose it in client-side code or publicly accessible URLs
Ensure your redirect_url and webhook_url are HTTPS endpoints and not publicly enumerable
Validate any webhook payload received at webhook_url before acting on status changes
Never pass the raw journey_url token to your frontend logs or analytics pipelines
User Experience Guidelines
Open journey_url in the same browser tab or a full-screen in-app WebView for the smoothest AA consent experience
Clearly communicate to the user what data will be accessed and for what purpose before redirecting
Set a sensible session timeout on your UI and prompt users to retry if the session expires before consent is granted
For mobile apps, use a deep link as the redirect_url to return users seamlessly after consent

Code Samples#

cURL
Python
Node.js
Related APIs
AA BSA — Poll Status — Check the current state of an ongoing AA BSA journey session
AA BSA — Statement Result — Retrieve raw bank account and transaction data after journey completion
AA BSA — Analysis JSON — Fetch structured BSA insights including income, obligations, and risk flags
Compliance and Legal Considerations
This API operates within the RBI-regulated Account Aggregator (AA) ecosystem. You must be registered as a Financial Information User (FIU) with a licensed Account Aggregator before using this endpoint. Always present clear, accurate consent purpose language to the user before initiating the journey. Data fetched must only be used for the declared consent purpose (loan_underwriting or loan_monitoring) and must not be shared with unauthorised third parties. Comply with the RBI Master Direction on Account Aggregators and the Digital Personal Data Protection Act (DPDP), 2023. Access to this endpoint requires the AA_BSA_JOURNEY permission on your Finpass account.

Request

Body Params application/jsonRequired

Examples

Responses

🟢200Success
application/json
Body

Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://api.finpass.ai/api/v1/aa-bsa-journey/init' \
--header 'Content-Type: application/json' \
--data-raw '{
    "mobile_number": "9876543210",
    "consent_type": "loan_underwriting",
    "redirect_url": "https://yourapp.com/callback",
    "webhook_url": "https://yourapp.com/webhook"
}'
Response Response Example
{}
Previous
ITR Analyzer — Get Full Data
Next
Status
Built with