Skip to main content

Saafe Account Aggregator — Developer Documentation

Build and integrate the Saafe Account Aggregator Redirection Flow APIs — from decoding the FIU request through authentication, discovery, linking, consent, and encode.

This is the Saafe Account Aggregator's developer documentation for implementing the Redirection Flow APIs.

Global environment

All API requests are made against your AA environment base URL:

aaUrl = https://<your-aa-environment-url>

Note: Replace the placeholder with the actual URL of your environment.

EnvironmentBase URL
UAT / Sandboxhttps://sandbox.saafe.in/api/v2
Productionhttps://app.saafe.in/api/v2

How the redirection flow works

The typical end-to-end journey a user goes through in the redirection flow:

  1. FIU initiates a consent request and redirects the user to the AA.
  2. Decode the incoming request to read the user context (decode).
  3. Authenticate the user with a phone number + OTP (init-otpverify-otp).
  4. Add / verify identifiers (mobile, PAN) if required.
  5. Discover accounts across FIPs (Partial Auto Discovery or FIP-specific discovery).
  6. Link accounts and verify with the FIP OTP.
  7. Review the consent (Consent/handle) and approve or reject it.
  8. Encode the response and redirect the user back to the FIU.

See the Flow Overview for a visual diagram of this journey.

Each step is documented in detail in the sections in the left sidebar.

Authentication & headers

Most user-facing endpoints require a Bearer access token obtained from OTP Verify. Pass it as:

Authorization: Bearer <access_token>

If a request returns 401 Unauthorized, refresh the token using Refresh Token.

important

The Decode response returns a sessionid. You must send this value as the sessionId header on every subsequent API call in the journey. See Flow Overview for the full list of headers and when each applies.