Saafe Account Aggregator — Developer Documentation
Build and integrate the Saafe Account Aggregator Redirection Flow APIs — from decoding the FIU request through authentication, discovery, linking, consent, and encode.
This is the Saafe Account Aggregator's developer documentation for implementing the Redirection Flow APIs.
Global environment
All API requests are made against your AA environment base URL:
aaUrl = https://<your-aa-environment-url>
Note: Replace the placeholder with the actual URL of your environment.
| Environment | Base URL |
|---|---|
| UAT / Sandbox | https://sandbox.saafe.in/api/v2 |
| Production | https://app.saafe.in/api/v2 |
How the redirection flow works
The typical end-to-end journey a user goes through in the redirection flow:
- FIU initiates a consent request and redirects the user to the AA.
- Decode the incoming request to read the user context (
decode). - Authenticate the user with a phone number + OTP (
init-otp→verify-otp). - Add / verify identifiers (mobile, PAN) if required.
- Discover accounts across FIPs (Partial Auto Discovery or FIP-specific discovery).
- Link accounts and verify with the FIP OTP.
- Review the consent (
Consent/handle) and approve or reject it. - Encode the response and redirect the user back to the FIU.
See the Flow Overview for a visual diagram of this journey.
Each step is documented in detail in the sections in the left sidebar.
Authentication & headers
Most user-facing endpoints require a Bearer access token obtained from OTP Verify. Pass it as:
Authorization: Bearer <access_token>
If a request returns 401 Unauthorized, refresh the token using
Refresh Token.
The Decode response returns a sessionid. You must
send this value as the sessionId header on every subsequent API call in the journey.
See Flow Overview for the full list of headers and when each applies.