My Belvo Portal
The My Belvo Portal (MBP) allows users to manage the consent they have previously given to applications (using Belvo's OFDA product) to access their data in the Open Finance Network.
As part of Brazil's Open Finance Network's regulations, all individuals and companies must be able to manage the consents they have granted to applications accessing their personal data. Consequently, your application must offer straightforward and easily accessible options for users to access the My Belvo Portal. This can be achieved by linking directly to Belvo's instance or integrating your own custom instance.
Confirm Identity
Before users can access their consent information, they will need to confirm their identity by authenticating with a banking institution with which they have an account.
Sign In
In the Sign In screen, the user needs to provide their CPF (Individuals) or CNPJ and CPF combination (Businesses).
Institution Selection
In the Institution Selection screen, the user selects which institution they want to use to authenticate with.
Review Authentication Consent Request
In the authentication Consent screen, the user can review what data will be used to authenticate (Conferir resumo do consentimento) as well as for how long the consent will be valid (Prazo de compartilhamento). By default this is set to one day and cannot be changed by the user.
Redirection and Confirmation
The user is then redirected to their institution and once they grant their consent in the institution, they are redirected back to the widget. They can now access the My Belvo Portal by clicking Acessar Meu Portal Belvo.
Checking Consents
Once in the MBP, the user can check their Open Finance consents by clicking Meus compartilhamentos, selecting the consent, and then view the details of the consent
MBP Hosting Options
In your application, you can direct your users to manage their consents by either:
- Using Belvo's universal MBP instance. (Recommended)
- Initiating an instance of the MBP that will only display the consents your users have given your application.
MBP on Belvo's Website
On Belvo's website, we host a universal instance of the MBP that any user can use to manage their consents. This instance consolidates all the consents they have granted using Belvo's OFDA product.
In your application, you can direct your users to Belvo's universal MBP instance using this URL: https://meuportal.belvo.com/.
If you would like your users to only see the consents they have granted your application, see MBP customized consent view.
MBP customized consent view
You can customize the MBP to display only consents that your user has granted your application, making it easier for them to manage their consents.
To create a customized MBP that only displays consents granted to your application:
- Create an
access_token(For individuals, you will need to provide their CPF details. For businesses, both the CPF and CNPJ details are required).
curl -X POST \
https://sandbox.belvo.com/api/token/ \
-H 'Content-Type: application/json' \
-H 'Host: sandbox.belvo.com' \
-d 'See payload example below'{
"id": "{{secretId}}",
"password": "{{secretPassword}}",
"scopes": "read_consents,write_consents,write_consent_callback",
"widget": {
"openfinance_feature": "consent_management",
"consent": {
"terms_and_conditions_url": "url_to_your_terms_and_conditions",
"identification_info": [
{
"type": "CPF",
"number": "individual_cpf",
"name": "individual_full_name"
}
]
}
}
}
- Add the
access_tokento the MBP URL:https://meuportal.belvo.com/?access_token={accessToken}. - Provide your user with the generated URL.
❇️ Done! Once your user logs in to the MBP, they will be able to manage the consents they have granted your application.
Consent renewal with the MBP
The MBP can also be used to renew an expired consent. Belvo will send you a webhook when one of your user's consent's has expired. An example webhook payload is as follows:
{
"webhook_id": "e6f08793f967445fb74ce16beae665bc",
"webhook_type": "CONSENT",
"webhook_code": "consent_expired",
"link_id": "3d3364b7-0175-483d-a58b-b471f251e533",
"external_id": null,
"data": {
"consent_id": "29a54e55-21f0-4d02-8e34-797ab7d43940",
"action": "renew",
"institution": "ofmockbank_br_retail",
"institution_display_name": "OF Mockbank",
"institution_icon_logo": "https://logo.com"
}
}| Field | Description |
|---|---|
link_id | The link ID associated with the consent. |
consent_id | The consent ID. |
action | An indication of what action you need to take. For consent_expired webhooks, this is always set to renew. |
institution | The institution that the user provided their consent for. |
institution_display_name | The display name of the institution. |
institution_icon_logo | The URL to the institution's logo. |
After receiving the webhook, you can set the MBP to ‘renew consent’ mode by creating a URL with the following information:
https://meuportal.belvo.com/
?access_token={accessToken}
&link_id={webhook_link_id}
&consent_id={webhook_consent_id}
&institution={webhook_institution}
&institution_display_name={the_display_name_url_encoded}
&institution_icon_logo={url_to_icon}
&action=renew| Query Field | Description | Example |
|---|---|---|
access_token | A newly generated access_token for the MBP. For instructions on how to create an access_token for the MBP, see the MBP customized consent view section. | N/A |
link_id | The link_id you received in the consent_expiredwebhook event. | link_id=6b94a043-9a96-4dd3-b889-30f4dcbd9608 |
consent_id | The consent_id you received in the consent_expiredwebhook event (located in the data object). | consent_id=2c63f6a0-22ea-4edf-a15c-9c1c2f92a20d |
institution | The institution you received in the consent_expiredwebhook event (located in the data object). | institution=ofc_mockbank_br |
institution_display_name | The institution_display_name (URL encoded) you received in the consent_expiredwebhook event (located in the data object). | institution_display_name=OF%20Mockbank |
institution_icon_logo | The institution_icon_logo URL you received in the consent_expiredwebhook event (located in the data object). | institution_icon_logo=https://logo.com |
action | The action in the consent_expiredwebhook event (located in the data object). For consent_expiredwebhooks, this action will always be renew. | action=renew |
Directing your users to this URL will automatically guide them through the consent renewal process.