# My Belvo Portal The My Belvo Portal (MBP) allows users to manage the consent they have previously given to applications (using Belvo's OFDA product) to access their data in the Open Finance Network. Consent management compliance As part of Brazil's Open Finance Network's regulations, all individuals and companies must be able to manage the consents they have granted to applications accessing their personal data. Consequently, your application **must** offer straightforward and easily accessible options for users to access the My Belvo Portal. This can be achieved by linking directly to Belvo's instance or integrating your own custom instance. ## Confirm Identity Before users can access their consent information, they will need to confirm their identity by authenticating with a banking institution with which they have an account. ### Sign In In the **Sign In** screen, the user needs to provide their CPF (Individuals) or CNPJ and CPF combination (Businesses). ### Institution Selection In the **Institution Selection** screen, the user selects which institution they want to use to authenticate with. ### Review Authentication Consent Request In the authentication **Consent** screen, the user can review what data will be used to authenticate (**Conferir resumo do consentimento**) as well as for how long the consent will be valid (**Prazo de compartilhamento**). By default this is set to one day and cannot be changed by the user. ### Redirection and Confirmation The user is then redirected to their institution and once they grant their consent in the institution, they are redirected back to the widget. They can now access the My Belvo Portal by clicking **Acessar Meu Portal Belvo**. ## Checking Consents Once in the MBP, the user can check their Open Finance consents by clicking **Meus compartilhamentos**, selecting the consent, and then view the details of the consent ## MBP Hosting Options In your application, you can direct your users to manage their consents by either: - Using Belvo's universal MBP instance. (**Recommended**) - Initiating an instance of the MBP that will only display the consents your users have given your application. ### MBP on Belvo's Website On Belvo's website, we host a universal instance of the MBP that any user can use to manage their consents. This instance consolidates all the consents they have granted using Belvo's OFDA product. In your application, you can direct your users to Belvo's universal MBP instance using this URL: `https://meuportal.belvo.com/`. If you would like your users to only see the consents they have granted your application, see MBP customized consent view. ### MBP customized consent view You can customize the MBP to display only consents that your user has granted your application, making it easier for them to manage their consents. To create a customized MBP that only displays consents granted to your application: 1. Create an `access_token` (For individuals, you will need to provide their CPF details. For businesses, both the CPF and CNPJ details are required). Individual ```curl cURL Request curl -X POST \ https://sandbox.belvo.com/api/token/ \ -H 'Content-Type: application/json' \ -H 'Host: sandbox.belvo.com' \ -d 'See payload example below' ``` ```json JSON Payload for Individual Users { "id": "{{secretId}}", "password": "{{secretPassword}}", "scopes": "read_consents,write_consents,write_consent_callback", "widget": { "openfinance_feature": "consent_management", "consent": { "terms_and_conditions_url": "url_to_your_terms_and_conditions", "permissions": ["REGISTER", "ACCOUNTS", "CREDIT_CARDS", "CREDIT_OPERATIONS"], "identification_info": [ { "type": "CPF", "number": "individual_cpf", "name": "individual_full_name" } ] } } } ``` Business ```curl cURL Request curl -X POST \ https://sandbox.belvo.com/api/token/ \ -H 'Content-Type: application/json' \ -H 'Host: sandbox.belvo.com' \ -d 'See payload example below' ``` ```json JSON Payload for Business Users { "id": "{{secretId}}", "password": "{{secretPassword}}", "scopes": "read_consents,write_consents,write_consent_callback", "widget": { "openfinance_feature": "consent_management", "consent": { "terms_and_conditions_url": "url_to_your_terms_and_conditions", "permissions": ["REGISTER", "ACCOUNTS", "CREDIT_CARDS", "CREDIT_OPERATIONS"], "identification_info": [ { "type": "CPF", "number": "individual_cpf", "name": "individual_full_name" }, { "type": "CNPJ", "number": "business_cnpj", "name": "business_name" } ] } } } ``` 1. Add the `access_token` to the MBP URL: ` https://meuportal.belvo.com/?access_token={accessToken}`. 2. Provide your user with the generated URL. ❇️ Done! Once your user logs in to the MBP, they will be able to manage the consents they have granted your application. ## Consent renewal with the MBP The MBP can also be used to renew an expired consent. Belvo will send you a webhook when one of your user's consent's has expired. An example webhook payload is as follows: ```json Consent Webhook Example { "webhook_id": "e6f08793f967445fb74ce16beae665bc", "webhook_type": "CONSENT", "webhook_code": "consent_expired", "link_id": "3d3364b7-0175-483d-a58b-b471f251e533", "external_id": null, "data": { "consent_id": "29a54e55-21f0-4d02-8e34-797ab7d43940", "action": "renew", "institution": "ofmockbank_br_retail", "institution_display_name": "OF Mockbank", "institution_icon_logo": "https://logo.com" } } ``` | Field | Description | | --- | --- | | `link_id` | The link ID associated with the consent. | | `consent_id` | The consent ID. | | `action` | An indication of what action you need to take. For `consent_expired` webhooks, this is always set to `renew`. | | `institution` | The institution that the user provided their consent for. | | `institution_display_name` | The display name of the institution. | | `institution_icon_logo` | The URL to the institution's logo. | After receiving the webhook, you can set the MBP to ‘renew consent’ mode by creating a URL with the following information: ```text Sample URL https://meuportal.belvo.com/ ?access_token={accessToken} &link_id={webhook_link_id} &consent_id={webhook_consent_id} &institution={webhook_institution} &institution_display_name={the_display_name_url_encoded} &institution_icon_logo={url_to_icon} &action=renew ``` | Query Field | Description | Example | | --- | --- | --- | | `access_token` | A newly generated `access_token` for the MBP. For instructions on how to create an `access_token` for the MBP, see the MBP customized consent view section. | N/A | | `link_id` | The `link_id` you received in the `consent_expired`webhook event. | `link_id=6b94a043-9a96-4dd3-b889-30f4dcbd9608` | | `consent_id` | The `consent_id` you received in the `consent_expired`webhook event (located in the `data` object). | `consent_id=2c63f6a0-22ea-4edf-a15c-9c1c2f92a20d` | | `institution` | The `institution` you received in the `consent_expired`webhook event (located in the `data` object). | `institution=ofc_mockbank_br` | | `institution_display_name` | The `institution_display_name` (URL encoded) you received in the `consent_expired`webhook event (located in the `data` object). | `institution_display_name=OF%20Mockbank` | | `institution_icon_logo` | The `institution_icon_logo` URL you received in the `consent_expired`webhook event (located in the `data` object). | `institution_icon_logo=https://logo.com` | | `action` | The `action` in the `consent_expired`webhook event (located in the `data` object). For `consent_expired`webhooks, this action will always be `renew`. | `action=renew` | Directing your users to this URL will automatically guide them through the consent renewal process.