User Disclosures
Institution User Disclosure APIs manage user‑level disclosure acceptance and enrollment. They track whether individual users have accepted, rejected, or enrolled in required disclosures—supporting compliance during onboarding, account updates, and ongoing digital banking usage.
End-user benefits
- View and accept required disclosures during onboarding.
- Query current disclosure and enrollment status.
Integration capabilities
- Track end-user acceptance programmatically.
- Align with e-statement enrollment.
- Business Banking: use
institutionCustomerIdfor location/business context; resolve the business entity via the Institution User API when needed.
User disclosure statuses
| Status | Description |
|---|---|
ENROLLED | User enrolled (e.g. e-statements) |
NOT_ENROLLED | Not enrolled |
ACCEPTED | Disclosure accepted |
NOT_ACCEPTED | Disclosure not accepted |
Scopes
| Scope | Description |
|---|---|
accounts:read | Get and find accounts |
disclosures:read | Retrieve disclosure information |
disclosures:write | Create, update, or delete disclosures |
institution-users:read | Required with disclosures:read for user context |
Required headers
| Header | Description |
|---|---|
Authorization | Bearer token (V2 authentication) |
transactionId | Unique identifier for request tracking |
Error codes (DSC_*)
| Code | Message | HTTP Status Code |
|---|---|---|
| DSC_10002 | Invalid request. | 400 |
| DSC_10003 | Invalid operation. | 501 |
| DSC_10009 | Invalid query param. | 400 |
| DSC_11001 | Full authentication was not provided in the request. | 401 |
| DSC_11002 | The authentication token that was sent in the request is invalid. | 401 |
| DSC_11003 | The authentication provided does not authorize this request. | 401 |
| DSC_11004 | A location id is required for business banking users | 400 |
| DSC_12001 | Request should only contain printable ASCII characters. | 400 |
| DSC_12002 | Request is missing a transactionId header. | 400 |
| DSC_12003 | Request transactionId header is too long. | 400 |
| DSC_12004 | Required fields are not provided or not valid. | 400 |
| DSC_12005 | Request cannot be blank. | 400 |
| DSC_12006 | Invalid or empty account type in request. | 400 |
| DSC_12007 | Request header is too long | 400 |
| DSC_12011 | One of the request field length is greater than max length. | 400 |
| DSC_12012 | Disclosure ids from request body and URL do not match. | 400 |
| DSC_12013 | Request callingAppId header is too long. | 400 |
| DSC_12014 | RequestBody size exceeds limit. | 400 |
| DSC_12015 | Disclosure not supported | 400 |
| DSC_12016 | Account Id is missing in disclosure | 400 |
| DSC_12017 | Paper waiver field is missing in disclosure | 400 |
| DSC_13001 | Data not found for user | 400 |
| DSC_13002 | Disclosures are not retrieved successfully. | 500 |
| DSC_13003 | Disclosures are not created successfully. | 500 |
| DSC_13004 | Disclosures are not updated successfully. | 500 |
| DSC_13005 | The CIF number is required, but was not found | 400 |
| DSC_22001 | Internal validation error. | 500 |
| DSC_23002 | Error interacting with CBS Service | 500 |
| DSC_23003 | Error interacting with CAS Service | 500 |
| DSC_23004 | Error interacting with NIIS Service | 500 |
| DSC_23005 | Error interacting with Accounts Service | 500 |
| DSC_90000 | Server cannot handle this request. | 400 |
| DSC_99997 | Client error | 400 |
| DSC_99999 | Internal server error. | 500 |
Endpoints
Create User Disclosure
Creates or persists a user‑level disclosure record for the authenticated user within the
Delete Online Statement User Disclosure
Deletes the user’s online statement (OLS) disclosure enrollment for a specific account by
List User Disclosures
Retrieves a consolidated list of user disclosure records for the authenticated user. The
Update Custom User Disclosure
Updates the acceptance or enrollment state of a **custom user disclosure** for the