Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Validate · Enforce · Trust

CMI — Insurance Data Sharing Requirements v2.15 min read

The tables below define the display, labelling, and behavioural requirements for the Insurance Data Sharing consents in the TPP Consent Management Interface (CMI). See the User Experience page for interactive wireframes of the dashboard and detail pages.

Adjustments to the requirements below are permitted provided the customer can always clearly understand what consents they have granted. Any adjustments must be documented in your CX certification submission.

01 Section

Dashboard — tabs

The dashboard must present Insurance Data Sharing consents across two tabs.

#
Rule
1
The Current tab must display all consents whose status is AwaitingAuthorization, Authorized, Suspended, or Paused.
2
The History tab must display all consents whose status is Rejected, Expired, or Revoked.
02 Section

Dashboard — filters

A filter panel must be available on the dashboard. The following three filters are required:

Filter
Options
LFI Name
Dynamically populated from the LFIs present in the user's connections
Consent Type
Dynamically populated from the types present in the current tab
Consent State
Dynamically populated from the statuses present in the current tab
03 Section

Status labels

Consent statuses must be translated from their API values into user-friendly labels before display.

API status
Displayed label
Authorized
Active
AwaitingAuthorization
Pending
Revoked
Cancelled
Suspended
Suspended
Paused
Paused
Expired
Expired
Rejected
Rejected
04 Section

Consent type labels

Internal type
Displayed label
Data Sharing
Data Sharing
05 Section

Dashboard — card content

Each Insurance Data Sharing consent card on the dashboard must show the following fields.

Field
Content
LFI name
Name of the LFI the consent is held with
Status badge
Mapped label from Status labels
Policy count
Number of connected policies, e.g. 1 Policy Connected or 2 Policies Connected
Consent Type
Data Sharing
Last data received
Date the most recent data was retrieved under this consent
Connection expires
Date the consent expires
06 Section

Detail page

Selecting a consent on the dashboard opens its detail page. The detail page presents the same information the customer saw on the Consent Page at the time they gave consent — the permissions, policies, and conditions that defined what they agreed to. In addition to all fields shown on the dashboard card, the detail page must show a truncated Consent ID with a copy button (format: f47ac10b...d479).

Additional sections

Section
Content
Policies
List of all insurance policies the user has connected under this consent, each showing the policy type (e.g. Motor, Health, Life), the insurer, and the policy number
Data permissions
Expandable list of data categories the consent covers, derived from the consent's Permissions field — e.g. Policy details, Premium details, Claim details

"How we are using your data" card

A card titled How we are using your data must appear below the Data permissions section, except when status is Rejected.

Status behaviour
Rejected
Card is not shown
Revoked
Title changes to You cancelled this connection
Expired
Connection Expires label changes to Connection Expired
All other statuses
Default title and labels

Date rows each prefixed with a calendar or refresh icon
  1. 1
    First Connected
    Date the consent was first authorised
  2. 2
    Connection Expires / Connection Expired
    Consent expiration date

07 Section

Detail page — action buttons

Button
Label
Shown when
Pause
Pause
Status is Authorized
Reactivate
Reactivate
Status is Paused
Revoke
Stop Sharing
Status is AwaitingAuthorization, Authorized, Suspended, or Paused

No action buttons are shown when status is Expired, Rejected, or Revoked.

08 Section

Confirmation screen

When the user selects Pause, Reactivate, or Revoke, replace the detail view with a single confirmation screen that includes: a title, a description of the impact of the action on the service, a Confirm button, and a Go back button.

Pause
Reactivate
Revoke
Title
Pause data sharing
Resume data sharing
Stop sharing
Confirm button
Confirm pause
Confirm reactivation
Confirm stop sharing

Once a user confirms the action, the change must take effect immediately — there must be no delay between confirmation and the consent reflecting its new state.

  • Revoke Immediate PATCH to /insurance-consents/{ConsentId}
  • Pause No API Hub update — record paused state in the TPP's own system only
  • Reactivate No API Hub update — clear the paused state in the TPP's own system only