The Toronto-Dominion Bank
SYSTEMS AND METHODS FOR CONTROLLING THIRD-PARTY ACCESS OF A PROTECTED DATA RESOURCE

Abstract:

A computer-implemented method is disclosed. The method includes: obtaining an access token associated with a first application, the access token including historical operations data identifying operations previously performed by the first application in accessing a user account at a protected data resource; receiving a first request for the first application to perform a first access operation in connection with the user account using the access token; determining that the first access operation is not permitted based on the historical operations data; and in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for the first application to perform a second access operation using the access token such that a totality of one or more historical operations and the second access operation comply with access permissions for the first application to access the user account; and transmitting the second request to a server associated with the protected data resource.