The Toronto-Dominion Bank
SYSTEMS AND METHODS FOR CONTROLLING THIRD-PARTY ACCESS OF A PROTECTED DATA RESOURCE

Abstract:

A computer-implemented method is disclosed. The method includes: receiving, via an application server associated with a first application, a request for the first application to perform a first access operation in connection with a user account at a protected resource; determining that the first access operation is not among permitted user account operations for the first application in connection with the user account; and in response to determining that the first access operation is not among the permitted user account operations: generating a request for a one-time authorization for the first application to perform the first access operation; sending, to a client device, the request for the one-time authorization; receiving, via the client device, an indication of the requested one-time authorization; generating an access token for a one-time access of the user account based on the indication of one-time authorization; and transmitting the access token to the application server associated with the first application to grant, to the first application, one-time access to the user account.