# User-level elements

Taking a user through a session is about obtaining consent to access their data (eg: an existing bank account), or creating new value for that user (eg: selling a new insurance). In both cases, there is at least one target object created at the middleware level.

Finqware does not store data that identifies the owner, but we return a `credentials_id` that represents your acccess point to these objects.

Practical example: for an account information skill backed by PSD2 AISP, a user may give their consent to access three bank accounts. In this case, your generated `credentials_id` will point to these three objects.

An API call where `credentials_id` is specified, needs to be authorized by its respective `acccess_token`.

Your user may have multiple pairs of \[`credentials_id`, `access_token`] depending on how many resources they decide to access through your app. Plan and design your user database considering this aspect.

![](https://3441039503-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsgycTSaAQxe40MCHJLfL%2Fuploads%2Fgit-blob-033e74faaabcfa168a540f5bcd55a717dbd1f973%2Fcredentials.png?alt=media)