A system and method for secure permissioning of access to user accounts, including secure distribution of aggregated user account data can include generating a financial report based on account information associated with one or more user accounts; receiving a financial report request for the financial report of the user account, wherein the financial report request is identified as being received from a third-party system; generating an audit report token associated with the financial report; sharing the audit token with the first third-party system in response to the financial report request; and providing the first third-party system account access to the financial report through the report token, where the audit report token can be shared with a second third-party system and provided by the second third-party system in order to confirm authorization to the report and integrity of the report.