Redirect Url

Yapily's knowledge article about redirect Urls

What is a redirect url?

This redirectUrl tells the Institution where to redirect the user to once they have responded to the authorisation request and leave the Institution. To facilitate this, it is mandatory that at least one redirectUrl is configured in the software statement used to register with each Institution. One responsibility of the redirectUrl is to obtain the access token from the Institution provided that the user has successfully authenticated, otherwise, to respond with sufficient information to explain what went wrong. Your visibility and ability to configure the redirectUrl depends on whether you are a direct customer or a SafeConnect customer. See the next section to learn more.

Note: This redirectUrl should NOT be confused for the callbackUrl. See Callback Url for more information.

What should your redirect be?

SafeConnect Customers

As Yapily manages the registration to each Institution your redirecUrl will be configured by Yapily to https://auth.yapily.com/. In order to provide the best experience to your customers, you should use the callback option so that the user journey does not end at https://auth.yapily.com/:


Authorisation_Flows-Default_Redirect

Direct Customers

As you have your own AISP/PISP licenses, you will have full control over configuring the redirectUrl in your software statement and you should configure it to a domain you control i.e. your front-end application


Authorisation_Flows-Custom_Redirect

Unlike SafeConnect customers, if you choose to use your own redirectUrl, Yapily's auth service will not be automatically exchanging the access token. As a result, you will need to make an additional call to (Forwarding) Send OAuth2 Code to obtain a consentToken to execute the next AIS/PIS call or to obtain the error response from the bank in the event of a failure. See this section to learn how to handle the response at redirectUrl.

Configuring the redirect url

Note: This section only applies if you have your own Open Banking AISP/PISP licenses and are using your own certificates to register with each Yapily Institution

  1. Go to the Open Banking Directory and select "Login"
  2. Login with your email and password
  3. Authenticate with PingId
  4. Select your entity from the dropdown
  5. Once redirected, Click on the "Directory" link
  6. Scroll to the bottom of the menu to view your software statements
  7. Select the software statement you plan to use with each Yapily Institution
  8. Add a new redirect url (Open Banking Directory does not allow you to edit/remove unused software statements): docs_redirect_sample_tpp_open_banking_directory
  9. Contact support@yapily.com to ensure that your new redirect url is being used in your application

Handling the redirect url response

Note: This section only applies if you have your own Open Banking AISP/PISP licenses and are using your own certificates to register with each Yapily Institution

As mentioned above, as a direct customer, you will need to execute (Forwarding) Send OAuth2 Code before you can continue the Open Banking flow. This endpoint requires the authCode and authState as body paramaters. These values can be obtained as the fragments code and state at your redirectUrl after the user actions the authorisation request at the Institution e.g.

https://experiments.yapily.com/#code=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYiI6IkhEOCszNVlwZ1BWZ001OE0xRUJUIiwianRpIjoiYXV0aHpjb2RlXzAwMDA5emNrUkJMS1licVZxUHFPRUQiLCJ0eXAiOiJhemMiLCJ2IjoiNiJ9.SBroh_15EuBUjy-dkq_W5ScabJnsTvJ3YQayThfbXrgMX7tf2CdfpUJPQhrSDywuQYI3rUOIvjVOFuiv5jNyQg&id_token=eyJhbGciOiJQUzI1NiIsImtpZCI6ImlMUEhFZ09pRzhaY1ZQdU9QenVTY2hkUDR3cyIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5tb256by5jb20vb3Blbi1iYW5raW5nLyIsImF1ZCI6Im9hdXRoMmNsaWVudF8wMDAwOXpTRlVLTUtTNE5oUDBxTHdYIiwiZXhwIjoxNjAxMzk5NDAyLCJpYXQiOjE2MDEzMTMwMDIsIm5iZiI6MTYwMTMxMzAwMiwic3ViIjoib2JhaXNwYWNjb3VudGluZm9ybWF0aW9uY29uc2VudF8wMDAwOXpja05Ka1hNTkE0TlN4elQwIiwiYXV0aF90aW1lIjoxNjAxMzEzMDAyLCJub25jZSI6ImE5ZjE2NGZmMmFlNzRhZjFhNWIwYjQ2ZDcwZjg5MDYxIiwib3BlbmJhbmtpbmdfaW50ZW50X2lkIjoib2JhaXNwYWNjb3VudGluZm9ybWF0aW9uY29uc2VudF8wMDAwOXpja05Ka1hNTkE0TlN4elQwIiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwic19oYXNoIjoiaTE1Z3R1dUpVSkRPOWZTbjJNdzBQQSIsImNfaGFzaCI6InYtYWc2NXd5cVA2UkhrY3MxamMzUHcifQ.VijcvXJVDhETIccTjzPXqFEI7SSO3hxS550k4EPmDycAtzZtj1EvdILa0eQvJYSyHbgew9hVsDww5pqltn4DHJ2yhxBYZEf9D4RtA21KFS7UBrtOyGyrN4wDZRMPOBQFGMpiCb1zs80EaAnxDoaIF8nWDIXemoqIOl4Mj3_RIIbcYPIOlT2KarbM1TbNG9AH6uJojISXGGZwE-sCCYD-09nKNFiryYkDwl7QkUOVdVzWzELAzjXT4ugNEsVESX7c88_xPwZ60DMzo8F2tE77MlRigHrHzAYXAZvD2I4-pA_I1Simo9YMESmuSbBTh88ItBoBpLYWTz2kARggDRQI6Q&state=a9f164ff2ae74af1a5b0b46d70f89061

As a result, you will need a front end application which can consume the fragments and a server to issue the token exchange and any subsequent requests to the Yapily API.