Hybrid payment authorisation flow
Summary
An Institution
that uses a hybrid flow is one where the authorisation can use a combination of the Redirect Payment Flow and the Embedded Payment Flow. In other words, it is possible for parts of the authorisation to result in a redirect to the Institution
as well as capturing
information directly from the PSU in your front-end application. If you have built the logic for both of these flows already, then your code should already have the logic implemented to handle this
scenario.
Identifying this flow
An Institution
that uses the hybrid payment authorisation flow:
-
Will have the
INITIATE_PRE_AUTHORISATION
and theINITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT
features
Notes
-
Use
GET Institutions
to check for each
Institution
that uses both theINITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT
and theINITIATE_PRE_AUTHORISATION
features -
Are you using the Yapily redirect (
https://auth.yapily.com
)? If so, check coupled payment authorisation to see how each diagram changes for your use case.
Coupled Hybrid Payment Flow (Single SCA method)
This flow occurs when an Institution
that uses the Decoupled Payment Pre-Authorisation Flow 1
also allows for the PSU to optionally choose to select an embedded authorisation. If the PSU selects the embedded authorisation option, the flow is as described below:
Expand/Close Explanation
-
You will need to execute
POST Create Pre-authorisation
request with the body parameter
scope: PIS
and redirect the user to theInstitution
using theqrCodeUrl
orauthorisationUrl
returned by the Yapily API. Thestatus
of theConsent
will beAWAITING_PRE_AUTHORIZATION
until the user authorises the request -
After the user authorises the request at the
Institution
, the user will be redirected to theredirectUrl
where theConsent
object will be updated with theconsent-token
to authorise the pre authorisation request -
Using the default flow, you will need to poll the result of
GET Consent
until the
Consent
object is updated with theconsent-token
and the status transitions toPRE_AUTHORIZED
-
You will then need to execute
PUT Update Payment Pre-authorisation
request with the
consentToken
and redirect the user to theInstitution
using theqrCodeUrl
orauthorisationUrl
returned by the Yapily API. Provided that the user selects to use an embedded authorisation, thestatus
of theConsent
will beAWAITING_SCA_CODE
-
After receiving the response from Yapily in step 4, the
Institution
will also send the SCA code to the user directly. You will need to provide an input field to capture thesca_code
from the PSU -
After the user inputs the SCA code, you will need to execute
PUT Update Embedded Payment Authorisation
using the
consent-id
returned in the response in step 1 along with thesca_code
. If successful, thestatus
of theConsent
will transition toAUTHORIZED
-
You will then need to execute
GET Consent
) to obtain the
consent-token
-
You will then be able to use the
consent-token
to initiate the payment using POST Create Payment . The payment can be executed by theInstitution
in step 6, however, this step is still required to obtain thepayment-id
-
You will also be able to use the
consent-token
along with thepayment-id
from the response of the previous request to check thestatus
of the payment using GET Payment Details