Hybrid payment authorisation flow

Summary

An Institution that uses a hybrid flow is one where the authorisation can use a combination of the Redirect Payment Flow and the Embedded Payment Flow. In other words, it is possible for parts of the authorisation to result in a redirect to the Institution as well as capturing information directly from the PSU in your front-end application. If you have built the logic for both of these flows already, then your code should already have the logic implemented to handle this scenario.

Identifying this flow

An Institution that uses the hybrid payment authorisation flow:

  • Will have the INITIATE_PRE_AUTHORISATION and the INITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT features
Notes
  • Use GET Institutions to check for each Institution that uses both the INITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT and the INITIATE_PRE_AUTHORISATION features
  • Are you using the Yapily redirect ( https://auth.yapily.com )? If so, check coupled payment authorisation to see how each diagram changes for your use case.

Coupled Hybrid Payment Flow (Single SCA method)

This flow occurs when an Institution that uses the Decoupled Payment Pre-Authorisation Flow 1 also allows for the PSU to optionally choose to select an embedded authorisation. If the PSU selects the embedded authorisation option, the flow is as described below:

Authorisation_Flows-Hybrid_Default_Payments?r=2

Expand/Close Explanation
  1. You will need to execute POST Create Pre-authorisation request with the body parameter scope: PIS and redirect the user to the Institution using the qrCodeUrl or authorisationUrl returned by the Yapily API. The status of the Consent will be AWAITING_PRE_AUTHORIZATION until the user authorises the request
  2. After the user authorises the request at the Institution , the user will be redirected to the redirectUrl where the Consent object will be updated with the consent-token to authorise the pre authorisation request
  3. Using the default flow, you will need to poll the result of GET Consent until the Consent object is updated with the consent-token and the status transitions to PRE_AUTHORIZED
  4. You will then need to execute PUT Update Payment Pre-authorisation request with the consentToken and redirect the user to the Institution using the qrCodeUrl or authorisationUrl returned by the Yapily API. Provided that the user selects to use an embedded authorisation, the status of the Consent will be AWAITING_SCA_CODE
  5. After receiving the response from Yapily in step 4, the Institution will also send the SCA code to the user directly. You will need to provide an input field to capture the sca_code from the PSU
  6. After the user inputs the SCA code, you will need to execute PUT Update Embedded Payment Authorisation using the consent-id returned in the response in step 1 along with the sca_code . If successful, the status of the Consent will transition to AUTHORIZED
  7. You will then need to execute GET Consent ) to obtain the consent-token
  8. You will then be able to use the consent-token to initiate the payment using POST Create Payment . The payment can be executed by the Institution in step 6, however, this step is still required to obtain the payment-id
  9. You will also be able to use the consent-token along with the payment-id from the response of the previous request to check the status of the payment using GET Payment Details