Payment authorisation flows

Learn more about the different payment authorisation flows in Yapily

Depending on the Institution list in your application, you may be required to implement several flows.

Looking for Account Authorisations Flows?

Redirect vs. Embedded

Redirect-based payment authorisation flows require the PSU to be sent to the domain of the Institution to authenticate themself and to securely give their Consent to make a payment.

On the contrary, embedded payment authorisation flows take place without any redirect to the Institution. This process works by capturing various pieces of information from the PSU through fields in your front-end application and sending this information to the Institution through the Yapily API in order to authorise the payment.

Coupled Payment Authorisations

Coupled payment authorisation flows are flows where every step in authorising a payment is sent through the Yapily API. This means that at every stage, it is possible to receive the status of the Consent without polling it for updates. By default, all coupled payment authorisation flows diagrams display the use case that is suited to customers who are using their own redirect where after the authorisation step is completed, the PSU is redirected back to the application directly by the Institution. See redirect url for more information.

For customers using the Yapily redirectUrl (https://auth.yapily.com/), the Institution will redirect the PSU to this url after completing the authorisation which will mean the journey will not end back in your front-end application. As a result, it is recommended that you opt-in to use the callback in order to tell Yapily where to redirect the PSU to after being redirected to the authorisation service. See using a callback for more information.

Decoupled Payment Authorisations

Decoupled payment authorisation flows are flows where one step in authorising a payment takes place without Yapily as the intermediary. In this case, the authorisation is sent directly from the Institution to the PSU and back to the Institution. As Yapily is not involved in this process, in order for Yapily to check the status of the authorisation, Yapily will first send the AWAITING_DECOUPLED_AUTHORIZATION status to signal that the Institution has sent a request directly to the PSU to authorise.

As the authorisation is completed and received by the Institution without involvement of the Yapily API, you will need to poll GET Consent using the consent-id in order to know when the PSU has successfully authorised the payment authorisation request. Once this occurs, the Consent will transition to AUTHORIZED signalling that the authorisation process is complete and that you can cease from polling.