Payment Initiation Services (PIS)

Learn more about how Yapily can help you unlock Open Banking for PIS.

In order to facilitate a payment on behalf of the user, the user will need to authenticate with their financial institution and give explicit consent. In most cases, this will involve redirecting users to the Institution authorisation screen either in the web browser or if on a mobile through the user's mobile banking application by redirecting to the link provided by the Authorisation Url or QR Code Url. In any case, the goal is to obtain a consentToken which is supplied as the Consent header parameter to sign payments requests.

Payment Authorisation Flow

The Payment Authorisation Flow starts when your user (PSU) indicates their intent to make a payment. To formally obtain the user's authorisation, simply follow these steps:

  • Send a POST request to the Create Payment Authorisation endpoint with the userUuid, institutionId of their bank and callback, which is the URL to return the user to after authorisation.
  • In response to the Create Payment Authorisation call, we will return an authorisationUrl and qrCodeUrl, which you should redirect the user to.
  • The user will authorise the payment with their bank
  • The consent-token will be returned to your callback url
  • The consent-token can be used to call the Create Payment endpoint to request the payment.
  • Finally, again using the consent-token, you call the Get Payment Details endpoint to get the status of the payment.

It is also possible to complete the Payment Authorisation Flow without a callback URL. Instead of redirecting the user back to your callback URL, you can poll the GET consent endpoint. See Decoupled Account Authorisation Flow for more information.

Using a Callback

The Dashboard allows you to add multiple callbacks if this is required for your application. If you have multiple callbacks at the same domain, you can simply add one callback at the domain with a trailing forward slash e.g. If your domain was https://tpp-application and you wanted to register the following two callbacks:

https://tpp-application/confirmation-accounts
https://tpp-application/confirmation-payments

You could add https://tpp-application/ as a single callback rather than individually defining both of these callbacks:

For testing, you can use the small utility created by Yapily (https://display-parameters.herokuapp.com/) as a callback to make consuming the consent-token easier for you when testing the authorisation flows (Remember to first add this as a callback to your application in the Yapily Dashboard).

One Time Token

As an addition, when using the above flow you can make use of the one-time-token when executing POST Create Payment Authorisation Request to retrieve a consent-token without exposing it as a query string parameter at the callback:

  • The one-time-token is a short lived token that will be available at the callback after redirecting from Yapily's authorisation server once the user authorises the request.
  • The one-time-token can then be exchanged for a consent-token using POST Exchange One Time Token (OTT)
  • You can then obtain account information using this consent-token as with the other flows

PIS Consent tokens are valid for a single payment request.