General information
- To create and execute a Payment Order, it must be Initiated and then Authorized. In this flow, payments will be authorized using Redirection model.
- To access Open Banking Payment Initiation Service (OB-PSD2-PIS) API, your DevApp should include PSD2 PAYMENT INITIATION SERVICES API API product
- Access Token must include
psd2-pisscope - PSD2 PIS API currently supports SEPA-SCT and SEPA-SCT-Inst payments.
- For Financial Institutions, when making payments on behalf of their clients, it is mandatory to provide the full name of the Ultimate Debtor. Use
ultimateDebtor.nameproperty. - Please do not use
ultimateDebtorproperty if is not applicable to your case. - The collection of PSD2 APIs is here.
Payment flow
- TPP, in their application (Agent) presents a payment form to the PSU
- PSU fill in the details
- Agent forwards data to the TPP backend
- TPP Backend calls Initiate Payment API with payment details and Access Token with
psd2-pisscope - ConnectPay validates data and creates a Payment Order resource. In API Response will be property _links.scaRedirect.href with URL to ConnectPay Auth webapp where to redirect PSU for payment authorization
- TPP redirects the Agent to above-mentioned link.
- Please always use full redirect so PSU can see ConnectPay URL in browser window. Embedding ConnectPay webapp into the TPP interface via iFrame or other options is not allowed.
- PSU will log in with its own ConnectPay’s credentials and confirm or reject payment.
- Auth webapp will redirect the browser back to the TPP website using the RedirectUrl that TPP provided in Initialize Payment request.
- If, after redirection back, the URL will have a query parameter
error– it means something went wrong with Auth request. Find and fix cause of error and initialize new payment. - If URL is without eror parameter – Authorization process was successful. Check Payment status from your backend using Payment Status API or Payment Information API.
- Payment Authorization status can be checked using this Payment Authorization Status API. Possible statuses explained in the table below.
| Code | Description |
|---|---|
| received | An authorisation or cancellation-authorisation resource has been created successfully. |
| psuIdentified | The PSU related to the authorisation or cancellation-authorisation resource has been identified. |
| psuAuthenticated | The PSU related to the authorisation or cancellation-authorisation resource has been identified and authenticated e.g. by a password or by an access token. |
| scaMethodSelected | The PSU/TPP has selected the related SCA routine. If the SCA method is chosen implicitly since only one SCA method is available, then this is the first status to be reported instead of “received”. |
| started | The addressed SCA routine has been started. |
| unconfirmed | SCA is technically successfully finalised by the PSU, but the authorisation resource needs a confirmation command by the TPP yet. |
| finalised | The SCA routine has been finalised successfully (including a potential confirmation command). This is a final status of the authorisation resource. |
| failed | The SCA routine failed. This is the final status of the authorisation resource. |
| exempted | SCA was exempted for the related transaction, the related authorisation is successful. This is the final status of the authorisation resource. |