To authorize a standard BaaS SCA payment, the Platform should call the Initiate user’s SCA authorization API. In the URL, you must provide “authorisationEventId”, which is received in the BaaS SCA Initiate Payment API response body.
Initiate user’s SCA authorization API triggers SMS to the user’s mobile phone.
/baas-sca/user-management/client/sca/authorise/{{authorisationEventId}}
Please use “authorisationEventId” that is received in the BaaS SCA Initiate Payment API response body.
Tip! Make sure the Access token of the logged user has baas-user-sca scope in it.
After a user receives SMS, they should enter OTP code in Platform’s frontend and entered code together with “authorisationEventId” should be passed to Verify user’s SCA API.
Parameters and their descriptions are mentioned below.
| Parameter | Description |
|---|---|
authorisationEventId | authorisation event ID value that is received in BaaS SCA Initiate Payment API response body |
otp | OTP code received as an SMS to the user’s mobile phone |
If OTP is successful, then payment authorization action is confirmed. In this case, “finalised” SCA status is received in Verify user’s SCA API response body.
"scaStatus": "finalised"
Currently, only “finalized” status is returned if SCA action is successful. If entered OTP is incorrect, an error is returned.
Note! "scaStatus": "finalised" does not mean that payment itself is successfully processed!
It only means that the SCA action is finalized, but payment itself can still fail as we run business validations after "scaStatus": "finalised" is received in the Verify user’s SCA API response body.
In order to see if SCA payment was successfully processed, Platform using logged user’s credentials must call BaaS SCA get payment information API.