To authorize a standard BaaS SCA payment, Platform should call Initiate user’s SCA authorization API. In the URL, you need to provide “authorisationEventId” which is received in BaaS SCA Initiate Payment API response body.
Initiate user’s SCA authorization API triggers SMS to user’s mobile phone.
/baas-sca/user-management/client/sca/authorise/{{authorisationEventId}}
Please use “authorisationEventId” that is received in BaaS SCA Initiate Payment API response body.
Tip! Make sure Access token of logged user has baas-user-sca scope in it.
After a user receives SMS, they should enter OTP code in Platform’s frontend and entered code together with “authorisationEventId” should be passed to Verify user’s SCA API.
Parameters and their descriptions mentioned below.
Parameter | Description |
---|---|
authorisationEventId | authorisation event ID value that is received in BaaS SCA Initiate Payment API response body |
otp | OTP code received as a SMS into user’s mobile phone |
If OTP is successful, then payment authorization action is confirmed. In this case, “finalised” SCA status is received in Verify user’s SCA API response body.
"scaStatus": "finalised"
Currently, only “finalized” status is returned if SCA action is successful. If entered OTP is incorrect, an error is returned.
Note! "scaStatus": "finalised"
does not mean that payment itself is successfully processed!
It only means that SCA action is finalized, but payment itself can still fail as we run business validations after "scaStatus": "finalised"
is received in Verify user’s SCA API response body.
In order to see if SCA payment was successfully processed, Platform using logged user’s credentials must call BaaS SCA get payment information API.