Some content in this documentation is subject to the MIT Open Licence. For further information, see Copyright and Licence.
The Payment Initiation API consists of the flows and payloads required for initiating a general payment-order.
The API endpoints described here allow a PISP to:
- Register a payment-order consent.
- Optionally confirm available funds for a payment-order (domestic and international immediate payments only).
- Subsequently submit the payment-order for processing.
- Optionally retrieve the status of a payment-order consent or payment-order resource.
Basic flow
The diagram below shows the basic payment flow (using the Payment APIs) for all payment-order types:
The
payment-order
consent and payment-order
resource is generalised for the different payment-order types. e.g. for a domestic payment, the payment-order consent resource is domestic-payment-consents
, and the payment-order resource is domestic-payments
. See the topics below for details on the available payment-order types:
- Domestic Payments
- Domestic Scheduled Payments
- Domestic Standing Orders
- International Payments
- International Scheduled Payments
- International Standing Orders
- Initiate payment order
- This flow begins with a PSU consenting to a payment being made. The consent is between the PSU and the PISP.
- The debtor account details can optionally be specified at this stage.
- Create payment order consent
- The PISP connects to the ASPSP that services the PSU's payment account and creates a new payment-order consent resource. This informs the ASPSP that one of its PSUs intends to make a payment-order. The ASPSP responds with an identifier for the payment-order consent resource (the ConsentId, which is the consent identifier).
- This step is carried out by making a POST request to the payment-order consent resource.
- Authorise consent
- The PISP requests the PSU to authorise the consent. The ASPSP may carry this out by using a redirection flow or a decoupled flow.
- In a redirection flow, the PISP redirects the PSU to the ASPSP.
- The redirect includes the ConsentId generated in the previous step.
- This allows the ASPSP to correlate the payment order consent that was setup.
- The ASPSP authenticates the PSU.
- The PSU selects the debtor account at this stage (if it has not been previously specified in Step 1).
- The ASPSP updates the state of the payment order consent resource internally to indicate that the consent has been authorised.
- Once the consent has been authorised, the PSU is redirected back to the PISP.
- In a decoupled flow, the ASPSP requests the PSU to authorise consent on an authentication device that is separate from the consumption device on which the PSU is interacting with the PISP.
- The decoupled flow is initiated by the PISP calling a back-channel authorisation request.
- The request contains a 'hint' that identifies the PSU paired with the consent to be authorised.
- The ASPSP authenticates the PSU
- The PSU selects the debtor account at this stage (if it has not been previously specified in Step 1)
- The ASPSP updates the state of the payment order consent resource internally to indicate that the consent has been authorised.
- Once the consent has been authorised, the ASPSP can make a callback to the PISP to provide an access token.
- In a redirection flow, the PISP redirects the PSU to the ASPSP.
- The PISP requests the PSU to authorise the consent. The ASPSP may carry this out by using a redirection flow or a decoupled flow.
- Confirm funds (domestic and international single immediate payments only)
- Once the PSU is authenticated and authorised the payment-order-consent, the PISP can check whether funds are available to make the payment.
- This is carried out by making a GET request, calling the funds-confirmation operator on the payment-order-consent resource.
- Create payment order
- The PISP creates a payment-order resource to indicate that the payment created in the steps above should be submitted for processing.
- This is carried out by making a POST request to the appropriate payment-order resource.
- The ASPSP returns the identifier for the payment-order resource to the PISP.
- Get payment order/consent status
- The PISP can check the status of the payment-order consent (with the ConsentId) or payment-order resource (with the payment-order resource identifier).
- This is carried out by making a GET request to the payment-order consent or payment-order resource.
Sequence diagram
Endpoints
In order to complete the payment flow, you can use the following available API endpoints:
The Mandatory/Conditional/Optional status of a resource's POST endpoint matches the GET operation. If a POST endpoint is implemented, the GET endpoint must also be implemented.
Overview
Content Tools
Activity