This documentation is for WSO2 Open Banking version 1.3.0. View documentation for the latest release.
WSO2 Open Banking 1.3.0
Skip to end of metadata
Go to start of metadata
Some content in this documentation is subject to the MIT Open Licence. For further information, see Copyright and Licence.

The Payment Initiation API consists of the flows and payloads required for initiating a general payment-order. 

The API endpoints described here allow a PISP to: 

  • Register a payment-order consent.
  • Optionally confirm available funds for a payment-order (domestic and international immediate payments only).
  • Subsequently submit the payment-order for processing.
  • Optionally retrieve the status of a payment-order consent or payment-order resource.

Basic flow

The diagram below shows the basic payment flow (using the Payment APIs) for all payment-order types:

The payment-order consent and payment-order resource is generalised for the different payment-order types. e.g. for a domestic payment, the payment-order consent resource is domestic-payment-consents, and the payment-order resource is domestic-payments

See the topics below for details on the available payment-order types:

  1. Initiate payment order
    1. This flow begins with a PSU consenting to a payment being made. The consent is between the PSU and the PISP.
    2. The debtor account details can optionally be specified at this stage.
  2. Create payment order consent
    1. The PISP connects to the ASPSP that services the PSU's payment account and creates a new payment-order consent resource. This informs the ASPSP that one of its PSUs intends to make a payment-order. The ASPSP responds with an identifier for the payment-order consent resource (the ConsentId, which is the consent identifier).
    2. This step is carried out by making a POST request to the payment-order consent resource.
  3. Authorise consent
    1. The PISP requests the PSU to authorise the consent. The ASPSP may carry this out by using a redirection flow or a decoupled flow.
      1. In a redirection flow, the PISP redirects the PSU to the ASPSP.
        1. The redirect includes the ConsentId generated in the previous step.
        2. This allows the ASPSP to correlate the payment order consent that was setup.
        3. The ASPSP authenticates the PSU.
        4. The PSU selects the debtor account at this stage (if it has not been previously specified in Step 1).
        5. The ASPSP updates the state of the payment order consent resource internally to indicate that the consent has been authorised.
        6. Once the consent has been authorised, the PSU is redirected back to the PISP.
      2. In a decoupled flow, the ASPSP requests the PSU to authorise consent on an authentication device that is separate from the consumption device on which the PSU is interacting with the PISP.
        1. The decoupled flow is initiated by the PISP calling a back-channel authorisation request.
        2. The request contains a 'hint' that identifies the PSU paired with the consent to be authorised.
        3. The ASPSP authenticates the PSU
        4. The PSU selects the debtor account at this stage (if it has not been previously specified in Step 1)
        5. The ASPSP updates the state of the payment order consent resource internally to indicate that the consent has been authorised.
        6. Once the consent has been authorised, the ASPSP can make a callback to the PISP to provide an access token.
  4. Confirm funds (domestic and international single immediate payments only)
    1. Once the PSU is authenticated and authorised the payment-order-consent, the PISP can check whether funds are available to make the payment.
    2. This is carried out by making a GET request, calling the funds-confirmation operator on the payment-order-consent resource.
  5. Create payment order
    1. The PISP creates a payment-order resource to indicate that the payment created in the steps above should be submitted for processing.
    2. This is carried out by making a POST request to the appropriate payment-order resource.
    3. The ASPSP returns the identifier for the payment-order resource to the PISP.
  6. Get payment order/consent status
    1. The PISP can check the status of the payment-order consent (with the ConsentId) or payment-order resource (with the payment-order resource identifier).
    2. This is carried out by making a GET request to the payment-order consent or payment-order resource.

Sequence diagram

Endpoints

In order to complete the payment flow, you can use the following available API endpoints:

The Mandatory/Conditional/Optional status of a resource's POST endpoint matches the GET operation. If a POST endpoint is implemented, the GET endpoint must also be implemented.
Endpoint NameSupported VersionResourceEndpoint URLMandatory/Optional
Domestic Paymentsv3.0, v3.1

domestic-payment-consents

domestic-payment-consents

domestic-payment-consents

domestic-payments

domestic-payments

POST /domestic-payment-consents

GET /domestic-payment-consents/{ConsentId}

GET /domestic-payment-consents/{ConsentId}/funds-confirmation

POST /domestic-payments

GET /domestic-payments/{DomesticPaymentId}


Mandatory

Mandatory

Mandatory

Mandatory

Mandatory

Domestic Scheduled Paymentv3.0, v3.1

domestic-scheduled-payment-consents

domestic-scheduled-payment-consents

domestic-scheduled-payments

domestic-scheduled-payments

POST /domestic-scheduled-payment-consents

GET /domestic-scheduled-payment-consents/{ConsentId}

POST /domestic-scheduled-payments

GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}


Conditional

Mandatory (if resource POST implemented)

Conditional

Mandatory (if resource POST implemented)


Domestic Standing Ordersv3.0, v3.1

domestic-standing-order-consents

domestic-standing-order-consents

domestic-standing-orders

domestic-standing-orders

POST /domestic-standing-order-consents

GET /domestic-standing-order-consents/{ConsentId}

POST /domestic-standing-orders

GET /domestic-standing-orders/{DomesticStandingOrderId}


Conditional

Mandatory (if resource POST implemented)

Conditional

Mandatory (if resource POST implemented)


International Paymentsv3.0, v3.1

international-payment-consents

international-payment-consents

international-payment-consents

international-payments

international-payments

POST /international-payment-consents

GET /international-payment-consents/{ConsentId}

GET /international-payment-consents/{ConsentId}/funds-confirmation

POST /international-payments

GET /international-payments/{InternationalPaymentId}


Conditional

Mandatory (if resource POST implemented)

Mandatory (if resource POST implemented)

Conditional

Mandatory (if resource POST implemented)


International Scheduled Paymentsv3.0, v3.1

international-scheduled-payment-consents

international-scheduled-payment-consents

international-scheduled-payment-consents

international-scheduled-payments

international-scheduled-payments

POST /international-scheduled-payment-consents

GET /international-scheduled-payment-consents/{ConsentId}

GET /international-scheduled-payment-consents/{ConsentId}/funds-confirmation

POST /international-scheduled-payments

GET /international-scheduled-payments/{InternationalScheduledPaymentId}


Conditional

Mandatory (if resource POST implemented)

Mandatory (if immediate debit supported)

Conditional

Mandatory (if resource POST implemented)


International Standing Ordersv3.0, v3.1

international-standing-order-consents

international-standing-order-consents

international-standing-orders

international-standing-orders

POST /international-standing-order-consents

GET /international-standing-order-consents/{ConsentId}

POST /international-standing-orders

GET /international-standing-orders/{InternationalStandingOrderPaymentId}


Conditional

Mandatory (if resource POST implemented)

Conditional

Mandatory (if resource POST implemented)


File Paymentsv3.0, v3.1

file-payment-consents

file-payment-consents

file-payment-consents

file-payment-consents

file-payments

file-payments

file-payments

POST /file-payment-consents

GET /file-payment-consents/{ConsentId}

POST /file-payment-consents/{ConsentId}/file

GET /file-payment-consents/{ConsentId}/file

POST /file-payments

GET /file-payments/{FilePaymentId}

GET /file-payments/{FilePaymentId}/report-file


Conditional

Conditional

Mandatory (if resource POST implemented)

Conditional

Conditional

Mandatory (if resource POST implemented)

Conditional


  • No labels