Authorisations FAQs

A range of frequently asked questions and answers about Authorisations.

Is there support for webhooks?

As of now, Yapily does not provide any support for web-hooks although it is something that is on our roadmap. For updates on the Consent status, you should use the GET Consent endpoint.

Which authorisation flows are supported?

Yapily supports both redirect-based and embedded authorisation flows. To learn more, see the following links:

What support is available on mobile?

Provided that the customer uses mobile banking and has the accompanying mobile banking application installed on their mobile device, the authorisationUrl provided by Yapily will automatically deep-link to the PSU's mobile banking application.

Similarly, it is also possible to allow customers to still use a mobile device to complete an authorisation even if you're not planning to release a mobile application. Yapily also provides a qrCodeUrl in the AuthorisationRequestResponse to make this option possible.

This is a valid use case in the Open Banking journey if the PSU chooses not to give their consent to either make a payment or share their account information. In this event, it would be good to relay the result back to the PSU in your application confirming that this was intended and providing options to authorise again or to abandon the flow. See Payment Consent Authorisation Status or Account Consent Status Transitions

This scenario occurs when the Institution does not send a response for the authorisation either because there is an issue with the Institution or because the PSU does not complete the authorisation. Unfortunately, there is little Yapily can do in this scenario to investigate the cause as Yapily relies on the query parameters returned by the Institution to receive information on the authorisation status. To mitigate against this problem, you can write logic to check the status of the consent after 5 mins and if the Consent is still in the AWAITING_AUTHORIZATION, you should display an appropriate message. At this point, you could also prompt the PSU to authorise again.

How long is an authorisation url/qrcode valid for?

Each Institution will have its own limits, however, this is never typically longer than a few minutes. If the PSU takes to long to login to their Institution, the Institution will display a expired error notification, and you will need to generate a new authorisation.