A range of frequently asked questions and answers about Authorisations.
Is there support for webhooks?
As of now, Yapily does not provide any support for web-hooks although it is something that is on our roadmap. For updates on the
Consent status, you should use the GET Consent
Which authorisation flows are supported?
Yapily supports both redirect-based and embedded authorisation flows. To learn more, see the following links:
What support is available on mobile?
Provided that the customer uses mobile banking and has the accompanying mobile banking application installed on their mobile device, the
authorisationUrl provided by Yapily will automatically
deep-link to the PSU's mobile banking application.
Similarly, it is also possible to allow customers to still use a mobile device to complete an authorisation even if you're not planning to release a mobile application. Yapily also provides a
qrCodeUrl in the AuthorisationRequestResponse to make this option possible.
What should I do if the Consent is rejected?
This is a valid use case in the Open Banking journey if the PSU chooses not to give their consent to either make a payment or share their account information. In this event, it would be good to relay the result back to the PSU in your application confirming that this was intended and providing options to authorise again or to abandon the flow. See Payment Consent Authorisation Status or Account Consent Status Transitions
Why is a Consent stuck in awaiting authorization?
This scenario occurs when the
Institution does not send a response for the authorisation either because there is an issue with the
Institution or because the PSU does not complete the
authorisation. Unfortunately, there is little Yapily can do in this scenario to investigate the cause as Yapily relies on the query parameters returned by the
Institution to receive information on
the authorisation status. To mitigate against this problem, you can write logic to check the status of the consent after 5 mins and if the
Consent is still in the
should display an appropriate message. At this point, you could also prompt the PSU to authorise again.
How long is an authorisation url/qrcode valid for?
Institution will have its own limits, however, this is never typically longer than a few minutes. If the PSU takes to long to login to their
Institution will display a
expired error notification, and you will need to generate a new authorisation.