Redirect Payment Flows
Summary
Redirect-based payment authorisation flows require the PSU to be sent to the domain of the Institution
to authenticate themself and to securely give their Consent
to make a payment.
Identifying each flow
An Institution
using the coupled payment authorisation flow:
- Will contain the
INITIATE_DOMESTIC_SINGLE_PAYMENT
feature - Will not contain both the
INITIATE_PRE_AUTHORISATION
andINITIATE_EMBEDDED_DOMESTIC_SINGLE_PAYMENT
features
An Institution
using the payment pre-authorisation flows:
- Will contain the
INITIATE_DOMESTIC_SINGLE_PAYMENT
andINITIATE_PRE_AUTHORISATION
features - May involve one decoupled payment authorisation step
- Use GET Institutions to check the features to identify which flow each
Institution
uses - Are you using the Yapily
redirect
(https://auth.yapily.com
)? If so, check coupled payment authorisation to see how each diagram changes for your use case.
Coupled Payment Authorisation Flow
redirectUrl
is managed by Yapily (if it is https://auth.yapily.com/
, Yapily recommends using the callback
option replacing steps 2-3 in the following flows. Alternatively, the callback with OTT option can also be used
instead of the listed steps.Expand/Close Explanation
Institution
using the qrCodeUrl
or authorisationUrl
returned by the
Yapily API. The status
of the Consent
will be AWAITING_AUTHORIZATION
until the user authorises the request
Institution
, the user will be redirected to the redirectUrl
where the Consent
object will be updated with
the consent-token
to initiate the payment on behalf of the user
Consent
object is updated with the consent-token
and once the status
transitions to AUTHORIZED
consent-token
to initiate the payment using POST Create Payment or POST Create Bulk Payment
consent-token
along with the payment-id
from the response of the previous request to check the status
of the payment using
GET Payment Details
Coupled Payment Pre-Authorisation Flow
Institution
that uses the INITIATE_PRE_AUTHORISATION
featureredirectUrl
is managed by Yapily (if it is https://auth.yapily.com/
), Yapily recommends using the callback
option replacing steps 2-3 and 5-6 in the following flows. Alternatively, the callback with OTT option can also
be used instead of the listed steps.Expand/Close Explanation
scope: PIS
and redirect the user to the
Institution
using the qrCodeUrl
or authorisationUrl
returned by the Yapily API. The status
of the Consent
will be AWAITING_PRE_AUTHORIZATION
until the
user authorises the request
Institution
, the user will be redirected to the redirectUrl
where the Consent
object will be updated with
the consent-token
to authorise the pre authorisation request
Consent
object is updated with the consent-token
and once the status
transitions to PRE_AUTHORIZED
consentToken
and redirect the user to
the Institution
using the qrCodeUrl
or authorisationUrl
returned by the Yapily API. The status
of the Consent
will be AWAITING_AUTHORIZATION
until the
user authorises the request
Institution
for the second time, the user will be redirected to the redirectUrl
where the Consent
object will
be updated with the consent-token
to initiate the payment on behalf of the user
Consent
object is updated with the
consent-token
and once the status
transitions to AUTHORIZED
consent-token
to initiate the payment using POST Create Payment
consent-token
along with the payment-id
from the response of the previous request to check the status
of the payment using
GET Payment Details
Decoupled Payment Pre-Authorisation Flow 1
Institution
that uses the INITIATE_PRE_AUTHORISATION
featureredirectUrl
is managed by Yapily (if it is https://auth.yapily.com/
), Yapily recommends using the callback option replacing steps 2-3 in the following
flow. Alternatively, the callback with OTT option can also be used instead of the listed steps.Expand/Close Explanation
scope: PIS
and redirect the user to the
Institution
using the qrCodeUrl
or authorisationUrl
returned by the Yapily API. The status
of the Consent
will be AWAITING_PRE_AUTHORIZATION
until the
user authorises the request
Institution
, the user will be redirected to the redirectUrl
where the Consent
object will be updated with
the consent-token
to authorise the pre authorisation request
Consent
object is updated with the consent-token
and once the status
transitions to PRE_AUTHORIZED
consentToken
. The status
of the Consent
will be AWAITING_DECOUPLED_AUTHORIZATION
until the user authorises the request on their device
Institution
where they will authorise outside of Yapily. You can add a prompt in your application for the
user to signal that they have approved the request in order to know when the consent-token
is available, otherwise, poll the status of the Consent
Consent
object is updated with the
consent-token
and once the status
transitions to AUTHORIZED
consent-token
to initiate the payment using POST Create Payment
consent-token
along with the payment-id
from the response of the previous request to check the status
of the payment using
GET Payment Details
Decoupled Payment Pre-Authorisation Flow 2
Institution
that uses the INITIATE_PRE_AUTHORISATION
featureredirectUrl
is managed by Yapily (if it is https://auth.yapily.com/
), Yapily recommends using the callback option replacing steps 5-6 in the following
flow. Alternatively, the callback with OTT option can also be used instead of the listed steps.Expand/Close Explanation
scope: PIS
. The status
of the
Consent
will be AWAITING_DECOUPLED_AUTHORIZATION
until the user authorises the request
Institution
where they will authorise outside of Yapily. You can add a prompt in your application for the
user to signal that they have approved the request in order to know when the consent-token
is available, otherwise, poll the status of the Consent
Consent
object is updated with the consent-token
and once the status
transitions
to PRE_AUTHORIZED
consentToken
. The status
of the Consent
will be AWAITING_AUTHORIZATION
until the user authorises the request on their device
Institution
using the authorisationUrl
or the qrCodeUrl
. After the user authorises the request at the Institution
,
the user will be redirected to the redirectUrl
where the Consent
object will be updated with the consent-token
to authorise the pre authorisation request
Consent
object is updated with the
consent-token
and once the status
transitions to AUTHORIZED
consent-token
to initiate the payment using POST Create Payment
consent-token
along with the payment-id
from the response of the previous request to check the status
of the payment using
GET Payment Details