OneLinQ PSD2 PIS APIs flow

PSD2 PIS API

PSD2 PIS APIs

API Name

API Endpoint

API Description

Payment Create

POST /payments

Creates a payment

Payment Submit

POST /payment-submissions

Submits a created payment

Payment Create Status

GET /payments/{PaymentId}

Returns the status of created payment

Payment Submit Status

GET /payment-submissions/{PaymentSubmissionId}

Returns the status of a submitted payment

Bulk Payment Create

POST /bulk-payments

Creates a Bulk payment

Bulk Payment Submit

POST /bulk-payment-submissions

Submits a created bulk payment

Bulk Payment Create Status

GET /bulk-payments/{PaymentId}/status

Returns the status of created bulk payment

Bulk Payment Create Details

GET /bulk-payments/{PaymentId}/details

Returns the details of created bulk payment

Bulk Payment Submit Status

GET /bulk-payment-submissions/{PaymentSubmissionId}/status

Returns the status of a submitted bulk payment

OAuth SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Authorize

  1. Fintech/TPP will redirect PSU to ‘/authorize’ URL with TPP Redirect URL, Client Id, State, UserId & PaymentId in JWT to authenticate the request id from PSU.
  2. PSU will get redirected to PSD2 IO authorize URL through browser.
  3. PSD2 IO will redirect PSU to ASPSP authorize URL through browser.
  4. ASPSP will redirect PSU to login page for authentication.
  5. PSU has to authenticate with his credentials on ASPSP’s login page.
  6. Once authenticated, ASPSP will ask to allow access for authorization.
  7. PSU will allow access.
  8. ASPSP will return auth code (B) & state on the callback URL of PSD2 IO.
  9. PSD2 IO will return auth code (P) & state on the callback URL of Fintech/TPP.

Step 4: Access Token

  1. Fintech/TPP will call the ‘/token’ API of PSD2 IO with auth code (P) received on callback.
  2. PSD2 IO will return the access token to Fintech/TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.

Redirect SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Redirect

  1. Fintech/TPP will redirect PSU to ‘/redirect’ URL with Client Id, PaymentId to authenticate the PaymentId from PSU.
  2. PSU will get redirected to PSD2 IO redirect URL through browser.
  3. PSD2 IO will redirect PSU to ASPSP redirect URL through browser.
  4. ASPSP will redirect PSU to login page for authentication.
  5. PSU has to authenticate with his credentials on ASPSP’s login page.
  6. Once authenticated, ASPSP will ask to allow access for authorization.
  7. PSU will allow access.
  8. ASPSP will return success along with PaymentId on the success URL of PSD2 IO.
  9. PSD2 IO will return success along with PaymentId on the success URL of Fintech/TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.

Embedded SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Embedded SCA

  1. Fintech/TPP will ask PSU to provide answer of the challenge received in the payment create response. Here for e.g.: OTP is taken.
  2. PSU will enter and submit the challenge data e.g.: OTP
  3. Fintech/TPP will call authorize payment API with the A.C./C.C. access token, challenge data e.g. OTP.
  4. PSD2 IO will give the response to Fintech/TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.

Embedded SCA with SCA Method Selection

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Start Authorization

  1. Fintech/TPP will send the start Authorization request with PaymentId to PSD2 IO.
  2. PSD2 IO will return response containing AuthorizationId with SCA method selection to Fintech/TPP.

Step 4: Embedded SCA with SCA Method Selection

  1. Fintech/TPP will ask PSU to select SCA method out of those received in the response.
  2. PSU will select the SCA method.
  3. Fintech/TPP will call select authentication API using the A.C./C.C. access token and selected SCA method.
  4. PSD2 IO will give the response to Fintech/TPP.
  5. Fintech/TPP will ask PSU to provide answer of the challenge received in the select authentication API response. Here for e.g.: OTP is taken.
  6. PSU will enter and submit the challenge data e.g.: OTP
  7. Fintech/TPP will call authorize payment API with the A.C./C.C. access token, challenge data e.g. OTP.
  8. PSD2 IO will give the response to Fintech/TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.

Decoupled SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Authorize payment on ASPSP application

  1. Fintech/TPP will show the message to PSU to authorize the payment on ASPSP application.
  2. PSU will authorize the payment on the ASPSP application.
  3. PSD2 IO will return success along with PaymentId on the success URL of Fintech/TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.

Decoupled SCA with Update Identification

Decoupled SCA with Update Identification 

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank,  Fintech/TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Account Access Consent Request

  1. Fintech/TPP will send the payment request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing PaymentId, OAuth SCA approach to Fintech/TPP.

Step 3: Decoupled SCA with Update Identification

  1. PP will ask PSU to update his identification data.
  2. PSU will enter his identification data e.g. PSU-Id.
  3. Fintech/TPP will call update identification API with the PSU identification data, C.C. access token
  4. PSD2 IO will give the response to Fintech/TPP.

Step 4: Authorize payment on ASPSP application

  1. Fintech/TPP will show the message to PSU to authorize the payment on ASPSP application.
  2. PSU will authorize the payment on the ASPSP application.
  3. PSD2 IO will return success along with PaymentId on the success URL of Fintech/TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech/TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech/TPP.
  3. Fintech/TPP will show the response to PSU on  Fintech/TPP UI.