OBWG PSD2 PIS APIs flow

OBWG PSD2 PIS

OBWG PSD2 PIS APIs

API Name

API Endpoint

API Description

Domestic Payment Create

POST /domestic-payment-consents

Create domestic payment consents

Domestic Payment Submit

POST /domestic-payments

Submits a created domestic payment

Domestic Payment Detail

GET /domestic-payment-consents/{ConsentId}

Returns the details of created domestic payment

Domestic Payment Create Status

GET /domestic-payment-consents/{ConsentId}/status

Returns the status of created domestic payment

Domestic Payment Submit Details

GET /domestic-payments/{DomesticPaymentId}

Returns the details of a submitted domestic payment

Domestic Payment Submit Status

GET /domestic-payments/{DomesticPaymentId}/status

Returns the status of a submitted domestic payment

Domestic Scheduled Payment Create

POST /domestic-scheduled-payment-consents

Create domestic dcheduled payment consents

Domestic Scheduled Payment Submit

POST /domestic-scheduled-payments

Submits a created domestic scheduled payment

Domestic Scheduled Payment Details

GET /domestic-scheduled-payment-consents/{ConsentId}

Returns the details of created domestic scheduled payment

Domestic Scheduled Payment status

GET /domestic-scheduled-payment-consents/{ConsentId}/status

Returns the status of created domestic scheduled payment

Domestic Scheduled Payment Submit Details

GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}

Returns the details of a submitted domestic scheduled payment

Domestic Scheduled Payment Submit Status

GET /domestic-scheduled-payments/{DomesticScheduledPaymentId}/status

Returns the status of a submitted domestic scheduled payment

OAuth SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment-Consent

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.

Step 3: Authorize

  1. Fintech / TPP will redirect PSU to ‘/authorize’ URL with TPP Redirect URL,Client Id, State, UserId & ConsentId in JWT to authenticate the request id from PSU.
  2. PSU will get redirected to PSD2 IO authorize URL through the browser.
  3. PSD2 IO will redirect PSU to ASPSP authorize URL through the browser.
  4. ASPSP will redirect PSU to the login page for authentication.
  5. PSU has to authenticate with his credentials on ASPSP’s login page.
  6. Once authenticated, ASPSP will ask to allow access for authorization.
  7. PSU will allow access.
  8. ASPSP will return auth code (B) & state on the callback URL of PSD2 IO.
  9. PSD2 IO will return auth code (P) & state on the callback URL of Fintech / TPP.

Step 4: Access Token

  1. Fintech / TPP will call the ‘/token’ API of PSD2 IO with auth code (P) received on callback.
  2. PSD2 IO will return the access token to Fintech / TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the access token received.
  2. PSD2 IO will give the response to Fintech / TPP.
  3. Fintech / TPP will show the response to PSU on TPP UI.

Redirect SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment-Consent

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.

Step 3: Redirect

  1. Fintech / TPP will redirect PSU to ‘/redirect’ URL with Client Id, ConsentId to authenticate the ConsentId from PSU.
  2. PSU will get redirected to PSD2 IO redirect URL through browser.
  3. PSD2 IO will redirect PSU to ASPSP redirect URL through browser.
  4. ASPSP will redirect PSU to login page for authentication.
  5. PSU has to authenticate with his credentials on ASPSP’s login page.
  6. Once authenticated, ASPSP will ask to allow access for authorization.
  7. PSU will allow access.
  8. ASPSP will return success along with ConsentId on the success URL of PSD2 IO.
  9. PSD2 IO will return success along with ConsentId on the success URL of Fintech / TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech / TPP.
  3. Fintech / TPP will show the response to PSU on TPP UI.

Embedded SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment-Consent

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing ConsentId, OAuth SCA approach to TPP.

Step 3: Embedded SCA

  1. Fintech / TPP will ask PSU to provide answer of the challenge received in the payment create response. Here for e.g.: OTP is taken.
  2. PSU will enter and submit the challenge data e.g.: OTP
  3. TPP will call authorize payment API with the A.C./C.C. access token, challenge data e.g. OTP.
  4. PSD2 IO will give the response to Fintech / TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to TPP.
  3. Fintech / TPP will show the response to PSU on Fintech / TPP UI.

Embedded SCA with SCA Method Selection

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment-Consent

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.

Step 3: Start Authorization

  1. Fintech/TPP will send the start Authorization request with ConsentId to PSD2 IO.
  2. PSD2 IO will return response containing AuthorizationId with SCA method selection to Fintech/TPP.

Step 4: Embedded SCA with SCA Method Selection

  1. Fintech / TPP will ask PSU to select SCA method out of those received in the response.
  2. PSU will select the SCA method.
  3. Fintech / TPP will call select authentication API using the A.C./C.C. access token and selected SCA method.
  4. PSD2 IO will give the response to Fintech / TPP.
  5. Fintech / TPP will ask PSU to provide answer of the challenge received in the select authentication API response. Here for e.g.: OTP is taken.
  6. PSU will enter and submit the challenge data e.g.: OTP
  7. Fintech / TPP will call authorize payment API with the A.C./C.C. access token, challenge data e.g. OTP.
  8. PSD2 IO will give the response to TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to TPP.
  3. Fintech / TPP will show the response to PSU on TPP UI.

Decoupled SCA

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Create Payment-Consent

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing consentId, OAuth SCA approach to Fintech / TPP.

Step 3: Authorize payment on ASPSP application

  1. Fintech / TPP will show the message to PSU to authorize the payment on ASPSP application.
  2. PSU will authorize the payment on the ASPSP application.
  3. PSD2 IO will return success along with ConsentId on the success URL of Fintech / TPP.

Step 4: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech / TPP.
  3. Fintech / TPP will show the response to PSU on Fintech / TPP UI.

Decoupled SCA with Update Identification

Decoupled SCA with Update Identification 

Step 1: Pre-step OAuth

  1. PSU will request to make a payment.
  2. Depends on destination bank, TPP has to do a pre-step authorization_code (A.C.) / client_credentials (C.C.) access token Oauth.

Step 2: Account Access Consent Request

  1. Fintech / TPP will send the payment-consent request with A.C / C.C. access token to PSD2 IO.
  2. PSD2 IO will return response containing ConsentId, OAuth SCA approach to Fintech / TPP.

Step 3: Decoupled SCA with Update Identification

  1. PP will ask PSU to update his identification data.
  2. PSU will enter his identification data e.g. PSU-Id.
  3. Fintech / TPP will call update identification API with the PSU identification data, C.C. access token
  4. PSD2 IO will give the response to Fintech / TPP.

Step 4: Authorize payment on ASPSP application

  1. Fintech / TPP will show the message to PSU to authorize the payment on ASPSP application.
  2. PSU will authorize the payment on the ASPSP application.
  3. PSD2 IO will return success along with ConsentId on the success URL of Fintech / TPP.

Step 5: Submit Payment

This step needs to be exceuted only if value of PaymentFlow field in GET /banks API is TwoStep.
  1. Fintech / TPP will call payment submit API using the A.C./C.C access token received.
  2. PSD2 IO will give the response to Fintech / TPP.
  3. Fintech / TPP will show the response to PSU on Fintech / TPP UI.