For embedded authorisation approach, ASPSP process the payment authorisation through the PISP – ASPSP interface.
Generally there are three steps involve in embedded payment authorisation process.
- In first step, customer (PSU) need to authenticate himself / herself with ASPSP.
- In second step, once PSU successfully authenticated with ASPSP, ASPSP provides list of SCA methods in case of the ASPSP supporting several SCA methods for the corresponding customer (PSU). Customer (PSU) need to choose the appropriate SCA method and need to inform ASPSP through PISP (TPP).
- In third step, based on chosen SCA method by customer(PSU), ASPSP provide the challenge to PSU to authorise the payment and PSU need to provide challenge response through PISP (TPP) to ASPSP to verify.
Once all these authorisation steps completed successfully, ASPSP starts payment settlement process.
Take the following steps to complete this scenario.
Step – 1 : Get the reach details :
Call the reach API – GET /aspsp. Get the ASPSP details with Name = “Payment Embedded” and the ASPSP ID = “20105”, which has to be used to initiate the payment with embedded mode of authorisation and other further payment related requests.
Remark : Details of reach information provided in developer portal are limited and informational purpose to give initiating party (user) an idea about how reach information looks like. Initiating party (user) can skip this step and use specified ASPSP ID for the scenario to try out. User can get the ASPSP ID for appropriate scenario from "Scenario Guideline" page or from the list of "Payment Initiation Scenarios" page.
Step – 2 : Payment initiation and Authorisation steps :
Perform below steps to initiate payment.
-
Initiate the payment : Call the POST /payments API with mandatory fields in request header and body. In response of POST /payments, initiating party (user) will receive “PostAuthorisationForEmbedded” API endpoint link customer (PSU) authentication.
-
Perform customer (PSU) authentication : Call the POST /payments/authorisation API with customer’s (PSU) credential details. Once ASPSP Mock identifies customer (PSU) successfully, it will response with list of available SCA methods (if multiple SCA methods available at ASPSP) for the customer (PSU) to choose.
-
Authorisation method selection : Once appropriate SCA method chosen to authorise the payment by customer (PSU), initiating party (user) need to call the PUT /payments/authorisation API to inform ASPSP Mock.
Remark : Use currently we have populated request body with default selected "AuthenticationMethodId": "13" for
"PhotoOTP" SCA method in Put /authoirsations API.
Request body:
{
"AuthenticationMethodId": "13"
}
-
Provide challenge data for selected SCA method : Based on selected SCA method by customer (PSU), ASPSP will response with Challenge Data for customer (PSU) to authorize the payment. Once customer (PSU) respond with answer to Challenge Data, initiating party (user) need to call the PUT /payments/authorisation API to inform ASPSP Mock. ASPSP will verify the details and starts payment settlement process.
Remark : Use Put /authorisations API with below request body parameters to provide challenge data to complete
Embedded authorisation flow.
Request body:
{
"ScaAuthenticationData":"123456"
}
If GET /payments/status endpoint has been called before initiating party (user) provides his / her approval, initiating party (user) will receive payment status = “Open” from the ASPSP Mock in response.
Step – 3 : Get the payment status :
Call the GET /payments/status API to get the latest payment status from ASPSP Mock.
If payment is authorised, initiating party (user) will receive payment status = “SettlementCompleted” as final payment status.
If during any step in Embedded authorisation process, if customer (PSU) has not provided appropriate response, payment will be marked as “Cancelled” at ASPSP Mock and initiating party (user) will receive payment status = “Cancelled” as final payment status.
Remark : Payment status provided for this scenario is just to guide initiating party (user) for payment initiation process. Actual payment status may vary based on scenario from actual ASPSP.
Sequence Diagram :
