VoP Requesting PSP API
This API specification is a draft, pending the publication of the EPC rulebook first definitive version in September to incorporate minor necessary changes.
This API based service is for requesting PSPs in the Worldline VoP Hub ecosystem and EPC scheme. It allows to process the verification of a payee identity via a single request to the Worldline VoP Hub, based on identification data and account data entered bv the Requester (Payer) in any payment channel of the PSP.
Features
The service will route the request to the corresponding responding bank using its dedicated directory service, obtain or compute a matching result (depending on the source of account holder information data or direct match result), and return it to the requesting PSP under 3 seconds (or timeout).
The API supports name + IBAN matching (returning a corrected name in case of a close match) as well as additional identifiers when supported by the responding bank.
Process
- The Requesting bank gathers information from the Requester (payer) about the subject of the VoP (Payee), before initiating a payment from any Sepa Credit Transfer channel.
- The API client authenticates towards VoP Hub and sends a request containing the gathered identification data and account reference.
- The VoP Hub routes the request to the corresponding responding bank, part of its reachable VoP interfaces.
- The VoP Hub receives the match result or necessary account holder information from the responding PSP.
- The API client receives the resulting API response, which may include the corrected name according to the responding bank, in case of close matches.
- The Requester is informed of the matching result, applies potential corrections and proceeds with payment initiation.
API Security
- Authentication: The Worldline VoP Hub uses an authentication service that adheres to the OIDC standard protocol.
For enhanced security, the client must present an (qualified) SSL certificate to authenticate and sign token requests with a (qualified) seal certificate. - Secure Communication: All communications utilize MTLS with TLS 1.2 or higher, ensuring that data in transit is secure.
- Data Integrity: Each API request and response is signed using a detached JWS signature, ensuring the integrity and authenticity of the data exchanged.