This page describes the pre-authentication API which can be used to request pre-authentication of the PSU.
Some ASPSP’s support the pre-authentication of the PSU. This will allow a PSU to authenticate once for a specific TPP after which the pre-authentication can be used in subsequent payments/consents requests by the TPP (The same PsuId should be used in those requests so that the pre-authentication can be connected). Each individual request still needs to be authorized by the PSU, but authentication is not longer needed. This can speed up the flow for these subsequent payments/consents.
The reach directory indicates which ASPSP’s support this functionality, see the ‘Details’ section of the Reach directory response.
The Open Banking Solution will also arrange a pre-authentication as part of the post payments flow, if mandatory. In which case it will be handled ‘behind the screens’. This pre-authentication API is meant for cases in which the TPP want’s to request the pre-authentication before a payment flows starts, so it becomes a stand-alone pre-authentication request.
Another case in which this API should be used is when ‘PreAuthenticationForEmbedded’ is returned by the post payments/consents API. In this case the pre-authentication is required and cannot be handled ‘behind the screens’.
Pre Authentication status
A pre-authentication has a status.
| Status name | description |
|---|---|
| Open | The pre-authentication resource has been created, but is not yet authorized by the PSU |
| Pending | The status is pending at the ASPSP, make another status request to receive an update. |
| Rejected | The pre-authentication has been rejected, this is a final state |
| Authorised | The pre-authentication has been approved by the PSU. It will be used by the Open Banking Service when a payment or consent flow is initiated with the same PsuId and AspspId. |
| Expired | The pre-authentication has been expired can no no longer be used, this is a final state |
| Revoked | The pre-authentication has been revoked by the ASPSP, this is a final state. |
| Error | An error occurred, this is a final state |
Flow example
The flow below gives an example of a stand-alone pre-authentication request, combined with a payment. Notice that in the payment step authentication is no longer required due to the pre-authentication.
POST pre-authentication
Endpoint: POST /psus/{psuId}/pre-authentication
This API starts the pre-authentication request flow.
Data model
| Request | Response (click to enlarge) |
 |  |
PUT pre-authentication
Endpoint: PUT /psus/{psuId}/pre-authentication/{preAuthenticationId}
This API is used to update a pre-authentication resource.
Data model
| Request | Response (click to enlarge) |
 |  |
Delete pre-authentication
Endpoint: DELETE /psus/{psuId}/pre-authentication/{preAuthenticationId}
This API is used to delete a pre-authentication resource.
Data model
| Request | Response |
 | HTML 204 (No Content, success) |
Get pre-authentication status
Endpoint: GET /psus/{psuId}/pre-authentication/{preAuthenticationId}/status
This API is used to get the status of a pre-authentication resource.
Data model
| Request | Response |
 |  |