Description

For the purpose of carrying out a payment initiation with the XS2A APIs, it is necessary to establish a consent between the TPP, the PSU and the ASPSP.

Redirect OAuth2

In this approach, the PISP has to proceed with an OAuth2 authorization. The consent is established and validated thanks to a redirection of the PSU towards the ASPSP Authentication platform.
See How to Perform a Strong Customer Authentication for details.

Decision matrix : on POST {payment-service}/{payment-product}
Request Headers Response Headers
TPP-Explicit-AuthorisationPreferred PSU-ID and PSU-ID-Type TPP-Redirect-Preferred ASPSP-SCA-Approach (Response from ASPSP) Explanation
true provided/not provided true/false/not provided not provided
false/not provided not provided true/false/not provided REDIRECT
provided true redirect/decoupled DECOUPLED workflow will be chosen if it's the only SCA approach available for the PSU. Otherwise REDIRECT will be the default choice.
false/not provided redirect/decoupled

1. REDIRECT workflow will be chosen if it's the only SCA approach available for the PSU.
2. If both REDIRECT / DECOUPLED are supported, it will depend on the PSU choice.
3. If not PSU preference, will be provided

Decision matrix : on POST authorisations
Request Headers Response Headers
PSU-ID and PSU-ID-Type TPP-Redirect-Preferred ASPSP-SCA-Approach(Response from ASPSP) Explanation
Not provided true REDIRECT
false / not provided REDIRECT
Provided true REDIRECT / DECOUPLED DECOUPLED workflow will be chosen if it's the only SCA approach available for the PSU. Otherwise REDIRECT will be the default choice.
false / not provided REDIRECT / DECOUPLED 1. REDIRECT workflow will be chosen if it's the only SCA approach available for the PSU.
2. If both REDIRECT / DECOUPLED are supported, it will depend on the PSU choice.
3. If not PSU preference, will be provided
Payment Initiation
Initiate Payment Resource
POST /berlingroup/v1/{payment-service}/{payment-product}

Creates a payment resource at the ASPSP for a given payment service and product. Specificities for this API and available services and products are listed in the dedicated HowTo.

Create an authorisation resource on a given payment
POST /berlingroup/v1/{payment-service}/{payment-product}/{paymentId}/authorisations

Create an authorisation sub-resource of the payment resource and start the authorisation process.

The usage of this access method is only necessary if the TPP has asked to start the authorisation process separately from the payment initiation (using the “TPP-Explicit-Authorisation-Preferred” Header).

Authorization request
GET /berlingroup/authorization/authorize/{authorisation-id}

Requests an authorisation from a PSU following the OAuth2 protocol. Details of the authentication workflow and user interfaces are described in the dedicated HowTo section.
Our specificities regarding the OAuth2 protocol are listed below.

response_type : code
code_challenge_method : S256

After successful authorisation, the user will be redirected to the redirect URI provided in the request with the following parameters :

https://your_redirect_uri?code=authorization_code&state=test