To carry out a payment initiation with the XS2A APIs, it is necessary to establish a consent between the TPP, the PSU and the ASPSP. To validate the payment, you will have to perform an OAuth2 authorization which will provide you a time-limited access token. This access token is mandatory to access to the payment status afterwards.
Creates a payment resource at the ASPSP for a given payment service and product. Specificities for this API and available services and products are listed in the dedicated HowTo.
Create an authorisation sub-resource of the payment resource and start the authorisation process.
The usage of this access method is only necessary if the TPP has asked to start the authorization process separately from the payment initiation (using the “TPP-Explicit-Authorisation-Preferred” Header).
Requests an authorization from a PSU following the OAuth2 protocol. Details of the authentication workflow and user interfaces are described in the dedicated HowTo section.
Our specificities regarding the OAuth2 protocol are listed below.
response_type : code
code_challenge_method : S256
After successful authorization, the user will be redirected to the redirect URI provided in the request with the following parameters :
Requests an access token using the authorization code retrieved from the PSU authorization. This Access Token can be refreshed. The duration of access token is 5 minutes, and the duration of refresh token is 20 minutes.
For specific BerlinGroup Implementation on the Payment Initiation Service, please refer to HOWTO N°8