Authorise Payment
POST {{base_url}}/banking/v2/pay/domestic/consents/:consentId
Authorise Payment
Before the payment can be initiated, the payment request needs to be approved.
Before calling this endpoint, authentication needs to be created in order to retrieve the authentication URL (authUrl) for the bank.
Now, your application will need to redirect a user to the authUrl location for them to sign in through their bank account.
The payment request will be completed once the user successfully signs in. You will be redirected back to your redirect field in the initial POST request body.
Path variables
| Field | Type | Description |
|---|---|---|
| consentId | string | Unique identifier for the consent |
Request
| Field | Type | Description |
|---|---|---|
| bankId | integer | Unique identifier for the bank |
| code | string | Temporary code to be exchanged for access token with the bank |
| id_token | string | Base64 encoded JSON for verifying state and token’s validity |
| state | string | Base64 encoded JSON containing information about the original request to persist the state throughout the user journey |
| state->nonce | string | String value used to associate a client session with an ID Token, and to mitigate replay attacks (for internal use) |
| state->reRed | string | Redirect URL |
| state->accReq | string | tomato pay consentId |
| state->bId | integer | bankId (Unique identifier for the bank) |
| state->consentId | string | bank consentId |
Attributes
| Field | Type | Description |
|---|---|---|
| id | string | Unique identifier for the payment |
| consentId | string | Unique identifier for the consent |
| companyId | string | Unique identifier for the company |
| creditor | JSON object | Creditor information |
| creditor -> schemename | string | IBAN or Account and sort code |
| creditor -> identification | string | Creditor's account details |
| creditor -> name | string | Creditor name |
| amount | integer | Payment amount |
| currency | string | Account currency |
| reference | string | Transaction reference |
| type | string | Payment type {DOMESTIC} |
| creationDate | datetime | Date and time of the transaction |
| remittanceInfo | string | Partner Id is sent as remittance information in order to reconcile the payment with AIS transaction |
Error Messages
| Condition | Response Status | Response Body |
|---|---|---|
| Invalid bankId | 403 Forbidden | |
| No code | 400 Bad Request | {“error”: “Missing/Invalid bank code”} |
| No state | 400 Bad Request | {“error”: “Missing/Invalid state} |
| No id_token | 400 Bad Request | {“error”: “Missing/Invalid id_token”} |
| Invalid state | 400 Bad Request | {“error”: “Missing/Invalid state”} |
| Invalid id_token | 400 Bad Request | {“error”: “Open ID token verification failed”} |
| Bank errors | 502 Bad Gateway | {“error”: “Bank error”} |
Request Body
{"bankId"=>"6", "code"=>"code", "id_token"=>"id token", "state"=>"state"}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
X-Api-Key | string | ||
X-Partner-Id | string | ||
Authorization | string | ||
X-Company-Id | string |
RESPONSES
status: Created
{"id":"paymentId1234","consentId":"consentId3456","bankId":6,"companyId":"companyId1234","type":"DOMESTIC","status":"PENDING","amount":"25.00","currency":"GBP","reference":"reference","creditor":{"schemeName":"UK.OBIE.SortCodeAccountNumber","identification":"11223301234567","name":"Creditor name"},"creationDate":"2020-10-27T10:02:37Z","remittanceInfo":"partnerId1243"}