One of our customers makes a transaction on an e-commerce website or wants to initiate a transfer.
Through this API "Payment initiation" available by Caisse d'Epargne savings banks network, you can submit a real time payment initiation request.
The connected customer will be requested by his bank to validate this transaction :
- He identifies and authenticates himself ;
- Then, he selects his bank account with a sufficient balance for the transaction amount ;
- Finally, the bank seals the transaction after the client has strongly authenticated himself to validate the transaction (some exemptions of this authentication process exist).
You can only use this API if you are a Payment Initiation Service Provider ("PISP"), this prerequisite is described in "Eligibility" use case.
Once this prerequisite has been fulfilled, the global process will be the following one :
1- As a PISP provider, you can propose funds transfer services to customers, or allow them to pay their purchases on an e-merchant web site you have contractualized with. Thru your interfaces, the customer selects in which bank (ASPSP) his account(s) is/are domiciliated and you collect the transaction information (purchase amount, IBAN creditor, ...).
2- During the first exchange with ASPSP's infrastructures, you will have to request an authorization token. As PISP, you have to get this token BEFORE you can use ressources of the API. This token is generated by the ASPSP AFTER you authenticate as a PISP service provider using your eIDAS certificates.
As banking account holder (ASPSP), we will verify if your certificates and national agreements are valid.
For this step, it is not necessary that we identify and authenticate the customer before generating the access token.
3- If all above checks are correct, you will be able as PISP to get the OAUTH2 access token thru a secure exchange with 89C3 API platform (see "Retrieve your access token" use case).
4- By presenting this access token valid only for this transaction, you can then use ressources of the "payment initiation" API in order to :
- Initiate a payment/transfer (see "Send a single payment initiation request" use case) ;
- Retrieve the status of a payment/transfer initiation request (see "Retrieve the status of a payment initiation request") ;
- Edit a payment/transfer initiation request (see"Edit a payment request") => this feature will be available by the end of the first half of 2020.
- Confirm a payment/transfer initiation request or a payment/transfer cancellation request (see "Confirm a payment initiation request") => this feature will not implemented because it is not useful for REDIRECT authentication mode implemented.