Confirm a payment initiation request 

Use case 

This mandated method allows the PISP to confirm a payment initiation request previously sent to the ASPSP for a given PSU using a POST/paymentRequests

The only implemented methode is POST /payment-requests/{paymentRequestResourceId}/confirmation also known as "reinforced" authentification mode. It has to be used following a PIS operations validated by the PSU, and not yet cleared.

Please note that a cancellation operation doesn't need to be confirmed.

 

 

 Prerequisites

In order to be able to use this request, the TPP needs to fulfill eligibility criterias as "PISP" role (see "Eligibility" section), and must get beforehand an OAuth access token (see use case  "Overview" > "Retrieve a Token").

The PISP has already sent a request which has been temporarly stored, and the ASPSP has given back a link to this saved request.

 

 

 

 Request

The entry point depends on bank code parameter (<bkcode>) used for requesting the access token.

The list of current available bank institutions in sandbox is detailed below (see overall <bkcode> in "Limitssection). 

For example, the following URL to be used in production is the following : 

 

 

 Mandated parameters 

The mandated parameter is paymentRequestResourceId. 

 

The structure of the body and mandated fields are described in STET specifications : 

  • nonce => challenge to be sent back by the TPP
  • psuAuthenticationFactor => authentification factor 

 

The TPP can extract the payment inititation information using the method GET /stet/psd2/v1.6.2/payment-requests/{paymentRequestResourceId} with :

  •  Data paymentInformationStatus shall be "ACSP"
  • Data transactionStatus (in the creditTransferTransaction object) shall have the value "PDNG"

 

➤ Returned Result

If all data are correct, a HTTP 200 will be returned, as well as the ressourceId & SCA authentication mode & consent URL (urlConsent_approval_URL) & nonce.

Please note that :

  • data paymentRequestResourceId is included as a parameter inside consent URL sent back during the payment initiation
  • same for the nonce challenge parameter