# Initiate a payment The POST /v2/payments endpoint enables you to initiate a payment with a bank.Once the payment has been initiated, the end user needs to authenticate themselves with their bank.Check payment status:If the status in the initiation response is INITIATION_PENDING_REDIRECT_AUTH or INITIATION_PENDING_REDIRECT_HP, redirect the user to the redirect url found in the authentication payload of the payment, to authenticate at the bank or at Token.io's Hosted Pages.If the status in the initiation response is INITIATION_PENDING_REDIRECT_PBL, redirect the user to the payment link (redirect URL) found in the authentication payload. The user will be taken to Token.io’s Hosted Pages, where any missing information (such as amount or reference) can be provided before proceeding with payment authentication.If the status in the initiation response is INITIATION_PENDING_EMBEDDED_AUTH, collect the requested data listed in the authentication payload of the payment and use the POST /v2/payments/{paymentId}/embedded-auth endpoint to provide the requested field values.If the status in the initiation response is INITIATION_PENDING, Token.io needs more time to process this request with the bank. In the case of a successful scenario, the status will be updated to INITIATION_PENDING_REDIRECT_AUTH, INITIATION_PENDING_EMBEDDED_AUTH or INITIATION_PENDING_DECOUPLED_AUTH when the authentication details are ready. The update can be checked by the GET /v2/payments/{paymentId} endpoint or received via a webhook (see Webhooks).If the status is INITIATION_PENDING_DECOUPLED_AUTH, the bank has requested a decoupled authentication from the user and Token.io is awaiting the result. No further action is required.request-timeout header:Banks may take some time to respond when a request is made. Therefore, Token.io recommends that you set a request-timeout header in your API-only POST /v2/payments requests to match the timeout of your client and avoid DEADLINE_EXCEEDED errors. If this is set, Token.io sends a response when this timeout period has passed and will update payment status as soon as the bank has responded.The following example demonstrates what happens when you set a timeout of 10 seconds and the call to the bank takes 15 seconds:The TPP makes a POST /v2/payments call.Token.io creates a resource with the status INITIATION_PENDING.Token.io starts the call to the bank.After 10 seconds from (1): Token.io returns the payment status INITIATION_PENDING.After 15 seconds from (3): Token.io receives a response from the bank and changes the status to, for example, INITIATION_PENDING_REDIRECT_AUTH. The update will be sent in a webhook, if TPP is subscribed for webhooks.The TPP makes the GET /v2/payments/{id} call and receives the payment with the status INITIATION_PENDING_REDIRECT_AUTH. Endpoint: POST /v2/payments Security: Bearer, BasicAuth ## Header parameters: - `request-timeout` (integer) Sets the number of elapsed seconds until Token.io sends the response back, even if the call is not finished by that time (in which case the call will be completed asynchronously). Example: 10 ## Request fields (application/json): - `initiation` (object, required) The initiation payload for the payment. All standard flow types — amount and remittanceInformationPrimary are required. - `initiation.bankId` (string) The Token.io id of the bank where the consent is created. This field is required if the customer is not using Token.io's Hosted Pages for bank selection, i.e., API-only integration when EMBEDDED_HOSTED_PAGES is selected in flowType, or Hosted Pages embedded (modal) integration. Example: "ob-modelo" - `initiation.refId` (string, required) The TPP-generated reference identifier for the token. This is not to be confused with the requestId. The refId maps to the tppRefId in the bank's consentRequest. This is needed to match/verify the originating token request with the bank's consent request. We recommend that the refId should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-'). This field should not exceed 18 characters in length. Example: "9htio4a1sp2akdr1aa" - `initiation.remittanceInformationPrimary` (string, required) The primary field for remittance information. This should contain a reference, as assigned by the creditor, to unambiguously refer to the payment transactions under this consent. The value of this field should appear on the bank statement and reconciliation file, irrespective of the payment network being used. We recommend that the remittanceInformationPrimary field should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-') as banks may remove these when sending this field to the beneficiary. This field should not exceed 35 characters in length (18 characters for UK Faster Payments). Example: "Sweepco" - `initiation.remittanceInformationSecondary` (string) The secondary field for remittance information. The information supplied should enable the reconciliation of an entry in an unstructured form. Depending on the payment network, information from this field may or may not be included in the bank statement and reconciliation file. We recommend that the remittanceInformationSecondary field should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-') as banks may remove these when sending this field to the beneficiary. This field should not exceed 140 characters in length. Example: "Secondary remittance information." - `initiation.onBehalfOfId` (string) The id of the ultimate client on whose behalf the consent is created. If the consent is created on behalf of a sub-TPP, this field should contain the sub-TPP referenceId. This field is mandatory for unregulated TPPs. Example: "c5a863bc-86f2-4418-a26f-25b24c7983c7" - `initiation.vrpConsentId` (string) Only for Variable recurring payments (VRP). VRP consent id. - `initiation.amount` (object, required) The transaction amount and currency. - `initiation.amount.value` (string, required) The transaction amount with up to four digits after the decimal point. Example: "10.23" - `initiation.amount.currency` (string, required) The ISO 4217 three letter currency code. Example: "EUR" - `initiation.localInstrument` (string, required) The bank's payment service used to make the payment.Depending on which local instrument you select, you will require different account identifiers in the debtor and creditor objects. The creditor object is mandatory, but the debtor object is only required if it is mandatory for a specific bank. However, if the TPP decides to provide debtor details, account identifier field(s) within the debtor object are mandatory. The fields within the creditor and debtor objects are populated as follows:FASTER_PAYMENTS require the sortCode and accountNumber to be populated.SEPA and SEPA_INSTANT require the iban, the bic is optional.ELIXIR requires either the iban or the Polish domestic accountNumber, the bic is optional.BANKGIRO requires the bankgiroNumber, the bic is optional.PLUSGIRO requires the plusgiroNumber, the bic is optional.EU_DOMESTIC_NON_EURO and EU_DOMESTIC_NON_EURO_INSTANT require either the iban or bban, the bic is optional, OR the bban is required and clearingNumber is optional. For an HP flow that doesn't have a preselected bankId, a SENoBankId account, where the currency is SEK or NOK, will require an iban and bban with an optional bic and/or clearingNumber.AUTO_SELECT enables smart routing functionality where Token.io automatically selects the most optimal payment rail based on the provided payment value and bank capabilities. This reduces the complexity for TPPs by eliminating the need to specify the exact local instrument. Enum: "SEPA", "SEPA_INSTANT", "FASTER_PAYMENTS", "ELIXIR", "EU_DOMESTIC_NON_EURO", "EU_DOMESTIC_NON_EURO_INSTANT", "BANKGIRO", "PLUSGIRO", "AUTO_SELECT" - `initiation.debtor` (any) Debtor information. Provide either an Account on File OR full Debtor Account details. These two modes are mutually exclusive. - `initiation.creditor` (any, required) The creditor information. The account information (one of) is required. - `initiation.executionDate` (string) This field specifies the future date for executing the payment in ISO 8601 format.". This field is optional and can only be used if the bank supports scheduled payments and the customer has permission to initiate future dated payments. Example: "2023-04-29" - `initiation.confirmFunds` (boolean) This field determines whether the bank will carry out a funds confirmation check before accepting the payment. Default = false. - `initiation.returnRefundAccount` (boolean) Supported banks will provide the debtor account details selected by the user during authorization. Default = false. - `initiation.disableFutureDatedPaymentConversion` (boolean) This field determines whether an auto-conversion of a single immediate payment to a future dated payment can be disabled. This may be required if the payment was initiated outside bank working hours. Default = false. - `initiation.returnTokenizedAccount` (boolean) This field generates tokenized account ID for given debtor account details. Example: true - `initiation.callbackUrl` (string, required) The TPP's url that Token.io calls back to. This url should not be under the token.io domain and must be https/SSL secure. Example: "https://tpp.com/callback" - `initiation.callbackState` (string) The uniquely-generated string included as part of the URL when communicating with the bank. It is sent to the bank during payment initiation and is also returned in the callback from the bank. You can use it to identify which payment the callback refers to, ensuring that the callback can be reliably matched to the original payment request. Example: "6242e45e-3063-4c42-8376" - `initiation.chargeBearer` (string) The bearer of the charge, if any, for international transfers. CRED - all charges are borne by the creditor. DEBT - all charges are borne by the debtor. SHAR - the parties share the charges. SLEV - each party bears its own charges, recommended on SEPA payments. Enum: "INVALID_CHARGE_BEARER", "CRED", "DEBT", "SHAR", "SLEV" - `initiation.risk` (object) This field is used to specify additional details for the risk scoring of payments. - `initiation.risk.psuId` (string) The merchant's unique customer identifier for the user. Example: "0000789123" - `initiation.risk.paymentContextCode` (string) This field describes the context of the payment context. This field is an OBIE standard and also maps to NextGenPsd2's purposeCode and categoryPurposeCode fields. We recommend that the TPP populates this field. Enum: "INVALID_PAYMENT_CONTEXT_CODE", "BILLING_GOODS_AND_SERVICES_IN_ADVANCE", "BILLING_GOODS_AND_SERVICES_IN_ARREARS", "PISP_PAYEE", "ECOMMERCE_MERCHANT_INITIATED_PAYMENT", "FACE_TO_FACE_POINT_OF_SALE", "TRANSFER_TO_SELF", "TRANSFER_TO_THIRD_PARTY" - `initiation.risk.paymentPurposeCode` (string) The category code conforming to the Recommended UK Purpose Code in the ISO 20022 Payment Messaging List, related to the type of services or goods corresponding to the underlying purpose of the payment. This list applies to all banks that follow ISO 20022. CASH - CashManagementTransferCORT - TradeSettlementPaymentDVPM - DeliveryAgainstPaymentINTC - IntraCompanyPaymentTREA - TreasuryPaymentSUPP - SupplierPayment Enum: "CASH", "CORT", "DVPM", "INTC", "TREA", "SUPP" - `initiation.risk.merchantCategoryCode` (string) The category code conforming to ISO 18245, relating to the type of services or goods provided by the merchant. A list of codes can be purchased here." Example: "4812" - `initiation.risk.beneficiaryAccountType` (string) This information should be provided if the AccountType is known. Enum: "PERSONAL", "JOINT_PERSONAL", "PERSONAL_SAVINGS_ACCOUNT", "BUSINESS", "BUSINESS_SAVINGS_ACCOUNT", "CHARITY", "COLLECTION", "CORPORATE", "GOVERNMENT", "EWALLET", "INVESTMENT", "ISA", "PREMIER", "WEALTH", "PENSION" - `initiation.risk.contractPresentIndicator` (boolean) This field indicates whether a Payee has a contractual relationship with the Payment Initiation Service Provider (PISP). Example: true - `initiation.risk.beneficiaryPrepopulatedIndicator` (boolean) This field indicates whether the Payment Initiation Service Provider (PISP) has immutably prepopulated payment details for the user. Example: true - `initiation.risk.deliveryAddress` (object) Specifies the recipient's delivery address details. - `initiation.risk.deliveryAddress.addressLine` (array) Specifies the delivery address using multiple lines, as necessary. Example: ["Flat 2, The Red Lodge, 1 High Street"] - `initiation.risk.deliveryAddress.addressType` (string) Specifies the type of address. Enum: "INVALID_ADDRESS_TYPE", "BUSINESS", "CORRESPONDENCE", "DELIVERYTO", "MAILTO", "POBOX", "POSTAL", "RESIDENTIAL", "STATEMENT" - `initiation.risk.deliveryAddress.buildingNumber` (string) The building number within the delivery address. Example: "1" - `initiation.risk.deliveryAddress.country` (string) Two-letter country code in upper case (ISO 3166-1 alpha-2). Example: "GB" - `initiation.risk.deliveryAddress.countrySubDivision` (array) Identifies a subdivision of a country; for instance, a state, region, or county. Example: ["North Yorkshire"] - `initiation.risk.deliveryAddress.department` (string) This OBIE specification maps to house number. Example: "1" - `initiation.risk.deliveryAddress.postCode` (string) An identifier consisting of a group of letters and/or numbers that is added to a postal address to assist the sorting of mail. Example: "YO62 5JB" - `initiation.risk.deliveryAddress.streetName` (string) The name of the respective street or thoroughfare in which the dwelling or business is located or where mail is received. Example: "High Street" - `initiation.risk.deliveryAddress.subDepartment` (string) This OBIE specification maps to flats. Example: "Flat 2" - `initiation.risk.deliveryAddress.townName` (string) The name of a built-up area with defined boundaries and a local government. Example: "York" - `initiation.flowType` (string, required) The integration option requested by the TPP. API_ONLY - This is the default. The TPP owns the user experience including bank selection logic, collection of mandatory fields, and embedded and decoupled authentication methods. This option is only used for API-only integrations.FULL_HOSTED_PAGES - The TPP uses Token.io’s hosted pages to manage the full bank selection and credential collection (if relevant) of the payment initiation experience. This option is only used for Hosted Pages integrations.EMBEDDED_HOSTED_PAGES - The TPP uses Token.io’s hosted pages to manage the credential collection (if relevant) of the payment initiation experience. bankId is required when EMBEDDED_HOSTED_PAGES is selected as the flowType. This option is only used for API-only integrations. Enum: "API_ONLY", "FULL_HOSTED_PAGES", "EMBEDDED_HOSTED_PAGES" - `initiation.externalPsuReference` (string) An external reference provided by the TPP (Third Party Provider) to uniquely identify the PSU (Payment Service User). Example: "psu external reference 12345" - `pispConsentAccepted` (boolean) This flag indicates whether the user has granted consent for the payment in the TPP's user interface. - `initialEmbeddedAuth` (object) This field provides a map of the initial embedded authentication fields, with their values. The list of the required initial credentials can be found in the bank metadata. Please use the id of each field as a key in the map. Using this field is optional. Even if a bank requires initial embedded authentication fields, you may choose not to populate the initialEmbeddedAuth field. In this case you'll be able to provide these fields later in the flow as part of an embedded authentication step. Example: {"username":"John Smith"} ## Response 200 fields (application/json): - `payment` (object) The payment object. - `payment.id` (string, required) The Token.io generated payment id. Example: "pm:12345abcd:abcd" - `payment.memberId` (string, required) The Token.io-assigned member id of the TPP. Example: "m:123456abcd:abcd" - `payment.initiation` (object, required) The initiation payload for the payment. All standard flow types — amount and remittanceInformationPrimary are required. - `payment.convertedToFutureDatedPayment` (boolean) This field indicates whether a payment has been converted from a single immediate payment to a future dated payment. This can happen if the payment is initiatied outside bank working hours and paymentInitiation.disableFutureDatedPaymentConversion = false. - `payment.refundDetails` (object) The refund-related information for this payment. This field requires specific permission and is only available if paymentInitiation.returnRefundAccount is set to true. - `payment.refundDetails.refundAccount` (any, required) The account to which the refund should be sent. - `payment.refundDetails.paymentRefundStatus` (string) The refund status for this payment. Enum: "NONE", "PARTIAL", "FULL" - `payment.refundDetails.settledRefundAmount` (object) The total amount of settled refunds (with status INITIATION_COMPLETED). - `payment.refundDetails.settledRefundAmount.value` (string, required) The transaction amount with up to four digits after the decimal point. Example: "10.23" - `payment.refundDetails.settledRefundAmount.currency` (string, required) The ISO 4217 three letter currency code. Example: "EUR" - `payment.refundDetails.remainingRefundAmount` (object) The remaining amount to be refunded (the payment amount minus the total amount of non-failed refunds). - `payment.refundDetails.remainingRefundAmount.value` (string, required) The transaction amount with up to four digits after the decimal point. Example: "10.23" - `payment.refundDetails.remainingRefundAmount.currency` (string, required) The ISO 4217 three letter currency code. Example: "EUR" - `payment.status` (string, required) The Token.io Payment Status: INITIATION_PENDING - Token.io has received the payment initiation and the initiation has passed Token.io's validation. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PENDING_REDIRECT_AUTH - The payment request has been acknowledged by the bank and Token.io is awaiting user confirmation on the bank's page. If Token.io's Hosted Pages is not in use, you'll need to redirect the user to the url found in the authentication field and await a callback from the bank (if you're handling callbacks) or from Token.io (if Token.io handles the callbacks for you).INITIATION_PENDING_REDIRECT_PBL – The payment session has been initialized and the PSU has opened the Pay by Link URL. At this stage, Token.io’s Hosted Pages will collect any missing mandatory information (such as amount or reference) from the user before continuing with the payment initiation process. INITIATION_PENDING_REDIRECT_AUTH_VERIFICATION - Token.io has received the callback information from the bank and is currently verifying it with the bank. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PENDING_REDIRECT_HP - This status can only be observed if you're using Token.io's Hosted Pages. You'll need to redirect the user to the url found in the authentication field and await a callback from Token.io's Hosted Pages after Token.io handles the entire flow for you.INITIATION_PENDING_EMBEDDED_AUTH - Token.io is waiting for the requested input from the user. If Token.io's Hosted Pages is not in use, you must provide the requested information to process the payment. Required information can be found in the authentication object of the payment.INITIATION_PENDING_EMBEDDED_AUTH_VERIFICATION - Token.io is waiting for the bank to process the provided information. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PENDING_DECOUPLED_AUTH - Token.io is polling status from the bank while the user authenticates in a decoupled way. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PENDING_REDEMPTION - The payment is ready for a redemption. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PENDING_REDEMPTION_VERIFICATION - Token.io is waiting for the bank to redeem the payment. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or poll the payment.INITIATION_PROCESSING - The payment initiation request has been acknowledged by the bank and is now being processed. No action is required; await the bank's response for the next step, e.g., a webhook with the status update, or a polling call. If necessary wait for additional webhooks to be sent. If a webhook is not received, then use a polling call every 120 min. The status can be updated to one of INITIATION_COMPLETED, INITIATION_REJECTED, INITIATION_NO_FINAL_STATUS_AVAILABLE or INITIATION_EXPIRED (if the status polling period is exhausted).INITIATION_COMPLETED - The final status (usually) indicating that the payment initiation request has been successfully completed. This doesn't guarantee that the payment is settled.INITIATION_REJECTED - The final status indicating that the payment initiation request has been rejected by the bank. More details are shared in the corresponding statusReasonInformation field.INITIATION_REJECTED_INSUFFICIENT_FUNDS - The final status indicating that the payment initiation request has been rejected due to insufficient funds.INITIATION_FAILED - The final status indicating that Token.io failed to proceed with the initiation due to problems with reaching the bank, or because payment authentication has not been completed within the allowed time period. More details are shared in the corresponding statusReasonInformation field.INITIATION_DECLINED - The final status indicating that the payment initiation request has been declined, in most cases actively by the user.INITIATION_EXPIRED - The final status, indicating that the bank has not responded to the payment initiation request within the allowed time period.INITIATION_NO_FINAL_STATUS_AVAILABLE - Payment status has not been updated for some time and Token.io has given up polling it. This is a final status, but it does not indicate success or failure. Please contact the bank to check the actual status of the payment.SETTLEMENT_IN_PROGRESS - This status is provided when a Token.io settlement account is used as the beneficiary for the payment, and replaces the payment initiation status. Token.io is waiting for the payment to reach the payee bank. No action is required; await the next step, e.g., Token.io sends a webhook with the status update, or a polling call. The status will change to SETTLEMENT_IN_PROGRESS soon after receives the final status from the debtor bank.SETTLEMENT_COMPLETED - This status is provided when a Token.io settlement account is used as the beneficiary for the payment, and replaces the payment initiation status. The payment has reached the payee bank and Token.io has matched the transaction in the TPP’s settlement account to the initiated payment. For instant payments, SETTLEMENT_COMPLETED will be achieved within 30-45 minutes from payment initiation, at the latest. For non-instant payments, the time to reach SETTLEMENT_COMPLETED will depend on the clearing period for the payment.SETTLEMENT_INCOMPLETE – This status is provided when a Token.io settlement account is used as the beneficiary for the payment, and replaces the payment initiation status. Reconciliation has failed. This happens when Token.io doesn't find the corresponding transaction in the TPP’s settlement account automatically.CANCELED – The final status indicating that the payment has been canceled.During settlement of a settlement accounts payment, the status update job will run first for up to 30 days. Payment will then enter into a 'final' status, normally INITIATION_COMPLETED.Once the status update job has run, the reconciliation job looks for matching inbound payments.For SEPA payments:if a matching inbound payment is found within 15 days of the final payment status update -> SETTLEMENT_COMPLETEDif no matching inbound payment is found within 15 days of the final payment status update -> SETTLEMENT_INCOMPLETEFor SEPA Instant payments:if a matching inbound payment is found within 1 day of the final payment status update -> SETTLEMENT_COMPLETEDif no matching inbound payment is found within 1 day of the final payment status update -> SETTLEMENT_INCOMPLETE Enum: "INITIATION_PENDING", "INITIATION_PENDING_REDIRECT_AUTH", "INITIATION_PENDING_REDIRECT_AUTH_VERIFICATION", "INITIATION_PENDING_REDIRECT_HP", "INITIATION_PENDING_REDIRECT_PBL", "INITIATION_PENDING_EMBEDDED_AUTH", "INITIATION_PENDING_EMBEDDED_AUTH_VERIFICATION", "INITIATION_PENDING_DECOUPLED_AUTH", "INITIATION_PENDING_REDEMPTION", "INITIATION_PENDING_REDEMPTION_VERIFICATION", "INITIATION_PROCESSING", "INITIATION_COMPLETED", "INITIATION_REJECTED", "INITIATION_REJECTED_INSUFFICIENT_FUNDS", "INITIATION_FAILED", "INITIATION_DECLINED", "INITIATION_EXPIRED", "INITIATION_NO_FINAL_STATUS_AVAILABLE", "SETTLEMENT_IN_PROGRESS", "SETTLEMENT_COMPLETED", "SETTLEMENT_INCOMPLETE", "CANCELED" - `payment.statusReasonInformation` (string) A human-readable description of the reason for the reported status, which may include a message from the bank. This value should not exceed 256 characters in length. Example: "The payment is settled on the debtor side." - `payment.bankPaymentStatus` (string) The raw bank status. This can be the ISO 20022 payment status code. See ISO 20022 payment status codes for more information. This field can be empty if no payment status is available on bank side. Example: "ACPC" - `payment.bankPaymentId` (string) The payment id from the bank. Not all banks provide this. This field can be left empty if information is not available from the bank side. Example: "1231423" - `payment.bankTransactionId` (string) The transaction id from the bank when the transaction is settled. Not all banks provide this. This field can be left empty if information is not available from the bank. Example: "2UhwCZ3BMaEcAUK8bZdukor7NL4tH6TBuu6aJMp5KKfX:5zKcENpV" - `payment.bankVrpId` (string) Present only if payment is VRP. The VRP id from the bank. This field can be empty if the VRP id isn't available on the bank's side. - `payment.bankVrpStatus` (string) Present only if payment is VRP. The raw bank status. This field can be empty if payment status isn't available on the bank's side. Example: "AcceptedCreditSettlementCompleted" - `payment.authentication` (object) The authentication operation required to proceed with payment creation. This is present when additional steps are required to authorize the payment. - `payment.createdDateTime` (string, required) The date and time this payment object was created (in ISO 8601 format). Example: "2023-04-05T17:02:11.954Z" - `payment.updatedDateTime` (string, required) The date and time this payment object was last updated (in ISO 8601 format). Example: "2023-04-05T17:02:11.954Z" - `payment.errorInfo` (object) This field will be populated if the status is final and the payment is not successful, or there has been an error that caused payment rejection, or the bank could not be reached to get a status update. - `payment.errorInfo.httpErrorCode` (integer, required) The HTTP error code. Example: 503 - `payment.errorInfo.message` (string) The message accompanying the HTTP error code. Example: "UNAVAILABLE: HTTP connection failed" - `payment.errorInfo.tokenExternalError` (boolean) Is set to true the error is external, e.g., a 5xx error resulting from the bank. This field can be populated as a result of both 4xx and 5xx errors. We recommend that you only rely on it for 5xx errors. Example: true - `payment.errorInfo.tokenTraceId` (string) The unique trace identifier, captured from the originating request and sent to the bank to be stored with the request throughout its lifecycle. It serves primarily as an audit-trail aid, for debugging the message exchange flow during sandbox testing, and for issue resolution in production. Example: "eASI3Onqkpi1unAM59O5" - `payment.paymentLinkStatus` (string) If the payment was initiated using a Pay by Link flow type, this shows the status of the payment link. For all other flows, this field is empty. LINK_ACTIVE – The payment link is active and can be used to initiate a payment.LINK_EXPIRED – The payment link has expired and can no longer be used.LINK_CANCELED – The payment link has been canceled by the TPP or system and cannot be used.LINK_REDEEMED – The payment link has been redeemed and the payment has been initiated. Enum: "LINK_ACTIVE", "LINK_EXPIRED", "LINK_CANCELED", "LINK_REDEEMED" ## Response 400 fields (application/json): - `error` (any, required) ## Response 401 fields (application/json): - `error` (object) The request does not have valid authentication credentials needed to perform the operation. - `error.message` (string) A description of the error. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345" ## Response 403 fields (application/json): - `error` (object, required) The error returned when the member is not authorized to perform the given operation: PermissionDenied. This error message will be accompanied by the reason from the bank. Typically this means the access token has expired and the user must re-authenticate with the bank. - `error.errorCode` (string, required) A textual error code categorising the error. Example: "InternalServerError" - `error.message` (string, required) A description of the error that occurred and a possible way to fix it. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345" ## Response 500 fields (application/json): - `error` (object) This could refer to either an error by the payment service provider or the bank. When the bank reports a 5xx error, "token-external-error": "true" is set as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of the payment service providers internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as "token-external-error": "false". - `error.errorCode` (string, required) This is a textual error code categorising the error. Example: "InternalServerError" - `error.message` (string, required) A description of the error. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345"