Skip to content
Single Immediate Payments...
/
/API-only integration
Last updated

API-only integration

if you're converting from Token.io's Payments v1 to Payment v2, see Migrating from Payments v1 to Payments v2 for tips for migrating and details of how to map the payment initiation fields.

The following SCA methods can be handled using Token.io's API:

  • Redirect authentication - users are redirected to the bank interface for authentication.

  • other authentication methods where additional credential information is required:

  • Embedded authentication - the TPP collects authentication data in their own UI and passes it to the banks.

  • Decoupled authentication - the authentication flow starts in a similar way to the embedded flow but is then completed on a separate device.

You can choose how you handle the user experience within the SCA flow by selecting the flowType in the initiation object of the POST /v2/payments call. The flowType determines the extent to which Token.io's Hosted Pages are used within the flow. Potentially a flowType of either API_ONLY or EMBEDDED_HOSTED_PAGES will work with any SCA method in the API-only integration:

  • API_ONLY: The TPP owns the user experience including bank selection logic, consent collection, collection of mandatory fields, handling of single and multiple bank redirects, and embedded and decoupled authentication methods.

The bankId parameter is required when API_ONLY is selected as the flowType.

  • EMBEDDED_HOSTED_PAGES: The TPP owns the user experience including bank selection logic, consent collection, and the initial redirection to the bank. However, complex authentication flows (credentials capture for the embedded SCA flow, decoupled steps, and multiple redirects from the bank) are handled by Token.io’s Hosted Pages. If you are opting for the API-only integration type, we therefore recommend you use EMBEDDED_HOSTED_PAGES for all your Payments v2 requests.

The bankId parameter is required when EMBEDDED_HOSTED_PAGES is selected as the flowType.

  • FULL_HOSTED_PAGES: The flow type used for Hosted Pages integrations. The TPP redirects the end user to Token.io’s Hosted Pages. Bank selection, consent collection, redirection to the bank and the handling of all authentication flows are performed by Token.io’s Hosted Pages.

See Bank selection for information on selecting banks, mandatory fields, authentication models and supported payment rails for API-only integration.

If you have any feedback about the developer documentation, please contact devdocs@token.io

Previous page
Next page