Issued: 22nd February 2023 | TB-022223
The query separator in the redirectUrl field of the POST /token-requests call is changing to support & as a valid separator instead of ? for authorization callback.
During payment initiation, certain banks are unable to use ? in the redirectUrl field that defines the bank's callback url.
The query separator in the redirectUrl field is changing to support & as a valid separator instead of ?.
For example:
https://auth.token.io/callback?paymentId=test&state=dG9rZW5pby1zdGF0ZQ__
will be handled as:
https://auth.token.io/callback&paymentId=test&state=dG9rZW5pby1zdGF0ZQ__
This change will only affect customers using Token.io's Payment Initiation Services (PIS) for transactions with Banque Populaire, Caisse d’Epargne, Banque BCP, Banque Savoie (BPCE group).
For customers using Token.io callback, this change will be implemented automatically.
If you're using TPP callback, you'll need to implement the changes outlined below.
This change doesn't affect you if you're using Token.io's Account Information Service (AIS).
This change has been implemented automatically and you don't need to make any changes on your side.
You'll need to implement changes on your side to support {redirect_url}&... for BPCE group transactions to work.
For customers using Token.io callback we now support the following url schema:
callback?.......
callback/bpce&..... (for BCPE group)
Customers using TPP callback with need to handle these url schema:
{redirect_url}?.....
{redirect_url}&..... (for BPCE group)
For assistance with the above and other operational aspects of the Token.io Account-to-Account Infrastructure, please contact Token Support.