This section describes setting up VRP consent parameters using Token.io's API.
See Bank selection for information on selecting banks, mandatory fields, authentication models and supported payment rails for API-only integration.
See the Token.io API reference for details of the following endpoints:
Then use our Launchpad to test them.
Click the image on the right to view a simplified swim lane diagram of the integration flow.
Details of the steps within the integration flow are shown below.
The user initiates the VRP consent set up with the TPP.
a. User -> TPP - The user initiates a request to the TPP to grant consent for VRP.
TPPs retrieve the list of available banks using the GET v2/banks call.
We recommend that this step is performed once daily, outside any VRP initiation, e.g., at 11pm UTC, and that the result is cached.
In the ../../api/reference/Banks-v1#operation/GatewayService.GetBanks request, there are numerous filtering criteria you can add as parameters to narrow your query. As a minimum, you should filter by your member ID.
See Mandatory fields for information on which fields must be provided for a given bank to accept a VRP initiation request.
a. TPP -> Token.io - The TPP requests the list of banks from Token.io.
b. Token.io -> TPP - Token.io supplies the list of banks to the TPP.
The user selects the bank.
a. TPP -> User - The TPP displays the bank selection screen.
b. User -> TPP - The user selects the bank.
TPP collects VRP consent from the user.
a. TPP -> User - TPP displays the VRP consent confirmation page to the user.
b. User -> TPP - The user confirms the set up of the VRP consent with the TPP.
The user sets the limits of the VRP consent with the TPP.
a. User -> TPP - The user sets the limits of the VRP consent with the TPP. This is usually a maximum amount per transaction and a maximum amount per day.
The TPP initiates the consent request with Token.io using the POST /vrp-consents call.
a. TPP -> Token.io - The TPP initiates the consent request with Token.io, including the instruction details, using the POST /vrp-consents call.
b. Token.io -> TPP - Token.io confirms receipt of the request from the TPP.
Token.io requests the creation of the VRP consent with the bank.
a. Token.io -> Bank - Token.io requests permission to set up the VRP consent with the user's bank.
b. Bank -> Token.io - The bank returns the consent with a PENDING status and a redirect URL.
The TPP redirects the user to the bank for payment consent confirmation.
a. TPP -> Bank - The TPP redirects the user to the bank to confirm the payment consent, using the redirectUrl.
The user completes authorization with the bank using the appropriate method; redirect, embedded or decoupled.
a. Bank -> User - The bank displays the authorization page to the user.
b. User -> Bank - The user authorizes the VRP consent creation with the bank.
The bank confirms that the VRP consent has been created.
a. Bank -> Token.io - The bank confirms with Token.io that the VRP consent has been created.
The TPP receives the confirmation that the VRP consent has been set up successfully and displays this to the user.
a. Token.io -> TPP - Token.io sends the VRP consent status to the TPP in a webhook.
If you're subscribed to webhooks, Token.io sends the consent status in a webhook every time a VRP consent is created or updated.
See Webhooks for an example webhook notification.
b. Token.io -> TPP - Token.io redirects the user to the TPP.
c. TPP -> User - The TPP displays the VRP consent set up status to the user.
If the consent set up request is successful, the status will be AUTHORIZED.
See HTTP errors for information on HTTP error status codes.
If you have any feedback about the developer documentation, please contact devdocs@token.io