This section describes the integration where the TPP uses Token.io's HP for all or some of the steps in the user journey for setting up VRP consent.
Click the image on the right to view a simplified swim lane diagram of the integration flow.
Details of the steps within the integration flow are shown below.
a. User -> TPP - The user initiates a request to the TPP to grant consent for VRP. The initiation of consent uses the TPP's interface.
The user sets the limits of the VRP consent with the TPP.
a. User -> TPP - The user sets the limits of the VRP consent with the TPP. This is usually a maximum amount per transaction and a maximum amount per day.
The TPP initiates the consent request with Token.io using the POST /vrp-consents call.
a. TPP -> Token.io - The TPP initiates the consent request with Token.io, including the instruction details, using the POST /vrp-consents call.
b. Token.io -> TPP - Token.io confirms receipt of the request from the TPP, which includes a VRP consent id in the response.
The TPP redirects the user to Token.io's HP for payment consent confirmation.
a. TPP -> Token.io - The TPP redirects the user to the Token.io HP at https://{{base-url}}/app/initiation?vrp-consent-id={vrp-consent-id}.
See Hosted Pages for details on how to construct the redirect URL.
The user selects the bank from the Token.io HP.
a. Token.io -> User - Token.io displays the bank selection screen.
We recommend using the countries parameter in the request here, which can be used to pre-populate the Country field.
b. User -> Token.io - The user selects the bank.
Token.io collects VRP consent from the user.
a. Token.io -> User - Token.io displays the VRP consent confirmation page to the user.
b. TPP -> Token.io - The TPP confirms consent with Token.io.
The user completes authorization with the bank using the appropriate method; redirect, embedded or decoupled.
a. Bank -> User - The bank displays the authorization page to the user.
b. User -> Bank - The user authorizes the VRP consent creation with the bank.
The bank confirms that the VRP consent has been created.
a. Bank -> Token.io - The bank confirms with Token.io that the VRP consent has been created.
The TPP receives the confirmation that the VRP consent has been set up successfully and displays this to the user.
a. Token.io -> TPP - Token.io sends the VRP consent status to the TPP in a webhook.
If you're subscribed to webhooks, Token.io sends the consent status in a webhook every time a VRP consent is created or updated.
See Webhooksfor an example webhook notification.
b. Token.io -> TPP - Token.io redirects the user to the TPP.
c. TPP -> User - The TPP displays the VRP consent set up status to the user.
If the consent set up request is successful, the status will be AUTHORIZED.
See HTTP errors for information on HTTP error status codes.
If you have any feedback about the developer documentation, please contact devdocs@token.io