Skip to main content
curl --request PUT \
  --url https://api.yapily.com/embedded-payment-auth-requests/{consentId} \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json;charset=UTF-8' \
  --data '
{
  "applicationUserId": "string",
  "institutionId": "postbank-sandbox",
  "scaCode": "325614",
  "paymentRequest": {
    "type": "DOMESTIC_PAYMENT",
    "paymentIdempotencyId": "e4f913909a3d11eabb370242ac130002",
    "reference": "REFERENCE",
    "amount": {
      "amount": 1,
      "currency": "EUR"
    },
    "payer": {
      "name": "John Doe",
      "accountIdentifications": [
        {
          "type": "IBAN",
          "identification": "DE12345678901234567890"
        }
      ]
    },
    "payee": {
      "name": "Jane Doe",
      "address": {
        "country": "DE"
      },
      "accountIdentifications": [
        {
          "type": "IBAN",
          "identification": "DE09876543210987654321"
        }
      ]
    }
  }
}
'
{
  "meta": {
    "tracingId": "94563449b4634d13b89b8f1c78c21882"
  },
  "data": {
    "id": "1767d386-c20a-4136-a311-0a455dd41a78",
    "userUuid": "95f71ebc-c8ae-4e25-aded-86e9bbd62966",
    "applicationUserId": "string",
    "institutionId": "postbank-sandbox",
    "state": "048a1187a9324652bedb6a653211a8a3",
    "status": "AUTHORIZED",
    "createdAt": "2021-01-25T18:32:23.933Z",
    "featureScope": [
      "CREATE_DOMESTIC_SINGLE_PAYMENT",
      "EXISTING_PAYMENT_INITIATION_DETAILS",
      "EXISTING_PAYMENTS_DETAILS"
    ],
    "authorizedAt": "2021-01-25T18:33:18.248Z"
  }
}
Learn more: Embedded Payment Flows

Authorizations

Authorization
string
header
required

Use HTTP Basic Authentication with your Application ID as username and Application Secret as password. Manage credentials in the Yapily Console. See Authentication for details.

Headers

psu-id
string

Conditional. Represents the user's login ID for the Institution to a personal account.

See PSU identifiers to see if this header is required.

psu-corporate-id
string

Conditional. Represents the user's login ID for the Institution to a business account.

See PSU identifiers to see if this header is required.

psu-ip-address
string

Conditional. The IP address of the PSU.

See PSU identifiers to see if this header is required.

sub-application
string<uuid>

The sub-application ID to which event type is being subscribed to

Path Parameters

consentId
string
required

Mandatory. The consent Id of the Consent to update.

Body

application/json;charset=UTF-8

The request body containing an PaymentEmbeddedAuthorisationRequest json payload

institutionId
string
required

Mandatory. The reference to the Institution which identifies which institution the authorisation request is sent to.

Example:

"yapily-mock"

paymentRequest
object
required

Mandatory. The payment request object defining the details of the payment.

userUuid
string<uuid>
applicationUserId
string

Conditional. The user-friendly reference to the User that will authorise the authorisation request. If a User with the specified applicationUserId exists, it will be used otherwise, a new User with the specified applicationUserId will be created and used. Either the userUuid or applicationUserId must be provided.

Example:

"user-234562290"

callback
string

Optional. The server to redirect the user to after the user complete the authorisation at the Institution.

See Using a callback (Optional) for more information.

Example:

"https://display-parameters.com"

redirect
object

Optional. The server to redirect the user to after the user complete the authorisation at the Institution.

oneTimeToken
boolean

Conditional. Used to receive a oneTimeToken rather than a consentToken at the callback for additional security. This can only be used when the callback is set.

See Using a callback with an OTT (Optional) for more information.

Example:

false

userCredentials
object

Conditional. Used to capture the user's credentials to allow them to login to an Institution that uses the embedded account authorisation flow.

This is the first step required in the embedded account authorisation flow to authorise the Consent.

selectedScaMethod
object

Conditional. Used to update the authorisation with the sca method of the user's choice for the Institution that uses the embedded authorisation flow. If the user has multiple sca methods configured, the Institution will allow the user to select from each of these options.

When the user has multiple sca methods for the Institution, this is the second step required in the embedded authorisation flow to authorise the Consent.

Example:
{
  "id": "944",
  "type": "PUSH_OTP",
  "description": "SecureSIGN"
}
scaCode
string

Conditional. Used to update the authorisation with the sca code received by the user from the Institution using the embedded payment authorisation flow.

This is the penultimate step required in the embedded payment authorisation flow to authorise the Consent. After sending the sca code, to obtain an authorised consent, the last step is to poll Get Consent until the Institution authorises the request and the Consent status transitions to AUTHORIZED.

Example:

"325614"

Response

Ok

meta
object
data
object
links
object
forwardedData
object[]
raw
object[]
deprecated