Redirecting the User to Authenticate

As covered under Token.io Basics, the requirement introduces the challenge of multi-factor authentication, efficiently accommodated using one of three models: (1) redirect, (2) decouple, or (3) embed. See Authentication for details on each of these models.

Otherwise, upon creating and storing the access token request, you're ready to redirect the customer to the user-selected bank via Token.io to authenticate and obtain consent.

Tip: If you are integrating within a mobile app, you can initiate token request creation in a so the redirect is in the form of an .

Generate the Token Request URL

This can be a redirect from your browser page to the Token.io web app or, for mobile, you can use Token.io's App-to-App Redirect method. In both bases, you'll need to construct a URL or a mobile universal link that redirects the user from your web page or mobile app to the Token.io web app.

Hence, to generate a request URL with the correct request-id, use this method:

// generate token request URL

return tokenClient.generateTokenRequestUrlBlocking(request-id);

The resulting token request redirect URL will look something like this (with the request-id shown in yellow):

https://web-app.token.io/request-token/rq:42w7yzgwJtN9fQVx78McJzEKiyU9:5zKtXEAq?

You can specify a particular language by passing its language code (lang=country-code) as a query parameter, appended to the URL above, which the user can override in the Web App according to personal preference. Here's an example for passing the desired ISO 639-1 language code for German (de):

https://web-app.token.io/app/request-token/rq:o9adbFqJXcaDGNDaykPvpSZFZDW:5zKtXEAq?lang=de

After generating the URL, you'll want to direct your front-end to visit it. There are a couple of ways to do this: (a) you can initiate a server-side or (b) bind the URL to a button in your UI that either redirects the customer to the Token.io web app in the current browser tab or launches a pop-up window. The request-id portion of the generated redirect URL associates your stored request with the result of the redirect.

Redirect to the TPP's Callback URL

Upon transfer to the Token.io web app, the customer is prompted to agree to Token.io's terms and conditions. If the customer accepts the , control is transferred to the customer-selected bank's login page or mobile app login screen to authenticate and authorize payment, whereupon a corresponding token is created and the user is returned to the TPP's callback URL specified in setRedirectUrl for the original request.

Handling the callback is covered next.