Redirecting the User to Authenticate
As covered under Token Basics, the PSD2PSD2 stands for Payment Services Directive 2 and is a new EU regulation in effect since September 14, 2019. It governs electronic and other non-cash payments. The main provision of PSD2 is for Strong Customer Authentication (SCA), a process that seeks to make online payments more secure and reduce fraud while increasing authorisation rates. The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020. SCAStrong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that account access for information and electronic payments is safeguarded by multi-factor authentication. requirement introduces the challenge of multi-factor authentication, efficiently accommodated using one of three models: (1) redirect, (2) decouple, or (3) embed. See Authentication for details on each of these models.
Otherwise, upon creating and storing the access token request, you're ready to redirect the customer to the user-selected bank via Token to authenticate and obtain consent.
Tip: If you are integrating within a mobile app, you can initiate token request creation in a WebViewA browser engine that you can insert like an iframe into your native app and programmatically tell it what web content to load. so the redirect is in the form of an HTTP 302An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation to the user agent (i.e., a web browser) to make a second, otherwise identical, request to the new URL specified in the location field. The end result is a redirection to the new URL..
This can be a redirect from your browser page to the Token web app or, for mobile, you can use Token's App-to-App Redirect method. In both bases, you'll need to construct a URL or a mobile universal link that redirects the user from your web page or mobile app to the Token web app.
Hence, to generate a request URL with the correct request-id, use this method:
// generate token request URL
The resulting token request redirect URL will look something like this (with the request-id shown in yellow):
Tip: You can specify a particular language by passing its language code (lang=country-code) as a query parameter appended to the URL above, which the user can override in the webapp according to personal preference. Here's an example for passing the desired ISO 639-1Codes for the representation of names of languages—Part 1: Alpha-2 code, is the first part of the ISO 639 series of international standards for language codes. Part 1 covers the registration of two-letter codes. There are 184 two-letter codes registered as of December 2018. The registered codes cover the world's major languages. See https://www.iso.org/iso-639-language-codes.html language code for German (de):
After generating the URL, you'll want to direct your front-end to visit it. There are a couple of ways to do this: (a) you can initiate a server-side HTTP 302An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation to the user agent (i.e., a web browser) to make a second, otherwise identical, request to the new URL specified in the location field. The end result is a redirection to the new URL. or (b) bind the URL to a button in your UI that either redirects the customer to the Token web app in the current browser tab or launches a pop-up window. The request-id portion of the generated redirect URL associates your stored request with the result of the redirect.
Redirect to the TPP's Callback URL
Handling the callback is covered next.