App-to-App Checkout

At a high level, the following diagram shows the general workflow for Token.io's App-to-App Redirect feature using Universal/App Links.

The flow can be enumerated as follows:

1. TPP stores the TPP callback URL in the TokenRequest. If the TPP doesn't support the Universal/App Link, it must provide a link to the TPP website. A requestId is returned for Token.io Web App access.
2. The TPP redirects the requestId to the Token.io Web App, which then "guides" the user to the ASPSP for PSU authentication.

   The flow pictured next (click to enlarge) illustrates the initial redirect user experience.

   

   Here, Token.io provides Screen 1 to satisfy the Universal Link policy enforced by iOS on Apple devices. This particular screen is not required for devices running Android.

3. As soon as user authentication is verified by the bank/ASPSP, the user is redirected back to the Token.io Web App and guided with a prompt back to the TPP. This experience is illustrated in the following example (Wood Bank is a notional ASPSP).

Here, again, Token.io provides the optional Screen 2 to satisfy iOS policy requirements. Screen 2 is not required for Android.