SupplementaryData
ISO20022: Additional information that cannot be captured in the structured elements and/or any other specific block. API: This structure is used to embed the relevant URLs for returning the status report to the PISP and to specify which authentication approaches are accepted by the PISP and which was chosen by the ASPSP The [acceptedAuthenticationApproach] property can only be set by the PISP.
- Authentication approaches that are supported by the PISP. The PISP can provide several choices separated by commas.
- Case of none of the accepted approaches is supported by the ASPSP, the latest will respond with HTTP400 (Bad request) and specify wich approaches are actually supported. The [appliedAuthentication] will be set by the ASPSP.
- The ASPSP, based on the authentication approaches proposed by the PISP, choose the one that it can processed, in respect with the preferences and constraints of the PSU and indicates in this field which approach was chosen.
- It may happen that the ASPSP considers that, in case of payment cancellation request, there is no need for authentication and will then return "NONE".
Fields (8)
- acceptedAuthenticationApproachAuthenticationApproaches
Schema: AuthenticationApproaches
- appliedAuthenticationApproachAuthenticationApproach
Schema: AuthenticationApproach
- appliedAuthenticationstringenum · 3
Can only be set by the ASPSP.
Can only be set by the ASPSP. This field allows the ASPSP to inform the PISP about the way authentication was processed during the payment request confirmation.
Code Name Description noAuthentication— — oneFactorAuthentication— — strongAuthentication— — - scaHintstringenum · 2
can only be set by the PISP
can only be set by the PISP Hint given by the merchant and/or the PISP about an SCA exemption context
Code Name Description noScaExemption— — scaExemption— — - successfulReportUrlstring
URL to be used by the ASPSP in order to notify the PISP of the finalisation of the authentication and consent process in REDIRECT and DECOUPLED approach
URL to be used by the ASPSP in order to notify the PISP of the finalisation of the authentication and consent process in REDIRECT and DECOUPLED approach
- unsuccessfulReportUrlstring
URL to be used by the ASPSP in order to notify the PISP of the failure of the authentication and consent process in REDIRECT and DECOUPLED approach
URL to be used by the ASPSP in order to notify the PISP of the failure of the authentication and consent process in REDIRECT and DECOUPLED approach If this URL is not provided by the PISP, the ASPSP will use the "successfulReportUrl" even in case of failure of the Payment Request processing
- nextStatusRequestHintstring (date-time)
Date and time at which the PISP is suggested to ask again for the status of the payment request.
Date and time at which the PISP is suggested to ask again for the status of the payment request.
- loginHintTokenstring
The LOGIN_HINT_TOKEN is a piece of data that may be provided to the API client by the API server, once a PSU has been identified and authenticated.
The LOGIN_HINT_TOKEN is a piece of data that may be provided to the API client by the API server, once a PSU has been identified and authenticated.
- through a response to a token introspection request (RFC7662)
- through a status response to a Payment Request This LOGIN_HINT_TOKEN can then be sent back by the API client to the API server through the posting of a new Payment request. This will help the API server to identify the relevant PSU and ease the authentication process.