ITP Payment APIs
- Daniel Campos
- Fernando Magalhães
- Igor Dantas Silva (Unlicensed)
- Ernesto Ferreira (Unlicensed)
How to start the journey
In order for a company contracting the Open Keys solution to trigger the Payment Initiation Journey, it is necessary to generate a token in which the client_id and client_secret of the operation must be indicated, indicated in the application panel, settings menu.
You can now generate Access Token using the request below.
This example uses a Sandbox URL. When moving to production, remember to update the URL and also generate a client ID and client secret for the production environment.
cURL request to generate the token
curl --location 'https://onboard.smartkeys.8429y94d.dev.fsapps.app/api/portal/onboard/v1/token' \
--header 'Content-Type: application/json' \
--data '{
"client_id":"...-2567-....-ace9-...",
"client_secret": "...8136-....-42ce-..."
}'
Response
{
"access_token": "...iJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJUV96OE...",
"expires_in": 3600,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "email profile"
}
All other API calls need the token generated by the above request to be authenticated using a Bearer Authentication Token.
The token returned in the “access_token” field has a default validity of 1 hour and must be used to make subsequent calls. It must be included in the Authentication parameter of the request header, preceded by the word “Bearer”, as shown in the example below.
'Authorization': 'Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJUV96OE...'
List payment Open Finance participants
The following API call brings up all financial institutions that can be chosen to perform payment approval/consent.
Participant list request
Participant list response
UptimeStatus
enum with status about opening consent. OBS: this status does not involve pix:
OPERATIONAL = Opening of consent functioning normally in less than 9 seconds on average
PARTIAL_OUTAGE = Opening of consent with flashing in the holder
MAJOR_OUTAGE = Error opening consent
DEGRADED_PERFORMANCE = Consent opening working normally with more than 9 seconds on average
Create payment consent
Now, using the generated access token, let's call the Consent Creation endpoint.
The AuthorizationServerId field is the Brand ID we will use to create the payment consent. Here we must enter a valid My First App redirect uri, otherwise access will be denied.
Usaremos o Brand ID do Mock Finansystech (95dd24d2-902e-49e1-ad0d-e02d938447ba)
Request to create consent
Consent creation response
An AuthorizationUrl will be returned so that we can redirect the user to the bank's login page. Perform the redirect using the authorization URL. The login page will be shown.
The system will display the Payment Consent Approval page with the transaction information.
Click on the “CONFIRM PAYMENT” button to consent to the payment.
The system will redirect the user back to Celcoin .
Then Celcoin will redirect the user to the My First App redirect URI.
The redirect URI page will receive the following query string parameters:
ticket=eyJhbGciO…
state=HVLeXYgP6…
To confirm that the payment was processed successfully (and the payment status) you can check the payment status via Webhook on Payment Initiation or using https://celcoin.atlassian.net/wiki/spaces/OKD/pages/1231260099
For example, the state parameter brings the consent ID , so you can use the Get Pix by ConsentId API , as below:
The answer is something like below: