Guides

Payments

The Payment Initiation Service (PIS) allows you to initiate payments directly from the PSU's bank account through the Open Payments platform, with a variety of supported payment products. To create a payment initiation, you must specify a payment-service and a payment-product in the API path, with each combination representing a distinct type of payment flow. The available options for these parameters can be found here.

For requests to the PIS API, you need an access token with scope set to paymentinitiation corporate.

Initiating payments in the production environment requires completed KYC verification on the PSU's organization. Refer to the KYC guide for information on how to implement this.

Domestic Payments

This guide will show you how to initiate a simple domestic corporate account-to-account transfer.

1. Create Payment

Endpoint

POST /psd2/paymentinitiation/v1/{payment-service}/{payment-product}

http

To create a single domestic payment, we set the payment-service parameter to payments and the payment-product parameter to domestic. Secondly, we need to specify the details of the transaction in the request body.

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

Request Body

Name	Type	Description
`instructedAmount`	object	The amount and currency of the money to be transferred.
`debtorAccount`	object	The account from which the payment will be debited.
`creditorName`	string	The full name of the payment recipient.
`creditorAccount`	object	The account to which the payment will be credited.
`creditorAgent`	string	The BIC of the payment recipient's bank.
`creditorAgentName`	string	The name of the payment recipient's bank.
`requestedExecutionDate`	string(date)	The date when the payment is scheduled to be executed in ISO 8601 format, e.g. 2025-10-31.
`remittanceInformationUnstructured`	string	A free-text field for remittance information on the payment.
`debtorAccountMessage`	string	A personal message from the payer to themselves.

curl -X POST "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/domestic" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 37c6468e-a3f4-4232-8834-979e79564274" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -d '{
    "instructedAmount": {
      "currency": "SEK",
      "amount": "1230.50"
    },
    "debtorAccount": {
      "iban": "SE123456789000532811"
    },
    "creditorName": "John Doe",
    "creditorAccount": {
      "iban": "SE123456789000222333"
    },
    "creditorAgent": "HANDSESS", 
    "creditorAgentName": "Svenska Handelsbanken AB", 
    "requestedExecutionDate": "2025-05-19",
    "remittanceInformationUnstructured": "Ref Number Merchant",
    "debtorAccountMessage": "Personal note"
    }'

bash

Response

{
    "transactionStatus": "RCVD",
    "paymentId": "fa1569fa-6cbd-43fb-98a2-7151ba2da365",
    "_links": {
        "startAuthorisationWithTransactionAuthorisation": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations"
        },
        "self": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365"
        },
        "status": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/status"
        }
    }
}

json

If the creditor account is listed on Svensk Handel's watchlist, the response for any payment type will additionally contain a warning message:

"tppMessages": [
    {
        "category": "WARNING", 
        "code": "CREDITOR_ACCOUNT_FLAGGED", 
        "text": "The creditor Falskhandel AB (OrgNr: 556789-1234) was flagged as potentially fraudulent."
    }
]

json

2. Create Payment Authorisation

The next step is to create an authorisation process for this payment. The response will provide a list of available SCA methods for the specified bank.

Endpoint

POST /psd2/paymentinitiation/v1/{payment-service}/{payment-product}/{paymentId}/authorisations

http

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.
`paymentId`	string	The ID of the payment that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X POST "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: aebf855f-bb04-4251-ab52-e129b266ce56" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \

bash

Response

{
    "authorisationId": "6bdef9d1-c2af-43b1-b89a-d1efe2a00a90",
    "scaMethods": [
        {
            "authenticationType": "PUSH_OTP",
            "authenticationMethodId": "mbid",
            "name": "Mobilt BankID"
        },
        {
            "authenticationType": "CHIP_OTP",
            "authenticationMethodId": "mbid_same_device",
            "name": "Mobile BankID on this device"
        },
        {
            "authenticationType": "PHOTO_OTP",
            "authenticationMethodId": "mbid_animated_qr_image",
            "name": "Mobile BankID on another device"
        }
    ],
    "scaStatus": "received"
}

json

3. Start Payment Authorisation

This request triggers the authentication flow. Here, you select the most appropriate SCA method for the PSU's context and initiate the authentication process. This is done by taking the authenticationMethodId of an SCA method listed in the previous step and including it in the request body. For example, if the bank supports Animated QR, the response from the previous step will include an element with mbid_animated_qr_image or mbid_animated_qr_token as the authenticationMethodId. This authenticationMethodId should be used if the authentication is to be performed on another device, while mbid_same_device (or mbid if not available) should be used if the authentication is to be performed on the same device.

Endpoint

PUT /psd2/paymentinitiation/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}

http

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.
`paymentId`	string	The ID of the payment that was created.
`authorisationId`	string	The ID of the authorisation process that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

Request Body

Name	Type	Description
`authenticationMethodId`	string	The ID of the authentication method provided by the bank.

curl -X PUT "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 26e74f88-ccb5-4dcb-94e2-1e4309c5a840" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -d '{
    "authenticationMethodId": "mbid_animated_qr_token"
    }'

bash

The first thing we need to check in the response is the SCA flow used by the bank (Decoupled or Redirect), which will be extracted from the response header aspsp-sca-approach. The response values we are interested in depend on whether we get a Decoupled or Redirect flow.

3.1. Decoupled Flow

Response Headers

aspsp-sca-approach: "DECOUPLED"

json

If the aspsp-sca-approach is DECOUPLED, the PSU will authenticate via a separate channel. As the TPP, you need to present the correct interface to the PSU.

If authenticationMethodId is mbid or mbid_same_device:

These methods launch the BankID app on the same device, meaning that you need to generate the bankIdLink. To do this, you first need to get the autoStartToken:

Response

{
    "chosenScaMethod": {
        "authenticationType": "PUSH_OTP",
        "authenticationMethodId": "mbid",
        "name": "Mobilt BankID"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90"
        }
    },
    "scaStatus": "started",
    "challengeData": {
        "data": [
            "c54d2e4f-7e2a-48e1-a1a6-982748273e33"
        ]
    }
}

json

Once you have the autoStartToken, you can construct the full QR code like this:

bankIdLink: https://app.bankid.com/?autostarttoken={autoStartToken}&redirect={redirectUriAfterDecoupledAuthentication}

text

If your PSUs only use desktop, set {redirectUriAfterDecoupledAuthentication} to null:

bankIdLink: https://app.bankid.com/?autostarttoken=c54d2e4f-7e2a-48e1-a1a6-982748273e33&redirect=null

text

If your PSUs are on mobile or mixed device types, set {redirectUriAfterDecoupledAuthentication} to the URI that the PSU should be redirected to after authenticating:

bankIdLink: https://app.bankid.com/?autostarttoken=c54d2e4f-7e2a-48e1-a1a6-982748273e33&redirect=https://exampleapplication.com/callback

text

If authenticationMethodId is mbid_animated_qr_image:

With this method, you need to dispay the Base64encoded PNG animatedQRImage and instruct the PSU to scan it in the Mobile BankID app. The image is only valid for 1 second, and must be refreshed by calling the Get Payment Authorisation SCA Status endpoint repeatedly at least every second but no more than every 500ms.

Response

{
    "chosenScaMethod": {
        "authenticationType": "PHOTO_OTP",
        "authenticationMethodId": "mbid_animated_qr_image",
        "name": "Mobile BankID on another device"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90"
        }
    },
    "psuMessage": "Please confirm with your bank app.",
    "scaStatus": "started",
    "challengeData": {
        "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEA"
    }
}

json

If authenticationMethodId is mbid_animated_qr_token:

With this method, you need to generate your own QR image from the token animatedQRToken and instruct the PSU to scan it in the Mobile BankID app. The token is only valid for 1 second, and must be refreshed by calling the Get Payment Authorisation SCA Status endpoint repeatedly at least every second but no more than every 500ms.

Response

{
    "chosenScaMethod": {
        "authenticationType": "PHOTO_OTP",
        "authenticationMethodId": "mbid_animated_qr_token",
        "name": "Mobile BankID on another device"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90"
        }
    },
    "scaStatus": "started",
    "challengeData": {
        "data": [
            "bankid.5d2f8c9fda9f45d2bcb4b0"
        ]
    }
}

json

3.2. Redirect Flow

Response Headers

aspsp-sca-approach: "REDIRECT"

json

If the aspsp-sca-approach is REDIRECT, the PSU will authenticate via the bank’s external authentication page. As the TPP, you need to extract the redirect link from our OAuth server and replace the placeholders with the relevant values.

Response

{
    "chosenScaMethod": {
        "authenticationType": "PUSH_OTP",
        "authenticationMethodId": "mbid",
        "name": "Mobilt BankID"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90"
        },
        "scaOAuth": {
            "href": "https://auth.openbankingplatform.com/connect/authorize?client_id=[CLIENT_ID]&scope=paymentinitiation%20corporate&response_type=code&redirect_uri=[TPP_REDIRECT_URI]&state=[TPP_STATE]&acr_values=idp:ESSESESS%20paymentId:fa1569fa-6cbd-43fb-98a2-7151ba2da365%20paymentAuthorisationId:6bdef9d1-c2af-43b1-b89a-d1efe2a00a90"
        }
    },
    "psuMessage": "Please confirm with your bank app.",
    "scaStatus": "started"
}

json

Replace the following placeholders in redirectLinkToBank in the following way:

[CLIENT_ID] should be replaced by your client_id.

[TPP_REDIRECT_URI] is the URI you want us to redirect to after we get confirmation from the bank that the PSU has authenticated. This URI has to be whitelisted for your application in the Developer Portal.

[TPP_STATE] is a convenience field for you to put in a value of your choice that identifies this session. It's important that you can identify the correct session after the PSU is redirected back again.

We now have what we need to let the PSU authenticate. Redirect the PSU to redirectLinkToBank. When the PSU has authenticated, the bank will route the PSU back to your [TPP_REDIRECT_URI]. Once there, you extract the URL parameters codeand scope.

redirectLinkToBank: https://www.openpayments.io/?code=SplxlOBeZQQYbYS6WxSbIA&scope=paymentintitiation%20corporate&state=sessionxyz

text

3.2.1 Activate OAuth Payment Authorisation

To finalise the payment, you make the following request:

Endpoint

POST /connect/token

http

Request Headers

Name	Type	Description
`X-PaymentId`	string	The ID of the payment that was created.
`X-PaymentAuthorisationId`	string	The ID of the authorisation process that was created.

Request Body

Name	Type	Description
`client_id`	string	The Client ID of the application you created in the Developer Portal.
`client_secret`	string	The secret key that was generated when the application was created.
`code`	string	The authorisation code received from the authorisation server after the PSU has authenticated at the bank. This code is exchanged for an access token.
`redirect_uri`	string(uri)	The URI to which the PSU was redirected after authorisation. It must exactly match the redirect URI used in the initial authorisation request.
`scope`	string	Specifies the level of access requested. It is a space-separated string combining API scopes (e.g. `paymentinitiation`) and PSU context scopes (e.g. `corporate`).
`grant_type`	string(enum)	Specifies the OAuth 2.0 grant flow to use. For redirect-based access tokens, this should be `authorization_code`.

curl -X POST "https://auth.openbankingplatform.com/connect/token" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "X-PaymentId: fa1569fa-6cbd-43fb-98a2-7151ba2da365" \
  -H "X-PaymentAuthorisationId: 6bdef9d1-c2af-43b1-b89a-d1efe2a00a90" \
  -d "client_id=555510ad-da62-4e6d-80b8-e18967eabf0b" \
  -d "client_secret=joiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5ncGxhdGZvcm0uY29tIiwiYXVkIjpb" \
  -d "code=SplxlOBeZQQYbYS6WxSbIA" \
  -d "redirect_uri=https://exampleapplication.com/callback" \
  -d "scope=paymentinitiation corporate" \
  -d "grant_type=authorization_code"

bash

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0...",
    "expires_in": 3600,
    "token_type": "Bearer", 
    "scope": "paymentinitiation corporate"
}

json

If you receive an access token it means that the request was successful. Note: This access token does not need to be stored or used in any subsequent calls.

4. Get Payment Authorisation SCA Status

Regardless of the method, you can use the scaStatus link from the Start Payment Authentication response and poll it until scaStatus becomes finalised or failed.

Endpoint

GET /psd2/paymentinitiation/v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}

http

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.
`paymentId`	string	The ID of the payment that was created.
`authorisationId`	string	The ID of the authorisation process that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X GET "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/authorisations/6bdef9d1-c2af-43b1-b89a-d1efe2a00a90" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 07a57f41-3d89-45cc-b251-e04be8445660" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187"

bash

Response

{
    "scaStatus": "finalised"
}

json

5. Get Payment Status

Lastly, we check the status of the payment by polling the Get Payment Status endpoint.

Endpoint

GET /psd2/paymentinitiation/v1/{payment-service}/{payment-product}/{paymentId}/status

http

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.
`paymentId`	string(uuid)	The ID of the payment that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X GET "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/domestic/fa1569fa-6cbd-43fb-98a2-7151ba2da365/status" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 06a2321a-e420-4ffd-982b-ba439af70b10" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187"

bash

Response

{
    "transactionStatus": "ACSC"
}

json

Note: Payments can have a number of different statuses. Here, we want to check if the payment was rejected, in which case transactionStatus would have the value RJCT. If not, then we are done.

Swedish Giro Payments

Swedish Giro payments facilitate domestic transfers within Sweden via the BankGirot and Plusgirot systems. This guide shows you how to initiate a Swedish Giro payment.

1. Create Payment

Endpoint

POST /psd2/paymentinitiation/v1/{payment-service}/{payment-product}

http

To create a single Swedish Giro payment, we set the payment-service to payments and the payment-product to swedish-giro.

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

Request Body

Name	Type	Description
`instructedAmount`	object	The amount and currency of the money to be transferred.
`debtorAccount`	object	The account from which the payment will be debited.
`creditorName`	string	The full name of the payment recipient.
`creditorGiro`	object	The Bankgirot or Plusgirot account to which the payment will be credited.
`creditorAgent`	string	The BIC of the payment recipient's bank.
`requestedExecutionDate`	string(date)	The date when the payment is scheduled to be executed in ISO 8601 format, e.g. 2025-10-31.
`invoiceRef`	string	A custom invoice reference.
`ocrRef`	string	A Giro OCR reference.
`debtorAccountMessage`	string	A personal message from the payer to themselves.
`creditorAccountMessage`	string	A personal message from the payer to the recipient.

Name	Type	Description
instructedAmount	object	The amount and currency of the money to be transferred.
debtorAccount	object	The account from which the payment will be debited.
creditorName	string	The full name of the payment recipient.
creditorGiro	object	The Bankgirot or Plusgirot account to which the payment will be credited.
creditorAgent	string	The BIC of the payment recipient's bank.
requestedExecutionDate	string(date)	The date when the payment is scheduled to be executed in ISO 8601 format, e.g. 2025-10-31.
invoiceRef	string	A custom invoice reference.
ocrRef	string	A Giro OCR reference.
debtorAccountMessage	string	A personal message from the payer to themselves.
creditorAccountMessage	string	A personal message from the payer to the recipient.

curl -X POST "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/swedish-giro" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 7aea2104-7612-4c80-99ea-707d88ddd935" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -d '{
    "instructedAmount": {
      "currency": "SEK", 
      "amount": "130.00"
    },
    "debtorAccount": {
      "iban": "SE40100100103307118608"
    }, 
    "creditorName": "Merchant123",
    "creditorGiro": {
      "giroNumber": "123-4567",
      "giroType": "BANKGIRO"
    },
    "creditorAgent": "HANDSESS", 
    "requestedExecutionDate": "2026-01-01",
    "invoiceRef": "Invoice Nr 4421", 
    "ocrRef": "3020000071266464",
    "debtorAccountMessage": "Personal note", 
    "creditorAccountMessage": "Invoice payment"
    }'

bash

Response

{
    "transactionStatus": "RCVD",
    "paymentId": "26fa3ad7-842a-436f-a162-352e203d720e",
    "_links": {
        "startAuthorisationWithTransactionAuthorisation": {
            "href": "/psd2/paymentinitiation/v1/payments/swedish-giro/26fa3ad7-842a-436f-a162-352e203d720e/authorisations"
        },
        "self": {
            "href": "/psd2/paymentinitiation/v1/payments/swedish-giro/26fa3ad7-842a-436f-a162-352e203d720e"
        },
        "status": {
            "href": "/psd2/paymentinitiation/v1/payments/swedish-giro/26fa3ad7-842a-436f-a162-352e203d720e/status"
        }
    }
}

json

After the swedish-giro payment has been created, the payment authorisation flow follows the exact same steps as the guide for initiating a domestic payment.

International TP Payments

International TP payments are a payment product that enables PSUs to initiate international payments with built-in support for real-time currency conversion using FX quotes. This guide will show you how to create an FX quote for a cross-currency payment and how to initiate an international TP payment using said quote.

1. Create FX Quote

Before initiating the payment, we first need to request an FX quote. This quote defines the exchange rate, fees, and the validity period.

Endpoint

POST /psd2/paymentinitiation/v1/fx

http

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.

Request Body

Name	Type	Description
`sourceCurrency`	string	Credentials to authenticate the client.
`targetCurrency`	string	Specifies the request format.
`requestedExecutionDate`	string(date)	The ID of the request, unique to the call, as determined by the initiating party.
`countryCode`	string	The ID of the request, unique to the call, as determined by the initiating party.
`amount`	string	The ID of the request, unique to the call, as determined by the initiating party.

curl -X POST "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/fx" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 98afac01-e0bb-4aa2-95fd-0b3204f8a183" \
  -d '{
    "sourceCurrency": "SEK",
    "targetCurrency": "EUR", 
    "requestedExecutionDate": "2026-01-01",
    "countryCode": "NL", 
    "amount": "130.00" 
    }'

bash

Response

{
  "fxQuoteId": "86099c72-fd80-477a-acbe-418888d8f054",
  "fxRate": "10.87410000",
  "fee": "1.50",
  "totalAmount": "110.25",
  "validFrom": "2024-08-23T14:12:57Z",
  "validTo": "2024-08-24T14:12:57Z"
}

json

The response contains an fxQuoteId which will be need to be referenced in the request headers of the payment request. Note: the payment needs to be signed within 1 hour of creating the FX quote. If the payment does not reach a finalised state within this timeframe, the FX contract will be voided and a new fxQuoteId will need to be created.

2. Create Payment

To create a single international TP payment, we set the payment-service to payments and the payment-product to international-tp. Then, we need to include the fxQuoteId in the request headers and specify the details of the transaction in the request body.

Endpoint

POST /psd2/paymentinitiation/v1/{payment-service}/{payment-product}

http

Path Parameters

Name	Type	Description
`payment-service`	string	The type of payment to initiate, e.g. `payments` for single payments.
`payment-product`	string	The scheme and format of the payment, e.g. `domestic` for domestic payments.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.
`FX-Quote-Id`	string	The ID of the FX Quote to be used for the payment. Used for international TP payments only.

Request Body

Name	Type	Description
`instructedAmount`	object	The amount and currency of the money to be transferred.
`debtorAccount`	object	The account from which the payment will be debited.
`creditorName`	string	The full name of the payment recipient.
`creditorAccount`	object	The account to which the payment will be credited.
`creditorAddress`	object	The address of the payment recipient.
`creditorAgent`	string	The BIC of the payment recipient's bank.
`creditorAgentName`	string	The name of the payment recipient's bank.
`requestedExecutionDate`	string(date)	The date when the payment is scheduled to be executed in ISO 8601 format, e.g. 2025-10-31.
`remittanceInformationUnstructured`	string	A free-text field for remittance information on the payment.
`debtorAccountMessage`	string	A personal message from the payer to themselves.

curl -X POST "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/payments/international-tp" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 004bd42c-034b-45de-8361-c043615784a6" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -H "FX-Quote-Id: 86099c72-fd80-477a-acbe-418888d8f054" \
  -d '{
    "instructedAmount": {
      "currency": "SEK", 
      "amount": "130.00"
    },
    "debtorAccount": {
      "iban": "SE40100100103307118608"
    },
    "creditorName": "Merchant123",
    "creditorAccount": {
      "iban": "NL02100100109307118603"
    },
    "creditorAddress": {
        "country": "NL"
    },
    "creditorAgent": "RABONL2U", 
    "creditorAgentName": "Coöperatieve Rabobank U.A.", 
    "requestedExecutionDate": "2026-01-01",
    "remittanceInformationUnstructured": "Ref Number Merchant", 
    "debtorAccountMessage": "Personal note"
    }'

bash

Response

{
    "transactionStatus": "RCVD",
    "paymentId": "ffc2937b-7610-4f03-b33d-0fcd168aa656",
    "_links": {
        "startAuthorisationWithTransactionAuthorisation": {
            "href": "/psd2/paymentinitiation/v1/payments/international-tp/ffc2937b-7610-4f03-b33d-0fcd168aa656/authorisations"
        },
        "self": {
            "href": "/psd2/paymentinitiation/v1/payments/international-tp/ffc2937b-7610-4f03-b33d-0fcd168aa656"
        },
        "status": {
            "href": "/psd2/paymentinitiation/v1/payments/international-tp/ffc2937b-7610-4f03-b33d-0fcd168aa656/status"
        }
    }
}

json

After the international TP payment has been created, the payment authorisation flow follows the exact same steps as the guide for initiating a domestic payment.

Signing Baskets

Signing baskets allow several initiated payments to be grouped and authorised in a single SCA flow. Once a signing basket is signed, each payment within it is signed simultaneously, ensuring consistency and reducing friction. All supported payment products can be included in a signing basket. This guide shows you how to create a signing basket with multiple payments within it.

1. Create Individual Payments

Before creating the signing basket, we need to first initiate the individual payments that we want to group together. Each of these requests returns a paymentId that we will use in the next step.

2. Create Signing Basket

Once we've initiated all the desired payments, we can create the signing basket and include each payment's paymentId in the request body.

Endpoint

POST /psd2/paymentinitiation/v1/signing-baskets

http

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

Request Body

Name	Type	Description
`paymentIds`	array	The IDs of the payments to include in the signing basket.

curl -X POST "/psd2/paymentinitiation/v1/signing-baskets" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 1fbf35cd-192b-4621-8edc-1885f6b8841c" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -d '{
    "paymentIds": [
      "880b6a91-23a8-45f2-96bf-2b98c5fc5cc3",
      "b0f84f58-addb-442c-8e13-d1f205a1f4ee"
    ]
    }'

bash

Response

{
  "transactionStatus": "RCVD",
  "basketId": "c9669516-a08f-448a-9fa4-d3db36456059",
  "_links": {
    "self": {
      "href": "/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059"
    },
    "status": {
      "href": "/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/status"
    },
    "startAuthorisation": {
      "href": "/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations"
    }
  }
}

json

3. Create Signing Basket Authorisation

The next step is to create an authorisation process for this signing basket. The response will provide a list of all available SCA methods for the specified bank.

Endpoint

POST /psd2/paymentinitiation/v1/signing-baskets/{basketId}/authorisations

http

Path Parameters

Name	Type	Description
`basketId`	string	The ID of the signing basket that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X POST "/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 93e4b8df-030a-44b0-94cd-7b3d2e3caf1f" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187"

bash

Response

{
    "authorisationId": "a2db692d-84a7-4d2e-bc59-0c420f876cf2",
    "scaMethods": [
        {
            "authenticationType": "PUSH_OTP",
            "authenticationMethodId": "mbid",
            "name": "Mobilt BankID"
        },
        {
            "authenticationType": "CHIP_OTP",
            "authenticationMethodId": "mbid_same_device",
            "name": "Mobile BankID on this device"
        },
        {
            "authenticationType": "PHOTO_OTP",
            "authenticationMethodId": "mbid_animated_qr_image",
            "name": "Mobile BankID on another device"
        }
    ],
    "scaStatus": "received"
}

json

3. Start Signing Basket Authorisation

Endpoint

PUT /psd2/paymentinitiation/v1/signing-baskets/{baskedId}/authorisations/{authorisationId}

http

Path Parameters

Name	Type	Description
`basketId`	string	The ID of the signing basket that was created.
`authorisationId`	string	The ID of the authorisation process that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

Request Body

Name	Type	Description
`authenticationMethodId`	string	The ID of the authentication method provided by the bank.

curl -X PUT "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 6bb8d686-9dfd-443b-8dfc-bf7cd9e6bebc" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187" \
  -d '{
    "authenticationMethodId": "mbid_animated_qr_token"
    }'

bash

3.1. Decoupled Flow

Response Headers

aspsp-sca-approach: "DECOUPLED"

json

If the aspsp-sca-approach is DECOUPLED, the PSU will authenticate via a separate channel. As the TPP, you need to present the correct interface to the PSU.

If authenticationMethodId is mbid or mbid_same_device:

These methods launch the BankID app on the same device, meaning that you need to generate the bankIdLink. To do this, you first need to get the autoStartToken:

Response

{
    "chosenScaMethod": {
        "authenticationType": "PUSH_OTP",
        "authenticationMethodId": "mbid",
        "name": "Mobilt BankID"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2"
        }
    },
    "scaStatus": "started",
    "challengeData": {
        "data": [
            "cdc5daf4c-2e6c-4fd2-aaa4-5fa711dc80fc"
        ]
    }
}

json

Once you have the autoStartToken, you can construct the full QR code like this:

bankIdLink: https://app.bankid.com/?autostarttoken={autoStartToken}&redirect={redirectUriAfterDecoupledAuthentication}

text

If your PSUs only use desktop, set {redirectUriAfterDecoupledAuthentication} to null:

bankIdLink: https://app.bankid.com/?autostarttoken=dc5daf4c-2e6c-4fd2-aaa4-5fa711dc80fc&redirect=null

text

If your PSUs are on mobile or mixed device types, set {redirectUriAfterDecoupledAuthentication} to the URI that the PSU should be redirected to after authenticating:

bankIdLink: https://app.bankid.com/?autostarttoken=dc5daf4c-2e6c-4fd2-aaa4-5fa711dc80fc&redirect=https://exampleapplication.com/callback

text

If authenticationMethodId is mbid_animated_qr_image:

With this method, you need to dispay the Base64encoded PNG animatedQRImage and instruct the PSU to scan it in the Mobile BankID app. The image is only valid for 1 second, and must be refreshed by calling the Get Signing Basket Authorisation SCA Status endpoint repeatedly at least every second but no more than every 500ms.

Response

{
    "chosenScaMethod": {
        "authenticationType": "PHOTO_OTP",
        "authenticationMethodId": "mbid_animated_qr_image",
        "name": "Mobile BankID on another device"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2"
        }
    },
    "psuMessage": "Please confirm with your bank app.",
    "scaStatus": "started",
    "challengeData": {
        "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAFA"
    }
}

json

If authenticationMethodId is mbid_animated_qr_token:

With this method, you need to generate your own QR image from the token animatedQRToken and instruct the PSU to scan it in the Mobile BankID app. The token is only valid for 1 second, and must be refreshed by calling the Get Signing Basket Authorisation SCA Status endpoint repeatedly at least every second but no more than every 500ms.

Response

{
    "chosenScaMethod": {
        "authenticationType": "PHOTO_OTP",
        "authenticationMethodId": "mbid_animated_qr_token",
        "name": "Mobile BankID on another device"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2"
        }
    },
    "scaStatus": "started",
    "challengeData": {
        "data": [
            "bankid.5d2f8c9fda9f45d2bcb6b0"
        ]
    }
}

json

3.2. Redirect Flow

Response Headers

aspsp-sca-approach: "REDIRECT"

json

Response

{
    "chosenScaMethod": {
        "authenticationType": "PUSH_OTP",
        "authenticationMethodId": "mbid",
        "name": "Mobilt BankID"
    },
    "_links": {
        "scaStatus": {
            "href": "/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2"
        },
        "scaOAuth": {
            "href": "https://auth.openbankingplatform.com/connect/authorize?client_id=[CLIENT_ID]&scope=paymentinitiation%20corporate&response_type=code&redirect_uri=[TPP_REDIRECT_URI]&state=[TPP_STATE]&acr_values=idp:ESSESESS%20basketId:c9669516-a08f-448a-9fa4-d3db36456059%20basketAuthorisationId:a2db692d-84a7-4d2e-bc59-0c420f876cf2"
        }
    },
    "psuMessage": "Please confirm with your bank app.",
    "scaStatus": "started"
}

json

Replace the following placeholders in redirectLinkToBank in the following way:

[CLIENT_ID] should be replaced by your client_id.

redirectLinkToBank: https://www.openpayments.io/?code=SplxlOBeZQQYbYS6WxSbIA&scope=paymentintitiation%20corporate&state=sessionxyz

text

3.2.1 Activate OAuth Signing Basket Authorisation

To finalise the payment, you make the following request.

Endpoint

POST /connect/token

http

Request Headers

Name	Type	Description
`X-BasketAuthorisationId`	string	The ID of the authorisation process that was created.
`X-BasketId`	string	The ID of the basket that was created.

Request Body

Name	Type	Description
`client_id`	string(uuid)	The Client ID of the application you created in the Developer Portal.
`client_secret`	string	The secret key that was generated when the application was created.
`code`	string	The authorisation code received from the authorisation server after the PSU has authenticated at the bank. This code is exchanged for an access token.
`redirect_uri`	string(uri)	The URI to which the PSU was redirected after authorisation. It must exactly match the redirect URI used in the initial authorisation request.
`scope`	string	Specifies the level of access requested. It is a space-separated string combining API scopes (e.g. `paymentinitiation`) and PSU context scopes (e.g. `corporate`).
`grant_type`	string(enum)	Specifies the OAuth 2.0 grant flow to use. For redirect-based access tokens, this should be `authorization_code`.

curl -X POST "https://auth.openbankingplatform.com/connect/token" \
  -H "Accept: application/json" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "X-BasketAuthorisationId: 6bdef9d1-c2af-43b1-b89a-d1efe2a00a90" \
  -H "X-BasketId: fa1569fa-6cbd-43fb-98a2-7151ba2da365" \
  -d "client_id=555510ad-da62-4e6d-80b8-e18967eabf0b" \
  -d "client_secret=joiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5ncGxhdGZvcm0uY29tIiwiYXVkIjpb" \
  -d "code=SplxlOBeZQQYbYS6WxSbIA" \
  -d "redirect_uri=https://exampleapplication.com/callback" \
  -d "scope=paymentinitiation corporate" \
  -d "grant_type=authorization_code"

bash

Response

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0...",
    "expires_in": 3600,
    "token_type": "Bearer", 
    "scope": "paymentinitiation corporate"
}

json

If you receive an access token it means that the request was successful. Note: This access token does not need to be stored or used in any subsequent calls.

4. Get Signing Basket Authorisation SCA Status

Regardless of the method, you can use the scaStatus link from the Start Signing Basket Authorisation response and poll it until scaStatus becomes finalised or failed.

Endpoint

GET /psd2/paymentinitiation/v1/signing-baskets/{basketId}/authorisations/{authorisationId}

http

Path Parameters

Name	Type	Description
`basketId`	string	The ID of the signing basket that was created.
`authorisationId`	string	The ID of the authorisation process that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X GET "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: 61fd4434-5d64-41d2-8f66-ffbe331e46c2" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187"

bash

Response

{
    "scaStatus": "finalised"
}

json

5. Get Signing Basket Status

Lastly, we check the status of the payment by polling the Get Signing Basket Status endpoint.

Endpoint

GET /psd2/paymentinitiation/v1/signing-baskets/{basketId}/status

http

Path Parameters

Name	Type	Description
`basketId`	string	The ID of the signing basket that was created.

Request Headers

Name	Type	Description
`X-Request-ID`	string(uuid)	The ID of the request, unique to the call, as determined by the initiating party.
`X-BicFi`	string	The BIC of the bank to which the request is addressed.
`PSU-ID`	string	The ID used to identify the PSU at the bank. Typically a local social security number or another unique login ID.
`PSU-Corporate-ID`	string	The Corporate ID of the PSU when acting on behalf of an organization, e.g. Org. nummer for SE, KVK for NL.
`TPP-Redirect-Preferred`	boolean	Indicates a preference for redirect-based SCA over decoupled when set to `true`. The bank may not support both types.
`PSU-IP-Address`	string(ipv4)	The IP address of the PSU to be forwarded to the bank. Only included if the request was actively initiated by the PSU.

curl -X GET "https://api.openbankingplatform.com/psd2/paymentinitiation/v1/signing-baskets/c9669516-a08f-448a-9fa4-d3db36456059/authorisations/a2db692d-84a7-4d2e-bc59-0c420f876cf2" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIn0..." \
  -H "Content-Type: application/json" \
  -H "X-Request-ID: a464b8b0-59fa-4890-9cb7-ae9baf5820f4" \
  -H "X-BicFi: ESSESESS" \
  -H "PSU-ID: 123456789001" \
  -H "PSU-Corporate-ID: 1234567890" \
  -H "TPP-Redirect-Preferred: false" \
  -H "PSU-IP-Address: 152.120.171.187"

bash

Response

{
    "transactionStatus": "ACSC"
}

json

Note: Signing baskets can have a number of different statuses. Here, we want to check if the basket was rejected, in which case transactionStatus would have the value RJCT. If not, then we are done.

Account Information ISO Payments

​Domestic Payments

​1. Create Payment

​Endpoint

​Path Parameters

​Request Headers

​Request Body

​Response

​2. Create Payment Authorisation

​Endpoint

​Path Parameters

​Request Headers

​Response

​3. Start Payment Authorisation

​Endpoint

​Path Parameters

​Request Headers

​Request Body

​3.1. Decoupled Flow

​Response Headers

​Response

​Response

​Response

​3.2. Redirect Flow

​Response Headers

​Response

​3.2.1 Activate OAuth Payment Authorisation

​Endpoint

​Request Headers

​Request Body

​Response

​4. Get Payment Authorisation SCA Status

​Endpoint

​Path Parameters

​Request Headers

​Response

​5. Get Payment Status

​Endpoint

​Path Parameters

​Request Headers

​Response

​Swedish Giro Payments

​1. Create Payment

​Endpoint

​Path Parameters

​Request Headers

​Request Body

​Response

​International TP Payments

​1. Create FX Quote

​Endpoint

​Request Headers

​Request Body

​Response

​2. Create Payment

​Endpoint

​Path Parameters

​Request Headers

​Request Body

​Response

​Signing Baskets

​1. Create Individual Payments

​2. Create Signing Basket

​Endpoint

​Request Headers

​Request Body

​Response

​3. Create Signing Basket Authorisation

​Endpoint

​Path Parameters

​Request Headers

​Response

​3. Start Signing Basket Authorisation

​Endpoint

​Path Parameters

​Request Headers

​Request Body

​3.1. Decoupled Flow

​Response Headers

​Response

​Response

Domestic Payments

1. Create Payment

Endpoint

Path Parameters

Request Headers

Request Body

Response

2. Create Payment Authorisation

Endpoint

Path Parameters

Request Headers

Response

3. Start Payment Authorisation

Endpoint

Path Parameters

Request Headers

Request Body

3.1. Decoupled Flow

Response Headers

Response

Response

Response

3.2. Redirect Flow

Response Headers

Response

3.2.1 Activate OAuth Payment Authorisation

Endpoint

Request Headers

Request Body

Response

4. Get Payment Authorisation SCA Status

Endpoint

Path Parameters

Request Headers

Response

5. Get Payment Status

Endpoint

Path Parameters

Request Headers

Response

Swedish Giro Payments

1. Create Payment

Endpoint

Path Parameters

Request Headers

Request Body

Response

International TP Payments

1. Create FX Quote

Endpoint

Request Headers

Request Body

Response

2. Create Payment

Endpoint

Path Parameters

Request Headers

Request Body

Response

Signing Baskets

1. Create Individual Payments

2. Create Signing Basket

Endpoint

Request Headers

Request Body

Response

3. Create Signing Basket Authorisation

Endpoint

Path Parameters

Request Headers

Response

3. Start Signing Basket Authorisation

Endpoint

Path Parameters

Request Headers

Request Body

3.1. Decoupled Flow

Response Headers

Response

Response