Introduction
Nordea introduces a new feature called Single strong customer authentication (SCA) payment flow. After a payment is initiated, a signing URL will be generated, the TPPs need to redirect the end user to that signing page. After the payment is signed by the PSU, the user is redirected back to the Third Party Provider (TPP) page (the one provided during the onboarding process for the sake of the OAuth2.0 authorization flow). The redirect url also includes auth_code using to exchange to an access token for get details and cancellation for Single SCA payments. If the page is not available for some reason, the PSU will be redirected to the Nordea home page.
Detailed explanation
something about auth code to be added
Endpoint | AS-IS | More info of changes | ||
POST: /v*/payments/authorization/domestic-credit-transfer or POST: /v*/payments/authorization/sepa-credit-transfer |
response 201 CREATED { |
The link relation "signing" will be the header "location" redirection to be sent to the PSU in some form of browser. The result will in the end be a 200 OK, this should trigger a close of the browser session |
||
GET: "$nasa_url$?order_id=1234567&redirect_uri=$obi_url$ &state=$url_encoded_parameters$" |
HTTP_Status 302 redirect Format of the success response (redirection url to the TPP):
In case of error, HTTP_Status 302 redirect Format of the success response (redirection url to the TPP):
|
After the payment is signed by the PSU, the user is redirected to the Third Party Provider (TPP) page (the one provided during the onboarding process for the sake of the OAuth2.0 authorization flow). If the page is not available for some reason, the PSU will be redirected to the Nordea home page. The "success" query parameter in the response indicates if the signing was completed. Note: it doesn't have to mean the payment was successfully executed. For example: for domestic DK payments a second channel confirmation (like SMS) is required when the amount is bigger than 100 000 DKK. To make sure the transfer was paid and done - see next step.
The encode-string-with-multiple-parameters has 2 parameter external-id and status (the payment status). |
||
GET: /personal/v1/payments/{external-id}/status or GET: /personal/v2/payments/{payment-id}/status |
response 200 OK |
Check the "payment_status" field value to find out if the payment was successfully executed (should be "paid"). External-id, is the external_id used in the initiate payment step. Payment-id is the payment_id from the payment initiation response. |
Request sample
{
"payment": {
"amount": 9.12,
"currency": "EUR",
"creditor": {
"account": {
"value": "FI1450000120236228",
"currency": "EUR"
},
"name": "Beneficiary name",
"message":"Message to Ben"
},
"debtor": {
"account": {
"currency": "EUR",
"value": "FI6915723500036470"
}
},
"external_id": "{{$guid}}",
"merchant":"Shoe shop"
},
"authentication": {
"state": "obi-supplied-state-FI",
"redirect_uri": "https://postman-echo.com/get",
"authentication_method" : "CCALC"
}
}
Response sample
{
"group_header": {
"message_identification": "bkrGaOIGN1LqOOVi",
"creation_date_time": "2021-02-17T12:57:16.460971Z",
"http_code": 201
},
"response": {
"_links": [
{
"rel": "redirect",
"href": "https://api.dev.nordeaopenbanking.com/nasa-mock/ssca?client_id=dummy_client_id_fi&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fapi.dev.nordeaopenbanking.com%2Fv3%2Fpayments%2Fdomestic%2Fsign%2Fcallback&response_type=code&code_challenge=tpPjp1R9DHAgBDCgFnbcwVVEIV4BTI_U8aHDMwMDumo&scope=openid+ndf+agreement&state=4c019bf9-37b3-41ce-949b-083b4e4a3570&nonce=fN3mvwBQTEdSzp34U2mQ9WSVm436uwhLC6tT9MBy&login_hint=ccalc&signing_token=DummySignedToken"
},
{
"rel": "status",
"href": "/v1/payments/4e4f0859-d0a4-4f06-aad0-327d0f920333/status"
}
]
}
}
How is this different than the normal PIS API
The Single SCA doesn't require initial authentication to to be able to initiate a new payment, instead, it requires only signing of the payment.
Which countries are supported
Sweden, Finland and Norway.
Any plans to implement in Denmark
Yes, in the near future.
What consents are required in order to initiate/create a single SCA payment
It requires only the end user sign of the payment.
What formats can be use for accounts (debtor, creditor)
For debtor we support BBAN_DK, BBAN_NO, BBAN_SE and IBAN,
For creditor we support BBAN_DK, BBAN, NO, BBAN_ SE, BGNR, GIRO_DK and IBAN type. (please check for doc)
FX
"creditor": {
"account": {
"value": "FI1450000120236228",
"currency": "EUR"
},
"name": "Beneficiary name",
"message":"Message to Ben"
},
"debtor": {
"account": {
"currency": "EUR",
"value": "FI6915723500036470"
}
}
Can I do a cross border payment
No, it is not supported yet.