Transmitting PSU Consent

Token-connected banks require PSUClosedPayment Services User – an individual person or legal business entity making use of an Open Banking service as a payee, payer or both. consent to accept payment initiation from a PISPClosedPayment Initiation Service Provider – a TPP that initiates a payment order at the request of the payment service user with respect to a payment account held at another payment service provider..

For Token-connected banks supporting immediate transfer token redemption, this is generally sufficient to automatically proceed with the transfer request under a payment flow called Bank-initiated (1-step). For Token-connected banks that support token redemption by the TPP only, the TPP is required to explicitly confirm customer consent by redeeming the transfer token with a POST /transfers call. This is referred to as a TPP-initated (2-step) flow.

For two-step payments, the TPP receives a tokenId in response to its transfer request. Under the 1-step flow, the TPP automatically receives a transferId and transfer status after making the transfer request.

Bank-initiated Payments (1-step)

The basic steps for the first method ("requiresOneStepPayment": true) are depicted in the following flow (hover to enlarge).

TPP-initiated Payments (2-step)

The basic flow for the second method ("requiresOneStepPayment": false) for this method looks like this (hover to enlarge):

Placing this all into perspective, if you only want to support only one method, set the filtering criteria in your GET /banks call accordingly. For instance, if you want to support transfer token redemption by the bank exclusively, set requiresOneStepPayment to true in your GET /banks call. If you want to support transfer token redemption by the TPP, set requiresOneStepPayment to false in GET /banks. If you will support both methods, don't set it at all.

Again, the essential difference between the two flows lies in how the TPP handles the response from the bank.

Guidance on how to structure and when to make the corresponding API calls is discussed under the respective payment type: