Frequently Asked Questions
The following comprise a growing list of TPP developer queries. Check back often, as the list is updated periodically with/without notice.
Do I need to have an AISPAccount Information Service Provider – a TPP authorised to access consumer or business account data from the account holder's financial institutions with the account holder's explicit consent. or PISPPayment Initiation Service Provider – a TPP that initiates a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. license to use your service?
No, Token has obtained AISP and PISP approval from the FCAFirms and individuals must be authorised by the Financial Conduct Authority (FCA) equivalent in each country to carry out regulated financial service activities and offer credit to consumers. For the list of FCA-equivalent regulators outside of the UK, please visit https://www.fca.org.uk/firms/passporting/regulators-eu-eea in the UK, passported across Europe. However, please note that if you require AISAccount Information Service – supports TPP secure access to customer accounts and data, but only with the bank-verified consent of the customer. functionality, you may be required to register as an agent of Token via the FCA. We will assist you with any required formalities. Contact us for further information.
Do you have a sandbox that I can test with?
Yes, Token has a full sandbox and notional banks with which you can test your integration. During initial setup (see Onboarding), follow the client setup instructions to connect to our SANDBOX environment. We recommend you start out with Wood Bank (United Kingdom). Contact us to learn more about other available banks in the sandbox.
Can I test against sandboxes hosted by real banks in your network?
Yes. Upon completing your integration testing with Token’s notional banks, you can test with any of our directly integrated partner banks (pursuant to PSD2 regulations). For additional details, don’t hesitate to contact us.
Can I set up a standing order or recurring payment using your Smart Token technology?
Does Token offer categorisation options for retrieving transaction history?
No, Token does not currently offer categorization. However we expect support for this feature to be available sometime in the future.
Can I make cross-border payments?
What timezones do banks use?
Token uses UTCCoordinated Universal Time – a standard used to set all time zones around the world. For instance, Berlin is in the time zone UTC plus one hour (UTC+1:00), which means it is 1 hour later in Berlin than the reading on a UTC clock. Most EU countries are in the Central European Time zone. CET alternates between UTC+1 (standard time) and UTC+2 (when daylight saving time (DST) is observed). All countries in the CET time zone observe DST (UTC+2) from 02:00 am on the last Sunday of March until 03:00 am on the last Sunday of October. as the default time zone for all banks across all countries.
Is there a way to get the status of a transaction/payment with a token request ID If due to some reason we lost the response for redeem token call?
Yes. Call getToken to find its associated token requestId. You can also use the tokenId to call GetTransfers to see all associated transfers. In short, the transfer(s) and the token requestId are all linked to a tokenId.
What provides Idempotence for the CreateTransfer (aka redeemToken) call?
Including the same refId when calling CreateTransfer provides idempotenceFrom a RESTful service standpoint, for an operation (or service call) to be idempotent, clients can make that same call repeatedly while producing the same result. In other words, making multiple identical requests has the same effect as making a single request. Note that while idempotent operations produce the same result on the server (no side effects), the response itself may not be the same (e.g. a resource's state may change between requests)..
What do different transaction statuses mean? How should each case be handled? Which cases should we retry, what’s the proper retry interval, its lifecycle, etc.?
See Payment Status: Values and Meaning for the complete list of status codes and their definition.
Handling with regard to retry intervals is almost entirely bank-dependent, but here are some general pointers:
- PENDING – request still needs to be sent to bank; bank may be down or otherwise unable to receive requests; should be a relatively short wait.
- PENDING_EXTERNAL_AUTHORIZATION – the user needs to finish the flow for legacy transfer; it’s possible the user never finished SCAStrong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that account access for information and electronic payments is safeguarded by multi-factor authentication..
- PROCESSING – the bank has accepted the request but it hasn't yet cleared. The wait is bank-dependent.
- SENT – (legacy transfers only) the transaction has been sent but has not yet been acknowledged by the bank. This status is final; it occurs when a transient error happens and the provider does not support a method for ensuring idempotency.
Why do some banks require the Token App to work with Finvertax/Southside and others don’t?
Token supports both Appless and App flows. To discover which banks support a particular flow, use a getBanks call and set supportsAppless to true/false to filter the list accordingly.
Can I customise the token request flow with a logo, display, etc.?
Yes. You can set your profile display and picture when you set up your business member profile (see Step 6 in Onboarding). You can also customise the Token Webapp UI with your logo and colors. See Customising the Token Webapp for details.
What is the process for going live in Token's production environment?
See Going Into Production for detailed guidance.
What about transfer reconciliation? What information will be included for the transaction description in the source bank account statement?
Much of this is bank-dependent. For CMA9 banks, Token passes the refId to the source bank to use according to bank policy. In general, most banks include the refId in the transaction description, but it's entirely at the bank's discretion.
Why is there no description in the receipt email?
The description in the email is from the transfer description, not the token description, and should be provided when calling redeemToken.
How do I notify Token of questions or issues I’m encountering?
Contact our support desk with details on the issue or question. We’ll follow up with you straightaway.