Create a payment setup request

Last updated Nov 2, 2020

This article describes how a TPP (Third Party Provider) can initiate a payment by requesting consent from the user.

1 reader recommends this article



We recommend that you follow the Payment API video in parallel with this article to help you understand the sample code. Additionally, you should review the Open Banking standard.

You can request consent from a user using the flow detailed in the Open Banking OIDC Security Profile. In summary, the steps to create a payment setup request are:

  1. Get an access token to represent you as a TPP using the Client credential flow.
  2. Use the access token obtained in step 1 to create a payment setup request.
  3. Initiate a Hybrid flow using the payment request ID you received from your payment setup request. This ID corresponds to the intent ID specified in the hybrid flow.

Create a payment setup request

You can create a payment setup request with the access token generated from the client credential JWT flow. This process is described in the Open Banking standard. You can also see an example in the ForgeRock sample project.

Here is an example payment setup request for ForgeRock ASPSP:

$ curl -X POST \ \ -H 'Accept: application/json' \ -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiI1YjhjY2E4NS0xODcwLTQ1MzYtYTAxNi00ZjI2YmJlYWU3NDIiLCJhdWRpdFRyYWNraW5nSWQiOiI5OTg3OTJjOS03NmNkLTRkZGUtYTQzMC1mOGVjZDZlOTdiZDEiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmludGVnLW9iLmZvcmdlcm9jay5maW5hbmNpYWwvb2F1dGgyL29wZW5iYW5raW5nIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiYzE0NjdkMzYtY2JhOS00NjY0LWFmOTgtMjEyZjU3NGJjYjQ0IiwiYXVkIjoiNWI4Y2NhODUtMTg3MC00NTM2LWEwMTYtNGYyNmJiZWFlNzQyIiwibmJmIjoxNTEzNzc1OTY1LCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwic2NvcGUiOlsib3BlbmlkIiwiYWNjb3VudHMiXSwiYXV0aF90aW1lIjoxNTEzNzc1OTY1LCJyZWFsbSI6Ii9vcGVuYmFua2luZyIsImV4cCI6MTUxMzc3OTU2NSwiaWF0IjoxNTEzNzc1OTY1LCJleHBpcmVzX2luIjozNjAwLCJqdGkiOiIzYjhlNzc0OS00ZmM1LTQzMDctYTY0NC0zYmRjMzliZDE4NzEifQ.6qjz6oy9Qer9lFftPkummWaxrO1afPEypp8SxUPKYN2HVsC3vGV68WkDELYuBg01GOT73Ej3OAunlW5dbPPrlA' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/json' \ -H 'Postman-Token: e6cbd691-58aa-c377-072a-cff99d43b349' \ -H 'x-fapi-customer-ip-address:' \ -H 'x-fapi-customer-last-logged-time: Sun, 10 Sep 2017 19:43:31 UTC' \ -H 'x-fapi-financial-id: 0015800001041REAAY' \ -H 'x-fapi-interaction-id: 93bac548-d2de-4546-b106-880a5018460d' \ -H 'x-idempotency-key: FRESCO.21302.GFX.20' \ -d '{ "Data": { "Initiation": { "InstructionIdentification": "ACME412", "EndToEndIdentification": "FRESCO.21302.GFX.20", "InstructedAmount": { "Amount": "165.88", "Currency": "GBP" }, "CreditorAccount": { "SchemeName": "SortCodeAccountNumber", "Identification": "08080021325698", "Name": "ACME Inc", "SecondaryIdentification": "0002" }, "RemittanceInformation": { "Reference": "FRESCO-101", "Unstructured": "Internal ops code 5120101" } } }, "Risk": { "PaymentContextCode": "EcommerceGoods", "MerchantCategoryCode": "5967", "MerchantCustomerIdentification": "053598653254", "DeliveryAddress": { "AddressLine": [ "Flat 7", "Acacia Lodge" ], "StreetName": "Acacia Avenue", "BuildingNumber": "27", "PostCode": "GU31 2ZZ", "TownName": "Sparsholt", "CountySubDivision": [ "Wessex" ], "Country": "UK" } } }'

You will receive a payment request ID in the response, which you need to extract and save for later; it is needed for the hybrid flow. For example, the payment request ID we received is:



You should now have received an access token after completing the hybrid flow; this access token represents user consent for this payment.

You can use this access token with the payments API to get paid as detailed in Payment submission.

Copyright and Trademarks Copyright © 2020 ForgeRock, all rights reserved.