You can view the full standard and more information about its design principles in Confluence.
How it works
First the customer requests that a Third Party (via a website or app) makes a payment to a beneficiary. The Payment Initiation API standard then enables the following:
- The Third Party sets up a payment initiation flow with the API Provider (e.g. the customer’s bank).
- The Third Party transfers the customer to their bank to securely authorise the payment from a specific account. In v2.0 and above of the standard either a redirect or decoupled authentication flow can be used for the customer to authorise payment.
- The API Provider gives real-time confirmation to the Third Party that the customer has authorised the payment.
- The Third Party submits the payment for processing with the API Provider.
- The API Provider makes the payment to the beneficiary.
Payment Initiation API illustration
Enduring Payment Consent
In v2.0 and above of the Payment Initiation API, it's possible to establish and utilise long-lived consents. This new functionality enables a Third Party to process payments from a customer’s account to a nominated beneficiary multiple times, with the customer’s consent.
This functionality streamlines the authentication flow substantially over the life of the consent and removes the requirement for the customer to authorise consent with their bank every time a payment is made.