SaltEdge PSD2 Compliance Logo

Payment Statuses

The current stage of a payment lifecycle is represented in status field. The status of a payment can be one of the following:

Name Description
processing Salt Edge PSD2 Compliance is processing the request or response.
redirect Provider requires a redirect for authentication.
waiting_confirmation Provider is waiting for the consent of Customer.
waiting_confirmation_code Provider is waiting for a confirmation code, be it OTP for authentication or Dynamic linking for performing a payment.
closed Session is closed.

Create

Create a payment order on behalf of PSU

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSIsImJlbmVmaWNpYXJ5X2lkIjozODMsImZvcmNlX3NjYSI6dHJ1ZSwiZXh0cmEiOnt9LCJ0ZW1wbGF0ZV9pZCI6ODI0LCJwYXltZW50X2F0dHJpYnV0ZXMiOnsiZnJvbV9hY2NvdW50IjoiOTU0MjM0MjMxMiIsInRvX2FjY291bnQiOiIzNDU4OTc5NTcwIiwiYW1vdW50IjoiMTUwLjAwIiwiZGVzY3JpcHRpb24iOiJUZXN0IHBheW1lbnQuIn0sInByb3ZpZGVyX2NvZGUiOiJkZW1vYmFuayJ9LCJleHAiOjE2MTQ1NzQzOTB9.BPOcMLMLnRtIM70vj_q2J9z4OTWDz1sNyzobBf8njiTwhWgs2t0KX0tAKKnczxCDY3pp2l_4P3rf4-MY3GoOnXvpLUtesnETAdykVSpHZH5dcq7dnrQ_6HCIcCc2TUzcdTQ2WdNhe7wrRhAfyXlOoWlDK8zneBEilmflOLf0e3b4f9n-4wvAIcKrR-DeFjnWSBkcdAU4Jh6fTzHvuknPlQ4c2wg-30-3ap4mTnf-fbhteLjkRRIWESwsUE4_8BT3QdO4ewxR02ph4PDnnfuIiBikSktppPXLIoufFc9u0YaFvQsvBGsn8HjTVumPakbN2-juJvdPXkF8fXpKgo8dug" \ 
 -H "App-Id: pRhi4X5YXwmccpgmDsLb1w" \ 
 -H "App-Secret: dszz3LNHbWnqz9HnnH8DhA" \ 
 -H "Access-Token: aacd4e18fab5b180b5e3cc4d35f8600ec08e1be219e5ec9400bc819357928a9283e8d6941215742aaa127d9076496bf210044545cbc1dc00489f295024c926c8" \ 
 -H "Client-Request-Id: 17" \ 
 -X POST "/api/v2/payments"

Example of unpacked Authorization header

{"data":{"redirect_url":"https://user.will.be/redirected/here","beneficiary_id":383,"force_sca":true,"extra":{},"template_id":824,"payment_attributes":{"from_account":"9542342312","to_account":"3458979570","amount":"150.00","description":"Test payment."},"provider_code":"demobank"},"exp":1574093209}

Example of response

{"data":{"status":"pending","description":"Internal payment.","fees":[{"amount":0.25,"description":"Bank fee.","currency_code":"EUR"},{"amount":0.1,"description":"Payment fee.","currency_code":"EUR"}],"updated_at":"2019-11-18T16:04:50.320Z","id":997,"payment_attributes":{"from_account":"9542342312","to_account":"3458979570","amount":"150.00","description":"Test payment."},"session":{"fail_message":"","id":611,"secret":"x2xxJojJkQ9u56EyU_NS","status":"processing","events":[{}],"success_at":"2019-11-18T16:04:50.320Z","expires_at":"2019-11-18T17:04:50.320Z","fail_at":""},"created_at":"2019-11-18T16:04:50.320Z"}}
Request

POST /api/v2/payments

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
AccessDenied 401 Action you want to perform is not allowed. More in error_message
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
ProviderNotFound 404 Provider specified in request does not exist or cannot be retrieved.
TrustedBeneficiaryNotFound 404 Trusted Beneficiary specified in request does not exist or cannot be retrieved.
TemplateNotFound 404 Template specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Show

Endpoint used to fetch all data relevant to a payment including fees, status and other.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImlkIjo5NjF9LCJleHAiOjE2MTQ1NzQzOTB9.LmpSCVHxzQVzY7Jhb9uDJz1iKm0lS38u69bN_-6mYdmhYNGZchZtKrQ_ohl5sAgbTjtx4iG7vAb1ZpV7bg8V6LxymbSRHNlV6oKOi6B8aSXfMO12jvMRzNPVReBEArp5vVsGjVRzQCkeUAuIOSaI0rWhj1FdLliGQPGljalAYu_yUst4a33beJWjmBAAZfwtQmxRbv5GLOsWAy0yDcubvoIBG5EhO2DtTBrHqfyjqIsfmfgYcBjknQ94c7C6Qo6pAjAwqeKhNyhzVy7Kdpv0bMdr3bx6neGJZJ0P7Y220djAwkhcBQZ1zi1zXnUnt3uzCvyme7kstmJCs_cwZs-Bxg" \ 
 -H "App-Id: xiPaOjVpBugwMgcYacdZtA" \ 
 -H "App-Secret: -vhQNUkweQ8udbSof_w-Fg" \ 
 -H "Access-Token: 057b31e63213d7c1f825398fb26de481c5d97ff2d89caad409c2b765418f84ca398f9338df21012f3e004d4c73fef623ce8464e829ce9e58ffc52fdbc48da467" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/payments/:id"

Example of unpacked Authorization header

{"data":{"id":961},"exp":1574093210,"id":141}

Example of response

{"data":{"status":"closed","description":"Test payment","fees":[{"amount":0.25,"description":"Bank fee.","currency_code":"EUR"},{"amount":0.1,"description":"Payment fee.","currency_code":"EUR"}],"updated_at":"2019-11-18T16:04:50.451Z","id":305,"payment_attributes":{"from_account":"9542342312","to_account":"3458979570","amount":"150.00","description":"Test payment."},"interactive_step_instruction":{"interactive_field":"sms_pincode","instruction":{}},"session":{"fail_message":"","id":501,"secret":"oxL4oeiCApNvSKQYKGoi","status":"processing","events":[{}],"success_at":"2019-11-18T16:04:51.450Z","expires_at":"2019-11-18T17:04:50.450Z","fail_at":""},"created_at":"2019-11-18T16:04:50.451Z"}}
Request

GET /api/v2/payments/:id

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
id
integer, required
Payment identifier in Salt Edge PSD2 Compliance. Can raise: PaymentNotFound
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Confirm

This endpoint is used for processing additional interactive steps in the process of payment creation.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImNyZWRlbnRpYWxzIjp7InNtc19waW5jb2RlIjoiMTIzNDU2In19LCJleHAiOjE2MTQ1NzQzOTB9.LFmp81JCKbVwzzX9Yto4ExY3LiSU_4ZCIEsLybGWsJbcv4uu8GYTdxafENTBVdi2kAKQPJHky8xmLHEVQvcEl0PcRJCb1AJjPSW8GUcaCuBilE6WOMXMka5DiMwHhV1TLymdjNLSSn4b1o1KTbgZ5XAnUTUNxXQTHzDOeGTecoaQK_JfOdDokfSIaOuw6w6xUduLqAhWKxxdCj1Dg1VEmG7S4LW25jpeSAWEog2Gun0bJGsCeSskfe6ngAnZPw81gOIPmNmlhWvsodKhYbbsERdgMhDBmiz9uKQVBfgQsbmAIM7e0nhF7oRoanR98odJ8DPnIfRkCPDjLzHpuzgRPA" \ 
 -H "App-Id: kai5JbcoWosdVUzLG2ib1A" \ 
 -H "App-Secret: H9EhmbtXlqm73MML5Z8E8w" \ 
 -H "Access-Token: 19561f4a7115f1c8cd6818748e4f2f90aafa24ac42c139a0c99c92784a786e70eb7755be5582867fca28c78addd743f17c2758de65b0c69eb8ef78c049c62af6" \ 
 -H "Client-Request-Id: 17" \ 
 -X PUT "/api/v2/payments/:id"

Example of unpacked Authorization header

{"data":{"credentials":{"sms_pincode":"123456"}},"exp":1574093209,"id":794}

Example of response

{"data":{"status":"good","description":"Internal transfer.","fees":[{"amount":0.25,"description":"Bank fee.","currency_code":"EUR"},{"amount":0.1,"description":"Payment fee.","currency_code":"EUR"}],"updated_at":"2019-11-18T16:04:50.249Z","id":691,"payment_attributes":{"from_account":"9542342312","to_account":"3458979570","amount":"150.00","description":"Test payment."},"session":{"fail_message":"","id":461,"secret":"yua36KyKycry_hAPQQVQ","status":"processing","events":[],"success_at":"","expires_at":"2019-11-18T16:04:50.249Z","fail_at":""},"created_at":"2019-11-18T16:04:50.249Z"}}
Request

PUT /api/v2/payments/:id

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
id
integer, required
Payment identifier in Salt Edge PSD2 Compliance. Can raise: PaymentNotFound, SessionExpired, SessionClosed
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.

Destroy

Cancel the payment that is in the process of creation, meaning it has not been confirmed yet.

CURL

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNjE0NTc0MzkwfQ.H8Db4T_dvE_bS7exo4ocgshln8BipMlGgp5MI8dkD3jqYQbx7cEqG56U9AV35a4sKNcBg5WxLDvDtbam1YD7jyqqQQvn2VuJ4QqyWooiKLXAWj1a3igb5B2Qc5ARF5kHqJU8Dx561jeHwkTudapmAjSpbf3SHgIEGLUT0gsfQnuOyIqXrjO4y2PZwINhC9snnHi4HZ9uwy-SQ1IQyl2GcIoXXksHiPhWFvqGgWs90sfl9CvZjURGWPapvgI7g8FA6USjXnADKlNvyXpmBruwEEHbbi-KoiG0KJGTz9MmUI_E2oEDjfWmpwA061pB5n5KC-ZbPiaM_IIpD0H-xisk8Q" \ 
 -H "App-Id: DZ8IEYmbfDvS3eMeLhA-Lw" \ 
 -H "App-Secret: 5FXgZCioWalfvTGVHqNe0g" \ 
 -H "Access-Token: 55de2eb27669505499da9cdfd7d8f9dccbc61b3c2d158df4959c35d01fc0dc856505986f750f4d84b6bee0b85d4e6dfb3e6309e59078ec81832274c72bb62d1a" \ 
 -H "Client-Request-Id: 17" \ 
 -X DELETE "/api/v2/payments/:id"

Example of unpacked Authorization header

{"data":{},"exp":1574093210,"id":546}

Example of response

{"data":{"payment_id":324}}
Request

DELETE /api/v2/payments/:id

Headers
Header Type Description
Authorization string, required JSON Web Token containing payload, signed using RSA256 and application.private_key. Can raise: AuthorizationMissing
App-Id string, required Application’s app_id from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
App-Secret string, required Application’s app_secret from connection details tab.
Access-Token string, required Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
Client-Request-Id string, optional Request identifier. If present, it will be returned within meta field in response.
Unpacked Authorization
data
hash, required
Wrapper for the data.
exp
integer, required
The lifetime of the request in timestamp UTC format. Values greater than: Current time.
id
string, required
Payment identifier in Salt Edge PSD2 Compliance. Can raise: PaymentNotFound, SessionExpired, SessionClosed
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
SessionClosed 400 Session specified in request has been already closed and cannot be modified.
AuthorizationMissing 400 Authorization header is missing.
TokenMissing 400 This request cannot be performed without Access_Token header.
SessionExpired 401 Found session has been expired and cannot be processed anymore.
TokenNotFound 401 Token specified in request does not exist or cannot be retrieved.
TokenRevoked 401 Token specified in request is revoked and cannot be used anymore.
TokenExpired 401 Token specified in request is expired and cannot be used.
PaymentNotFound 404 Payment specified in request does not exist or cannot be retrieved.
OauthAppNotFound 404 OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound 404 Certificate has no permissions.