This service provides third-party providers (TPPs) access to start authorisation for a basket of payment initiation requests.
Within the Sandbox environment, SMBC Group makes available simulated datasets.
How to use this service
To use this service, the TPP will first:
use the token service to obtain a TPP access token;
use this TPP access token via the consents service to create a consents resource and receive a redirect;
(sandbox only) use the token service to request an authorisation code via a dedicated authorisation service, exclusive to the sandbox;
(production only) redirect the PSU to perform strong customer authentication (SCA) against the Bank's online web portal, receive an authorisation code and be redirected back to the TPP with the authorisation code; and
provide the returned authorisation code to the token service to obtain a PSU access token and a PSU refresh token.
Digital signature requirements
While the full set of mandatory fields in the digital signature Signature/headers field will vary by operation, the common mandatory fields in production are as follows:
(request-target) - This is the request URI including any request parameters of the production endpoint, e.g., "POST /berlingroup/v1/signing-baskets
date - The current date-time when the request is generated in the format defined in RFC 7231.
digest - SHA-256 hash of the request message payload.
consent-id
x-request-id
psu-id
tpp-redirect-uri
psu-ip-address
psu-device-id
When invoking Berlin Group operations that require digital signatures, you must include all the mandatory headers for the respective operation. Furthermore, all the mandatory headers for the operation must be included in the signing string, per the Cavage specification, when generating the digital signature.
Info message
For further details, refer to the Getting Started section of this website.