Open Banking Partner Integration | Nuapay Developer Hub

Partner integrations require you to retrieve an OAuth access token for a specific merchant and use that unique token in all subsequent API calls.

Partner Integration Modes

Nuapay offers two Partner models allowing you to connect to Nuapay as a:

Third Party Provider (TPP).
Technical Service Provider

TPP MODE

With Nuapay in TPP Mode

You are licensed to offer Open Banking services under the Nuapay TPP license.
All APIs are listed on the nuapay.com domain.
ASPSP OAuth Callback is passed to nuapay.com
A ‘Powered by Nuapay’ logo is displayed on the checkout window.

TECHNICAL SERVICE PROVIDER MODE

With Nuapay as a Technical Service Provider

You will need:

An Open Banking TPP license.
To provide Sentenial with your eIDAS certificate (QWAC and QSEAL).
To allow Sentenial to generate Software Statement Assertions(SSA) and OBUK specific PKI key pairs.
Sentenial to establish relationships with each ASPSP on your behalf.

Note that:

REST APIs can be white labelled as partnerdomain.com (you must point your DNS records to the Nuapay infrastructure).
The Openbanking ASPSP OAuth Callback domains can be white labelled too callback.partnerdomain.com (you point your DNS records to the Nuapay infrastructure).
We recommend three callback domains to be registered callback1.partnerdomain.com, callback2.partnerdomain.com and callback3.partnerdomain.com. This allows for flexibility in routng OAuth responses.
A ‘Powered by Partner’ logo/notification can be displayed on the checkout window.

Note: If you want to use Nuapay as a Technical Service Provider and meet the criteria above, please contact your account manager; your domain, callback URLs and any white-labelling will need to be configured as per your requirements.

OAuth Token Generation

Regardless of the integration mode chosen, in order to initiate API requests on behalf of your merchants, you will first need to retrieve OAuth tokens. The process is illustrated below:

The Nuapay Customer Support team will issue An API Key to you upon request. The OAuth token retrieved from the /tokens endpoint allows you to then generate API requests on behalf of a specific merchant/organisation.

When generating an API request, provide the retrieved token as the authentication username in all your API requests. A password is not required, however the request must be made from an allowed IP address.

API authentication header format: Authorization: Bearer <OAuth Token>

API Details - GET /organisations

Swagger Reference: Gatekeeper

Use the /organisations endpoint to retrive the organisations linked to your partner entity:

Scopes and Time To Live (TTL)

Before generating an OAuth token for a specific organisation you will need to specify the scopes required and the token’s TTL.

Two scopes are available for Open Banking APIs:

AISP
PISP

In additions, the following scopes are available:

Admin
Bank Admin

At least one scope must be included in your request.

The TTL by default is 10 seconds but long-lived tokens may also be created by configuring the expiresIn value in the request body.

Note: Where you have created a long-lived token, it is possible to revoke it through a revoke API request. See Token Management

API Details - POST /tokens

The /organisations/{encodedOrganisationId}/tokens endpoint takes an encoded organisation ID (returned from the /organisations endpoint) and returns an OAuth token.

As outlined above, specify the scopes (required) and Time To Live - expiresIn (optional) in the request.

Once you have retrieved the token for the required merchant, use it in the HTTP Authorization Header of the Bank, PISP and/or AISP API requests you generate.