Partner Integration Modes
Nuapay offers two Partner models allowing you to connect to Nuapay as a:
- Third Party Provider (TPP).
- Technical Service Provider
TPP MODE
With Nuapay in TPP Mode | : |
- You are licensed to offer Open Banking services under the Nuapay TPP license.
- All APIs are listed on the nuapay.com domain.
- ASPSP OAuth Callback is passed to nuapay.com
- A ‘Powered by Nuapay’ logo is displayed on the checkout window.
TECHNICAL SERVICE PROVIDER MODE
With Nuapay as a Technical Service Provider | : |
You will need:
- An Open Banking TPP license.
- To provide Sentenial with your eIDAS certificate (QWAC and QSEAL).
- To allow Sentenial to generate Software Statement Assertions(SSA) and OBUK specific PKI key pairs.
- Sentenial to establish relationships with each ASPSP on your behalf.
Note that:
- REST APIs can be white labelled as
partnerdomain.com
(you must point your DNS records to the Nuapay infrastructure). - The Openbanking ASPSP OAuth Callback domains can be white labelled too
callback.partnerdomain.com
(you point your DNS records to the Nuapay infrastructure). - We recommend three callback domains to be registered
callback1.partnerdomain.com
,callback2.partnerdomain.com
andcallback3.partnerdomain.com
. This allows for flexibility in routng OAuth responses. - A ‘Powered by Partner’ logo/notification can be displayed on the checkout window.
OAuth Token Generation
Regardless of the integration mode chosen, in order to initiate API requests on behalf of your merchants, you will first need to retrieve OAuth tokens.
The process is illustrated below:
The Nuapay Customer Support team will issue An API Key to you upon request.
The OAuth token retrieved from the /tokens
endpoint allows you to then generate API requests on behalf of a specific merchant/organisation.
When generating an API request, provide the retrieved token as the authentication username in all your API requests. A password is not required, however the request must be made from an allowed IP address.
API authentication header format: | Authorization: Bearer <OAuth Token> |
API Details - GET /organisations
Use the /organisations
endpoint to retrive the organisations linked to your partner entity:
Scopes and Time To Live (TTL)
Before generating an OAuth token for a specific organisation you will need to specify the scopes required and the token’s TTL.
Two scopes are available for Open Banking APIs:
- AISP
- PISP
In additions, the following scopes are available:
- Admin
- Bank Admin
At least one scope must be included in your request.
The TTL by default is 10 seconds but long-lived tokens may also be created by configuring the expiresIn
value in the request body.
API Details - POST /tokens
The /organisations/{encodedOrganisationId}/tokens
endpoint takes an encoded organisation ID (returned from the /organisations
endpoint) and returns an OAuth token.
As outlined above, specify the scopes
(required) and Time To Live - expiresIn
(optional) in the request.
Once you have retrieved the token for the required merchant, use it in the HTTP Authorization Header of the Bank, PISP and/or AISP API requests you generate.