Adding Open Banking (in Self-Hosted-Callback mode) lets you fully control your PSU's payment journey and allows you to bypass the Nuapay TPP.



In this mode, once a PSU has been redirected to a selected ASPSP and has completed his/her interactions with that bank, the payer is redirected to the merchantPostAuthUrl, as provided in the Create Payment request.

In order for the payer to be successfully redirected, an ASPSP must do two things:

  1. Determine what the callback URL is for the specific PSU.
  2. Confirm that this URL has been properly configured and registered (with that ASPSP).

Sequence Steps

A detailed overview of the various steps involved in the Self-Hosted-Callback flow is provided in the image below.

Self-Hosted-Callback Merchant Flow

To use Self-Hosted-Callback mode:

  1. Using your API key, retrieve a token; set your scope = openbanking_pisp.
  2. Call GET /banks to retrieve a list of all supported banks (see Retrieve Banks) to populate your Bank Selection screen.
  3. Once the payer has selected a bank, call the /tpp/payments endpoint (see Create Payment). Set the integrationType to SELF_HOSTED_CALLBACK, specify the bankId provided by the payer and set the merchantPostAuthUrl. The merchantPostAuthUrl will process the callback from the ASPSP, this information needs to be captured and sent to Nuapay.
  4. Redirect the PSU to the ASPSP to authorise the payment - note after the PSU approves or denies the payment request they are redirected to the merchantPostAuthUrl.

  5. Process The Callback sent to the merchantPostAuthUrl from the ASPSP.
    • You need to retrieve an OAuth token with scope = openbanking_callback.
    • Use this token to authenticate when you call the Forward Payment Callback endpoint, passing the callback parameters.
    • The payment callback params are passed to the Nuapay TPP at /payments/callback. (See the following section for more on this).
  6. The response to /payments/callback includes the paymentId in the Location Header which you can use to get the most up to date payment status by using Retrieve Payment.

Processing The Callback

Note that:

  1. Since response parameters are returned in the Redirection URI fragment value, the Client needs to have the User Agent parse the fragment encoded values and pass them on to the Client’s processing logic for consumption. (Basically parse the details in JavaScript to post back to your server)
  2. Accept the data on your systems.
  3. Post the information to the /payments/callback endpoint.

Please see a sample piece of JavaScript code below, which parses the data after the anchor:

#check for the anchor
var data = window.location.href.split(#);
if(data.length < 2) { //just in case not using anchors
    data = window.location.href.split(?);

var params = data[1]; 

var xhr = new XMLHttpRequest();"POST", YOUR_URL, true);
xhr.setRequestHeader('Content-Type', 'application/json');
		value: params

This assumes you can accept a POST of json to YOUR_URL.

In your logic on the server side, you can parse all the params and submit to the endpoint.