Adding Open Banking (in Self-Hosted-Callback mode) lets you fully control your PSU's payment journey and allows you to bypass the Nuapay TPP.



In this mode, once a PSU has been redirected to a selected ASPSP and has completed his/her interactions with that bank, the PSU is redirected to the merchantPostAuthUrl, as provided in the Create Payment request.

In order for the PSU to be successfully redirected, an ASPSP must do two things:

  1. Determine what the callback URL is for the specific PSU.
  2. Confirm that this URL has been properly configured and registered (with that ASPSP).

Sequence Steps

To use Self-Hosted-Callback mode see the flow described in the image below (click to enlarge) and refer to the steps 1-6 below for more detail:

Self-Hosted-Callback Partner Flow
  1. Using your partner-level API key retrieve the list of your merchants and retrieve a token representing the required merchant.
  2. You will design your own Bank Selection screen; use Retrieve Banks to populate your bank select user interface.
  3. Once the payer has selected a bank, call the /tpp/payments endpoint using the OAuth token, representing the required merchant, (see Create Payment). Set the integrationType to SELF_HOSTED_CALLBACK, specify the bankId provided by the payer and set the merchantPostAuthUrl. The merchantPostAuthUrl will process the callback from the ASPSP, this information needs to be captured and sent to Nuapay.
  4. Redirect the PSU to the ASPSP to authorise the payment - note after the PSU approves or denies the payment request they are redirected to the merchantPostAuthUrl.
  5. Process The Callback sent to the merchantPostAuthUrl from the ASPSP.
    • The partner retrieves a partner level OAuth token with scope = openbanking_callback.
    • The payment callback params are passed to the Nuapay TPP at /payments/callback. (See the following section for more on this).
  6. The response to /payments/callback includes the paymentId in the Location Header which you can use to get the most up to date payment status by using Retrieve Payment.

Processing The Callback

Note that:

  1. Since response parameters are returned in the Redirection URI fragment value, the Client needs to have the User Agent parse the fragment encoded values and pass them on to the Client’s processing logic for consumption. (Basically parse the details in JavaScript to post back to your server)
  2. Accept the data on your systems.
  3. Post the information to the /payments/callback endpoint.

Please see a sample piece of JavaScript code below, which parses the data after the anchor:

#check for the anchor
var data = window.location.href.split(#);
if(data.length < 2) { //just in case not using anchors
    data = window.location.href.split(?);

var params = data[1]; 

var xhr = new XMLHttpRequest();"POST", YOUR_URL, true);
xhr.setRequestHeader('Content-Type', 'application/json');
		value: params

This assumes you can accept a POST of json to YOUR_URL.

In your logic on the server side, you can parse all the params and submit to the endpoint.