Payment Sessions
A payment session represents an entire checkout and payment flow, including line items and customer information.
A payment session can only be completed once, and has a unique ID associated with it. It contains all the information necessary for the payment, including the amount, currency, payee, etc.
You can create a payment session via the API, or directly from the Banked console.
Payment Flow
How do payments work and money move? The image below illustrates the Pay by Bank flow:
- Your customer requests to make a payment.
- You use the Banked API to create a
PaymentSession
. - Banked provides a URL to the checkout and a Payment ID for this
PaymentSession
. - You direct your customer to the checkout URL or present them with the embedded checkout.
- Your customer selects their bank.
- We contact the selected provider (the customer's bank) and ask them to make a transfer from the customer's account to the payee's account. This is called consent creation.
- We then redirect the user to authenticate themselves, select an account, and authorise the payment.
- The customer is redirected to a Banked holding page, and we record whether payment authorisation was successful or not.
- The customer is redirected to your success or failure URL.
- At some point after step 7, the money is moved from the customer's account into yours, and Banked is notified of this.
- Banked sends a you webhook notification that alerts you of a successful payment, at which point the process is completed.
Authenticating Payments
Once a payer selects a provider, we direct them to the specific authentication flow provided by that bank in order to securely authorise payment. These differ for each bank.
If the payer has more than one account with the provider they will select their preferred source of funds before authorising the payment.
Web based authentication and authorisation
This is the default checkout flow and is included part of a bank's 'internet banking' offering. This doesn't normally involve the use of a card reader and is how many of your customers using a desktop web browser will authenticate bank payments.
App based authentication and authorisation
If the PaymentSession
URL is opened on a mobile device, the provider's authentication flow may be performed using the provider's mobile app if the your customer has it installed.
This often means authentication can be performed quickly using biometrics (fingerprint/facial recognition) or a PIN code.
If a provider operates exclusively via a mobile app (e.g. Monzo or Starling) there is a common scenario where a payer may begin to checkout on their desktop browser but are required to complete the authorisation using the Provider's mobile app. This normally involves scanning a QR code (or similar) to 'hand-off' the authentication and authorisation steps to the mobile app.