Payment Sessions
A payment session represents an entire checkout and payment flow, including line items and customer information. A payment session can only be completed once, and has a unique ID associated with it. It contains all the information necessary for the payment, including the amount, currency, payee, etc.
Payment Flow
The image below illustrates the Pay by Bank flow:
The steps below describe the flow of a payment session from start to end:
- A customer requests to make a payment.
- You use the Banked API to create a
PaymentSession
. - Banked provides a URL to the checkout page and a Payment ID for this
PaymentSession
. - You direct your customer to the checkout URL or present them with the Embedded Checkout.
- Your customer selects their bank.
- We contact the selected Provider (the customer's bank) and ask them to make a transfer from the customer's account to the payee's account. This is called consent creation.
- We then redirect the customer to authenticate themselves, select an account, and authorize the payment.
- The customer is redirected to a Banked holding page, and we record whether payment authorization was successful or not.
- The customer is redirected to your success or failure URL.
- At some point after step 7, the money is moved from the customer's account into the payee account, and Banked is notified of this.
- Banked sends a you webhook notification that alerts you of a successful payment, at which point the process is complete.
Authenticating Payments
Once a customer selects a Provider, we direct them to the specific authentication flow provided by that bank in order to securely authorize payment. These differ for each bank.
If the payer has more than one account with the Provider, they will select their preferred source of funds before authorizing the payment.
Web based authentication and authorization
This is the default checkout flow and is included part of a bank's 'internet banking' offering. This doesn't normally involve the use of a card reader and is how many of your customers using a desktop web browser will authenticate bank payments.
App based authentication and authorization
If the PaymentSession
URL is opened on a mobile device, the provider's authentication flow may be performed using the provider's mobile app, if the your customer has it installed.
This often means authentication can be performed quickly using biometrics (fingerprint/facial recognition) or a PIN code.
If a provider operates exclusively via a mobile app (e.g. Monzo or Starling) there is a common scenario where a payer may begin to checkout on their desktop browser, but then, must complete the authorization using the Provider's mobile app. This normally involves scanning a QR code (or similar) to 'hand-off' the authentication and authorization steps to the mobile app.