Strong Customer Authentication

New PSR2 RTS requirements have been rolled out across Europe to protect online payments. At Intergiro we proudly welcome the new regulation and endorse the mission to give users control over their payment experience and security online.

Now, some user actions require their explicit consent and authorisation:

• KYC & Onboarding
• accessing individual's payment history
• external payments
• accessing sensitive card details

Enrollment

As part of the KYC & Onboarding process we take care of the user registration, i.e. the user creates a passcode, confirms their phone number and enrolls their biometry device. This is fully transparent and doesn't require you to store any user secrets on your end.

When it comes to Bank payments and Cards, however, the users will have to provide their explicit authorisation directly to Intergiro by means of a URL redirect.

Consent API

Consent API is designed to help the end user provide explicit consent, authorise payments and access sensitive card details.

A pending Consent request object is returned as a 412 Precondition Failed HTTP response to an action:

HTTP 412 Precondition Failed

{
  "consent": {
    "id": "e1dd9cd7-1650-42b3-8496-a970fb40ed3f",
    "status": "pending"
  }
}

Here you can see what kind of consent is required, its status and when it expires. Once the time is right to prompt the user, grab that consent.id and make a request to POST /consents/<consent_id> in order to initiate the consent process:

POST /v3/consents/e1dd9cd7-1650-42b3-8496-a970fb40ed3f

Content-Type: application/json
Authorization: Bearer <access_token>

{
  "return_url": "https://example.com/payment_finished"
}

The response will contain a Consent Method with instructions on how to complete the process:

HTTP 200 OK

{
  "method": {
    "redirect_url": "https://integrate.intergiro.com/sca/consent?token=eyJjb...",
    "token": "eyJjb...",
    "expires_at": "2021-05-11T09:55:17.000Z"
  }
}

Now you'll need to open the browser and send the user to the redirect_url received.

REQUIREMENT

To ensure the best user experience (UX), along with stable operation of the onboarding flow and biometric functions, we require the following:

1. Native Applications:

• iOS: Use SFSafariViewController (opens new window) for redirect experiences.
• Android: Use Chrome Custom Tabs (opens new window) for redirect experiences.
• Standalone browsers can be used for both platforms but is not a recommended option.

2. Web Applications:

• Use a standalone browser for redirect experiences.

Please note that we do not guarantee support for redirect flows integrated into your application in any manner other than those mentioned above.

Once the user finishes, they will be redirected back to the return_url provided.