Console

Payment authorisation flows

Learn more about payment authorisation flows.

Suggest Edits

To enable a payment from their bank account, your user goes through an authorisation flow. After the user selects the option to pay with TrueLayer at checkout, they select their provider or their provider is preselected for them. Depending on which bank they are paying from, the screens that the user sees during authorisation may be different.

📘

Using one of TrueLayer's UIs?

If you're using one of our prebuilt UIs for web or mobile, we handle authorisation for you.

If you build your own authorisation UI, you need to complete actions so your user can authorise the payment.

There are three types of authorisation flow:

  • redirect
  • embedded
  • decoupled

Redirect flow

The redirect flow is the most common type of user flow for authorisation. It is used by all UK banks.

In a redirect flow:

  1. The user begins the payment flow
  2. The user is redirected to their provider's website or app
  3. The user inputs their bank credentials to authorise the payment
  4. The bank redirects the user to the return URI that you set in Console
The basic steps in a redirect flow, including `actions`.

The basic steps in a redirect flow, including actions.

Embedded flow

The embedded flow is used by some German providers. In an embedded flow, the customer inputs their credentials within the flow rather than being redirected to their bank app or website to log in.

Unless you are regulated as a PISP, to support embedded flows you must use a hosted or embedded payment page, or one of our mobile SDKs.

In an embedded flow:

  1. The user begins the payment flow
  2. The user inputs their banking credentials within a TrueLayer UI
  3. The user completes the payment
The basic steps in an embedded flow, including `actions`.

The basic steps in an embedded flow, including actions.

Decoupled flow

In a decoupled flow, the user can authorise their payment in another app or channel, such as an email or a notification within their bank app. Very few EU providers support a decoupled flow.

The hosted payment page, embedded payment page and mobile SDKs support all auth flows by default. We recommend using these, especially if you are integrating in the EU.

If you are building a direct API integration, you can see which auth flow a provider supports with the /providers endpoint.

In a decoupled flow:

  1. The user begins the payment flow
  2. The user is shown a screen which tells them to go to a different app or website to complete authorisation
  3. The user approves the payment within that other app or website
  4. The user goes back to the TrueLayer payment flow to complete the authorisation process
The basic steps in a decoupled flow, including `actions`.

The basic steps in a decoupled flow, including actions.

Updated 7 months ago

Next steps