Xs2a has implementation to support custom payment-products which are different from Berlin Group list. To use for example "new-payment-product", open bank_profile.yaml and add it to supportedPaymentTypeAndProductMatrix:
SINGLE:
- new-payment-product
PERIODIC:
- new-payment-product
BULK:
- new-payment-productCustom payment-products will be passed to SPI level through the interface de.adorsys.psd2.xs2a.spi.service.CommonPaymentSpi Therefore this interface should be implemented in your SPI-Connector.
ASPSP is able to modify SCA redirect URLs for consent, payment and payment cancellation.
Redirect link for consent is constructed with aisRedirectUrlToAspsp parameter and can be configured with {redirect-id}, {encrypted-consent-id}, {inr-id} options.
Examples:
-
"http://localhost/ais/{redirect-id}/{encrypted-consent-id}";
-
"http://localhost:4200/ais/{redirect-id}/{encrypted-consent-id}/{inr-id}";
-
"http://localhost:4200/ais/{redirect-id}".
Redirect link for payment is constructed with pisRedirectUrlToAspsp parameter and can be configured with {redirect-id}, {encrypted-payment-id}, {inr-id} options.
Examples:
-
"http://localhost/pis/{redirect-id}/{encrypted-payment-id}";
-
"http://localhost:4200/pis/{redirect-id}/{encrypted-payment-id}/{inr-id}";
-
"http://localhost:4200/pis/{redirect-id}".
Redirect link for payment cancellation is constructed with pisPaymentCancellationRedirectUrlToAspsp parameter and can be configured with the same options as for payment.
Examples:
-
"http://localhost/pis/cancellation/{redirect-id}/{encrypted-payment-id}";
-
"http://localhost:4200/pis/cancellation/{redirect-id}/{encrypted-payment-id}/{inr-id}";
-
"http://localhost:4200/pis/cancellation/{redirect-id}".
All parameters are optional and can be omitted.
XS2A supports several modes of redirect SCA approach:
-
redirect (usual redirect approach);
-
OAuth pre-step (TPP asks for token before initiation of the request);
-
OAuth integrated (TPP asks for token after initiation of the request).
Switching between these modes can be done by changing the scaRedirectFlow field value in the ASPSP profile. Possible
values for it are:
-
REDIRECT; -
OAUTH_PRE_STEP; -
OAUTH.
OAUTH and OAUTH_PRE_STEP modes require link to identity provider (IDP) in the ASPSP profile. This is the field oauthConfigurationUrl.
It should be used for accessing third-party applications for providing the token.
Pre-step mode flow is the following. If token is present, then pre-step OAuth was already applied by TPP and XS2A returns link scaRedirect
to redirect PSU to online-banking (or other authorisation server) for SCA. If token is absent in initial request, XS2A returns
error 401 UNAUTHORIZED with text Please retrieve token first from {oauthConfigurationUrl}.
Integrated mode: if ASPSP supports integrated OAuth and token is absent in initial request for consent, payment and payment
cancellation, XS2A returns link scaOauth (based on oauthConfigurationUrl in profile) to redirect TPP to IDP. If token
is present, XS2A responds with error 403 FORBIDDEN with text Token is not valid for the addressed service/resource.
The debug interface of the ASPSP profile enables the developer to update the list of supported SCA approaches and/or ASPSP profile settings, temporarily during runtime. The changes won’t be persisted, and only stored in the local application cache. Thus, these endpoints are unviable for a production environment and should only be used for debugging, as a more convenient way of changing the SCA approaches and/or the ASPSP profile settings.
The debug interface is enabled via configuring Spring Profiles. The according profile name is debug_mode.
The endpoints provided are the following:
-
POST /api/v1/aspsp-profile/for-debug/aspsp-settings- Updates aspsp profile settings-
Requires the ASPSP profile settings, in JSON format
-
-
POST /api/v1/aspsp-profile/for-debug/sca-approaches- Updates list of sca approaches-
Requires the SCA approaches, as separated Strings, in a JSON array
-
From v.5.x onwards there is one additional endpoint that is accesible in the scope of debug-mode. This endpoint allows
the customer to change an old ASPSP-Profile (prior to v.5.x) to a newer version, which improves readability and
structures the settings more rigorously.
The endpoint containing this behavior is accesible via:
-
POST /api/v1/aspsp-profile/convert-profile/aspsp-settings- Converts old aspsp profile to the new format-
Requires the, v.4.x. and prior, ASPSP profile settings, in YAML format
-