Skip to main content

Overview

The API has three layers of authentication:

  1. Account authentication is used to identify and authenticate requests from your application. All API requests and UI components require account authentication.

  2. End-user authentication is used to authenticate the Admin User and Authorised Users of the Buyer, i.e. the representatives of the business End Customer. Almost all API requests and UI components require end-user authentication showing that these users are in session and creating the actions/interactions indicated through the API. The end-user authentication is done with an Auth Token which can be used to perform actions within our APIs.

  3. End-user step-up authentication is required when performing certain requests covered by a requirement for Strong Customer Authentication under PSD2 financial regulations. This is achieved by the end user successfully passing an SCA-compliant multifactor challenge, whereupon a stepped-up Auth Token is provided allowing the workflow to proceed.

Depending on the type of operation you are trying to execute, you may be required to either:

  • provide account authentication only or
  • provide account and end-user authentication via an Auth Token
  • provide account and step-up end-user authentication (step-up refers to an Auth Token where two-factor authentication was performed)