Suppliers Overview
Buyers will be able to store a list of trusted supplier details which are to be used when creating a payment run.
Note: Supplier details include information about the business or individual’s bank account that needs to be trusted before being able to create a Payment Run.
When using suppliers, your customers may be allowed to skip Strong Customer Authentication when executing a Payment Run, thus reducing the number of approval steps required.
Create Suppliers
To create a supplier for a buyer, an end-user belonging to the buyer must be logged in. You will require your API key and an active end-user authentication token to create a supplier. Read more about authentication in the [authentication guide].
Setting the trustLevel of a supplier to TRUSTED will enable the end-user to skip Secure Customer Authentication for transactions to that supplier.
Suppliers belong to the buyer managing them and cannot be shared with other buyers.
Verify Suppliers
Before the submitted suppliers can be added to the list, the logged-in user must verify the details by completing a challenge.
A challenge is required when removing suppliers from the list as well.
Send a Challenge
You can trigger the suppliers verification process by calling the suppliers' challenge API. The user will be requested to perform a two-factor authentication based on the channel provided in the request.
You can check your enabled authentication channels for suppliers via the Innovator Portal by navigating to Identities Profile → Authentication tab → Payment Verification.
Currently, we support SMS as possible authentication channels. More authentication channels will be added in the future.
You can start an SCA challenge via SMS by requesting the One Time Password API endpoint. A text message containing a OTP code will be sent to the logged-in end-users' registered mobile phone.
Complete the Challenge
SMS is the selected channel, then you must build a page in your application where the user can enter the verification code that they received in the text message which you will need to submit to via the challenge verify API.
Once confirmed, the suppliers will be automatically added to the identity's suppliers list. You will receive a webhook for the batch of suppliers that will include all the suppliers in the list with its outcome.
Remove suppliers
To remove a supplier for a buyer, an end-user belonging to the buyer must be logged in. You will require your API key and an active end-user authentication token to remove a supplier. Read more about authentication in the [authentication guide]
The logged-in user must complete an SCA challenge to remove suppliers.
Using Suppliers with Payment Run
When submitting a Payment Run, your customers must choose a supplier with every payment. This can be done by providing a supplierId in the destination parameter.
If the Payment Run was eligible to skip Strong Customer Authentication because the destination is a trusted supplier, then it will be executed automatically and the challengeExemptionReason will be set to TRUSTED_SUPPLIER.