Authentication

In an interactive transaction, the merchant system must have OAuth 2.0 credentials, which include Client ID, Client Secret, and App ID. Passing these credentials to the authentication server allows you to obtain an access token.

The merchant system must call the Paramount authentication API and obtain an access token before redirecting the consumer to Instant Bank Transfer. Access tokens are retrieved via the OAuth Client Credentials flow, which is used for server-to-server authentication. For more information, see Authentication.

Redirects

Interactive payins are implemented using a same-browser redirect/webview.

All Instant Bank Transfer screens use responsive design and automatically adjust to the optimal size for the consumer's device.

When the consumer is redirected to Paramount, Instant Bank Transfer guides the consumer through the transaction flow. At the end of the transaction, Instant Bank Transfer redirects the consumer to the merchant’s specified, URL-encoded return URL, which is specified in the request (returnUrl).

Registering a New Bank Account

The transaction for a first-time consumer, or a returning consumer registering a new bank account, is a non-tokenized transaction. That is, the merchant system does not yet have a token that uniquely identifies this consumer’s bank account in the Instant Bank Transfer system.

In this case, the merchant system sends a request that doesn't include the Bank object in the interactive transaction request. See Interactive Transactions.

At the end of the transaction process, the merchant receives four data parameters in the transaction notification. The merchant stores these parameters for subsequent transactions made by the same consumer using the same bank account.

• accountToken – A token that uniquely identifies the consumer’s bank account in the Instant Bank Transfer system.
• accountLabel – The masked account number that will be displayed by the merchant to the consumer in subsequent transactions. This is in the format ***1234
• bankAccountType – The consumer’s bank account type, either PC or PS (personal checking or personal savings).
• fiName – The name of the consumer’s bank.

Using a Previously Registered Bank Account

Returning consumers using a previously registered bank account can complete a tokenized transaction. On the cashier page, the merchant displays the stored account labels (accountLabel), account type (bankAccountType), and bank name (fiName) associated with the account token (accountToken) from the consumer’s most recent payin transaction notifications.

To improve the consumer’s user experience, the merchant must allow them to select the previously used account, or to add a new account, before being redirected to Paramount for payment. We recommend displaying the last three (3) unique tokens per consumer on the cashier and allowing the consumer to remove the tokens from being displayed on the cashier. If the consumer uses more than 3 unique tokens, the older tokens should not be automatically displayed.

The merchant cashier also displays an option for the consumer to make a payin using a new bank account that hasn't been previously used for Instant Bank Transfer transactions.

• If the consumer chooses a bank account that they previously used to make a payin, the merchant sends a payin request with the associated accountToken in the request.
• If the consumer wants to use a different bank account, the merchant sends a transaction request without a token, following the same process as a first-time consumer payin.

The accountToken, bankAccountType, fiName, and acccountLabel are passed back for each transaction, regardless of whether the payin request contained a token.