Open banking introduction

What is the Open Banking?

Contis has partnered with Token.IO to deliver our Open Banking solution.

Contis has developed 2 options to support a client’s Open Banking integration

Option 1 – Contis Managed Authentication

As part of the authorisation process, Token will be handing-off the Payment Service User (PSU) to Contis, Contis will then collect and validate the username and password of the PSU.

Contis will develop the Authorize page to identify the PSU by providing their username/password with SCA (Strong Customer Authentication). This will be used by Token to authorize PSU.

As Contis does not hold the username and password of your customer, Contis needs to pass this information, to you, in a secure manner. You will then need to validate the details and send a response back to Contis for us to authorize the PSU. To support this process Contis has developed the following APIs:

  1. VerifyConsumerCredential.
  2. OTPWebhook to receive OTP if required by Client.
  3. BlockConsumerLogin.

Option 2 – Client Managed Authentication

Token will hand-off the PSU to the client, the client will collect and validate the user details, including second factor authentication. The client will then exchange security tokens with Contis to complete the registration.

As Contis does not hold the login details for your customer, these options are necessary to gather the PSU consent for Open Banking.

Callback URL: https://tokenob.contis.com/CallBack/VerificationToken

Request Query parameters are as below:

  • bank_id : Unique bank id generated for each client while onboarding
  • request_id : Unique request id received from TokenIO, Contis will pass this to clients on their landing page.
  • request_token : Contis will pass unique token to clients on their landing page
  • token : Encrypted token generated by Client using Contis Public key
  • SCAOptionID1FA : SCAOptionID1FA option is for first factor of login. It can be any of following.
  1. Device Binding (Possession)
  2. Face (Inherence)
  3. Finger (Inherence)
  4. OTP (Possession)
  5. mPIN (Knowledge)
  6. Password (Knowledge)
  7. Other Knowledge Item
  8. Other Possession Item
  9. Other Inherence Item
  • SCAOptionID2FA : SCAOptionID2FA option is for second factor of login. It can be any of following.
  1. Device Binding (Possession)
  2. Face (Inherence)
  3. Finger (Inherence)
  4. OTP (Possession)
  5. mPIN (Knowledge)
  6. Password (Knowledge)
  7. Other Knowledge Item
  8. Other Possession Item
  9. Other Inherence Item

NOTE: Both first and second factor must not be same.