Open Payments flow
This page provides a high-level look at the API calls and interactions that occur between the client and servers during a payment. The sequence diagrams are for illustrative purposes and may be simplified in some instances.
Assumptions
- The client’s Such as a mobile or web application or service user is the sender.
- The client already has the sender’s Open Payments-enabled account details and is able to send payments on their behalf.
Get account details
A client retrieves public details about a recipient’s Open Payments-enabled account by issuing a GET request to the recipient’s wallet address. Details include the asset code and scale of the underlying account, as well as the authorization and resource server URLs which the client needs in order to set up a payment to the recipient.
sequenceDiagram
participant C as Client
participant WA as Wallet address
C->>WA: GET wallet address url (e.g. https://wallet.example.com/alice)
WA->>C: 200 wallet address found, return public account details
Incoming payment
The client first requests/receives a grant from the authorization server of the recipient’s ASE account servicing entity to create an incoming-payment resource. The client then sends a request to the ASE’s resource server to create the resource. When created, the resource server returns unique payment details the client will use to address one or more payments to the recipient.
sequenceDiagram
participant C as Client
participant AS as Authorization server
recipient's ASE
participant RS as Resource server
recipient's ASE
C->>AS: Grant request (POST) with type=incoming-payment
AS->>C: 200 OK, returns access token
C->>RS: Create incoming payment resource (POST)
RS->>C: 201 Incoming payment resource created
Quote
The client requests/receives a grant from the authorization server of the sender’s ASE Account servicing entity to create a quote resource. The client then sends a request to the resource server to create the resource. When created, the resource server returns, among other things, a quote id and the amount it will cost to make the payment.
sequenceDiagram
participant C as Client
participant AS as Authorization server
sender's ASE
participant RS as Resource server
sender's ASE
C->>AS: Grant request (POST) with type=quote
AS->>C: 200 OK, returns access token
C->>RS: Create quote resource (POST)
RS->>C: 201 Quote resource created
Outgoing payment
Before an outgoing payment resource can be created on the sender’s account, Open Payments requires the client to send an interactive grant request to the authorization server of the sender’s ASE Account servicing entity .
An interactive grant requires explicit consent be collected from the sender before an access token is issued. While the client must facilitate the interaction, the authorization server and identity provider (IdP) of the sender’s ASE are responsible for the interface and collecting consent.
After consent is obtained, the client requests permission to continue the grant request in order to obtain an access token.
sequenceDiagram autonumber
Client ->>Authorization server (AS): Sends interactive grant request
Authorization server (AS)-->>Client: 200 returns interact redirect uri and continue uri
Client ->>Authorization server (AS): Navigates to interact redirect uri
Authorization server (AS)->>Authorization server (AS): Starts interaction and sets session
Authorization server (AS)-->>Client: 302 temporary redirect to identity provider
uri with grant info in query string
Client ->>Identity provider (IdP): Redirects to identity provider
Identity provider (IdP)->>Identity provider (IdP): Resource owner (e.g. client user)
accepts interaction
Identity provider (IdP)->>Authorization server (AS): Sends interaction choice
Authorization server (AS) -->>Identity provider (IdP): 202 choice accepted
Identity provider (IdP)->>Authorization server (AS): Requests to finish interaction
Authorization server (AS)->>Authorization server (AS): Ends session
Authorization server (AS)-->>Identity provider (IdP): 302 temporary redirect to finish url
(defined in initial grant request)
secured with unique hash and
interact_ref in query string
Identity provider (IdP)->>Client: Follows redirect
Client->>Client: Verifies hash
Client->>Authorization server (AS): Sends grant continuation request with
interact_ref in body to continue uri
Authorization server (AS)->>Client: 200 returns grant access token
Once an access token is acquired, the client can request the creation of the outgoing-payment resource. The setup of the payment is complete and the Open Payments flow ends after the resource is created.
sequenceDiagram
participant C as Client
participant RS as Resource server
sender's ASE
C->>RS: Create outgoing payment resource (POST)
RS->>C: 201 Outgoing payment resource created
Get transaction history
To provide a user with their transaction history, the client can retrieve a list of the user’s incoming (received) payments and outgoing (sent) payments.
sequenceDiagram
participant C as Client
participant RS as Resource server
C->>RS: Get list of incoming/outgoing payments
with wallet-address={url of wallet address}
RS->>C: 200 OK
Similarly, the client can provide the user with details about a specific incoming or outgoing payment.
sequenceDiagram
participant C as Client
participant RS as Resource server
C->>RS: Get incoming/outgoing payment with
id={url identifying incoming/outgoing payment}
RS->>C: 200 Payment found
Bringing it all together
This diagram brings the aforementioned concepts together, except for getting transaction history, to present a full transaction sequence without delving too deeply into the contents of each request and response. A link to view a larger version of the diagram is provided at the bottom of the page.
As shown below, both the sender and the recipient’s ASEs must operate their own authorization and resource servers. Grant requests for incoming payment and quote resources are typically non-interactive. A grant request for an outgoing payment resource requires explicit consent from the sender (e.g., the client’s user), which is obtained through the sender’s identity provider.
More information about grant interaction flows can be found in the Grant negotiation and authorization page.
sequenceDiagram
autonumber
box rgb(225,245,254) Sender's
account servicing entity
participant SIDP as Identity provider
participant SRS as Resource server
participant SAS as Auth server
end
participant SC as Client
box rgb(232,245,233) Recipient's
account servicing entity
participant RW as Wallet address URL
participant RAS as Auth server
participant RRS as Resource server
end
SC->>+RW: Sends GET request
RW->>-SC: Responds with auth & resource server URLs
SC->>+RAS: Sends a non-interactive grant request
(type=incoming-payment)
RAS->>-SC: Responds with access token & grant
SC->>+RRS: Sends request to create an incoming payment resource
RRS->>RAS: Requests validation of access token
RAS->>RRS: Access token is validated
RRS->>-SC: Incoming payment resource is created
SC->>+SAS: Sends non-interactive grant request
(type=quote)
SAS->>-SC: Responds with access token and grant
SC->>+SRS: Sends request to create a quote resource
SRS->>-SC: Quote resource is created
SC->>+SAS: Sends interactive grant request
(type=outgoing-payment)
SAS->>-SC: Responds with interact redirect uri and continue uri
SC->>+SAS: Navigates to interact redirect uri
SAS->>SAS: Starts interaction
and sets session
SAS->>-SC: Responds with identity provider uri
SC->>+SIDP: Navigates (redirects) to identity provider
SIDP->>SIDP: Sender accepts interaction,
for eg: confirms payment intent
SIDP->>SAS: Sends interaction choice
SAS->>SIDP: Accepts choice
SIDP->>SAS: Requests to finish interaction
SAS->>SAS: Ends session
SAS->>SIDP: Redirects to finish url defined in initial grant request
SIDP->>-SC: Follows redirect
SC->>SC: Verifies hash
SC->>+SAS: Sends a grant continuation request
SAS->>-SC: Responds with a grant access token
SC->>+SRS: Sends request to create an outgoing payment resource
SRS->>SAS: Requests validation of access token
SAS->>SRS: Access token is validated
SRS->>-SC: Outgoing payment resource is created