Account Authorisation Flows
Learn more about the different account authorisation flows in Yapily
Depending on the
Institution list in your application, you may be required to implement several flows.
Looking for Payment Authorisations Flows?
Redirect vs. Embedded
Redirect-based account authorisation flows require the PSU to be sent to the domain of the
Institution to authenticate themself and to securely give their
Consent to make a request for their
On the contrary, embedded account authorisation flows take place without any redirect to the
Institution. This process works by capturing various pieces of information from the PSU through
fields in your front-end application and sending this information to the
Institution through the Yapily API in order to authorise the request for the their financial data.
Coupled Account Authorisations
Coupled account authorisation flows are flows where every step in authorising a request for the PSU's financial data is sent through the Yapily API. This means that at every stage, it is possible
to receive the status of the
Consent without polling it for updates. By default, all coupled account authorisation flows diagrams display the use case that is suited to customers who are using
redirect where after the authorisation step is completed, the PSU is redirected back to the application directly by the
Institution. See redirect url for
For customers using the Yapily
Institution will redirect the PSU to this url after completing the authorisation which will mean the journey
will not end back in your front-end application. As a result, it is recommended that you opt-in to use the
callback in order to tell Yapily where to redirect the PSU to after being redirected to
the authorisation service. See using a callback for more information.
Decoupled Account Authorisations
Decoupled account authorisation flows are flows where one step in authorising a request for the PSU's financial data takes place without Yapily as the intermediary. In this case, the authorisation
is sent directly from the
Institution to the PSU and back to the
Institution. As Yapily is not involved in this process, in order for Yapily to check the status of the authorisation, Yapily will
first send the
AWAITING_DECOUPLED_AUTHORIZATION status to signal that the
Institution has sent a request directly to the PSU to authorise.
As the authorisation is completed and received by the
Institution without involvement of the Yapily API, you will need to poll GET Consent using the
consent-id in order to
know when the PSU has successfully authorised the account authorisation request. Once this occurs, the
Consent will transition to
AUTHORIZED signalling that the authorisation process is complete
and that you can cease from polling.