Masked Redirect Url
Yapily's knowledge article about masking redirect Urls
Note: This article only applies if you have your own Open Banking AISP/PISP licenses and are using your own certificates
to register with each Yapily
For customers who are AISPs or PISPs and therefore have the ability to control the redirectUrl, you can take advantage of using Yapily's auth service https://auth.yapily.com/ while masking the url with a url at your own domain of choice.
What is the trade-off for using this solution?
The main reason for doing this is to offload the responsibility of handling the response from each
Institution to Yapily.
Yapily's auth service provides the ability to automatically exchange the
code returned by the
consentToken or a
oneTimeToken or to provide the failure message and categorisation of the message in case there
was an issue as described in handling the callback parameters.
Furthermore, Yapily logs every redirect at https://auth.yapily.com/ which alleviates the need for the TPP to do so.
This of course comes at cost where the TPP forgoes the ability to control the UI elements at https://auth.yapily.com/ which belongs to Yapily.
How it works
In order to do this, in step 8 of Configuring the redirect url, you will
need to add a
redirectUrl that is a CNAME record
mapping the url you want your customers to see to https://auth-callback.yapily.com.
This is usually something your DevOps team will be able to configure quite easily by going to your domain provider's DNS settings and adding a new DNS record e.g.
auth.tpp-domain.com CNAME auth-callback.yapily.com
Validating your CNAME record
To validate that the CNAME is configured correctly, you can run the
nslookup utility using the Terminal application on
Mac or Powershell on Windows:
> nslookup auth.tpp-domain.com Server: 22.214.171.124 Address: 126.96.36.199#53 ** server can't find auth.tpp-domain.com: NXDOMAIN
> nslookup auth.tpp-domain.com Server: 188.8.131.52 Address: 184.108.40.206#53 Non-authoritative answer: auth.tpp-domain.com canonical name = auth-callback.yapily.com. auth-callback.yapily.com canonical name = production-nginx.yapily.com. Name: production-nginx.yapily.com Address: 220.127.116.11
Once successfully configured, you will then need to get in contact with our Support Team requesting for Yapily to finalise the configuration on our server and to ensure that your application is configured to use the CNAME. You can verify with the Support Team that this has been set up correctly.
Implications for Institution registrations
You should be aware that adding a new CNAME record to your software statement is the equivalent of changing/adding new redirects. If you are modifying an existing registration, be warned of the risk
of losing consent when re-registering each