Use the /Sessions/Initiate
endpoint to allow a customer to complete the payments flow.
To successfully call this endpoint, you must first call the /Authorize
endpoint to obtain a valid access token.
Initiating a session
This endpoint is used to obtain a sessionId that can then be used by the app in order to have a user complete the flow.
All fields (apart from clientURIs) within the initiation of a session are mandatory, please take extra care with the amount
field and the customerName
field as these may cause either the user or the app to not complete the flow if provided incorrectly. Specifically with customerName
as this will be matched to the name provided by the external Financial Institution once a payment is initiated. If the names do not match above a default threshold, the transaction will fail and no funds will be moved.
A ‘ReferenceId’ must be provided within this call. By default this could simply be a GUID that you store on your side and that will be returned within the end-of-day reconciliation files to match completed transactions with your users. In most cases this ID should be a unique identifier that allows you to identify the end-user that is making the payment (for example, a LoanId, AccountId etc). This ID will be sustained throughout the entire transaction lifecycle.
Please note that the customerName and customerEmail fields will not be used to alert the end-user, but will be used within the application to ensure it is the correct user that receives the request to pay, therefore you should ensure that these fields are populated with the correct information on the user that is anticipated to make the payment. Flinks may block a transaction from occurring if the given name specifically does not match with the name identified at the linked bank account - in order to avoid this, please ensure that the information provided here is specific to the user being requested to pay.
The amount
field is a decimal field that is the exact amount that you wish to receive from the end-user. If this is incorrect, the user will have to exit the flow and you will need to create a new session with a different amount and provide the new URL to the user.
The clientURIs
field is optional but can be utilized as an additional security measure to ensure that the app cannot be intercepted and leveraged outside of your standard flows. Please provide the URIs as to where you are hosting the application (one or many can be provided here) in order to successfully load the application.
Upon successful generation of a session, Flinks will return a HTTPS 200 code and a sessionId
GUID - this represents the unique ID of the generated session (and all applicable user information) within the Flinks system.
This sessionId
will be appended to your base FlinkPay URL (provided at onboarding - for example https://{BaseURL}/app/?sessionId={{sessionId}} ) in order to generate the app session and have the user complete the flow. However, before imitating the application for your user, you must make sure that a Request-For-Money request has been initiated (see /PaymentRequests
) otherwise the user will be unable to complete the flow.