The Payment Execution API allows third party payment initiators (PISPs) to execute payments on behalf of a Santander bank's client.
In its Sandbox version, the API is configurated to only accept some specific access_tokens. These access_tokens allow us to univocally identify a Banco Santander client, a partner TPP and the associated scopes.
The available access_tokens for Sandbox environment are the following:
In the Live (real) version of the API, each access_token should be obtained through the authorization process.
This parameter is the ID that identifies the TPP/PISP that has previously registered in the API Portal.
The API is protected by the authorization header. The TPP must indicate the access_token obtained after completing the OAuth 2.0 authorization process of the payment initiation.
Idempotency key associated to the operation. It allows the PISP to retry an operation if there has been a connection failure or timeout, guaranteeing that the side effects will occurr only once. It must be defined according to RFC4122 (header parameter). The size must be less than 40 characters and must expire after 24 hours. If the same idempotency key is received by the same PISP within 24 hours, a new operation will not be created and an error code of 409 will be returned.
Unique ID of the request, for monitoring purposes by the third party (Optional). Please use the Interaction-ID specified during initiation as other identifiers will be ignored.
The information required to execute the API. It contains the signature token (SOS-JWT-TOKEN) obtained from the Payment Initiation API response.