Flow description

Step 1: Obtain access token

Authorizing access to PayLater API follows OAuth 2.0  Client Credential Grant  flow.

  1. Obtaining access token

In this sub step, your application requests an access token from the bank server's token endpoint. You just need to call POST.../ paylater/production/auth/oauth/v2/token request and fetch the access token.

 

e.g.

POST:

POST /paylater/production/auth/oauth/v2/token HTTP/1.1

Content-Type: application/x-www-form-urlencoded

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 12345678987654345

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 139

client_id=123456789&client_secret=123456789&grant_type=client_credentials&scope=PAY_LATER

 

Response:

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Pragma: no-cache

Cache-Control: no-store

Content-Type: application/json;charset=UTF-8

Content-Length: 133

Date: Thu, 10 Jun 2021 12:24:59 GMT

Strict-Transport-Security: max-age=31536000; includeSubDomains

Vary: Accept-Encoding

{

"access_token":"1234567898765434534567865",

"token_type":"Bearer",

"expires_in":3600,

"scope":"PAY_LATER"

}

 

Step 2: Loan pre-calculation

In order to check information like loan duration, loan interest rate, installment amount before creation of the loan application, the client can pre-calculate this information in this request.

  1. Your application can call  PUT /paylater/production/v1/applications/precalculation request with valid access token.
  2. The bank server validates access token and returns requested loan information
  3. Loan informational parameters like loan duration, loan interest rate, installment amount etc. is provided

 

e.g.

PUT:

PUT /paylater/production/v1/applications/precalculation HTTP/1.1

X-Request-ID: 12345678976543

Authorization: Bearer 1234567876543456

Content-Type: application/json

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 12345678765434567

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 149

{

"loanAmount": 1500,

"capacityInfo": {

"monthlyIncome": 1500,

"monthlyExpenses": 500,

"numberOfChildren": 0

}

}

 

Response:

PUT /paylater/production/v1/applications/precalculation HTTP/1.1

X-Request-ID: 234567898765434567

Authorization: Bearer 234567890987654345678

Content-Type: application/json

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 123456789098765434567

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 149

 

{

"loanAmount": 1500,

"capacityInfo": {

"monthlyIncome": 1500,

"monthlyExpenses": 500,

"numberOfChildren": 0

}

 

Step 3: Request loan application

To request loan application, your application call POST /paylater/production/v1/applications request with valid access token.

  1. The bank server validates access token and returns applicationID and applicationProcessUrl
  2. After successful call to loan request, your application should redirect the user to provided applicationProcessUrl.
  3. Your application will receive status change information regarding any changes in loan application to given webhookUrl. Your application will obtain just information that some change has happened. About details of this change, your application will call GET /status method described further.

 

 

POST:

POST /paylater/production/v1/applications HTTP/1.1

X-Request-ID: 12345765

Authorization: Bearer 12345654

Content-Type: application/json

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 123456654

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 1170

 

{

"financeApplication": {

"order": {

"orderNo": "123_order_654",

"totalAmount": 1500,

"orderItems": [

{

"quantity": 1,

"totalItemPrice": 1500,

"itemDetail": {

"itemDetailSK": {

"itemName": "TheBike 27",

"itemDescription": "Best Bike for Mountains"

},

"itemDetailEN": {

"itemName": "TheBike 27",

"itemDescription": " Best Bike for Mountains "

}

},

"itemInfoURL": "http://ebike.eshop.test.sk/bestbike"

}

],

"orderPaymentData": {

"remittanceInformation": "bicycle"

},

"preferredLoanDuration": 3

},

"applicant": {

"externalApplicantId": "ext123bla",

"firstName": "John",

"lastName": "Doe",

"email": "john@doe.com"

},

"capacityInfo": {

"monthlyIncome": 1500,

"monthlyExpenses": 1000,

"numberOfChildren": 5

}

},

"webhookUrl": "http://test.webhook.url.sk/.....",

"redirectUrl": "http://test.eshop.sk/redirect....."

}

 

Step 4: Get application status

To get the status of loan application, your application initiates GET /paylater/production/v1/applications/123456787654/status with valid applicationID and token. You will receive applicationStatus.

There are two main usage flow of this method:

  1. Call this method after webhook received with information that application status was changed.
  2. Your proprietary application status check

e.g.

GET

GET /paylater/production/v1/applications/12345678876543456/status HTTP/1.1

X-Request-ID: 1234567897654

Authorization: Bearer a7da897a-ae40-4002-b738-61eff0364d07

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 1234567898765434567

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

 

RESPONSE:

{

"applicationStatus": "NEW"

}

 

Step 5: Cancel loan application

The client can cancel the loan application by DELETE / paylater/production/v1/applications/23456789876543 with valid applicationID and token.

 

e.g.

DELETE /paylater/production/v1/applications/234567897654 HTTP/1.1

X-Request-ID: 1234567876543

Authorization: Bearer 1234567876543

User-Agent: PostmanRuntime/7.28.0

Accept: */*

Cache-Control: no-cache

Postman-Token: 23456789876543

Host: api.tatrabanka.sk

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

 

RESPONSE:

HTTP/1.1 204 No Content

 

Step 6: Refresh Expired Access Token

When an access token obtained through a client credentials grant expires, your application should attempt to get a new access and refresh token by calling POST.../ paylater/production/auth/oauth/v2/token