With Connexis Cash APIs, there are 2 Strong Contumer Authentications (SCA) required from the user:
- When the user authenticates himself to access Connexis Cash environment through the Redirect approach in the OAuth token generation
- When the user wants to authorize a payment.
SCA screen during OAuth token generation
This authentication process must be performed by the client for any service he wants to use: AISP, PISP and PIISP. It allows him to access the Connexis Cash environment.
1. After the client is redirected to Connexis Cash log in page, the client connects the same way as today : He enters his Authentication ID and his 6-digit password (OTP).
2. If the user has access to several entities, he is redirected to a page to choose the one he wants to work in
PISP SCA screen
When the client initiates a payment, at the final stage, he needs to authorize/sign it. This must be done through SCA.
The PISP redirects the user to Connexis Cash, where this one was previously authenticated.
The challenge code (OTP) requested from the user includes a dynamic link as defined under Article 5 of the RTS. After finalizing the strong authentication, Connexis Cash redirects the user to the TPP interface.
ONE TIME PASSWORD (OTP)
The customer obtains his OTP, allowing him to log in or to authorize a payment, through his physical token or his Connexis Pass application (screen of mobile application) :