Pushed Authorisation Requests (PAR)

Pushed Authorisation Requests are now the preferred way of initiating a payment with Moneyhub. From a high level, the information required for an authorisation request is pushed directly to our identity service, and in return, you get a request URI. This value is used to reference the request information provided. (See the above recipe for PAR in action)

πŸ“˜

If you wish to use Pushed Authorisation Requests, we recommend that you set the Request Object Signing algorithm to none in the Admin Portal.

The security that is gained from PAR means the request object signing isn't required. If request object signing is turned on, you will have to send a signed request object to the PAR end point.

Creating a Pushed Authorisation Request URL

  1. Gather the authorisation parameters you require that would go in a normal authorisation URL (see Creating an Authorisation URL
  2. Put the parameters in a request body, the request should have content type of application/x-www-form-urlencoded
  3. Add to the request the required authentication that you would use for the token end point. (See Authentication)
  4. Send the request to https://identity.moneyhub.co.uk/oidc/request
  5. From the response, extract the request_uri
  6. Create the authorisation URL in the format: https://identity.moneyhub.co.uk/oidc/auth?request_uri=<request_uri>