Pular para o conteúdo

JSR — Journey without redirection

Lina's initiation APIs for JSR (Journey without redirection / redirectless) are designed to shorten integration time so you can offer a modern payment experience on Open Finance — including Instant Pix and Scheduled Pix after the payer completes a one-time enrollment at their bank.

Automatic Pix (automatic payments) will follow different routes; that flow will be documented separately.

Part 1 — Enrollment (link the device once)

Before any redirectless payment, the end user must complete an enrollment: your app opens a bank redirect once, the user confirms the link at the account holder, then your relying-party page receives OAuth-style parameters in the URL fragment (#), not the query string.

  1. Obtain an access token (same OAuth pattern as the rest of Lina Pay).
  2. Call GET /api/v1/open-integration/participants/registered with header subTenantId so the user can pick an institution.
  3. Call POST /api/v1/jsr/enrollments with organisationId, AuthorisationServerId, nested enrollment data, riskSignals, and redirectUrl. The API returns id (treat this as the enrollment identifier for later paths) and redirectUrl where the user completes consent at the bank.
  4. After the bank finishes, the browser lands on your redirectUrl with a fragment such as #code=...&id_token=...&state=.... Parse the fragment and send code, state, and id_token as code, state, and idToken to POST /api/v1/jsr/enrollments/device/options (plus tenantId and platform).
  5. Use the returned FIDO2 registration options with navigator.credentials.create() on the user's device.
  6. POST the WebAuthn credential payload to POST /api/v1/jsr/enrollments/<id>/device (see Register enrollment device). When status is AUTHORISED, enrollment is complete and you can offer redirectless payments for that link.
JSR enrollment — institution selection, bank redirect, FIDO2 device registration

Part 2 — Redirectless payment (after enrollment)

Precondition: an enrollment exists with status AUTHORISED.

  1. The user selects which enrollment to pay with (enrollmentId).
  2. Call POST /api/v1/jsr/consents with payment payload and FIDO context (fidoSignOptions minimal fields for the API). The response is 201 with consentId and FIDO2 assertion options (fidoSignOptions).
  3. Trigger navigator.credentials.get() (biometrics, PIN, security key, etc.) and collect the assertion.
  4. Call POST /api/v1/jsr/payments with enrollmentId, riskSignals, fidoAssertion, and paymentRequestId when required by your integration (see OpenAPI). Lina authorises and settles with the ASPSP.
  5. Render success or failure from the payment request payload (status such as PAGO or terminal error states).
JSR payment — consent + FIDO assertion without bank redirect

Automatic payments

Automatic Pix uses additional routes and a different sequence diagram. That documentation will be added in a future iteration.

Next steps