Workflow and perimeter of the integration

Workflow and perimeter of the integration

The signing and validation of electronic mandate offered by the SPS-Signature service can be integrated directly into the creditor’s website as a new means of payment.

The following document aims to assist the creditor during the implementation of the SPSSIGNTAURE web service within its service.

Description of the workflow

  1. The client has chosen the Sepa Direct Debit option as a mean of payment.

  2. The creditor initiates the e-mandate signature/validation transaction through a web service call. In response, the SPS Signature service sends to the creditor a secured URL in which the client will be redirected. (Ws Method: InitSession)

  3. The client is redirected to the secure URL generated in step 2.

  4. The client fills his Banking information so that SPS-SIGNATURE can generate an emandate.

  5. The client checks that the e-mandate he will sign/validate is correct.

  6. The client gives his consent (agreement) by the use of a One Time Password Code (OTP)
    sent by SMS or EMAIL.

  7. The SPS-SIGNATURE service triggers a Direct Debit payment through SPS (optional).

  8. The client is informed that the e-mandate has been signed/validated. Additionally he can
    download the signed/validated mandate.

  9. The client is redirected to the creditor’s page. (Using a pre-defined URL declared in step 2)

The detailed description of the steps 4, 5, 6, 7 et 8 is in the document: « SPS-SIGN User Guide (UK) v2.0.pdf ».

Technologies Involved

The integration of SPS Signature involves using the following technologies.
Client (Debtor)
HTML (For the SPS-SIGNATURE redirection)
Creditor Server
- SOAP Web service calls using WS-Security protocol. Its main focus is to provide end-toend security.
- Digital Certificate (also known as Public Key Certificate): X.509 digital certificates

Technical exchanges between the creditor and SPS-SIGNATURE
Initialization of the session in SPS-SIGNATURE -> initSession(Required)
Started by the Creditor -> SPS Signature
Technology The SOAP request is signed in accordance with the WS-Security protocol and with the given the X509 certificate
Retrieve the status of the session -> GetSessionStatus (Optional)
Started by the Creditor -> SPS Signature
Technology The SOAP request is signed in accordance with the WS-Security protocol and with the given the X509 certificate
Cancel the session -> CancelSession (Optional)
Started by the Creditor -> SPS Signature
Technology The SOAP request is signed in accordance with the WS-Security protocol and with the given the X509 certificate