Skip to main content

Consent via Hosted UI

Flow

This flow allows card details to be collected securely via a Stitch-hosted interface, after a consent request is created. Consent is granted on the request once the user completes the card collection journey successfully.

  1. Initiate a consent request.
  2. Direct the user to the returned URL.
  3. Receive a payment-consent-request webhook.

The GraphQL API URL https://api.stitch.money/graphql can be used for all consent requests (whether on test or live clients).

The ID of this consent request is the card token. At this point in the flow the consent request will be in a PENDING state. The token may only be used for payments once the consent request is in a GRANTED state.

The URL returned by the API requires that a valid redirect_uri is appended to it, as an additional query string parameter. Once you direct a user to this URL, they will be guided through the process of providing their card details, and completing any required verification steps (such as 3D-secure verification).

For example, if you choose to redirect your user to the whitelisted URL https://example.com/payment, you'd append the following additional query string to the url returned from the API: &redirect_uri=https%3A%2F%2Fexample.com%2Fpayment. The full URL you would expose to the user should look similar to the following:

https://secure.stitch.money/v2/consent/card?requestId=c9b66d11-b565-44ff-b613-33b86a3a61a8&redirect_uri=https%3A%2F%2Fexample.com%2Fpayment

If you are subscribed to payment-consent-request webhooks, you will receive an update once the consent request has reached a GRANTED state.