Skip to main content

First Time and Returning User FlowsDeprecated

caution

This section includes information around Stitch products and features that are now deprecated. Deprecated aspects of Stitch's plaform are no longer being supported or improved upon.

If you are currently using a deprecated Stitch product, please consider upgrading to one of our newer and equivalent offerings.

First time and returning LinkPay users need to go through different flows in order to complete a payment request. For first time users, they'll need to link and authorize their account, which gives back a user and refresh token pair to the client. The user token can then be used to initiate subsequent payments by the same user from that account, while the refresh token can be used to get a new user token once the current token expires.

note

Each token is linked to the specific bank account the user authorized. This means the user can link multiple bank accounts, so the client needs to store each of these tokens (just the refresh token and token ID) and link them to the user and bank details on your end.

First Time User Flow

For first time users, they'll need to authorize and set up payments to a specific beneficiary. This process is initiated via a payment authorization request.

Once the authorization request has been completed, you can use the authorization code to obtain a user token by following the user authentication guide. This token can be used to initiate payments at any time, using the userInitiatePayment mutation on the Stitch API. If no user interaction is required, the payment will complete instantly.

However, if an interaction such as multifactor authentication is necessary, then the user may be presented with a web interface within your application, allowing them to complete the payment after supplying the required input.

caution
  • We advise that you securely store only the refresh token and token ID from the user token response.
  • The refresh token will only be returned if the offline_access scope is added to the list of scopes when requesting for the authorization code.

The basic flow for a first time user is as illustrated below. To edit the diagram for your illustration purposes, you can use this Mermaid Live Editor link to start off.

Returning User Flow

Once they have one or more accounts linked, and the refresh token securely stored, returning users can easily initiate payment. The refresh token can also be used to automate user-not-present payments e.g. for recurring billing scenarios.

However, just like in the first time linking flow, sometimes user interaction will be required, such as multifactor authentication. Please refer to the user interaction required guide to learn more about the possible user interaction scenarios.

The basic flow for a returning user is as illustrated below. To edit the diagram for your illustration purposes, you can use this Mermaid Live Editor link to start off.