VRP consent

Creating a consent and revoking a consent

📘

Purpose of VRP consent

The VRP consent defines the parameters within which sweeping VRP payments can be made

Setting up the VRP consent means a PSU does not have to authenticate individual payments with their bank (as they do with PIS) so long as the payment is within the parameters of the consent

The consent process generates a Consent ID which is used to make subsequent VRP payments

Providing VRP consent is the first step in the customer journey. If the PSU has not provided consent, then no VRP payments can be made

Consent parameters

There are 5 parameters contained in the consent – these are covered in detail further down this page:

  1. Time period – period during which the ‘Maximum amount per period’ is applied. User must select one of Day, Week, Fortnight, Month, Half-Year, Year
  2. Maximum amount per period – limit on the cumulative value of payments within the time period. User must populate this parameter
  3. Maximum amount per payment – limit on the value of an individual payment that can be made. User must populate this parameter
  4. Period start date – date the consent starts from. This can be left blank; see next slide for further details
  5. Expiry date – date the consent ends. This can be left blank; see next slide for further details

Creating a VRP consent

The diagram below provides a high-level overview of the VRP consent creation process.

Step 1: Listing the banks that support standing order initiation

As part of the consent authentication process the user will need to select their bank so that they can be directed to the relevant authentication URL.

You should use the GET ASPSPs API to fetch the latest list of banks and their supported capabilities (such as Sweeping VRP, Single Immediate Payments and Standing Order).

Only institutions that support the capability type SWEEPING_VRP and are Enabled should be offered to the end-user.

This list may change from time-to-time, as we add new banks or change their supported capabilities, so you must ensure that your application can handle changes dynamically.

[
  {
    "type" : "SINGLE_IMMEDIATE",
    "status" : "DISABLED"
  },
  {
    "type" : "STANDING_ORDER",
    "status" : "DISABLED"
  },
  {
    "type" : "SWEEPING_VRP",
    "status" : "ENABLED"
  }
]

Step 2: Create a VRP consent

Request

This request creates a VRP consent for authorisation by the payment service user. The consent can then be used to initiate one or more payments within the parameters contained in the consent.

When creating a consent, you can set various restrictions like start and end dates, individual payment limits, and periodic limits. Periodic limits let you determine the maximum amount that can be paid through the consent during a certain time period.

{
  "aspspId": "H100000001",
  "destination": {
    "type": "ACCOUNT",
    "id": "A1100001",
    "accountNumber": "12345678",
    "sortCode": "000000",
    "name": "Test"
  },
  "paymentConstraints": {
    "maximumIndividualAmount": {
      "currency": "string",
      "amount": 100
    },
    "periodicLimits": [
      {
        "currency": "string",
        "amount": 100,
        "periodAlignment": "string",
        "periodType": "string"
      }
    ]
  },
  "validFromDate": "2022-01-31T20:16:01.9Z",
  "validToDate": "2022-07-31T20:16:01.9Z",
  "type": "string",
  "reference": "Invoice ABC123"
}

Response - created

{
  "vrpConsentInitiationId": "I000000001",
  "redirectUrl": "https://www.bankofmoney.com/authorize"
}

Response - bad request

  {
    "field": "string",
    "code": "GENERAL",
    "errorCode": "string",
    "message": "string",
    "sourceService": "string"
  }

Consent parameter definitions

FieldDescriptionTypeRequest M/O/CValidation
aspspIdIdentifier of the payer’s ASPSP where the consent will be created. The ASPSP must have the “SWEEPING” capability enabled (which can be checked using our API).String 10MASPSP must have the sweeping capability enabled otherwise the request to create the consent must be rejected.
typeType of VRP consent that will be created. Must be one of “SWEEPING” or “NON_SWEEPING”. Note that “NON_SWEEPING” is not yet available.EnumMCan be one of:

- SWEEPING
- NON_SWEEPING. If NON_SWEEPING is submitted, request should be rejected with forbidden.
destinationDestination account details that will receive variable recurring payments initiated using this consent.ObjectM-
destination.typeIndicates the type of destination account. Use “ACCOUNT” if the destination account is a Modulr account otherwise use “SCAN” and provide the corresponding account details.EnumMCan be one of:

- ACCOUNT
- SCAN
destination.idIdentifier of the Modulr account when using “ACCOUNT” type.String 8 to 10CMust be provided if destination.type is ACCOUNT.
destination.accountNumberAccount Number of the destination account when using “SCAN” type.String 8CMust be provided if destination.type is SCAN.
destination.sortCodeSort Code of the destination account when using “SCAN” type.String 6CMust be provided if destination.type is SCAN.
destination.nameName of the destination account when using “SCAN” type.String 70CMust be provided if destination.type is SCAN.
paymentContraintsLimits that will apply to payments initiated using this consent.ObjectM-
paymentContraints.maximum
IndividualAmount
Maximum amount of any single payment initiated using this consent.ObjectM-
paymentContraints.maximum
IndividualAmount.amount
Maximum amount of any single payment initiated using this consent.StringMPositive amounts with a maximum of two decimal places.
paymentContraints.maximum
IndividualAmount.currency
Currency of the maximum individual amount. Must be specified in ISO 4217 format.StringMOnly allowable value is GBP.
Must be specified in ISO 4217 format.
paymentContraints.
periodicLimits
Maximum amount of all payments that can be initiated using this consent in a given period. If the periodAlignment is “Calendar”, the limit is pro-rated in the first period to the remaining number of days.ObjectM-
paymentContraints.
periodicLimits.amount
The maximum amount of all payments initiated using this consent in the specified period. At least one periodic limit is required.StringMThere must be at least one periodic limit supplied.
paymentContraints.
periodicLimits.currency
Currency of the maximum amount. Must be specified in ISO 4217 format.StringMOnly allowable value is GBP.
paymentContraints.
periodicLimits.periodAlignment
Specifies whether the period starts on the date of consent creation or lines up with a calendar.EnumMCan be one of:

- CONSENT
- CALENDARValidate that only one type is used per consent.
paymentContraints.
periodicLimits.periodType
Period type. Must be one of “DAY”, ”WEEK”, ”FORTNIGHT”, ”MONTH”, ”HALF_YEAR”, ”YEAR”.EnumMCan be one of:

- DAY
- WEEK
- FORTNIGHT
- MONTH
- HALF_YEAR
- YEARValidate that there are no duplicates.
validFromDateStart date time from which payments can be initiated using this consent. Must be specified using YYYY-MM-DDTHH:mm:ssZ format.

If you do not specify a value, the consent will be created using the value provided by the bank.
ISODateTimeOMust match YYYY-MM-DDTHH:mm:ssZ format.

Must be earlier than or equal to the valid to date.
validToDateEnd date time after which payments cannot be initiated using this consent. Must be specified using YYYY-MM-DDTHH:mm:ssZ format.

If you do not specify a value, the consent will be created using the value provided by the bank.
ISODateTimeOMust match YYYY-MM-DDTHH:mm:ssZ format.

Must be later than or equal to the valid from date.
ReferenceA reference to be used for the consent. Min 6 to max 18 characters. Can contain alphanumeric, '-', '.', '&', '/' and space.StringOMin 6 to max 18 characters. Can contain alphanumeric, '-', '.', '&', '/' and space.

Regarding the field paymentContraints.periodicLimits.periodAlignment the definitions for consent and calendar are as follows:

Period AlignmentDefinition
consentMaximum amount that can be paid during the defined time period (week, month, etc.) starts from the moment the user agrees the consent.
calendarMaximum amount that can be paid during the defined time period (week, month, etc.) is based on calendar dates. Should the user give consent halfway through a period, the maximum amount is proportionately adjusted to cover the remaining duration of that time period. For example, if a user sets a maximum amount of £10,000 per month and provides consent halfway through the month, for the remainder of that month they can pay £5,000. This will then reset back to £10,000 at the start of the next month.

Retrieve a VRP consent (optional)

Use the Consent ID to retrieve information about a given Variable Recurring Payment consent. Only the customer/partner that created the consent has access to read the consent.

{
  "aspspId": "H100000001",
  "destination": {
    "type": "ACCOUNT",
    "id": "A1100001",
    "accountNumber": "12345678",
    "sortCode": "000000",
    "name": "Test"
  },
  "paymentConstraints": {
    "maximumIndividualAmount": {
      "currency": "string",
      "amount": 100
    },
    "periodicLimits": [
      {
        "currency": "string",
        "amount": 100,
        "periodAlignment": "string",
        "periodType": "string"
      }
    ]
  },
  "reference": "Invoice ABC123",
  "validFromDate": "2022-01-31T20:16:01.9Z",
  "validToDate": "2022-07-31T20:16:01.9Z",
  "type": "string",
  "status": "string"
}

Consent Status Model

Consent StateDescription
AWAITING_AUTHORISATIONThe consent is awaiting authorisation by the payment service user.
AUTHORISEDThe consent has been successfully authorised.
REJECTEDThe consent has been rejected by the payment service user.
REVOKEDThe consent resource has been revoked by the payment service user.
EXPIREDThe consent has expired - only applicable if a consent expiry date was specified during consent set-up
ER_GENERALGeneric error occurred when processing the VRP consent initiation.
ER_EXTSYSThe VRP consent initiation failed because there was a problem communicating with the bank’s systems.

Revoke a VRP consent

Use the Consent ID to cancel a VRP consent - this removes the ability to make further variable recurring payments using the consent. Information about the consent can still be retrieved and viewed by the user after the consent has been revoked.

🚧

Warning

It is important to note that revoked consents cannot be reinstated. The user must create a new VRP consent if they wish to set up recurring payments. See ‘Create VRP consent’ for details.

Bank Specific Limitations

Some banks have limitations in their VRP behaviour, these can be found below:

BankLimitation
MonzoTheperiodicLimits.periodAlignment can be of type CONSENT only.

The periodicLimits.periodtypecan only be defined as MONTHLY or YEARLY