Use this call to initiate a new transaction. After this call, you should redirect the user to the issuer_authentication_url that you receive in the response of this request.


  "merchant_token": "3c01abeb-b031-4fea-9f2d-c55c283cd78e",
  "identity": true,
  "name": true,
  "gender": true,
  "address": true,
  "date_of_birth": true,
  "18y_or_older": true,
  "email_address": true,
  "telephone_number": true,
  "issuer_id": "RABONL2U",
  "entrance_code": "string",
  "merchant_return_url": "string",
  "language": "nl",
  "transaction_reference": "7defa5c6-7651-45cd-9016-f9027dc4dda9"


merchant_tokena guid string that is unique and private to you as a merchant. Do not share this key, keep it safe. Example 3c01abeb-b031-4fea-9f2d-c55c283cd78e
issuer_idAn identifier for the bank which the customer has chosen. /[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}/
entrance_codeThis is a token that will allow you to rejoin the user to his session when he returns. It can be a maximum of 40 characters and should only contain the characters a-z, A-z and 0-9. It should only be valid once and needs to be random enough (best use a cryptographically secure random generator), to avoid the possibility of replay attacks.
merchant_return_urlThe place where the issuing bank should redirect the user to at the end of the flow. The bank will append two query parameters to this url when returning the user to you, trxid and ec. The latter will contain the value of entrance_code, trxid is the transaction_id that you will receive in this request. When not specified, a default can you be used which you specified with CM.

Optional parameters

identityRetrieve a uniquely identifying token with the bank for this consumer that is consistent across multiple sessions.
nameRetrieve the name information associated with this consumer.
genderRetrieve the gender of this consumer.
addressRetrieve address information associated with this consumer.
date_of_birthRetrieve the birthdate of the user.
18y_or_olderRetrieve if this user is known to be 18 years or older.
email_addressRetrieve the email address associated with this consumer.
telephone_numberRetrieve the telephone number associated with this consumer.
languageThe 2 character language code in which to return the results. Can be either nl or en for Dutch or English. This is a preferred language, not all banks support all languages.
transaction_referenceA custom reference you can provide that we will add to the transaction, making it possible for you to distinguish transactions.


  "transaction_id": "string",
  "issuer_authentication_url": "https://issuerserver/transaction",
  "merchant_reference": "string",
  "transaction_reference": "7defa5c6-7651-45cd-9016-f9027dc4dda9"


transaction_idA public token ID for this transaction. You should store this with your session data, so that at any point, you can make a callback to the CM API and retrieve the status and/or results. Note that it is not guaranteed that your user will return to you via your merchant_return_url. A connection might be dropped, a user might accidently close a window, or he might trigger the back button and return that way. This id is the only way you can retrieve any information in that case.
issuer_authentication_urlThe location with the issuing bank to which you should now forward the customer.
merchant_referenceA private reference ID for accounting purposes. Send this together with the transaction_id when making a status request.
transaction_referenceThe optional custom reference you provided when creating the transaction. If not provided, will return null.

Response codes

HTTP statusDescription
200Successful transaction
400Invalid request. See message for details.
403Authorization required
500Server error. See message for details.
503Service unavailable. See message for details.

What’s Next