CBA Logo

Developer Portal

Last updated 2 weeks ago

Introduction

PayTo is a modern, digital payment solution that enables near real-time, account-to-account payments directly from a customer's bank account. PayTo is designed to replace traditional direct debit systems with a faster, more transparent, and secure alternative.

At its core, PayTo allows businesses to initiate payments only after customers have authorised a PayTo agreement via their banking app. This ensures greater control, visibility, and trust for both parties.

Why PayTo Matters for Businesses

PayTo transforms the way businesses manage payments by offering:

  • Near real-time fund verification: Instantly checks for sufficient funds before initiating a payment.
  • Immediate settlement: Payments are cleared and settled 24/7/365.
  • Automatic reconciliation: Streamlines backend processes and reduces manual effort.
  • Flexible agreements: Modify payment terms with instant notifications to customers.

Use Cases

The PayTo Send APIs allow merchants to integrate PayTo capabilities into their systems, enabling seamless creation and management of PayTo agreements and payments. With these APIs, integrators can:

  • Create PayTo agreements with customers, which act as pre-authorized payment instructions
  • Retrieve agreement details to view or verify their current status and attributes
  • Update agreement status (e.g., pause, resume, or cancel) as needed
  • Amend existing agreements including changes to payment amounts, schedules, and other relevant details
  • Initiate payments against approved agreements in near real-time
  • Fetch payment information to monitor processing outcomes and settlement statuses These APIs are designed for flexibility, security, and compliance, supporting both direct merchants and intermediaries who manage multiple channels or merchants under their umbrella.

Security Requirements

  • IP whitelisting - In order to access services provided by Commbank, you must be able to provide a list of whitelisted source IP addresses.
  • Mutual TLS Authentication (mTLS) - You will need to provide a client certificate for mTLS validation.
  • Oauth 2.0 - All requests are secured by the OAuth 2.0 standard. You will need to provide a client assertion to the IdP to receive the bearer token.

A detailed guide describing Oauth2 connectivity with our IdP will be provided to you during the onboarding process.

Ready to discuss your connectivity needs?

Contact us or speak to your Relationship Manager: [email protected]

API Reference

This API follows RESTful principles and provides a simple way to integrate PayTo functionality into your systems. It uses semantic versioning to ensure backward compatibility and includes idempotency support through the x-idempotency-id header to prevent duplicate transactions. The API is designed to be developer-friendly while maintaining the security and reliability required for financial transactions.

Agreements

Endpoints for creating, managing, and retrieving PayTo agreements between creditors and debtors.

POST/agreements

Create Agreement

Creates an **agreement** which allows the creditor to pull funds from a debtor account.

GET/agreements/{id}

Get Agreement

Retrieve a single agreement

PATCH/agreements/{id}

Modify Agreement

Modify an existing agreement.

POST/agreements/validate

Validate Agreement

Validation step to be used before creating an Agreement to ensure that the agreement can be successfully created between the two parties.

PATCH/agreements/{id}/status

Change Agreement Status

There are three types of agreement states changes that could be requested; **'cancel'**, **'suspend'** and **'release'**.

Payments

Endpoints for initiating, managing, and retrieving payment transactions under PayTo agreements.

POST/agreements/{id}/payments

Create Payment

This endpoint allows you to debit an Agreement by creating a **payment**.

GET/payments/{id}

Get Payment

Get the details of a payment

Utilities

Endpoints for auxiliary operations such as health checks and other supporting functionalities.

GET/agreements/health

Health Check

Health check endpoint.

Loading API specification...