Skip to content
Home
/
Our APIs
/
PayTo
/
Introduction
Last updated

Introduction

PayTo is a modern, digital payment solution that enables real-time, account-to-account payments directly from a customer's bank account.

Developed under the New Payments Platform (NPP) Australia initiative, PayTo is designed to replace traditional direct debit systems with a faster, more transparent, and secure alternative.

At its core, PayTo allows businesses to initiate payments only after customers have authorised a PayTo agreement via their banking app. This ensures greater control, visibility, and trust for both parties.

Why PayTo Matters for Businesses

PayTo transforms the way businesses manage payments by offering:

  • Real-time fund verification: Instantly checks for sufficient funds before initiating a payment.
  • Immediate settlement: Payments are cleared and settled 24/7/365.
  • Automatic reconciliation: Streamlines backend processes and reduces manual effort.
  • Flexible agreements: Modify payment terms with instant notifications to customers.
  • Low fixed fees: No percentage-based transaction fees, making it cost-effective.

Use Cases

The PayTo APIs allow merchants and channel partners (such as platforms supporting multiple merchants) to integrate PayTo capabilities into their systems, enabling seamless creation and management of PayTo agreements and payments. With these APIs, integrators can:

  • Create PayTo agreements with customers, which act as pre-authorized payment instructions
  • Retrieve agreement details to view or verify their current status and attributes
  • Update agreement status (e.g., pause, resume, or cancel) as needed
  • Amend existing agreements including changes to payment amounts, schedules, and other relevant details
  • Initiate payments against approved agreements in real-time
  • Fetch payment information to monitor processing outcomes and settlement statuses These APIs are designed for flexibility, security, and compliance, supporting both direct merchants and intermediaries who manage multiple channels or merchants under their umbrella.

Security Requirements

  • IP whitelisting - In order to access services provided by Commbank, you must be able to provide a list of whitelisted source IP addresses.
  • Mutual TLS Authentication (mTLS) - You will need to provide a client certificate for mTLS validation.
  • Oauth 2.0 - All requests are secured by the OAuth 2.0 standard. You will need to provide a client assertion to the IdP to receive the bearer token.

A detailed guide describing Oauth2 connectivity with our IdP will be provided to you during the onboarding process.

Ready to discuss your connectivity needs?

Contact us or speak to your Relationship Manager: sales.paas@cba.com.au

 
Next page
Terms of use
© 2025 Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945