CBA Logo

Developer Portal

Last updated 2 weeks ago

Introduction

PayTo is a modern, digital payment solution that enables near real-time, account-to-account payments directly from a customer's bank account. PayTo is designed to replace traditional direct debit systems with a faster, more transparent, and secure alternative.

At its core, PayTo allows businesses to initiate payments only after customers have authorised a PayTo agreement via their banking app. This ensures greater control, visibility, and trust for both parties.

Why PayTo Matters for Businesses

PayTo transforms the way businesses manage payments by offering:

  • Near real-time fund verification: Instantly checks for sufficient funds before initiating a payment.
  • Immediate settlement: Payments are cleared and settled 24/7/365.
  • Automatic reconciliation: Streamlines backend processes and reduces manual effort.
  • Flexible agreements: Modify payment terms with instant notifications to customers.

Use Cases

The PayTo Send APIs allow merchants to integrate PayTo capabilities into their systems, enabling seamless creation and management of PayTo agreements and payments. With these APIs, integrators can:

  • Create PayTo agreements with customers, which act as pre-authorized payment instructions
  • Retrieve agreement details to view or verify their current status and attributes
  • Update agreement status (e.g., pause, resume, or cancel) as needed
  • Amend existing agreements including changes to payment amounts, schedules, and other relevant details
  • Initiate payments against approved agreements in near real-time
  • Fetch payment information to monitor processing outcomes and settlement statuses These APIs are designed for flexibility, security, and compliance, supporting both direct merchants and intermediaries who manage multiple channels or merchants under their umbrella.

Security Requirements

  • IP whitelisting - In order to access services provided by Commbank, you must be able to provide a list of whitelisted source IP addresses.
  • Mutual TLS Authentication (mTLS) - You will need to provide a client certificate for mTLS validation.
  • Oauth 2.0 - All requests are secured by the OAuth 2.0 standard. You will need to provide a client assertion to the IdP to receive the bearer token.

A detailed guide describing Oauth2 connectivity with our IdP will be provided to you during the onboarding process.

Ready to discuss your connectivity needs?

Contact us or speak to your Relationship Manager: [email protected]