Authorising a recurring payment mandate

After successfully creating a recurring mandate, you can begin the end user authorisation journey

Ordo returns a URL in the response associated with the property vrpAuthUrl and is unique to each mandate request. You can present this to your customers by whichever mechanism is suitable in your application.

See below for an example URL:

To test this functionality end-to-end, Ordo’s staging environment includes the RBS and HSBC Bank sandbox applications, which are 3rd party applications that emulate a real bank and is used to simulate the customer authorising the set up of a recurring payment mandate.

This allows developers integrating into Ordo’s APIs to review and set up any created recurring payment mandate for testing, prior to promoting to your application to Production and live proving.

Worth nothing that we have both RBS and HSBC sandbox applications available as they both have limitations on the functionality they provide. RBS should be used primarily as mandates can be authorised and transactions under a mandate initiated. HSBC provides the ability to test the cancelling of a mandate (which RBS does not) and so this can be used when testing this process.

RBS - Staging environment for the end user experience

Navigate to the provided URL in the response after creating a recurring payment mandate request, which opens the Ordo Authorisation end user experience.

Review the parameters of the mandate under the "Mandate Details". Once you are happy with the details click Set Up Mandate to initialise the payment.

Select RBS as the Payment Bank and click I agree to authorise the mandate.

Click I Agree and Ordo will navigate you to RBS for authorisation.

At RBS, you will need to log in using the credentials below:


Customer Number

Username: 123456789012



Type the same number as you are asked for for PIN and password - i.e. 5 7 2 then 4 3 6



Some browsers warn that the Username/Password have been seen in a data breach. As this is not a ‘real’ bank, there is no risk associated with this. Therefore, please do not amend the login details as doing so will impact all other end customers.

RBS provides a list of bank accounts that can be debited.

Select the desired account you wish the amount to be taken out from, check that the VRP details match what you are expecting to see, then click Confirm VRP

You will then be redirected back to Ordo where the setup of the mandate will be completed.
If setup is successful, you will see the below screen. If a bdrRedirectURL was supplied when creating the mandate, clicking Finish will redirect you to the supplied URL.