Obtain the VRPType=Other (non-sweeping) permission from the ASPSP; note that commercial VRP requires bilateral agreement with the ASPSP beyond standard open banking registration
Create the domestic-vrp-consents resource with ControlParameters specifying MaximumIndividualAmount, MaximumMonthlyPaymentAmount, PeriodicLimits, ValidFromDateTime, ValidToDateTime, and CreditorAccount locked to your merchant account
Redirect the PSU through the ASPSP's SCA authentication flow; capture the consent ID and confirmation that the PSU has authorised the mandate
Store the refresh token or long-lived consent token; access tokens are short-lived but the consent persists — use the consent ID to initiate individual payments without per-payment SCA
Initiate each VRP payment by POSTing to domestic-vrp-payments referencing the ConsentId; enforce that InstructedAmount is within the ControlParameters before calling the API
Monitor the consent status via GET domestic-vrp-consents/{ConsentId}; handle Revoked status (PSU cancelled in their bank app) and Expired status gracefully
Known gotchas
Commercial VRP is not available through the standard open banking directory alone — you need a bilateral contract with each ASPSP, and coverage is currently limited to specific UK banks
ControlParameters are enforced by both your side and the ASPSP; if you submit a payment that exceeds PeriodicLimits the ASPSP will reject it — pre-validate client-side to avoid unnecessary API errors
The PSU can revoke the mandate at any time from their bank's app without notifying you directly; poll consent status before each payment or handle the revoked-consent error response
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp