Open Banking API Platform
PSD2-compliant XS2A API to enable third-party providers to access customer accounts and data
More and more customers are looking for innovative banking solutions that make it easier for them to retrieve their account data and process their banking transactions. New entrants, in particular FinTechs, who are already implementing these new, user-friendly solutions, need standards for connecting to the account-holding payment service providers. The second EU Payment Services Directive PSD2 (Payment Services Directive 2) stipulates that banks as account-holding payment service providers must also grant third-party providers access to customer accounts (XS2A, Access to Account).
Our Banking API platform XS2A enables banks to realize both, customer requirements and those of the PSD2 directive. The requirements include the specifications of the relevant standardization bodies (such as the Berlin Group) as well as technical functions for implementing RTS (Regulatory Technical Standards) and EBA (European Banking Association) specifications. The APIs required for account access are based on the specifications of the EBA and the Berlin Group (NextGenPSD2). In close consultation with the banks, we continuously adapt the APIs to the regulatory requirements and committee specifications.
Components of the XS2A API Platform
Our Banking API contains the following components:
• API Management
• Business Logic
• Connectors towards TPP (Third Party Provider) and ASPSP (Account Servicing Payment Service Provider/Bank)
The API Management consists of five components:
Developer portal
The Developer Portal contains information about how third-party developers use the APIs. Within the documentation, developers can view the structure of the APIs and test them against a sandbox environment.
Administration
The TPP Management enables the administration of third-party providers. In the Banking API, you can enter the relevant attributes of a partner and define their access rights to the APIs.
Certificate
Secure access and identification of third-party providers are ensured by checking certificates based on the requirements of the eIDAS regulation.
Customer authentication
For strong customer authentication, the API application accesses the bank's third-party systems.
Monitoring/Analysis
For ongoing monitoring of API usage, the Banking API provides data for analysis. Transactions can be tracked and historical data can be accessed. In addition, predefined reports are provided for the APIs.
PSD2 XS2A
Comprehensive webservice catalogue according to the Berlin Group Standards.
API Management
Tools and additional functions, e.g. for partner management and connection or provision of own APIs.
Servicemodel SaaS
Operation of the components as SaaS provider in our banking data centers.
Open Banking
Various expansion opportunities towards an open banking platform.
PASS Web Services for XS2A
Data is transferred from the core banking system to the PASS Banking API via dedicated web services. According to the definition of the Berlin Group, the following use cases are supported:
For Account Information Service Providers (AISP)
- Consent to retrieve account information
- List of accessible accounts
- Details for all accessible accounts
- Credit balance for account
- Transaction information for account
For Payment Instrument Issuing Service Providers (PIISP)
- Confirmation of account coverage
For Payment Initiation Service Providers (PISP)
- One-off payments
- Multiple payments
- Recurring payments/standing orders
Software as a Service (SaaS)
Type of use
SaaS
Fee
Monthly fee for use incl. maintenance and operation based on monthly requests
Further developments
The customer benefits from the ongoing adaptation of the Banking API to the Berlin Group standards
Is an installation necessary?
No
Optimally suited for
All banks
Advantages
- Security regarding
- Investment protection
- Operation in a secure environment ( banking data center)
- Banks can concentrate on their core business
- Easy starting point for a bank to develop towards an open banking provider