PSD2-compliant XS2A API to enable third-party providers to access customer accounts and data
More and more customers are looking for innovative banking solutions that make it easier for them to retrieve their account data and process their banking transactions. New entrants, in particular FinTechs, who are already implementing these new, user-friendly solutions, need standards for connecting to the account-holding payment service providers. The second EU Payment Services Directive PSD2 (Payment Services Directive 2) stipulates that banks as account-holding payment service providers must also grant third-party providers access to customer accounts (XS2A, Access to Account).
The PASS Banking API platform XS2A enables banks to realize both, customer requirements and those of the PSD2 directive. The requirements include the specifications of the relevant standardization bodies (such as the Berlin Group) as well as technical functions for implementing RTS (Regulatory Technical Standards) and EBA (European Banking Association) specifications. The APIs required for account access are based on the specifications of the EBA and the Berlin Group (NextGenPSD2). In close consultation with the banks, we continuously adapt the APIs to the regulatory requirements and committee specifications.
The PASS Banking API contains the following components:
• API Management
• Business Logic
• Connectors towards TPP (Third Party Provider) and ASPSP (Account Servicing Payment Service Provider/Bank)
The API Management consists of five components:
The Developer Portal contains information about how third-party developers use the APIs. Within the documentation, developers can view the structure of the APIs and test them against a sandbox environment.
The TPP Management enables the administration of third-party providers. In the Banking API, you can enter the relevant attributes of a partner and define their access rights to the APIs.
Secure access and identification of third-party providers are ensured by checking certificates based on the requirements of the eIDAS regulation.
For strong customer authentication, the API application accesses the bank's third-party systems.
For ongoing monitoring of API usage, the Banking API provides data for analysis. Transactions can be tracked and historical data can be accessed. In addition, predefined reports are provided for the APIs.
Comprehensive webservice catalogue according to the Berlin Group Standards.
Tools and additional functions, e.g. for partner management and connection or provision of own APIs.
Operation of the components as SaaS provider in the PASS banking data centers.
Various expansion opportunities towards an open banking platform.
Data is transferred from the core banking system to the PASS Banking API via dedicated web services. According to the definition of the Berlin Group, the following use cases are supported:
For Account Information Service Providers (AISP)
- Consent to retrieve account information
- List of accessible accounts
- Details for all accessible accounts
- Credit balance for account
- Transaction information for account
For Payment Instrument Issuing Service Providers (PIISP)
- Confirmation of account coverage
For Payment Initiation Service Providers (PISP)
- One-off payments
- Multiple payments
- Recurring payments/standing orders
We provide you with user-friendly developer documentation to help you deploy our XS2A API Platform faster. Find detailed information on resources of the Banking API and a list of various data types, such as account details, account report and payment status.
|Software as a Service (SaaS)|
|Type of use||SaaS|
|Fee||Monthly fee for use incl. maintenance and operation based on monthly requests|
|Further developments||The customer benefits from the ongoing adaptation of the Banking API to the Berlin Group standards|
|Is an installation necessary?||No|
|Optimally suited for||All banks|