PASS Open Banking Platform

Develop new banking solutions through PSD2 compliance

Open Banking API Platform

PSD2-compliant XS2A API to enable third-party providers to access customer accounts and data

More and more customers are looking for innovative banking solutions that make it easier for them to retrieve their account data and process their banking transactions. New entrants, in particular FinTechs, who are already implementing these new, user-friendly solutions, need standards for connecting to the account-holding payment service providers. The second EU Payment Services Directive PSD2 (Payment Services Directive 2) stipulates that banks as account-holding payment service providers must also grant third-party providers access to customer accounts (XS2A, Access to Account).

Our Banking API platform XS2A enables banks to realize both, customer requirements and those of the PSD2 directive. The requirements include the specifications of the relevant standardization bodies (such as the Berlin Group) as well as technical functions for implementing RTS (Regulatory Technical Standards) and EBA (European Banking Association) specifications. The APIs required for account access are based on the specifications of the EBA and the Berlin Group (NextGenPSD2). In close consultation with the banks, we continuously adapt the APIs to the regulatory requirements and committee specifications.

Components of the XS2A API Platform

Our Banking API contains the following components:
•    API Management
•    Business Logic
•    Connectors towards TPP (Third Party Provider) and ASPSP (Account Servicing Payment Service Provider/Bank)

The API Management consists of five components:

Developer portal

Developer portal

The Developer Portal contains information about how third-party developers use the APIs. Within the documentation, developers can view the structure of the APIs and test them against a sandbox environment.



The TPP Management enables the administration of third-party providers. In the Banking API, you can enter the relevant attributes of a partner and define their access rights to the APIs.



Secure access and identification of third-party providers are ensured by checking certificates based on the requirements of the eIDAS regulation.

Customer authentication

Customer authentication

For strong customer authentication, the API application accesses the bank's third-party systems.



For ongoing monitoring of API usage, the Banking API provides data for analysis. Transactions can be tracked and historical data can be accessed. In addition, predefined reports are provided for the APIs.

XS2A API Platform Highlights



Comprehensive webservice catalogue according to the Berlin Group Standards.

API Management

API Management

Tools and additional functions, e.g. for partner management and connection or provision of own APIs.

Servicemodel SaaS

Servicemodel SaaS

Operation of the components as SaaS provider in our banking data centers.

Open Banking

Open Banking

Various expansion opportunities towards an open banking platform.

PASS Web Services for XS2A

Data is transferred from the core banking system to the PASS Banking API via dedicated web services. According to the definition of the Berlin Group, the following use cases are supported:

For Account Information Service Providers (AISP)

  • Consent to retrieve account information
  • List of accessible accounts
  • Details for all accessible accounts
  • Credit balance for account
  • Transaction information for account

For Payment Instrument Issuing Service Providers (PIISP)

  • Confirmation of account coverage

For Payment Initiation Service Providers (PISP)

  • One-off payments
  • Multiple payments
  • Recurring payments/standing orders

Further web services

In addition to XS2A, we have opened our Open Banking and can also map processes in the following areas:

  • Master data

  • Taxes

  • Limits

  • Overnight and term deposit

  • Sanction check

  • Payment transactions

  • Sales inquiries

  • Loans

  • Various technical interfaces

  • Securities business

Our Services

Our service includes:

  • Consulting
  • Licensing
  • Integration
  • Test support
  • Software as a Service (SaaS)

Usage model of the XS2A API Platform

Software as a Service (SaaS)

Type of use



Monthly fee for use incl. maintenance and operation based on monthly requests

Further developments

The customer benefits from the ongoing adaptation of the Banking API to the Berlin Group standards

Is an installation necessary?


Optimally suited for

All banks


  • Security regarding
    • Investment protection
    • Operation in a secure environment ( banking data center)
  • Banks can concentrate on their core business
  • Easy starting point for a bank to develop towards an open banking provider

Ole Barkmann

PASS Consulting Group

+49 60 21 . 38 81 75 15