TPPs are responsible for obtaining a customer consent before calling the the AIS API. The customer consent is valid for a maximum of 90 days. For the PIS API the customer must sign every payment initiation.
All communication is encrypted with TLS.
We use the industry standard OAuth2 protocol for authorization. Your application will receive an access token and a refresh token.
Berlin Group standard
Our APIs follow the NextGen PSD2 Berlin Group standard for PSD2 XS2A.
The standard covers:
- Services (AIS, PIS and PIIS)
- Technical specifications such as transport- and applicative protocols
- Authorization protocols and data formats
- Security features such as TPP identification with eIDAS certificates, data encryption etc