Open Banking

PSD2 Core Services

The following services are available to third-party providers:

  • Account information services - a set of services that allow third-party service providers to access customer accounts, balances, and transactions with customer consent.
  • Payment initiation services - a set of services that allow third-party service providers to initiate a payment on behalf of a client. There are also services available for checking the payment status and obtaining payment information. PSD2 states that all electronic transactions must be strictly authenticated by customers, so after initiating a payment, the customer authorizes the payment with the ASPSP authorization tool.
  • Confirmation of funds service - a service that allows you to check whether a given amount of money is available in a particular account.

Below is the list of APIs available in Open Banking System.


Accounts Information Services endpoints



Reads a list of bank accounts, with balances where required.



Give detailed balance information about the addressed account.



Read transaction reports or transaction lists of a given account.



Reads details about an account, with balances where required.


Consents endpoints



Returns the content of an account information consent object.



Terminates the addressed consent.



Creates an account information consent resource at the ASPSP



Returns the SCA status of the authorisation.



Read the consent status of the addressed consent resource.


Funds confirmation endpoints



Creates a confirmation of funds request at the ASPSP.


Payment Services Endpoints



Returns the transaction status of the payment.



Returns the SCA status of the authorisation.



Returns a list of all authorisation sub-resources IDs which have been created.



Creates a payment initiation request at the ASPSP.



Returns the content of a payment object.

More information is available in Sandbox section.


Authorization to Open Banking is based on Oauth2 Protocol

For the OAuth approach the individual steps of the SCA are not executed at the XS2A interface, but directly between the PSU and the ASPSP. In this case, the PSU is redirected to a web interface of the ASPSP for authentication.

Once the PSU has been redirected to the ASPSP the SCA of the PSU is executed step by step and directly between the ASPSP and the PSU. After completion of the SCA the PSU is redirected back to the TPP. The following figure shows the top level information flow for a account information request with SCA based on the OAuth approach.

When applying the OAuth approach the TPP does not need detailed information about the individual steps of the SCA of the PSU. The redirect approach therefore allows the TPP to avoid the implementation of the different SCA methods at its PSU – TPP interface.

- sandbox_user_guide.pdf

- postman_user_guide.pdf