Versions Compared

Old Version 4

changes.mady.by.user Martin Lacher

Saved on

compared with

New Version 5

changes.mady.by.user Martin Lacher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Please note that in order to use an XS2A API of any ASPSP, a Client MUST have at least one global eIDAS QWAC and / or QSeal Certificate.

finAPI performs all registration and authentication activities for finAPI customers who use the finAPI PSD2 Licence to access ASPSP APIs.

Developer Portals

Common structure and capabilities

...

Registration can be required in order to gain the full access to a developer portal. As a rule the following details must be provided: name and surname, email, company, country. For example:

Image Removed

Additionally the following details may be asked to be added: VAT number, license number, etc. All these information are needed for further validation at production environment.

Some Banks (for example UniCredit) may require to upload a valid eIDAS Certificate to gain access to related documentation and Application application registration.

ING Bank allows to login with GitHub account.

Some Developer Portals does developer portals do not require registration and application creation (for example https://psd2.developer.commerzbank.com/). This means that only QWAC and/or QSeal are required in order to reach XS2A.

Creating

...

an application

After being signed in to Developer Portalthe developer portal, creation of an application may be required to receive Client Credentials client credentials for communication with the API in addition to the eIDAS Certificatecertificate.

Commonly you have to provide a name of the application, application description, platform. Additionally you may be asked to fill in redirect URL (if Redirect SCA is selected by the Bank), application type, programming language, upload application or company logo, etc. For example:

Image Removed

If a Bank has branches in different countries, users may be asked to which Bank bank they would like to connect. Note that standard , SCA approach and other characteristics may differ for branches in different countries. Banks require a TPP to subscribe to used APIs the APIs that the TPP wants to use (AISP, PISP).

Some Banks require to enable and configure OAuth2 to proceed and / or upload eIDAS Certificates.

After Application creation Client ID and Client Secret (in some cases API key) are generated. For example:Image Removed

Client Secret is usually shown only once. These Credentials will be required further in order to gain Access Token an access token and execute requests to the endpoints.

All sensitive data (QWAC, QSeal, Client ID, Client Secret, API Key) is can later be easily and securely managed and stored in finAPI Access PSD2 securely.

In some cases a user have TPP has to wait Bankfor the bank's approval after the Application application creation or Developer Portal developer portal registration.

QWAC and QSeal

...