Versions Compared

Old Version 8

changes.mady.by.user Martin Lacher

Saved on

compared with

New Version 9

changes.mady.by.user Martin Lacher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All finAPI customers must migrate to XS2A interfaces before the deadline given by the National Financial Supervisory Authorities (BaFin, FMA). This migration must be actively performed by finAPI customers by using new finAPI services.

Migration principle overview

Since mid September, finAPI Access provides the means to migrate to new XS2A interfaces. The migration of a bank connection can be performed by executing one simple new service call to connect a new XS2A interface to an existing bank connection. This way, existing data is kept and can be updated through new XS2A interfaces. finAPI customers can choose for themselves when they want to perform the migration for which (group) of their customers. Legacy interfaces and XS2A interfaces can be used in parallel in separate bank connections until BaFin ends the exemption period.

Migration schedule

finAPI customers have been given had the opportunity to start their migration development project since June 2019, when the first version of the new XS2A services has been released on the finAPI Alpha environment. The production version of the new finAPI XS2A services has been release released in the beginning of September.

Kunden, die die finAPI PSD2 Lizenz / Webform nutzen, sind von diesen Umstellungen weniger stark betroffen, da viele Änderungen hier schon seitens finAPI in die aktuelle Version unserer Webform übernommen wurden. Dennoch muss auch hier die Umstellung auf die aktuellen XS2A Schnittstellen von unseren Kunden aktiv vorgenommen werden. (siehe Abschnitt „Connect new interface“)

Allgemeine Informationen finden Sie hier:

·         Migrationsplan finAPI: https://teaminvest.jira.com/wiki/spaces/ACCDOC/pages/600997907/finAPI+Access+PSD2+Migration+Plan

Kunden mit einer eigenen Lizenz müssen sich bei den Banken für die Nutzung der Schnittstelle registrieren und die entsprechenden (TPP) Zugangsdaten bei finAPI hinterlegen. Auch das eIDAS Zertifikat muss bei finAPI hinterlegt sein.

·         Übersicht über die Verwaltung des eIDAS Zertifikats

https://teaminvest.jira.com/wiki/spaces/ACCDOC/pages/590315628/Using+your+own+eIDAS+Certificates+and+TPP+Credentials+in+finAPI+Access+PSD2

 

·         Übersicht über Banken und TPP Authentication

https://teaminvest.jira.com/wiki/spaces/ACCDOC/pages/604471604/TPP+registration+and+authentication

 

·         finAPI hat TPP Authentication Groups angelegt, für die diese TPP Zugangsdaten zu hinterlegen sind. Eine Übersicht über alle Gruppen erhält man als Admin unter dem Endpunkt

https://alpha.finapi.io/#!/TPP_Credentials/getAndSearchTppAuthenticationGroups

Die Zugangsdaten können dann für jede Gruppe über diesen Endpunkt hinterlegt werden

https://alpha.finapi.io/#!/TPP_Credentials/createTppCredential

Eine detaillierte Beschreibung aller API Änderung und der neuen Endpunkte ist hier zu finden:

·         Beachten Sie bitte besonders den Abschnitt 7. „Connect a new interface“, um bestehende Verbindungen mit dem XS2A Interface zu erweiternDue to the insufficient completion status of XS2A bank interfaces on the bank side, BaFin has granted an extended an ongoing period of allowed legacy interface usage (FinTS, Webscraping). In return, each market participant had to submit a migration schedule. The current finAPI migration schedule can be seen on this page: finAPI Access PSD2 Migration Plan.

All German finAPI customers have to fit their migration plans into the finAPI migration plan reconciled with BaFin, meaning the customer migration has to be completed at least until the migration deadlines in the finAPI migration schedule.

TPPs vs. unregulated Web Form customers

Concerning the XS2A migration, special requirements apply to TPPs that have an AIS/PIS licence from the National Financial Services Supervisory Authority. TPPs have to authenticate themselves with their proper TPP authentication means towards the ASPSP. At the very least this means, TPPs have to use their own eIDAS certificates for authentication. In addition, some ASPSPs require a TPP authentication, meaning TPPs have to register themselves with each ASPSP. For more details about this requirement and how it is supported in finAPI Access PSD2, see Overview: TPP Authentication towards PSD2 APIs using finAPI Accces PSD2.

Unregulated Web Form customers can use the builtin finAPI eIDAS certificate and TPP credentials. No additional activities are required.

Detailed technical migration documentation

https://teaminvest.jira.com/wiki/spaces/ACCDOC/pages/560955393/Concept+PSD2+Integration

...