Call to action for finAPI customers
All finAPI customers must migrate to XS2A interfaces before the deadline given by the National Financial Supervisory Authorities (BaFin, FMA). This migration must be actively performed by finAPI customers by using new finAPI services.
Migration principle overview
Since mid September, finAPI Access provides the means to migrate to new XS2A interfaces. The migration of a bank connection can be performed by executing one simple new service call to connect a new XS2A interface to an existing bank connection. This way, existing data is kept and can be updated through new XS2A interfaces. finAPI customers can choose for themselves when they want to perform the migration for which (group) of their customers. Legacy interfaces and XS2A interfaces can be used in parallel in separate bank connections until BaFin ends the exemption period.
finAPI customers have had the opportunity to start their migration development project since June 2019, when the first version of the new XS2A services has been released on the finAPI Alpha environment. The production version of the new finAPI XS2A services has been released in the beginning of September.
Due to the insufficient completion status of XS2A bank interfaces on the bank side, BaFin has granted an extended an ongoing period of allowed legacy interface usage (FinTS, Webscraping). In return, each market participant had to submit a migration schedule. The current finAPI migration schedule can be seen on this page: finAPI Access PSD2 Migration Plan.
All German finAPI customers have to fit their migration plans into the finAPI migration plan reconciled with BaFin, meaning the customer migration has to be completed at least until the migration deadlines in the finAPI migration schedule.
TPPs vs. unregulated Web Form customers
Concerning the XS2A migration, special requirements apply to TPPs that have an AIS/PIS licence from the National Financial Services Supervisory Authority. TPPs have to authenticate themselves with their proper TPP authentication means towards the ASPSP. At the very least this means, TPPs have to use their own eIDAS certificates for authentication. In addition, some ASPSPs require a TPP authentication, meaning TPPs have to register themselves with each ASPSP. For more details about this requirement and how it is supported in finAPI Access PSD2, see Overview: TPP Authentication towards PSD2 APIs using finAPI Accces PSD2.
Unregulated Web Form customers can use the builtin finAPI eIDAS certificate and TPP credentials. No additional activities are required.
Detailed technical migration documentation
For detailed technical migration documentation, please refer to:
page is now deprecated. We urge you to check out our new Access Public Documentation that we recently published instead, which covers all state-of-the-art information of our products.
Note: due to overall restructuring for our new Access Public Documentation, there might not be a corresponding page with the exact same content like this deprecated page in our new documentation. However, we make sure to already cover all information you need, including this content, in our new documentation.