PSD2 in a Nutshell
The primary goal of the Payment Service Directive-2 (PSD2) is to create a single integrated market for payment services by standardizing the regulations for banks and payment service providers. The PSD2 will induce transparency and fair competition, and will strengthen the user’s requirements of being offered secure payments services.
- All Services require an online-accessible current account
- The Payment Service User (PSU) must have the power of attorney to his account
- You must present a valid eIDAS certificate and a certification from a National Central Authority
Account Information Service | AIS
The Account Information Service is an online service for providing consolidated information like balances and transaction details for one or more payment accounts held by the Payment Service User (PSU) by means of third parties. Access to the account requires Strong Customer Authorization by the PSU.
- Transaction movements available in JSON and camt.52, optionally with balances
- Movements available for up to 2 years
- Recurring Customer consent valid for 90 days
Payment Initiation Service | PIS
The Payment Initiation Service offers the option for initiating bank transfers by means of third parties. The transaction must be authenticated by the Payment Service User (PSU). The bank will provide in regard to the submitted order response messages to the Third Party Provider (TPP).
- Reception of payment orders in pain.001- or JSON-format
- Payment status in JSON available
- Real-Time booking engine
Confirmation of Funds | CoF
The Confirmation of Funds service is intended to check the availability of funds in case of a payer-initiated payment transaction request through an online channel that uses card based payment tools.
- Response also takes the overdraft on the account into consideration
Testing / Testdata
The sandbox is the dedicated environment for testing your application. It contains a simulator for the various API responses. You may use any REST capable client like POSTMAN for execution but you need to use the provided credentials (Client-ID and Client Secret).
The simulator only supports the exact requests explained in the documentation of each API. To get a response the request has to match specific input parameters like IBAN, consent-ID, transaction-ID, etc. If the simulator gets a request that does not match a request from the documentation, it will return a correlating error message.
The security mechanisms of the sandbox are the same as of the productive environment. In contrast to productive environment the sandbox has no consent page for the authorization code grant flow. The consent is given implicitly allowing you for testing the complete flow without any physical user interaction.
Please check out all necessary information regarding our test data. The test documentation can be downloaded from the link given in the footer of the API Portal. The link will be visible for users logged in to the portal.