APIs
Forum | Topics | Posts | Last post | |
---|---|---|---|---|
Access account information, read only. Most endpoints return previous day information and so should be called no more than once a day
|
0
|
0 | n/a | |
Access account information, read only. Most endpoints return previous day information and so should be called no more than once a day
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not an replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mention in the Implementation Guidelines.**
Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API have to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
� � � � � � � � � � � � � � � � � � � � � � � � � � �
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not an replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mention in the Implementation Guidelines.**
Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API have to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
� � � � � � � � � � � � � � � � � � � � � � � � � � �
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
Security validations done in TPP's security context (client secret and client certificate)
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not an replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mention in the Implementation Guidelines.**
Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API have to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
� � � � � � � � � � � � � � � � � � � � � � � � � � �
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
SMS and Mail services
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Warning!
This API Requires the following additional private claims in the content-authorization header JWT:
AccountID, PerformerID, CustomerID.
CustomerID
PerformerID
|
0
|
0 | n/a | |
Warning!
This API Requires the following additional private claims in the content-authorization header JWT:
AccountID,PerformerID,CustomerID.
|
0
|
0 | n/a | |
CustomerServices
|
0
|
0 | n/a | |
This API Requires the following additional private claims in the content-authorization header JWT: PerformerID
|
0
|
0 | n/a | |
בדיקה האם משתמש מורשה לאירוע הרשאות
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
FeeServices
|
0
|
0 | n/a | |
HelpDesk Services for External incoming requests
|
0
|
0 | n/a | |
InternalCommunicationServices
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Send lead to the bank
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Access code flow
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Issue B2B token
|
0
|
0 | n/a | |
Access code flow.
NO application scope check.
PKCE secured.
Token exchange mtls enforcement against x-Client-Certificate or TLS handshake.
Access token live 1 week, can be refreshed up to 2600 times = 50 years
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
1
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Secure echo service, to be exposed on a TPP facing gateway
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
0
|
0 | n/a | ||
0
|
0 | n/a | ||
0
|
0 | n/a | ||
OAUTH2 WITH SUPPORT IN OPENID
|
0
|
0 | n/a | |
Serves as intermediary (1st redirect from OAuth2 API) which decides how to handle the request. Can redirect onto website to receive consent or can directly activate a grant and redirect back to OAuth2 API with grant. Can be used to revive data power tokens.
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Serves as intermediary (1st redirect from OAuth2 API) which decides how to handle the request. Can redirect onto website to receive consent or can directly activate a grant and redirect back to OAuth2 API with grant. Can be used to revive data power tokens.
|
0
|
0 | n/a | |
Warning!
This API requires consultant authorization to be send along the claims of the JWT:
ConsultantID
ConsultantCode
ConsultantPhone
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not an replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mention in the Implementation Guidelines.**
Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API have to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
� � � � � � � � � � � � � � � � � � � � � � � � � � �
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
# Endpoint urls
1
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.discountbank.co.il/prod/d
# Summary
The **NextGenPSD2** *Framework Version 1.3.11* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional.
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which needs these fields, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
Contains Consent management , Account data , Payments
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
Contains Single cards data
# Summary
As before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by
identifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an
accumulated way.
In addition, this specification adds to this consent model, that a masked PAN is addressing a single card.
It is up to the ASPSP if this consent grants access
- to the single card identified by the masked PAN,
- the card account identified by the masked PAN or
- both,
delivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by
the ASPSP.
Additionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the
reconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this
type will grant the respective access to both,
- all cards reconciled through this account and
- the related card account,
if the ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but
restricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access
to both
- cards and
- card accounts,
if the ASPSP supports the related endpoints at all.
BOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.11* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional.
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which needs these fields, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.11* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional.
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which needs these fields, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.discountbank.co.il/prod/d
# Summary
The **NextGenPSD2** *Framework Version 1.3.11* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional.
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which needs these fields, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.mercantile.co.il/prod/d
# Summary
The **NextGenPSD2** *Framework Version 1.3.11* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional.
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not a replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which needs these fields, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mentioned in the Implementation Guidelines.**
Therefore the implementer might add these in his own realisation of a PSD2 comlient API in addition to the elements defined in this file.
## Not supported query parameters
Read Account List: withBalance
Read Account Details: withBalance
Read Transaction List: entryReferenceFrom, deltaList, withBalance
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API has to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
א ב ג ד ה ו ז ח ט י כ ך ל מ ם נ ן ס ע פ ף צ ץ ק ר ש ת
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
Contains Single cards data
# Summary
As before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by
identifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an
accumulated way.
In addition, this specification adds to this consent model, that a masked PAN is addressing a single card.
It is up to the ASPSP if this consent grants access
- to the single card identified by the masked PAN,
- the card account identified by the masked PAN or
- both,
delivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by
the ASPSP.
Additionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the
reconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this
type will grant the respective access to both,
- all cards reconciled through this account and
- the related card account,
if the ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but
restricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access
to both
- cards and
- card accounts,
if the ASPSP supports the related endpoints at all.
BOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.
|
0
|
0 | n/a | |
Contains Single cards data
# Summary
As before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by
identifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an
accumulated way.
In addition, this specification adds to this consent model, that a masked PAN is addressing a single card.
It is up to the ASPSP if this consent grants access
- to the single card identified by the masked PAN,
- the card account identified by the masked PAN or
- both,
delivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by
the ASPSP.
Additionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the
reconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this
type will grant the respective access to both,
- all cards reconciled through this account and
- the related card account,
if the ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but
restricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access
to both
- cards and
- card accounts,
if the ASPSP supports the related endpoints at all.
BOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.
|
0
|
0 | n/a | |
Contains Single cards data
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.discountbank.co.il/prod/d
# Summary
As before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by
identifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an
accumulated way.
In addition, this specification adds to this consent model, that a masked PAN is addressing a single card.
It is up to the ASPSP if this consent grants access
- to the single card identified by the masked PAN,
- the card account identified by the masked PAN or
- both,
delivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by
the ASPSP.
Additionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the
reconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this
type will grant the respective access to both,
- all cards reconciled through this account and
- the related card account,
if the ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but
restricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access
to both
- cards and
- card accounts,
if the ASPSP supports the related endpoints at all.
BOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.
|
0
|
0 | n/a | |
Contains Single cards data
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.mercantile.co.il/prod/d
# Summary
As before, specific card reconciliation accounts (called "card accounts" in [XS2A-IG]) can be addressed in a consent request by
identifying the card account by its corresponding masked PAN. Please note that the card accounts are providing card information in an
accumulated way.
In addition, this specification adds to this consent model, that a masked PAN is addressing a single card.
It is up to the ASPSP if this consent grants access
- to the single card identified by the masked PAN,
- the card account identified by the masked PAN or
- both,
delivering these information on the related endpoints /card-accounts or /cards. The ASPSP's respective decision must be documented by
the ASPSP.
Additionally, a card account or single cards can be addressed by an Account Access Object containing an identifier of the
reconciliation account accompanied by the specification of the cashAccountType to Type "CARD" (see Section 6.3). A consent of this
type will grant the respective access to both,
- all cards reconciled through this account and
- the related card account,
if the ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a card specific consent, the TPP can request a bank-offered consent or a global consent but
restricting the requested access to a certain cashAccountType - e.g. CARD. A consent of this type will grant the respective access
to both
- cards and
- card accounts,
if the ASPSP supports the related endpoints at all.
BOI-REMARK: In the Israeli market there is no need in explicit consent for requesting account/card owner data.
Not supported query parameters
Read Card Balances: dateFrom
Read Card Transaction List: dateFrom, dateTo, deltaList
|
0
|
0 | n/a | |
With the XS2A Specification [XS2A-IG], a standard for an XS2A Interface is defined for the core services defined by the PSD2.\nWith [oFA-IG-SecAIS] an extension of the NextGenPSD2 XS2A Specification [XS2A-IG]. It describes how the existing services for \naccount information can be extended to provide account information on securities accounts. Therefore, new endpoints are \ndefined in order to provide the information.This yaml file reflects the API definition given in [oFA-IG-SecAIS] and therefore \nprovides the (essentially) same information regarding the data definition in a machine readable form.\n **[XS2A-IG]** NextGenPSD2 XS2A Framework, Implementation Guidelines, The Berlin Group Joint Initiative on a PSD2 Compliant XS2A Interface, version 1.3.12, published 01 July 2022.\n **[oFA-IG-SecAIS]** openFinance API Framework Implementation Guidelines for Extended Services AIS for Securities Accounts\n
|
0
|
0 | n/a | |
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.mercantile.co.il/prod/d
With the XS2A Specification [XS2A-IG], a standard for an XS2A Interface is defined for the core services defined by the PSD2.\nWith [oFA-IG-SecAIS] an extension of the NextGenPSD2 XS2A Specification [XS2A-IG]. It describes how the existing services for \naccount information can be extended to provide account information on securities accounts. Therefore, new endpoints are \ndefined in order to provide the information.This yaml file reflects the API definition given in [oFA-IG-SecAIS] and therefore \nprovides the (essentially) same information regarding the data definition in a machine readable form.\n **[XS2A-IG]** NextGenPSD2 XS2A Framework, Implementation Guidelines, The Berlin Group Joint Initiative on a PSD2 Compliant XS2A Interface, version 1.3.12, published 01 July 2022.\n **[oFA-IG-SecAIS]** openFinance API Framework Implementation Guidelines for Extended Services AIS for Securities Accounts\n
Not supported query parameters
Read Securities Accounts List: evaluationCurrency
Read Securities Account Details: evaluationCurrency
Read Securities Account Transaction List: entryReferenceFrom, deltaList
|
0
|
0 | n/a | |
# Summary
The **NextGenPSD2** *Framework Version 1.3.4* offers a modern, open, harmonised and interoperable set of
Application Programming Interfaces (APIs) as the safest and most efficient way to provide data securely.
The NextGenPSD2 Framework reduces XS2A complexity and costs, addresses the problem of multiple competing standards
in Europe and, aligned with the goals of the Euro Retail Payments Board,
enables European banking customers to benefit from innovative products and services ('Banking as a Service')
by granting TPPs safe and secure (authenticated and authorised) access to their bank accounts and financial data.
The possible Approaches are:
* OAuth SCA Approach
* Decoupled SCA Approach
Not every message defined in this API definition is necessary for all approaches.
Furthermore this API definition does not differ between methods which are mandatory, conditional, or optional
Therefore for a particular implementation of a Berlin Group PSD2 compliant API it is only necessary to support
a certain subset of the methods defined in this API definition.
**Please have a look at the implementation guidelines if you are not sure
which message has to be used for the approach you are going to use.**
## Some General Remarks Related to this version of the OpenAPI Specification:
* **This API definition is based on the Implementation Guidelines of the Berlin Group PSD2 API.**
It is not an replacement in any sense.
The main specification is (at the moment) always the Implementation Guidelines of the Berlin Group PSD2 API.
* **This API definition contains the REST-API for requests from the PISP to the ASPSP.**
* **This API definition contains the messages for all different approaches defined in the Implementation Guidelines.**
* According to the OpenAPI-Specification [https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md]
"If in is "header" and the name field is "Accept", "Content-Type" or "Authorization", the parameter definition SHALL be ignored."
The element "Accept" will not be defined in this file at any place.
The elements "Content-Type" and "Authorization" are implicitly defined by the OpenApi tags "content" and "security".
* There are several predefined types which might occur in payment initiation messages,
but are not used in the standard JSON messages in the Implementation Guidelines.
Therefore they are not used in the corresponding messages in this file either.
We added them for the convenience of the user.
If there is a payment product, which need these field, one can easily use the predefined types.
But the ASPSP need not to accept them in general.
* **We omit the definition of all standard HTTP header elements (mandatory/optional/conditional)
except they are mention in the Implementation Guidelines.**
Therefore the implementer might add the in his own realisation of a PSD2 comlient API in addition to the elements define in this file.
## General Remarks on Data Types
The Berlin Group definition of UTF-8 strings in context of the PSD2 API have to support at least the following characters
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
#BOI-REMARK: The Hebrew alphabt must be supported as part of the character set
� � � � � � � � � � � � � � � � � � � � � � � � � � �
0 1 2 3 4 5 6 7 8 9
/ - ? : ( ) . , ' +
Space
|
0
|
0 | n/a | |
Access code flow.
NO application scope check.
PKCE secured.
Token exchange mtls enforcement against x-Client-Certificate or TLS handshake.
Access token live 1 week, can be refreshed up to 2600 times = 50 years
|
0
|
0 | n/a | |
# Endpoint urls
/token
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/token
discount prod
https://mtls-api.discountbank.co.il/prod/d/psd2/payment/token
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert/psd2/payment/token
mercantile prod
https://mtls-api.mercantile.co.il/prod/d/psd2/payment/token
/authorize
discount sandbox
https://api-nonprod.discountbank.co.il/devapi/cert/psd2/payment/authorize
discount prod
https://api.discountbank.co.il/prod/d/psd2/payment/authorize
mercantile sandbox
https://api-nonprod.mercantile.co.il/devapi/cert/payment/authorize
mercantile prod
https://api.mercantile.co.il/prod/d/psd2/payment/authorize
Access code flow.
NO application scope check.
PKCE secured.
Token exchange mtls enforcement against x-Client-Certificate or TLS handshake.
Access token live 1 week, can be refreshed up to 2600 times = 50 years
|
0
|
0 | n/a | |
# Summary
Like a (regular payment) account, specific savings accounts can be addressed in a consent request by identifying the account by its IBAN.
In some cases, a savings / loan accountmight not be connected to any globally defined identifier. Therefore, the additional element "other"
is used, which might be provided instead of or in addition to an IBAN thereby identifying the specific account, for which a consent is requested.
Additionally, a savings account can be addressed by an Account Access Object containing an identifier of the savings account / loan account accompanied by
the specification of the cashAccountType to Type "SVGS"/ "LOAN". A consent of this type will grant the access to the related savingsaccount/ loan account, if the
ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a savings specific consent, the TPP can request a bank-offered consent or a global consent but restricting the requested
access to a certain cashAccountType �e.g. "SVGS" or "LOAN". A consent of this type grant the access to accounts of only the related type (e.g. savings account/
loan account),if the ASPSP supports the corresponding endpoints at all.
|
0
|
0 | n/a | |
# Summary
Like a (regular payment) account, specific savings accounts can be addressed in a consent request by identifying the account by its IBAN.
In some cases, a savings / loan accountmight not be connected to any globally defined identifier. Therefore, the additional element "other"
is used, which might be provided instead of or in addition to an IBAN thereby identifying the specific account, for which a consent is requested.
Additionally, a savings account can be addressed by an Account Access Object containing an identifier of the savings account / loan account accompanied by
the specification of the cashAccountType to Type "SVGS"/ "LOAN". A consent of this type will grant the access to the related savingsaccount/ loan account, if the
ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a savings specific consent, the TPP can request a bank-offered consent or a global consent but restricting the requested
access to a certain cashAccountType �e.g. "SVGS" or "LOAN". A consent of this type grant the access to accounts of only the related type (e.g. savings account/
loan account),if the ASPSP supports the corresponding endpoints at all.
|
0
|
0 | n/a | |
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.discountbank.co.il/prod/d
# Summary
Like a (regular payment) account, specific savings accounts can be addressed in a consent request by identifying the account by its IBAN.
In some cases, a savings / loan accountmight not be connected to any globally defined identifier. Therefore, the additional element "other"
is used, which might be provided instead of or in addition to an IBAN thereby identifying the specific account, for which a consent is requested.
Additionally, a savings account can be addressed by an Account Access Object containing an identifier of the savings account / loan account accompanied by
the specification of the cashAccountType to Type "SVGS"/ "LOAN". A consent of this type will grant the access to the related savingsaccount/ loan account, if the
ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a savings specific consent, the TPP can request a bank-offered consent or a global consent but restricting the requested
access to a certain cashAccountType �e.g. "SVGS" or "LOAN". A consent of this type grant the access to accounts of only the related type (e.g. savings account/
loan account),if the ASPSP supports the corresponding endpoints at all.
|
0
|
0 | n/a | |
# Endpoints url
discount sandbox
https://mtls-api-nonprod.discountbank.co.il/devapi/cert
discount prod
https://mtls-api.discountbank.co.il/prod/d
mercantile sandbox
https://mtls-api-nonprod.mercantile.co.il/devapi/cert
mercantile prod
https://mtls-api.mercantile.co.il/prod/d
# Summary
Like a (regular payment) account, specific savings accounts can be addressed in a consent request by identifying the account by its IBAN.
In some cases, a savings / loan accountmight not be connected to any globally defined identifier. Therefore, the additional element "other"
is used, which might be provided instead of or in addition to an IBAN thereby identifying the specific account, for which a consent is requested.
Additionally, a savings account can be addressed by an Account Access Object containing an identifier of the savings account / loan account accompanied by
the specification of the cashAccountType to Type "SVGS"/ "LOAN". A consent of this type will grant the access to the related savingsaccount/ loan account, if the
ASPSP supports the corresponding endpoints at all.
As a third / fourth way to establish a savings specific consent, the TPP can request a bank-offered consent or a global consent but restricting the requested
access to a certain cashAccountType �e.g. "SVGS" or "LOAN". A consent of this type grant the access to accounts of only the related type (e.g. savings account/
loan account),if the ASPSP supports the corresponding endpoints at all.
Not supported query parameters
Read Savings Account Transaction List: entryReferenceFrom, deltaList
Read Loan Account Transaction List: entryReferenceFrom, deltaList
|
0
|
0 | n/a | |
# Summary
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Serves as intermediary (1st redirect from OAuth2 API) which decides how to handle the request. Can redirect onto website to receive consent or can directly activate a grant and redirect back to OAuth2 API with grant. Can be used to revive data power tokens.
|
0
|
0 | n/a | |
Serves as intermediary (1st redirect from OAuth2 API) which decides how to handle the request. Can redirect onto website to receive consent or can directly activate a grant and redirect back to OAuth2 API with grant. Can be used to revive data power tokens.
|
0
|
0 | n/a | |
Brings back tokens from the dead
|
0
|
0 | n/a | |
OAuth 2.0 utils.
Not to be exposed externally
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
0
|
0 | n/a | ||
Used by TPP to inform the bank about changes in it's customers, which are also bank customers. For example if a customer leaves the TPP, the bank will remove existing grants by that customer to the TPP
|
0
|
0 | n/a | |
Security validations done in TPP's security context (client secret and client certificate)
|
0
|
0 | n/a | |
Security validations done in TPP's security context (client secret and client certificate)
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
Used by TPP to inform the bank about changes in it's customers, which are also bank customers. For example if a customer leaves the TPP, the bank will remove existing grants by that customer to the TPP
|
0
|
0 | n/a | |
0
|
0 | n/a | ||
0
|
0 | n/a | ||
OAuth 2.0 and other utils.
Not to be exposed externally
|
0
|
0 | n/a |