Sandbox
PSD2 Compliant

Open Banking & PSD2

Consent-driven account access and payment initiation. Full PSD2 compliance with AISP and PISP services, Berlin Group NextGenPSD2 and UK Open Banking adapters, and eIDAS TPP certificate validation.

Get Started View Adapters

Consent Lifecycle

Every data access and payment initiation is gated by an explicit, auditable consent object. Consents follow a defined lifecycle from creation through authorisation to expiry or revocation.

1

Create Consent

TPP requests a consent object specifying scope (accounts, balances, transactions), permissions, and expiry date. Returned consent ID is used in all subsequent requests.

2

Authorize Consent

PSU is redirected to the ASPSP authorization server. After strong customer authentication (SCA), consent transitions to AUTHORISED status.

3

Use Consent

Authorized consents gate AISP account queries and PISP payment initiations. Usage is logged with timestamp and TPP identity for full audit trail.

4

Expire or Revoke

Consents automatically expire at their defined date or can be revoked by the PSU at any time. Revoked consents are immediately rejected by middleware.

AISP & PISP Services

Two fully independent service roles — Account Information Service Provider and Payment Initiation Service Provider — each enforced by separate consent scopes.

AISP — Account Information

Read-only access to account data gated by consent. Supports accounts list, balance queries, and transaction history with pagination.

  • List accounts with IBAN and currency
  • Real-time and available balance queries
  • Transaction history with date range filters
  • Consent-gated frequency limiting

PISP — Payment Initiation

Initiate domestic and cross-border payments on behalf of the PSU. Consent verification is enforced before every payment submission.

  • Domestic and SEPA payment initiation
  • Pre-authorisation consent check
  • Payment status polling endpoint
  • Idempotency key support

Format Adapters

Native adapters for both major Open Banking standards. Swap between formats without changing your business logic.

Berlin Group NextGenPSD2

Implements the NextGenPSD2 XS2A Framework specification used across EU ASPSPs. Supports all mandatory and recommended endpoints with consent object model.

  • Consent creation and authorisation flows
  • AIS and PIS endpoint naming
  • SCA redirect and decoupled approaches

UK Open Banking

Implements the OBIE (Open Banking Implementation Entity) Read/Write API specification v3.1+. Used by UK-regulated ASPSPs and TPPs.

  • Account and transaction resources
  • Domestic and international payments
  • FAPI-compliant security profile

Security & Compliance

Every layer of the Open Banking stack is hardened — from TPP certificate validation at the TLS layer to consent enforcement middleware on every API call.

eIDAS / QWAC

TPP certificates validated against eIDAS trust anchors. QWAC (Qualified Website Authentication Certificate) checked for organisational identity and PSD2 roles.

Consent Enforcement

Every AISP and PISP request passes through consent enforcement middleware. Expired, revoked, or scope-mismatched consents return 403 immediately.

Frequency Limiting

Per-consent access frequency limits comply with PSD2 EBA guidelines. Prevents excessive data scraping while maintaining full regulatory access rights.

Build PSD2-Compliant Products Faster

The consent engine, adapters, and security middleware are all included. Focus on your product, not the regulation.

Start Free Trial View API Docs