Latest news

2022-01-18: Upcoming scheduled maintenance

Please note that there might be intermittent interruptions of the PSD2 services due to maintenance work on the back end system on 21st January from 21:00 (GMT+1) till 03:00 (GMT+1).

We thank you for your understanding

 2021-04-21: How to migrate to a higher API version in the production environment

As you probably noticed, you can already sign up for the new API version ( starting April 1. We would like to point out that despite the new version of the Oauth2 API, the TPP still needs to provide the IBAN. The only difference currently is that the IBAN is provided as a parameter and is not part of the "scope". The new flow mentioned in the announcement below will be applicable when the bank migrates its Oauth2 service.

From the TPP perspective, we suggest two ways to migrate to a higher version depending on whether you want to change UX or not:

1. you move to the new API version, but the UX remains the same.
In this case, you need to move the IBAN parameter from the scope to the parameter field. Everything else stays the same. After the bank supports optional IBAN and the use of a refresh token, you can also change the UX.

2. you stay on the current production version and migrate to a higher version when the bank supports optional IBAN and the use of a refresh token.
In this case, you migrate after the bank migrates its service. We will announce the exact migration day at least one week in advance. After the migration is complete, you can migrate to a higher version and also implement the new UX.
Please note that the current API v. will no longer work when the bank migrates its Oauth service.


2020-12-17: Please be informed about the upcoming change to the PSD2 APIs. The change affects the GET oauth/authorize method, which is part of the OAuth service used for the AIS and PIS calls. The changes included in the new version are:

 - IBAN will no longer be part of the scope (making the remaining scope a fixed value per API).

IBAN will become an optional URL i.e. query parameter (named 'iban') in the 'authorize' link provided alongside OAuth scope. You will not need to provide this 'iban' parameter during the first OAuth loop (/authorize...) for a new user, as the bank will present a list of IBANs to choose from. You will receive IBAN along with the token, in the sub claim. In all subsequent OAuth /authorize steps, you can attach a stored IBAN for this user so that it can be preselected on the /authorize page (if you do not present it, the user can choose one of his/hers IBANs again).

 - Support of refresh tokens, as defined in the OAuth standards.

With the upcoming update of our PSD2 APIs, you should inspect the received OAuth access token not only to identify the selected IBAN (subclaim), but also to check if a refresh token is present. If so, you can use it in accordance with the OAuth specification (https://tools.ietf.org/html/rfc6749#section-1.5) to obtain a new access token from the /token endpoint and extend the availability of our PSD2 APIs without repeated user authentication. You will not need to include the "offline_access' scope to get refresh tokens as with OpenID connect.

 A new version of the OAuth service in Sandbox APIs is already available (1.3.6). The exact go-live will be announced at a later date.

Please contact us via the contact form if you have further questions.