Latest news

2021-03-26: Upcoming scheduled maintanance

Please note that there might be intermittent interruptions of the PSD2 services due to maintenance work on the back end system on 28 March between 19:00 and 20:30 (GMT+2).

We thank you for your understanding.

2020-12-17: Please be informed about the upcoming change to the PSD2 APIs. The change affects the GET oauth/authorize method, which is part of the OAuth service used for the AIS and PIS calls. The changes included in the new version are:

 - IBAN will no longer be part of the scope (making the remaining scope a fixed value per API).

IBAN will become an optional URL i.e. query parameter (named 'iban') in the 'authorize' link provided alongside OAuth scope. You will not need to provide this 'iban' parameter during the first OAuth loop (/authorize...) for a new user, as the bank will present a list of IBANs to choose from. You will receive IBAN along with the token, in the sub claim. In all subsequent OAuth /authorize steps, you can attach a stored IBAN for this user so that it can be preselected on the /authorize page (if you do not present it, the user can choose one of his/hers IBANs again).

 - Support of refresh tokens, as defined in the OAuth standards.

With the upcoming update of our PSD2 APIs, you should inspect the received OAuth access token not only to identify the selected IBAN (subclaim), but also to check if a refresh token is present. If so, you can use it in accordance with the OAuth specification (https://tools.ietf.org/html/rfc6749#section-1.5) to obtain a new access token from the /token endpoint and extend the availability of our PSD2 APIs without repeated user authentication. You will not need to include the "offline_access' scope to get refresh tokens as with OpenID connect.

 A new version of the OAuth service in Sandbox APIs is already available (1.3.6). The exact go-live will be announced at a later date.

Please contact us via the contact form if you have further questions.