Describes the structure of our Open Banking APIs

Our OpenBanking API consists of two distinct modules, the Xs2a module and the OAuth2 module.

The Xs2a module

The Xs2a module implements version 1.3 (including Errata) of the NextGenPSD2 XS2A Framework. Business functions such as account access and payment initiation are located here. All messages sent to the Xs2a module must be signed with an eIDAS QSEALC certificate.

The OAuth2 module

The OAuth2 module implements version 1.0 of the OpenID Connection Authorization Code Flow. SCA is incorporated in this module.

Rest API path structure

Our Rest API base URL is defined as: {server}/{module}/{tenant}/{version}


Depending on which environment is being used a different server URL is required. Refer to Sandbox and Production for more details.


The module is either xs2a-bg or auth where auth represents the OAuth
module and xs2a-bg represents the Xs2a module.


The tenant is the combined selector for the language and location of the account holder

nl is The Netherlands / Dutch
uk is the United Kingdom / English
be_nl is Belgium / Flemish
be_fr is Belgium / French


The version is the API version indicator

The current version is v1


The URI to obtain an OAuth2 authorisation code for a Dutch account holder is /auth/nl/v1/auth.

The URI to initiate a Sepa payment for a Belgian account holder with French language authorisation screens is /xs2-bg/be_fr/v1/payments/sepa-credit-transfers.

Refer to the API Reference for more examples.