The EBA has published guidelines for the implementation of the technical standards on strong customer authentication and common and secure communication under the PSD2
The RTS on SCA and CSC are key to achieving the objective of the PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.
The NextGenPSD2 XS2A Framework is a European standard framework for building PSD2 compliant XS2A (Access to account) APIs.
This specification covers payment initiation, account information and confirmation of funds services.
Our APIs implement version 1.3.6 of this specification.
Access to our APIs requires usage of both an eIDAS QWAC TLS certificate and an eIDAS QSEAL electronic seal certificate.
Use the EU Trust Service Browser to find a local qualified trust service provider that can issue QSEAL and QWAC certificates.
In the Sandbox Environment eIDAS certificates are not required. Refer to the Registration process for more details.
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients.
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
The Authorization Code Flow is the OpenID Connect implementation of the OAuth 2.0 authorization code redirect flow. SCA is integrated into our implementation of this flow.
RFC7636 Proof Key for Code Exchange by OAuth Public Clients (PKCE) is used to mitigate authorization code interception attacks.
RFC2617 describes the Basic HTTP Authentication Method that is prescribed by OAuth.
Updated about 2 years ago