Berlin Group NextGenPSD2
This initiative is led by nearly 40 institutions, banks, banking associations, card issuers and payment processors. Its aim is to build a set of APIs that facilitate the relationship between TPPs and banks in a secure and efficient way. It provides the mandatory functions as well as some optional ones. It does not include implementation or testing environment services.
Latest version 1.0.0 (8 February 2018)
URL: https://www.berlingroup.org/nextgenpsd2-downloads
API specification:
Swagger:
YAML:
Design principles
PolishAPI
Spearheaded by the Polish banking federation with participation from the country's commercial banks and TPP organisations, the aim of this initiative is to reduce the costs of implementing the standard. It is working in parallel with the Berlin Group initiative to establish common guidelines. The initiative focuses on the requirements of PSD2 and its Regulation Technical Standards (RTS).
covers the high majority of banks in Poland
API specification:https://docs.polishapi.org/files/ver2.1.2/PolishAPI-spec-v2.1.2.pdf
Design principles
SBA
Slovak Banking Association (SBA): This is the Slovak Banking Association’s standardisation initiative for implementing the PSD2 guidelines. It addresses the requirements of PSD2 and its RTS and focuses on data security. Covers the high majority of banks in Slovakia
Swagger:
YAML:
Design principles
Design principles
Mandatory service operation is related just to one customer's bank account. None of the service operations can provide a response for a bulk of accounts.
An account identifier, especially IBAN should be located in the body of an HTTP request, or at least in an HTTP header field. The HTTP method GET cannot be used with a message body with semantic meaning in order to follow the HTTP specification.
The data model of the standard and all extended APIs should utilized data elements, terms, and semantics from ISO 20022 as much as reasonable.
A TLS version 1.2+ is required to secure the communication layer.
For the authentication of the ASPSP as a resource provider, the eIDAS-based site authentication certificate will be used
The technical enrollment of TPP helps to share identifiers (client_id and client_secret).
ASPSP communicates with TPP by using the OAuth 2.0 (access_token and refresh_token)
Authorization code grant flow and Client credentials grant flow are supported.
Open Banking UK (OBUK):
Driven by the Competition & Markets Authority (CMA) and sponsored by the country's nine major banks (Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG), this initiative has a strong commitment to promoting innovation and competition in financial services in the UK. It has contributed to this by delivering application programming interfaces (APIs), data structures and security mechanisms for customers to share their financial data easily and securely. Available since 13 January 2018, new functionalities are expected in the future. It also provides an API for conflict management, a list of authorized TPPs, and centralized sandbox capabilities.
API specification:
Swagger:
YAML:
Design principles
Intro:
Design principles
Stet PSD2
This initiative was launched by the main French clearing house, STET, and is supported by contributions from the country’s largest banks: BNP Paribas, Groupe BPCE, Groupe Crédit Agricole, Banque Fédérative du Crédit Mutuel, CIC, Banque Postale, Société Générale, Caisse des Dépôts et Consignations, Crédit Mutuel, ARKEA, HSBC France and OCBF. These institutions will not be forced to implement the solution. It is working towards convergence with the Berlin Group NextGenPSD2 initiative to build a pan-European standard. The initiative focuses on the requirements of the standard and does not provide a testing environment or implementation services.
API specification:
Swagger:
YAML:
Design principles
Intro:
Design principles