PSD2 API Banking
PSD2 is the revised PSD1,
extending, governing new payment services,
makes it accessible selected services to third parties
PSD2 API Banking
PSD2 is the revised PSD1,
extending, governing new payment services,
makes it accessible selected services to third parties
What is PSD2?
Pursuant to Act no. 281 Coll. Amending Act no. 492/2009 Coll. on payment services and transposing into the Slovak law the EU Directive on Payment Services (PSD 2) effective from 13. 1. 2018, we are publishing the following information with the view to provide access for third parties to payment accounts of payment services users (clients).
The Payment Service Directive – PSD 2 of 13. 1. 2018 known as PSD 2 is the revised PSD 1, extending and governing new payment services, primarily it makes accessible selected services to third parties (Third Party Payment Service Providers – TPP) – via three new services:
- Payment Initiation Service (PIS) enables clients to enter a payment order by means of a payment initiation services provider (third party) from the client’s payment account held by the Bank, where the client grants consent to the execution of this payment order (the client authorises the payment order),
- Account Information services (AISP) will enable client through a payment initiation service provider (third party) to obtain account balance and transaction history. This service is enabled after client’s consent,
- Payment Instrument Issuer Service Provider (PIISP) enables the payment services provider (third party), on the basis of consent from the Client – account holder granted directly to the Bank, to obtain information from the Bank on available funds on the Client’s account.
Who are the third parties?
Third parties (Third Party Payment Service Providers – TPP) are the providers of payment services holding the relevant licence for providing of these new payment services granted by relevant national authority within the European Union.
Entities licensed to provide a payment service (account information services provider, payment initiation services provider and issuer of payment means linked to a payment card) must fulfil conditions pursuant to the PSD2 Regulation and guarantee the same data protection and security as banks.
It must be stated that access to the this client’s payment account will be made available only with the payment account holder’s consent.
What is the regulatory technical standard (RTS)?
This is Commission Delegated Regulation (EU) 2018/389 of 27. 11. 2017, which contains regulatory technical standards for strong customer authentication and common open communication standards developed by the European Banking Authority (EBA) in cooperation with the European Commission. The RTS will enter into effect 18 months following their approval by the European Parliament and following their issue in the collection of laws, meaning 14. 9. 2019.
What is an API?
An API (Application Programming Interface) is a communication interface that enables third parties to securely communicate with a bank. Through this interface the bank allows access to clients’ accounts to third parties in order to provide new payment services. Since the Act enables a payment services provider to select the technical method of how to ensure third-party access to a payment account, and this either by means of an API interface or by means of reading the user interface (screen scraping), the Bank can select one of these two methods, and thereby fulfil its statutory duty.
Access to the Dedicated Interface of Slovenská sporiteľňa, a.s. (“API”)
- Registration for the EAH developer portal,
- API Documentation,
- User guide,
- Definitions of the AISP, GIS and PIISP services,
- Support, Frequently Asked Questions (FAQ).
- Sandbox vs. Production Comparative Documentation scope AISP
- Sandbox vs. Production Comparative Documentation scope PIIS
- Sandbox vs. Production Comparative Documentation scope PIS
- Information on your organization and application from which the call is made. Information can be found at Erste Developer portal:
- Organization ID (menu Organization – Organization Settings – Organization ID),
- Application ID (menu Organization – Applications – ID).
- whole HTTP request/response (in case you don’t have it, specify the service you are having issues with, date and time of calling the service and consent ID and access token used),
- contact data of a person in your organization whom we can contact if needed.
In accordance with Act No 492/2009 on payment services and amending certain acts, as amended (“Act”) and in accordance with Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (“RTS for SCA & CSC”), Slovenská sporiteľňa, a.s. (“Bank”) authorises third parties who are licensed payment service providers to access the payment accounts of payment service users who are clients of the Bank via an API. It implements access in compliance with the principles of equality and non-discrimination.
Pursuant to Article 30(3) of the RTS for SCA & CSC, the Bank publishes on its website a summary of relevant documentation including the technical specification of the API and all information necessary for third parties to have access to the payment accounts of the Bank’s clients
Step by step
1
Access to the dedicated interface API
Comprehensive documentation and access to the dedicated interface API, third-party licensed payment service provider registration, and third-party application integration is posted on the ERSTE Developer Portal: https://developers.erstegroup.com
On the portal itself, you can find:
Documentation of the differences between the Sandbox and the production API
2
Standardized documentation
The standardised API documentation (swagger) valid till 17 June 2022 can be downloaded here.
The standardised API documentation (swagger) valid from 18 June 2022 can be downloaded here.
3
Contact
If you have any questions or suggestions, please contact us via e-mail at: openbanking@slsp.sk
Technical questions should preferentially be submitted via the contact form on the page https://developers.erstegroup.com/support
Use the contact form also if you want to report an error or have issues using the dedicated API interface. We kindly ask you to provide us with information that will help us identify the problem more quickly:
The Bank will respond to reported errors or problems related to the dedicated API interface without undue delay, at most within 15 working days from the report of the problem. If it is not possible to give a definitive response within 15 working days, the bank will inform the client (or payment service provider) of this, including the reason for the delayed response and the date of the definitive response, whereas, in any case, the definitive response must be provided within 35 working days.
| PDF (188 KB) | |
| PDF (158 KB) |
Pursuant to Article 32 paragraph 4 of Regulatory technical standards the provider of payments services administering an account shall monitor the availability and performance of dedicated interface and as a result, the Bank shall publish on its web page statistics on availability and performance of dedicated interface and interface used by the Bank’s payment services users.
Planned outages of API interface can be found at Erste Developer Portal: https://developers.erstegroup.com/outages/bank.slsp
Statistics of electronic banking channels George and Business24 availability in the last months can be downloaded here.
The statistics of performance of dedicated interface can be found at Erste Developer Portal: https://developers.erstegroup.com/api-health-check/bank.slsp