Products / PSD2 TPP Enrollment

TPP Enrollment API

0.1.2
online
Rating
Skip to main content

Overview

enrollment

API for completing enrollment/onboarding to PSD2 APIs to Member and Service Banks under BEC umbrella. The onboarding step serves to

  1. Verify the identity of the TPP
  2. Establish and verify the TPP's roles with respect to PSD2 (AISP, PISP, CBPII)

The enrollment API uses the same general format and mechanisms as specified in the Berlin Group XS2A specification. Hence the TPP will need to present a qualified QWAC certificate (which when registered allows the TPP to setup two-way TLS when conecting to the BG XS2A APIs) as well as a QSEAL (which is use by TPP to sign API requests and which gives access to the APIs corresponding to TPP's role (AISP, PISP, CBPII). During enrollment, the certificate are verified against the issuer and the TPP's roles are verified against the live register at PRETA. After successfull enrollment, the TPP will have access to the BG XS2A APIs using the same QWAC and QSEAL.

By accessing the API, you confirm that you already have status as an authorized TPP - or that your application has been submitted to a local NCA and is pending approval. Only TPPs who can document their authorization status are elegible for support.

Prior to calling the enrollment API, the TPP must

  1. Aquire the required local NCA license to operate as a PISP, AISP or CBPII in Denmark. The license must either be issued by the Danish NCA - or if issued by another NCA, it must be passported to Denmark.

  2. Acquire valid QSEAL and QWAC certificates, which must reflect the TPPs actual roles at the time of enrollment.

  3. Acquire all relevant root and intermediate certificates needed for verifying the certification chain towards the issuer of the QSEAL and QWAC certificates. We support RSA keys in certificates up to 4096 bits long.

After these steps, the enrollment API will finalize the TPP onboarding.

Note about this version of the API

  • Enrollment API is now available in both sandbox and production.

  • CBPII/PIISP role is currently not supported and is ignored at enrollment time. A TPP with CBPII/PIISP role may be required to repeat enrollment step in order to access Fund Confirmation Services (FCS) API, once it becomes available in production.

  • The roles specified in the enrollment API call must exactly match the roles listed in the certificate.

Access to API endpoints Separate API URL/host endpoints are required for each bank under the BEC Umbrella. Consult the Environments section for information on URL schemas in production and sandbox environments.

See list of included ASPSPs and their corresponding urls by following this link. The X-IBM-Client-Id attribute is not used on production API

Type
REST
OAS2
Protocol
HTTPS
Endpoint
Production, Development:
https://psd2apixx.prod.bec.dk/eidas/1.0/v1
Contact
BEC PSD2 Support
psd2.support@bec.dk(link sends email)
https://apiportal.prod.bec.dk/openbanking/sandbox/
Download OpenAPI document as JSON
Download OpenAPI document as YAML
Discuss this API in the forum