Get Started

Rocket

 

 

TABLE OF CONTENTS
 
welcome

Introduction

 

Welcome to the Developer Portal!


This developer portal provides you a ready-to-use environment for accessing our APIs where you can find documentation, specifications, sandboxes and register to the services provided through a SaaS delivery model.

GSBE adheres to the Berlin Group Standards in respect of the Dedicated Interface. Pursuant to Article 33(6) of Delegated Regulation (EU) 2018/389, on July 3rd, 2023 the German Federal Financial Supervisory Authority (BaFin) granted GSBE an exemption from the obligation to establish a contingency mechanism (within the meaning of Article 33 of the Delegated Regulation (EU) 2018/389) in response to its application dated September 12th, 2022 for the Dedicated Interface. Reference Number GIT 1-K 5330-100395-2022/0001-2023/0456550.

 

signup

Signup and Login

 

To start developing within the Sandboxes, you only need a valid email address.

 

Note that for PSD2 API, the Sandbox access is restricted to authorized third party providers that have already received their QWAC and QSeal or providers that can prove that they have already submitted their application form to become an authorized third party provider in a member state of the European Union. After creating your account, you might be asked to provide such evidence to keep your Sandbox account accessible.

 

If you already have a QWAC, registration on the developer portal is optional to access both sandbox and production APIs.

  1. Upon the first API call using your QWAC, an API consumer account is automatically created with the email address contained in the QWAC.

  2. If you would like to log in to the developer portal using that account, use the ‘Forgot password’ link on the login page to reset your password.


If you need access to sandbox without the QWAK certificate, follow the procedure below:

  1. Fill the small registration form

    • Username:  Will be used to sign in

    • Email Address: All emails from the system will be sent to this address.  The email address is not made public and will only be used if you wish to receive a new password or certain notifications by email

    • Consumer organization: The name of the organization under which all the users and the client applications will be grouped.  If you want to join an existing consumer organization, you need to be invited by an existing member.

signup ss

 

    2. Complete your registration by clicking on the activation link sent to your email address.

    3. That's it, your are now registered and you can create an application in order to subscribe to APIs. 

 

Once you have completed this sign-up process, you just need to subscribe to an API using an application to be able to use the related Sandbox environment.

 

 

app

Application creation

 

In order to be able to call APIs, you will need to create an "Application".  The credentials that you need to call an API are bound to an application, you can see the key (or client-id) in the application management section, but the secret (client-secret) is only showed once when you create the application. You need both client-id and client-secret when you call an API.

 

    1. Create an application through the "Apps" menu

 

create app 1 ss

 

 

     2. Keep your client-id (key)  and client-secret (secret) in a safe place, these are the application credentials.  The client-secret is only displayed once on this screen.

 

create app 2 ss

 

     3. That's it, you can now subscribe to an API plan with this application.

 

 

subscribe

Subscribe to the APIs

 

Explore the API marketplace and find the API of your interest, then you can subscribe to defined plans.

 

Once subscribed, you can use the application credentials to call the API.

 

 

stars

PSD2 APIs

 

The API provides an implementation of the Berlin Group for both versions 1.3 and 1.3.6, which might be updated when new versions of the specification are released. Details about implementation choices and supported features are listed in the paragraphs below. 

 

You can try the simulated version of the PSD2 available flows in the Sandbox environment. In order to authenticate to the Sandbox API endpoints you need to have either the credentials of your client application or an eIDAS certificate.

 

The future production environment will only be accessible to fully authorized third party providers that can present a valid QWAC in the TLS mutual authentication setup of the connection to the API endpoint.

 

Authentication and authorization

 

Berlin Group APIs that give access to PSU data require explicit consent of the end-user (PSU) that is authorized to access the given payment account. Berlin Group is proposing three different models to provide PSU credentials to the API out of which the Redirect Flow is by far the most flexible and provides support for any type of strong customer authentication method already used by the ASPSP.

 

All APIs provide support for the Redirect Flow. The optional OAuth2 flow as a pre-step defined by Berlin Group does not follow a proper Authorization Code Grant flow and is therefore not supported by the Sandbox. 

 

During the authorization procedure, the PSU is required to provide his consent by performing a strong customer authentication. The Sandbox environment allows you to simulate the PSU authentication flows with sample data given hereunder.

As of 01/01/2023, QSealC signatures became mandatory on all calls to the Berlin Group API. HTTP headers Digest, Signature, and TPP-Signature-Certificate became mandatory and all calls not containing a valid signature are rejected.

 

Sandbox sample data

 

In order for you to simulate real scenarios, we provide you some representative data that you can use in the sandbox environment.

 

For some flows you might indeed need to have an account identifier, a user identifier and a user password that allow you to simulate a full PSU experience according to your use cases.

 

Username Password IBAN Currency
1234567 1234567 LU28001050612446 USD
1234567 1234567 LU28001622113948 EUR
1234567 1234567 LU28001992769942 JPY
1234567 1234567 LU28001647599235 GBP
2136361 2136361 LU28001086499336 BRL
99923716 99923716 LU28001591012630 HKD
99923716 99923716 LU28001948714311 SGD
99923716 99923716 LU28001503228595 CHF
99923716 99923716 LU28001316816596 CAD
99923716 99923716 LU28001700117616 GBP

 

 

Supported flows and features

 

Here are the supported features offered by the PSD2 API.  As a general rule, consider that a feature not present in this table is not available through the API. 

 

Feature Supported
AIS Y
PIS - Single Payment N
CBPII N

 

 

Account Information Service Providers

 

AISPs can access API endpoints tagged as such in the Berlin Group API specifications. These methods provide access to account lists of a PSU, their respective balances and transaction history.

 

Consent model

 

Berlin Group defines two different consent models, both of which are supported by the Berlin Group APIs provided in this portal. 

 

  • Global consent: the TPP requests access to all of the PSUs data

  • Detailed consent: the TPP requests access to a specific subset (accounts, balances, transactions) of the PSU's data

 

The ASPSP has currently implemented a maximum consent validity period of 90 days.
Note: as of July 25, 2023, the ASPSP will be extending the maximum consent validity period for new consents. The new duration will be increased to 180 days, allowing users to maintain their consent for a longer period before it needs to be renewed.

 

Back to top