The api will be available under the following path:
BaseURL = <Environment URL>/api/v1/
Please note that only the sandbox environment supports the example PSU-IDs, Passwords and IBANs mentioned under section
A valid QWAC certificate is required for all environments except for the Documentation.
As TPP you need to be registered for each bank separately. Please send us a short E-Mail with the following information:
If you have any questions regarding executed API-calls, please send us a message containing the following additional informations:
A quickstart guide for TPPs can be downloaded from here.
Note that the Guides are based on the API version of 11.06.2019.
The PASS Banking API - Package XS2A enables banks to comply with the requirements of the PSD2-to implement the directive.
It is based on the required account access APIs of the specifications of the EBA and the Berlin Group (NextGenPSD2).
For retrieving account information and initiating payments by third-party providers (TPPs) endpoints are provided:
Payment Information Services (PIS)
Confirmation of Funds (PIIS)
The APIs are
The PASS Banking API provides all the relevant information and configurations of the PSD2-Application ready for the administrators of the bank.
The character set is UTF 8 encoded. This specification is only using the basic data elements "String", "Boolean", "ISODateTime", "ISODate", "UUID" and "Integer" (with a byte length of 32 bits) and ISO based code lists. ASPSPs will accept for strings at least the following character set:
a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9
* / - ? : ( ) . , ' +
Lf must never be used as single characters and must only be used together in the sequence
LfCr is not allowed. When the character sequence
CrLf is used in a field format with several lines, it is used to indicate
the end of one line of text and the start of the next line of text.
With the following demo accounts you can test all workflows except payment processing in the SANDBOX environment.
123456(Supports only EMBEDDED SCA Approach)
7891011(Supports EMBEDDED or DECOUPLED SCA Approach with method selection)
131415(Supports only DECOUPLED SCA approach)
123456, Default TAN (for EMBEDDED SCA):
For DECOUPLED SCA approach calling GET SCA status will automatically approve the authorisation.
|Account Information Service (AIS)||
|| The Account Information Service (AIS) offers the following services
|Confirmation of Funds Service (PIIS)||
||Confirmation of Funds Service (PIIS) returns a confirmation of funds request at the ASPSP.|
|Payment Initiation Service (PIS)||
|| The Description for Payment Initiation Service (PIS) offers the following services:
Requested access services for a consent.
NOTE: All permitted "access" attributes ("accounts", "balances" and "transactions") used in this message shall carry a non-empty array of account references, indicating the accounts where the type of access is requested. Please note that a "transactions" or "balances" access right also gives access to the generic /accounts endpoints, i.e. is implicitly supporting also the "accounts" access.
|AccountBalanceResponse||Body of the response for a successful read balance for an account request.|
|AccountDetails||Details about an account|
|AccountGroup||A group of accounts|
Reference to an account by either
|AccountTransactions||Body of the JSON response for a successful read card account transaction list request. This card account report contains transactions resulting from the query parameters.|
|Accounts||A list of AccountDetails.|
|Amount||An amount of money in a certain currency|
|AuthenticationObject||A method for strong customer authentication|
|AuthenticationType||A specific type of an authentication method|
|AuthorisationUpdate||Different Authorisation Bodies.|
|Authorisations||An array of all authorisationIds|
|Balance||A single balance element|
|BalanceType||Type of balance.|
|Challenge||It is contained in addition to the data element 'chosenScaMethod' if challenge data is needed for SCA. In rare cases this attribute is also used in the context of the 'startAuthorisationWithPsuAuthentication' link.|
|ConsentCreationRequest||Content of the body of a consent request.|
|ConsentCreationResult||The response for a consent creation|
|ConsentData||Basic information about the consent.|
|ConsentStatus||This is the overall lifecycle status of the consent.|
|ConsentStatusResponse||Body of the JSON response for a successful get status request for a consent.|
|ExternalPurpose1Code||The purpose of a transaction|
|FundsConfirmationRequest||JSON Request body for the "Confirmation of Funds Service"|
|FundsConfirmationResponse||JSON Response body for the "Confirmation of Funds Service"|
|HrefType||Link to a resource|
|Links||Definition of _link types. Remark: All links can be relative or full links, to be decided by the ASPSP.|
|LinksAccountDetails||Links to the account, which can be directly used for retrieving account information from this dedicated account. Links to "balances" and/or "transactions" These links are only supported, when the corresponding consent has been already granted.|
|LinksAccountReport||Type of links admitted in this response|
|LinksAll||A _link object with all available link types|
|LinksConsents||Type of links admitted in this response|
|LinksDownload||Type of links admitted in this response. This feature shall only be used where camt-data is requested which has a huge size.|
|LinksGetConsent||Type of links admitted in this response|
|LinksPaymentInitiation||Type of links admitted in this response|
|LinksPaymentInitiationCancel||Type of links admitted in this response|
|LinksSelectPsuAuthenticationMethod||Type of links admitted in this response|
|LinksSigningBasket||Type of links admitted in this response|
|LinksStartScaProcess||Type of links admitted in this response|
|LinksTransactionDetails||Type of links admitted in this response|
|LinksUpdatePsuAuthentication||Type of links admitted in this response|
|LinksUpdatePsuIdentification||Type of links admitted in this response|
|MessageCode2XX||Message codes for HTTP Error codes 2XX.|
|OtpFormat||The format type of the OTP to be typed in. The admitted values are "characters" or "integer".|
|PaymentInitiationResponse||Body of the response for a successful payment initiation request.|
|PaymentStatusResponse||Body of the response for a successful payment initiation status request in case of an JSON based endpoint.|
PSU Data for PSU Authentication.
The password or encryptedPassword subfield is used, depending on encryption requirements of the ASPSP as indicated in the corresponding hyperlink contained in the last response message of the ASPSP.
Remark for Future: More details on the encrypted password transport will be published by a future bulletin.
|ScaStatus||Information about the status of the SCA method.|
|ScaStatusResponse||Body of the JSON response with SCA Status.|
|ScaprocessResponse||Common type for a sca process response.|
|StartScaprocessResponse||Body of the JSON response for a Start SCA authorisation request.|
|TppMessage||Abstract TPP message type|
|TppMessage2XX||Message codes for HTTP Error codes 2XX.|
|TppMessageCategory||Category of the TPP message category|
JSON based account report. This account report contains transactions resulting from the query parameters.
'booked' shall be contained if bookingStatus parameter is set to "booked" or "both".
'pending' is not contained if the bookingStatus parameter is set to "booked".
|TransactionStatus||The state of a transaction|
|UpdatePsuDataResponse||Body of the JSON response for a Update SCA authorisation request.|
|Usage||Specifies the usage of the account|