Information regarding PSD2 XS2A

In accordance with the requirements of the PSD2 and the respective technical regulations of the EBA please find below all information on the XS2A (access to accounts) interfaces.

Our XS2A interface follows the guidelines of the Berlin group, which are summarized in version 1.3 of the NextGenPSD2 Access to Accounts Interoperability Framework.

From March 14th, 2019 the testing option (hereinafter referred to as "Sandbox") will be fully available for all payment initiation as well as all account information service providers. Upstream registration is currently not planned for payment service providers.

The Sandbox APIs are available at https://www.banking.co.at/xs2a-sandbox/m111/v1/ ...

A detailed API description of the XS2A interface can be found at https://www.banking.co.at/psd2.

To authenticate a customer, only the so-called redirect approach is available: The bank customer (user) using the service is forwarded to a webpage of the bank, over which the actual authentication is done.

Within the sandbox the actual authentication is omitted, as this would impede an automated test procedure. When initiating the authentication of a Consent (account information service) or initiating the authentication of a transaction (payment initiation service), authentication is automatically noted as successful.

In the sandbox three dedicated users are available for testing. These have the numbers 100000, 100001 and 100002. To test different scenarios, the first user has no accounts assigned, the second user one and the third user two.

Should you have any questions regarding the sandbox not answered in the above mentioned API documentation, please contact the technical support (only in German) by email: xs2a-support@arz.at. We strive to answer technical questions about the interface in a timely manner, however there is no guarantee of specific response times.