Terminology

Full name

Description

Access Token

A token that needs to be passed on with every call to the API in order to access it.

AIS

Account Information Services

Account Information Services (such as getting access to the users' bank accounts, balances and transactions

AISP

Account Information Service Provider

Account Information Service Provider is a party which has the right to initiate a payment on behalf of a PSU.

API Key

An application programming interface key is a unique string of alphanumeric characters transmitted as part of an API request that authenticate the source of the API request.

ASPSP

Account Servicing Payment Service Provider

Can be regarded as a bank/financial institution

Bank

A financial institution that accepts deposits from the public and creates credit.

Certificate

A data file that digitally binds a cryptographic key to an organization’s details or a package containing it and additionally a private key and (optionally) a passphrase.

Client

A finAPI customer that has TTP certification.

Credentials

A user's authentication information (typically a password, a token, or a certificate).

Data at Rest

Data that is being stored in stable destination systems

eIDAS

electronic Identification and Trust Services

A set of standards for electronic identification and trust services for electronic transactions in the European Single Market.

MA

Mutual Authentication

Mutual TLS authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others' identity.

OAuth2

The industry-standard protocol for authorization that focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

PIS

Payment Information Services

Payment Information Services (such as payment initiation from a bank account).

PISP

Payment Initiation Service Provider

Payment Initiation Service Provider is a party which has the right to initiate a transaction on behalf of a PSU.

Postman

A Web service testing tool.

PSU

Payment Services User

Can be regarded as an end-user

Private key

A separate file that is used in the encryption/decryption of data sent between the server and the connecting clients.

PSD2

The second Payment Services Directive

Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366). EU Directive, administered by the European Commission to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).

QSeal

A qualified Electronic Seal Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation.

QTSP

Qualified Trust Service Provider

Qualified Trust Service Provider is an entity allowed to issue qualified digital certificates which can be used to create qualified electronic signatures.

QWAC

Qualified Website Authentication Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation.

SCA

Strong Customer Authentication

Strong customer authentication is an authentication procedure based on two factors compliant with the requirements of PSD2.

TLS

Transport Layer Security

Transport Layer Security is cryptographic protocol designed to provide communications security over a computer network.

TPP

Third-Party Provider

Third-party provider (such as finAPI)

VAT

Value Added Tax

The Value Added Tax, in the European Union is a general, broadly based consumption tax assessed on the value added to goods and services.

XS2A

Access to Account

PSD2 compliant Access to Account Interface.