Additional TPP registration and authentication
Some ASPSPs require a separate TPP registration/authentication in addition to a QWAC/QSEAL certificate. This applies only to TPPs with their own supervisory license. finAPI customers using the finAPI PSD2 License can use the finAPI TPP registration.
For ASPSPs that require registration, the first step is TPP registration in an ASPSP portal. We can provide a list of TPP registration requirements to finAPI customers upon request to support@finapi.io.
After the TPP registration, the respective TPP credentials have to be stored in finAPI Access to allow usage of these credentials to connect to ASPSPs. Here is a list of the required TPP credentials per bank that must be stored in finAPI Access:
Group name | Description |
---|---|
AirBank XS2A CZ | Required fields: client_id, client_secret, tpp_name TPP receives all the above mentioned parameters in the response on the call to TPP must provide QWAC when calling this endpoint. Payload example:
JSON
|
CSOB XS2A CZ | Required fields: client_id, client_secret, APIKey, tpp_name TPP receives the APIKey after completing its registration on developer portal. Please, see https://developers.csob.cz/how-to/dev-register. TPP receives client_id and client_secret in the response on the call to https://api.csob.cz/api/csob/oauth2/v1/register endpoint. TPP must provide QWAC and APIKey when calling this endpoint. Request example:
CODE
|
CSOB XS2A SK | Required fields: client_id, client_secret TPP receives all the above mentioned parameters in the response on the call to https://api.csob.sk/enroll/enroll endpoint. TPP must provide QWAC when calling this endpoint. Payload example:
JSON
|
Erstebank XS2A CZ | Required fields: client_id, client_secret, APIKey, tpp_name TPP receives the above mentioned parameters after completing its registration on developer portal - https://developers.erstegroup.com/register |
Commerzbank XS2A DE | Required fields: organizationIdentifier from QWAC. TPP can extract organizationIdentifier from the public part of its QWAC. |
Comdirect XS2A DE | Required fields: organizationIdentifier from QWAC. TPP can extract organizationIdentifier from the public part of its QWAC. |
Santander XS2A DE | Required fields: organizationIdentifier from QWAC. TPP can extract organizationIdentifier from the public part of its QWAC. TPP-Registration:
NONE
|
DKB XS2A DE | Starting from 24.03.2021 TPP registration via developer portal is no longer needed or possible. TPP credentials are no longer required. Instead, DKB implements automatic registration of the TPP after the first call to the API using QWAC. As described in the document
This call can be made via this example cURL
CODE
The response should look like
JSON
TPP must provide QWAC when calling this endpoint. The call itself will result in an error, but the automatic registration of TPP should be triggered. According to DKB, the TPPs who were registered prior to these changes do not need to execute this call |
HCOB XS2A DE | Required fields:
TPP receives the above mentioned parameters after completing its registration on developer portal - https://tpp.hcob-bank.com/store/site/pages/sign-up.jag |
ING XS2A | Required fields: serialNumber from the QSEAL certificate. TPP can extract serialNumber from the public part of its QSEAL. value: “SN=$extracted_serialNumber” example:
JSON
|
Erstebank/Sparkasse XS2A AT | Required fields: client_id, client_secret, tppId, applicationId TPP receives all the above mentioned parameters in the response on the call to https://webapi.developers.erstegroup.com/api/v1/initiation/bank.eba endpoint. TPP must provide QWAC when calling this endpoint. Payload example:
JSON
|
Raiffeisen XS2A AT | Required fields: clientId TPP receives clientId after uploading its QWAC to QWAC is checked on the transport layer during the SSL Handshake. See request and response details at https://api-dashboard.raiffeisen.at/web/#!/psd2-oauth-flow |
Hypo XS2A AT | Required fields: clientId TPP receives clientId after uploading its QWAC to QWAC is checked on the transport layer during the SSL Handshake. See request and response details at https://api-dashboard.hypo.at/web/#!/psd2-oauth-flow |
Amex XS2A | Required fields: client_id, client_secret. TPP receives the above mentioned parameters after completing its registration on developer portal - https://developer.americanexpress.com/open-banking |
Erstebank XS2A SK | Required fields: client_id, client_secret, APIKey TPP receives the above mentioned parameters after completing its registration on developer portal - https://developers.erstegroup.com/register |
Bank Verlag XS2A DE | No TPP credentials are needed to access Bank Verlag XS2A API |
Barclaycard XS2A DE | Required fields: client_id, client_secret. TPP receives the above mentioned parameters after completing its registration on developer portal - https://developer.barclays.com/register |
PayPal XS2A | Required fields: client_id, client_secret. TPP receives the above mentioned parameters after completing the registration on the TPP Landing Page; https://www.paypal.com/partnerexp/tppLanding If TPP Certificate is expiring, send the new certificates via email to the Paypal support team (email contact can be provided on-request) |
Tatra XS2A SK | TPP receives clientId and clientSecret after completing its registration on developer portal - https://developer.tatrabanka.sk/ |
Raiffeisen XS2A Sandbox AT | Required fields: clientId, clientSecret TPP receives clientId and clientSecret after completing its registration on developer portal - https://api-dashboard.raiffeisen.at/web/#!/register. Credentials are displayed in the TPP application profile. |
Sparda XS2A DE | Required fields: organizationIdentifier from QWAC. TPP can extract organizationIdentifier from the public part of its QWAC. |
VR XS2A DE | Required fields: serialNumber from the QSEAL certificate. TPP can extract serialNumber from the public part of its QSEAL. value: “SN=$extracted_serialNumber” |
Bunq XS2A | Required fields:
TPP receives the above mentioned parameters after completing the registration process descripbed at - https://doc.bunq.com/ (section PSD2 service provider). |
Solarisbank (Penta) | Required fields: organizationIdentifier from QWAC. TPP can extract organizationIdentifier from the public part of its QWAC. |
Revolut XS2A | Required fields:
The Key ID can be found as kid in the JWKs file created during the registration process required by Revolut. It is described here: https://developer.revolut.com/docs/build-banking-apps/#identification-and-authentication-dynamic-client-registration |
N26 XS2A | Required fields: TPP can extract organizationIdentifier from the public part of its QWAC. |
Qonto XS2A | Required fields: client_id and client_secret https://api-doc.qonto.com/docs/business-api/ed2a209683773-register-your-application |
Komerční banka XS2A (SK) | Required fields: TPPs receives these parameters when they complete registration via the developer portal Komerční banka (SK) https://api.koba.sk/portal |
Fidor Bank XS2A | Required fields: client_id as organizationIdentifier from QWAC. TPP is required to onboard via |
M.M. Warburg XS2A DE | Required fields: TPP can extract serialNumber from the public part of its QSEAL. value: “SN=$extracted_serialNumber” example:
JSON
|
Posojilnica Bank XS2A | Required fields: TPP receives clientId after uploading its QWAC to QWAC is checked on the transport layer during the SSL Handshake. See request and response details at https://api-dashboard.poso.at/web/#!/psd2-oauth-flow |
Yapily XS2A | Required fields: Step 1 TPP creates a new account on the Yapily Console. Step 2 TPP uploads their QWAC and QSeal certificates on the “Certificates” page. Step 3 On the “Applications” page TPP creates an application: “APPLICATION ID” becomes the Step 4 For an application whose credentials are uploaded as TPP credentials, TPP registers every bank that should be available thought the Access API. For that, on the “Connected Institutions” tab of the application configuration, TPP adds all desired banks (institutions) and then does the registration bank per bank. Bank registration might require additional data - follow the hints on the registration page. |
VUB XS2A | Required fields: To register as a TPP, call the endpoint https://api.vub.sk/psd2/register. For more details, go to the documentation page and then go to the section PSD2_OpenIdRegister_swagger.yaml. |
Holvi Bank XS2A | Required fields: To register as a TPP, call the endpoint https://psd2.holvi.com/v1/onboarding/signup/ . For more details, go to the documentation page and then go to the section “Onboarding API”. |