Glossary
Terminology | Full name | Description |
---|---|---|
Access Token | A token that needs to be passed on with every call to the API in order to access it. | |
AIS | Account Information Services | Account Information Services (such as getting access to the users' bank accounts, balances, and transactions |
AISP | Account Information Service Provider | Account Information Service Provider is a party that has the right to initiate a payment on behalf of a PSU. |
API Key | An application programming interface key is a unique string of alphanumeric characters transmitted as part of an API request that authenticates the source of the API request. | |
ASPSP | Account Servicing Payment Service Provider | Can be regarded as a bank/financial institution |
Bank | A financial institution that accepts deposits from the public and creates credit. | |
Certificate | A data file that digitally binds a cryptographic key to an organization’s details or a package containing it and additionally a private key and (optionally) a passphrase. | |
Client | A finAPI customer that has TTP certification. | |
Credentials | A user's authentication information (typically a password, a token, or a certificate). | |
Data at Rest | Data that is being stored in stable destination systems | |
eIDAS | electronic Identification and Trust Services | A set of standards for electronic identification and trust services for electronic transactions in the European Single Market. |
MA | Mutual Authentication | Mutual TLS authentication or certificate based mutual authentication refers to two parties authenticated by other through verifying the provided digital certificate so that both parties are assured of the other entity. |
OAuth2 | The industry-standard protocol for authorization that focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. | |
PIS | Payment Information Services | Payment Information Services (such as payment initiation from a bank account). |
PISP | Payment Initiation Service Provider | Payment Initiation Service Provider is a party which has the right to initiate a transaction on behalf of a PSU. |
Postman | A Web service testing tool. | |
PSU | Payment Services User | Can be regarded as an end-user |
Private key | A separate file that is used in the encryption/decryption of data sent between the server and the connecting clients. | |
PSD2 | The second Payment Services Directive | Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366). EU Directive, administered by the European Commission to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). |
QSeal | A qualified Electronic Seal Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation. | |
QTSP | Qualified Trust Service Provider | Qualified Trust Service Provider is an entity allowed to issue qualified digital certificates which can be used to create qualified electronic signatures. |
QWAC | Qualified Website Authentication Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation. | |
SCA | Strong Customer Authentication | Strong customer authentication is an authentication procedure based on two factors compliant with the requirements of PSD2. |
TLS | Transport Layer Security | Transport Layer Security is a cryptographic protocol designed to provide communications security over a computer network. |
TPP | Third-Party Provider | Third-party provider (such as finAPI) |
VAT | Value Added Tax | The Value Added Tax, in the European Union is a general, broadly based consumption tax assessed on the value added to goods and services. |
XS2A | Access to Account | PSD2 compliant Access to Account Interface. |