XS2A Core

Convenient solution for PSD2-compliant APIs that provide access to bank accounts and making payments

The challenge

Payment Service Directive 2 (PSD2) signals a new market opportunity for third-party providers (TPPs) in payment transactions. Registered and authorized TPPs must be able to access customers’ accounts at the respective account-holding bank via APIs.

As a bank, you’re obliged to provide TPPs with X2SA interfaces so they can access payment transactions. However, becoming PSD2-compliant can be complex.

Do you lack the time and resources to implement or further develop an Open API interface for your financial institution?

The solution

We’ll help you comply with the directive’s requirements with our proven solution.

X2SA Core offers an open source implementation of the Berlin Group NextGenPSD2 framework which can be connected to your middleware services or your core banking system.

The X2SA solution component includes a consent management system to store and manage consent commands that have been issued by the PSU to the relevant TPPs. A logging system then tracks logically all linked system calls.

X2SA is fully compliant with the NextGenPSD2 implementation support programme (NISP) which not only defines processes, recommendations and test cases, but also ensures you implement them in the correct manner, so you comply with legal requirements.

Our solution provides Swagger documentation for all REST API modules for all possible configurations of mandatory XS2A features.

We support all defined Strong Customer Authentication (SCA) alternatives (REDIRECT, EMBEDDED, DECOUPLED, OAUTH), as well as Multi-Level SCA, multi-currency accounts, all required types of payment products and account information.

Additional features such as account owner data, standing order lists, TPP stop list, funds confirmation consent equip banks with individual optional extensions.

The benefits

  • Strong Customer Authentication (SCA) and improved data protection in accordance with PSD2 requirements
  • Implementation of all Berlin Group mandated API endpoints as well as various optional endpoints
  • Swagger documentation for all REST API modules
  • Preservation of internal resources for the stringent implementation and maintenance of PSD2 requirements
  • New digital service offerings open up new business models

adorsys-xs2a-core-infographic Created with Sketch. PISP AISP PIISP ASPSP (Bank) Accounts TPP

Our customer is the 5th provider in Germany to receive the exemption from BaFin.

Bank-Verlag uses our XS2A-Core solution, for the connection of customer banks to the XS2A interface.

The conditions for granting an exemption for not having a fallback solution are driven by the highest requirements in terms of stability, availability and performance when implementing the so-called Regulatory Technical Standards (RTS). Only two large data centers and two banks have achieved this before us.  

We would like to take this opportunity to thank Bank-Verlag once again for their excellent cooperation!

Press release from Bank-Verlag

Other Reference:

Sparda Banken / Sopra Financial Technology GmbH: PSD2 Readiness as catalyst for Open Banking

Are you ready to get started?

Access the Open Source project in GitHub for more information.

For more information, please contact

Andre Achtstaetter adorsys

Andre Achtstaetter