XS2A PSD2 interface

Our „finAPI XS2A API“ interfaces follow the guidelines of the Berlin Group. From the 14.03.2019 the test option is available for all payment initiation, account information and payment service providers that issue card-based payment instruments without restriction.

Test Interface - XS2A Sandbox

The test interface ("XS2A-Sandbox") provides pure test data, which are located at finAPI. All details about the interface can be found in the "Developer Documentation".

To the interface

Developer documentation

The developer documentation provides you with a technical description of the individual API functions. The documentation is only available in English.

To the API documentation

Support Access

In the support access, developers can submit support requests. Support is provided by finAPI for the BKS Bank.

To support access

Productive XS2A Interface

To the interface

Alternatively, a support request can be sent by e-mail to xs2a-support@finapi.io.

If there are problems with the xs2a server or the required 5 requests regarding

  • access to information for provision of payment initiation services
  • account information services

cannot be answered within a time window of 30 seconds, then one of the following 5xx status codes will be provided:

  • HTTP 500 Internal Server Error
  • HTTP 501 Not Implemented
  • HTTP 502 Bad Gateway
  • HTTP 503 Service Unavailable
  • HTTP 504 Gateway Timeout
  • HTTP 505 HTTP Version Not Supported
  • HTTP 506 Variant Also Negotiates
  • HTTP 507 Insufficient Storage
  • HTTP 508 Loop Detected
  • HTTP 510 Not Extended
  • HTTP 511 Network Authentication Required
  • HTTP 599 Network Connect Timeout Error

This entitles the TPP to choose the fallback route:

  • The TPP must send an HTTP request using the GET method
  • The TPP must include a valid productive QWAC

Call up: xs2a-fallback.bksbank-online.at

If no QWAC certificate is issued or the QWAC check fails, the following error messages occur:

  1. Call without certificate
    HTTP 403 Forbidden { "timestamp": "2019-09-03T09:03:12.699+0000", "status": 403, "error": "Forbidden", "message": "Access Denied", "path": "/certificate-checker/cc" }

  2. certificate without PSD2 extention
    HTTP 403 Forbidden { "errorMessage": "Certificate doesn't have qcExtensions section" }

  3. certificate status = revoked
    HTTP 403 Forbidden { "certificateStatus": "REVOKED" }

  4. certificate status = unknown
    HTTP 403 Forbidden { "certificateStatus": "UNKNOWN" }

If the call up was successful, a redirect to the login page of the BKS customer portal takes place. The information from the certificate is transferred to the login page.