XS2A Core

An open source project for PSD2-compliant APIs that provide access to bank accounts and making payments

The challenge

Payment Service Directive 2 (PSD2) signals a new market opportunity for third-party providers (TPPs) in payment transactions – using APIs, the directive stipulates that they should get access to customer accounts at the bank where the accounts are held.

As a bank, you’re obliged to provide TPPs with X2SA interfaces so they can access payment transactions. However, becoming PSD2-compliant can be complex.

If you don’t have the time and resources to develop an open API for your bank, and if you need to comply with the directive fast, then we’re here to help.

The solution

We’ll help you comply with the directive’s requirements with the minimal amount of effort.

X2SA Core offers an open source implementation of the Berlin Group NextGenPSD2 framework which can be connected to ASPSP’s middleware services or your core banking system.

The X2SA interface has a consent management system to store and manage consent commands that have been issued by the PSU to the relevant TPPs. A logging system then tracks logically linked system calls.

X2SA is fully compliant with the NextGenPSD2 implementation support programme (NISP) which not only defines processes, recommendations and test cases, but also ensures you implement them in the correct manner, so you comply with legal requirements.

As part of the process, adorsys provides Swagger documentation for all REST API modules for the storage and readout of ASPSP-specific configurations for XS2A features. The solution works with a number of relational databases, including Oracle, PostgreSQL, MariaDB and others.

We support all defined SCA approaches (REDIRECT, EMBEDDED, DECOUPLED, OAUTH), as well as multi-level SCA, multi-currency accounts, various types of payment products and account information.

Additional features such as account owner data, standing order lists, TPP stop list, funds confirmation consent give banks the ability to control TPPs’ access and take any necessary steps.

The benefits

  • Strong Customer Authentication (SCA) and improved data protection in accordance with PSD2 requirements
  • Implementation of all Berlin Group mandated API endpoints as well as various optional endpoints
  • Swagger documentation for all REST API modules
  • Access to an extensive ecosystem via GitHub
  • PSD2 requirements are met without having to consume lots of internal resources
  • New digital service offerings and accessing third-party bank data open up new business models

adorsys-xs2a-core-infographic Created with Sketch. PISP AISP PIISP ASPSP (Bank) Accounts TPP

Are you ready to get started?

Access the Open Source project in GitHub for more information.

For more information, please contact

Andre Achtstaetter adorsys

Andre Achtstaetter

Vice President International Division