Logo

Open Banking API Intro

Nikulipe UAB (oba@nikulipe.com)

2020-06-01

Overview

Nikulipe provides access to E-Money bank accounts of its Clients over the Open Banking API. This API is offered as part of PSD2 regulation.

TPPs can access the Nikulipe Open Banking API using a valid eIDAS QWAC certificate issued by a trusted QTSP.

TPPs, as defined in PSD2, are under supervision of the Financial Supervision Authority of the respective member state of the EU, which grants them rights and places requirements/obligations on them.

Document History

2020-06-01: Initial Version

Definitions

PSD2
Payment Service Directive 2
TPP
Third Party Payment Service Provider (AISP/PIISP/PISP)
PSU
Payment Service User
PIS
Payment Initiation Service
PISP
Payment Initiation Service Provider
PIISP
Payment Instrument Issuer Service Provider
AIS
Account Information Service
AISP
Account Information Service Provider
ASPSP
Account Servicing Payment Service Provider
XS2A Interface
Access to Account Interface
EBA
European Banking Authority
RTS
Regulatory Technical Standards
FCS
Fund confirmation service
eIDAS
electronic IDentification, Authentication and trust Services
NA/NCA
National (Competent) Authority
QTSP
Qualified Trust Service Provider
TSP
Trust Service Provider
QSEAL
Qualified Electronic Seal Certificates
QWAC
Qualified Website Authentication Certificates

Standards and Protocols

Nikulipe’s Open Banking API makes use of standards defined in the Berlin Group’s Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Operational Rules v1.3.

Nikulipe’s Open Banking API implements the following workflows defined in this document: - AIS (Account Information Service) Redirect SCA Approach - PIS (Payment Initiation Service) Redirect SCA Approach - FCS (Funds Confirmation Service) Redirect SCA Approach

Currently no decoupled methods are supported.

Transport Level Security

All endpoints are secured using TLS 1.2 or higher.

Access to production endpoints is secured using client certificates. Only valid QWAC certificates can be used (signed by a trusted QTSP).

The TPP must provide the public part of the QWAC used for accessing the Nikulipe Open Banking API to Nikulipe, which then will be associated with the TPP’s account in Nikulipe’s systems.

Application Level Security

Payload transported over the Open Banking API must be signed by the TPP. Only signatures done with a QSEAL certificate issued by a trusted QTSP are eligible.

The public part of the QSEAL used by the TPP has to be provided to Nikulipe and will be associated with the TPP’s account in Nikulipe’s systems.

In addition, all requests must contain an access token.

Only POST requests are signed by the TPP in order to guarantee integrity of message bodies and prove the origin of the content.

Sandbox Access

Please reach out to oba@nikulipe.com in order to get access to the Sandbox/Test environment.

Nikulipe will provide you with:

API Endpoints

Test Endpoint
https://sandbox-oba.nikulipe.com/psd2/…
Live Endpoint
https://oba.nikulipe.com/psd2/…

OpenAPI Specification

The full OpenAPI specification can be found on the Nikulipe UAB PSD2 API.