1. Introduction

1.1. Context

The revised Payment Service Directive (PSD2) points out some new roles providing services to a Payment Service User (PSU):

• Third Party Providers (TPP) which can be subdivided into three categories

  • Account Information Service Providers (AISP)

  • Payment Initiation Service Providers (PISP)

  • Card Based Payment Instrument Issuers (CBPII)

• Account Servicing Payment Service Providers (ASPSP).

Each Member Country has to transpose the PSD2, within its own national law.

The PSD2 is completed by a set of documents provided by the European Banking Authority (EBA). Among these documents, the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) details some requirements, for instance on security principles: traceability, strong customer authentication…

1.2. Mission

STET has been mandated by its shareholders in order to design and provide an open API (Aka STET PSD2 API) that would specify the different interactions between TPPs and ASPSPs for carrying out the different use cases of PSD2. This API could be extended to other (non-PSD2) use cases in the future but this extension is not part of the mandate.

As the RTS for SCA are now finalised, this version of the API and its documentation considers the new constraints and rules that have been introduced.

This version also includes

• Items that have been identified and studied in common with the BERLIN GROUP, in a strategy of convergence of the different European API initiatives.

• Evolvements linked to the change requests that have been received after first public releases of STET PSD2 API.

The STET PSD2 API does not cover:

• Interactions between PSUs and TPP

• Interactions between PSUs and ASPSP

• Registration information management

The technical characteristics of this API are provided within a SWAGGER 2.0 file. The present document purpose is to provide extra-information on this API and to give some interaction samples.

1.3. Legal framework

PSD2:

• http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366

EBA RTS on SCA and CSC:

• https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=uriserv:OJ.L_.2018.069.01.0023.01.ENG&toc=OJ:L:2018:069:TOC

EBA Opinion on the implementation of the RTS on SCA and CSC:

• https://www.eba.europa.eu/documents/10180/2137845/Opinion+on+the+implementation+of+the+RTS+on+SCA+and+CSC+%28EBA-2018-Op-04%29.pdf

EIDAS:

• http://eur-lex.europa.eu/legal-content/FR/TXT/?uri=celex%3A32014R0910

1.4. Licence

This specification is published under the following licence

"Creative Commons - Attribution 3.0 France (CC BY 3.0 FR)"

This work has been coordinated by STET with the following contributors:

• BNP Paribas

• Le Groupe BPCE

• Le Groupe Crédit Agricole

• La Banque Fédérative du Crédit Mutuel - CIC

• La Banque Postale

• La Société Générale

• La Caisse des Dépôts et Consignations

• Le Crédit Mutuel - ARKEA

• HSBC France

• L'OCBF

• La Fédération Bancaire Française

• LUXHUB

• RAIFFEISEN LU

This release also takes into accounts the work of the Working Group of the French CNPS (Comité National des Paiements Scripturaux), co-chaired by:

• La Banque de France

• La Direction Générale du Trésor

Other attendees than banks to this Working Group were:

• L'ACPR (Autorité de Contrôle Prudentiel et de Résolution)

• La DINSIC (Direction Interministérielle des Systèmes d'Information et de Communication)

• L'AFEPAME (Association des Établissements de Paiement et de Monnaie Électronique)

• CGI Luxembourg S.A.

• MERCATEL

• La FEVAD (Fédération du e-commerce et de la vente à distance)

• L'ASF (Association française des Sociétés Financières)

• WORLDLINE

• BANKIN'

• LINXO

• BUDGET INSIGHT

• LYDIA

• LYRA NETWORK

• AMERICAN EXPRESS