PSD2 (the Second Payment Services Directive) is an EU regulation designed to improve payment security, protect consumers, and encourage innovation in financial services. It requires banks to share customer account data securely with licensed third-party providers, enabling new services like payment initiation and account aggregation. The directive also enforces Strong Customer Authentication (SCA) to reduce fraud and increase trust in digital payments.
Open banking is a system where banks and financial institutions share customer account data securely with licensed third-party providers, but only with the customer’s consent. It allows new services such as budgeting apps, account aggregation, and faster payments by giving fintechs direct access to financial data through APIs. The goal is to increase competition, improve customer choice, and drive innovation in financial services.
Please find more information at Open Banking
The UK Open Banking API standard is a set of technical and security specifications that allows licensed third-party providers to access bank account data and initiate payments on behalf of customers, with their consent. It was developed under the direction of the UK’s Open Banking Implementation Entity (OBIE) to ensure interoperability, strong security, and consistent customer experience across all participating banks. By standardising APIs, it enables competition, fosters innovation, and gives consumers more control over their financial data and services.
FAPI is a general-purpose high-security API protection profile over OAuth. It has been adopted as a nationwide standard in many countries in order to make data exchanges in Open Banking as secure as possible in the context of third-party account information sharing or payment initiation. The UK Open Banking standard adopts the FAPI 1.0 advanced standard.
These read/write APIs provide the ability for approved/authorised account information service providers (AISPs) to access a customer’s (payment service user, PSU) account and transaction information for domestic business current accounts (BCAs) and personal current accounts (PCAs), only when the PSU grants consent. This API is developed according to the Open Banking Read/Write API Specifications, see https://www.openbanking.org.uk/
These read/write APIs provide the ability for authorised payment initiation service providers (PISPs) to initiate domestic payments, setup new domestic scheduled payments & domestic standing orders, only when the PSU grants consent. This API is developed according to the Open Banking Read/Write API Specifications, see https://www.openbanking.org.uk/
Ths read/write API allow a Card Based Payment Instrument Issuer ('CBPII') to make a request to confirm funds are available. This API is developed according to the Open Banking Read/Write API Specifications, see https://www.openbanking.org.uk/
A TPP, Third Party Provider, can perform the following roles once they are registered with their National Competent Authority (NCA):
Account Information Service Provider (AISP)
Payment Initiation Service Provider (PISP)
Technical Service Provider (TSP)
As a TPP, in order to access our Read/Write APIs, you need to be enrolled with Open Banking (Enrolling Onto Open Banking Guide) and registered with the Financial Conduct Authority (FCA) or a National Competent Authority (NCA), as either an AISP and/or PISP, TSP.
This will then enable you to access our APIs through the Allica Bank Developer Portal
Yes, Allica Bank has a test facility ../40-sandbox.md available through our Developer Portal. This will be made available in March 2019.
Check out our [../20-getting-started.md](Get Started) guide for a step by step guide on how to start testing with our Sandbox APIs.
There are full specifications provided by OBIE available on their [https://openbanking.atlassian.net/wiki/spaces/DZ/overview](Developer Zone) from which we’ve built our APIs. Our APIs are based solely on Open Banking Limited’s UK Open Banking specification as is the industry standard.
(1) Make sure you have registered your SSA in Allica Developer Portal and the subscription of the Accounts Service Provider API and/or Payments Service Provider API is approved by Allica
(2) Make sure you are following client_secret_post for the OIDC calls
(3) Make sure you are sending client_id & client_secret as part of x-www-form-urlencoded body parameter
Check that you are using the correct network certificate signed by Open Banking to establish the TLS MA connection