Access to Environments
|Launch date||03 February 2023|
|API||Application Programming interface. A set of definitions, protocols, and tools that can be used to create applications, interact with other applications, and exchange data.|
|Provider||Represents the ASPSP. A bank or financial institution that offers payment accounts with online access.|
|ASPSP||Account Servicing Payment Service Provider. Provides and maintains a payment account for a payer as defined by the and, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API endpoints.|
|TPP||Organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).|
|PSU||Payment Service User. Natural or legal person making use of a payment service as a payee, payer or both.|
|AISP||Account Information Service Provider. Provides account information services as an online service with consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).|
|PISP||Payment Initiation Service Provider. Provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.|
|CBPII||Card Based Instrument Issuer. A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.|
|SCA||Strong Customer Authentication. Authentication based on the use of two or more elements designed in such a way as to protect the confidentiality of the authentication data.|
|PSR||Payment Services Regulations 2017. The UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.|
|Session||Any activity that is forwarded by Salt Edge PSD2 Compliance on behalf of a Customer.|
|Consent||A range of rules on security, providing access to accounts, and enabling traceability and the mitigation of fraud risks.|
|Scopes||A set of permissions granted to a TPP application.|
|Authorization||The API will allow an ASPSP to implement OAuth2 as a support for the authorisation of the PSU towards the TPP for the payment initiation and/or account information service. In this case, the TPP will be the client, the PSU the resource owner and the ASPSP will be the resource server in the abstract OAuth2 model.|
|eIDAS||Electronic Identification, Authentication and trust Services. A set of standards for electronic identification and trust services for electronic transactions in the European Single Market.|
|OBSEAL||OBIE issued Electronic Seal Certificate.|
The process of TPP registration is made via an API request to TPP Register endpoint. In order to access Provider Sandbox you need to use OBSEAL test certificate.
After adding a certificate, the registered TPP will have assigned a set of scopes based on the provided certificate.
The available scopes can be seen when creating an TPP Application.
|accounts||grants TPP access to Customer's accounts data|
|payments||grants TPP right to initiate payment orders on behalf of Customer|
|fundsconfirmations||grants TPP right to check availability of funds under specific account which belongs to Customer|