Salt Edge PSD2 Compliance Logo


Timestamp Change/note
23 Dec 2021 The CBC-mode cipher encryption will be disabled on PSD2 APIs and the following cipher suites will no longer be supported since 3rd February 2022:
Please find below the list of supported ciphers and make sure you support any of the below to keep the connection with the PSD2 APIs:
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
In case you need any assistance on the above please contact us at:


Term Definition
API Application Programming interface. A set of definitions, protocols, and tools that can be used to create applications, interact with other applications, and exchange data.
Provider Represents the ASPSP. A bank or financial institution that offers payment accounts with online access.
ASPSP Account Servicing Payment Service Provider. Provides and maintains a payment account for a payer as defined by the and, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API endpoints.
TPP Organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).
PSU Payment Service User. Natural or legal person making use of a payment service as a payee, payer or both.
AISP Account Information Service Provider. Provides account information services as an online service with consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).
PISP Payment Initiation Service Provider. Provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
CBPII Card Based Instrument Issuer. A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.
SCA Strong Customer Authentication. Authentication based on the use of two or more elements designed in such a way as to protect the confidentiality of the authentication data.
PSR Payment Services Regulations 2017. The UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.
Session Any activity that is forwarded by Salt Edge PSD2 Compliance on behalf of a Customer.
Consent A range of rules on security, providing access to accounts, and enabling traceability and the mitigation of fraud risks.
Scopes A set of permissions granted to a TPP application.
Authorization The API will allow an ASPSP to implement OAuth2 as a support for the authorisation of the PSU towards the TPP for the payment initiation and/or account information service. In this case, the TPP will be the client, the PSU the resource owner and the ASPSP will be the resource server in the abstract OAuth2 model.
eIDAS Electronic Identification, Authentication and trust Services. A set of standards for electronic identification and trust services for electronic transactions in the European Single Market.
OBSEAL OBIE issued Electronic Seal Certificate.


The process of TPP registration is made via an API request to TPP Register endpoint. In order to access Provider Sandbox you need to use OBSEAL test certificate.

After adding a certificate, the registered TPP will have assigned a set of scopes based on the provided certificate.

The available scopes can be seen when creating an TPP Application.

Scopes Definition

Type Description
accounts grants TPP access to Customer's accounts data
payments grants TPP right to initiate payment orders on behalf of Customer
fundsconfirmations grants TPP right to check availability of funds under specific account which belongs to Customer