The Open Banking Product consists of two components.
One is the server-side XS2A-API which offers the endpoints for the TPP/merchant to initiate and control transfer and data access procedures. The other one is the XS2A App that handles the interaction with the consumer.
All of the available XS2A-endpoints are secured by an OAuth2 based authentication and authorization system.
In order to retrieve information or execute a transfer, the consumer needs to choose her or his bank and provide authorization to her or his bank account. This is often done by providing login credentials and one-time passwords.
As an alternative to the XS2A App it is also possible to implement the consumer facing part of the application as a white label solution.