The Open Banking Product consists of three main components.
One is the server-side XS2A API which offers the endpoints for the TPP/merchant to initiate and control transfer and data access procedures. The other one is the XS2A App that handles the interaction with the consumer.
All of the available XS2A-endpoints are secured by an OAuth2 based authentication and authorization system.
In order to retrieve information or execute a transfer, the consumer needs to choose her or his bank and provide authorization to her or his bank account. This is often done by providing login credentials and one-time passwords.
As an alternative to the XS2A App it is also possible to implement the consumer facing part of the application as a white label solution.
The Bank Universe service allows customers to retrieve information about supported banks and their capabilities.