The Open Banking Product consists of three main components.
One is the server-side XS2A API which offers the endpoints for the TPP/merchant to initiate and control transfer and data access procedures. The other one is the XS2A App that handles the interaction with the consumer.
The XS2A-API exposes endpoints for the session and flow management. The following flows can be executed:
The API should be exclusively called by other services and the content of those exchanges should not be exposed to the consumer.
In addition to the XS2A API a Consent Token based API provides access to consumer data. The consent token has to be retrieved during a XS2A session.
In order to retrieve information or execute a transfer, the consumer needs to choose her or his bank and provide authorization to her or his bank account. This is often done by providing login credentials and one-time passwords.
As an alternative to the XS2A App it is also possible to implement the consumer facing part of the application as a white label solution.
The Bank Universe service allows customers to retrieve information about supported banks and their capabilities.