Authorization to provide services by a competent authority under PSD2
Valid PSD2-compliant QWAC containing registration information, including the role of TPP (ETSI TS 119 495 v1.3.2). The QWAC publisher must be in the EU list of trusted providers: https://webgate.ec.europa.eu/tl-browser/#/.
QWAC roles:
- Payment initiation (PSP_PI);
- Account information (PSP_AI);
- Issuing of card-based payment instruments (PSP_IC)
QWAC roles corresponding to the registration required for the respective API:
| API | Service registration | QWAC Role |
| AIS | Account Information Service Provider – AISP | PSP_AI |
| PIS | Payment Initiation Service Provider – PISP | PSP_PI |
| CFS | Payment Instrument Issuing Service Provider – PIISP | PSP_IC |
Specific requirements:
- Registration of the TPP application in the Developer API portal of Postbank – done independently by the TPP.
- Client ID
- Client secret
- redirect_uri
- public key of the QWAC
- Subscription to the production API – authorized by an employee of Postbank after completing the checks for fulfillment of all legal requirements.
- oAuth2 Access token, separate for each API – client of the bank who gives a consent to TPP-APP to access their accounts with the corresponding API – as a result TPP receives an Access token.
Adding a TPP application for production environment
The TPP-APP owner finds the API and chooses it:
The TPP-APP owner subscribes to the API:
The button is not inserted
- Clicks on the SUBSCRIBE button
- Selects the Application for which the subscription will apply
- Confirms with the button SUBSCRIBE
- A message for the submitted request displays on the screen
- The TPP-APP owner sends the public key of the QWAC via email
- If any additional information is needed it will be communicated via email
- The TPP-APP owner will receive information for the approval