Access to Account (XS2A)

All information for developers is summarised here.

The concept of open banking is changing the entire banking landscape. Traditional banking is giving way to open access, with transparent services and more cooperation. We invite you to join us in creating the next generation of digital services based on our APIs.

Here you will find all the information you need on Access to Account (XS2A) interfaces in accordance with the requirements of PSD2 and the associated technical regulations of the European Banking Authority (EBA).

Our XS2A interfaces comply with the requirements of the Berlin Group, which are summarised in version 1.3 of the “NextGenPSD2 Access to Accounts Interoperability Framework”.

From 14 March 2019 onwards, testing facilities (referred to as the "sandbox") will be available without restriction for all payment initiation service providers and all account information service providers. Prior registration for corresponding payment service providers is not currently envisaged.

The sandbox APIs are available under the following URL: https://www.banking.co.at/xs2a-sandbox/m015/v1/....
A detailed API specification on the XS2A interface can be found under https://xs2a.banking.co.at/psd2/m015/ .

For the authentication of a customer, only the “redirect approach” is available. This means that the bank customer (user) who is using the service is redirected to a site of the bank through which the actual authentication process takes place.

Within the sandbox, the actual authentication is omitted, since this would impede an automated test procedure: upon initiation of the authentication of a consent (account information service) or the authentication of a transaction (payment initiation service), the authentication is automatically recorded as successful.

Three dedicated users are available for this purpose in the sandbox for testing. These users are numbered 100000, 100001 and 100002. To make it possible to test various scenarios, no accounts are allocated to the first user, one account is allocated to the second user, and two accounts to the third user.

The IT infrastructure of Anadi Bank is provided by Allgemeines Rechenzentrum Ges.m.b.H. (ARZ). In addition to servicing Anadi Bank as its main provider of IT services, ARZ provides services to a total of 20 other banks with approx. 1.6 million customers. More detailed information can be found at www.arz.at.

If you have queries about the sandbox which are not answered by the above API documentation, technical support is available by email (in German) via the following email address: xs2a-support@arz.at. We make every effort to answer technical queries regarding the interface promptly, but we are not able to provide any definite response times.