Faqs – frequently asked questions for our open banking apis
GENERAL QUESTIONS
Are retail and business accounts accessible through PSD2 APIs?
All retail accounts with access to POSO Online Banking can also be accessed through the PSD2 APIs.
For Business Accounts the access to the POSO Online Banking can be enabled or disabled. Only if access to the Online-Banking is enabled the PSD2 APIs are also available for this account.
PAYMENT INITIATION
How is the available account balance checked?
Our system checks the available amount after the PSU authorizes the payment.
If the amount IS NOT available the payment will be rejected.
If the amount IS available, the payment state changes to Pending and our system will start processing the payment.
Each new initiated transaction will reduce the available account balance.
Example: If the account balance is 100 Euro, and we receive two transactions (one 80 Euro, one 40 Euro) then the 2nd transaction (40 Euro) will be rejected.
It seems that payments are not processed after 18:00?
In the evening (typically from 18:00 to 03:00), on weekdays and on holidays SEPA payments can not be processed. This means if a payment is received during these hours the available amount will be checked and the payment will stay in the pending status until settlement can continue on the next bank working day in the morning.
What is the final Status of a payment?
For SEPA Credit Transfers the final status is typically ACSC, but also may be ACCC because some banks will confirm the settlement directly.
For Instant Payments the final status is always ACCC.
To make your integration more robust we suggest, that implementors always check for ACSC or ACCC as final status in their systems.
Note: Our Sandbox is not connected to any bank systems. Therefore, we cannot assign any status other than RCVD.
Are Instant Payments available to all customers?
The availability and pricing of instant payments is the same as in the Online-Banking and depends on the banking products the customer has signed up for.
Bulk Payments
Which Payment types are available for bulk payments?
Currently only SEPA is available for bulk payments, SEPA instant payments can not be sent as bulk payments. For SEPA instant payments you can use the single payment endpoint and each payment needs it's own SCA.
What if one of the payments within the bulk does not pass the technical validation? Will the batch fail?
If any payments within the bulk fail technical validation, the Bulk Payment will get the status PART.
If all payments fail, the Bulk Payment will get the status RJCT.
Each transaction in the Bulk Payment will get its own status according to payment status in the FAQs above.
ACCOUNT INFORMATION
What is the maximum validity for Account Information Consents?
Recurring Account Information Consents can be requested for up to 90 days. If a consent with an until a date more than 90 days in the future (eg. Year 9999) is requested, the consent can still be requested successfully, but will bet shortened to the maximum of 90 days.
Number of days for transaction history
AISPs only need one consent to access the complete transaction history and to also access the transactions for the next 90 days. The logic is a as follows: After a PSU has signed a consent, the complete transaction history is available for AISPs for up to 5 minutes. After 5 minutes only the last 90 days of transaction history are available.
The extended transaction history (available in the first 5 minutes) will be the same as in the PSUs online-banking and depends on the PSUs banking product (This can be up to 7 years).
If a user were to connect via AIS and then make a payment using PIS - would this invalidate the first consent?
Consents never get invalidated, regardless if a payment or another consent for the same PSU is created.
Are users able to choose which accounts they give access during the authorization process for account information (bank offered consent)?
Yes a bank offered consent is possible. If the account list in an AIS consent request is empty, PSUs will be able to select the preferred accounts during the redirect SCA flow.
CERTIFICATES
What type of certificates are supported?
Currently QWAC eIDAS certificates are supported, QSEAL is NOT supported.
Are Certificates with 4096 bits supported?
Our API supports eIDAS certificates of up to 4096 bits.
Our company has a new name or has merged with another company, do we need to inform Posojilnica Bank about this?
If your company has changed its name, then most likely the “Subject Distinguished Name” Fields (Domain, Organization Name, etc.) will be different for the new certificate. If the fields in the certificate change you will need to call the first-contact Endpoint again to get a new client-id.
Our certificate will expire soon, do we need to inform Posojilnica Bank about the new certificate?
If only the key is renewed and thus the validity is extended, you can use the new certificate without any additional steps and without informing us. It is a good idea to call the first-contact Endpoint again, which should result in the same client-id for the new certificate. If the fields in the certificate are different the first-contact will result in a new client-id.
In case the first-contact returns a new client-id are services going to be disrupted or are both the old and new client-id going to be working?
Both client-ids will continue to work if the corresponding certificates are valid. Because each certificate is tied to a client-id, you always must provide the correct certificate + client-id combination for the calls.
Are consents and payments still accessible, although we have a new certificate / client-id?
Consents and Payments are not tied to client-id, but are tied to the TPP-ID. The TPP-ID is the Organization Identifier 2.5.4.97 from your eIDAS certificate, in the format "PSDxx-xxx-12341234", eg. "PSDAT-FMA-FN123456. This means if the TPP-ID of your certificate stays the same, you will be able to access the consents and payments, and you do not need to get a new consent from the PSUs. If the TPP-ID has changed, you will not be able to access existing consents and payments.