OpenBank Developer Portal — PSD2 XS2A (Berlin Group + ČOBS)

Getting started

Register as a TPP. Obtain an eIDAS certificate (QWAC for transport, QSEAL for message signing) and your PSD2 role (AISP / PISP / PIISP). See eIDAS & TPP.
Create a consent. POST /v1/consents with the Berlin access object, then drive the PSU through Strong Customer Authentication. See Consent.
Call the APIs. Use the returned Consent-ID on AIS calls, or POST /v1/payments/{payment-product} for PIS. Full contract in the API reference.

The interface follows the Berlin header set — X-Request-ID, PSU-ID, PSU-IP-Address, TPP-Redirect-URI, TPP-Redirect-Preferred, Consent-ID, Digest, Signature, TPP-Signature-Certificate — and ISO-20022 transactionStatus (RCVD / ACTC / ACCP / ACSC / RJCT).

Authentication & SCA

OpenBank supports the two Berlin SCA approaches that need no TPP-hosted credential entry:

Redirect SCA

The PSU is redirected to the OpenBank-hosted authentication, completes SCA, and is returned to your TPP-Redirect-URI. Set TPP-Redirect-Preferred: true.

Decoupled SCA

The PSU approves the consent or payment in the OpenBank mobile app via device-bound approval (no credentials leave the bank). The TPP polls scaStatus until finalised. Backed by ADR-0021 decoupled device approval.

Embedded SCA (credentials through the TPP) is deliberately not offered — highest fraud surface, lowest demand.

Consent model

AIS consent uses the Berlin access object — explicit accounts / balances / transactions lists, or allPsd2. Constraints follow the RTS:

recurringIndicator + validUntil — recurring consent is capped at 90 days (RTS Art. 10).
frequencyPerDay — the agreed access frequency for unattended calls.
combinedServiceIndicator — AIS combined with a PIS session.

Consent is fail-closed: a missing, expired or mismatched Consent-ID is rejected before any account data is returned.

Czech ČOBS profile

ČOBS rides on the Berlin model as a profile, not a fork. Select it by payment-product:

czech-domestic-credit-transfers and sipo payment-products alongside the Berlin sepa-credit-transfers, instant-sepa-credit-transfers and cross-border-credit-transfers.
Czech symbols — variabilní (VS), specifický (SS), konstantní (KS) — carried in Berlin's remittanceInformationStructured.
ČOBS access extensions (standing orders, direct debits) mapped to OpenBank consent scopes.

eIDAS & TPP identity

Production access requires an eIDAS certificate issued by a Qualified Trust Service Provider:

QWAC (Qualified Website Authentication Certificate) for the mutually authenticated TLS transport.
QSEAL (Qualified Electronic Seal) for HTTP message signing — the Berlin Digest / Signature / TPP-Signature-Certificate headers.

Your AISP / PISP / PIISP role is validated against the TPP registry on every call. Requests that fail role or certificate checks are rejected fail-closed.

Sandbox

This portal documents the sandbox. What differs from production:

QSEAL message signing is advisory. The sandbox has no eIDAS truststore, so a presented signature is verified but never required — you can call /v1 without QSEAL while you integrate. Production enforces it.
Downstreams are stubbed for the RTS Art. 30 dedicated-interface sandbox; balances and payment lifecycles use deterministic test data.
The deprecated bespoke /open-banking/v2 interface is being sunset — integrate against Berlin /v1 only.

Versioning & changes

contract XS2A contract tracks Berlin Group 1.3.12, independent of the service release version (ADR-0048 two version axes).
deprecated Bespoke /open-banking/v2 — replaced by Berlin /v1; removed once no sandbox client depends on it.

Build on OpenBank's PSD2 XS2A API