Berlin Group
While PSD2 (Payment Services Directive 2) has mandated that banks must open their systems to third-parties, and provide interfaces for them to initiate payments and retrieve account information, in the UK it is the Open Banking Implementation Entity (OBIE) that defines how banks are to provide this information securely through APIs and data structures. In order to bring some synergy across the European banks, the Berlin Group which is a pan-European initiative has implemented a common API standard called NextGenPSD2. While these efforts have greatly improved how Open Banking can be consumed in member countries, there are some differences in how you communicate to these banks.
Payments
-
In order to initiate a payment from an account from an
Institution
that belongs to the Berlin Group, the payer object and all its mandatory properties are required. This currently holds true for everyInstitution
provided by Yapily that is in Europe (not including UKI)
Note
When making a payment from an account held within the UK to an account held in Europe, the payer object is not required since the payment is executed by an Institution
that is a member of the Open Banking UK specification.
-
The payment reference unlike an
Institution
in order the Open Banking UK specification can be more than 18 characters.
Response Codes
General
Code | Status | Description | Yapily Response |
---|---|---|---|
200 | OK | PUT, GET Response Codes. OK | 200 |
201 | CREATED | POST response code where Payment Initiation or Consent Request was correctly performed. | 201 |
202 | ACCEPTED | DELETE response code, where a payment resource can be cancelled in general, but where a cancellation authorisation is needed in addition. | 200 |
204 | NO_CONTENT | DELETE response code where a consent resource was successfully deleted. The code indicates that the request was performed, but no content was returned | 200 |
400 | FORMAT_ERROR | Format of certain request fields are not matching the XS2A requirements. | |
400 | PARAMETER_NOT_CONSISTENT | Parameters submitted by TPP are not consistent. This applies only for query parameters. | |
400 | PARAMETER_NOT_SUPPORTED | The parameter is not supported by the API provider. This code should only be used for parameters that are described as "optional if supported by API provider. | |
400 | PERIOD_INVALID | Requested time period out of bound. | |
400 | RESOURCE_BLOCKED | The addressed resource is not addressable by this request, since it is blocked e.g. by a grouping in a signing basket. | |
400 | SCA_INVALID | Method Application on authorisation resource (e.g. Confirmation Request) blocked since SCA status of the resource equals "failed". | |
400 | SCA_METHOD_UNKNOWN | Addressed SCA method in the Authentication Method Select Request is unknown or cannot be matched by the ASPSP with the PSU. | |
400 | SERVICE_INVALID | The addressed service is not valid for the addressed resources or the submitted data. | |
400 | TIMESTAMP_INVALID | Timestamp not in accepted time period. | |
401 | CERTIFICATE_BLOCKED | Signature/corporate seal certificate has been blocked by the ASPSP or the related NCA. | 401 |
401 | CERTIFICATE_EXPIRED | Signature/corporate seal certificate is expired. | 401 |
401 | CERTIFICATE_INVALID | The contents of the signature/corporate seal certificate are not matching PSD2 general PSD2 or attribute requirements. | 401 |
401 | CERTIFICATE_MISSING | Signature/corporate seal certificate was not available in the request but is mandated for the corresponding. | 401 |
401 | CERTIFICATE_REVOKED | Signature/corporate seal certificate has been revoked by QSTP. | 401 |
401 | CONSENT_INVALID | The consent was created by this TPP but is not valid for the addressed service/resource. | 401 |
401 | CONSENT_EXPIRED | The consent was created by this TPP but has expired and needs to be renewed. | 401 |
401 | CORPORATE_ID_INVALID | The PSU-Corporate-ID cannot be matched by the addressed ASPSP. | 401 |
401 | PSU_CREDENTIALS_INVALID | The PSU-ID cannot be matched by the addressed ASPSP or is blocked, or a password resp. OTP was not correct. Additional information might be added. | 401 |
401 | ROLE_INVALID | The TPP does not have the correct PSD2 role to access this service. | 401 |
401 | SIGNATURE_INVALID | Application layer eIDAS Signature for TPP authentication is not correct. | 401 |
401 | SIGNATURE_MISSING | Application layer eIDAS Signature for TPP authentication is mandated by the ASPSP but is missing. | 401 |
401 | TOKEN_UNKNOWN | The OAuth2 token cannot be matched by the ASPSP relative to the TPP. | 401 |
401 | TOKEN_INVALID | The OAuth2 token is associated to the TPP but is not valid for the addressed service/resource. | 401 |
401 | TOKEN_EXPIRED | The OAuth2 token is associated to the TPP but has expired and needs to be renewed. | 401 |
403 | CONSENT_UNKNOWN | The Consent-ID cannot be matched by the ASPSP relative to the TPP. | 403 |
403 | RESOURCE_EXPIRED | The addressed resource is associated with the TPP but has expired, not addressable anymore. | 403 |
403 | SERVICE_BLOCKED | This service is not reachable for the addressed PSU due to a channel independent blocking by the ASPSP | 403 |
404 | RESOURCE_UNKNOWN | The addressed resource is unknown relative to the TPP. | |
409 | STATUS_INVALID | The addressed resource does not allow additional authorisation. | |
500 | INTERNAL SERVER ERROR | Internal server error occurred. | 424 |
501 | SERVICE UNAVAILABLE | The ASPSP server is currently unavailable. Generally, this is a temporary state. | 424 |
PIS
Code | Status | Description |
---|---|---|
400 | EXECUTION_DATE_INVALID | The requested execution date is not a valid execution date for the ASPSP. |
400 | PAYMENT_FAILED | The payment initiation POST request failed during the initial process. Additional information may be provided by the ASPSP. |
401 | REQUIRED_KID_MISSING | The payment initiation has failed due to a missing KID. |
403 | PRODUCT_INVALID | The addressed payment product is not available for the PSU . |
404 | PRODUCT_UNKNOWN | The addressed payment product is not supported by the ASPSP. |
405 | CANCELLATION_INVALID | The addressed payment is not cancellable e.g. due to cut off time passed or legal constraints. |
AIS
Code | Status | Description |
---|---|---|
400 | SESSIONS_NOT_SUPPORTED | The combined service flag may not be used with this ASPSP. |
401 | CONSENT_INVALID | The consent definition is not complete or invalid. In case of being not complete, the bank is not supporting a completion of the consent towards the PSU. |
406 | REQUESTED_FORMATS_INVALID | The requested formats in the Accept header entry are not matching the formats offered by the ASPSP. |
429 | ACCESS_EXCEEDED | The access on the account has been exceeding the consented multiplicity without PSU involvement per day. |