What is Open Banking?
Open Banking allows third-party providers to access financial data and initiate payments with customer consent, following PSD2 and other regulatory frameworks.
Access account balances, transactions, and details with customer consent.
Initiate payments directly from customer bank accounts.
Check if sufficient funds are available for a transaction.
Set up flexible recurring payments with variable amounts.
TPP redirects user to bank
Customer logs in to bank
User approves access
Bank returns code to TPP
TPP exchanges code for token
Strong Customer Authentication (SCA) Requirements:
โ Two-factor authentication required
โ Dynamic linking for payments (amount + payee)
โ 90-day consent renewal
โ Transaction monitoring and limits
eIDAS Certificate Status:
CN: FinTech App Ltd
OU: Payment Services
Expires: 2026-12-31
TLS Configuration:
Cipher: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: โ
Certificate Pinning: โ
Registered Third-Party Providers: 127
Active Consents: 1,543
API Calls (24h): 15,247
Successful Payments (24h): 2,891
Average Payment Value: โฌ87.45
Prerequisites:
1. Register as a TPP with your national regulator
2. Obtain eIDAS qualified certificate
3. Register with the bank's developer portal
4. Configure OAuth 2.0 client credentials
npm install @wia/open-banking-sdk
# or with yarn
yarn add @wia/open-banking-sdk
import { OpenBankingClient } from '@wia/open-banking-sdk';
// Initialize client
const client = new OpenBankingClient({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
certificatePath: './certs/tpp-certificate.pem',
baseUrl: 'https://api.bank.example.com'
});
// Request account access consent
const consent = await client.consents.create({
permissions: ['ReadAccountsBasic', 'ReadAccountsDetail', 'ReadTransactionsDetail'],
expirationDateTime: '2026-12-31T23:59:59Z'
});
// Redirect user to authorize
const authUrl = client.auth.getAuthorizationUrl({
consentId: consent.consentId,
redirectUri: 'https://yourapp.com/callback',
scope: 'accounts'
});
// After user authorizes, exchange code for token
const tokens = await client.auth.exchangeCode({
code: authorizationCode,
redirectUri: 'https://yourapp.com/callback'
});
// Get accounts
const accounts = await client.accounts.list({
accessToken: tokens.access_token
});
console.log('Accounts:', accounts.data);
// Create payment consent
const paymentConsent = await client.payments.createConsent({
amount: {
amount: '100.00',
currency: 'EUR'
},
creditor: {
name: 'Coffee Shop Ltd',
account: {
iban: 'GB29NWBK60161331926819'
}
},
remittanceInformation: {
unstructured: 'Payment for coffee'
}
});
// Redirect user to authenticate and authorize
const paymentAuthUrl = client.auth.getAuthorizationUrl({
consentId: paymentConsent.consentId,
redirectUri: 'https://yourapp.com/payment-callback',
scope: 'payments'
});
// After authorization, submit payment
const payment = await client.payments.submit({
consentId: paymentConsent.consentId,
accessToken: tokens.access_token
});
console.log('Payment Status:', payment.status);
// Set up webhook endpoint
const express = require('express');
const app = express();
app.post('/webhooks/open-banking', async (req, res) => {
const event = req.body;
// Verify webhook signature
const isValid = client.webhooks.verify(
req.headers['x-signature'],
req.body
);
if (!isValid) {
return res.status(401).send('Invalid signature');
}
// Handle different event types
switch (event.type) {
case 'payment.completed':
console.log('Payment completed:', event.data);
break;
case 'payment.failed':
console.log('Payment failed:', event.data);
break;
case 'consent.revoked':
console.log('Consent revoked:', event.data);
break;
}
res.status(200).send('OK');
});
app.listen(3000);