Introduction to Open Banking Account Information

Temenos Transact Account Access APIs help customers to access their account details through any authorised Third Party Provider (TPP) interface that connects to the bank. These APIs are based on the UK OBIE (Open Banking Implementation Entity) standards as defined as part of the PSD2 (Revised Payment Service Directive).

A TPP that facilitates enquires on an account is denoted AISP (Account Information Service Provider). The bank that owns the account details and shares the information through the TPP is denoted ASPSP (Account Servicing Payment Service Provider). The customer who uses the TPP is denoted PSU (Payment Services User).

The Payment Service User has to create a consent in order to access his or her account details through a TPP.

When a Payment Service User (PSU) requests account information with Accounts information Service Provider (AISP), the AISP invokes the related API request to ASPSP which holds the account. AISP is permitted to access only the accounts information approved by the PSU in the consent. For this purpose the TPP must raise a consent request prior to the account information request that needs to be authorised by the PSU.

The ASPSP has to check that the consent given by the PSU of the requesting TPP has not expired or has been granted with the necessary permissions, in order to provide the requested account information. Also ASPSP has to check that the PSU is still allowed to access the account and this right has not been revoked since the consent request has been authorized.

The Temenos UKOBPZ module provides a set of APIs to support the Temenos client offering account information services for the TPPs according to the UK Open Banking standards.

The APIs allows a TPP to create a consent resource and request account information. The APIs follow version v3.1 of the OBIE standard.

The following components, including the third party software, are required in addition to this module for the implementation of an end-to-end Open Banking infrastructure:

• The UK Open Banking API Gateway (e.g. SaltEdge Open Banking Gateway), is an application that interface the APIs to the internet. It needs to covers the TPP registration, fraud detection and security.
• The Identity provider (such as HID Global), performs Strong Customer Authentication (SCA) to identify a PSU at the Account Servicing Payment Service Provider (ASPSP).
• The User Agent- online screens that allows account selection and leads the PSU through the process of consent authorisation.
• Access Dashboard - PSU must have to possibility to view and manage the connections and the consent given to Account Service Providers. The Access Dashboard should be an integrated part of the Online Banking portal of the ASPSP.

The PSU is an online banking user in the Infinity Spotlight, during the consent creation as well as during the execution of the GET APIs the system will check in the Spotlight if the PSU has still permission to access the account.

Click here to understand the terms and abbreviations used in describing the Open Banking Account Information functionality.