XS2ASandbox by adorsys GmbH & Co. KG and LLC Golden Dimension
The Payment Service Directive 2 (PSD2) instructs banks (those who play role of Account Servicing Payment Service Providers or ASPSPs) to provide a fully productive Access-to-Account (XS2A) interface to Third Party Providers (TPPs) until September 2019. XS2A itself consists of banking services to initiate payments (PIS), request account information (i.e. art of account, balances or transactions) (AIS) and get the confirmation of the availability of funds (PIIS). In order to guarantee the compliance to this deadline due to adaptations and bugs, PSD2 forces the banks to provide a functional dynamic sandbox offering the same XS2A interface in a non-productive environment 3 months upfront (this time — until 14-th of June 2019).
Understanding the importance to banks of implementing this roadmap, adorsys GmbH & Co. KG, together with LLC Golden Dimension, released open sourced (published under Apache license) version of XS2A Service (https://github.com/adorsys/xs2a) and corresponding Sandbox (https://github.com/adorsys/XS2A-Sandbox) that fully meets PSD2 requirements.
What is the adorsys XS2ASandbox? It’s a dynamic sandbox environment that fully meets the PSD2 requirements for providing APIs to Third-Party Providers (TPP). Based on the Berlin Group’s NextGenPSD2 specification for access to accounts (XS2A) interface, XS2ASandbox meets all the regulatory requirements.. XS2ASandbox is open Source out-of-the-box solution, that can be installed in one click and run with one command. As a full member of NISP (NextGenPSD2 Implementation Support Program – https://nisp.online) we provide a NISP compliant solution. This also proves that this solution Is also PSD2 compliant.
Our XS2ASandbox is available by this link: https://github.com/adorsys/XS2A-Sandbox
For whom is it useful? Banks to be PSD2 compliant and TTP to be able to test the interaction of their own products with Banks interfaces that correspond to the Berlin Group’s NextGenPSD2 implementation guideline. This means – 75% of Banks in EU.
What is inside?
XS2ASandbox is a dynamic sandbox environment: you can create users, payments and consents, play with data for testing purposes, simulating the transactions and access to accounts.
XS2ASandbox contains all modules a bank needs to be PSD2 and NISP compliant:
— Developer portal with detailed manuals to get started and work with the Sandbox.
— XS2A Interface,
— Real clearing emulation (Ledgers)
— TPP-UI for managing accounts and users
— Online banking UI for testing,
— Test Trust Certificate Provider
Developer portal is a complete guide on how to run and use XS2ASandbox.
It has information on how to get started, how to test services with typical testing flows, answers to frequently asked questions and main information about the product.
- XS2A-Service is an implementation of NextGenPSD2 XS2A Specification of Berlin Group. All mandatory API endpoints defined in Berlin Group specification are implemented.
- Consent Management System is the system intended to store and manage consents given by PSU to corresponding TPPs.
- ASPSP-Profile is a module to store and read ASPSP-specific settings. Can be simply configured in XS2ASandbox.
- XS2ASandbox always uses the latest version of XS2A Interface, CMS and ASPSP-profile (now 3.x). This means that you can use XS2A components for your real productive solution and have the Sandbox for this solution automatically.
· You can execute a transaction, payment or consent, create user and accounts.
· All payment types we have in xs2a are supported (single, periodic, future dated, bulk).
· Payment execution is supported. Scheduler for payment execution can be configured and customized.
· Payment cancellation is supported.
· Special access for TPP to manage accounts and users.
- TPP registration.
- TPP Certificate Service for testing.
- User interface to manage accounts and users.
- Test data can be uploaded in .yaml file.
- Test data can be generated in TPP-UI:
· Predefined .yaml file for tests is based on NISP documentation.
· 35 users and 51 accounts are created for TPP.
Online banking is a user interface, which helps users to provide a consent or a payment confirmation directly to a bank. Online banking is accessible via links from XS2A Interface responses.
How to use XS2ASandbox
Step 1. Read «Getting started» manual
Step 2. Download, install and run XS2ASandbox
Step 3. Read «Testing flows» and start testing!
With dynamic sandbox TPP UI you can access banking API directly, get TPP certificate and manage testing accounts. The developer portal contains testing instructions and all needed test-cases. All XS2ASandbox services can be installed and run in one simple command. Two main SCA approaches are supported: REDIRECT and EMBEDDED. For redirect approach online banking demo UI can be used.
We provide a public XS2ASandbox environment, where everyone can play with the described above functionality:
Scope of integration project for ASPSPs
Only few steps needed to integrate XS2ASandbox to ASPSP:
· Install of test root certificate.
· Provide SSL-connection termination at the Gateway that checks the certificate.
· Adjust styling for all UIs (TPP UI, Developer portal and Online Banking).
· Make adjustments for manuals in developer portal.
· Make adjustments for ASPSP-profile and test examples.
Adorsys and Golden Dimension are ready to provide you such services to make your ASPSP solution PSD2 compliant.
Scope of integration project for TPPs
- Install a gateway to banking interface. Here also our XS2A Gateway product (https://github.com/adorsys/xs2a-gateway) could help you.
- Install Dynamic Sandbox in your environment
- Start testing your own solution with the Sandbox.
- Install a solution for GDPR compliant storage of personal information that you will get via XS2A Interface. Here our product DataSafe (https://github.com/adorsys/datasafe) could help you.
Need more information?
LLC Golden Dimension and adorsys GmbH & Co. KG have an impressive experience in PSD2 requirements . We are proud that 53 Banks are already using XS2A interface. We can help others to be PSD2 complaint too. Just contact us 😉