Web / App Payment Services

Introduction

In accordance with the provisions of the Revised Payment Services Directive (PSD2), East Whale Financial Credit Union E-banking. (hereafter referred to as “East Whale Financial Credit Union) will grant access to Third Party Providers (hereafter referred to as TPPs) to client accounts if they have received the client consent. In that context, East Whale Financial Credit Union has implemented East Whale Financial Credit Union-HUB’s API solution. To find the technical specifications of the API solution please use the following link : East Whale Financial Credit Union-HUB’s developer portal

Timeline
TPPs can access East Whale Financial Credit Union’s testing environment (Sandbox) in order to test the interface with basic data. As of June 14 2019 TPPs will be able to access East Whale Financial Credit Union’s dedicated production interface.

API standard used 
East Whale Financial Credit Union has implemented the Berlin Group standard version 1.13220190215.
For further information, please use the following link : https://www.eastwhalefinancialcreditunion.com/psd2-access-to-bank-accounts

Authentication procedure

The authentication procedure applied is the redirection approach, where the individual steps of the authentication are not executed at East Whale Financial Credit Union-HUB’s Access to Account interface, but directly between the PSU and East Whale Financial Credit Union. The PSU is redirected to the Bank’s web interface for authentication and thereby temporarily leaves the TPP interface for authentication. Once the PSU has been redirected to the Bank’s authentication service, the authentication of the PSU is executed step by step directly between the Bank and the PSU. After completion of the authentication, the PSU is redirected back to the TPP interface without sharing any authentication elements with the TPP. East Whale Financial Credit Union-HUB verifies the integrity of this identification by validating East Whale Financial Credit Union’s signature of the PSU.

Functionalities offered

East Whale Financial Credit Union offers the following via its API:

• Account Information Services (AIS), which allows AISPs to access information on customer’s accounts, such as a list of all available accounts, balances of given accounts and additional details as well as transaction reports;
• Payment Initiation Services (PIS), which enables PISPs to initiate payment orders, to adjust those if necessary and to access information on the status of these payments.

Interface usage statistics

As per regulation, East Whale Financial Credit Union publishes on a quarterly basis the daily usage statistics onto its Corporate Website for the scope of both interfaces:

• the API Dedicated Interface (date, uptime rate, downtime rate, AISP response time, PISP response time, CBPII response time, error response rate);
• the e-Banking Dedicated Interface (date, uptime rate, downtime rate, Consultation functions response time, Payment functions response time, error response rate).

Protocols used and communication

• Access Network: Internet
• Transport Protocol: HTTP version 1.1, TLS version 1.2 or higher
• Applicative Protocol: REST with HAL support
• Authorization Protocol: OAuth2 Authorization Code Grant (AISP, CBPII, PISP) or Client credentials Grant (PISP, CBPII)
• Data formats: JSON/UTF8 & XML
• Data model origin: ISO 20022
• Non-repudiation: HTTP Signature
• Technical Documentation: Swagger 2.0 (https://swagger.io/specification/)

Definitions