Dear Reader,
This document was created to help you integrate your application/system with 10n Payment’s infrastructure as Third-Party Payment Service Providers (TPPs) and Account Information Service Providers (AISPs). Software integration is organised based on API exposed from 10n Payments as an Open Banking Communication Interface is based on
- Payment Service Directives PSD2 (EU) 2015/2366
- Delegated Regulation (EU) 2022/2360
- Delegated Regulation (EU) 2018/389.
- Standards of the Berlin Group and
- Standards of the National BISTRA.
Information about the APIs is organised in the Sandbox portal, available for Developers of ASIP and TPP developers. This portal is connected to other testing environments of the 10n Payments.
The URL of the portal is https://psd2-dev-sandbox.10npay.com and it is available after registration. The registration is made manually from the 10n Payments Team and includes accounts for testing environments of the 10n Payments Wallet App, 10n Payments SCA App, Testing IBAN and Testing Balance. To register your company as TPP or AISP, please send us an email to customerservice@10npay.com. Please do not forget to share your TPP certificate key/credentials (Certificate or other data) so that our system can recognize your requests.
Please be aware that most of the PSD2 API/operations require Strong Customer Authentication (made via our SCA Testing Solution) in synchrony with the regulation and information security standards.
For any additional information, please do not hesitate to contact us on е-mail: customerservice@10npay.com.
Developer Portal User Interface #
Use the menu items in the Developer Portal user interface to navigate, search and work with APIs, and obtain support. It is advised to use the Chrome browser when using the Developer portal.
General information #
You can browse available APIs and their code snippets through the PSD2 Sandbox Developer Portal – https://psd2-dev-sandbox.10npay.com. For the Production environment please contact us on е-mail: customerservice@10npay.com. Code snippets are sample code fragments that are generated automatically from REST APIs. They demonstrate how an API can invoke and use an API operation.
PSD2 Sandbox Developer Portal has the following elements:
- Navigation Bar: Home | PSD2 | Statistics | Support
- Search area: Where you can search for different content.
- Navigation Tree: Introduction | Documentation | PSD2 APIs | OAuth | Strong Customer Authentication | Statistics | Other | Support
PSD2 Sandbox Developer Portal helps developers familiarize themselves with the published 10n Payment Open Banking APIs and facilitates preparation for API usage in a product environment.
PSD2 Sandbox Developer Portal follows.
- Berlin Group NextGenPSD2 XS2A Framework Implementation Guidelines 1.3.12 (July 2022)
- BISTRA Standard 1.2 and current API implementation and services
The 10n Payments Open Banking APIs mocked data for
- Account Information Services (AIS) as defined by article 67 in the PSD2 Directive;
- Payment Initiation services (PIS) as defined by Article 66 in the PSD2 Directive;
- Confirmation on the availability of funds (CoF) as defined by Article 65 in the PSD2 Directive;
- Consent services to create consent.
Please note that the information is not real-time at this point.
Look and feel. #
Understanding 10n Payments PSD2 Sandbox Developer Portal #
To understand and successfully use our sandbox portal you should know that each API Article has the following elements:
- General description of the API and Use cases,
- Example Data and Code snippet
- Error codes and additional information.
The purpose of the article is to explain API usage and provide an example via Code Snippet and an option for developers to execute with sample data vs. 10n Payments PSD2 Hub’s different API and receive responses to better understand how to integrate 10n Payment’s accounts and payment operations into their applications.
To be able to use API, the developers should have registration to our developer’s environment of the infrastructure. For that purpose, the 10n payment customer service team will provide you with:
Testing account and balance, which can be reviewed and managed via 10n Payments Testing Wallet,
Android: https://play.google.com/store/apps/details?id=com.tennpay.wallet
iOS : https://apps.apple.com/us/app/10n-stock-trading-investing/id1673108253
To login and use our Wallet App you should have active registration in our Strong Customer Authentication App:
Android: https://play.google.com/store/apps/details?id=com.apipax.sbc10n
iOS : https://apps.apple.com/us/app/10n-stock-trading-investing/id1673108253
You can rely on the 10n Payments Support team to register and activate these applications. After successfully activating this application, you can manage your wallet and execute payment operations. These applications are valid only for using the 10n Payment PSD2 Sandbox Developer Portal. In case a merchant (the company) has integration with 10n Pay Payment operations API and uses embedded banking in their application, only a Strong Customer Authentication app will be used, but for that case, before start using the 10n Payments PSD2 Sandbox Developer Portal, you as a company should have another type of relationship established with 10n Payments.
The app mentioned above will provide all the required parameters to test our PSD2 Sandbox Developer Portal and PSD2 APIs.
Process of using 10n Payment Open Banking #
In using Open Banking from 10n Payments, Individual customers with existing IBANs want to use their IBANs for Information, Payment Initiation, and Transaction information in a third-party application developed by a third-party provider, a.k.a. TPP. The TPP’s application is software developed in accordance with Open banking standards. TPP’s app handshakes with 10n Payment open banking based on these standards. EIDAS certificates encrypt communication between the two apps. For more information, read section 3 – transport Layer (page 11) from NextGenPSD2 Access to Account Interoperability Framework – Implementation Guidelines
10n Payment Open banking includes:
- OAuth Service for customer authentication
- Account Information – API
- Payment Initiation – API
- Confirmation of funds API
IMPORTANT: Each operation handled by the 10n Payment Open Banking and our PSD2 Sandbox Developer Portal should be authenticated via the 10n Payment Open Banking Auth Service. For more about this rule, read @Vassil—LINK from the documentation.
The leading role of the 10n Payment Authentication service is to authenticate the end customer with his credentials and the merchant application to which he belongs. Additionally, before completion of the authentication, the customer should choose which IBAN to use in TPP’s app (in case there is more than one). The OAuth Process ends with sending the token and IBAN to the TPP for future usage. Be aware that each token expires after 5 minutes of inactivity.
Separate from the authentication service, 10n Payment provides a Strong Customer Authentication solution to authenticate the customer via a separate communication channel.
To execute operations via open banking, the customer should provide the following for each operation:
- Customer’s KNOWLEDGE is provided by our OAuth Service and
- Customer’s POSSESSION is provided by our SCA Solution
High-level services and applications architecture #
Flows #
Authentication of 10n Payments Individual customers. #
Only operations with Active tokens will be allowed from 10n Payments Open banking. The oAuth Service should be called by the TPP whenever the authentication token was expired. Balow are the basic PSD Operations with oAuth
Consent – first registration. #
Onboarding Process via TPP
TPP vs PSD2 EIDAS Certificate check and TPP Registration
Establish Consent
STEP 1 – OAUTH STEP – In TPP APP
At this step, inside the TPP application in the in-app browser, the customer provides his 10n payment account credentials and merchant (10n Payment Agent) to the oAuth Service and goes via an authentication process. At this step, if the customer has more than one IBAN, the oAuth Service requests the customer to choose which IBAN he wants to provide consent to. In case the customer has only one IBAN, this step is skipped. When the customer chooses the IBAN, the oAuth Service provides the TPP App the Token and IBAN for the next Step – consent issuing.
STEP 2 – Consent issuing
At this step, the TPP use the Token + IBAN and sends consent, issuing a request to 10n Pay Open Banking. The request details are described as Consent – First Registration (10npay.com). Success Open Banking will issue consent to this IBAN. Consent can be issued only with valid and active tokens. In case the customer spent time, and the token expires the token should be reissued.
Account Information #
Payment Initiations #