Production is a live environment working on real production data. Access to production APIs is strictly enforced and limited to authorized TPPs with proper license to operate as a AISP, PISP or CBPII under PSD2 in Denmark. An onboarding must have been completed as a prerequisite for consuming the PSD2 API's. The onboarding includes register of certificates and validate license to operate as an AISP, PISP or CBPII.
On top of TPP validation - e.g. validation that TPP is properly licensed and entitled to call the API in the first place - the production environment also enforces SCA on behalf of PSU in connection with consent handling and creation and authorization of payments. Please refer to the linked flows for details of production SCA flows.
Production APIs can only be accessed directly from a TPP client - it is not possible to setup security context or test against the production APIs from the development portal.
Hence all TPP access is by calling the production API endpoints directly. All production APIs share a common schema for hostnames and URL path Components. The general schema for production host URLs is
https://psd2api{bank_number}.prod.bec.dk/
Where banknumber is taken from the list of provider banks.
The schema for URL path components is:
/eidas/{api_implementation_version}/{Berlin Group Version}/{endpoint}
The meaning of each component is:
Hence a full production URL path to access accounts API at Nykredit Bank (bank 32) would be: