Production is a live environment working on real production data. Access to production APIs is strictly enforced and limited to authorized TPPs with proper license to operate as a AISP, PISP or CBPII under PSD2 in Denmark. An onboarding must have been completed as a prerequisite for consuming the PSD2 API's. The onboarding includes register of certificates and validate license to operate as an AISP, PISP or CBPII.
On top of TPP validation - e.g. validation that TPP is properly licensed and entitled to call the API in the first place - the production environment also enforces SCA on behalf of PSU in connection with consent handling and creation and authorization of payments. Please refer to the linked flows for details of production SCA flows.
Production APIs can only be accessed directly from a TPP client - it is not possible to setup security context or test against the production APIs from the development portal.
Hence all TPP access is by calling the production API endpoints directly. All production APIs share a common schema for hostnames and URL path Components. The general schema for production host URLs is
https://psd2api{bank_number}.prod.bec.dk/
Where banknumber is taken from the list of provider banks.
The schema for URL path components is:
/eidas/{api_implementation_version}/{Berlin Group Version}/{endpoint}
The meaning of each component is:
- eidas: The security model used for securing the API. Only eidas is supported at the moment.
- api_implementation_version: Used for versioning of API implementation. Follows semantic versioning. Used when a new implementation of the API involves a breaking change. All APIs are currently at 1.0. Version number is specified in the published Swagger specifications and API description.
- Berlin Group Version: Part of Berlin Group specification. Specifies the version of Berlin Group API framework. Currently only v1 exists
- endpoint: The API endpoint (accounts, payments etc)
Hence a full production URL path to access accounts API at Nykredit Bank (bank 32) would be:
https://psd2api32.prod.bec.dk/eidas/1.0/v1/payments