Our API services are based on Berlin Group Access-to-Account (XSA2) specifications, version 1.2 and follow the required services covered by the PSD2 regulation. These services are currently supported for customers using our online services of our Liechtenstein and Luxembourg location. Further services might be extended in the future.
Services are supported for third-party providers using a qualified certificate for website authentication issued by a qualified trust service provider according eIDAS regulation. The content of the certificate has to be compliant with the requirements of the Regulatory Technical Standards of European Banking Authority.
Supported Payment Initiation services
|The following service for third-party provider registered as Payment Initiation Service Provider (PISP) is supported:|
|POST a payment initiation request on behalf of a customer|
|GET the transaction status information of a previously initiated payment|
|VP Bank currently support single payment services with the following types:|
|SEPA credit transfers in JSON and pain.001 XML|
|Cross-border credit transfers in JSON and pain.001 XML|
Supported Account Information services
|The following service for third-party provider registered as Account Information Service Provider (AISP) is supported:|
|POST a customer permission request for account information|
|GET the status of the customer permission request|
|DELETE a given consent for account information|
|GET account details|
|GET account balances|
|GET transaction history of accounts|
|GET account list|
Customer permission and authentication
Please note that VP Bank follows only the bank-offered consent principles. Customer permissions, i.e. consents, for the respective services are managed on the Bank’s online banking platform using Strong Customer Authentication (SCA) regulated by the respective Regulatory Technical Standards.
The supported method to perform a SCA is currently only via redirect. We will follow an implicit authorization flow and deliver a redirect URL in the response message. Further authentication methods including OAuth2 might be added in the future.
API Definitions and Sandbox
The Swagger API specifications of our supported services can be found in the restricted area after you have requested a login. We do provide as well a sandbox environment for testing purposes. The API Definitions and Sandbox are shared and valid for all our PSD2 locations whereas the PSD2 Statistics sites are individual for each location.