Skip to content
Contact us
Offcanvas right
© 2024 All rights reserved

Case Studies / PSD2-compliant Bank Aggregator API

Back to all cases

PSD2-compliant Bank Aggregator API

Multifaceted implementation of PSD2-compliant “aggregator” API for PSD2-compliant Nordic banks with software architecture enabling rapid onboarding of new banks to the platform.

  • Staff Augmentation Service
  • 2019 – ongoing
  • Industry: FinTech
PSD2-compliant Bank Aggregator API

Initial Task

Description

The Client was in search of experienced specialists to enforce the development team and carry out the multifaceted implementation of PSD2-compliant “aggregator” API for PSD2-compliant Nordic banks.

One of the key requests was to make sure that the software architecture would enable rapid onboarding of new banks to the platform.

Technology stack

BackEnd

Gradle Spring Boot Docker AWS Java 12
AWS

Challenges

01.

API Design

Even though PSD2 is a specification, it still left a room for interpretation, which spawned a diversity of PSD-compliant API flavours differing in API security protocols, authentication workflows, message formats and data structures. We had to design our Aggregator API to hide those differences, enabling a seamless integration for API clients. After analyzing then current state of APIs of Bank APIs in Nordics, Touchlane team proposed the API design that made both developers and end-users happy.

02.

Microservices Architecture Design

As Client wanted to onboard more and more banks to the platform, we've proposed the microservices architecture design that allowed flawless onboarding on new bank integration, without interference with Aggregator API Core. That contributed to creation of 2 separate teams: one for new bank onboarding and another for Aggregator API Core development, which were able to work simultaneously reducing time to market.

03.

Security Protocols and Authentication Flows

One of the most challenging aspects of this project was dealing with variety of security protocols and authentication flows. Provided that each bank has its unique API security, the team had to support a number of security mechanisms such as Basic Auth, Digest Auth, OAuth2, Mutual TLS, HTTP Message Signatures etc. That for sure required the engagement of the latest technologies and savvy approach from our developers.

Workflow

01.

Design of Aggregator API and Target Architecture Based on Current State of Bank PSD2 APIs in Nordics

As banks interpreted PSD2 API specification differently, we had to analyze different PSD2 API flavours and find a “common denominator”, so that those “differences” would be hidden inside Aggregator API, making API integration with the platform flawless.

02.

Implementation of Various Bank Integrations

As banks are usually concerned about API security, we had to deal with implementation of various complex security mechanisms.

03.

Implementation of Aggregator API

With API design and architecture completed at first stage, tasks related to implementation of Aggregator API and individual bank integrations became decoupled, allowing us to work on these features in parallel, reducing time to market.

04.

Development of the Developer Portal for Client Self-Registration

As those APIs were delivered to customers as SAAS product, we’ve implemented the developer-portal functionality for customer self-registration, getting access to API sandbox and API documentation.

Overall Result

The APIs for listing account information, balances, transactions, SEPA, and Cross Border payments were successfully launched and now, due to the integral input brought by Touchlane developers, the system utilizes 35+ Nordic bank integrations.

Featured cases

Custom PSD2-compliant API
Docker AWS Java FinTech

Custom PSD2-compliant API

An individual PSD2-compliant API for one of the Nordic bank's own network
Gaimin
Web App Google Cloud FinTech

Gaimin

Turn-key development of an ambitious project aimed at utilizing computing power and create a decentralized desktop platform to help gamers passively monetize their high-powered computer resources by mining various cryptos.
MyCore
AWS Java FinTech

MyCore

A staff augmentation project where Touchlane team was supposed to participate in creation of a multi-tenant SAAS solution implying a cloud native approach with tenant isolation as the highest priority.
Banking app
Android iOS FinTech

Banking app

One of the best examples of our staff augmentation cooperation model, where our unmanaged team of experienced specialists has completely reworked and significantly expanded the mobile application of one of the leading Finnish banks.
PCI-DSS compliant ISO-8583 client
Oracle12c AWS Java FinTech

PCI-DSS compliant ISO-8583 client

Custom development of high-performance PCI-DSS compliant ISO-8583 client for the processing of a huge amount of authorization messages and forwarding them to customers
Watch more

Fire away
your ideas!

Let's discuss our possible synergy

    By clicking Send you acknowledge that you have read and that you consent to be bound by Touchlane Terms of Use and to processing data in accordance with our Privacy Policy and Cookies Note