Skip to content
Offcanvas right

Case Studies / PSD2-compliant Bank Aggregator API

PSD2-compliant Bank Aggregator API

Multifaceted implementation of PSD2-compliant “aggregator” API for PSD2-compliant Nordic banks with software architecture enabling rapid onboarding of new banks to the platform.

  • Staff Augmentation Service
  • 2019 – ongoing
  • Industry: FinTech
PSD2-compliant Bank Aggregator API

Initial Task


The Client was in search of experienced specialists to enforce the development team and carry out the multifaceted implementation of PSD2-compliant “aggregator” API for PSD2-compliant Nordic banks.

One of the key requests was to make sure that the software architecture would enable rapid onboarding of new banks to the platform.

Technology stack


Gradle Spring Boot Docker AWS Java 12



API Design

Even though PSD2 is a specification, it still left a room for interpretation, which spawned a diversity of PSD-compliant API flavours differing in API security protocols, authentication workflows, message formats and data structures. We had to design our Aggregator API to hide those differences, enabling a seamless integration for API clients. After analyzing then current state of APIs of Bank APIs in Nordics, Touchlane team proposed the API design that made both developers and end-users happy.


Microservices Architecture Design

As Client wanted to onboard more and more banks to the platform, we've proposed the microservices architecture design that allowed flawless onboarding on new bank integration, without interference with Aggregator API Core. That contributed to creation of 2 separate teams: one for new bank onboarding and another for Aggregator API Core development, which were able to work simultaneously reducing time to market.


Security Protocols and Authentication Flows

One of the most challenging aspects of this project was dealing with variety of security protocols and authentication flows. Provided that each bank has its unique API security, the team had to support a number of security mechanisms such as Basic Auth, Digest Auth, OAuth2, Mutual TLS, HTTP Message Signatures etc. That for sure required the engagement of the latest technologies and savvy approach from our developers.



Design of Aggregator API and Target Architecture Based on Current State of Bank PSD2 APIs in Nordics

As banks interpreted PSD2 API specification differently, we had to analyze different PSD2 API flavours and find a “common denominator”, so that those “differences” would be hidden inside Aggregator API, making API integration with the platform flawless.


Implementation of Various Bank Integrations

As banks are usually concerned about API security, we had to deal with implementation of various complex security mechanisms.


Implementation of Aggregator API

With API design and architecture completed at first stage, tasks related to implementation of Aggregator API and individual bank integrations became decoupled, allowing us to work on these features in parallel, reducing time to market.


Development of the Developer Portal for Client Self-Registration

As those APIs were delivered to customers as SAAS product, we’ve implemented the developer-portal functionality for customer self-registration, getting access to API sandbox and API documentation.

Overall Result

The APIs for listing account information, balances, transactions, SEPA, and Cross Border payments were successfully launched and now, due to the integral input brought by Touchlane developers, the system utilizes 35+ Nordic bank integrations.

Fire away
your ideas!

Let's discuss our possible synergy

    By clicking Send you acknowledge that you have read and that you consent to be bound by Touchlane Terms of Use and to processing data in accordance with our Privacy Policy and Cookies Note