Skip to main content

Frequently Asked Questions (FAQ)

Support and Communication

How do we contact support?

  • Always follow the instructions at the contingency page before sending a case to support
  • Messages will be forwarded and handled according to current agreements
  • A case handling system will be used that generates e-mail messages whenever there are updates to the support cases
  • New replies to the generated e-mails with the correct case reference will automatically be routed back to the case handling system

How do we get updates and information regarding planned and unplanned downtime?

  • To register an official TPP contact e-mail, use the /v1/tpps/:tppId/contact-information
  • Registered TPPs will receive notifications about planned and unplanned downtime
  • Please note that only one e-mail address per TPP can be registered, so please use group-based addresses as opposed to personal ones

Certificates and Signing

We are connecting to the API for the first time, what do we need?

  • A valid eIDAS certificate issued by a Qualified Trust Service Provider (QTSP)
  • Note that a test certificate cannot be used, even in the Sandbox
  • The certificate will be automatically enrolled if it is valid, with no further actions needed
  • It is strongly suggested to register a contact e-mail for the TPP (see Support and Communication)

We are changing certificates - do we need to do anything?

  • The enrollment process is fully automatic and support multiple certificates.
  • A new, valid QTSP-issued certificate can be used right away in parallel with the old certificate if needed during a transition period

Why do we get "The KeyID is not matching..." error message?

  • This error means that the algorithm for generating the KeyID for a certificate used in the request does not match the result generated when checking the validity of the certificate in the request. The most common mistakes are:
    • Not using the correct certificate to generate the KeyID
    • In many cases, the OID property is not serialized correctly for a number of older libraries
  • The digest header should not be part of the signature if the request body is empty

For more information, see the signing process documentation.


Why do we sometimes get 404 when requesting authorizations for payments?

  • In some cases, the payment is automatically approved, which is indicated by a missing authorization link in the payment create response
  • For very small amounts, this might be the case, but in general, it is a dynamic decision process that is not 100% deterministic

Why do we see status code x, y or z for payments?

  • Please refer to the documentation for the various status transitions

Account and Transaction Data

What is the maximum period for which transactions can be retrieved?

  • The maximum period for which transactions can be retrieved depends on several factors, making it hard to give a general answer.
  • Factors include:
    • Availability of information in the backend system.
    • The core backend system being used - there is a transition timeline for updating the transaction lists service backend that will result in 10 years of data being available
  • Always pay attention to the links returned in the response for a dynamic approach that is not dependent on specific bank configurations

Secure Customer Authentication

Why does HTTP response 401 seemingly occur a bit random sometimes?

  • A HTTP response of 401 indicates that the AIS/PIS operation requires a Secure Customer Authentication (SCA) challenge
  • This may happen for several reasons, often due to a response from the Fraud Monitoring System requiring an extra check, which can occur at any time
  • Always follow HATEOAS links returned in the response and assume that this might happen

What is the duration of a TPP Session ID?

  • The TPP-Session-ID is only valid for one hour following an SCA
  • The SCA associated with the session covers future SCA challenges within that one-hour time frame, except for operations that require dynamic linking
  • There is no relation between TPP-Session-ID and 180-day consent interval, except that the SCA required for a 180-day renewal will result in a new TPP-Session-ID

Corporate context

Why doesn't the user does get access to corporate accounts?

  • If the user agreement is not configured correctly at the bank level, the user may not get access to corporate accounts
  • Contact the bank directly, and not via the PSD2 support channel, to ensure that the user is set up correctly to be accessed by the PSD2 service