When you access the XS2A interface, the authorization of your organization as a Third Party Provider (TPP) is validated against the register of the European Banking Authority (EBA).
The EBA register contains information about regulated TPPs and the PSD2 services they are authorized to provide. This information is used to verify whether your organization is permitted to access the requested services.
What is checked
For each request, the following information may be verified:
your organization is listed in the EBA register
the authorization status is valid (not withdrawn or expired)
your authorization covers the country in which the ASPSP operates
your organization is authorized to provide the requested PSD2 service
Supported PSD2 services
The following PSD2 services may be validated:
Account Information Service (AIS)
Payment Initiation Service (PIS)
Payment Instrument Issuing Service (PIIS)
Country and service combinations
Your permitted PSD2 services may differ depending on the country in which you are authorized to operate.
For example, you may be authorized to provide AIS in one country while holding authorization for PIS in another country. When accessing the XS2A interface, the combination of country and PSD2 service permissions must match the service you are requesting.
What you should verify
Before sending requests to the XS2A interface, make sure that:
your organization appears correctly in the EBA register
your authorization status is valid
the relevant country is covered by your authorization
the PSD2 services you intend to use (AIS, PIS, PIIS) are listed in your authorization
If the information in the EBA register does not match the requested service or country, your request may be rejected.