LUXHUB Marketplace

LUXHUB's Marketplace allows (potential) consumers to access a large variety of API products. Visitors can browse the product catalog, access business and technical information on the different products, create and manage applications, publish APIs, monitor API usage and ask for support via LUXHUB's Service Desk.

LUXHUB Terms of Use apply to your access and use of the Marketplace. Should you disagree with these ToU, you shall in no event try to access, register or use the Marketplace.  To use some of the APIs in Sandbox or Production environment you will need to have a contract with the API provider. This will be clearly indicated for such APIs.

My account & organization

Within LUXHUB's Marketplace, a personal account is created for a single person whereas an organization account is encompassing a group of registered users belonging to the same company. Each member of an organization can share applications with other members, modify application names, view monitoring results of the shared applications and access application security credentials.

A personal account enables users to access limited functionality (e.g. demo setup) whereas an organizational account enables users to access more extended functionalities (e.g. richer sandbox setup, live access).

To create a personal account you just need to complete a simple registration form and confirm your email and you are good to go.

To create an organisation account you need to receive a registration code from LUXHUB or from someone within your organisation. In case you do not have a registration code, you can request one after creating a personal account. You will need to provide basic organisation details, so that LUXHUB team can verify your identity and make sure that your company is entitled to get access to the portal.

Once your request is approved we will email you a registration code with a detailed explanation how to proceed.

To request a registration code, you will have to provide us some information to let us verify your identity and make sure that your company is entitled to get access to the portal. The approval process duration will depend on the quality of the information provided. We will send you a registration code once the verifications are completed. The expected response time is between 1-2 Business Days. Our Service Desk is available from Monday to Friday during Business Working Hours (from 8:00 am to 6:00 pm CET) excluding public holidays in Luxembourg.

Registering on LUXHUB’s Marketplace and testing the APIs in the Sandbox environment is free of charge.

Accessing some Production APIs might require subscription with the API provider.

Registration and Login issues

When you register to LUXHUB's Marketplace, you receive an email with a verification link. You need to click on the link and follow the instructions to activate your account. It might happen that the email gets caught in a spam filter. Please ensure you add support[@]luxhub.com in your safe sender list.

In case you haven't received a verification email or you let your verification link expire, please contact us via the Contact Form and we will send you a new link to the email address you provided during registration.

In case you forgot your password, please click on the Forgot password link in the Sign In screen and follow the instructions.

You have to sign in to the portal to be able to change your password. Hover over the profile icon, click on My Profile and select Edit Profile. Then, click on Change Password and follow the instructions.

If you are having login or registration issues, please use our Contact Form to explain your problem. We will respond to your request as soon as possible.

Security

Calls to APIs are encrypted based on TLS. Client authentication is done using eIDAS QWAC certificates and data integrity and non-repudiation is achieved using eIDAS QSeal certificates. The authorization mechanism is based on OAuth 2.0.

OAuth 2.0 is the industry-standard protocol for authorization. For more details, please see the OAuth 2.0 RFC.

To get your OAuth Client_id and Client_secret, go to Applications, select the application you created, click on Edit and go to the Authentication Tab.

API Products

The API products Catalog is available in the APIS menu of the Marketplace. The API products in the catalog are organized by Provider name . You can search for the APIs in the catalog using the Provider name, API name, description, version, state, etc.

To view the details of an API product, click on the API product you are interested in. The API product details page displays the basic details of the API product such as its name, its functionalities and business cases, version, state, environment, host, base path and available methods.

To have a closer look at a method, click on the method to expand it. You can view, for example, the request parameters, the response format or the model schema.

You have to be registered on the portal to be able to download the REST API Swagger files:

1. Just locate the API you are interested in;
2. Click on the View the API button;
3. A Download Swagger button is available on the top left corner of the page.

If you want to use APIs, you need to register an application - this will include an application name, redirect URLs and other meta-data to manage your OAuth credentials.

Once you have created and activated your account, you will be able to access the Applications menu to create and manage applications:

1. Click on Create application.
2. Enter the details for your application.
3. Select the APIs you want to assign to the application.
4. Click on Save application.

You may want to invite other members from your organization to collaborate on your application. You can share the application with them and define their access level. To that end:

1. Click on the application you want to share and select Edit application > Sharing.
2. To share the application with a user, click on Add user.
3. Select the user(s) you want to share the application with, and click on Apply.
4. By default, the users are only able to view the application, not to edit it. To change the access rights of a user, toggle the View and Edit buttons next to the user's name as needed.
5. To remove the access to the application from a user, click on Remove next to the user's name.

In case you registered a personal account and your request to join an organisation hasn’t been approved yet you might not be able to access the API that you are interested in.

In case your request to join an organisation has been approved and you completed the registration process but the API is still not available, you will need to contact our Support Team via Service Desk.

You can find the URLs to be used on the details page of the selected API. Authorization URLs are documented in the security section.

Yes, sample requests are documented in the technical details section of each API.

The API responds to requests with different HTTP status codes depending on the result from the request. Error responses might also include an error message in the body to assist in resolving the problem. You can find a complete list of the HTTP Status Code for every methods in the API documentation.

Registering on LUXHUB's Marketplace and testing the Sandbox APIs is free of charge.

However the access to some of the APIs in production is not free of charge and would require a contract to be signed with the provider. Details can be found at each API level, in the Overview section.

You can use the graphical real-time charts on the Monitoring page to monitor how your applications use APIs exposed in the Developer Portal. You can view the usage metrics for applications or the API methods your applications use.

Support

If you are registered in the Portal with an Organization Account, you can open a ticket via the Service Desk to submit your inquiry. We will get back to you shortly.

No, you have access to LUXHUB Service Desk only if you are registered as an organization. But you can still use the Contact Us form if you have any issue with your registration or you are interested upgrading your Personal Account. LUXHUB does not provide support via this channel.

To reach LUXHUB's Service Desk, you need to have an account on LUXHUB's Developer Portal. Go to Support and click on Service Desk, then log in with your portal credentials.

Our Service Desk is available from Monday to Friday during Business Working Hours (from 8:00 am to 6:00 pm CET).

LUXHUB & PSD2

PSD2 is the EU Directive 2015/2366 on payment services in the internal market, published in the Official Journal on 23 December 2015. Its objective is to open access to bank systems to TPP in order to further enhance consumer protection and convenience, to improve the security of payment services and to promote innovation and competition.

PSD2 enables third-party providers without a banking license to provide account information and payment initiation services to their customers. Banks, as account servicing payment service providers, are obliged to enable third party ‘account information service providers' (AISPs) and 'payment initiation service providers' (PISPs) to access the payment account data they hold on customers, if customers consent to it. The regulation requires banks to offer at least one access interface (dedicated API or customer interface in online bank) enabling secure communication with third parties. The interface should also enable third parties to identify themselves and allow them to rely on the authentication procedures that banks provide to their customers.

PSD2 was complemented with Regulatory Technical Standards and several related official texts:

EBA Opinion on the transition from PSD1 to PSD2 (EBA-Op-2017-16)

Opinion on the implementation of the RTS on SCA and CSC (EBA-2018-Op-04)

Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)

Opinion on the use of eIDAS certificates under the RTS on SCA and CSC

EBA Single Rulebook Q&A on payment services

The PSD2 regulation leaves open the details of the APIs that third parties will use to connect with ASPSPs. Therefore, some initiatives comprising banks, associations and PSP from across the EU, defined common API standards.

The banks exposing their APIs through LUXHUB support Berlin Group or STET. Check out our Providers Catalog to see which standard is supported by each ASPSP.

AIS: Account Information Services

AISP: Account Information Service Provider

ASPSP: Account Servicing Payment Service Provider providing and maintaining a payment account for a PSU

CBPII: Card-based Payment Instrument Issuer (formerly PIISP: Payment Instrument Issuer Service Provider)

NCA: National Competent Authority

PIS: Payment Initiation Services

PISP: Payment Initiation Service Provider

PSD2: Directive (EU) 2015/2366 on payment services in the internal market

PSP: Payment Service Provider

PSU: Payment Service User

RTS: Commission Delegated Regulation (EU) 2018/389 with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication

SCA: Strong Customer Authentication

TPP: Third-Party Provider, i.e. AISP, PISP and CBPII

Access to PSD2 APIs is allowed for authorised third-party providers. As part of their existing authorization, credit institutions that act in their capacity as a third-party provider (whether as an AISP, a PISP and/or a CBPII) can also access to PSD2 APIs. As soon as production APIs are available (published state), the entity requesting access will need to provide an eIDAS certificate to access PSD2 APIs in production. Such a certificate can be requested from a Qualified Trust Service Provider once the entity has been granted a TPP authorization.

In accordance with Article 30(5) of the RTS, access to the testing facility (so-called sandbox) is available to authorised third-party providers and payment services providers that have applied for the relevant authorization. See Article 1 of PSD2 for the definition of payment service providers. As part of their existing authorization, Credit institutions that act in their capacity as a third-party provider (whether as an AISP, a PISP and/or a CBPII) can also access PSD2 APIs in Sandbox environment.

You need two types of certificates: QWAC for client-Authentication in MA-TLS and QSeal to use with http signature. To use PSD2 APIs in sandbox, you can use your eIDAS certificate or download mock certificates from our portal. To use PSD2 APIs in production, you will need to present a valid eIDAS certificate.

In sandbox, you don't need passporting rights to access PSD2 APIs. However in production, if you want to provide AIS/PIS activities outside of your home Member State, you need to make a passport application. More information available here.

According to Article 36(5)(b) RTS, we limit the AISP’s access to payment account data without the PSU being directly involved to four times a day.

Please have a look at the specification of the APIs to learn which credentials are supported in the sandbox of the API you are interested in.

This website uses cookies. By continuing to use our website, you accept the use of these cookies.