DNB Luxembourg S.A

DNB Luxembourg S.A. XS2A (Berlin Group)

Version:  1.13220190215.037.005
State:  Prototyped
Environment: Sandbox
Base URI: https://ubnllull-psd2api-sbx.luxhub.com/bg/v1
Authorization Endpoint: https://ubnllull-cb-sbx.luxhub.com/api/oauth/authorize
Token Endpoint: https://ubnllull-psd2api-sbx.luxhub.com/api/oauth/token
Categories: PSD2
Passport :

BIC query parameter

LUXHUB is a multi-tenant platform and among the ASPSP customers hosted on the platform there are banks that have multiple entities published under the same API. In order to accommodate such scenario, an additional query parameter Bank Identification Code (BIC) is added to all endpoints.

The value used for this parameter needs to match exactly the BIC code of the entity your application is trying to access. Furthermore, you need to have a valid PSD2 passport for the country where the respective entity resides. Please see the API page in the portal for more details.

Extended transaction history

As required by the EBA RTS on SCA and CSC, there should be additional SCA performed whenever a transactions history for more than 90 days is requested by a TPP. Berlin Group specifications do not provide dedicated handling of this scenario, whereas STET standard describes it in details and proposes a solution.

LUXHUB decided to implement the same solution as for the STET standard for the Berlin Group standard and offer it as a value addition to its customers.

The AISP will be able to ask for an extended transaction history with the very first access token retrieved after a token request. In this case, a single SCA will be required and used to get the token and to ask for an extended transaction history. Any further extended transaction history request will be considered as out of scope of this SCA.
If the access token scope cannot cover the request (case of extended transaction history request for instance):

  • The request will be rejected with HTTP403 with an error equal to insufficient_scope.
  • The refresh token will be revoked so the request could be replayed once a new token, having the right scope, would have been requested and provided.
  • The new refresh token will be valid up to 90 days.

The additional scope to be used for this case in Berlin Group implementations is AIS_EXT - this is additional scope and not replacing the regular one. For STET implementation this same scope is named extended_transaction_history.

Please see diagram below for details of the flow.

 

This website uses cookies. By continuing to use our website, you accept the use of these cookies.