LUXHUB One provides a unified interface to access the PSD2 APIs of multiple providers, establishing a common data model, security profiles and authorization flows to overcome the complexities caused by differing implementation standards.
Therefore, as a consumer of LUXHUB One, you are able to seamlessly integrate the APIs of various PSD2 providers and thus provide easy access to PSD2 account information and payment initiation services to your customers.
LUXHUB One is available to PSD2-regulated providers, including:
Your onboarding as a new consumer of LUXHUB One involves certain technical and business steps, which are required in order to ensure a smooth and compliant start:
This step comes after the usual sales procedure that ensures that you are aware of all the functionalities and capabilities of LUXHUB One, as well of all the necessary steps involved in becoming a consumer; potential fallacies; roles and responsibilities of each party; project management items and pricing of the service. The contract will formalize all of these aspects, so they can be agreed upon by each party and include various annexes related to the technical procedures to follow during the onboarding and normal operation during the product life cycle.
If you did not yet start with this process, feel free to get in touch with the LUXHUB sales team.
This step involves granting you access to the LUXHUB One API endpoints, based on the contractual relationship established during the previous step. This step is mostly technical and involves setting up a secured access (MTLS setup and Oauth 2 credentials) to consume the API in Sandbox environment. You will need to follow a process described below to complete this step:
As part of the Sales process, you will need to outline the providers whose PSD2 services you are interested in consuming.
LUXHUB One covers all major banks and other PSD2 providers in Luxembourg, in addition to several Belgian and French banks.
|Market||Account information||Payment initiation|
|Other EU||UPON REQUEST||UPON REQUEST|
The LUXHUB One delivery team will be in charge of registering you, as a TPP, with each of these providers. This process might be automatic with some providers, or manual for others. Also, as part of this process, the LUXHUB delivery team will need to register you as a consumer of the provider's API (first in the Sandbox environment and then in Production).
It is important to note that the majority of providers require real eIDAS certificates, even in Sandbox mode. On the other side, there are providers who will allow the registration of TPPs in Sandbox mode without eIDAS certificates. While this is possible and supported, it is recommended to use real certificates.
Your eIDAS certificates (QWAC and QSEALC) will be used to identify LUXHUB One towards the API providers of your choice.
LUXHUB recommends issuing a new pair of eIDAS certificates dedicated to consuming LUXHUB One API. The process of obtaining new eIDAS certificates is described below:
Send the CSR to the Qualified Trusted Service Provider (QTSP) of your choice with all required forms signed in your name. You should also request test certificates from the QTSP if available.
You get, from the QTSP, eIDAS certificates based on the CSR LUXHUB provided.
You provide the certificates to LUXHUB.
You maintain full control over the certificate (you can revoke it, etc.); you also have the responsibility to manage certificate renewal or revocation (by restarting the aforementioned process).
The certificates you will provide cannot be used in any way for a different consumer registration (other than LUXHUB One consumer)- even for testing/Sandbox purposes.
You will be able to change the list of providers that you are interested in after the onboarding, however onboarding of new providers will be considered outside of your initial setup and hence might be subject to additional setup fees.
Once you are registered with the respective providers and your access is set up, you are ready to begin using the LUXHUB One API. The access will start in Sandbox mode, i.e. accessing providers' PSD2 sandboxes, and, when you decide that you are satisfied with the level of testing of your application, it can be migrated to Production.
It is important to note that all considerations above related to your onboarding are environment specific, i.e. there is no necessary link between the onboarding of the consumer in the Sandbox and Production environments. As such, none of the artifacts required for onboarding should be considered a priori shared between environments.
Please refer to the next tabs to learn how to use LUXHUB One API.
Once you are ready to go live, LUXHUB One delivery team will assist you in promoting your application to production.
Prior to going live it will be important to ensure that
It is recommended to perform a few tests in Production prior to opening up your application to your users.
Once all is setup, you are ready to enjoy the full power of LUXHUB API!