Open Banking Access to Transactive Client Accounts
Transactive is Open Banking compliant. Service Providers can connect as Account Information Service Providers (AISPs) to obtain client account statements, or as Payment Initiation Service Providers (PISPs) to initiate client payments.
Contact us to become a Service Provider. You will need to supply the following information:
- Corporate Details
- Proof of your licensing
- Contact Email
- Technical Contact Email - which will receive notice of technical issues
Once boarded you will be provided with your own API key. This is used in the per-client registration step described below.
Permission is required of clients for whom you wish to act as a Service Provider. This is obtained by completing a per client registration step:
- In the case of a AISP, use your private API key to send an authorized AISP registration request to our API, providing the user ID of a client contact (obtained from the client). The client contact will receive an Authy request similar to the following:
- In the case of a PISP, use your private API key to send an authorized PISP registration request to our API, providing a client contact user ID as well as client-supplied financial limits. The client will receive an Authry request similar to the following:
Assuming the client contact authorizes the registration request, you will receive an API key to use on their behalf.
The per client API key obtained in the registration step will trigger a two factor authentication request on every interaction with the API. To prevent this you should call the refresh_token endpoint and obtain a time-limited token which will trigger a single two factor request but which can then be used for an hour without triggering additional two factor requests. See the documentation in our Swagger.
To obtain account information you should use the /accounts and /payments endpoints with GET. Again see the Swagger.
To initiate a payment you should call /payments with a POST. Our Swagger has the details. Note that payments must fall within the configured limits.
If the contact deregisters the API key obtained in the registration step, your connection requests will become back Unauthorized 403.