Requesting Account Information (AIS)

PSD2ClosedPSD2 stands for Payment Services Directive 2 and is a new EU regulation in effect since September 14, 2019. It governs electronic and other non-cash payments. The main provision of PSD2 is for Strong Customer Authentication (SCA), a process that seeks to make online payments more secure and reduce fraud while increasing authorisation rates. The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020. defines the "Account Information Service" as an online service to provide consolidated information (balance, transaction history) on one or more payment accounts held by a PSUClosedPayment Services User – an individual person or legal business entity making use of an Open Banking service as a payee, payer or both. with one or more payment service providers.

As it relates to an AISPClosedAccount Information Service Provider – a TPP authorised to access consumer or business account data from the account holder's financial institutions with the account holder's explicit consent., this essentially means that, under open banking protocols, banks allow access to a customer's account data by TPPs only if the customer (PSU) explicitly gives consent (grants permission) to let the bank allow such access.

The scope of analysis and service Token supports includes comparing a PSU's accounts and transaction history to a range of financial service options, aggregating data across participating financial institutions and customers to create marketing profiles, and making new transactions and account changes on the PSU's behalf.

Important reminder: Don't forget that, before initiating a request to a Token-connected bank, you'll first need to get the list of banks in the desired country that support the features you need to access. A GET /banks call filters the list of Token-connected banks based on your selection criteria with respect to bank location and bank-supported features. See Bank Selection using GET /banks for more on filtering and selecting Token-connected banks.

To access Account Details, the value of supportsInformation must be true for each bank displayed to the user for selection from the GET /banks payload.

API support for accessing a PSU's account information institutes a communications flow that ensures all PSD2 mandates for PSU consent and authorisation are met.

Pictured above (hover to enlarge) is the general flow. Guidance on making the appropriate POST and GET calls, as well as handling Token's responses to these requests is covered next.

Base URLs

See Base URLs.


See Common Request Headers.

Typically, the bank requires a user ID as the first step of the credentials exchange necessary to identify the user. Additional details may be required, as well. These credentials and their format can be determined by calling GET /banks (see Filtering Banks by Desired Criteria). This will return a set of CredentialFields, specifying the credentials required initially; the set of credentials required in this first step are a statically-defined bank property.