Frequently Asked Questions

The Client Secret cannot be recovered by Aktia, as it is not stored in plain text. Therefore, you need to generate a new Client Secret, which you can do in the App-page. Remember not to share the Client Secret or ID with the end user, it is only for the TPP.

There will be no significant rate limit in the API’s, as required by the PSD2 directive. However, Aktia might need to place some restrictions due to technical reasons.

Aktia relies on Berlin Group’s NextGenPSD2 XS2A Framework’s Redirect SCA Approach: Explicit Start of the Authorisation Process, as described in their implementation guidelines which can be found at https://www.berlin-group.org/nextgenpsd2-downloads.

After the TPP has started the authorisation process using the POST /v1/{payment-service}/{payment-product}/{paymentId}/authorisations endpoint and received the redirect URL, the client is redirected to Aktia’s services, where the authentication and authorization will take place. Once the client is identified and either the consent for access to account is given or payment authorized, will the client be redirected back to the TPP’s service and interfaces (given in the TPP-Redirect-URI header by the TPP in the payment initiation request). The TPP can at all time request the SCA status using the operation GET /v1/{payment-service}/{payment-product}/{paymentId}/authorisations/{authorisationId}.

Here is an example of a payment where the PSU authenticates and authorises the payment using Aktias Mobile Bank App. The payment is initiated from a browser session on a separate device. The process is similar for account consent. Please note that theses sceenshots are drafs and the final implementation is subject to change.

Strong Customer Authentication

The TPP will redirect the PSU (Aktia's customer) to the URL provided in the response of the start authorisation endpoint.

The customer will add their bank ID and select the authentication method. The customer is then prompted to authenticate with the select method, where after the authorisation will start. In this example the PSU will authenticate with the mobile bank application:

Payment authorisation

In the case of payment authorisation, the following screen is shown to the customer back in the web browser:

SCA2

The customer will check the payment information and select the payment account. After accepting, the customer is prompted to authorise the payment in the mobile bank application. Once that is done, will the following screen be shown at the browser.

SCA3

The PSU will then be redirected back to the TPP.

We are working on these processes, please be in contact with Aktia trough via https://developer.aktia.fi/contact. We are thrilled to hear about your ideas and help you out to join our ever-growing developer community!

Open banking is an important initiative for Aktia, and there will be a focus on new APIs in the future. Now we are focusing on the PSD2 directives. Here you can find a roadmap of upcoming features: https://developer.aktia.fi/start.

When you sign up for the developer portal we ask you for your name, e-mail address, and developer organization. The information is not shared outside Aktia. We will only contact you when we have some updates in our API’s, new versions, or if there are any problems with your account or App. If you agreed on receiving e-mails about open banking in Aktia, we will also send you news and relevant information.

You can view and edit your personal data and opt out from any information and updates via email in My Account page.

If you have any questions about the use of your personal data, please contact us at: https://developer.aktia.fi/contact

We currently provide access to payment accounts for TPPs through our Contingency Mechanism. We are planning on releasing the dedicated PSD2 APIs during 2021. More detailed information about the schedule will be provided later.