Analytics Platform (XS2A.risk)

The analysis platform grants one-time access to account data of a bank account, credit card, or Paypal account with the aim of obtaining an electronic account statement or to be able to call up specific analysis results (individual key figures such as risk characteristics or entire reports) via a selection of predefined analysis modules. For this purpose, the end customer gives Tink Germany a one-time use consensus.

Basic integration

View the full technical documentation of this product here.

Authentication (Documentation)

All authentication in our API is done via HTTP basic authentication.

POST /v1/risks HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache

Create xs2a.risk object (Documentation)

The first step is to configure a risk object that defines what our API needs to do in the process afterward.

POST /v1/risks HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache

{
  "xs2a_account_snapshot": {
    "enabled": "1",
    "days": "30",
    "from": "",
    "to": "",
    "with_subcategory": 1,
    "all_tags": true,
    "all_accounts": true
  },
  "language": "de",
  "country_id": "DE",
  "metadata": {
      "myCustomData": "X92LAP3"
  }
}

As result, you will get a wizard_session_key and a transaction value. 

{
    "wizard_session_key": "m5A65Cy2lwI1rOXxuvwU4MM47b4tDaV0ME9By6It",
    "transaction": "10001-xv-LEz8-oct7"
}

Show the created payment session to the customer

This step depends on the integration variant you want to use. In all variants, the wizard_session_key and the transaction value is used later.

pageJavascript-WidgetpageWizard-APIpageEasyOnboarding

Retrieve information after the process is finished (Documentation)

We recommend registering a webhook in our application to get informed about specific events.

GET /v1/risks/{transaction-id} HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache

You will receive detailed information about the risk object.

{
  "id": "xr_hd84kg9zns53lvh1",
  "transaction": "10001-xr-abcd-abcd",
  "account_holder": "MUSTERMANN, HARTMUT",
  "iban": "DE62888888880012345678",
  "bic": "TESTDE88XXX",
  "bank_name": "Testbank",
  "country_id": "DE",
  "testmode": "1",
  "created_at": "2015-05-05 11:47:45",
  "metadata": { },
  "merchant_id": "",
  "object": "xs2a_risk",
  "xs2a_account_snapshot": {
    "object": "xs2a_account_snapshot",
    "days": 45,
    "from": "0000-12-27",
    "to": "0000-12-30",
    "filters": [],
    "all_tags": "1",
    "created_at": "2014-03-23 15:55:54"
  }
}

PreviousPayment Platform (XS2A.pay)NextOpen Banking Platform (XS2A.api)

Last updated