Konsentus

Konsentus Verify API

Real-time SaaS API that Financial Institutions (ASPSPs) call to identify and regulate-check Third-Party Providers (TPPs) under PSD2 Open Banking. The PSP Checking Service validates a Base64-encoded eIDAS certificate with the issuing Qualified Trust Service Provider (QTSP), confirms the TPP's regulated status with the relevant National Competent Authority (NCA) on a pan-EEA basis, and returns the payment services the TPP is authorised to provide in the requested jurisdiction. Supports eIDAS, OBIE, and OBHD certificate test scenarios.

Konsentus Verify API is one of 3 APIs that Konsentus publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

Tagged areas include Open Banking, PSD2, TPP Verification, Identity, and eIDAS. The published artifact set on APIs.io includes API documentation, authentication docs, and an OpenAPI specification.

GitHub OpenAPI

Documentation

📖
Documentation
https://developers.konsentus.com/api-reference/introduction.html
📖
Authentication
https://developers.konsentus.com/api-reference/fi-authentication.html
📖
Documentation
https://developers.konsentus.com/api-reference/transaction-jurisdictions.html

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/konsentus/refs/heads/main/openapi/konsentus-verify-api-openapi.yml

Other Resources

🔗
Swagger
https://swagger.konsentus.com/
🔗
Versioning
https://developers.konsentus.com/api-reference/endpoint-versioning.html
🔗
Errors
https://developers.konsentus.com/api-reference/error-codes.html

OpenAPI Specification

konsentus-verify-api-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: Konsentus Verify API
  version: '1.0'
  description: |
    Konsentus Verify provides real-time Third-Party Provider (TPP) identity and
    regulatory checking services to Financial Institutions (ASPSPs) under PSD2
    Open Banking. The PSP Checking Service validates an eIDAS certificate
    presented by a TPP, confirms the TPP's regulated status with the relevant
    National Competent Authority (NCA), and returns the payment services the
    TPP is authorised to provide on a pan-EEA basis.
  contact:
    name: Konsentus Support
    email: [email protected]
    url: https://developers.konsentus.com/api-reference/introduction.html
  license:
    name: Proprietary
    url: https://www.konsentus.com/terms-conditions
servers:
- url: https://api.konsentus.com
  description: Konsentus Verify production environment
- url: https://sandbox.konsentus.com
  description: Konsentus Verify sandbox environment
tags:
- name: PSP Checking Service
  description: Third-Party Provider identity and regulatory validation
security:
- BasicAuth: []
paths:
  /v1/psp/eidas:
    get:
      tags:
      - PSP Checking Service
      summary: Check PSP eIDAS Certificate and Regulatory Status
      description: |
        Validates a Base64-encoded eIDAS certificate presented by a Third-Party
        Provider (TPP) in real time. Returns certificate validity (QTSP,
        signature, revocation, expiry), the home register (issuing NCA), and
        the host register (operating NCA) plus the payment services the TPP is
        authorised to provide in the requested jurisdiction.
      operationId: getPspEidas
      parameters:
      - name: jurisdiction
        in: query
        required: true
        description: ISO 3166 two-letter country code where the FI holds the customer's account.
        schema:
          type: string
          minLength: 2
          maxLength: 2
          example: GB
      - name: fi_reference_id
        in: header
        required: true
        description: Local NCA reference for the ASPSP making the request. Recommended format is the eIDAS authorization number.
        schema:
          type: string
          minLength: 6
          maxLength: 128
          example: PSDGB-FCA-111111
      - name: transaction_reference
        in: header
        required: false
        description: Optional custom reference for audit/tracking purposes.
        schema:
          type: string
          maxLength: 128
          example: 12345ABC
      - name: version
        in: header
        required: true
        description: API endpoint version identifier.
        schema:
          type: string
          example: '1'
      - name: eidas
        in: header
        required: true
        description: Base64-encoded eIDAS certificate presented by the TPP.
        schema:
          type: string
      responses:
        '200':
          description: Successful PSP identity and regulatory check.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PspEidasResponse'
        '401':
          description: Authentication failure.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Missing or malformed parameters.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '405':
          description: Method not allowed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '503':
          description: Service unavailable.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  securitySchemes:
    BasicAuth:
      type: http
      scheme: basic
      description: HTTP Basic authentication using the API consumer's client ID and client secret.
  schemas:
    PspEidasResponse:
      type: object
      properties:
        eIDAS:
          $ref: '#/components/schemas/Eidas'
        homeRegister:
          $ref: '#/components/schemas/HomeRegister'
        hostRegister:
          $ref: '#/components/schemas/HostRegister'
    Eidas:
      type: object
      properties:
        data:
          $ref: '#/components/schemas/EidasData'
        validity:
          $ref: '#/components/schemas/EidasValidity'
    EidasData:
      type: object
      properties:
        pspSubjectName:
          type: string
          nullable: true
          description: Subject name from the eIDAS certificate.
        authNumber:
          type: string
          nullable: true
          description: TPP authorisation number.
        QTSPCommonName:
          type: string
          nullable: true
          description: Common name of the Qualified Trust Service Provider that issued the certificate.
        QTSPSource:
          type: string
          description: Source of the QTSP record.
        QTSPJurisdiction:
          type: string
          description: Jurisdiction of the QTSP.
    EidasValidity:
      type: object
      properties:
        validQTSP:
          type: boolean
          description: True if the QTSP is recognised on the EU trusted list.
        validSignature:
          type: boolean
          description: True if the certificate signature is valid.
        notRevoked:
          type: boolean
          description: True if the certificate has not been revoked (CRL/OCSP).
        notExpired:
          type: boolean
          description: True if the certificate is within its validity period.
    HomeRegister:
      type: object
      description: National Competent Authority register of the TPP's home country.
      properties:
        ncaName:
          type: string
        ncaCountryCode:
          type: string
        registerType:
          type: string
        categoryEntries:
          type: array
          items:
            $ref: '#/components/schemas/CategoryEntry'
    HostRegister:
      type: object
      description: National Competent Authority register of the jurisdiction in which the service is being requested.
      properties:
        ncaName:
          type: string
          nullable: true
        ncaCountryCode:
          type: string
        registerType:
          type: string
        categoryEntries:
          type: array
          items:
            $ref: '#/components/schemas/CategoryEntry'
        warning:
          type: array
          items:
            type: string
    CategoryEntry:
      type: object
      properties:
        categoryName:
          type: string
        pspLegalName:
          type: string
        pspAuthStatus:
          type: string
          description: Authorisation status of the PSP (e.g. authorised, suspended, withdrawn).
        pspPaymentServices:
          type: array
          description: Numeric PSD2 payment service codes the PSP is authorised to provide.
          items:
            type: integer
    ErrorResponse:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: '#/components/schemas/Error'
    Error:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for this error occurrence.
        code:
          type: string
          description: Konsentus error code (e.g. authentication_error, parameter_invalid, jurisdiction_invalid).
        title:
          type: string
          description: Human-readable error title.
        link:
          type: string
          description: Link to documentation describing the error.