ebury

November 2025 Availability Report

bank-admin — Tue, 02 Dec 2025 14:58:12 +0000

November 2025 Availability Report bank-admin December 02, 2025

October 2025 Availability Report

bank-admin — Tue, 11 Nov 2025 10:42:33 +0000

October 2025 Availability Report bank-admin November 11, 2025

AIS Workflow - Enriched transaction object

bank-admin — Tue, 04 Nov 2025 21:50:18 +0000

AIS Workflow - Enriched transaction object bank-admin November 04, 2025

Maintenance work on 14.10.2025 and 15.10.2025 from 07:15 AM CEST to 08:35 AM CEST

Anonymous — Mon, 06 Oct 2025 11:45:40 +0000

Maintenance work on 14.10.2025 and 15.10.2025 from 07:15 AM CEST to 08:35 AM CEST Anonymous (not verified) October 06, 2025

September 2025 Availability Report

Anonymous — Wed, 01 Oct 2025 10:53:43 +0000

September 2025 Availability Report Anonymous (not verified) October 01, 2025

Production APIs

eby-devportal — Tue, 30 Sep 2025 07:56:20 +0000

Production APIs

eby-devportal September 30, 2025

Ebury doc

eby-devportal — Tue, 30 Sep 2025 07:56:08 +0000

Ebury doc eby-devportal September 30, 2025

12 - Build your authorize URL

eby-devportal — Tue, 30 Sep 2025 07:56:08 +0000

12 - Build your authorize URL eby-devportal September 30, 2025

Build an authorize URL using the well-known configuration link

On the production and sandbox environments, the "scaOauth" property of a consent creation (with header tppExplicitAuthorizationPreferred = false) or a POST /authorization endpoint is the following:

{ … "_links": { "scaOAuth": { "href": "https://api.berlingroup.ebury.io/berlingroup/.well-known/openid-configuration?authorizationId=31f68ab6-1ce6-4131-a324-3f37d2ca4b02" }, … } }

You have to call this URL and retrieve the “authorization_enpoint” property in the response:

{ "issuer": "https://api.berlingroup.ebury.io", "authorization_endpoint": "https://web.berlingroup.ebury.io/public/berlingroup/authorize/31f68ab6-1ce6-4131-a324-3f37d2ca4b02", "token_endpoint": "https://api.berlingroup.ebury.io/berlingroup/v1/token", "userinfo_endpoint": "https://api.berlingroup.ebury.io/berlingroup/v1/accounts", "scopes_supported": [ "account", "payment" ], "response_types_supported": [ "code" ], "grant_types_supported": [ "client_credentials", "authorization_code", "refresh_token" ], "code_challenge_methods_supported": [ "S256" ], "subject_types_supported": [ "public" ] }

With this property, you will be able to build your authorize URL with the following parameters:

URI parameter	Description
scope	This parameter corresponds to the consentId of the consent creation or the paymentId of the payment initiation Examples: AIS:1587559935-bae68c2 PIS:1587561419-bp5b5f2
client_id	This parameter corresponds to your NCA id
state	Dynamic value that you have to set in order to prevent XSRF attacks
redirect_uri	This parameter corresponds to the URI where the OAuth2 server is redirecting the PSU after the authorization. NB : this redirect_uri has to be the same used for the consent creation or payment initiation
code_challenge	This parameter corresponds to PKCE challenge according to cryptographic RFC 7636 which is used to prevent code injection attacks
response_type	Type of the response. This value has to be set to “code”
code_challenge_method	Optional parameter which corresponds to the code verifier transformation method ("S256" or "plain")

Following these instructions your authorize URL should look like this and is now valid to process the authorization of the PSU:

https://web.berlingroup.ebury.io/public/berlingroup/authorize/31f68ab6-1ce6-4131-a324-3f37d2ca4b02?scope=AIS:1587559935-bae68c2&client_id=[your_client_Id]&state=test&redirect_uri=[your_redirect_uri]&code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM&response_type=code&code_challenge_method=S256

This process to build the authorize URL is the same for a payment initiation.

NB : the "redirect_uri" parameter in the URL has to be the same as the "TPP-Redirect-URI" header of the consent creation

11 - Connect to the sandbox or Berlin Group APIs

eby-devportal — Tue, 30 Sep 2025 07:56:08 +0000

11 - Connect to the sandbox or Berlin Group APIs eby-devportal September 30, 2025

Description

The communication between the TPP and the Bank (Sandbox or Berlin Group APIs) is always secured by using a TLS-connection Mutual authentication using TLS version 1.2 which is initiated by the TPP.

The TLS-connection has to be established always including client (i.e. TPP) authentication.

For this authentication the TPP has to use a qualified certificate for website authentication (QWAC) which has to be issued by a qualified trust service provider according to the eIDAS regulation.

The content of the certificate has to be compliant with the requirements of the EBA-RTS and follow the ETSI TS 119 495 V1.2.1 (2018-11) technical specification.

During the first connection setup, the TPP will be automatically onboarded and registered (enrolled) in the bank database. However, for security purpose, the bank requires the client certificate to be presented within each request.

Following the EBA clarification 07/06/2019, it's now possible to test the Sandbox using a test certificate. The only restriction is that the certificate used to establish the SSL MA must follow the QWAC format for PSD2, according to ETSI TS 119 495 V1.2.1 (2018-11)

For the Berlin Group APIs, the QWAC certificate has to be issued from a production CA.

Test the connection to the sandbox

Make sure that your QWAC configuration is correct by testing the following endpoint on the sandbox (no headers are necessary)

GET /berlingroup/actuator/info

10 - Contact our support team

eby-devportal — Tue, 30 Sep 2025 07:56:08 +0000

10 - Contact our support team eby-devportal September 30, 2025

Contact our Support Team

As a TPP if you face any problems using either our Sandbox or Production APIs you can contact us by using the dedicated support email : api.team@ebury.com

Please try to give us the full context of your request :

TPP Name,
TPP Registration Number,
Date and Time of the issue,
Service : AIS, PIS, FCS,
Endpoint,
Error message, error code, screenshot,
Information about concerned version by using one of the following URLs.
A valid QWAC Certificate for PSD2 is required in order to access these URLs.
The certificate is mandatory, otherwise you will get an error :
- Sandbox APIs
- Production APIs

Our support team will answer you as soon as possible.