Analytics Platform (XS2A.risk)

The analysis platform grants one-time access to account data of a bank account, credit card, or Paypal account with the aim of obtaining an electronic account statement or to be able to call up specific analysis results (individual key figures such as risk characteristics or entire reports) via a selection of predefined analysis modules. For this purpose, the end customer gives Tink Germany a one-time use consensus. 
Basic integration
View the full technical documentation of this product here.
Authentication (Documentation)
All authentication in our API is done via HTTP basic authentication.
HTTP
POST /v1/risks HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache
Create xs2a.risk object (Documentation)
The first step is to configure a risk object that defines what our API needs to do in the process afterward.
HTTP
POST /v1/risks HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache
​
{
  "xs2a_account_snapshot": {
    "enabled": "1",
    "days": "30",
    "from": "",
    "to": "",
    "with_subcategory": 1,
    "all_tags": true,
    "all_accounts": true
  },
  "language": "de",
  "country_id": "DE",
  "metadata": {
      "myCustomData": "X92LAP3"
  }
}
As result, you will get a wizard_session_key and a transaction value. 
JSON
{
    "wizard_session_key": "m5A65Cy2lwI1rOXxuvwU4MM47b4tDaV0ME9By6It",
    "transaction": "10001-xv-LEz8-oct7"
}
Show the created payment session to the customer
This step depends on the integration variant you want to use. In all variants, the wizard_session_key and the transaction value is used later.
Javascript-Widget
Wizard-API
EasyOnboarding
Retrieve information after the process is finished (Documentation)
We recommend registering a webhook in our application to get informed about specific events.
HTTP
cURL
GET /v1/risks/{transaction-id} HTTP/1.1
Host: api.xs2a.com
Content-Type: application/json
Authorization: Basic base64("api:YOUR_API_KEY_GOES_HERE")
Cache-Control: no-cache
​
You will receive detailed information about the risk object.
JSON
{
  "id": "xr_hd84kg9zns53lvh1",
  "transaction": "10001-xr-abcd-abcd",
  "account_holder": "MUSTERMANN, HARTMUT",
  "iban": "DE62888888880012345678",
  "bic": "TESTDE88XXX",
  "bank_name": "Testbank",
  "country_id": "DE",
  "testmode": "1",
  "created_at": "2015-05-05 11:47:45",
  "metadata": { },
  "merchant_id": "",
  "object": "xs2a_risk",
  "xs2a_account_snapshot": {
    "object": "xs2a_account_snapshot",
    "days": 45,
    "from": "0000-12-27",
    "to": "0000-12-30",
    "filters": [],
    "all_tags": "1",
    "created_at": "2014-03-23 15:55:54"
  }
}
​

Payment Platform (XS2A.pay)

Open Banking Platform (XS2A.api)

Last modified 1yr ago