Knowledge Base

The PSD2 Directive (Payment Services Directive 2) implemented on January 13, 2018 applies to the payment market. It requires banks and other payment service providers to enabling the Bank's Customers to make payments from their accounts at the customer's request (Payment Initiation Service - PIS) and providing them with relevant payment account details (Account Information Service - AIS) through suppliers that are named Third Party Provider (TPP). These services may be provided using the Application Programming Interface (API) in relation to payment accounts available on-line. New services and offers for banking customers are built on the basis of these solutions.

It is the use of access to bank accounts via API to create new and innovative services and products that can help customers (both individuals and companies) e.g. in managing their daily finances as well as expanding the offer of available financial solutions. Open banking is based on cooperation between the world of finance and other industries in order to improve customer experience and expand the catalog of services and products provided to consumers, with the particular role of fintechs and startups. PKO Bank Polski currently offers its customers the account aggregation service as part of the account information access service - you can read more here https://www.pkobp.pl/klienci-indywidualni/bankowosc-elektroniczna/open-banking/.

Defines the interface for services delivered by Third Party Providers based on access to payment accounts. The API provided by PKO Bank Polski is based on the PolishAPI standard, which is the answer of the Polish payment sector (banks and non-banking entities) to the need to strengthen financial innovation in Poland in a non-discriminatory and sustainable manner. Text source: https://polishapi.org

The new services introduced by the PSD2 Directive can be provided by national and EU payment service providers, as long as they have the appropriate authorization to provide Payment Initiation Services (PIS) and Account Information Services (AIS) from their regulatory supervisor. In the case of the Confirmation of the Availability of Funds service on a payment account (CAF), the provider issuing payment instruments based on a payment card will be entitled to provide it, provided that the conditions set out in the Act on Payment Services are met.

To become a TPP, you must obtain the status of a payment service provider from the appropriate regulatory supervisor and the authorization to provide Payment Initiation Services (PIS) or Account Information Services (AIS). Payment service providers from other EU countries may provide PIS and AIS services under condition that they obtain the appropriate permission from their regulatory supervisor to provide these services and use the formula allowed by the PSD2 directive, i.e. conducting their activities through a branch, as part of cross-border activities or through an agent. In the case of the service of Confirmation of the Availability of Funds (CAF), providers issuing payment instruments based on a payment card will be entitled to provide it.

Innovative companies developing their business based on open banking can take advantage of the ‘Let's Fintech with PKO Bank Polski’ program - a platform for cooperation between the Bank and Startups. As part of the program, the Bank is looking for innovative solutions, also in the area of open banking/API, for which it provides access to the necessary infrastructure and support in business/technology development, and ultimately also in establishing commercial cooperation with the Bank. More on the Let's Fintech website.

If you are interested in direct cooperation and development of new dedicated services based on the use of API with PKO Bank Polski, please register or log in to the Portal and contact us using the "Support" tab.

To prepare to work with our API, all you need to do is go to https://developers.pkobp.pl/documentation and get acquainted with the documentation and swagger provided by PKO Bank Polski. The documentation of the PolishAPI standard available on the project website https://polishapi.org/ may also be useful. Remember that production access to the PKO BP API is reserved for entities with appropriate authorization issued by the supervisory authority. In the case of a sandbox, we require at least a confirmation that application for such authorization has been submitted.

We constantly thrive to improve our services, so we will be grateful if, after encountering an error or problem, you send us information with its description. We will respond to it as soon as possible. To report an issue simply register or log in to the Portal, log in and use the "Support" tab.

We plan to constantly develop and improve our Portal and API services, which is why we are open to any suggestions for changes and improvements. Feel free to send ideas. To do this, register or log in to the Portal and use the "Support" tab.

The PKO Bank Polski API is intended only for entities authorized by the Polish Financial Supervision Authority or its European equivalent. Currently, we do not offer the possibility of managing an account via the API by users who are not a payment institution or AIS providers.

QSEAL certificate update is done by using the /register service. The PKO Bank Polski API provides support for multiple certificates. If the TPPID has not changed, all existing consents will work with both the new and the old certificate. For the new certificate, the clientID received in response to registration should be used. For old one the clientID is not changed. The QWAC certificate does not need to be additionally registered. Changing the organization data, contact email or redirect_url is also done by using the /register service, and the provided data overwrites all previous ones.

The test environment is mainly used to test the correctness of creating queries to the API of PKO Bank Polski. Other than the /authorize, /token, and service string, there is no relationship between the other services, i.e. executing the /domestic service will not cause this transaction to appear when the /getTransactionsDone service is called.

If you are a representative of TPP, please register on the Developer’s Portal and fill in your and your company's details in the settings section - on this basis, we will provide you with logotypes in the downloads section of the Portal.

You will find the Bank's public key after logging into the Developer’s Portal in the Downloads section.

Application programming interface is a method that allows access to the functions of network applications over the network (including the Internet), using specially prepared messages. The PSD2 Directive indicated API as a mechanism for accessing electronic banking functions by Third Party Providers (TPP).

OAuth 2.0 is a protocol used to authorize the actions of clients who want to access protected resources, such as web applications and APIs, by persons who are the owners (controllers) of these resources, in a way that prevents disclosure of credentials to the party requesting access, a so-called redirection mechanism is used.

According to PSD2, new types of entities appear on the payment services market. In addition to banks, payment institutions, postal operators, there are now Third party providers, referred to as TPPs, who are be able to use the opportunity to offer new services built on the basis of PSD2, implementing acts (including Regulatory Technical Standards - RTS) and acts of national law.