API Payments

Market coverage

  • Austria
  • Germany
  • Switzerland
  • White Label Payment Initiation Service

  • Auto-complete of the bank sort code and bank-specific login fields

  • SEPA transfer in customer name and look & feel

  • Unique and automatic matching of all incoming payments (coming soon)

  • Full bank coverage and PSD2 License as a Service

The FinTecSystems XS2A.PAY interface allows to carry out a bank transfer via one-time access to the online transfer function of a bank and taking important risk and fraud criteria into account (so-called security check). FinTecSystems is a purely technical service provider and is not involved in the actual cash flow. The transfer is made directly from the customer’s bank account to the provider’s specific receiving account.

FinTecSystems provides white-label account information and payment services with the same look and feel of its clients’ brands. The self-developed online banking-based API enables companies to aggregate and analyse financial data and make decisions in real time. Its products can e.g. accelerate loan commitments, minimise counterparty risk, and categorise real-time sales data to make them more meaningful. FinTecSystems is also licensed under the BaFin.

Under PSD2, the issue of retrieval of account information and payment triggers is increasing in importance as it provides a standard which promotes the receipt of bank-independent financial data.

The FinTecSystems’ solution is highly customer-centric. Only after online log-in and authentication is financial data collected, prepared and provided within meaningful categories.  Its digital process helps clients avoid disruption and accelerates applications. In addition, it improves their processes in line with PSD2 and meets BaFin requirements without them having to own the application process.

Main functions:

  • One-time access to the online bank transfer function of a bank account
  • One-time access to the account data of a bank account
  • Fraud checks to prevent or minimize payment defaults

Via an initial call by the provider basic payment information are specified (amount, currency, intended purpose, receipt account) to be executed on the online banking account. The customer is then prompted to interact (login to online banking). After the successful login and security check, the customer will, if necessary, select one account and enter the TAN which initiates the SEPA transfer in the background. As a result, a list of all successfully initiated transactions or details of individual transactions can then be displayed.

Hosting is exclusively with FinTecSystems and processing takes place in a German-based data centre certified according to ISO27001. All transmitted data is SSL-encrypted and subject to a double-encrypted access code. FinTecSystems operates according to the strict German Federal Data Protection Act and the EU Data Protection Act (GDPR). Availability is agreed via appropriate SLAs and financial data is deleted by default after 30 days.

In order to reduce the provider’s risk of non-payment, the following security checks can be used optionally and configured individually:

  • Maximum amount per transaction
  • Maximum number of transactions within a defined period (customer-specific)
  • Maximum transaction volume within a defined period (customer-specific)
  • Account balance check
  • Verification of marked revenues
  • Perform garnishment check
  • Review of chargebacks
  • Verification of outstanding payments
  • Review of low sales activity
  • IBAN blacklists/whitelists

As soon as one or more security checks are negative, the transaction is rejected.

Further options within the interface:

  • For each transaction, a status can be set via the interface that indicates whether the payment has actually been received on the provider’s account or not. It can happen that payments have been successfully initiated but are not executed by the bank. This information is used within the security check.
  • The bank and/or country selection for the customer is skipped when a BIC or country code is transferred as part of the initial creation of a payment.
  • By transferring the name of the sender or a sender IBAN as part of the initial creation of a payment, it is verified that only payments via this account holder and/or this IBAN may be initiated.


Returns a list of all XS2A.PAY transaction objects and all events for a XS2A.Pay transaction object.

  • GET_payments
  • POST_payments
  • DELETE_payments_transaction-id
  • GET_payments_transaction-id_events
  • POST_payments_transaction-id_loss
  • POST_payments_transaction-id_received

Wizard API

Navigation through the wizard.

  • POST_wizard

About the provider

FinTecSystems is one of the leading banking API and smart data providers in Germany, Austria and Switzerland. In addition to an Open Banking Platform, which provides account information and payment initiation services, FinTecSystems has an analytics platform that focuses on analysing and categorising financial data for banks, fintech and payment service providers.  Its solutions are used to aggregate account data in real time, make credit decisions, minimise credit risks and initiate online transfers.

TÜV-certified, FinTecSystems works for N26, Santander, DKB and Deutsche Handelsbank, among others. Since 1 March 2019, FinTecSystems has been a regulated institution under the Payment Services Supervision Act (ZAG) and has been granted permission by BaFin as a payment initiation and account information service.