The world is moving forward, and so are the financial services. Nowadays, a life without e-banking services, on-line shopping or payment cards is unimaginable. New technologies also mean new security-related challenges, and it is the PSD2 Directive that responds to them; the Directive strives to regulate the available innovative financial solutions and to increase the security of payments and the safety of the Clients’ data, i.e. of all of us.
PSD2 [Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market] is an EU directive that imposes on banks the obligation to provide the Third-Party Providers (TPPs), e.g. other banks, fintech companies, payment service providers, with access to their client’s accounts. The Client must each time consent to such access. The changes enters into force on 14 September 2019;
The Directive strives to:
As we have already mentioned, one of the objectives of PSD2 is to ensure high safety and security standards in the financial services market.
The Clients themselves decide who can use these data and when – each and every request for the disclosure of data to the TPPs will be preceded with a request for consent thereto. Once granted, the consent may be withdrawn at any time, by contacting the company to which it had been granted. Additionally, the use of the services offered by the TPPs will require authentication in the form of logging in to the Citibank Online e-banking system. Additionally we secure our Clients’ data using cutting-edge technologies.
A Partner consumes a selected API under an agreement between the Partner and Citi Handlowy. An example of such cooperation is the use of an acquisition API, which may allow the Partner to offer Citi products in cooperation with the Bank (collecting applications or a full application process for a credit card).
Pursuant to PSD2, from September 14, 2019, licensed entities (the so-called TPPs) may gain access to open API in the scope of account information (AIS), initiation of payments (PIS) and confirmation of availability of funds on an account (CAF), without concluding an agreement with Citi Handlowy.
In accordance with the requirements of PSD2, Citi Handlowy provides an open API (Application Programming Interface) to enable a secure connection between the bank and external payment service providers (TPPs).
A TPP authorized by the national regulatory authority, as an account information access service provider or payment initiation service provider, can use this link to access our API (Citi Developer Portal) where all information, needed for successful integration with Citi Handlowy, has been provided. TPPs can use open APIs in a production environment, according to the scope of their license.
To use open APIs, open the API catalog on the Citi Developer Portal, select "Poland" and then refer to:
Accounts API for AIS and CAF services
Money Movement API for the PIS service
TPP (Third Party Provider) access to open APIs, in the PSD2 scope, will require TPP's eIDAS certificate. Details of integration with open API for TPP can be found in the API catalog on the Citi Developer Portal, in the "Poland" tab.
APIs supporting the commercial model of cooperation with Citi Handlowy, have been listed in the API Catalog on the Citi Developer Portal, in the "Poland" tab. All information regarding their structure and development documentation is available on the Portal, enabling a test integration of the Partner's application in the Sandbox test environment, using dummy data. In the case of commercial use of the API in cooperation with Citi Handlowy, such integration is required.
The access to the Sandbox on Citi Developer Portal is public, which means anyone can register there and conduct a test integration with his/her application in a secure environment.
Our Sandbox reflects the structure of the production environment to the best possible extent, therefore a potential migration to the production environment should proceed without bigger problems. Below, we present an instruction on how to do that:
Citi Developer Portal for Poland offers the following categories of APIs (in the Menu, select API Products > Poland):
Below are quarterly published reports with information on the availability of a dedicated access interface, i.e. our APIs operating as part of PSD2 services.
The report includes the following data on daily performance for our API: uptime, downtime, average response time, and percentage of errors.
Thanks to different categories of APIs in our offer, we are ready to create different business models.
If you have acquainted yourself with our Sandbox and have questions concerning potential cooperation, please contact us at:
We make every effort to reply within 3 business days.