test 

Getting Started

Our solution

Ready to get started? Here is a step-by-step guide to walk you through UniCredit APIs integration.

API Standards

This section contains all the information related to the banks that adhere to the Berlin Group NextGenPSD2 Technical Specification. This can be retrieved following the link https://www.berlin-group.org/nextgenpsd2-downloads.

List of Banks

Country Bank
Italy

UniCredit SpA

Italy buddybank
Austria

Bank Austria

Germany UniCredit Bank GmbH ("HypoVereinsbank")
Croatia

Zagrebačka banka d.d.

Hungary

UniCredit Bank Hungary Zrt.

Romania

UniCredit Bank Romania

Slovenia

UniCredit Bank Slovenia

Bulgaria

UniCredit Bulbank

Czech Republic

UniCredit Bank Czech Republic and Slovakia, a.s

Slovakia

UniCredit Bank Czech Republic and Slovakia, a.s

TPP Authentication 

A TPP can interact with UniCredit APIs by presenting a valid QWAC (Qualified Web Authentication Certificate) certificate, according to the eIDAS Regulation. It will allow AISPs, PISPs and CISPs to communicate securely with and identify themselves towards the UniCredit Banks.

One Solution for multiple Legal Entities

One solution covering multiple Legal Entities of UniCredit Group: we made it easy for you to connect to all our Legal Entities in a uniform manner by using specific parameters for one global URL structure which are fully described in our documentation.

SCA (Strong Customer Authentication) Methods

The guidelines and framework released by the Berlin Group present the SCA methods supported by each bank of the group:

  • Redirect - Uses the predefined redirect address in the authentication which redirect the user to the web site where the SCA is performed between the PSU and the Bank of UniCredit Group.
  • Decoupled - Similar to redirect, with the difference that it's the UniCredit Bank asking the PSU to authenticate itself through the mobile app.
  • Embedded - The SCA of the PSU is executed entirely as part of the transaction at the XS2A interface.

The table below displays at a glance the SCA methods supported by each Bank of the UniCredit Group:

Country Bank SCA Method
Italy

UniCredit SpA

REDIRECT
DECOUPLED (only App Mobile Banking)

Italy buddybank DECOUPLED
Austria

Bank Austria

REDIRECT
DECOUPLED (only App Mobile Banking)

Germany UniCredit Bank GmbH ("HypoVereinsbank") REDIRECT, EMBEDDED (online banking)
REDIRECT (UC eBanking Global)
Croatia

Zagrebačka banka d.d.

REDIRECT

Hungary

UniCredit Bank Hungary Zrt.

REDIRECT

Romania

UniCredit Bank Romania

REDIRECT

Slovenia

UniCredit Bank Slovenia

REDIRECT

Bulgaria

UniCredit Bulbank

REDIRECT

Czech Republic

UniCredit Bank Czech Republic and Slovakia, a.s

REDIRECT

Slovakia

UniCredit Bank Czech Republic and Slovakia, a.s

REDIRECT

note: Bank Austria DECOUPLED Approach returns a deeplink between the '<' and '>' symbols. On Sandbox APIs the deeplink shall be opened via e.g. Browser. On Real the deeplink shall be used to open the App.

Registration

To get started, a TPP has to register. 

1. Click the "Registration" button on the homepage:

 

 

2.  Complete the registration form, providing company name, email address and password:

 

 

At the conclusion of the registration process a message is displayed inviting the developer to access to their mailbox.

 Email confirmation and Sign in

1. An email is sent to the specified address for the account activation:

 

 

2. Once the email activation process has been completed the profile is active the TPP can login to the Developer Portal with its credentials.

3. Click on "Sign In"

Onboarding

After the first login the TPP will be able to read and access only the TPP Onboarding APIs (with the associated documentation). The TPP will see two different catalogs: TPP Onboarding with eIDAS certificate and TPP Onboarding with eIDAS test certificate. The TPP shall use TPP Onboarding with eIDAS certificate API for a signature process with their eIDAS certificate, otherwise use the TPP Onboarding with eIDAS test certificate API for a signature process with their eIDAS test certificate.

 

 

Onboarding with eIDAS certificate 

 Clicking on "APIS Catalog" the TPP can access the TPP Onboarding APIs documentation:

Onboarding with eIDAS test certificate

The Onboarding is also available for the TPPs with an eIDAS test certificate considered trustable by UniCredit. To consider a test certificate trustable, UniCredit must be able to trust the entire test certificate chain (ROOT, Intermediate) of the CA that signed the eIDAS test certificate used for onboarding.

For this purpose, UniCredit allows to upload the test certificate chain file in the support page form for the registered TPPs, selecting the "Upload test certificate chain" in problem categorization field.

 

 

Upon successful completion of the TPP onboarding process, TPPs can access the Developer Portal and see the documentation and APIs (according to their roles & country passporting rights). A notification email is sent to the TPP, confirming the account activation.

 

Have a look at our API catalog

Our available APIs are displayed in the API Catalog page. 

Need support?

Are you running into challenges or problems? Contact us through our Contact Us page.