Open Banking
Overviewβ
A European framework that lets users grant regulated third parties access to their payment accounts. Swan's Open Banking service lets licensed providers retrieve account information and initiate payments on behalf of Swan account holders, under PSD2.
Swan uses Salt Edge as the PSD2 compliance platform that connects Third-Party Providers (TPPs) to Swan's accounts.
Swan supports three Open Banking services.
| Service | Abbreviation | Description |
|---|---|---|
| Account Information Service | AIS | TPPs can access account balances and transaction history. |
| Payment Initiation Service | PIS | TPPs can initiate SEPA Credit Transfers directly from accounts. |
| Bulk Payment Initiation Service | Bulk PIS | TPPs can initiate batched SEPA Credit Transfers directly from accounts. |
Swan's GraphQL API allows partners to embed banking services into their products. The Open Banking API enables regulated TPPs to offer aggregation and payment services to users who already hold Swan accounts. These are two distinct access models.
How it worksβ
An Open Banking flow involves three parties: a software application (such as accounting or financial management software), a TPP (a regulated aggregator the software works with), and a Swan user.
The connection is established as follows.
- The user works with a software application and wants to connect their Swan account to it.
- The software relies on a TPP to establish the bank connection.
- The TPP sends an authorization request to Salt Edge, Swan's PSD2 compliance platform.
- Salt Edge redirects the user to Swan's consent application.
- The user authenticates with Strong Customer Authentication (SCA).
- The user grants explicit consent to the TPP on behalf of the software.
- Salt Edge receives an access token and enables data access or payment initiation.
- The software application can now access account data (AIS) or initiate payments (PIS) on behalf of the user.
All requests go through Salt Edge, which acts as the compliance layer between TPPs and Swan.
Architectureβ
| Component | Role |
|---|---|
| Software application | The application the end user interacts with, such as accounting, finance, or ERP tools. |
| TPP | Regulated aggregator the software works with to access bank data or initiate payments. |
| Salt Edge | PSD2 compliance platform that manages TPP registration, authentication flows, and data formatting to the Berlin Group standard. |
| PSD2 Connector | Integration layer between Salt Edge and Swan's core systems. |
| Swan GraphQL API | Source of account data and payment execution. |
Ecosystemβ
Connected TPPsβ
This list reflects TPPs registered with Swan's Open Banking infrastructure as of May 2026. The list is maintained by Salt Edge and may change.
| Legal entity | Commercial name | Type | Country | Description |
|---|---|---|---|---|
| Bridge | Bridge | AIS and PIS | π«π· France | Open Banking API for payment initiation and financial data aggregation. |
| Linxo | Linxo Connect | AIS and PIS | π«π· France | Open Banking solutions by Linxo Group, a CrΓ©dit Agricole subsidiary. |
| Fintecture | Fintecture | AIS and PIS | π«π· France | Payment initiation and bank data platform for B2B payments. |
| Powens | Powens (formerly Budget Insight) | AIS | π«π· France | European Open Finance platform for account aggregation and financial data. |
| SI-Expertise | SI-Expertise | AIS | π«π· France | French regulated TPP. |
| Wildmee | Wildmee | AIS | π«π· France | French regulated TPP. |
| finAPI GmbH | finAPI | AIS and PIS | π©πͺ Germany | German Open Banking platform, used for accounting and ERP integrations. |
| fino run GmbH | fino.digital | AIS | π©πͺ Germany | AI-based account analysis and Open Banking solutions for businesses. |
| MRH applications GmbH | MRH applications | AIS | π©πͺ Germany | German regulated TPP. |
| GoCardless | GoCardless | AIS | π¬π§ UK | Global payment and bank debit platform. |
| Unlimit EU Ltd | Unlimit | PIS | π¨πΎ Cyprus | Global fintech offering payment processing, BaaS, and Open Banking payment initiation services. |
| iban-XS B.V. | ibanXS | AIS and PIS | π³π± Netherlands | PSD2-regulated payment and Open Banking services across Europe. |
| Isabel NV/SA | Ponto | AIS | π§πͺ Belgium | B2B Open Banking platform for accounting and ERP integrations. |
| Digiteal SA | Digiteal | AIS and PIS | π§πͺ Belgium | E-invoice presentment, electronic payments, and Open Banking. |
| BudgetBakers s.r.o. | Wallet by BudgetBakers | AIS | π¨πΏ Czech Republic | Personal finance management app with over 10 million users. |
| SPENDEE a.s. | Spendee | AIS | π¨πΏ Czech Republic | Money manager and budget planner app. |
Authentication and consentβ
Strong Customer Authenticationβ
A PSD2 requirement that protects sensitive banking actions with two independent authentication factors. Strong Customer Authentication (SCA) combines something the user has (such as their phone) with something they know or are (such as a passcode or biometric), and is required for Open Banking consent and payment confirmation.
Every Open Banking connection requires SCA. This works the same way as when a Swan user logs into Web Banking or initiates a payment: two authentication factors are required.
- Possession factor: the user receives an SMS with a unique URL, tied to their phone or SIM card.
- Knowledge or inherence factor: the user enters their 6-digit passcode, or uses Face ID or Touch ID.
Token architectureβ
Two separate tokens govern the Open Banking connection.
| Token | Lifecycle | Managed by | Description |
|---|---|---|---|
| User consent token | 180 days | TPP and Salt Edge | Grants the TPP access to account data. Requires user SCA to renew. |
| Technical refresh token | 24 hours | Swan and Salt Edge | Maintains the data refresh connection. Renewed automatically. |
Every 180 days, the user must re-authenticate with SCA to renew the consent token. PSD2 requires this. Renewal is initiated by the TPP through Salt Edge. Swan cannot trigger this renewal directly.
TPPs can perform up to 4 refreshes per day, see the PSD2 EBA Q&A on refresh frequency.
Consent validityβ
- AIS: one consent grants data access for up to 180 days, then requires re-authentication.
- PIS: each payment requires its own consent.
The 180-day limit applies to how long the consent grants data access, not to the time range of transactions you can view. By default, Swan returns all transactions since the account was created.
Consent revocationβ
The user consent token can be revoked by the TPP, following a request from the end user.
With PSD3 (the third Payment Services Directive), allowing end users to revoke their consent directly from their online banking interface will become mandatory.
Key conceptsβ
The following terms appear throughout Swan's Open Banking documentation.
Open Bankingβ
A European framework that lets users grant regulated third parties access to their payment accounts. Swan's Open Banking service lets licensed providers retrieve account information and initiate payments on behalf of Swan account holders, under PSD2.
Third-Party Provider (TPP)β
A regulated company licensed to access bank data or initiate payments on a user's behalf. Third-Party Providers (TPPs) are authorized under PSD2 and connect to Swan accounts through Salt Edge, Swan's compliance platform.
Account Information Service Provider (AISP)β
A Third-Party Provider authorized to access account information on behalf of a user. Account Information Service Providers (AISPs) can read account balances and transaction history after the user grants explicit consent.
Payment Initiation Service Provider (PISP)β
A Third-Party Provider authorized to initiate payments on behalf of a user. Payment Initiation Service Providers (PISPs) can request SEPA Credit Transfers from a user's account after the user grants explicit consent for each payment.
Account Information Service (AIS)β
An Open Banking service that lets a Third-Party Provider retrieve account information from a user's payment account. The Account Information Service (AIS) covers account details, balances, and transaction history, accessed under PSD2 with the user's consent.
Payment Initiation Service (PIS)β
An Open Banking service that lets a Third-Party Provider initiate a payment from a user's account. The Payment Initiation Service (PIS) requires the user to grant consent for each payment.
Bulk Payment Initiation Service (Bulk PIS)β
An Open Banking service that lets a Third-Party Provider initiate several payments in a single request. Bulk Payment Initiation Service (Bulk PIS) is primarily used by accounting and treasury tools to batch outgoing SEPA Credit Transfers.
PSD2β
The second Payment Services Directive, an EU regulation that governs electronic payment services across the European Economic Area. PSD2 requires banks to give regulated Third-Party Providers access to payment accounts through Open Banking interfaces, with the account holder's consent.
Berlin Groupβ
A pan-European standards initiative that defines the API specifications most banks use for Open Banking. Swan's Open Banking interface follows the Berlin Group standard, which gives Third-Party Providers a consistent way to access accounts across the European Economic Area.
Salt Edgeβ
Swan's PSD2 compliance platform for Open Banking. Salt Edge sits between Third-Party Providers and Swan, managing TPP registration, authentication flows, and data formatting to the Berlin Group standard.
Strong Customer Authentication (SCA)β
A PSD2 requirement that protects sensitive banking actions with two independent authentication factors. Strong Customer Authentication (SCA) combines something the user has (such as their phone) with something they know or are (such as a passcode or biometric), and is required for Open Banking consent and payment confirmation.
Consent tokenβ
A 180-day token granting a Third-Party Provider Open Banking access to a user's Swan account. The consent token is issued after the user completes Strong Customer Authentication and must be renewed every 180 days, as required by PSD2.