PSD2 and API

API Introduction

At PingPong, the best way to create value for our customers is through openness and collaboration. We’ve transformed the regulatory compliance, security, and licensing requirements into an end-to-end international payment solution via API services, allowing our clients to access other opportunities worldwide via a single API integration with their preferred TPPs.

Our APIs are built in Java, using the Spring framework for high scalability and robustness, and secured via IP whitelisting and SHA-256 hashing. To secure data transferred in our API and ensure maximum convenience for TPPs, we have applied the eIDAS framework, relying on qualified certificates for mutual identification and authentication while establishing a secure communications channel using transaction layer security (TLS).

API Service Scope

Our APIs are designed to be flexible and give you control over how and when you convert currencies, make payments and manage your accounts. Below are the available services you can access via API endpoints currently:

  • Balance Enquiry
  • Transaction Authorization
  • Access Transaction Records

More API services will be made available in the near future.

API Access Procedure

  1. Pre-Test
    Explore our API documentation and dedicated sandbox environment.
  2. Connection
    Contact PingPong to help you set up the API connectivity.
  3. Go-Live
    Go-live with the API integration.

Our API has been designed with RESTful principles to make integration familiar, easy and quick. You can find the API documentation here.

Purpose of SCA

As remote electronic payment transactions are subject to a higher risk of fraud, Strong Customer Authentication (SCA) must be applied. It is a mandatory and crucial rule for European payment institutions, which aims to reduce the likelihood of fraudulent activity taking place and enhance the protection of user information.

SCA Implementation Process

At PingPong, we perform SCA through a two-factor authentication method (2FA) using ‘knowledge’ (something only the user knows, such as a password) and ‘possession’ (something only the user possesses, such as a one-time code generated by a security token or access through a trusted device, such as an SMS).

The SCA process is implemented as below:

  1. Input your account information
    When initiating a payment or accessing account information, customers must input their login username and password on the screen displayed by PingPong. 
  2. Two-factor authentication
  3. To perform the SCA 2fa process, customers need to input the verification code or one-time 6-digit confirmation code received via SMS.
  4. Confirm access
    Upon successfully entering the passcode, customers will be authenticated, and the action processed.

You can find a detailed description of the SCA integration in the API documentation, which is published here.

Availability and performance statistics

Quarterly statistics on the availability and performance of our interfaces are available here.

Contact us

If you have questions, do not hesitate to contact us at psd2-api@pingpongx-eu.com.

Company
Products