Data Sharing Services API Principles for Payment Services (“Guide”) was published on 16 February 2022 by the Central Bank of Turkey General Directorate of Payment Systems and Financial Technologies.
The Guide aims to regulate the API principles and rules of data sharing services on payment order initiation service and account information services (“Services”) in accordance with Payment Services Directive 2, which recently added to Law numbered 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (“Law numbered 6493”)
Notable regulations in the Guide are as follows:
- The regulations regarding the consent to be obtained for the Services are included in chapter 4 of the Guide, and the provision of the Services is dependent on the consent of the user. How to obtain consent for services is regulated in Law numbered 6493 and secondary legislation. The Payment Service User (“User”) begins the Services with the establishment of customer consent. Consent status may change as a result of the transactions made by the User through the Authorized Payment Service Provider application. Regulations regarding whether consent can be mandatory or optional in processes are included in chapters 6 and 7 of the Guide.
- The format of the data, encoding of characters, authorization types, pagination, filtering, message signing, masking rules (in accordance with the standards used by banks) are technically regulated within the framework of the relevant rules.
- Strong authentication has been made mandatory. Within the framework of these rules, the importance of strong authentication has been emphasized, and the relevant provisions will apply with reference to the payment laws.
- The Guide also includes regulations on defining and managing client certificates for the service to be provided over the API.
- Server certificates must contain endpoint information (Fqdn) and must be submitted as signed by a global Certification Authority.
- In addition, the API data flow is presented as an example in the Guide.
You can access the full text of the Guide published from this link. (Only available in Turkish)