Open Banking

TPP: AIS, PIS & Consent

Go deep on regulated open banking as a TPP: consent that holds up in audit, payment initiation that survives SCA friction, and APIs that banks can actually integrate with.

Format: 2 weeks · instructor-led or self-paced options · certificate of completion · examples from our production builds (Meras, Infinipi, and others).

Course fee

$1,800

Students (50% off): $900 — valid student ID required

Apply for this course All courses

What you will be able to do

  • Model AIS vs PIS obligations, data minimization, purpose limitation, and retention.
  • Implement consent UX + back-channel flows aligned with PSD2-style patterns and global analogues.
  • Handle tokens, refresh, revocation, and ASPSP certificate rotation without outages.
  • Design redirect vs decoupled / app-to-app authentication trade-offs.
  • Build operational controls: consent registry, PSU identifiers, PSU-ASPSP binding.
  • Prepare DPIA-style thinking and vendor/contract clauses for live TPP programs.

Syllabus

Week 1 — Consent, identity & AIS foundations

  • Regulatory framing: TPP roles, ASPSP interfaces, directory/registry concepts (EU and comparable regimes).
  • Consent resource model: scopes, expiration, withdrawal, proof of consent, audit trail.
  • OAuth2/OIDC patterns in banking: authorization servers, mTLS, JWS/JWT where used.
  • Account information: balances, transactions, standing orders, parties—normalization layers.
  • SCA building blocks: possession, inherence, knowledge; dynamic linking for PIS.
  • Error spaces: TEMP vs permanent failures, PSU remediation journeys.
  • Sandbox vs production: test PSU personas, certificate plumbing, IP allowlists.

Week 2 — PIS, operational readiness & scale

  • Payment initiation lifecycle: setup, execution, settlement alignment with rails.
  • Idempotency and exactly-once user experience; strong customer authentication stepping.
  • Multi-ASPSP aggregation: routing, health checks, fallback messaging.
  • Security: mTLS key management, JWKS rotation, secure secret storage, breach response hooks.
  • Observability: per-ASPSP success rates, consent funnel analytics, latency SLOs.
  • Commercial & legal: liability themes, SLA expectations, incident notification.
  • Capstone: end-to-end sequence diagrams + consent record schema + PIS status model.

Tools & concepts

REST banking APIs mTLS JWS/JWT Sequence modeling Key management patterns SCA UX

Capstone

Deliver a TPP integration blueprint: consent API fields, AIS sync strategy, PIS state machine, and a runbook for ASPSP outages.

Who should attend

Engineers and PMs building account aggregation, PFM, lending orchestration, or merchant checkout via bank rails.

Prerequisites

Basic OAuth familiarity helps; we cover banking-specific constraints in depth.

Ready to join?

Submit the form below or open the registration page with this course pre-selected.

Go to application

Apply for this course

Fee $1,800 · 2 weeks. Students receive 50% off with valid ID. We will email payment instructions and next steps after you submit.

Corporate or bulk seats? Contact us. For other courses see all trainings.