Third-Party Provider Registration
Learn how to register as a third-party payment provider.
Open banking is a regulatory initiative in the UK and EU that allows, with explicit consent from customers, the secure sharing of financial data between financial institutions and authorized third-party providers (TPPs). The intention of open banking is to foster innovation and provide consumers with control over their financial information.
SP-API developers who act as TPPs must disclose to Amazon that they are TPP developers. For more information, refer to Register as a TPP.
TPP developer roles
SP-API has created two open banking roles that are are available to licensed TPPs who want access to the SP-API open banking APIs. These new roles are compliant with the EU's revised Payment Services Directive (PSD2). They use dedicated and secure APIs, which you can use to access an account holder's account and payment services. These roles are:
- Account Information Service Provider (AISP): An authorized AISP can access a customer’s financial account data from the customer's financial institution with customer explicit consent. AISPs are limited to 'read-only' access.
- Payment Initiation Service Provider (PISP): An authorized PISP can view consumer-permission financial data on a bank account and is authorized to make payments on behalf of a customer. This is similar to a 'write' role, but doesn’t necessarily give automatic access to AISP-scoped API data.
Note
The AISP and PISP roles are available in the following marketplaces: ES, UK, FR, BE, NL, DE, IT, SE, and PL.
For more information about SP-API roles, refer to Roles in the Selling Partner API.
Register as a TPP
To register as a TPP developer:
-
Complete the developer profile. In this step, you must provide information about your business and the data access you are requesting. For more information about registering as a developer, refer to SP-API Registration Overview.
-
In the Data Access section, select one or both open banking roles (AISP, PISP).
-
Provide your organization identifier (
orgID
), which is issued by the national competent authority that registered your business as a TPP. For example:PSDGB-FCA-123456
. If you have multiple organization identifiers, include them as a comma-separated list. -
After you enter all the requested information, choose Register. Amazon evaluates your request and notifies you of the outcome. For more information this process, refer to Developer Registration Request Status.
Make calls as a TPP developer
After your TPP registration is approved, you can create applications that use the open banking roles to make calls on behalf of sellers using their applications. The process to create TPP applications and set up auth workflows is the same as with regular SP-API applications. For more information, refer to Register your application.
Sellers are able to authorize your applications just like any regular SP-API application. For more information, refer to Authorizing Selling Partner API Applications.
If your calls are made to the open banking APIs, you must also provide an additional certificate and a signed payload in the request headers (in addition to the existing information that is required for an SP-API call).
The new TPP headers are:
Header name | Description | Required | Comments |
---|---|---|---|
x-amzn-psd2-certificate | Base64 encoded TPP certificate ( -----BEGIN CERTIFICATE-----MIIKWzCCC... -----END CERTIFICATE----- ). | Yes | Invalid or incorrect certificates result in a denied request. |
x-amzn-content-digest | SHA-256 digest of the request payload ( sha-256=:d435Qo+nKZ+gLcUHn7GQtQ72hiBVAgqoLsZnZPiTGPk=: ). The format is defined in RFC 9530. Note that the key is x-amzn-content-digest , not Content-Digest . | Yes | For requests without payload, create sha-256 digest on an empty string. |
Signature-Input | The Signature-Input header is defined in RFC 9421. | Yes | |
Signature | The Signature header is defined in RFC 9421. | Yes |
For information about standard SP-API headers, refer to Step 3. Add headers to the URI in the Connecting to the Selling Partner API guide.
For additional information about TPP headers, refer to Third-Party Provider Signature Guidance.
Updated 5 days ago