The Application Programming Interface (
) security framework, which is based on widely available European or international security standards, lists the minimum security-related requirements applicable to the
Request-to-Pay (
) and
Payment Account Access (
) scheme participants using
, regardless of whether they rely on the default European Payments Council (
)
related
Specifications or on other
specifications.
The
and
schemes were designed to use
for the communication between scheme participants. Although there are some differences relative to how both schemes operate, as well as a difference in maturity between both schemes, they are sufficiently similar as messaging schemes to allow to define a common
security framework. In this context it is to be noted that specificities related to the abovementioned schemes are described in a dedicated annex.
This framework will become mandatory as of 30 November 2023 for the and scheme participants when using .