The Application Programming Interface ( ) security framework, which is based on widely available European or international security standards, lists the minimum security-related requirements applicable to the Request-to-Pay ( ) and Payment Account Access ( ) scheme participants using , regardless of whether they rely on the default European Payments Council ( ) related Specifications or on other specifications. 

The and schemes were designed to use for the communication between scheme participants. Although there are some differences relative to how both schemes operate, as well as a difference in maturity between both schemes, they are sufficiently similar as messaging schemes to allow to define a common security framework. In this context it is to be noted that specificities related to the abovementioned schemes are described in a dedicated annex.

This framework will become mandatory as of 30 November 2023 for the and scheme participants when using .

Document download