PSD2 APIs
We combine the scale, knowledge, dedication, and experience to provide the ideal platform for your ideas to flourish. Through our PSD2 APIs and with the approval of the customer, you can access account information and perform payments.
Get Started in 5 easy steps
1. Browse our APIs
Dig around and explore our APIs. Sample code is available so that you can make sample calls. Explore documentation and find out what we offer.
2. Sign up for free to experiment
Sign up for free on our Sandbox portal to get started and experiment with our APIs.
The API Sandbox offers the same collection of APIs as the BoC API Store that opens the gateway to banking functionality.
Use the BoC API Sandbox as a starting point to integrate your application and test the functionality of our APIs before registering with the Bank and obtaining access to the API Store.
3. Register an application
Before you use an API on Sandbox, you need to register an application. Once you sign in and complete the registration, you will receive a unique client ID and client secret password. You must use the client ID when calling an API as proof of identity.
4. Subscribe to a plan
Finally, now that your application is registered, you need to subscribe to a plan on Sandbox. The plan determines the number of API calls that your application can make.
5. Get Access to our API Store to provide account and payment services
The BoC API Store offers a collection of APIs through which BoC opens the gateway to core banking functionality, allowing you to act as a third party provider on payment and account information, defining the best experiences of tomorrow for your customers.
Note: If you are a PSD2 TPP, authorized by any European competent authority and interested in providing account information or payments initiation services, then you are required to use digital eIDAS certificates (Qseal, QWAC). You can register using our Registration APIs. You need to use your eIDAS QWAC as a transport certificate and sign the payload with your eIDAS QSeal certificate to generate a JWS that will be passed as the body in the API call.
Note: For PSD2 APIs use domain "https://apis-secure.bankofcyprus.com" and pass your eIDAS QWAC certificate in the request.