Authentication and security

The only way Third Party Account Information Providers can act on the customers’ behalf is if the customer has given explicit consent (authorization) to have such permissions. Consent is valid for up to 90 days. Consent can be revoked by the customer at any time.

To initiate payment on behalf of the customer, the customer will always be asked for Strong Customer Authentication (SCA) to confirm such payment.

Redirect SCA authorization works to access APIs. Customers can give Consent or authorize payments using these SCA methods: MobileSCAN (Latvia, Lithuania), Code card, Code calculator, Mobile-ID (Estonia), Mobile Signature (Lithuania).

APIs are built on EU PSD2 regulation guidelines and standards. No customer data can be accessed by third parties without proper licensing and receiving customer consent or authorization first.

Citadele API contains these endpoints:

  • Get authorization redirect URL – Get the redirection URL where customer authorizes using SCA.
  • Create consent - Create a consent resource, defining access rights to dedicated accounts of a given PSU.
  • Get consent - Reads the exact definition of the given consent.
  • Delete consent - Terminate the addressed consent.
  • Consent status - Read the consent status of the addressed consent.

Notification on Cookie Use

We use our own and third-party cookies on our website in order to make our website and online services easier to use. Find out more in our Cookie Terms and Conditions. You can agree to our use of cookies by selecting Confirm, or reject them by selecting Reject. You can also change or cancel your decision at any time by selecting Cookie Settings. If you choose to reject all cookies, our website will only save the functional cookies necessary for the website to function and be secure, and for which we do not require your permission.

Cookie settings
Full size image