Glossary
Here's a list of the most common terms and definitions used within the Token.io docs.
-
Online API docs containing the programmatic definitions of every type and method applied using the C# SDK.
-
Two-factor authentication (2FA) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information.
-
The HTTP 404, 404 Not Found, 404, 404 Error, Page Not Found, File Not Found, or Server Not Found error message is a Hypertext Transfer Protocol standard response code when a URL specifies an indeterminate address.
-
Account-to-Account – payments that move money directly from one account to another without the need for additional intermediaries or payment instruments, such as cards.
-
Refers to an individual, business, or organization that holds or has held an account with the bank.
-
Account numbers and other strings that identify a unique bank account.
-
Automated Clearing House – network used for electronically moving money between bank accounts across the United States.
-
Payment status; AcceptedTechnicalValidation – authentication and syntactical and semantical validation are successful.
-
Advanced Encryption Standard – one of the most frequently used and most secure encryption algorithms available today. It is publicly accessible, and it is the cipher which the NSA uses for securing documents with the classification "top secret".
-
Account Information Service – supports TPP secure access to customer accounts and data, but only with the bank-verified consent of the customer.
-
Account Information Service Provider – a TPP authorized to access consumer or business account data from the account holder's financial institutions with the account holder's explicit consent.
-
Account Information Service Provider. An Account Information Service provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).
-
Application Load Balancer – functions at the application layer, the seventh layer of the Open Systems Interconnection (OSI) model. After the load balancer receives a request, it evaluates the listener rules in priority order to determine which rule to apply, and then selects a target from the target group for the rule action. You can configure listener rules to route requests to different target groups based on the content of the application traffic. Routing is performed independently for each target group, even when a target is registered with multiple target groups. You can configure the routing algorithm used at the target group level. The default routing algorithm is round robin; alternatively, you can specify the least outstanding requests routing algorithm.
-
Application-Layer Protocol Negotiation – a TLS extension that includes the protocol negotiation within the exchange of hello messages. ALPN is able to negotiate which protocol should be handled over a secure connection in a way that is more efficient and avoids additional round trips. The ever-growing in popularity HTTP/2 protocol, makes use of ALPN to further decrease website load times and encrypt connections faster.
-
Android App Links are http URLs that send users to a specific in-app location or relevant webpage. App Links improve the user experience by eliminating the time users otherwise waste on navigating to specific content. Android App Links ensure the user is taken directly to a specific in-app location. In cases where the app is not installed, users can go directly to content on your website by leveraging HTTP URLs and an associated domain.
-
Stores cryptographic keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the key material remaining non-exportable. Moreover, it offers facilities to restrict when and how keys can be used, such as requiring user authentication for key use or restricting keys to be used only in certain cryptographic modes. See Security Features section for more information.
-
Application Programming Interface – a set of definitions and protocols for building and integrating application software. APIs let your product or service communicate with other products and services without having to know how they’re implemented.
-
Unique identifier used to authenticate a TPP developer or calling program to the Open Banking API; allows you to test and validate your integration in our sandbox environment. Your API Key serves many of the same functions provided by your private key in production. CAUTION: Do not share your API Key with anyone outside your organization.
-
Apple Push Notification Service – a platform notification service created by Apple Inc. that enables third party application developers to send notification data to applications installed on Apple devices.
-
Action Script Communication files (also known as ASCII files) are used for posting online security notices, as well as securely transmitting messages via email and text.
-
Account Servicing Payment Services Provider – any financial institution that offers a payment account with online access. This includes banks and building societies. PSD2 requires ASPSPs to provide access to trusted third parties for initiating payments and accessing account information.
-
Also called an access token, this key is a string representing your permissions to use the Token Platform. Key-based authentication uses asymmetric cryptographic algorithms, with public and private keys, to confirm your identity.
-
Bankers Automated Clearing Services – an electronic payment made directly from one UK bank account to another, taking up to three working days to arrive. There are two main types of Bacs payment - Direct Credit, which is a bank transfer, and Direct Debit, where one party automatically takes payment from another party’s account with their authorization.
-
Open Banking registration entailing bank-required certificate and key exchange with signing authority. When successful, TPP receives a client ID and client secret as an approved PISP and/or AISP with the bank.
-
Proprietary clearing system (a giro) in Sweden used for transactions such as bill payments. It is owned by Swedish banks. The clearing system is connected with the banks enabling payments to be received directly into bank accounts.
-
Time specfiied in milliseconds since the Epoch (January 1st 1970, 00:00_00.000).
-
Basic Bank Account Number – represents a country-specific bank account number. The BBAN is the last part of the IBAN when used for international funds transfers. Every country has its own specific BBAN format and length. See https://www.mobilefish.com/services/bban_iban/bban_iban.php for help with BBAN conversion.
-
Business current account
-
An authentication method using security tokens. Bearer authentication is understood to mean: "Give access to the bearer of this token."
-
A short, unguessable string identifying a Token.io user-session.
-
This is the payee or the party in control of the "to" (receiving) account in a transaction; typically, the TPP initiating the transaction.
-
Currency code for the official currency of Bulgaria, called the lev (plural = leva).
-
Business Intelligence – processes and methods of collecting, storing, and analysing data from business operations or activities to optimize performance.
-
Bank Identifier Code – a unique identifier for a specific financial institution. A BIC is composed of a 4-character bank code, a 2-character country code, a 2-character location code and an optional 3-character branch code.
-
Process by which the size of a binary file is reduced by re-encoding it to use fewer bits of storage.
-
binary large object – collection of binary data stored as a single entity. Blobs are typically images, audio or other multimedia objects, though sometimes binary executable code is stored as a blob. They can exist as persistent values inside some databases, or exist at runtime as program variables in some languages.
-
A blocking call results in the task being suspended [put to sleep]; the task will be woken when the request can be fulfilled. A non-blocking call results in an error code being returned.
-
An alternative to Express Elixir, the Blue Cash system does not have one dedicated account common to all participants. Instead, interbank transfers are executed on special intermediate accounts.
-
Bankleitzah – an 8 digit code used for money transfers with domestic banks in Germany. The code is used to identify an individual branch of a financial organization in Germany. For international monetary transfers, a SWIFT Code is used with Bankleitzahl and Account Number.BLZ consists of 8 digits. The first 4 digits identify the banking company, the latter 4 digits are assigned to a branch.
-
Development tool compiles node.js-style modules for use in a browser. Just like node, you write your modules in separate files, exporting external methods and properties using the module.exports and exports variables.
-
Tools that automatically compile your software's source code into machine code using a build script.
-
One payment to a list of recipients from a single bank account. The bulk list transaction shows as a single debit on the accountholder's bank statement.
-
General-purpose, multi-paradigm programming language encompassing strong typing, lexically scoped, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines. It was developed around 2000 by Microsoft as part of its .NET initiative, and later approved as an international standard by Ecma (ECMA-334) and ISO (ISO/IEC 23270:2018).
-
A certificate authority (CA), also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.
-
Cache-control is an HTTP header used to specify browser caching policies in both client requests and server responses. Policies include how a resource is cached, where it’s cached and its maximum age before expiring (i.e., time to live).
-
Confirmation of Available Funds – A CBPII begins the Confirmation of Funds journey by registering a request to confirm funds of a PSU. The CBPII must then obtain consent from the PSU in order to authorize the request, enabling it to request the information. Once the request is authorized, the CBPII will be able to invoke Confirmation of Funds API to the confirm availability of funds in the PSU account.
-
Card Based Payment Instrument Issuer – a payment services provider that issues card-based payment instruments and allows its customers to pay from bank accounts.
-
Content Delivery Network – a highly-distributed platform of servers that helps minimize delays in loading web page content by reducing the physical distance between the server and the user. ... Without a CDN, content origin servers must respond to every single end user request.
-
Clearing House Automated Payments System – used by large financial institutions that need to transfer billions of dollars worth of currency each day. To assist in these transfers, CHAPS enables real-time fund transfers and can accommodate frequent large transfers with virtually no delay. The speed of CHAPS also substantially eliminates the risk that senders will cancel their transfers before they are accepted by the recipient. CHAPS is administered by the Bank of England (BoE) and is used by 30 participating financial institutions. Approximately 5,500 additional institutions also engage with the system by way of partnership agreements with the 30 primary members.
-
A desktop computer, laptop, smartphone or tablet, as well as any other electronic device that sends or receives data from a server. The term implies a connection to a wired or wireless network.
-
As part of the Open Banking initiative, the CMA9 are the nine largest banks in the UK as determined by the Competition and Markets Authority (CMA). The CMA is an independent department of the UK government chartered to promote market competition and fairness, and reduce any harmful monopolies.
-
The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done.
-
Definition for consectetur.
-
Mechanism which confirms that a user has granted permission to share the user's data. Consent means the user (i) authorizes a third party to access their data, and (ii) authenticates that the third party is who it claims to be. By law, data sharing is confined to quantifiable information about a bank account – balance, transactions, earned interest (where applicable), and account history). No personal or bank-confidential information about the accountholder may be shared.
-
An HTTP-header mechanism that allows a server to indicate any origins other than its own — domain, scheme, or port — from which the browser should permit the loading of resources.
-
Commercial off-the-shelf – a product designed to be easily installed and to interoperate with existing system components.
-
Financial institution servicing an account for the creditor.
-
A company registration number (CRN) is a unique number issued by Companies House when a company is incorporated in the UK. It is usually 8 numbers, or 2 letters followed by 6 numbers.
-
A CSR or Certificate Signing Request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is created at the same time to make a key pair. A CSR is generally encoded using ASN.1 according to the PKCS #10 specification. A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.
-
Cross-site request forgery, also known as XSRF, Sea Surf or Session Riding – is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request from a forged one. Token guards against this type of attack by checking each request against the session ID.
-
CSS stands for Cascading Style Sheet; it specifies a webpage's style—page layouts, colors, and fonts are all determined with CSS.
-
Client URL – a command line tool to transfer data to or from a server, using any of the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP or FILE). curl is powered by Libcurl. This tool is preferred for automation, since it is designed to work without user interaction. curl can transfer multiple files at the same time.
-
A customized/hybrid transfer destination type supported by the connected bank.
-
Currency code for the Czech koruna, the official legal tender in the Czech Republic.
-
The Date general HTTP header contains the date and time at which the message was originated.
-
DBA stands for "doing business as." Often called a trade name, fictitious name, or assumed name, a DBA allows you to conduct business under a name other than your own legal name (or registered business name).
-
Destributed Denial Of Service – an attacker's attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications. In a DoS attack, it’s one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.
-
The DER format is the binary form of the certificate. DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements.
-
Systems designed to operate as fundamentally distinct; not originally intended to exchange data or interact with each other at a native level. Such systems require appropriate APIs to bridge the communications divide.
-
Currency code representing the official currency of Denmark, the krone (plural = kroner).
-
Distinguished Name – a string that uniquely identifies an entry in the LDAP Directory Information Tree (DIT).
-
Banks make domestic wire transfers (as opposed to international wire transfers) to send funds to financial institutions residing in the same country or financial zone.
-
Any clearing and settlement mechanism or electronic retail payment system (ERPS) approved for domestic interbank transfer within a given EU member's borders. Depending on the country in question. such systems are built on different platforms and based on varying payment products and services to allow firms, individuals, government and other economic agents to transfer money on a daily basis without having to use cash.
-
Domain-specific language – programming language with a higher level of abstraction optimized for a specific class of problems. A DSL uses the concepts and rules from the field or domain. DSLs are typically less complex than a general-purpose language, such as Java, C, or Ruby.
-
An an online merchant selling products or services over the Internet.
-
European Banking Authority – EU agency tasked with implementing a standard set of rules to regulate and supervise banking across all EU countries.
-
Elliptic Curve Digital Signature Algorithm – DSA using elliptic curve cryptography, an approach based on the algebraic structure of elliptic curves over finite fields. ECDSA requires smaller keys to provde equivalent security. SHA256 is a novel hash function computed with 32-bit words.
-
Edwards-curve Digital Signature Algorithm – a digital signature scheme using a variant of the Schnorr signature based on twisted Edwards curves. It is designed to be fast without sacrificing security.
-
Electronic Identification, Authentication and Trust Services – an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. See https://ec.europa.eu/ digital-single-market/en/discover-eidas for the rules and regulations.
-
Under the eIDAS Regulation (EU) No 910/2014, a qualified certificate for electronic signature refers to “a certificate for electronic signatures, that is issued by a qualified trust service provider” and meets the requirements specified within the regulation.
-
A payments system that ensures electronic interbank settlement in Poland. Transactions directed to the system are settled within one of three Elixir sessions held each business day and closed on the same day in the National Bank of Poland's SORBNET2 system, which guarantees interbank transfer of funds.
-
Asymmetric key cryptography algorithm combined with elliptic curve digiral signature algorithm (ECDSA) using P-256 and SHA-256.
-
Also known as JavaScript 6.
-
JavaScript features in ECMAScript 2016 introduced since ES6 (EMCAScript 2015).
-
Documentation generator for JavaScript.
-
JavaScript documentation generator
-
Currency code representing the euro, the official currency for 19 of the 28 members of the European Union (EU).
-
Security standard for storing account information on credit cards. It’s an alternative to the magnetic stripe (mag stripe) that has traditionally been used to store information on the backs of cards in the United States. EMV stands for “Europay, Mastercard, and Visa,” the three companies who began this initiative.
-
An instant payment clearing system in Poland which allows the direct execution of the transaction from the payer's account in one bank to the payee's account in another bank. It supports transaction settlement in near real time, without any intermediary institutions.
-
High-availability system capability that automatically and seamlessly switches to a reliable alternate or backup upon failure of a primary instance to eliminate, or at least reduce, the impact on system users when a service failure occurs.
-
UK banking initiative to reduce payment times between different banks' customer accounts down to a few seconds from the three working days transfer time imposed under the BACS system.
-
Firms and individuals must be authorized by the Financial Conduct Authority (FCA) equivalent in each country to carry out regulated financial service activities and offer credit to consumers. For the list of FCA-equivalent regulators outside of the UK, please visit https://www.fca.org.uk/firms/passporting/regulators-eu-eea
-
Firebase Cloud Messaging – a cross-platform messaging solution that lets you reliably send messages at no cost.
-
Future-dated Payment – an interbank transfer initiated for scheduled execution on a future date.
-
Broadly, fintech describes any company using the internet, mobile devices, software technology or cloud services to perform or connect with financial services.
-
Faster Payments Service – UK banking initiative to reduce payment times between different banks' customer accounts from the three working days that transfers take using the long-established BACS system to typically a few seconds.
-
Financial Services Authority, also called National Competent Authority, or NCA.
-
Instructs the bank to disburse funds to the destination account on a specific date (the execution date).
-
General Availability release – the most recently released version of the product that is available to the public.
-
Technology provider that captures and transfers payment data from the customer to the acquirer and then transfers the payment acceptance or decline back to the customer.
-
Domestic bank account identifier in the United Kingdom. Contains accountNumber and sortCode. The ISO country code is assumed to be GB.
-
Currency code representing the British pound sterling, the official currency of the United Kingdom, the British Overseas Territories of South Georgia, the South Sandwich Islands, and British Antarctic Territory and the U.K. crown dependencies the Isle of Man and the Channel Islands.
-
Stands for General Data Protection Regulation, Europe's new framework for data protection laws that replaces the previous 1995 data protection directive. It is intended to harmonize privacy and data protection laws across Europe while helping EU citizens better understand how their personal information is being used, encouraging them to file a complaint if their rights were violated.
-
Gradle is an open-source build-automation system that builds upon the concepts of Apache Ant and Apache Maven and introduces a Groovy-based domain-specific language (DSL) instead of the XML form used by Apache Maven for declaring the project configuration. Gradle runs on the JVM and you must have a Java Development Kit (JDK) installed to use it. This is a bonus for developers familiar with the Java platform as you can use the standard Java APIs in your build logic, such as custom task types and plugins. It also makes it easy to run Gradle on different platforms. Note that Gradle isn’t limited to building just JVM projects, and it even comes packaged with support for building native projects.
-
Gradle builds a script file for handling two things: projects and tasks. Every Gradle build represents one or more projects. A project represents a library JAR or a web application or it might represent a ZIP that's assembled from the JARs produced by other projects.
-
Apache Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities for the Java platform aimed at improving developer productivity thanks to a concise, familiar and easy to learn syntax. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming.
-
Open source remote procedure call (RPC) framework that can run anywhere. It enables client and server applications to communicate transparently, and makes it easier to build connected systems. gRPC uses protocol buffers, Google's mature open source mechanism for serializing structured data — think XML, but smaller, faster, and simpler.
-
Allows bank customers to make payments from their bank accounts to a TPP, or grant access for their bank account(s) information to a TPP, without having to pre-register with Token to link the bank accounts.
-
Round-half-even algorithm, often referred to as Banker's Rounding because it is commonly used in financial calculations. Half-way values are rounded toward the nearest even number. Thus, 3.5 will round up to 4 and 4.5 will round down to 4.
-
DNS stands for Domain Name System which is a hierarchical naming system created for translating host names to IP addresses. A Host Name is simply a name identifying a computer on a network or a domain on the Internet. A DNS Server is a server computer that provides DNS services.
-
Hardware Security Module – a secure physical device—typically an external device that can be plugged into a computer—that’s designed for cryptoprocessing. Cryptoprocessors such as HSMs use algorithms to encrypt data to offer an increased level of security.
-
A real-time gross settlement system (RTGS) for large and time-sensitive transactions, as well as multilateral netting for small value payments. HSVP is owned and operated by the Croatian central bank (Hrvatska narodna banka, or HNB).
-
The 500 Internal Server Error is a very general HTTP status code that means something has gone wrong on the web site's server but the server could not be more specific on what the exact problem is.
-
HTTP 1.1 is the latest version of Hypertext Transfer Protocol (HTTP), the World Wide Web application protocol that runs on top of the Internet's TCP/IP suite of protocols. HTTP 1.1 provides faster delivery of Web pages than the original HTTP and reduces Web traffic.
-
An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation to the user agent (i.e., a web browser) to make a second, otherwise identical, request to the new URL specified in the location field. The end result is a redirection to the new URL.
-
A HTTP API is ANY API that makes use of HTTP as its transfer protocol.
-
Extends HTTP and centers around three qualities rarely associated with a single network protocol without necessitating additional networking technologies – simplicity, high performance and robustness. These goals are achieved by introducing capabilities that reduce latency in processing browser requests with techniques such as multiplexing, compression, request prioritization and server push.
-
Currency code representing the national currency of Hungary, called the Forint.
-
International Bank Account Number – a number attached to all bank accounts in the EU countries, plus Norway, Switzerland, Liechtenstein and Hungary. The IBAN is made up of a code identifying the country to which the account belongs, the account holder's bank, and the account number itself.
-
Integrated Development Environment – developer tools that include a text editor, a project editor, a tool bar, and an output viewer. IDEs can perform a variety of functions. Notable ones include write code, compile code, debug code, and monitor resources. Examples of IDEs include NetBeans, Eclipse, IntelliJ, and Visual Studio.
-
From a RESTful service standpoint, for an operation (or service call) to be idempotent, clients can make that same call repeatedly while producing the same result. In other words, making multiple identical requests has the same effect as making a single request. Note that while idempotent operations produce the same result on the server (no side effects), the response itself may not be the same (e.g. a resource's state may change between requests).
-
Immutable class means that once an object is created, you cannot change its content. In Java, all the wrapper classes (like Integer, Boolean, Byte, Short) and String class are immutable.
-
The process of avoiding work by tracking input and output tasks, and by only running the parts of the code/files that have changed.
-
From a RESTful service standpoint, for an operation (or service call) to be idempotent, clients can make that same call repeatedly while producing the same result. In other words, making multiple identical requests has the same effect as making a single request. Note that while idempotent operations produce the same result on the server (no side effects), the response itself may not be the same (e.g. a resource's state may change between requests).
-
Secure procedures or measures used to protect electronic data from unauthorized access or use.
-
Characteristic of a product or system, whose interfaces are completely understood, to work with other products or systems, at present or in the future, in either implementation or access, without any restrictions.
-
Universal Links are standard web links (http://mydomain.com) that point to both a web page and a piece of content inside an app. When a Universal Link is opened, iOS checks to see if any installed app is registered for that domain. If so, the app is launched immediately without ever loading the web page.
-
IPv4 addresses are represented in dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots, e.g., 172.16.254.1.
-
Two-letter country codes defined in ISO 3166-1, part of the ISO 3166 standard published by the International Organization for Standardization (ISO), to represent countries, dependent territories, and special areas of geographical interest.
-
Codes for the representation of names of languages—Part 1: Alpha-2 code, is the first part of the ISO 639 series of international standards for language codes. Part 1 covers the registration of two-letter codes. There are 184 two-letter codes registered as of December 2018. The registered codes cover the world's major languages. See https://www.iso.org/iso-639-language-codes.html
-
Internet Engineering Task Force – Internet standards body, developing open standards through open processes. IETF is the international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. The technical work of the IETF is done in Working Groups, which are organized by topic into several Areas. Much of the work is handled via mailing lists. The IETF holds meetings three times per year.
-
Java ARchive – package file format used to aggregate Java class files and associated metadata and resources (text, images, etc.) into one file for distribution. JAR files are archive files that include a Java-specific manifest. They are downloaed in ZIP format and have a .jar file extension when decompressed.
-
Programming language and computing platform first released by Sun Microsystems in 1995. There are lots of applications and websites that will not work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!
-
Standard Java API documentation in HTML format; parses the declarations in a source file into documentation describing classes, methods, constructors, and fields.
-
Often abbreviated as JS, JavaScript is an interpreted programming language that conforms to the ECMAScript specification — high-level, often just-in-time compiled, and multi-paradigm. It has curly-bracket syntax, dynamic typing, prototype-based object-orientation, and first-class functions. Alongside HTML and CSS, JavaScript is one of the core technologies of the World Wide Web. All major web browsers have a dedicated JavaScript engine to execute it.
-
Jfrog is a oftware company that assists DevOps organizations with continuous development and continuous improvement (CD/CI). Its most well-known product is Artifactory, which is a binary repository manager similar to Sonatype Nexus. It’s commonly used in DevOps environments for CI/CD pipelines and supports a number of software package formats, including Maven, Debian, npm, Helm, Ruby, Python, and Docker, with features like high availability, replication, disaster recovery, and scalability.
-
JavaScript Object Notation – a lightweight format for storing and transporting data, often when data is sent from a server to a web page.
-
Java Virtual Machine – a program that executes other programs. It has two primary functions: to allow Java programs to run on any device or operating system (known as the "Write once, run anywhere" principle), and to manage and optimize program memory.
-
A JSON Web Key Set endpoint is a read-only endpoint that contains the public keys' information in the JWKS format. The public keys are the counterpart of private keys which is used to sign tokens. The specification is found at https://tools.ietf.org/html/rfc7517.
-
JSON Web Signature – a signed JSON Web Token (JWT).
-
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
-
A key is the parameter that determines the functional output of a cryptographic algorithm. Encryption/decryption algorithms require a key to specify the transformation of plaintext into ciphertext, and vice versa. Keys also specify transformations of digital signatures and message authentication codes. A key store protects keys held in storage.
-
Know Your Customer or Know Your Client – guidelines in financial services that require verification of the identity, suitability, and risks involved with maintaining a business relationship.
-
Transport layer for transmission of data between points on a network.
-
Application layer nearest to the end user. The user and the application are directly interacting, communicating with both.
-
Official currency of Bulgaria. Its currency code is BGN, and it is made up of 100 stotinki.
-
Regulatory permission to conduct open banking/PSD2 business as an Account Information Service Provider (AISP), a Payment Initiation Service Provider (PISP), or both. You apply for licencing to the FCA and/or its European counterparts by enrolling in the Open Banking Directory, which includes verified details of all participants – a crucial part of the Open Banking ecosystem.
-
Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.
-
Merchant Category Code – Every transaction processed by the card networks is assigned a merchant category code (MCC), a four-digit number that denotes the type of business providing a service or selling merchandise. MCCs are used by card issuers to categorize, track or restrict certain types of purchases. MCC can affect the interchange rate and CC processing fees, as well as how customers are rewarded for purchases they make with their credit card.
-
End users (customers/payers), merchants, and third-party providers are all members of the Token network, exchanging funds and/or information via open yet highly secure transactions with TokenOS.
-
Merchants are retailers that want/need to support the new checkout methods, payment services, payment channels, and payment technologies offered through open banking.
-
Data that provide information about other data or summarises basic information about data.
-
Functioning like connective tissue between systems, applications and data, OS-agnostic middleware provides common services and capabilities like messaging, authentication, and API management.
-
Used for IBAN validation, the first four characters of the IBAN number are pulled out from the beginning and are appended at the end of the string. Next, all the letters in the obtained string of characters are replaced by the ASCII value of their corresponding uppercase letter decreased by 55 (ascii value −55). The modulus of this number (x, with respect to 97) is then checked. If the modulus is 1, then it is a valid IBAN number.
-
The modulo operation (abbreviated “mod”, or “%” in many programming languages) is the remainder when dividing. For example, “5 mod 3 = 2” which means 2 is the remainder when you divide 5 by 3.
-
Mobile Station International Subscriber Directory Number – full phone number of a cellphone, including the country code and any area code or similar code issued by that country. Its maximum length is 15 digits.
-
Mutual Transport Layer Security – common security practice that uses client TLS certificates to provide an additional layer of protection, allowing it to cryptographically verify the client information.
-
Mutual Authentication, also commonly referred to as Two-Way Authentication or Two-Way SSL, refers to the combination of both Server and Client Authentication. The authentication is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server in order to establish a secure encrypted channel between them.
-
National competent authorities are organisations that have the legally delegated or invested authority, or power to perform a designated function, normally monitoring compliance with the national statutes and regulations.
-
Common API standard for PSD2 developed by the Berlin Group to create uniform and interoperable communications between banks and TPPs.
-
A JSON/REST API that follows most REST conventions. All URLs use a resource patch and an HTTP method to indicate the desired action on that resource. For example, a GET on /resource lists all resources in the current tenant. A GET on /resource/{id} gets the details of that particular object. A POST on /resource creates a new object. A POST on /resource/{id} updates the details of a specific object.
-
Network Load Balancer – functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration.
-
A native implementation of TLS (and various other cryptographic tools) in JavaScript. The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography utilities, and a set of tools for developing Web Apps that utilize many network resources.
-
Node. js is a platform built on Chrome's JavaScript runtime for easily building fast and scalable network applications. Node. js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
-
Currency code representing the official currency of Norway, called the krone (plural = kroner).
-
Node Package Manager – online repository for the publishing of open-source Node.js projects; a command-line utility that aids in package installation, version management, and dependency management.
-
For C# and .NET (including .NET Core), the Microsoft-supported mechanism for sharing code is NuGet, which defines how packages for .NET are created, hosted, and consumed, and provides the tools for each of those roles.
-
OAuth 2.0 is a protocol that lets a user grant a website limited access to the user's resources from another site, without having to expose the user's credentials.
-
Open Banking Implementation Entity – organization created by the CMA (Competition and Markets Authority) to deiver APIs, data structures and security architectures that enable developers to harness technology, making it easy and safe for account holder's to share their financial information held by the banks with third parties.
-
A general-purpose, object-oriented programming language that adds Smalltalk-style messaging to the C programming language. It was the main programming language supported by Apple for macOS, iOS, and their respective application programming interfaces (APIs), Cocoa and Cocoa Touch, until the introduction of Swift in 2014.
-
eIDAS certificate registered with OBIE (Open Banking Implementation Entity) for use within the UK and its territories; equivalent to QSEAL in the EU.
-
eIDAS certificate registered with OBIE (Open Banking Implementation Entity) for use within the UK and its territories; equivalent to QWAC in the EU.
-
The position in a dataset of a particular record. By specifying offset, you retrieve a subset of records starting with the offset value.
-
Open Knowledge Initiative – organization responsible for the specification of software interfaces comprising a Service Oriented Architecture (SOA) based on high level service definitions.
-
Provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces (APIs). Open banking will allow the networking of accounts and data across institutions for use by consumers, financial institutions, and third-party service providers.
-
One-time password – also known as one-time pin or dynamic password. OTP is valid for only one login session or transaction and is the part of SCA (two-factor authentication)—ensuring authentication via something the user has (a mobile device with SMS or an app that generates and displays the OTP), as well as something the user knows (a valid OTP).
-
Payment Application Data Security Standard – Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to a third party are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS.
-
Used for managing a list of remotely paged (lazy-loaded) objects beginning at an offset (place in the list).
-
A PagedList response returns multiple records, based on an offset and limit. The offset indicates the starting point in the list. Use ‘null’ for the first page. The limit indicates the number of records per page (< 100).
-
Primary Account Number – refers to a 14-, 15-, 16-, or even up to 19-digit number generated as a unique identifier designated for a primary account; also called payment card number and permanent card number.
-
A payment confirmation page is shown when either (a) Token performs the "Redeem Token" part of the flow or (b) the request is submitted "on behalf of" the TPP.
-
Personal current account
-
Payment Card Industry Data Security Standard – a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
-
PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate.
-
Personal Financial Management – refers to software that helps users manage their money. PFM often lets users categorize transactions and add accounts from multiple institutions into a single view.
-
Pretty Good Privacy – cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the Internet. Only the recipient has the key to convert the text back into the readable message on their device.
-
Recursive acronym for Hypertext Preprocessor – a widely-used open source general-purpose scripting language for web development embedded into HTML.
-
Personal Identification Number – a security code for verifying a customer-user's identity.
-
Payment Initiation Service – with the consent of the end-user, initiates a payment from a user-held account upon user authentication.
-
Payment Initiation Service Provider – a TPP that initiates a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
-
Public Key Infrastructure – set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. PKI binds public keys with the identity of an organization or individual. The binding is established through a process of registration and issuance of certificates by a certificate authority (CA).
-
Currency code representing the official currency and legal tender of Poland. It is subdivided into 100 grosz (gr). The widely recognised English form of the currency is the Polish zloty.
-
Formerly PostGirot, PlusGiro is a Swedish money transaction system, owned by Nordea.
-
Specification that describes the dependencies of the targets of one or more Xcode projects. The file should simply be named Podfile . All the examples in the guides are based on CocoaPods version 1.0 and onwards.
-
POJO stands for Plain Old Java Object. It is an ordinary Java object, not bound by any special restriction other than those forced by the Java Language Specification and not requiring any classpath. POJOs are used for increasing the readability and re-usability of a program.
-
Open Banking API standard adopted by banks in Poland to enable TPP access to payment accounts in accordance with PSD2 rules and regulations.
-
Project Object Model – fundamental unit of work in Maven. It is an XML file that contains information about the project and configuration details used by Maven to build the project. It contains default values for most projects.
-
Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. A port number is always associated with the IP address of a host and the type of transport protocol used for communication. It completes the destination or origination network address of a message. Specific port numbers are reserved to identify specific services so that an arriving packet can be easily forwarded to a running application. For this purpose, the lowest-numbered 1024 port numbers identify the historically most commonly used services and are called the well-known port numbers. Higher-numbered ports are available for general use by applications and are known as ephemeral ports.
-
A tool for performing integration testing with your API. It allows for repeatable, reliable tests that can be automated and used in a variety of environments and includes useful tools for persisting data and simulating how a user might actually be interacting with the system.
-
The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present.
-
Software owned by the bank or vendor that developed it. There are typically restrictions in place governing its use and the underlying source code for the software is a closely guarded secret.
-
Specifies how serialized information is structured by defining message types in .proto files. Each protocol buffer message is a small logical record of information containing a series of name-value pairs. Protocol buffers have many advantages over XML for serializing structured data, including being simpler, 3 to 10 times smaller yet 20 to 100 times faster, all whilst being less ambiguous, in addition to generating data access classes that are easier to use programmatically.
-
Revised Payment Services Directive 2 PSD2 provides the legislative and regulatory foundation for Open Banking and other broader initiatives at a UK and European level relating to open access to payment accounts. The European Banking Authority (EBA) recently extended the deadline for PSD2 compliance until December 31, 2020.
-
A PSP is a Payment Service Provider that provides an online service for accepting electronic payments to businesses, merchants and utility companies, amongst others. These payments can be through a number of methods e.g. credit cards, direct debits, real-time bank transfers, cash payments, wallets and prepaid cards. PSPs include banks and other payment institutions.
-
Payment Services User – an individual person or legal business entity making use of an Open Banking service as a payee, payer or both.
-
Cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular recipient, such that the encrypted messages can be deciphered only by using a second key known only to the recipient (the private key ).
-
Qualified Electronic Seal Certificate – a qualified digital certificate under the trust services defined in the eIDAS Regulation. A certificate for electronic seals makes it possible for the owner of the certificate to create electronic seals on any data.
-
Qualified eSeal Certificate – “seals” app data, sensitive documents and other communications to ensure they are tamperproof and originate from a trustworthy source.
-
Qualified Third-Party Service Provider – a TPP authorized in their home country by the financial supervisory competent authority to provide services listed in the PSD2 directive. Qualified Certificates supporting PSD2 include information about the authorization number of the TPP, its home country’s supervisory competent authority and its roles. This information is verified by a Qualified Trust Service Provider (QTSP) when the TPP requests the certificate; after which, this information is included in the certificate for the purpose of identification by others.
-
Qualified Trust Service Provider – trust service that creates, verifies and validates electronic signatures, seals or time stamps, electronically-registered delivery services and certificates that are related to those services. For a trust service to be considered a qualified trust service, the trust service must meet the requirements put forth in the eIDAS Regulation.
-
Qualified Web Authentication Certificate – certificate that validates your identity and role as a Payment Service Provider to your customers and other business, while encrypting and authenticating sensitive data.
-
Internet domain whose fully-qualified domain names (FQDNs) typically all share a domain designation. For example, if example.com is the realm name, the addressable hosts in the realm could then have names like host1.example.com, host2.subdomain1.example.com, etc.
-
The services, feature set, functionality and contents supported by an Open Banking services provider. A bank's realm, for instance, comprises the Open Banking services and products supported by a particular bank. The Token.io realm comprises all the services and feature content supported by Token.io as the TSP; whereas a Reseller's realm is restricted to the services and feature content administered by a particular Token.io Reseller under its reseller agreement with Token.io.
-
API to define a pattern for searching or manipulating strings.
-
A RepositoryHandler manages a set of repositories, allowing repositories to be defined and queried.
-
Interface representing the part of a Token member's account information that can be accessed based on the permissions granted in an access token.
-
Refers to the URL as it is given in the actual HTTP request. In normal HTTP requests, the URL scheme and host have already been handled by the time the request is sent (and the URL fragment does not exist at the HTTP protocol level at all), meaning the Request-URI is a path-absolute-URL string, possibly followed by ? and a URL-query string.
-
PSPs/gateways that use Token as a TSP to offer open banking payments to their customers.
-
REST stands for REpresentational State Transfer, an API architectural structure for distributed hypermedia systems. The key component in REST is a resource. Any information that can be named can be a resource: a document or image, a temporal service, a collection of other resources, a non-virtual object (e.g. a person), and so on. REST uses a resource identifier to identify the particular resource involved in an interaction between components. For more on the fundamentals of REST, visit restfulapi.net.
-
Request for Comments – a formal document from the Internet Engineering Task Force ( IETF ) that is the result of committee drafting and subsequent review by interested parties.
-
Remote Procedure Call – a protocol used by one program to request a service from a program located in another computer on a network without having to understand the network's details. A procedure call is also sometimes known as a function call or a subroutine call. RPC uses the client-server model.
-
A tool that generates C code to implement an RPC protocol. The input is a language similar to C known as RPC Language (Remote Procedure Call Language).
-
Remote Procedure Call Language – identical to the eXternal Data Representation (XDR) language, except for its added program definition.
-
Asymmetric algorithm using a public/private key pair. The identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. Since the public key, as opposed to the private key, doesn’t need to be kept secured, most identity providers make it easily available for consumers to obtain and use (usually through a metadata URL).
-
Public-key cryptosystem for both encryption and authentication. Under RSA, the encryption key is public and it is always different from the decryption key which is kept secret (private). Anyone can use the public key to encrypt a message, but only someone with the private key can decode the message. The RSA acronym is derived from the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1977.
-
Regulatory Technical Standard – detailed specifications to achieve the strict security requirements for payment service providers in the EU.
-
Software as a Service (SaaS) – a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. SaaS is one of three main categories of cloud computing, alongside infrastructure as a service (IaaS) and platform as a service (PaaS).
-
Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that account access for information and electronic payments is safeguarded by multi-factor authentication.
-
Technical standards on strong customer authentication and common and secure methods of communication made by the FCA under Regulation 106A of the Payment Services Regulations (https://www.handbook.fca.org.uk/handbook/glossary/G2621.html).
-
SEPA Instant Credit Transfer – Electronic retail payments processed in real time, 24 hours a day, 365 days a year; funds are made available immediately for use by the recipient.
-
Software Development Kit – the set of software tools and programs used by developers to create applications for the Token platform. Token's SDK includes libraries, documentation, code samples, processes, and guides that developers integrate into their own apps.
-
Apple's hardware-based iOS key manager that’s isolated from the main processor to provide an extra layer of security. When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome.
-
Swedish Krona, official currency of Sweden. One krona is subdivided into 100 öre.
-
Single Euro Payments Area – a payments system created by the European Union (EU) which harmonizes the way cashless payments transact between euro countries. European consumers, businesses, and government agents who make payments by direct debit, instant credit transfer, and through credit transfers use the SEPA architecture. The single euro payment area is approved and regulated by the European Commission. SEPA currently includes 36 members. It encompasses the 28 EU member states along with Iceland, Norway, Liechtenstein, Switzerland, Andorra, Vatican City, Monaco and San Marino. The single euro payment area remains an ongoing, collaborative process between these parties. SEPA is in the process of harmonizing rules regarding mobile and online payments.
-
Euro credit transfers with the funds made available on the account in less than ten seconds at any time and in an area that will progressively span over 27 EU countries and an additional 17 non-EU countries, autonomous regions and territories.
-
Consists of the 28 EU member states together with the four members of the European Free Trade Association (Iceland, Liechtenstein, Norway, and Switzerland), plus Monaco and San Marino.
-
A computer that provides data to other computers. Many types of servers exist, including web servers, mail servers, and file servers. Each type runs software specific to the purpose of the server. For example, a Web server may run Apache HTTP Server or Microsoft IIS, which both provide access to websites over the Internet. A mail server may run a program like Exim or iMail, which provides SMTP services for sending and receiving email. A file server might use Samba or the operating system's built-in file sharing services to share files over a network.
-
Programmatic interface specifications describing services. These interfaces are specified by the Open Knowledge Initiative (O.K.I.) to implement a service-oriented architecture (SOA) to achieve interoperability among applications across a varied base of underlying and changing technologies.
-
Hash function computed with eight 32-bit words.
-
Secure Hash Algorithm 1 – Hashing algorithm governing document and certificate signing. It takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long.
-
A qualified electronic signature is an electronic signature that is compliant to EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. It verifies the authorship of a declaration in electronic data exchange over long periods of time. Qualified electronic signatures can be considered as digital equivalent to handwritten signatures.
-
To sign a request, you first calculate a hash (digest) of the request. Then you use the hash value, some other information from the request, and your secret access key to calculate another hash known as the signature.
-
Market comprising the 28 EU member states toether with the four members of the European Free Trade Association (Iceland, Liechtenstein, Norway, and Switzerland). Monaco and San Marino are also part of SEPA.
-
Single Immediate Payment – an interbank transfer initiated for immediate execution.
-
Stands for Short Message Service and is the most widely used type of text messaging.
-
Standing Order – a series of recurring payments initiated for execution on scheduled dates (or variable dates, where supported) or at a defined frequency between a specified start date and end date.
-
Service-oriented Architecture – a style of software design where services are provided to the other components by application components, through a communication protocol over a network. A SOA service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently.
-
Poland's national RTGS system for high-value and urgent domestic payments. RTGS stands for real-time gross settlement, a continuous process of settling payments on an individual order basis without netting debits with credits across the books of a central bank (i.e., transaction bundling). SORBNET is owned and operated by the National Bank of Poland (NBP). It has 50 direct participants.
-
Number code used by British and Irish banks using six digits divided into three different pairs; for instance, 12-34-56. These codes, like many other bank codes, are used to identify the location of the bank where the account is held. The first two digits are usually bank identifiers. However, in some cases, the first code may describe the bank as well. It must be noted that the SORT code of a bank is integrated and encoded in the IBAN number of the account but not in the BIC codes of the account. A SORT code is used by banks to identify and route the money transfers to the respective bank and account. SORT codes are also called NSC or National SORT Code in Ireland and are regulated by the IPSO (Irish Payment Services Organization). A SORT Code in Ireland begins with the digit “9”.
-
Also referred to as masked characters and HTML entities, special characters are part of an encoded character set that extends beyond the characters available on a conventional keyboard. They include Greek letters, mathematical symbols, arrows, currencies, dingbats (ornaments), and graphics, as well as checkmarks and symbols for copyright and trademarks.
-
Code case that uses hyphens “-” to separate the words comprising a name. Also called Kebab case.
-
Customisable initial window or page of the Webapp UI containing an image, a logo, and the current version of the software.
-
Single point of failure – part of a system that, if it fails, will stop the entire system from working.
-
Sofware Statement Assertion – a software statement that is signed by its issuer and represented as a JSON Web Signature (JWS). An SSA may be issued by any actor that is trusted by the authorization server.
-
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
-
Small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. SSL certificates bind together a domain name, server name or hostname, as well as an organizational identity (i.e., a company name) and location.
-
Instruction to the bank to pay a fixed amount at regular intervals to the destination account. The instruction is sometimes called a "banker's order."
-
Created according to the new Payment Services Directive (PSD2), this API aims to provide a secure and easy-to-use set of services to be implemented by European ASPSPs.
-
The movement of a customer’s own funds between accounts owned by them.
-
Society for Worldwide Interbank Financial Telecommunication – provides a secure network allowing more than 10,000 financial institutions in 212 different countries to send and receive information about financial transactions to each other. As broadly used as SWIFT is, keep in mind that it is only a messaging system; SWIFT does not hold any funds or securities, nor does it manage client accounts.
-
Terms of service (also known as terms of use and terms and conditions, commonly abbreviated as TOS or ToS, ToU or T&C) are the legal agreements between a service provider and a person who wants to use that service. Terms of service can also be merely a disclaimer, especially regarding the use of websites.
-
Owned and operated by the Eurosystem, TARGET2 is the real-time gross settlement (RTGS) system with payment transactions settled one by one on a continuous basis in central bank money with immediate finality. There is no upper or lower limit on the value of payments. TARGET2 mainly settles operations of monetary policy and money market operations.
-
Transmission Control Protocol – standard that defines how to establish and maintain a network conversation through which application programs can exchange data. TCP works with the Internet Protocol (IP), which defines how computers send packets of data to each other. Together, TCP and IP are the basic rules defining the Internet. The Internet Engineering Task Force (IETF) defines TCP in the Request for Comment (RFC) standards document number 793.
-
Under PSD2, a Technical Service Provider renders purely technical services, usch as the processing and storing of data, services for privacy protections, and the provision of IT and communication infrastructure, without entering into the possession of funds, whilst also not qualifying as a PISP or AISP.
-
Variant of snake case which uses hyphens “-” to separate words.
-
Top-level domain – refers to the final segment of the domain name. TLDs are generally classified into two categories: generic (.com, .org, .net., .biz) and country-specific (lower-case, alpha-2 country code).
-
Transport Layer Security – a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers.
-
For PSD2, smart tokens come in two kinds: transfer tokens and access tokens. Transfer tokens authorize payment or the transfer of assets or funds from a payer to a designated payee. They function as programmable money. Access tokens authorize user-approved access to a member's bank account information. The type and level of access granted by the bank depends on the conditions set for the access token — “who,” “what,” “how,” and "when" that data can be accessed and "by whom".
-
Mechanism through which the TPP is issued an API access token upon successful authentication, which must thereafter be used while invoking any API request.
-
primary account number – card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar card, sometimes referred to as a bank card number
-
One of four supported categories of accountIdentifiers defined in the API's AccountDetails object. It identifies the user member's account by accountId and memberId.
-
Organisation responsible for the issuance and management of payment tokens.Tokenisation increases security to safeguard against potential fraud by removing confidential consumer information from payment data and replacing it with unique tokens, which are limited in how and when they can be used.
-
Functionality, data and resources running on physical and virtual servers maintained and controlled by Token.io, and accessed via an Internet connection.
-
Token.io is an authorized Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP) licenced by the Financial Conduct Authority in the UK (Licence Number: 795904). Token.io also provides technical services for other regulated entities.
-
This is a Token.io user represented by throughout the ecosystem by a memberId.
-
Operated and maintained by Token.io to provide turnkey PSD2 and OBIE compliance for easy and secure TPP connectivity with banks offering payment initiation and account information services.
-
Provides turnkey PSD2 and OBIE compliance that allows third-party providers to easily and securely develop applications that support payment initiation and account information retrieval. The core of TokenOS is the "smart token," providing authorization to access an underlying asset. Smart tokens define the conditions (rules) governing access to the asset.
-
Third-Party Provider – an authorized online service provider introduced as part of Open Banking. TPPs exist outside of the account holder’s relationship with their bank but may be involved in transactions carried out by the user.
-
Transport keys protect a key that is sent to another system, received from another system, or stored with data in a file. Transport keys can be either AES or DES keys.
-
Trust Service Provider – responsible for assuring the electronic identification of signatories and services by using strong mechanisms for authentication, digital certificates and electronic signatures. eIDAS defines how TSPs perform authentication and non-repudiation services and how they are to be regulated and recognized throughout EU member states.
-
token-trace-id – unique value stored with a TPP request upon submission to Token and thereafter used to track the request throughout its lifecycle.
-
A TPP using Token.io's licence.
-
A TPP using its own licence.
-
User Datagram Protocol – a transport layer protocol that is used to create a connection between applications running on hosts that are connected via a network.
-
User Interface – at the most basic level, this is the series of screens, pages, and visual elements—like buttons and icons—that enable a user to interact with your product or service.
-
Standard adopted by banks doing business in the United Kingdom designed to assist any European account providers in meeting their PSD2 and RTS requirements, as well as supporting their application for an exemption from the contingency mechanism.
-
A Uniform Resource Identifier (URI) is a string of characters that unambiguously identifies a particular resource. To guarantee uniformity, all URIs follow a predefined set of syntax rules, but also maintain extensibility through a separately defined hierarchical naming scheme (e.g. http://).
-
Uniform Resource Locator (aka web address) – specifies a location on a computer network and a mechanism for retrieving it.
-
URL encoding makes sure that the characters in the URL that are not allowed to be put into the URL directly can still be used. For example a space or : is not allowed, but replacing it with %20 or %3A encodes a space or : (and most browsers will display a space in the browser bar). For encoded URLs, use Java's URLDecoder (java.net.URLDecoder) unless you have a different preference.
-
Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.
-
Coordinated Universal Time – a standard used to set all time zones around the world. For instance, Berlin is in the time zone UTC plus one hour (UTC+1:00), which means it is 1 hour later in Berlin than the reading on a UTC clock. Most EU countries are in the Central European Time zone. CET alternates between UTC+1 (standard time) and UTC+2 (when daylight saving time (DST) is observed). All countries in the CET time zone observe DST (UTC+2) from 02:00 am on the last Sunday of March until 03:00 am on the last Sunday of October.
-
User Experience – the overall experience of a person using a product such as a website or computer application, especially in terms of how easy or pleasing it is to use.
-
User experience – refers to any interaction a user has with a product or service.
-
Value-added tax – general, broadly based consumption tax assessed on the value added to goods and services. It applies to all goods and services bought and sold for use or consumption in the EU and the UK, as well as in more than 160 countries worldwide.
-
Registered tax identification number in tax systems that use Value-Added Tax (VAT). When you register for VAT in a single country, you receive a VAT number for their tax system. Your VAT number is not the same as a local tax number or tax ID. A VAT number is exclusively for the Value-Added Tax scheme.
-
Variable Recurring Payment
-
Web Application Firewall – helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.
-
Module bundler for JavaScript files that takes care of bundling alongside a separate task runner.
-
A browser engine that you can insert like an iframe into your native app and programmatically tell it what web content to load.
-
Standard format for public key certificates – digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations.
-
eXternal Data Representation (XDR) – a standard for the description and encoding of data. XDR uses a language to describe data formats, but the language is used only for describing data and is not a programming language.
-
Common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
-
Extensible markup language – software- and hardware-independent tool for storing and transporting data.
-
PSD2 contains requirements for the banks (ASPSPs) to make their customers' account information available to TPPs under certain conditions, allowing the TPPs to continue (or start) providing their PIS and AIS. These requirements are usually referred to as the Access to Accounts part (XS2A) of the PSD2.
-
Tool developed by Facebook to resolve some of npm’s shortcomings. Yarn isn’t technically a replacement for npm since it relies on modules from the npm registry. Think of Yarn as a new installer that still relies upon the same npm structure.