Api documentation


Welcome to the dedicated interface (XS2A) of OTP Bank Croatia d.d.
PSD2 started as an EU directive (Payment services (PSD 2) - Directive (EU) 2015/2366).
The NextGenPSD2 initiative is the Berlin Group's mandated task of establishing an open, shared and harmonized API (Application Programming Interface) that would allow third parties (TPPs), end users (PSUs) to access bank accounts and other related activities:

  • Payment Initiation (PIS)
  • Account Information (AIS)
  • Confirmation of the Availability of Funds (PIIS)

Test environment - Sandbox

Developers portal is located at the following link: https://apiportal.sandbox.otpbanka.hr/portal/
The test environment is located at the following link: https://api.sandbox.otpbanka.hr
In order to log in to the developers portal, you need to register and confirm your email address. After successful registration it is possible to:

  • Manage profile
  • Add TPP users/associates
  • Enable 2FA login mode
  • Create the application together with additional information with which the application will be identified (OAuth2) to the authorization server of OTP Bank Croatia d.d.(https://iam.sandbox.otpbanka.hr/)
  • Access to test end users (PSU)
  • Download test certificates that will identify TPP to ASPSP (OTP Bank Croatia d.d.)
  • Download dedicated interface API documentation (.yaml, .json)
  • Test API calls to the dedicated interface
  • Monitor the performance of the API dedicated interface
Additional information about the authorization server can be found at:

Production environment

The production environment is located at the following link: https://api.otpbanka.hr/
In order to successfully communicate with the production environment, it is necessary to have a valid license and an eIDAS certificate issued by the competent authority.
Then it is possible to:

  • Dynamic register client (RFC 7951) for using OAuth2 protocol
  • Invoke API dedicated Interface
  • Monitor API performance of the dedicated interface
TPP user guide can be found at:
TPP user guide

Additional information about the authorization server can be found at:

Application registration is done using the following endpoint:


The TPP can send a problem report to email address:
The following should be included when reporting a problem:

  • TPP name and contact information (email and phone number)
  • The date and time when the problem was detected
  • Description of the issues with the payment services and functionality (authentication / authorization; communication; payment initiation (PIS); account information (AIS); confirmation of the availability of funds (CoF)) covered by the problem
  • If additional technical details (log with all parameters; method, endpoint, header, body, JSON / XML of payment message) are available, they can also be included in the report
Given all the information that has to be provided, and the ability to send additional technical information such as logs and print screens of the problem, the preferred method of reporting is by email.

Useful links and documents

European Commission
eIDAS regulation
FINA PSD2 QWAC certificate