AIS, PIS and CBPII: the three PSD2 APIs explained
Open banking in Europe rests on three APIs. Every bank in scope has to offer them and almost everything written about open banking assumes you already know what they are.
Here they are in plain English.
Short answer: PSD2 created three regulated bank APIs. AIS reads account information, PIS initiates payments and CBPII confirms whether funds are available. AIS reads, PIS acts and CBPII checks. Everything beyond these three is a premium service the bank offers by choice, not by law.
AIS: Account Information Service
AIS lets an authorised third party read a customer’s account data with their consent: balances, transactions and account details.
It is read-only. It can see that a customer spent money at a supermarket, but it cannot move a cent. That single limit is what makes it safe to build on for things like budgeting apps, accounting tools and affordability or lending checks, where you need to understand an account without touching it.
To use AIS you act as an AISP (Account Information Service Provider), either by being authorised yourself or by working through a licensed provider.
PIS: Payment Initiation Service
PIS lets an authorised third party initiate a payment from the customer’s account, again with their consent.
This is the action half of open banking. Instead of reading data, you ask the bank to move money, which is how account-to-account checkout, bill payment and bank transfers inside an app work without cards.
Because it moves money, PIS carries more risk and a higher bar. You act as a PISP (Payment Initiation Service Provider) and Strong Customer Authentication, where the customer proves who they are, is central to the flow.
CBPII: Confirmation of Funds
CBPII answers one question: is there enough money in the account to cover a given amount? It returns a simple yes or no.
Crucially, it does not reveal the balance. It confirms funds are sufficient for a specific payment without exposing how much the customer actually has. That makes it useful for card-based products that need to check coverage before charging, without pulling full account access.
It is the narrowest of the three and the least talked about, but it fills a specific gap between reading everything and moving money.
How they fit together
| API | Full name | What it does | Can it move money? | Role you act as |
|---|---|---|---|---|
| AIS | Account Information Service | Reads balances and transactions | No | AISP |
| PIS | Payment Initiation Service | Initiates a payment | Yes | PISP |
| CBPII | Confirmation of Funds | Checks funds are available | No | CBPII / equivalent permission |
Think of it as read, act and check. Many products combine them: a lending app might use AIS to assess affordability and PIS to disburse the loan; a checkout might use CBPII to confirm funds and PIS to take the payment.
All three need regulatory authorisation, which is why many companies build on a licensed open-banking provider rather than getting authorised themselves.
Where the baseline ends
These three APIs are the regulated floor. They are mandatory and shared standards mean they look broadly similar from one bank to the next.
Everything else a bank exposes, such as enriched transaction data, card issuing, FX, corporate cash management and more, is a premium API it offers by choice, outside PSD2. Those are not guaranteed, not standardised and different at every bank.
So when a bank says it “supports open banking,” it means these three. How far it goes past them and how cleanly it implements them, is the part worth checking, which is exactly why every bank’s API is different.
Every bank in the index shows which of these services are live, the standard behind them and a 1 to 5 maturity rating, so you can see what you are actually working with before you commit.
Frequently asked questions
What do AIS, PIS and CBPII stand for?
AIS is Account Information Service, which reads balances and transactions. PIS is Payment Initiation Service, which moves money from a customer's account. CBPII is Confirmation of Funds, which checks whether enough money is available without revealing the balance. They are the three regulated services PSD2 requires banks to open up.
What is the difference between AIS and PIS?
AIS only reads data, so it can see balances and transactions but cannot move money. PIS takes an action, initiating a payment from the customer's account. Reading needs an AISP authorisation; initiating payments needs a PISP authorisation. Many products use both together.
Do I need a licence to use PSD2 APIs?
Yes. To access these regulated APIs you must be authorised, or act as the agent of an authorised firm, as an AISP for account information, a PISP for payment initiation, or hold the relevant permission for Confirmation of Funds. Many companies use a licensed open-banking provider rather than getting authorised themselves.
What can these APIs not do?
They cover only the regulated baseline: reading accounts, initiating payments and checking funds. Anything beyond that, such as enriched data, card issuing, FX or corporate cash management, is a premium API the bank chooses to offer outside PSD2 and it is neither guaranteed nor standardised.