// the find
adorsys/xs2a
Open Source NextGenPSD2 XS2A Implementation from adorsys.
A Java implementation of the Berlin Group's NextGenPSD2 XS2A (Access to Account) API — the standard European banks must expose under PSD2 to let third-party payment providers access account data and initiate payments. Built by adorsys, a consultancy that's been in the PSD2 space since the directive landed. Aimed at banks (ASPSPs) that need a compliant XS2A layer to bolt onto their core banking system.
The ASPSP-Profile module is genuinely useful — it lets each bank configure its own SCA approaches, payment products, and consent types via YAML without touching code. The Consent Management System is a separate pluggable module, which is the right call since consent lifecycle is complex and banks often have their own requirements. The SPI (Service Provider Interface) pattern is well-thought-out: the framework handles the XS2A protocol layer, and you write adapters to your own banking backend. Last commit was June 2026, so the project isn't abandoned despite the low star count.
Pinned to NextGenPSD2 spec version 1.3.12 from 2022 — the Berlin Group has moved on and there's a `VOP_REMAINING_TASKS.md` file in the root that suggests incomplete work. The README is upfront that this is a 'try-out version' and adorsys prefers commercial engagements; realistically this is a demo/reference, not a production-grade drop-in. The architecture is a dense multi-module Maven project with 20+ submodules — getting from `git clone` to a running XS2A endpoint requires understanding the connector model, the SPI abstractions, and standing up a separate ASPSP-Profile server. For most teams, the actual integration work with their core banking system will dwarf the effort of wiring up this framework.