Nordea Business accounts API specific documentation
Changes from the previous version
The top most item is the latest change and the API changes described in it are relative to the version directly below. The current version of the API is 4.6.
Version 4.6
Possibility to expand a lumpsum transaction is enabled in Norway. The functionality is available only in sandbox for time being. Refer to section Lump-sum transactions for more details.
Version 4.5
Document updated to describe transaction history based on access token.
Version 4.4
Transaction model enriched with optional attributes:
- archive_id,
- to_account_name,
- to_account_country,
- counterparty_account,
- counterparty_account_name,
- from_account_name,
- from_account_country,
- bank_name,
- bank_address,
- bank_code,
- bank_bic,
- originators_reference,
- transfer_type,
- transfer_type_name,
- transaction_type_code,
- payment_code,
- merchant_city,
- merchant_country,
- payer_identifier
This fields might be presented for some transactions, following Nordea Business Netbank portal.
Version 4.3
Transaction model enriched with optional attribute “counterparty_address”. This field might be presented for some transactions, following Nordea Business Netbank portal.
Version 4.2
Item transaction_id may not necessarily be unique, but it should be shown to customers because they need it for banking purposes. Item Reference and counterparty_bank_bic will be returned for transactions, whenever applicable.
Version 4.1
Item transaction_id description update. Optional for Denmark, available for transactions not older than 89 weeks for Finland. Obligatory for Sweden and Norway and in all other instances.
Version 4.0
Although this is the first version of Nordea Business specific APIs, we have decided to use ‘v4’ to make it clear that the endpoints align closely to the ‘v4’ endpoints for personal customers in terms of interface definition and behaviour.
Overview
Account Information Services (AIS) API consists of four endpoints supporting the GET http method, providing a list of accounts, details of a specified account, transaction history for a specified account, and list of sub-transactions under a lump.
AIS API endpoints
| Endpoint | Suported HTTP Methods |
|---|---|
/accounts | GET |
/accounts/<ACCOUNT_ID> | GET |
/accounts/<ACCOUNT_ID>/transactions | GET |
/accounts/<ACCOUNT_ID>/subtransactions/<subtransaction-id> | GET |
Note that the /transactions response is a paginated list of transactions, with a continuation key.
AIS API not supported parameters
In the AIS calls, some attributes are supported only in certain countries. In the table below, you can see the not-supported countries for some attributes:
| Country | Not Supported Attribute |
|---|---|
| DK | counterparty_name |
| DK | counterparty_account |
| DK | payment_date |
| DK | message |
| DK | own_message |
| DK | reference |
| DK | card_number |
| FI | balance_after_transaction |
| FI | own_message |
| NO | account_name |
Lump-sum Transactions
Lump-sum transactions retrieving process is described below,
- Payment service user (PSU) uses authorized third party provider’s (TPP’s) interface to get the transactions list on a transaction account.
- The TPP calls OBI-Business Accounts API end point “GET /v4/accounts/{id}/transactions” to get the list of transactions on a transaction account.
- OBI-Business Accounts API returns the transactions list to the TPP. subtransaction_Id is reported in details for the lumpsum transactions.
- Payment service user (PSU) uses authorized third party provider’s (TPP’s) interface to get the sub-transaction list under a lump on a transaction account.
- The TPP calls OBI-Business Accounts API end point “GET /v4/accounts/{id}/subtransactions/{subtransaction-id}” to get the list of sub-transactions under a lumpsum transaction on a transaction account. The scope and access to the account are verified with the access token provided by the TPP.
- OBI-Business Accounts API returns the sub-transactions list to the TPP. Refer to section API Reference to understand the request and response specifications.
- OBI-Business Accounts API returns the error if the specified subtransaction_id is invalid.
Note that the functionality is available only in Norway.
AIS API examples
Here you can find examples how to use the AIS API endpoints.
Note that in all of the example cURL commands you must change the
X-IBM-Client-Id,X-IBM-Client-SecretandAuthorization: Bearerheader values to the correct ones.
You can find the Client ID, and Client Secret from your app console and the Bearer is generated when you log in.
All of these examples can also be tried out in the API portals API Console easily, here we show cURL examples how to make the same API calls which can be performed by the API Console.
Remember to replace the <ACCOUNT-ID> URL parameter by correct values in the cURL examples below.
You can get a list of available account ACCOUNT-IDs by issuing the list accounts example below. The ACCOUNT-ID is not the same thing as accountNumber because the latter can not be used as a unique identifier.
Example: list accounts
Following cURL command can be used to fetch the account list after correct Application ID, Client Secret and Access Token are substituted in it:
This endpoint URL has the following form:
GET /accounts HTTP/1.1
This endpoint supports GET HTTP method.
The following cURL can be used to fetch account list from this endpoint.
$ curl 'https://api.nordeaopenbanking.com/business/v4/accounts' -i \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <ACCESS-TOKEN>' \
-H 'Signature: keyId="clientId",algorithm="rsa-sha256",headers="<signature headers>",signature="<signature code>"\
-H 'Date: Wed, 12 Jun 2019 13:34:16 CEST' \
-H 'X-IBM-Client-Id: <Client ID>' \
-H 'X-IBM-Client-Secret: <Client Secret>'
Here is the response for the query above:
{
"group_header": {
"message_identification": "o6t4ADdAxWM",
"creation_date_time": "2018-11-14T06:50:52.313Z",
"http_code": 200
},
"response": {
"accounts": [
{
"id": "DK1545437569-DKK",
"country": "DK",
"account_numbers": [
{
"value": "DK8620001545437569",
"_type": "IBAN"
}
],
"currency": "DKK",
"account_name": "Anders Madsen",
"product": "Grundkonto",
"account_type": "Current",
"available_balance": -33558067.98,
"booked_balance": -33558067.98,
"value_dated_balance": -33558067.98,
"bank": {
"name": "Nordea",
"bic": "NDEADKKK",
"country": "DK"
},
"status": "OPEN",
"credit_limit": 100,
"latest_transaction_booking_date": "2018-11-13",
"_links": [
{
"rel": "details",
"href": "/business/v4/accounts/DK1545437569-DKK"
},
{
"rel": "transactions",
"href": "/business/v4/accounts/DK1545437569-DKK/transactions"
}
]
},
{
"id": "DK3805010844-DKK",
"country": "DK",
"account_numbers": [
{
"value": "DK3320001545457438",
"_type": "IBAN"
}
],
"currency": "DKK",
"account_name": "Anders Madsen",
"product": "Private Banking konto",
"account_type": "Current",
"available_balance": 1123.60,
"booked_balance": 1111.50,
"value_dated_balance": 1111.50,
"bank": {
"name": "Nordea",
"bic": "NDEADKKK",
"country": "DK"
},
"status": "OPEN",
"credit_limit": 100,
"_links": [
{
"rel": "details",
"href": "/business/v4/accounts/DK3805010844-DKK"
},
{
"rel": "transactions",
"href": "/business/v4/accounts/DK3805010844-DKK/transactions"
}
]
}
],
"_links": [
{
"rel": "self",
"href": "/business/v4/accounts"
}
]
}
}
Example: fetch account details
In this example, we fetch account details by ACCOUNT-ID which can be found by listing the accounts. The endpoint URL has the following form:
GET /business/v4/accounts/<ACCOUNT-ID> HTTP/1.1
This endpoint supports GET HTTP method.
Here is cURL command to fetch the account information:
$ curl 'https://api.nordeaopenbanking.com/business/v4/accounts/DK1545437569-DKK' -i \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <ACCESS-TOKEN>' \
-H 'Signature: keyId="clientId",algorithm="rsa-sha256",headers="<signature headers>",signature="<signature code>"\
-H 'Date: Wed, 12 Jun 2019 13:34:16 CEST' \
-H 'X-IBM-Client-Id: <Client ID>' \
-H 'X-IBM-Client-Secret: <Client Secret>'
Response:
{
"group_header": {
"message_identification": "DqwsOZYND9c",
"creation_date_time": "2018-11-14T06:56:01.169Z",
"http_code": 200
},
"response": {
"id": "DK1545437569-DKK",
"country": "DK",
"account_numbers": [
{
"value": "DK8620001545437569",
"_type": "IBAN"
}
],
"currency": "DKK",
"account_name": "Anders Madsen",
"product": "Grundkonto",
"account_type": "Current",
"available_balance": -33629400.07,
"booked_balance": -33629400.07,
"value_dated_balance": -33629400.07,
"bank": {
"name": "Nordea",
"bic": "NDEADKKK",
"country": "DK"
},
"status": "OPEN",
"credit_limit": "100",
"latest_transaction_booking_date": "2018-11-14",
"_links": [
{
"rel": "self",
"href": "/business/v4/accounts/DK1545437569-DKK"
},
{
"rel": "transactions",
"href": "/business/v4/accounts/DK1545437569-DKK/transactions"
}
]
}
Example: fetch transactions
The following request will fetch transactions from the account by ACCOUNT-ID.
Note that this query can also take parameter
from_dateandto_dateas well ascontinuation_key.
These parameters mentioned above control the date range from between which to fetch the transactions, and they are optional. They are sent as query parameters. The continuation_key parameter controls the pagination, for example, it can be read from the response and used to fetch next part of a long response.
The date parameters, from_date, and to_date have to be formatted correctly, namely yyyy-MM-dd, so for instance, 1989-02-22 would be in correct format.
TPP will receive an access token from Nordea for a period defined by you up to 180 days. TPP is only entitled to access the payment transactions executed in the last 180 days when using this access token, unless strong customer authentication is performed.
The data returned by the transactions endpoint in the sandbox environment is not anymore static, and transactions are generated automatically over time.
The endpoint URL has the following form:
GET /business/v4/accounts/<ACCOUNT-ID>/transactions HTTP/1.1
The <ACCOUNT-ID> URL parameter(s) can be found from account listing request above.
$ curl 'https://api.nordeaopenbanking.com/business/v4/accounts/DK1545437569-DKK/transactions?from_date=2018-11-14&to_date=2018-11-14&language=fi&continuation_key=01544515720202389398-2 ' -i \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <ACCESS-TOKEN>' \
-H 'Signature: keyId="clientId",algorithm="rsa-sha256",headers="<signature headers>",signature="<signature code>"\
-H 'Date: Wed, 12 Jun 2019 13:34:16 CEST' \
-H 'X-IBM-Client-Id: <Client ID>' \
-H 'X-IBM-Client-Secret: <Client Secret>'
And here’s how the response looks like
http
GET /business/v4/accounts/DK1545437569-DKK/transactions HTTP/1.1 {
"group_header": {
"message_identification": "SC1whey-jNs",
"creation_date_time": "2018-11-14T09:55:52.12Z",
"http_code": 200
},
"response": {
"continuation_key": "01544515720202389398-2",
"transactions": [{
"transaction_id": "3aaf3cdb-9ae0-4514-8c83-0ee62d1e36f6",
"currency": "EUR",
"booking_date": "2021-07-06",
"value_date": "2021-07-07",
"type_description": "Debet automaattiotto",
"narrative": "EUR 35.00 Helsinki",
"message": "EUR 35.00 Helsinki",
"status": "billed",
"reference": "101015553332",
"counterparty_account": "",
"own_message": "EUR 35.00 Helsinki",
"counterparty_name": "ATM Nosto 1212",
"counterparty_bank_bic": "BHBLDEHHXXX",
"counterparty_address": "41410 Toivakka",
"transaction_date": "2021-07-06",
"card_number": "xxxxxxxxxx5480",
"payment_date": "2021-07-06",
"amount": "-21.00",
"subtransaction_id": ""
}, {
"transaction_id": "01544515720202389398",
"currency": "DKK",
"booking_date": "2018-11-14",
"value_date": "2018-11-14",
"type_description": "BGS",
"narrative": "Bgs Test NemID",
"status": "billed",
"transaction_date": "2018-11-14",
"payment_date": "2018-11-14",
"amount": "-290.00",
"subtransaction_id": ""
}, {
"transaction_id": "01544515720202389274",
"currency": "DKK",
"booking_date": "2018-11-14",
"value_date": "2018-11-14",
"type_description": "MobilePay",
"narrative": "MobilePay: Sanne Sondersen 1670018411450212",
"status": "billed",
"transaction_date": "2018-11-14",
"payment_date": "2018-11-14",
"amount": -230.00,
"subtransaction_id": ""
}, {
"transaction_id": "01544515720202389150",
"currency": "DKK",
"booking_date": "2018-11-14",
"value_date": "2018-11-14",
"type_description": "some description",
"narrative": "Bs betalning FITGYM A/S",
"status": "billed",
"transaction_date": "2018-11-14",
"payment_date": "2018-11-14",
"amount": -306.95,
"subtransaction_id": ""
}, {
"transaction_id": "01544515720202388809",
"currency": "DKK",
"booking_date": "2018-11-14",
"value_date": "2018-11-16",
"type_description": "some description",
"narrative": "Visa køb 90.00 MURRES CAFE STOCKHOLM Den 04.06",
"counterparty_address": "8930 Randers Denmark",
"status": "billed",
"transaction_date": "2018-11-14",
"payment_date": "2018-11-14",
"amount": -90.00,
"subtransaction_id": ""
}, {
"transaction_id": "01544515720202388747",
"currency": "DKK",
"booking_date": "2018-11-14",
"value_date": "2018-11-14",
"type_description": "MobilePay",
"narrative": "MobilePay: Sanne Sondersen 1670018411450212",
"status": "billed",
"transaction_date": "2018-11-14",
"payment_date": "2018-11-14",
"amount": -230.00,
"subtransaction_id": ""
},
],
"_links": [{
"rel": "self",
"href": "/business/v4/accounts/DK1545437569-DKK/transactions?language=sv"
}, {
"rel": "next",
"href": "/business/v4/accounts/DK1545437569-DKK/transactions?language=sv&continuation_key=01544515720202389398-2"
}
]
}
}
Example: fetch sub-transactions
The following request will fetch sub-transactions from the account by ACCOUNT-ID and lump by subtransaction-id.
TPP will receive an access token from Nordea for a period defined by you up to 180 days. TPP is only entitled to access the payment sub-transactions executed in the last 180 days when using this access token, unless strong customer authentication is performed.
The data returned by the sub-transactions endpoint in the sandbox environment is static.
The endpoint URL has the following form:
GET /business/v4/accounts/<ACCOUNT-ID>/subtransactions/<subtransaction-id> HTTP/1.1
The <ACCOUNT-ID> URL parameter(s) can be found from account listing request and <subtransaction-id> can be found from the transaction details in the transactions list.
$ curl 'https://api.nordeaopenbanking.com/business/v4/accounts/NO61735686908-NOK/subtransactions/SBTID0003' -i \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <ACCESS-TOKEN>' \
-H 'Signature: keyId="clientId",algorithm="rsa-sha256",headers="<signature headers>",signature="<signature code>"\
-H 'Date: Wed, 12 Jun 2019 13:34:16 CEST' \
-H 'X-IBM-Client-Id: <Client ID>' \
-H 'X-IBM-Client-Secret: <Client Secret>'
And here’s how the response looks like
http
GET /business/v4/accounts/NO61735686908-NOK/subtransactions/SBTID0003 HTTP/1.1
{
"group_header": {
"message_identification": "pirzcd8pi2wpksj9",
"creation_date_time": "2025-01-17T12:10:10.360248409Z",
"http_code": 200
},
"response": {
"subtransactions": [
{
"transaction_id": "aa28c89e-214a-47dc-9513-cae7c6264b3f",
"status": "billed",
"booking_date": "2025-01-15",
"transaction_date": "2025-01-15",
"counterparty_name": "",
"archive_id": "AID001",
"counterparty_account": "",
"counterparty_address": "ADDRESS3",
"to_account_name": "",
"to_account_country": "",
"from_account_name": "",
"amount": "-400.00",
"message": "Visa varekp",
"payer_identifier": "PID1"
},
{
"transaction_id": "aa28c89e-214a-47dc-9513-cae7c6264b3f",
"status": "billed",
"booking_date": "2025-01-15",
"transaction_date": "2025-01-15",
"counterparty_name": "",
"archive_id": "AID002",
"counterparty_account": "",
"counterparty_address": "ADDRESS3",
"to_account_name": "",
"to_account_country": "",
"from_account_name": "",
"amount": "-80.00",
"message": "Visa varekp utland",
"payer_identifier": "PID2"
},
{
"transaction_id": "aa28c89e-214a-47dc-9513-cae7c6264b3f",
"status": "billed",
"booking_date": "2025-01-15",
"transaction_date": "2025-01-15",
"counterparty_name": "",
"archive_id": "AID003",
"counterparty_account": "",
"counterparty_address": "ADDRESS3",
"to_account_name": "",
"to_account_country": "",
"from_account_name": "",
"amount": "-7.00",
"message": "MIKROSPAR AV : -7.00",
"payer_identifier": "PID3"
}
],
"_links": [
{
"rel": "self",
"href": "/v4/accounts/NO61735686908-NOK/subtransactions/SBTID0003"
}
]
}
}