PIS API Specific Documentation - Cross border Payments
Changes from the previous version
This is the change log of the API Payment Initiation Service on cross-border payments, allowing PSD2-regulated TPPs to initiate payments on behalf of the PSU, in this case the Nordea Business customer. The top most item is the latest change and the API changes described in it are relative to the version directly below.
Version 4.17
New status reason has been added: “RequiresSinglePaymentSigning” in the payments model for Sweden. Section Payment status description has been updated.
Version 4.16
New ENUM value has been added to the parameter “payment_status_reason” in the payments model. Section Payment status description has been updated.
Version 4.15
- Support for decoupled signing in Norway using Nordea ID app added.
- Support for the Confirmation of availability of funds has been added. Please refer to the Confirmation of availability of funds section.
Version 4.14
Cross border payments are supported in Norway for Business customers.
Version 4.13
Support for the header parameter “X-Response-Scenarios” has been added to Sandbox. Please refer to the Mock signing page (Sandbox only).
Version 4.12
The parameter “auto_start_token” has been removed from the payment details.
Version 4.11
Changes in decoupled payment signing in SE is described in the section “Decoupled signing - Sweden”
Version 4.10
Permitted currencies list for Sweden updated in section “Nordea payment type field combinations”.
Version 4.9
PIS API Reference updated. Line 3 is not allowed for creditor address in Sweden cross border payment request.
Version 4.8
Payment model is enhanced with additional attribute “payment_status_reason”
Version 4.7
Added support for decoupled signing in Denmark using Nordea ID app.
Version 4.6
Added precise description for MTA authorization method for FI Crossborder payments (decoupled signing flow).
Version 4.5
Added Decouple signing for Finland in Sandbox. Now PSU in Finland can sign the payments using Nordea ID app. In order to enable the decouple signing, the TPP needs to provide the parameter “authentication_method” = “MTA” during the confirmation step. Then Nordea will automatically trigger the decouple signing for the user. The signing url is to be used in case of it is not possible to use the decouple signing flow.
Version 4.4
Additional section related to Cross-border payments Finland added and described.
Version 4.3
Due to Russia invasion on Ukraine, Nordea has blocked payments in ruble. Currency RUB has been excluded from documentation.
Version 4.2
Additional section related to Cross-border payments Denmark added and described. Important: In version 4.2 feature is valid only for Sandbox.
Version 4.1
Added decoupled payment signing flow for Swedish customers. This will provide an additional way of signing payments, in addition to the existing flow which requires TPPs to redirect customers to signing URL. In the newly added decoupled flow, the TPP will receive an auto_start_token from Nordea. TPP can use that to generate a QR code or open the Bank ID application on the customer’s smart-phone to enable them to sign payments. If the customer does not have or can not use a smart-phone then they can still be re-directed to the signing URL.
- In order to initiate the decouple signing flow, the consumer (TPP rather) needs to add “authentication_method”:“BANKID_SE” into the payments/confirm request body. In this case the response will hold a Nordea Bank signing URL and an auto_start_token.
- The auto_start_token is used to generate a QR code or launch the BANKID mobile app https://www.bankid.com/utvecklare/guider/teknisk-integrationsguide/programstart, or generate a QR code https://www.bankid.com/utvecklare/guider/teknisk-integrationsguide/qrkoder to be used with the BANKID app.
- The signing url is to be used in case if it is not possible to use the decouple signing flow.
Improved field names of cross-border payment services like Get Payment Details, Get Payments List, Initiate Payments and Confirm Payments. See PIS API examples section and API Reference section.
Version 4.0
This is the first version of PIS API cross-border payments:
/v4/business/payments/crossborder
International payment rules apply to cross-border payments, and additional information likely has to be submitted in the creditor.message field as per the creditor bank country code.
Overview
Payment Initiation Services (PIS) API consists of four endpoints. The PIS API can be used to initiate payments, query payment details, and status and confirm payments. This API supports GET, POST and PUT HTTP methods. PIS API supports cross-border payments, and the API endpoint URLs have /crossborder in them.
API endpoints
The PIS API contains the following endpoints:
| Endpoint | Supported HTTP Methods |
|---|---|
/business/payments/crossborder | GET, POST, DELETE |
/business/payments/crossborder/{paymentId} | GET, DELETE |
/business/payments/crossborder/{paymentId}/confirm | PUT |
/business/payments/crossborder/confirm | PUT |
The /business/payments/crossborder endpoint has two uses, it can be used to initiate payment and to get payments. It supports GET and POST methods. If POST method is used, new payment will be initialized, and the request body must contain the payment details to be initiated. If GET method is used, it will return list of pending cross-border payments. This endpoint returns HTTP Code 201 on success, and the response contains the payment details which include, e.g., payment receiver details among other things. The payments endpoint will return all payments of all types as one list.
Here is an example of the JSON payload format which can be posted to this endpoint, “_type” is an internal defined representation of the account or reference type.
{
"amount": 1.45,
"creditor": {
"bank": {
"country": "DE",
"bic": "NDEADEFF",
"name": ""
},
"account": {
"_type": "IBAN",
"value": "DE51200505501049795873",
"currency": "EUR"
},
"message": "Message for the beneficiary",
"name": "Beneficiary name"
},
"currency": "EUR",
"debtor": {
"account": {
"_type": "IBAN",
"value": "FI3815903000105518",
"currency": "EUR"
},
"message": "Own message"
},
"end_to_end_identification": "End to end identification",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc"
}
After the payment is initiated by POST request to this endpoint, it will be available by doing GET request to this endpoint which returns a list of pending payments basing on agreement account specifics.
The business/v4/payments/crossborder/{paymentId} endpoint can be used to query payment details by payment id, and it supports GET and DELETE HTTP methods. The payment id is returned when payment is initiated successfully, and it can be found from the response JSON by the name _id. Moreover, the payment status can be seen in the response by the name payment_status. The payment id is returned when the payment is successfully deleted and you can no longer query for the payment id. Full response examples of the endpoints can be seen on examples section below.
The business/v4/payments/crossborder/confirm endpoint can be used to confirm payment or bulk confirmation of payments after the payment is initiated by issuing successful POST request to the /payments/crossborder endpoint. This endpoint returns HTTP Code 200 on success. If the payment is already confirmed or otherwise in such a state that it can not be confirmed, the endpoint returns code 409. This endpoint supports only PUT HTTP method. Please be aware that processing multiple payments could subsequently result in multiple errors. Also note that if 4 payment_id’s are sent, and two of them return errors, the subsequent signing process will only include the two payments with no errors.
Note: Bulk confirmation of payments has not been finalized and behaviour in production may differ from Sandbox.
In Sandbox: Note that the `payment_status` of a confirmed payment will be automatically updated after some time from Pending to Confirmed to Paid. To confirm the payment, calling the '/confirm' endpoint is sufficient for the decoupled signing method (Sweden, Finland and Denmark), whereas redirect signing method (Norway) requires activation of the signing url, but the flow is mocked for Sandbox.
Note that the scenarios are available only in the Sandbox APIs. They will never be available in the production APIs.
Nordea payment type field combinations
| Endpoint (/payments/.) | Nordea Type | FI | SE | DK | NO | Comments | debtor.account_type | creditor.account_type | .amount (mandatory, max. value) | .currency | .creditor.message | .name (of beneficiary | .reference.value | .reference_type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| /crossborder | cross-border payment | X | ”PGNR" | "BBAN_SE” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,“BDT”,“BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”,“EGP”,“EUR”,“GBP”,“HKD”,“HRK”,“HUF”,“IDR”,“ILS”,“INR”,“ISK”,“JOD”,“JPY”,“KES”,“KRW”,“KWD”,“KZT”,“LKR”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”,“PKR”,“PLN”,“QAR”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A | ||||
| /crossborder | cross-border payment | X | ”BBAN_DK" | "BBAN” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”, “EUR”, “GBP”, “HKD”,“HRK”,“HUF”,“ILS”,“INR”,“ISK”,“JOD”,” JPY”,“KES”, “KRW”,“KWD”,“KZT”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”, “PKR”,“PLN”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A | ||||
| /crossborder | cross-border payment | X | ”IBAN" | "BBAN” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”, “EUR”, “GBP”, “HKD”,“HRK”,“HUF”,“ILS”,“INR”,“ISK”,“JOD”,” JPY”,“KES”, “KRW”,“KWD”,“KZT”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”, “PKR”,“PLN”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A | ||||
| /crossborder | cross-border payment | X | ”BBAN_NO" | "BBAN” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”, “EUR”, “GBP”, “HKD”,“HRK”,“HUF”,“ILS”,“INR”,“ISK”,“JOD”,” JPY”,“KES”, “KRW”,“KWD”,“KZT”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”, “PKR”,“PLN”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Optional (max. 140) | Mandatory | N/A | N/A |
Payment status description
| Payment Status | Description | (Re-)confirmable |
|---|---|---|
| PendingConfirmation | A payment was created. Confirmation step has not yet been started. | Y |
| PendingUserApproval | The PSU-signing process has started. | Y |
| OnHold | Payment was put on hold by bank, for example due to fraud suspicion. The PSU needs to contact the bank, or maybe reply a sms. | N |
| UserApprovalFailed | Payment process failed. It’s possible to try again. See tpp_messages in response for further details. | Y |
| UserApprovalTimeout | A specific time frame is set for the signing process, in which the PSU needs to sign the payment. If timeline is exceeded the signing process expires and has to be restarted. | Y |
| UserApprovalCancelled | The PSU rejected signing the payment during the signing flow. | Y |
| Paid | The payment has been properly initiated, confirmed, signed and debited. | N |
| Confirmed | The payment has been properly initiated, confirmed, signed, but is pending final execution. Could be a future dated payment, or due to bulk clearing of payments (i.e. not instant). | N |
| Rejected | As stated the payment has been rejected. See the tpp_messages for further details. This payment cannot be (re-)confirmed. The attribute “payment_status_reason” will indicate “InsufficientFunds”, if the payment was rejected due to insufficient funds. The attribute “payment_status_reason” will indicate “PaymentDeclinedPsuShouldContactNordea ”, if the payment was rejected due to other bank checks, then the user needs to contact the bank to resolve the case. | N |
| LimitExceeded | The PSU, the account, or the channel has a limit that has been exceeded. This is technically (re-)confirmable, but it requires something has been changed, for instance the limit is raised or a new month has begun. | Y |
Note: For Sweden statuses ‘Confirmed’ and ‘Paid’ are not returned via GET payments/crossborder and GET payments/crossborder/:paymentId. Signed and executed payments should be treated as transactions and can be fetched via AIS.
Note: For Sweden the status reason: “RequiresSinglePaymentSigning” - will be assigned during the payment initiation to the payments that require extra controls on the Bank side (further referred as “Special payments”). Due to that, the payments with the given status reason won’t be allowed for the bulk confirmation. In case of including the payments with the given status reason in the bulk confirmation - the response will list the Special payments as the one that need to be signed separately - as a single payment using PUT method. The rest of the payments will be processed as usual - a signing link will be provided for the bulk authorization. The example of such scenario can be found under: PIS API examples for Sweden in the Bulk confirm payments section.
Decoupled signing - Sweden
In Sweden, the PSU has the possibility to sign one or a set of payments in a decoupled way using the Bank ID mobile application. In that case, TPP is expected to pass the parameter authentication_method with value “BANKID_SE” while invoking Nordea Open Banking API end point PUT /confirm.
In the response to payment confirmation, TPP will no longer receive “auto_start_token”. Instead, “authentication_id” is given in the response. The TPP can get the qr_data by polling through the below end point by passing the autentication_id in the URL. Note that the access token is not required for polling.
GET /v4/payments/crossborder/confirm/bankidse/{authentication_id}
In the response, TPP will be given the qr_data, auto_start_token and the status. TPP shall generate the QR code with the qr_data. The qr_data will keep changing every second, thus TPP needs to keep polling and update the QR code. Please see the examples section for better understanding. The status will give the state of signing as below,
| Status | Description |
|---|---|
| WAITING_FOR_USER | Awaiting user to start scanning the QR code |
| IN_PROGRESS | The user has scanned the QR code and is in the process of signing |
| SUCCESS | User has successfully signed the payment(s) |
| FAILED | User signing failed, need to reconfirm the payment |
Note: auto_start_token is also deprecated from payment details and payments list.
In sandbox:
- qr_data will be changing every second for 45 seconds
- After first 30 seconds, a new auto_start_token is generated and returned
- After that, for 15 seconds IN_PROGRESS status is returned, after which the payment is automatically signed
- For 6 hours, SUCCESS status is returned
Decoupled signing via Nordea ID Mobile Application - Finland, Denmark and Norway
Decoupled signing is another possibility for PSU to sign payment using external authentication mobile application Nordea ID. PSU is able to choose signing option. If PSU has active Nordea ID for authorization in Nordea Business (logging, signing payments), he can also sign Payments initiated via Nordea OpenBanking API. In order to activate decoupled flow, TPP is obligated to send additional information during confirming step.
authentication_method must be sent as an additional parameter while invoking Nordea Open Banking API end point PUT /confirm. This attribute must indicate the value “MTA”, in order for Nordea to initiate decoupled signing via Nordea ID mobile application. If the parameter is sent with value “redirect”, or the parameter is not sent at all, the payment signing has to be done using the redirect URL by default.
It is possible to use decoupled flow for bulk confirmation. Parameter “authentication_method” is non-mandatory. When it is not provided, user is not going to get push notification to Nordea ID application. In case of PSU authorizing payment via Nordea ID app, TPP will not be informed from OpenBanking API by any instant notification. TPP must call GET payment details and verify the current status of the payment. If PSU decides to sign payment via Nordea ID application, TPP must call for payment status by itself.
From Denmark context, decoupled payment signing can be done only via Nordea ID. There is no decoupled flow with MitId, MitId can be used to sign a payment only by using the URL that is generated in redirect signing flow.
From Norway context, decoupled payment signing can be done only via Nordea ID. There is no decoupled flow with BankId, BankId can be used to sign a payment only by using the URL that is generated in redirect signing flow.
When user does confirm the payment using MTA, there is no callback sent to the TPP website, thus TPP has to check the status on their own in case of using this method. After about 10 minutes (subject to change without notice) status should be resolved to one of Confirmed or Paid in case of successful signing, UserApprovalCancelled in case used decided to cancel signing, UserApprovalFailed in case of technical issue with executing the payment and UserApprovalTimeout in case used have not taken any action before signing timeout have taken place.
Note: Please note that when MTA is successfully initiated, both signing link is sent back and user receives notification on their application. This makes it possible to make a decision in both places which may be different (like cancel in redirect URL and confirm in Nordea ID application). In case of different answers, confirming payment always takes precedence over cancelation of confirmation, i.e. if in any of the channels user confirms the payment it will be confirmed and executed.
Possible scenarios for MTA (Finland & Denmark) signing method:
| First event | Second event | Desired result | Notes |
|---|---|---|---|
| Payment confirmed in Nordea ID app | Redirect confirmation done | Payment is Confirmed (or Paid) | After redirect confirmation is done, error is presented on the callback. Error handling will be adjusted in next version of API |
| Payment cancelled in Nordea ID app | Redirect confirmation done | Payment is UserApprovalCancelled | |
| Payment confirmed in Nordea ID app | Payment cancelled in redirect flow | Payment is Confirmed (or Paid) | Same situation as in first scenario. More adjustments will be introduced in next version of API |
| Payment cancelled in Nordea ID app | Payment cancelled in redirect flow | Payment is UserApprovalCancelled | Status changes to UserApprovalCanceled immedietly after cancelling in Nordea ID app |
| Redirect confirmation done | Payment confirmed in Nordea ID app | Payment is Confirmed (or Paid) | Mobile app presents, that signing went OK, even tho it has been already signed by redirect flow |
| Redirect confirmation done | Payment cancelled in Nordea ID app | Payment is Confirmed (or Paid) | No error displayed in mobile app |
| Payment cancelled in redirect flow | Payment confirmed in Nordea ID app | Payment in UserApprovalCancelled | |
| Payment cancelled in redirect flow | Payment cancelled in Nordea ID app | Payment in UserApprovalCancelled |
Possible errors due to MTA signing method:
| HTTP status | Error | Details |
|---|---|---|
| 429 | TOO_MANY_REQUESTS | This error means that customer has already a pending confirmation on their mobile application and thus until these are answered, no other confirmation can be created. In this case, no signing link is provided and there is possibility to call PUT /confirm again with authentication_method other than MTA to try different way of signing or TPP can notify user to open their application and clear all the signing requests before trying MTA method again. |
| 500 | INTERNAL_SERVER_ERROR | This might occur for MTA signing flow in case MTA system is not available due to technical issues. TPP should either wait for a bit and try again, or they can try using other method such as “redirect” to allow signing by the user. |
Note: Decoupled flow is available only for Finland and Denmark Sandbox. Decoupled signing is another possibility for PSU to sign payment using external authentication mobile application Nordea ID. PSU is able to choose signing option. If PSU has active Nordea ID for authorization in Nordea Business (logging, signing payments), he can also sign Crossborder Payments initiated via Nordea OpenBanking API. In order to activate decoupled flow, TPP is to send additional information in confirming step.
Note: Do not poll for the status more often than once every 5 seconds as this is the timing interval for checking the users authorization. Example:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <your_host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"11d55648-8c1d-45e2-951a-69c5aeaed99y",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba99y"
],
"authentication_method": "MTA"
}
Mock signing page (Sandbox only)
The Mock signing page offers TPP the possibility to experience the payment signing in Sandbox. When the signing URL is activated, the UI is being displayed - where the user can sign payment(s) by entering the user credentials. Additionally to that, the user is provided with various exceptional scenarios related to the payments confirmation process.
Specifications:
- Enabled only for redirect signing (decoupled signing is not in scope)
- User credentials are not real, but mocked. The implementation accepts any user ID and password in Sandbox
- Payment scenarios are mocked. Based on the scenarios specified, payment details are adjusted and shown in Sandbox:
- SecondChannelConfirmation
- InsufficientFunds
- 4eyesConfirmation
- Applicable only for 2-SCA payments flow (single SCA payments are not in scope)
- Countries in scope: FI, DK, SE
- Impacts the following endpoint (only in Sandbox):
- PUT /v4/payments/crossborder/confirm
The new optional header parameter
TPP can use the new optional header parameter “X-Response-Scenarios” to specify the scenarios. Valid values for the scenarios are:
- AuthenticationWithUI
- AuthenticationSkipUI
- SecondChannelConfirmation
- InsufficientFunds
- 4eyesConfirmation
Please find the example below:
curl --location --request PUT '<host>/v4/payments/crossborder/confirm' \
--header 'X-IBM-Client-Id: <client_id>' \
--header 'X-IBM-Client-Secret: <client_secret>' \
--header 'Signature: <signature>' \
--header 'X-Nordea-Originating-Host: <nordea_originating_host>' \
--header 'X-Nordea-Originating-Date: <nordea_originating_date>' \
--header 'Content-Type: application/json; charset=UTF' \
--header 'Digest: <digest>' \
--header 'X-Response-Scenarios: AuthenticationWithUI,SecondChannelConfirmation' \
--header 'Authorization: <token>' \
--data-raw '{
"payments_ids": [
"<payment_id>"
]
}'
Validation of the “X-Response-Scenarios” header parameter
The below describes the validations on the “X-Response-Scenarios” header parameter:
- If specified, “X-Response-Scenarios” must contain one of the valid values. If not, the request will be rejected with the following details:
{
"httpCode": "400",
"httpMessage": "Bad request",
"moreInformation": "Invalid response scenarios."
}
- If specified, “X-Response-Scenarios” must contain only one of the three values: “SecondChannelConfirmation”, “InsufficientFunds” and “4eyesConfirmation”. All three values cannot be specified together. If specified together, the request will be rejected with the following details:
{
"httpCode": "400",
"httpMessage": "Bad request",
"moreInformation": "Invalid response scenarios."
}
- If specified, “X-Response-Scenarios” must contain only one of the two values: “AuthenticationWithUI” and “AuthenticationSkipUI”. Both these values cannot be specified together. If specified together, the request will be rejected with the following details:
{
"httpCode": "400",
"httpMessage": "Bad request",
"moreInformation": "Invalid response scenarios."
}
Visualization of the Mock signing page
Please find the visualization of the Mock signing page below:
- The scenarios are shown with check boxes. If any of those scenarios was already mentioned in the header parameter “X-Response-Scenarios”, then the specified scenario is pre-selected on the UI
- The user still has the option to select additional scenario or uncheck the previously specified scenario
- If one scenario is checked, other scenarios are disabled
- The user credentials can be anything, no validations on the userId and password
PIS API scenarios (Sandbox only)
The following section describes the possible scenarios that can be experienced in Sandbox.
a) No scenario is specified
The given includes:
- No header is provided
- “AuthenticationSkipUI” is provided as an only value in the header
- “AuthenticationWithUI” is provided as an only value in the header but no scenarios selected on the signing page
- If the execution date is the current business date, then the payment status will be updated as “Paid”
- If the execution date is in the future, then the payment status will be updated as “Confirmed”
b) The “SecondChannelConfirmation” scenario
- The payment will be updated as stated below:
- payment_status = “OnHold”
- requires_second_channel_confirmation = “true”
- After 30 seconds:
- If the execution date is the current business date, then the payment status will be updated as “Paid”
- If the execution date is in the future, then the payment status will be updated as “Confirmed”
c) The “InsufficientFunds” scenario
- The payment will be updated as stated below:
- payment_status = “OnHold”
- payment_status_reason = “InsufficientFunds”
- After 30 seconds:
- payment_status = “Rejected”
- payment_status_reason = “InsufficientFunds”
d) The “4eyesConfirmation” scenario
- The payment will be updated as stated below:
- payment_status = “PartiallyConfirmed”
- signed_by_current_user = “true”
- After 30 seconds:
- If the execution date is the current business date, then the payment status will be updated as “Paid”
- If the execution date is in the future, then the payment status will be updated as “Confirmed”
Confirmation of availability of funds
The given functionality gives TPP the possibility to confirm the availability of funds - so that TPP can decide to either further process, cancel and/or sign the payment or not.
Two new optional parameters have been added:
- “request_availability_of_funds” (request)
- “availability_of_funds” (response)
Countries in scope: DK, SE, FI, NO.
Payment initiation
Sandbox:
- If 2SCA payment initiation endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is not being specified in request header - when the endpoint is invoked, then the payment initiation response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
- If 2SCA payment initiation endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsAvailable” in request header - when the endpoint is invoked, then the payment initiation response will be returned with new field: “availability_of_funds” that is set to “true”.
- If 2SCA payment initiation endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsNotAvailable” in request header - when the endpoint is invoked, then the payment initiation response will be returned with new field: “availability_of_funds” that is set to “false”.
Production:
- If 2SCA payment initiation endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” - when the endpoint is invoked, then the payment initiation response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
Get payment details
Sandbox:
- If 2SCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is not being specified in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
- If 2SCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsAvailable” in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set to “true”.
- If 2SCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsNotAvailable” in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set to “false”.
Production:
- If 2SCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
The examples of Confirmation of availability of funds can be found in this documentation under: PIS API examples for Denmark section.
PIS API examples for Sweden
Sweden: Get list of payments
This example shows how to get list of pending payments.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use GET since we want to get list of payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
Here is the response:
{
"group_header": {
"message_identification": "1160c357-566e-4513-a337-a372e40672b3",
"creation_date_time": "2021-11-30T11:43:03.313989Z",
"message_pagination": {
"continuation_key": "1"
},
"http_code": 200
},
"errors": [],
"_links": [],
"response": {
"payments": [
{
"_id": "b24e4374-815d-40bd-b0f6-f87db5be3992",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:39:28.802049Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Own message"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "some msg",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "2.35",
"currency": "EUR",
"fee": {},
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/b24e4374-815d-40bd-b0f6-f87db5be3992"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "200",
"requested_execution_date": "2021-11-30"
},
{
"_id": "cfb7584f-f0bf-46d3-832b-656d8244590f",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:24:05.870173Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Modified Purpose Cod"
},
"creditor": {
"account": {
"value": "7443700182600320004",
"_type": "BBAN",
"currency": "CNY"
},
"name": "China CNY Payment 30",
"message": "/GOD/ P C",
"bank": {
"bic": "CIBKCNBJ528",
"bank_code": "104100004538",
"name": "Norde Bank Abp",
"country": "CN"
}
},
"amount": "1.4",
"currency": "SEK",
"fee": {},
"payment_status": "Confirmed",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/cfb7584f-f0bf-46d3-832b-656d8244590f"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED"
}, ......
]
}
}
Another example to understand behaviour of auto_start_token and signing link: (auto_start_token is deprecated from payment details)
{
"group_header": {
"message_identification": "1160c357-566e-4513-a337-a372e40672b3",
"creation_date_time": "2021-11-30T11:43:03.313989Z",
"message_pagination": {
"continuation_key": "1"
},
"http_code": 200
},
"errors": [],
"_links": [],
"response": {
"payments": [
{
"_id": "b24e4374-815d-40bd-b0f6-f87db5be3992",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:39:28.802049Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Own message"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "some msg",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "2.35",
"currency": "EUR",
"fee": {},
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "signing",
"href": "https://<nordeasigninghost>?client_id=y6mWwv2n5IbAVdZa5105&code_challenge_method=S256&redirect_uri=https://<your_host>/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD00NzlhYTcxYi1lN2I3LTQ0ZDEtOTdhZS04OTgzNzFkNmQ4Mzkmc3RhdGVfaWQ9MzBmYTY4MTQtZTViMy00OWZmLWJkY2MtMWIzZWRlNjkzNDNk&signing_order_id=479aa71b-e7b7-44d1-97ae-898371d6d839"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "200",
"requested_execution_date": "2021-11-30"
},
{
"_id": "cfb7584f-f0bf-46d3-832b-656d8244590f",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:24:05.870173Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Modified Purpose Cod"
},
"creditor": {
"account": {
"value": "7443700182600320004",
"_type": "BBAN",
"currency": "CNY"
},
"name": "China CNY Payment 30",
"message": "/GOD/ P C",
"bank": {
"bic": "CIBKCNBJ528",
"bank_code": "104100004538",
"name": "Norde Bank Abp",
"country": "CN"
}
},
"amount": "1.4",
"currency": "SEK",
"fee": {},
"payment_status": "Confirmed",
"_links": [
{
"rel": "signing",
"href": "https://<nordeasigninghost>?client_id=y6mWwv2n5IbAVdZa5105&code_challenge_method=S256&redirect_uri=https://<your_host>/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD00NzlhYTcxYi1lN2I3LTQ0ZDEtOTdhZS04OTgzNzFkNmQ4Mzkmc3RhdGVfaWQ9MzBmYTY4MTQtZTViMy00OWZmLWJkY2MtMWIzZWRlNjkzNDNk&signing_order_id=479aa71b-e7b7-44d1-97ae-898371d6d839"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED"
}, ......
]
}
}
If some of these payments were bulk confirmed together, then the signing link is common for all of those payments. If customer uses that signing link then they will sign all those payments together only. In the above example both the payments were confirmed together. Therefore they have the same signing link. This means that these payments can only be signed together at once. Signing separately is not possible. If customer is keen on forgoing one of the payments then they will have to forgo both and make a new payment instead.
Sweden: Initiate Payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use POST since we want to create a new payment.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"amount": 2.35,
"currency": "EUR",
"central_bank_reporting_code": "200",
"charge_paid_by": "shared",
"creditor": {
"bank": {
"bic": "HASPDEHH",
"bank_code": "",
"country": "DE",
"name": "",
"address": {
"line1": "",
"line2": "",
"line3": ""
}
},
"account": {
"_type": "IBAN",
"value": "DE51200505501049795873",
"currency": "EUR"
},
"address": {
"line1": "",
"line2": "",
"line3": ""
},
"message": "some msg",
"name": "Beneficiary name"
},
"debtor": {
"account": {
"_type": "PGNR",
"value": "228361",
"currency": "SEK"
},
"message": "Own message"
},
"requested_execution_date": "2021-11-30",
"urgency": "standard",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc"
}
And the response looks like this:
{
"group_header": {
"message_identification": "66251dc9-3a2b-434b-9621-5f507a6aed00",
"creation_date_time": "2021-11-30T11:39:28.809565Z",
"http_code": 201
},
"response": {
"_id": "b24e4374-815d-40bd-b0f6-f87db5be3992",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:39:28.802049Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Own message"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "some msg",
"bank": {
"bic": "HASPDEHH",
"bank_code": "",
"name": "",
"country": "DE"
}
},
"amount": "2.35",
"currency": "EUR",
"fee": {},
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/b24e4374-815d-40bd-b0f6-f87db5be3992"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "200",
"requested_execution_date": "2021-11-30"
}
}
Sweden: Get payment information
This example shows how to query payment information.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Methods. Here we use GET to see the details of the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "c517d686-447a-4b4a-934a-a1941389aca6",
"creation_date_time": "2021-11-30T11:48:37.423862Z",
"http_code": 200
},
"response": {
"_id": "b24e4374-815d-40bd-b0f6-f87db5be3992",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:39:28.802049Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Own message"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "some msg",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "2.35",
"currency": "EUR",
"fee": {},
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/b24e4374-815d-40bd-b0f6-f87db5be3992"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "200",
"requested_execution_date": "2021-11-30"
}
}
And another example to understand behaviour of auto_start_token and signing link: (auto_start_token is deprecated from payment details)
{
"group_header": {
"message_identification": "c517d686-447a-4b4a-934a-a1941389aca6",
"creation_date_time": "2021-11-30T11:48:37.423862Z",
"http_code": 200
},
"response": {
"_id": "b24e4374-815d-40bd-b0f6-f87db5be3992",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2021-11-30T11:39:28.802049Z",
"debtor": {
"account": {
"value": "228361",
"_type": "PGNR",
"currency": "SEK"
},
"message": "Own message"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "some msg",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "2.35",
"currency": "EUR",
"fee": {},
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "signing",
"href": "https://<nordeasigninghost>?client_id=y6mWwv2n5IbAVdZa5105&code_challenge_method=S256&redirect_uri=https://<your_host>/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD00NzlhYTcxYi1lN2I3LTQ0ZDEtOTdhZS04OTgzNzFkNmQ4Mzkmc3RhdGVfaWQ9MzBmYTY4MTQtZTViMy00OWZmLWJkY2MtMWIzZWRlNjkzNDNk&signing_order_id=479aa71b-e7b7-44d1-97ae-898371d6d839"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "200",
"requested_execution_date": "2021-11-30"
}
}
If this payment was bulk confirmed with few other payments then the signing link is common for all of those payments. If customer uses that signing link then they will sign all those payments together only.
Sweden: Bulk confirm payments
This example shows how to bulk confirm payments.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm
This endpoint supports only PUT HTTP Method.
Here is an example request when user opts for re-direct flow:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids":[
"b6e86e21-6f36-4701-8b5c-e9c2f4f518c8",
"9ab5c23d-0df0-4233-8a4b-1a1e4dd2f266"
]
}
And this is how the response looks like:
Note: Swedish bulk confirm service uses redirect signing url’s.
{
"group_header": {
"message_identification": "de8b35b3-67c1-4f69-ad82-3098d62c9c45",
"creation_date_time": "2021-11-30T12:30:27.216725Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://api.dev.nordeaopenbanking.com/business/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1kZTQ3MjYxNi0wMzM4LTQ1ZTktYTNlZi00NjY0M2NlODFkMmQmc3RhdGVfaWQ9MTI2YmQ5ZmItMTFkYi00ZGJjLWIwOGEtNDlhOTlhNmI5ZmRh&signing_order_id=de472616-0338-45e9-a3ef-46643ce81d2d"
}
],
"response": {
"payments": [
{
"_id": "b6e86e21-6f36-4701-8b5c-e9c2f4f518c8",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141tyh",
"entry_date_time": "2021-11-30T12:29:37.079194Z",
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "hello there",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "1.21",
"currency": "EUR",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/b6e86e21-6f36-4701-8b5c-e9c2f4f518c8"
}
],
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "302",
"requested_execution_date": "2021-11-30"
},
{
"_id": "9ab5c23d-0df0-4233-8a4b-1a1e4dd2f266",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141tyh",
"entry_date_time": "2021-11-30T12:30:06.971623Z",
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "hello there",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "1.07",
"currency": "EUR",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/9ab5c23d-0df0-4233-8a4b-1a1e4dd2f266"
}
],
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "302",
"requested_execution_date": "2021-11-30"
}
]
}
}
Here is an example response with the “Special payment” (payment with status reason: “RequiresSinglePaymentSigning”):
Note: Currently available only in Production environment (not available in Sandbox as of now).
{
"group_header": {
"message_identification": "de8b35b3-67c1-4f69-ad82-3098d62c9c45",
"creation_date_time": "2021-11-30T12:30:27.216725Z",
"http_code": 200
},
"errors": [
{
"error": "PaymentCantBeSignedInBulk",
"error_description": "Payment cannot be signed in bulk. Please sign this payment as single payment in request",
"payment_id": "85d2b987-a6ea-4c90-96d5-8a87b48ba735"
}],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://api.dev.nordeaopenbanking.com/business/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1kZTQ3MjYxNi0wMzM4LTQ1ZTktYTNlZi00NjY0M2NlODFkMmQmc3RhdGVfaWQ9MTI2YmQ5ZmItMTFkYi00ZGJjLWIwOGEtNDlhOTlhNmI5ZmRh&signing_order_id=de472616-0338-45e9-a3ef-46643ce81d2d"
}
],
"response": {
"payments": [
{
"_id": "b6e86e21-6f36-4701-8b5c-e9c2f4f518c8",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141tyh",
"entry_date_time": "2021-11-30T12:29:37.079194Z",
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "hello there",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "1.21",
"currency": "EUR",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/b6e86e21-6f36-4701-8b5c-e9c2f4f518c8"
}
],
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "302",
"requested_execution_date": "2021-11-30"
},
{
"_id": "9ab5c23d-0df0-4233-8a4b-1a1e4dd2f266",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141tyh",
"entry_date_time": "2021-11-30T12:30:06.971623Z",
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Beneficiary name",
"message": "hello there",
"bank": {
"bic": "HASPDEHH",
"country": "DE"
}
},
"amount": "1.07",
"currency": "EUR",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/9ab5c23d-0df0-4233-8a4b-1a1e4dd2f266"
}
],
"planned_execution_date": "2021-11-30",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "302",
"requested_execution_date": "2021-11-30"
}
]
}
}
Sweden: Confirm payments using BANKID_SE (authentication_method BANKID_SE):
Here is an example confirm request when user opts for decoupled flow for signing:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids":[
"53f1e75d-08bc-4208-bab1-8a622600b1d7",
],
"authentication_method":"BAKNID_SE"
}
And this is how the response looks like when authentication_method is BANKID_SE:
Note: Swedish bulk confirm service uses redirect signing url and auto_start_token to launch the BankId mobile app.
{
"group_header": {
"message_identification": "8pq09c0g9vf99jj8",
"creation_date_time": "2024-01-11T05:43:26.568166704Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1jYTk1NjRhMS02MTZkLTRlYjctODhjNy05ZjFjOWExMjIxM2Umc3RhdGVfaWQ9Mzc0YjhjMjYtY2QyMy00YWZhLWI2NGYtMjdjMmU5NDEyNTg4&signing_order_id=ca9564a1-616d-4eb7-88c7-9f1c9a12213e"
}
],
"response": {
"payments": [
{
"_id": "53f1e75d-08bc-4208-bab1-8a622600b1d7",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-01-11T05:43:12.288690821Z",
"debtor": {
"account": {
"value": "50501055",
"_type": "PGNR",
"currency": "SEK"
},
"message": "PKK SBX QR Code 2"
},
"creditor": {
"account": {
"value": "152450705",
"_type": "BBAN",
"currency": "AUD"
},
"name": "SBX Prashant K ",
"message": "SE CB QR Code 2",
"bank": {
"bic": "CITIAU2X",
"bank_code": "AU",
"name": "AU Test Bank"
}
},
"amount": "3.35",
"currency": "AUD",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/53f1e75d-08bc-4208-bab1-8a622600b1d7"
},
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1jYTk1NjRhMS02MTZkLTRlYjctODhjNy05ZjFjOWExMjIxM2Umc3RhdGVfaWQ9MWNhZTY2NWUtM2I0Zi00OTY4LWIwNjYtNWUzMTBkM2RhNmY5&signing_order_id=ca9564a1-616d-4eb7-88c7-9f1c9a12213e",
"signs_payment_ids": []
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"urgency": "standard",
"charge_paid_by": "SHARED",
"central_bank_reporting_code": "101"
}
]
},
"authentication_id": "67524e1fb7a27502d49e9efba74fe55ddfb3ae72ea517d925bd6a53e7e78030f"
}
Example request for polling for qr_data using authentication_id:
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm/bankidse/67524e1fb7a27502d49e9efba74fe55ddfb3ae72ea517d925bd6a53e7e78030f
This endpoint supports GET HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm/bankidse/67524e1fb7a27502d49e9efba74fe55ddfb3ae72ea517d925bd6a53e7e78030f' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
The response looks like:
{
"group_header": {
"message_identification": "vhy1mai2uoyj1s4z",
"creation_date_time": "2024-01-11T05:43:47.715984147Z",
"http_code": 200
},
"response": {
"qr_data": "bankid.67524e1fb7a27502d49e9efba74fe55ddfb3ae72ea517d925bd6a53e7e78030f.21.9Iz2Qb26by5vdz07jmU8Pgoc6re2GAW11ov2iRjSWSfMi7KwNWonwXHKkbh1qMmE",
"auto_start_token": "ad26fb6c-8c94-419d-8dd3-abd71aae309f",
"status": "WAITING_FOR_USER"
}
}
Response when signing is in progress:
"group_header": {
"message_identification": "6cklqi2t1txg7upv",
"creation_date_time": "2024-01-11T05:44:15.468187191Z",
"http_code": 200
},
"response": {
"status": "IN_PROGRESS"
}
}
Response when signing is successful:
{
"group_header": {
"message_identification": "yotltq5mybpszfel",
"creation_date_time": "2024-01-11T05:44:33.436947134Z",
"http_code": 200
},
"response": {
"status": "SUCCESS"
}
}
Response when signing failed:
{
"group_header": {
"message_identification": "mksltq5myblqi2t1",
"creation_date_time": "2024-01-11T05:44:33.436947134Z",
"http_code": 200
},
"response": {
"status": "FAILED"
}
}
Sweden: Delete single payment
This example shows how to delete a payment.
Note: Not all payments can be deleted (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Method. Here we use DELETE to delete the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "51e666eb-d797-431e-aac2-c9ffac8847c3",
"creation_date_time": "2021-09-07T13:44:16.502719Z",
"http_code": 200
},
"response": [
"fa90b245-0f17-4f74-83cc-1d1a6798ceb9"
],
"errors": []
}
Sweden: Delete multiple payments
This example shows how to bulk delete payments.
Note: Not all payments can be deleted (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payment_ids": [
"11d55648-8c1d-45e2-951a-69c5aeaed77y",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba77y"
]
}
And this is how the response looks like:
{
"group_header":
{
"message_identification": "51e666eb-d797-431e-aac2-c9ffac8847c4",
"creation_date_time": "2021-09-07T13:45:16.502719Z",
"http_code": 200
},
"response": [
"11d55648-8c1d-45e2-951a-69c5aeaed77y",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba77y"
],
"errors": []
}
PIS API examples for Denmark
Denmark: Get list of payments
This example shows how to get list of pending payments.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use GET since we want to get list of payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
Here is the response:
{
"group_header": {
"message_identification": "1b885c7a-46c6-49a3-b364-90af4ebaf791",
"creation_date_time": "2022-04-14T11:08:48.871585Z",
"http_code": 200
},
"errors": [],
"_links": [],
"response": {
"payments": [
{
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED"
},
{
"_id": "92147d0f-cdc4-45ff-adc8-f04c4d1a8ba7",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:07:34.878147Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "1.11",
"currency": "PLN",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/92147d0f-cdc4-45ff-adc8-f04c4d1a8ba7"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED"
}
]
}
}
Denmark: Initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use POST since we want to create a new payment.
And here is an example request. The example contains Confirmation of availability of funds:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"amount": 21.37,
"creditor": {
"bank": {
"country": "DE",
"bic": "HASPDEHH"
},
"account": {
"_type": "IBAN",
"value": "DE51200505501049795873",
"currency": "EUR"
},
"message": "hello there"
},
"currency": "PLN",
"debtor": {
"account": {
"_type": "BBAN_DK",
"value": "20001545768360",
"currency": "DKK"
},
"message": "some msg"
},
"end_to_end_identification": "End to end identification",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"urgency": "standard",
"request_availability_of_funds": true
}
And the response looks like this:
{
"group_header": {
"message_identification": "42893660-fd91-48ce-af90-32cef8b0f725",
"creation_date_time": "2022-04-14T11:08:42.976316Z",
"http_code": 201
},
"response": {
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED",
"availability_of_funds": false
}
}
Denmark: Get payment information
This example shows how to query payment information.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Methods. Here we use GET to see the details of the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "b16efff9-d801-494a-9b97-7c76471ad6b1",
"creation_date_time": "2022-04-14T11:11:32.360771Z",
"http_code": 200
},
"response": {
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED"
}
}
Here is an example request when Confirmation of availability of funds is used:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}?request_availability_of_funds=true'\
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like with Confirmation of availability of funds:
{
"group_header": {
"message_identification": "b16efff9-d801-494a-9b97-7c76471ad6b1",
"creation_date_time": "2022-04-14T11:11:32.360771Z",
"http_code": 200
},
"response": {
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED",
"availability_of_funds": true
}
}
Denmark: Bulk confirm payments
This example shows how to bulk confirm payments
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm
This endpoint supports only PUT HTTP Method.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"7bc180f7-8d26-4b65-a870-da3176dc786c"
]
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "0e37a735-2a81-4fa5-8417-093f9c5ad4c0",
"creation_date_time": "2022-04-14T11:12:27.780276Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://api.dev.nordeaopenbanking.com/business/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1kZTQ3MjYxNi0wMzM4LTQ1ZTktYTNlZi00NjY0M2NlODFkMmQmc3RhdGVfaWQ9MTI2YmQ5ZmItMTFkYi00ZGJjLWIwOGEtNDlhOTlhNmI5ZmRh&signing_order_id=de472616-0338-45e9-a3ef-46643ce81d2d"
}
],
"response": {
"payments": [
{
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED"
}
]
}
}
Here is an example request for decoupled payment signing using Nordea ID app:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"7bc180f7-8d26-4b65-a870-da3176dc786c"
],
"authentication_method" = "MTA"
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "0e37a735-2a81-4fa5-8417-093f9c5ad4c0",
"creation_date_time": "2022-04-14T11:12:27.780276Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://api.dev.nordeaopenbanking.com/business/v4/payments/crossborder/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1kZTQ3MjYxNi0wMzM4LTQ1ZTktYTNlZi00NjY0M2NlODFkMmQmc3RhdGVfaWQ9MTI2YmQ5ZmItMTFkYi00ZGJjLWIwOGEtNDlhOTlhNmI5ZmRh&signing_order_id=de472616-0338-45e9-a3ef-46643ce81d2d"
}
],
"response": {
"payments": [
{
"_id": "7bc180f7-8d26-4b65-a870-da3176dc786c",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-04-14T11:08:42.975813Z",
"debtor": {
"account": {
"value": "20001545768360",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "some msg"
},
"creditor": {
"account": {
"value": "DE51200505501049795873",
"_type": "IBAN",
"currency": "EUR"
},
"message": "hello there",
"bank": {
"bic": "HASPDEHH"
}
},
"amount": "21.37",
"currency": "PLN",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/7bc180f7-8d26-4b65-a870-da3176dc786c"
}
],
"urgency": "standard",
"charge_paid_by": "SHARED"
}
]
}
}
```
#### Denmark: Delete single payment
This example shows how to delete a payment.
> Note: Not all payments can be deleted (see payment status table for further information).
This endpoint URL has the following form:
``` bash
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Method. Here we use DELETE to delete the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "f3c9ec88-4797-4d0b-a9d7-065531379643",
"creation_date_time": "2022-04-14T11:16:00.953789Z",
"http_code": 200
},
"response": [
"d630b00a-227c-474e-8d20-1fc2b7141fdc"
],
"errors": []
}
Denmark: Delete multiple payments
This example shows how to bulk delete payments
Note: Not all payments can be deleted(see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"299175fa-18a2-437d-859b-402f7b68dad0",
"6befa13a-d0c8-42ab-b040-0324d9741de4"
]
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "a1dae252-d47e-4ef6-ab23-20440ab06bcf",
"creation_date_time": "2022-04-14T11:17:40.607888Z",
"http_code": 200
},
"response": [
"299175fa-18a2-437d-859b-402f7b68dad0",
"6befa13a-d0c8-42ab-b040-0324d9741de4"
],
"errors": []
}
PIS API examples for Finland
Finland: Get list of payments
This example shows how to get list of pending payments.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use GET since we want to get list of payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
Here is the response:
{
"group_header": {
"message_identification": "bb5425ba-86e9-4f5e-8e4a-ab49698c0894",
"creation_date_time": "2022-06-21T10:50:30.590558Z",
"message_pagination": {
"continuation_key": "1"
},
"http_code": 200
},
"errors": [],
"_links": [],
"response": {
"payments": [{
"_id": "14f95a21-63ab-4b76-aadf-7e3434be3fc2",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-06-17T10:24:19.053974Z",
"debtor": {
"account": {
"value": "FI1011123000312386",
"_type": "IBAN",
"currency": "EUR"
}
},
"creditor": {
"account": {
"value": "GB13NWBK60242616107969",
"_type": "IBAN",
"currency": "GBP"
},
"name": "Beneficiary name",
"message": "Message for the beneficiary",
"bank": {
"bic": "NWBKGB2L",
"name": "Nordea Bank Abp",
"country": "GB"
},
"address": {
"line1": "123 St",
"line2": "London",
"line3": "GB"
}
},
"amount": "1.01",
"currency": "GBP",
"payment_status": "PendingConfirmation",
"_links": [{
"rel": "self",
"href": "/v4/payments/crossborder/14f95a21-63ab-4b76-aadf-7e3434be3fc2"
}, {
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}],
"payment_type": "crossborder",
"planned_execution_date": "2022-06-17",
"charge_paid_by": "SHARED"
}, {
"_id": "d80ae62c-7a35-4dc1-a75b-f35571564359",
"external_id": "TPP Unique ID",
"entry_date_time": "2022-06-17T07:25:35.680865Z",
"debtor": {
"account": {
"value": "FI3811125200016675",
"_type": "IBAN",
"currency": "USD"
}
},
"creditor": {
"account": {
"value": "7443700182600320004",
"_type": "BBAN",
"currency": "CNY"
},
"name": "Leonard S",
"message": "/FIBBANCrossBorder/",
"bank": {
"bic": "CIBKCNBJ528",
"name": "TestNordeaBank",
"address": {
"line1": "My building name",
"line2": "Building extension",
"line3": "Floor and Flat no"
},
"country": "CN"
},
"address": {
"line1": "China Street",
"line2": "Bank building extension",
"line3": "CN"
}
},
"amount": "1.2",
"currency": "CNY",
"payment_status": "Confirmed",
"_links": [{
"rel": "self",
"href": "/v4/payments/crossborder/d80ae62c-7a35-4dc1-a75b-f35571564359"
}],
"payment_type": "crossborder",
"planned_execution_date": "2022-06-17",
"charge_paid_by": "SHARED"
}, {
"_id": "7672dd19-cbb3-4f22-9984-547ef70d96b3",
"external_id": "TPP Unique ID",
"entry_date_time": "2022-06-17T07:23:28.497741Z",
"debtor": {
"account": {
"value": "FI3811125200016675",
"_type": "IBAN",
"currency": "USD"
}
},
"creditor": {
"account": {
"value": "7443700182600320004",
"_type": "BBAN",
"currency": "CNY"
},
"name": "Leonard S",
"message": "/FIBBANCrossBorder/",
"bank": {
"bic": "CIBKCNBJ528",
"name": "TestNordeaBank",
"address": {
"line1": "My building name",
"line2": "Building extension",
"line3": "Floor and Flat no"
},
"country": "CN"
},
"address": {
"line1": "China Street",
"line2": "Bank building extension",
"line3": "CN"
}
},
"amount": "1.2",
"currency": "CNY",
"payment_status": "PendingConfirmation",
"_links": [{
"rel": "self",
"href": "/v4/payments/crossborder/7672dd19-cbb3-4f22-9984-547ef70d96b3"
}, {
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}],
"payment_type": "crossborder",
"planned_execution_date": "2022-06-17",
"charge_paid_by": "SHARED"
}]
}
}
Finland: Initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use POST since we want to create a new payment.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"amount": 3.37,
"creditor": {
"bank": {
"country": "DK",
"bic": "NDEADKKK",
"name": "Nordea Bank Abp"
},
"account": {
"_type": "IBAN",
"value": "DK2220006263579443",
"currency": "EUR"
},
"message": "Payment",
"name": "Robert T",
"address": {
"line1": "Long street 13",
"line2": "Copenhagen",
"line3": "DK"
}
},
"currency": "DKK",
"debtor": {
"account": {
"_type": "IBAN",
"value": "FI3811125200016675",
"currency": "USD"
}
},
"end_to_end_identification": "uuid",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc"
}
And the response looks like this:
{
"group_header": {
"message_identification": "54d8bd4b-6997-4d30-aeeb-219c8f0f1554",
"creation_date_time": "2022-06-21T10:54:38.13208Z",
"http_code": 201
},
"response": {
"_id": "04362120-5d5f-48ac-a9fb-e10ddcae476f",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-06-21T10:54:38.127109Z",
"debtor": {
"account": {
"value": "FI3811125200016675",
"_type": "IBAN",
"currency": "USD"
}
},
"creditor": {
"account": {
"value": "DK2220006263579443",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Robert T",
"message": "Payment",
"bank": {
"bic": "NDEADKKK",
"name": "Nordea Bank Abp",
"country": "DK"
},
"address": {
"line1": "Long street 13",
"line2": "Copenhagen",
"line3": "DK"
}
},
"amount": "3.37",
"currency": "DKK",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/04362120-5d5f-48ac-a9fb-e10ddcae476f"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2022-06-21",
"charge_paid_by": "SHARED"
}
}
Finland: Get payment information
This example shows how to query payment information.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Methods. Here we use GET to see the details of the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "98764a31-e532-4d7e-bc8a-64c329f93e79",
"creation_date_time": "2022-06-21T10:55:56.738747Z",
"http_code": 200
},
"response": {
"_id": "04362120-5d5f-48ac-a9fb-e10ddcae476f",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-06-21T10:54:38.127109Z",
"debtor": {
"account": {
"value": "FI3811125200016675",
"_type": "IBAN",
"currency": "USD"
}
},
"creditor": {
"account": {
"value": "DK2220006263579443",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Robert T",
"message": "Payment",
"bank": {
"bic": "NDEADKKK",
"name": "Nordea Bank Abp",
"country": "DK"
},
"address": {
"line1": "Long street 13",
"line2": "Copenhagen",
"line3": "DK"
}
},
"amount": "3.37",
"currency": "DKK",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/04362120-5d5f-48ac-a9fb-e10ddcae476f"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "crossborder",
"planned_execution_date": "2022-06-21",
"charge_paid_by": "SHARED"
}
}
Finland: Bulk confirm payments
This example shows how to bulk confirm payments
Note: For triggering decoupled flow TPP is obligated to use confirm endpoint providing body, as for bulk confirmation. This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm
This endpoint supports only PUT HTTP Method.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"11d55648-8c1d-45e2-951a-69c5aeaed99y",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba99y"
],
"authentication_method": "MTA"
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "b3ca175b-caf9-40df-ba6c-72c3f713f833",
"creation_date_time": "2022-06-21T10:57:39.900825Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.nordeaopenbanking.com?client_id=IhGRcnee8OnfM0oUuguK&code_challenge_method=S256&redirect_uri=https://api.open-dev01.nordea.apigw.apim.qaoneadr.local:8443/business/v4/payments/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD1jOTYxMmY0Ni03N2VkLTQ4ZTctOWNkMy00YWQ1NTA0ZDQwZWImc3RhdGVfaWQ9ZGU5NThiY2EtYzI4My00YWQxLWJjZmEtN2U3MDViYzIzYWVh&signing_order_id=c9612f46-77ed-48e7-9cd3-4ad5504d40eb"
}
],
"response": {
"payments": [
{
"_id": "04362120-5d5f-48ac-a9fb-e10ddcae476f",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2022-06-21T10:54:38.127109Z",
"debtor": {
"account": {
"value": "FI3811125200016675",
"_type": "IBAN",
"currency": "USD"
}
},
"creditor": {
"account": {
"value": "DK2220006263579443",
"_type": "IBAN",
"currency": "EUR"
},
"name": "Robert T",
"message": "Payment",
"bank": {
"bic": "NDEADKKK",
"name": "Nordea Bank Abp",
"country": "DK"
},
"address": {
"line1": "Long street 13",
"line2": "Copenhagen",
"line3": "DK"
}
},
"amount": "3.37",
"currency": "DKK",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/04362120-5d5f-48ac-a9fb-e10ddcae476f"
}
],
"planned_execution_date": "2022-06-21",
"charge_paid_by": "SHARED"
}
]
}
}
Finland: Delete single payment
This example shows how to delete a payment.
Note: Not all payments can be deleted (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}
This endpoint supports GET and DELETE HTTP Method. Here we use DELETE to delete the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/{paymentId}' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "f3c9ec88-4797-4d0b-a9d7-065531379643",
"creation_date_time": "2022-06-21T10:57:00.953789Z",
"http_code": 200
},
"response": [
"d630b00a-227c-474e-8d20-1fc2b7141fdc"
],
"errors": []
}
Finland: Delete multiple payments
This example shows how to bulk delete payments
Note: Not all payments can be deleted(see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"3160cc8c-8fd5-4004-8aa1-4452023f5372",
"042bdecd-d2e4-4d67-93e1-bf04ec841a6f"
]
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "a1dae252-d47e-4ef6-ab23-20440ab06bcf",
"creation_date_time": "2022-06-21T11:02:40.607888Z",
"http_code": 200
},
"response": [
"3160cc8c-8fd5-4004-8aa1-4452023f5372",
"042bdecd-d2e4-4d67-93e1-bf04ec841a6f"
],
"errors": []
}
PIS API examples for Norway
Norway: Get list of payments
This example shows how to get list of pending payments.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use GET since we want to get list of payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
Here is the response:
{
"group_header": {
"message_identification": "e17080f36eb1bbc36fd3a0fa6a5c2d48",
"creation_date_time": "2024-09-17T09:15:22.792133132Z",
"http_code": 200
},
"errors": [],
"_links": [],
"response": {
"payments": [
{
"_id": "9937a148-5827-45f9-8e38-8c851e7dc769",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-09-17T09:15:19.230188758Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "8.7",
"currency": "USD",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/9937a148-5827-45f9-8e38-8c851e7dc769"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2024-09-18",
"charge_paid_by": "SHARED",
"requested_execution_date": "2024-09-18",
"single_sca": false
},
{
"_id": "905799d9-13aa-42f8-8827-4c6d696cfd18",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-09-17T09:11:40.029365108Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "3.74",
"currency": "USD",
"payment_status": "Confirmed",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18"
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2024-09-18",
"charge_paid_by": "SHARED",
"requested_execution_date": "2024-09-18",
"single_sca": false
}
]
}
}
Norway: Initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use POST since we want to create a new payment.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"amount": 3.74,
"charge_bearer": "shared",
"creditor": {
"bank": {
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
},
"name": "FI2US",
"bic": "CHASUS33",
"country": "US"
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
},
"account": {
"_type": "BBAN",
"value": "2939167795",
"currency": "USD"
},
"message": "SBX FI US CB PRDO",
"name": "SBX Oberyn PROD"
},
"currency": "USD",
"debtor": {
"account": {
"_type": "BBAN_NO",
"value": "61735686908",
"currency": "NOK"
}
},
"end_to_end_identification": "End to end identification",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"requested_execution_date": "2024-09-18"
}
And the response looks like this:
{
"group_header": {
"message_identification": "c262c76ed43680dbcec929854d02c0d2",
"creation_date_time": "2024-09-17T09:11:40.029793536Z",
"http_code": 201
},
"response": {
"_id": "905799d9-13aa-42f8-8827-4c6d696cfd18",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-09-17T09:11:40.029365108Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "3.74",
"currency": "USD",
"payment_status": "PendingConfirmation",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18"
},
{
"rel": "confirm",
"href": "/v4/payments/crossborder/confirm"
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2024-09-18",
"charge_paid_by": "SHARED",
"requested_execution_date": "2024-09-18",
"single_sca": false
}
}
Norway: Get payment information
This example shows how to query payment information.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18
This endpoint supports GET and DELETE HTTP Methods. Here we use GET to see the details of the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "f7f1c69af78f50013ac2cd99f04d456c",
"creation_date_time": "2024-09-17T09:14:19.451082126Z",
"http_code": 200
},
"response": {
"_id": "905799d9-13aa-42f8-8827-4c6d696cfd18",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-09-17T09:11:40.029365108Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "3.74",
"currency": "USD",
"payment_status": "Confirmed",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18"
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2024-09-18",
"charge_paid_by": "SHARED",
"requested_execution_date": "2024-09-18",
"single_sca": false
}
}
Norway: Confirm payments
This example shows how to confirm payments
Note: For triggering decoupled flow TPP is obligated to use confirm endpoint providing body, as for bulk confirmation. This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm/905799d9-13aa-42f8-8827-4c6d696cfd18
This endpoint supports only PUT HTTP Method.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm/905799d9-13aa-42f8-8827-4c6d696cfd18' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And this is how the response looks like:
{
"group_header": {
"message_identification": "8884921974cb8899c7d9d37ed0ad2c17",
"creation_date_time": "2024-09-17T09:13:41.251898861Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/business/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://example.com&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD0wZGRlMGZhOS0zYzdhLTRmNjItOTAwZC1mNTBhZmJlODgwOWYmc3RhdGVfaWQ9MGRkZTBmYTktM2M3YS00ZjYyLTkwMGQtZjUwYWZiZTg4MDlm&signing_order_id=0dde0fa9-3c7a-4f62-900d-f50afbe8809f"
}
],
"response": {
"payments": [
{
"_id": "905799d9-13aa-42f8-8827-4c6d696cfd18",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141fdc",
"entry_date_time": "2024-09-17T09:11:40.029365108Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "3.74",
"currency": "USD",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18"
},
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/business/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://example.com&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD0wZGRlMGZhOS0zYzdhLTRmNjItOTAwZC1mNTBhZmJlODgwOWYmc3RhdGVfaWQ9MGRkZTBmYTktM2M3YS00ZjYyLTkwMGQtZjUwYWZiZTg4MDlm&signing_order_id=0dde0fa9-3c7a-4f62-900d-f50afbe8809f",
"signs_payment_ids": []
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2024-09-18",
"charge_paid_by": "SHARED",
"requested_execution_date": "2024-09-18",
"single_sca": false
}
]
}
}
Here is an example request for NO decoupled signing using Nordea ID app:
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/confirm' -i -X PUT \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids":[
"905799d9-13aa-42f8-8827-4c6d696cfb20"
],
"authentication_method" = "MTA"
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "8884921974cb8899c7d9d37ed0ad2c17",
"creation_date_time": "2025-01-16T09:13:41.251898861Z",
"http_code": 200
},
"errors": [],
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/business/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://example.com&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD0wZGRlMGZhOS0zYzdhLTRmNjItOTAwZC1mNTBhZmJlODgwOWYmc3RhdGVfaWQ9MGRkZTBmYTktM2M3YS00ZjYyLTkwMGQtZjUwYWZiZTg4MDlm&signing_order_id=0dde0fa9-3c7a-4f62-900d-f50afbe8809f"
}
],
"response": {
"payments": [
{
"_id": "905799d9-13aa-42f8-8827-4c6d696cfb20",
"external_id": "d630b00a-227c-474e-8d20-1fc2b7141200",
"entry_date_time": "2025-01-16T09:11:40.029365108Z",
"debtor": {
"account": {
"value": "61735686908",
"_type": "BBAN_NO",
"currency": "NOK"
}
},
"creditor": {
"account": {
"value": "2939167795",
"_type": "BBAN",
"currency": "USD"
},
"name": "SBX Oberyn PROD",
"message": "SBX FI US CB PRDO",
"bank": {
"bic": "CHASUS33",
"name": "FI2US",
"address": {
"line1": "Little Garden Avenue of Pras Kina 5",
"line2": "New York 10543",
"line3": " US"
}
},
"address": {
"line1": "Prashantii 16",
"line2": "Lodz 9005",
"line3": "US",
"line4": "US"
}
},
"amount": "3.74",
"currency": "USD",
"payment_status": "PendingUserApproval",
"_links": [
{
"rel": "self",
"href": "/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfb20"
},
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/business/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://example.com&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD0wZGRlMGZhOS0zYzdhLTRmNjItOTAwZC1mNTBhZmJlODgwOWYmc3RhdGVfaWQ9MGRkZTBmYTktM2M3YS00ZjYyLTkwMGQtZjUwYWZiZTg4MDlm&signing_order_id=0dde0fa9-3c7a-4f62-900d-f50afbe8809f",
"signs_payment_ids": []
}
],
"payment_type": "CROSSBORDER",
"requires_second_channel_confirmation": false,
"planned_execution_date": "2025-01-16",
"charge_paid_by": "SHARED",
"requested_execution_date": "2025-01-16",
"single_sca": false
}
]
}
}
Norway: Delete single payment
This example shows how to delete a payment.
Note: Not all payments can be deleted (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18
This endpoint supports GET and DELETE HTTP Method. Here we use DELETE to delete the payment.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/905799d9-13aa-42f8-8827-4c6d696cfd18' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "8fe535981cc60e396b821d5c5afc680f",
"creation_date_time": "2024-09-17T09:16:32.569266295Z",
"http_code": 200
},
"response": [
"905799d9-13aa-42f8-8827-4c6d696cfd18"
],
"errors": []
}
Norway: Delete multiple payments
This example shows how to bulk delete payments
Note: Not all payments can be deleted(see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/business/v4/payments/crossborder
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments_ids": [
"555b3dbc-d961-44ff-8814-a00ec17245ae",
"9a958439-89b8-4af7-8480-3e8f58f57e74"
]
}
And this is how the response looks like:
{
"group_header": {
"message_identification": "c105e77d2301c080469c217096c3e67b",
"creation_date_time": "2024-09-17T12:25:14.587039485Z",
"http_code": 200
},
"response": [
"555b3dbc-d961-44ff-8814-a00ec17245ae",
"9a958439-89b8-4af7-8480-3e8f58f57e74"
],
"errors": []
}